Intranet security threat multi-model collaborative defense method based on credibility

A multi-model, safe technology, applied in computing models, character and pattern recognition, instruments, etc., can solve the problems that predictions cannot obtain comprehensive and accurate results, logs are easy to be tampered with, and cannot be combined and used

Inactive Publication Date: 2020-08-21
NANKAI UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The purpose of the present invention is to solve the problem that when a large number of logs are generated on the intranet, these logs are easy to be tampered with, cannot be combined and used, and the model will degenerate, resulting in the inability to obtain comprehensive and accurate results for prediction. Learned Intelligent Analysis Method for Intranet Security Threats

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intranet security threat multi-model collaborative defense method based on credibility
  • Intranet security threat multi-model collaborative defense method based on credibility
  • Intranet security threat multi-model collaborative defense method based on credibility

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0081] The present invention takes the detection of abnormal log blocks as an example for specific description. The method can use any log parsing algorithm that obtains the log template set by inputting the original log flow set, and any machine learning algorithm. The method flow is as follows: figure 1 In this embodiment, six log parsing algorithms, AEL, Drain, IPLoM, LogSig, SHISO, and Spell, and three machine learning algorithms, decision tree, support vector machine, and logistic regression, are used as examples for illustration. The specific introduction is as follows:

[0082] AEL (Abstracting Execution Logs) is a log parsing algorithm. This algorithm is divided into four steps when parsing the log: the first step is anonymization, the algorithm uses a heuristic method to identify the tags in the log line corresponding to the dynamic variable part; the second step is tokenization, the algorithm based on each line The number of words and parameters in the log divides an...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an intranet security threat multi-model collaborative defense method based on credibility. The method is realized through the following steps: 1, extracting a heterogeneous logtemplate set from massive logs by using thirteen log analysis algorithms such as LogSig and the like, generating a feature matrix through block_id partitioning, learning the feature matrix by using three machine learning algorithms such as SVM and the like, and establishing thirty-nine log detection models; 2, calculating the credibility of the prediction result of the to-be-detected log by different detection models through a statistical learning algorithm; 3, fusing the multi-model prediction results by utilizing the credibility of the plurality of model prediction results obtained by calculation so as to realize collaborative defense of the heterogeneous model. Different from an analysis mode based on a threshold value and a single model, thirteen log analysis algorithms and three machine learning algorithms are used for generating a log detection model, and multi-model cooperation is achieved; and the statistical learning method is utilized to improve the detection capability of the abnormal log.

Description

technical field [0001] The invention belongs to the field of computer network security. Background technique [0002] With the continuous development of computer networks, network security issues have become the focus of attention and challenges. Intranet security threats are the focus of attention in network security issues, and intranet attacks are frequent and aggressive. At present, the amount of logs generated by equipment is increasing, making it difficult to analyze manually. At the same time, a single model will degrade over time, resulting in the inability to obtain comprehensive and accurate detection results. Therefore, it is necessary to build a machine that can analyze logs. And threats can be discovered through the multi-model collaborative defense model. [0003] This system comprehensively uses multiple log parsing algorithms, machine learning algorithms and statistical learning algorithms to collaboratively analyze intranet attack problems to improve accur...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06K9/62G06N20/00
CPCH04L63/1425H04L63/1416G06N20/00G06F18/214
Inventor 王志陈炜嘉付晏升王雨奇
Owner NANKAI UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap