A Method for Abnormal Detection of Host Network Communication Behavior Based on Temporal Motifs

A technology of network communication and host network, which is applied in the field of anomaly detection of host network communication behavior based on graph model timing motif, which can solve problems such as information loss, failure of single host node abnormality, and failure to consider host interaction network relationship, etc. Achieve good feature learning, accurate anomaly detection effect, and improve the effect of generalization applicability

Active Publication Date: 2022-06-03
BEIHANG UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Traditional detection models often study each type of feature separately, resulting in loss of information
For example, statistical analysis methods or neural network models only study the attribute characteristics of communication behaviors, without considering the interactive network relationship between hosts
However, most graph learning methods mainly focus on the structural characteristics of the network, and find the overall abnormality of the network structure by looking for structural changes in the static network, and cannot detect abnormalities for a single host node.
And this kind of scanner behavior shows strong timing in the network structure of communication behavior, which has not yet been reflected in traditional graph learning methods.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Method for Abnormal Detection of Host Network Communication Behavior Based on Temporal Motifs
  • A Method for Abnormal Detection of Host Network Communication Behavior Based on Temporal Motifs
  • A Method for Abnormal Detection of Host Network Communication Behavior Based on Temporal Motifs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] Perform flow aggregation on the original network traffic data, and count the attributes of the flow during a single session. If it is a TCP stream, then

[0051] After the flow aggregation, the network communication flow data with source IP, destination IP and timestamp is obtained. Based on aggregated streaming data

[0055]

[0058] Step 3.2: Extract any n pieces related to the host, and wherein any two time intervals do not exceed the communication edges of δ,

[0060] In this embodiment, the number of sides of the time series motif is set to 3, the delta step is 1 minute, the number of m is 40 at this time, and the type of

[0062] Step 4.1: Because the attribute features of the motif are combined by the features of any three sides, there is a discrepancy

[0063] Step 4.2: The built autoencoder neural network consists of two Encoders and a Decoder. edit

[0064]

[0073] The preferred embodiments of the present invention have been described in detail above, but the pr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a timing motif-based abnormality detection method for host network communication behavior, and relates to the technical field of network detection. The network communication behavior anomaly detection method, by establishing a weighted directed graph model of the host network communication behavior, based on the timing motif mining algorithm on the graph model, the structure, attributes, and dynamic change information of the network communication behavior Introduced into the model to learn representation vectors capable of anomaly detection. The invention extracts the quantity distribution characteristics of the timing motif in the host network communication behavior graph model by modeling, analyzes the attribute change characteristics in the timing motif based on the unsupervised noise reduction autoencoder, constructs a similarity calculation formula, and realizes network communication behavior anomaly detection. Compared with statistical analysis methods that rely on expert experience and neural network training methods that require a large amount of labeled data, it can effectively improve the accuracy of detection and expand the scope of application of anomaly detection.

Description

A method for abnormal detection of host network communication behavior based on timing motif technical field The invention belongs to the technical field of network detection, and relates to a host network communication system based on a graph model timing motif. anomaly detection method Background technique [0002] According to the China Internet Network Security Report issued by the National Internet Emergency Center in recent years, various security incidents The number of incidents has been on the rise, and hosts that provide various applications on the Internet still have greater security risks. Institutional defense Insufficient protection mechanism and insensitivity to the importance of data, etc., often lead to information leakage, website tampering and other security issues. question. As an important carrier of information, the abnormal behavior of host network communication is often caused by abnormal host behavior and security incidents. important cogni...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06K9/62G06N3/04H04L9/40H04L41/142
CPCG06N3/04H04L63/1416H04L63/1425H04L63/20H04L41/142G06F18/214
Inventor 李巍张建强李云春
Owner BEIHANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap