Network Security Anomaly Detection Algorithm and Detection System Based on Clustering Graph Neural Network

A neural network and anomaly detection technology, applied in the field of network security anomaly detection, can solve problems such as difficult to find complex attacks

Active Publication Date: 2021-11-02
TSINGHUA UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

It is difficult to discover hidden complex attacks by judging the operating status and logs of a single device

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network Security Anomaly Detection Algorithm and Detection System Based on Clustering Graph Neural Network
  • Network Security Anomaly Detection Algorithm and Detection System Based on Clustering Graph Neural Network
  • Network Security Anomaly Detection Algorithm and Detection System Based on Clustering Graph Neural Network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] In order to understand the above-mentioned purpose, features and advantages of the present invention more clearly, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments. It should be noted that, in the case of no conflict, the embodiments of the present invention and the features in the embodiments can be combined with each other.

[0046] Such as figure 1 As shown, this embodiment provides a network security anomaly detection implementation method based on the cluster graph neural network:

[0047] Step 1. Extract multi-source features from multi-source data. In the network security anomaly detection system based on clustering neural network, multiple data sources are used to improve the detection effect.

[0048] For network traffic data packets, some fields in the data packets, such as source IP address and destination IP address, can be used as characteristics of the traffic data.

...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network security anomaly detection algorithm based on a cluster graph neural network. The algorithm includes the following steps: using a graph model to describe the network topology, using a graph neural network convolutional layer to optimize node features, using a graph clustering algorithm to divide the graph into multiple disjoint subgraphs, and treating each subgraph as a node, The adjacency relationship of the subgraph is regarded as an edge to form a subgraph, and the graph attention layer is used to learn a weight for each node, and the features of all nodes in each subgraph are weighted and summed to form the characteristics of the nodes in the subgraph, and finally Use the fully connected layer and the classifier layer to judge whether the network has received an attack. This method builds a hierarchical graph neural network, optimizes the node features in the graph through the graph convolution layer, captures local features on the graph through the pooling layer based on the graph clustering algorithm, and generates high-level semantic features. The situational features of the entire network are generated, and the network situation is classified by a classifier.

Description

technical field [0001] The invention belongs to the field of network security anomaly detection. Specifically, the invention uses a graph model to describe the topology structure of the network, and uses a hierarchical graph neural network model to detect whether there is an anomaly in the entire network. Background technique [0002] With the advancement of information technology, both enterprises and individuals are enjoying the convenience brought by information technology. As a part of information technology, network technology is widely used in daily life. With the increasing number of cyber attacks in recent years, the means of attack are becoming more and more diversified and concealed. By judging information such as the operating status and logs of a single device, it is difficult to discover hidden complex attacks. How to reasonably and effectively use the information of all devices in the entire network to comprehensively judge whether the entire network has rece...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24G06K9/62G06N3/04
CPCH04L63/20H04L63/1416H04L41/142H04L41/147H04L41/12G06N3/044G06N3/045G06F18/23213G06F18/253
Inventor 赵曦滨梁若舟高跃
Owner TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products