Network behavior abnormity detection method based on sub-track mode
An anomaly detection and sub-trajectory technology, applied in the field of network security, can solve the problems of difficult anomaly processing mechanism support, extraction, and dependence on artificial features
Active Publication Date: 2019-08-09
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF4 Cites 6 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, the traditional method based on network data flow analysis has the problem of relying on manual feature extraction and high false positive rate.
At the same time, these two traditional detection methods are for anomaly detection on the entire user behavior sequence, and it is impossible to confirm that the detected abnormal behavior is the user’s abnormality in a specific time period, so that it is impossible to gain deeper insights into network behavior and Difficulty providing support for exception handling mechanisms
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0021] Specific embodiments of the present invention will be described below in conjunction with the accompanying drawings, so that those skilled in the art can better understand the present invention. It should be noted that in the following description, when detailed descriptions of known functions and designs may dilute the main content of the present invention, these descriptions will be omitted here.
[0022] figure 1 It is a flow chart of a specific embodiment of the method for detecting network behavior anomalies based on the sub-trajectory mode of the present invention.
[0023] In this example, if figure 1 As shown, the present invention's network behavior anomaly detection method based on the sub-track mode includes a step:
[0024] S1: Network traffic data collection and cleaning
[0025] Network traffic data refers to the log information recorded by users when accessing specific network entities, such as access time, IP address, source port, destination port, an...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a network behavior abnormity detection method based on a sub-track mode. The method comprises the steps of firstly collecting the network traffic data and converting into a user behavior track sequence according to the definition of a user behavior; and then considering that the network abnormal behavior generally occurs on a certain short-term time period, dividing each behavior track sequence into a plurality of sub-behavior track sequences with a unified behavior mode according to a minimum description length criterion; calculating the similarity between each sub-behavior sequence and other behavior sequences according to a word vector method, and obtaining the density of each sub-behavior sequence; and finally, according to a density-based anomaly detection method, comprehensively obtaining the local anomaly degree of the to-be-detected behavior track sequence, and according to the local anomaly degree, determining an abnormal behavior track sequence. According to the method, the network abnormal behavior is detected according to the sub-track mode, so that the accuracy of abnormal detection is greatly improved, meanwhile, the specific time period when the user has the abnormal behavior can be confirmed, and the technical support is provided for the follow-up abnormal behavior mode analysis and network attack behavior prevention.
Description
technical field [0001] The invention belongs to the technical field of network security, and more specifically relates to a method for detecting abnormal network behavior based on a sub-track mode. Background technique [0002] With the rapid development of information technology and the increasing popularity of network applications, communication networks have become an indispensable medium for information dissemination in people's daily life. However, while network technology brings convenience to users, there are more and more attacks on communication networks. Although most institutions and organizations have established relatively stable information network security protection mechanisms, the means of network attacks are becoming more and more diverse, and their nature and consequences are becoming more and more serious. In this serious situation, taking effective measures to prevent network attacks is an urgent problem in the field of network security. However, it is...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425
Inventor 邵俊明刘洋杨勤丽
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA