Rapid network attack backtracking mining method based on convolutional neural network and application

A convolutional neural network and network attack technology, which is applied in the field of fast network attack backtracking mining, can solve the problem of lack of traceability and classification of network attacks, and achieve the effect of improving attack backtracking mining speed, saving reconstruction sequence time, and extensive engineering practical value

Active Publication Date: 2020-05-22
STATE GRID TIANJIN ELECTRIC POWER +1
View PDF5 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The purpose of the present invention is to provide a fast network attack backtracking mining method based on convolutional neural network in view of the lack of traceability points for network attacks in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Rapid network attack backtracking mining method based on convolutional neural network and application
  • Rapid network attack backtracking mining method based on convolutional neural network and application
  • Rapid network attack backtracking mining method based on convolutional neural network and application

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0035] The backward fast backtracking algorithm based on the backward convolutional neural network (TR-CNN) comprises the following steps:

[0036] Step (1): Dataset construction. The truncated support vector machine is introduced in the convolutional neural network algorithm to speed up the training speed of high-dimensional big data analysis.

[0037] Step (2): Dataset training. First, we pre-train TR-CNN with high-order forward pass to obtain the output of each layer. Then, we construct the loss function and try to minimize it. Specifically, the loss function Expressed as:

[0038]

[0039] where (x; y) is a tensor object and s refers to the dimension. get the minimum First, we assign the tensor's weights as random numbers. Then, the tensor's weights will be updated.

[0040] Step (3): Solve the data load problem using a deterministic packet marking model to reconstruct the mining sequence.

[0041] In step (2), the loss function is used to measure the gap bet...

Embodiment 2

[0043] In order to improve the accuracy of TR-CNN training in step 1 in embodiment 1, preferably in the TR-CNN training process, the corresponding calculation of key steps is divided into three parts:

[0044] The first part is to compute the following sequence using a higher order forward pass:

[0045]

[0046] Then, the second is to compress the output layer using a truncated SVM to speed up training.

[0047] The last one is to compute the partial derivatives during the update. Higher-order partial derivatives are computed by efficiently designing higher-order backpropagation. Finally, raw data can be used for training as useful information, which helps keep intruders out of the network.

Embodiment 3

[0049] In order to improve the problem of data load in embodiment 1, as a preferred manner, the processing process of the deterministic packet marking model includes the following steps:

[0050] Step (1): Introduce two router load thresholds, Min and Max.

[0051] Step (2): If the load is below Min or above Max, the model will be marked as no packet; if the load is between Min and Max, every packet will be marked.

[0052] Step (3): Determine whether the Destination Options Header (DOH) exists, if it already exists, the router will only encode the ingress address, and then forward the data packet. If not present, the ingress address shall be encoded by creating a DOH, and the packet shall be transmitted.

[0053] Step (4): During the rebuilding process of the program, it should be decided whether to search for DOH according to the attacked host. If it exists, the attacked host will extract the address and put the address into the address table.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a rapid network attack backtracking mining method based on a convolutional neural network and an application. The rapid network attack backtracking mining method comprises the following steps: constructing a backward sequence mining model based on a backward convolutional neural network; pre-training the backward sequence mining model through a high-order forward channel toobtain the output of each layer, constructing a loss function, and reducing the loss function to the minimum; constructing a deterministic packet marking model; introducing two router load thresholdsMin and Max; if the load is between Min and Max, marking a data packet, if not, forwarding and judging whether a destination option header DOH exists or not, if so, a router only encoding an entry address and forwards the data packet, and if not, the router encoding the entry address by creating the DOH and transmits the data packet; and after a deterministic packet marking model is utilized to solve a data load problem, reconstructing a mining sequence. The method is beneficial to actively discovering advanced and persistent attack behaviors hidden in a company information network.

Description

technical field [0001] The invention relates to the technical field of electric power information security, in particular to a fast network attack backtracking mining method and application based on a convolutional neural network. Background technique [0002] At present, the complexity of network attacks is increasing, and the awareness of enterprises and organizations on network system protection is also further strengthened. Enterprises have begun to use network security technology to solve or alleviate network security threats. Due to the popularization and application of networks and various devices, enterprises have deployed many security products within the enterprise in order to solve network security problems, such as intrusion detection systems (IDS), intrusion prevention system (IPS), firewall, web application protection system (WAF), VPN, etc., but the application of these products not only meets the purpose of protecting the network environment, but also generat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F16/2458G06N3/04G06N3/08
CPCG06F21/55G06F16/2465G06N3/084G06N3/045
Inventor 何金赵迪董阳李妍张国强李洁
Owner STATE GRID TIANJIN ELECTRIC POWER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap