Unknown malicious traffic active detection system and method based on deep embedding

A malicious traffic, active detection technology, applied in the field of network security, can solve the problems of low false alarm rate and high detection rate

Active Publication Date: 2020-02-18
INST OF INFORMATION ENG CAS
View PDF8 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The technology of the present invention solves the problem: overcomes the deficiencies of the prior art, and provides a system and method for active detection of unknown malicious t

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Unknown malicious traffic active detection system and method based on deep embedding
  • Unknown malicious traffic active detection system and method based on deep embedding
  • Unknown malicious traffic active detection system and method based on deep embedding

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0076] The present invention will be described in detail below in conjunction with the accompanying drawings and embodiments.

[0077] 1. Problem Definition

[0078] In the training phase, given the training sample set in is the training sample, y i ∈{l 1 , l 2 ,...,l k} is x i corresponding category labels. In the test phase, it is necessary to predict an open sample set D 0 ={(x i ,y i )} ∞ The class label y of i , where y i ∈{l 1 , l 2 ,...,l k ,...,l K}, K>k. In this paper, each sample x i Represents a network flow (that is, a group of consecutive data packets with the same IP quintuple ), the corresponding class label y i stands for generating x i Applications. The goal of the present invention is to use a given set of training samples to construct a classifier C: x→Y'={l 1 , l 2 ,...,l k ,unknown}, where unknown represents a category that has not appeared in the training phase. Network flows classified as unknown during the test phase are judge...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an unknown malicious traffic active detection system and method based on deep embedding. The system comprises a preprocessing module, a deep embedding module, an optimal boundary search module and a detection module. The preprocessing module represents the network flows with different lengths in each application as a flow matrix with a fixed size; the deep embedding moduletakes the flow matrix output by the preprocessing module as input in a training stage and learns nonlinear mapping by training a twin convolutional neural network, so that in an embedding space afterthe nonlinear mapping, network flow generated by the same application is distributed more compactly, and network flow generated by different applications is distributed more discretely; in a test stage, a to-be-identified flow matrix is mapped to an embedding space by using the trained convolutional neural network; the optimal boundary search module is used for searching an optimal classificationhyperplane for the network flow of each known category application in the embedded space, and finally a classifier is constructed; and the detection module is used for judging whether the network flowto be identified is from an unknown malicious application or not based on the classifier obtained by the optimal boundary search module.

Description

technical field [0001] The invention relates to a system and method for actively detecting unknown malicious traffic based on deep embedding, and belongs to the technical field of network security. Background technique [0002] In recent years, with the development of network technology, network attacks emerge in an endless stream. According to the "Internet Security Report 2017" released by Tencent Security, in 2017, as many as 86% of companies worldwide experienced at least one cyber attack. As the carrier of network attacks, network traffic often contains attack-related information. Therefore, anomaly detection of network traffic is crucial to effectively identify malware and ensure network security. [0003] Current malware detection methods can be classified into two categories: signature-based methods and machine learning-based methods. The signature-based method generates a signature database based on known malware samples, and detects malicious samples by matching ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08G06K9/62G06N3/08G06N3/04
CPCH04L63/1408H04L63/1416H04L67/02G06N3/08G06N3/045G06F18/2411G06F18/214
Inventor 于爱民赵力欣蔡利君马建刚孟丹徐震
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap