Switch data anomaly detection method based on vector autoregression model

A technology of autoregressive models and detection methods, applied in data exchange networks, digital transmission systems, electrical components, etc., can solve problems such as lack of analysis, and achieve the effect of filling security loopholes, reducing serious losses, and avoiding misidentification of normal users.

Active Publication Date: 2019-10-22
SHANDONG INSPUR SCI RES INST CO LTD
View PDF7 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Existing anomaly detection methods have disadvantages: if statistical modeling is used to analyze the underlying architecture associated with time series, each task can only derive data analysis at a single point in time; in addition, the existing anomaly detection The method lacks the ability to analyze the intrinsic and / or extrinsic causes of outliers

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Switch data anomaly detection method based on vector autoregression model
  • Switch data anomaly detection method based on vector autoregression model
  • Switch data anomaly detection method based on vector autoregression model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0061] combined with figure 1 , the present embodiment proposes a switch data anomaly detection method based on a vector autoregressive model, and the detection method includes the following steps:

[0062] S10. Obtain in real time the operation behavior data of the logged-in user in the exchange, and store it in the data set.

[0063] S20. Perform graph mapping on the operational behavior data contained in the data set, and convert it into a signed graph. The specific execution process includes:

[0064] S21. Transform the operational behavior data contained in the data set into a series of signed graphs G under the time dimension t , where t=1,2,...,T, at this time, each signed graph is regarded as a mapping of data at time point t;

[0065] S22. Consider each mapping at time point t as a change at the previous time point t-1, and the adjacency matrix associated with it can be written as A t =A t-1 +E t , where Et is the change of two mappings Gt-1 and Gt;

[0066] S23...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a switch data anomaly detection method based on a vector autoregression model, and relates to the technical field of communication processing. Aiming at the defects of an existing anomaly detection method, the adopted technical scheme comprises the steps of obtaining operation behavior data of a login user in a switch in real time, and storing the operation behavior data ina data set; performing graph mapping on the operation behavior data contained in the data set, and converting the operation behavior data into a symbolic graph; for the symbolic graph, introducing analgorithm with a vector autoregression model to carry out anomaly detection, and carrying out analysis by utilizing a Granger causality; according to an analysis result, identifying abnormal points in the symbolic graph, and determining that the operation of the user belongs to an attack behavior; and locking the user, feeding a locking result back to the switch control part, and enabling the switch control part to cancel the operation authority of the user and take countermeasure. According to the method, improper behaviors of operation can be discovered in advance, wrong identification of normal users is avoided, and security holes in the industrial Internet are filled in a targeted manner.

Description

technical field [0001] The invention relates to the technical field of communication processing, in particular to a data anomaly detection method of a switch based on a vector autoregressive model. Background technique [0002] Industrial switches are Ethernet switch devices used in the field of industrial control. Due to the adopted network standards and the transparent and unified TCP / IP protocol, Ethernet has become the main communication standard in the field of industrial control. [0003] In the field of information security, factories, oil refineries, ports and other industrial organizations that deploy industrial Ethernet switches are very vulnerable to cyber attacks by hackers. Vulnerabilities exist in industrial switches that could allow an individual to gain malicious access to a network, take control of an entire organization's network, or even cause lethal damage to an industrial facility. [0004] Anomaly detection refers to the identification of "abnormal poi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/142H04L63/1425
Inventor 吴振东李锐段强安程治
Owner SHANDONG INSPUR SCI RES INST CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap