Anomaly analysis method and device for network data

An analysis method and network data technology, applied in the direction of instruments, character and pattern recognition, electrical components, etc., can solve problems such as limited application scenarios, difficult network security situation prediction, and prediction accuracy to be improved, so as to reduce resource occupation and improve Accuracy, the effect of improving the operating speed

Pending Publication Date: 2020-06-05
西安交大捷普网络科技有限公司
View PDF0 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] At present, the research on the network security situation is more common in the research on the network threat quantification process and the intrusion detection process. Most of them analyze the past or curr...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Anomaly analysis method and device for network data
  • Anomaly analysis method and device for network data
  • Anomaly analysis method and device for network data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0036] In this embodiment, a method for abnormal analysis of network data is proposed, and the overall process is as follows figure 1 .

[0037] An abnormality analysis method for network data, comprising the following steps:

[0038] S100. The data collection engine collects log data in the network. The log data comes from network devices, security software and hardware, including traffic logs, operation logs, security audit logs, alarm logs, etc., and the log data is stored in the database of the ES cluster.

[0039] S200, extract traffic data satisfying conditions from the database according to the start and end time of the task configuration, and analyze the abnormal behavior. like figure 2 shown, including:

[0040] Establish a classification model: For the data of each abnormal scene, execute the data cleaning algorithm separately, filter the rough data, aggregate and denoise the process of converting it into formatted data, including: checking data consistency, proc...

Embodiment 2

[0071] This embodiment provides an abnormal analysis device for network data, such as Figure 5 shown, including:

[0072] The abnormal behavior analysis module is used to obtain the traffic log data between the start and end time of the abnormal analysis task, convert the traffic metadata into a data type that can be recognized by the classification model, input the converted data into the classification model, and output the data corresponding to According to the category of the data, machine learning or intelligence matching is performed respectively to identify abnormal behavior and generate an alarm for the corresponding IP;

[0073] A potential threat analysis module, configured to associate the discovered abnormal behavior with the original log, statistically analyze the frequency of occurrence of the unknown behavior in the original log, and determine the unknown behavior exceeding a specific frequency as a potential threat;

[0074] The security trend analysis module...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an anomaly analysis method and device for network data. The method comprises: in a microservice form, starting an exception analysis task in an interface calling or timing scheduling or periodic scheduling mode; obtaining traffic log and audit log data, determining categories of the traffic log and audit log data according to a classification model, executing machine learning or intelligence matching according to the categories to recognize abnormal behaviors, performing statistical analysis to obtain unknown potential threats, performing portrait drawing on the abnormal behaviors and the potential threats to generate a security baseline, and predicting a security trend based on the security baseline. On one hand, the running speed is increased, resource occupationis reduced, and on the other hand, the analysis result accuracy can be improved.

Description

technical field [0001] The invention belongs to the technical field of network security and data analysis, and in particular relates to a method and device for abnormal analysis of network data. Background technique [0002] With the advancement of technology, the Internet has penetrated into all aspects, and the number of attacks has increased year by year, and network security issues have gradually become the focus of society. Network attack methods emerge in endlessly, not only in various types, but also in the direction of high integration and automation. With the increasing complexity of the network, security threats also tend to be diversified. Faced with a large number of logs and alarms in different formats and forms, Traditional processing methods have long been overwhelmed, thus deriving network security situational awareness. [0003] Network security situation awareness is an active network defense method. It obtains a large amount of log data from software and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1425G06F18/241
Inventor 李福宜王平陈宏伟
Owner 西安交大捷普网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap