Web anomaly detection method and system based on SMOTETomek and LightGBM

An anomaly detection and real-time detection technology, applied in the field of network security, can solve the problems that the intrusion detection system is difficult to detect deformation or unknown web attacks, the distribution of attack traffic and normal traffic is uneven, and the processing efficiency of machine learning algorithms is difficult to improve the detection efficiency. High efficiency and detection accuracy, high efficiency, and strong practicability

Inactive Publication Date: 2019-08-16
FUZHOU UNIV
View PDF4 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the continuous update of attack tools and the continuous improvement of attack technology, it is difficult for the intrusion detection system based on rule matching to detect deformation or unknown Web attacks. There is a certain lag in the method of mining log information to detect attack behavior. Although the model can detect unknown attacks, it is limited by the quality of feature extraction, and the detection rate and detection accuracy need to be improved
From a microscopic point of view, the intrusion behavior of the attacker needs to maintain communication with the target. Therefore, the analysis of subtle changes in traffic characteristics based on machine learning has become the focus of research. Currently, detection based on abnormal traffic still has the distribution of attack traffic and normal traffic. Problems such as unevenness, large amount of data, difficulty in processing and low efficiency of machine learning algorithms

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web anomaly detection method and system based on SMOTETomek and LightGBM
  • Web anomaly detection method and system based on SMOTETomek and LightGBM
  • Web anomaly detection method and system based on SMOTETomek and LightGBM

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0039] It should be pointed out that the following detailed description is exemplary and is intended to provide further explanation to the present application. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.

[0040] It should be noted that the terminology used here is only for describing specific implementations, and is not intended to limit the exemplary implementations according to the present application. As used herein, unless the context clearly dictates otherwise, the singular is intended to include the plural, and it should also be understood that when the terms "comprising" and / or "comprising" are used in this specification, they mean There are features, steps, operations, means, components and / or combina...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a Web anomaly detection method and system based on SMOTETomek and LightGBM, and the method comprises the steps: firstly, collecting a mirror image flow PCAP packet from a switch, extracting network flow characteristics, then cleaning redundant data of a training data set, carrying out missing value processing, processing character type flow characteristics, and employing min-max method to normalize the data; then, calculating the flow feature importance based on the GBDT algorithm of the Gini coefficient; carrying out feature selection, carrying out oversampling on afew classes by combining an SMOTE algorithm and a Tomek Links algorithm, training a classifier through a LightGBM algorithm to detect abnormal flow , and finally, carrying out response and feedback processing on a detection result. According to the invention, unknown Web attacks can be detected, and the detection rate and the detection precision on few types of Web attacks are high.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and system for detecting Web anomalies based on SMOTETomek and LightGBM. Background technique [0002] With the rapid development of network technology, Web services have been widely used in network services, so they have also become the main attack target of criminals. Due to the continuous update of attack tools and the continuous improvement of attack technology, it is difficult for the intrusion detection system based on rule matching to detect deformation or unknown Web attacks. There is a certain lag in the method of mining log information to detect attack behavior. Although the model can detect unknown attacks, it is limited by the quality of feature extraction, and the detection rate and detection accuracy need to be improved. From a microscopic point of view, the intrusion behavior of the attacker needs to maintain communication with the target. Theref...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F16/215
CPCG06F16/215H04L63/1425
Inventor 张浩魏志强连鸿飞
Owner FUZHOU UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap