Continuous sub-graph matching method and system for mode graph change, and equipment

Abstract

One or more embodiments of the invention provide a continuous sub-graph matching method and a continuous sub-graph matching system for mode graph change, and equipment. The continuous sub-graph matching method comprises the steps of: constructing a data structure based on a network topological graph G and a mode graph P, wherein the data structure is used for storing a local matching result of thenetwork topological graph G and the mode graph P; constructing a maintenance model based on the dynamic change of the mode graph P; updating the data structure based on the dynamic change of the modegraph P by means of the maintenance model, so that the data structure stores a real-time local matching result; constructing a cost model based on a matching sequence of the mode graph P; calculatingthe minimum matching cost of the mode graph P by using the cost model, and acquiring a matching algorithm based on the minimum matching cost; and acquiring a final matching result of the network topological graph G and the mode graph P based on the real-time local matching result and the matching algorithm, so as to complete network threat detection. According to the continuous sub-graph matchingmethod and the continuous sub-graph matching system, abnormal network attack behaviors can be monitored, an impending network attack mode can be predicted, and an attack target of a network hacker can be speculated.

Description

technical field [0001] One or more embodiments of the present invention relate to the technical field of network security, and in particular to a continuous subgraph matching method, system and device for pattern graph changes. Background technique [0002] As an important means of maintaining network security, network threat detection mainly includes: 1) monitoring abnormal network attack behaviors; 2) predicting upcoming network attack patterns; 3) speculating on the attack targets of network hackers. Existing technology researches continuous subgraph pattern matching technology to find out whether there are abnormal network attack patterns in a dynamically changing network, so that abnormal network attack behaviors can be monitored, but the research finds that there is currently no graph-based method to solve network threats For the last two problems of detection, it is impossible to predict the network attack mode or guess the target of the attack. The monitoring of abno...

AI Technical Summary

Problems solved by technology

Existing technology researches continuous subgraph pattern matching technology to find out whether there are abnormal network attack patterns in a dynamically changing network, so that abnormal network attack behaviors can be monitored, but research has found that there is currently no graph-based method to solve network threats For the last two problems of detection, it is impossible to predict the network attack mode or guess the target of the attack. The monitoring of abnormal network attack behaviors is regarded as a passive detection mode of network threats, and the last two problems of network threat detection are regarded as active detection methods. Now Technology cannot proactively detect cyber threats

Images