Host operation instruction exception identification method and system

An operation instruction and host operation technology, which is applied in the field of abnormal identification of host operation instructions, can solve the problems of large time complexity, difficulty in obtaining the distribution function of data in advance, low efficiency, etc., and achieves high computing efficiency and improves object recognition accuracy. Effect

Active Publication Date: 2020-05-12
SHANGHAI GUAN AN INFORMATION TECH
View PDF9 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, in the distance-based method, there are certain difficulties in the selection of the distance function and parameters; in the statistical-based method, the distribution of the data is required to be known in advance, but the distribution function of the data is difficult to obtain in advance; in the density-based method, the time complexity is large ; cluster-based methods mainly focus on clustering problems
These problems limit the application of abnormal data mining methods, and mainly deal with deterministic data. There is no effective theoretical model and method for uncertain information processing and discrete sequence data, and the internal logical relationship between sequence behaviors cannot be considered.
For sequence anomaly detection methods, the commonly used Markov model and directed graph model are inefficient for processing large data sets.
[0005] The classification recognition algorithm model of the prior art is based on instruction features, and the relationship between instructions is not fully considered, and it cannot make full use of the inherent logical relationship between the front and back instructions of the host operation in the time dimension.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Host operation instruction exception identification method and system
  • Host operation instruction exception identification method and system
  • Host operation instruction exception identification method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0067] Such as figure 1 As shown, this embodiment provides a method for identifying abnormality of a host operation instruction, including the following steps:

[0068] S1: Sample data extraction

[0069] Extract a certain quarter (or a specified time period (month, year, etc.)) system operation instruction log data as the original sample data.

[0070] S2: Data processing

[0071] Based on the sample data extracted by S1, it is distinguished by month, and processed into a user host account as the ID, and the monthly and ID form a unique index, and the commands are arranged in chronological order, and the combined command behavior forms a behavior sequence record, such as 6m; root ;cd,mv,cp,ls,ls,rm,...,reboot;

[0072] According to the data obtained by S1, count the usage frequency of each host operation command.

[0073] S3: Screening of uncommon commands

[0074] According to the frequency of operation instructions obtained by S1, arrange them in ascending order, and u...

Embodiment 2

[0112] Such as image 3 As shown, corresponding to Embodiment 1, this embodiment also provides a system for identifying abnormalities in host operation instructions, including

[0113] The sample data extraction module extracts the system operation instruction log data of a specified time period as the original sample data;

[0114] The data processing module, based on the sample data, is distinguished by the set period, and processed into the user host account as the ID, the set period and the ID form a unique index, the instructions are arranged in chronological order, and the combined instruction behavior forms a behavior sequence record.

[0115] According to the sample data, count the usage frequency of each host operation command;

[0116] The non-common instruction screening module arranges the frequency of operation instructions in ascending order, and uses the quantile feature to filter out the operation instructions that are less than the set threshold from the sort...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a host operation instruction exception identification method and system. The method comprises the following steps: S1, extracting sample data; S2, carrying out data processing;obtaining a behavior sequence record and the use frequency of each host operation instruction; S3, screening non-common instructions to obtain a target operation instruction sequence; S4, training a compact prediction tree to obtain a target compact prediction tree; S5, carrying out compact prediction tree prediction to acquire a training data set with a label; S6, training an operation instruction vector by utilizing word2vec to form a pre-training vector; S7, establishing a classification and identification model by using Bi-LSTM; and S8, performing prediction by utilizing the classificationmodel. According to the method, user host operation instruction sequences are analyzed by adopting the compact prediction tree, and a behavior relationship between the instruction behavior sequencesis researched, so that whether the user host operation instruction is abnormal is judged. Based on this, the internal relation between the user operation instructions is fully considered, the logic relation of the instructions in the time dimension is studied, and the object recognition accuracy of the abnormal host operation instructions is improved.

Description

technical field [0001] The invention relates to computer data security, in particular to a method and system for identifying abnormality of host operation instructions. Background technique [0002] Computer system security is one of the key contents of information security. It has become the core technology of computer information system and an important foundation and supplement of network security. [0003] With the continuous development of modern information technology, computer applications involve all walks of life. For computer information security, the country has established a computer network information security mechanism to protect information security and other fields, but it is also difficult to manage computers with a high degree of use. When the protection system is not complete, the computer system still has the threat of information network technology, such as information leakage, information tampering and other dangerous behaviors, which have caused pote...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55
CPCG06F21/554
Inventor 殷钱安梁淑云刘胜马影陶景龙王启凡魏国富徐明余贤喆周晓勇
Owner SHANGHAI GUAN AN INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap