Extensible network attack behavior classification method

A classification method and network attack technology, applied in the field of scalable network attack behavior classification, can solve the problems of low detection efficiency, low accuracy rate, high misjudgment rate, etc.

Active Publication Date: 2020-08-07
AGRI INFORMATION INST OF CAS
View PDF5 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the first two methods are usually unable to effectively identify new attack behavior categories, while the third method has low detection efficiency, low accuracy rate, and high false positive rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Extensible network attack behavior classification method
  • Extensible network attack behavior classification method
  • Extensible network attack behavior classification method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] The present invention will be further described according to the following examples, and the mode of the present invention includes but not limited to the following examples.

[0033] The present invention comprises the following steps:

[0034] Such as figure 1 As shown, it is a flow chart suitable for the network attack behavior classification method. This method obtains the network traffic data through the network server log and performs preprocessing. Firstly, the relevant model training is used to obtain the network attack behavior judgment parameters, and then the network behavior is initially judged, respectively. Calculate the weight values ​​of various network behavior categories including normal behavior, known attack categories, and unknown attack categories, and finally make a final judgment on the network attack type based on the weight values.

[0035] Step S10: Preprocessing of network traffic data

[0036] This step obtains network traffic data based o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an extensible network attack behavior classification method. The method comprises the following steps: carrying out data preprocessing on network flow data; extracting a new feature expression and an optimal original feature set from the multi-dimensional feature attributes of the network traffic data; obtaining model related parameters used for preliminary judgment of network behavior attack categories through classification model training; and obtaining the weight values of the known attack category and the normal behavior of the network behavior and the weight valueof the new attack category to comprehensively judge the attack category of the network behavior. According to the invention, the classification result of the network attack behaviors is optimized; anda supervised learning model and an unsupervised learning model are optimized respectively by extracting new feature expressions from multi-dimensional feature attributes of the network traffic data and selecting an optimal original feature set capable of maximally expressing data features, so that a new attack category can be effectively identified on the basis of ensuring the judgment accuracy of the known attack category.

Description

technical field [0001] The invention relates to the field of network intrusion detection, in particular to an expandable network attack behavior classification method. Background technique [0002] The classification of network attack behavior is to establish the relevant rules of network attack classification by mining and analyzing the inherent characteristics and laws of real-time network traffic data, so as to accurately and effectively detect network attack behavior, so as to realize the protection of the network environment. [0003] At present, the classification method of network attack behavior mainly includes (1) artificially constructing relevant rules of network attack behavior, and the network behavior conforming to the rules is an attack behavior; (3) Establish normal behavior standards, and those with a large gap from the standards are network attack behaviors. However, the first two methods are usually unable to effectively identify new attack behavior categ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62G06N3/04G06N3/08
CPCG06N3/08G06N3/045G06F18/23213G06F18/24Y02D30/50
Inventor 王婷崔运鹏刘娟李欢
Owner AGRI INFORMATION INST OF CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap