Log monitoring method for behavior anomaly detection based on deep learning improved IFOREST

A deep learning and anomaly detection technology, applied in the field of network security, can solve problems such as long running time and achieve the effect of improving accuracy

Active Publication Date: 2021-01-08
XIAN UNIV OF TECH
View PDF7 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Solve the problem that the running time of the m...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Log monitoring method for behavior anomaly detection based on deep learning improved IFOREST
  • Log monitoring method for behavior anomaly detection based on deep learning improved IFOREST
  • Log monitoring method for behavior anomaly detection based on deep learning improved IFOREST

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0057] The present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0058] A log monitoring method based on deep learning to improve IFOREST for abnormal behavior detection, the specific operation steps are as follows:

[0059] Step 1, use the log user information generated in the platform system to extract, and take the user's operation on the database as an example to make long-term statistics on the number of operations performed by the user on different behaviors such as adding tables, deleting tables, changing tables, and looking up tables every day , generate user log behavior vectors and store them in MySQL;

[0060] Step 2. Obtain the log user behavior vector and use Auto-Encoder to reduce the dimensionality. According to the ratio of 8:2, the data is randomly divided into the user behavior training set and the user behavior test set. The user behavior training set is used to train and generate user b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a log monitoring method for behavior anomaly detection based on deep learning improved IFOREST. The method comprises the following steps: collecting and vectorizing behavior information of a user; carrying out dimension reduction on the input log user behavior vector by utilizing an Auto-Encoder pair algorithm training model; using a generic algorithm and a Gan network to improve IFOREST, repeatedly training a model according to updated information to improve the recognition accuracy, finally, performing high-efficiency and high-precision abnormal behavior detection ondaily behaviors of a user through a log monitoring method, and applying a deep learning method to the field of network security of abnormal behavior detection, so as to detect the abnormal operation performed by the user or an administrator. Dimension reduction is performed on the extracted user behavior information by using the self-encoder in deep learning, preprocessing of high-dimensional datais realized, and a model with higher and more stable training accuracy compared with IFOREST is provided.

Description

technical field [0001] The invention belongs to the field of network security, and in particular relates to a log monitoring method based on deep learning to improve IFOREST for abnormal behavior detection. Background technique [0002] Today's network platform systems are getting larger and larger, and the number of users and administrators is also increasing rapidly. It is inevitable that some users or administrators will perform abnormal operations. During the operation of the log-based monitoring system, the monitoring system is used to monitor the log status in real time, detect abnormal behaviors that have occurred or are about to occur in time, and leave valuable time for taking corresponding measures. Log monitoring is a series of processes of collecting, filtering, storing, analyzing, and detecting abnormalities of various user log behaviors generated during system operation, and is an important part of the log monitoring system. By analyzing logs from different an...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/55H04L29/06G06K9/62G06N3/08
CPCG06F21/552H04L63/1425G06N3/08G06F18/213G06F18/214G06F18/2433Y02D10/00
Inventor 宋昕徐思航朱磊赵琛黑新宏王一川姬文江杜延宁盘隆吕泽立
Owner XIAN UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap