Network asset anomaly detection method and system, medium and equipment

A network asset and anomaly detection technology, applied in the field of network security, can solve problems such as the efficiency and low accuracy of private network assets, and achieve the effect of easy investigation and removal, high efficiency and easy acquisition.

Active Publication Date: 2020-06-26
GUANGZHOU TRUSTMO INFORMATION SYST CO LTD
View PDF5 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The present invention provides a network asset anomaly detection method, system, medium and equip

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network asset anomaly detection method and system, medium and equipment
  • Network asset anomaly detection method and system, medium and equipment
  • Network asset anomaly detection method and system, medium and equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0068] like figure 1 As shown, the abnormal detection method for network assets in this embodiment includes the following steps:

[0069] S1. Heterogeneous data collection and storage, collect traffic data, detection data and other external data of network assets from different sources, and store them in the database;

[0070] S2. Data feature processing, integrating raw data from multiple sources, using the "improved Raney entropy algorithm" to convert a set of probability distribution-type fields into a new data feature field, using "quantile-based high robustness Standardize the data and generate the data set required for modeling;

[0071] S3. Modeling and detection, the modeling unit obtains the network asset data set, adopts the "prototype-based automatic optimal clustering algorithm", and establishes the optimal clustering model according to the "asset type" grouping, and the detection unit outputs the output of the modeling unit Clustering results are processed to de...

Embodiment 2

[0171] Such as Figure 5 As shown, the present embodiment provides a network asset anomaly detection system, which includes a heterogeneous data acquisition and storage module 1, a data feature processing module 2, a modeling and detection module 3 and a detection result analysis module 4, each module The specific functions are as follows:

[0172] The heterogeneous data collection and storage module 1 is used to collect traffic data, detection data and other external data of network assets from different sources, and store them in a database;

[0173] The data feature processing module 2 is used to integrate raw data from multiple sources, use the "improved Raney entropy algorithm" to convert a set of probability distribution type fields into a new data feature field, and use the "quantile-based The highly robust standardization algorithm" standardizes the data and generates the data sets required for modeling;

[0174] The modeling and detection module 3 uses the modeling ...

Embodiment 3

[0178] This embodiment provides a storage medium, the storage medium stores one or more programs, and when the programs are executed by the processor, the network asset anomaly detection method of the above-mentioned embodiment 1 is implemented, as follows:

[0179] Heterogeneous data collection and storage, collecting traffic data, detection data and other external data of network assets from different sources, and storing them in the database;

[0180] Data feature processing, integrating raw data from multiple sources, using the "improved Raney entropy algorithm" to convert a set of probability distribution type fields into a new data feature field, using "quantile-based high robustness standardization "algorithm" to standardize the data and generate the data set required for modeling;

[0181] Modeling and detection, the modeling unit obtains the network asset data set, adopts the "prototype-based automatic optimal clustering algorithm", and establishes the optimal cluster...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network asset anomaly detection method and system, a medium and equipment. The method comprises the following steps: acquiring and storing heterogeneous data; data feature processing: integrating multi-source original data, deriving and converting a group of probability distribution type fields into a new data feature field by using an improved Raney entropy algorithm, and standardizing the data by using a quantile-based high-robustness standardization algorithm to generate a data set required by modeling; modeling and detection: enabling a modeling unit to acquire anetwork asset data set, and establishing an optimal clustering model in groups according to asset types by adopting an automatic optimal clustering algorithm based on prototypes; and detection resultanalysis: using the optimal clustering model obtained in the modeling and detection steps to be combined with an anomaly detection result analysis strategy. According to the invention, the efficiencyand accuracy of private network asset anomaly detection are improved, and the method is a universal detection method suitable for various abnormal threat scenes.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method, system, medium and equipment for abnormal detection of network assets. Background technique [0002] With the rapid development of the Internet and information technology, the network is deeply integrated with various industries and fields. A reliable and safe network environment is an important guarantee for the normal operation of society. Especially in the private network environment in the fields of government affairs, public security, and public utilities, network security is more related to national security and social stability. [0003] The scale of the network is increasing day by day, the means of abnormal threats are changing with each passing day, and the difficulty of network anomaly detection and detection result analysis has increased significantly. Existing network anomaly detection technologies have obvious deficiencies: detection methods base...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F16/35G06F16/953G06K9/62
CPCG06F16/35G06F16/953G06F18/2411G06F18/2415
Inventor 邹凯陈凯枫张渊曾浩
Owner GUANGZHOU TRUSTMO INFORMATION SYST CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap