Network security anomaly detection algorithm and detection system based on clustering graph neural network

A neural network and anomaly detection technology, applied in the field of network security anomaly detection, can solve problems such as difficult to find complex attacks

Active Publication Date: 2021-01-01
TSINGHUA UNIV
View PDF5 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

It is difficult to discover hidden complex attacks by judging the operating status and logs of a single device

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network security anomaly detection algorithm and detection system based on clustering graph neural network
  • Network security anomaly detection algorithm and detection system based on clustering graph neural network
  • Network security anomaly detection algorithm and detection system based on clustering graph neural network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] In order to understand the above-mentioned purpose, features and advantages of the present invention more clearly, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments. It should be noted that, in the case of no conflict, the embodiments of the present invention and the features in the embodiments can be combined with each other.

[0046] like figure 1 As shown, this embodiment provides a network security anomaly detection implementation method based on the cluster graph neural network:

[0047] Step 1. Extract multi-source features from multi-source data. In the network security anomaly detection system based on clustering neural network, multiple data sources are used to improve the detection effect.

[0048] For network traffic data packets, some fields in the data packets, such as source IP address and destination IP address, can be used as characteristics of the traffic data.

[00...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network security anomaly detection algorithm based on a clustering graph neural network. The algorithm comprises the following steps: describing a network topology structureby using a graph model, optimizing node characteristics by using a graph neural network convolution layer, segmenting a graph into a plurality of disjoint sub-graphs by using a graph clustering algorithm, regarding each sub-graph as a node, regarding an adjacency relationship of the sub-graphs as an edge, forming a sub-graph, learning a weight for each node by utilizing a graph attention layer, performing weighted summation on features of all nodes in each sub-graph to form features of the nodes in the sub-graph, and finally judging whether a network is attacked or not by utilizing a full connection layer and a classifier layer. According to the method, a hierarchical graph neural network is constructed, node features in a graph are optimized through a graph convolution layer, local features on the graph are captured through a pooling layer based on a graph clustering algorithm, high-level semantic features are generated, situation features of the whole network are generated through afusion layer, and network situations are classified through a classifier.

Description

technical field [0001] The invention belongs to the field of network security anomaly detection. Specifically, the invention uses a graph model to describe the topology structure of the network, and uses a hierarchical graph neural network model to detect whether there is an anomaly in the entire network. Background technique [0002] With the advancement of information technology, both enterprises and individuals are enjoying the convenience brought by information technology. As a part of information technology, network technology is widely used in daily life. With the increasing number of cyber attacks in recent years, the means of attack are becoming more and more diversified and concealed. By judging information such as the operating status and logs of a single device, it is difficult to discover hidden complex attacks. How to reasonably and effectively use the information of all devices in the entire network to comprehensively judge whether the entire network has rece...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24G06K9/62G06N3/04
CPCH04L63/20H04L63/1416H04L41/142H04L41/147H04L41/12G06N3/044G06N3/045G06F18/23213G06F18/253
Inventor 赵曦滨梁若舟高跃
Owner TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap