Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

APT network attack detection method based on meta-path learning and subgraph sampling

A network attack and detection method technology, applied in the field of network security and machine learning, can solve problems such as complex system behavior, information loss, modeling, etc., and achieve the effect of overcoming latency

Active Publication Date: 2021-03-19
ZHEJIANG UNIV OF TECH
View PDF5 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, due to the complexity of system behavior contained in system log data, it is difficult for general deep learning networks to model it.
However, if artificially predefined features are directly extracted from system log data, it will cause a huge loss of information due to the complexity of APT network attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • APT network attack detection method based on meta-path learning and subgraph sampling
  • APT network attack detection method based on meta-path learning and subgraph sampling
  • APT network attack detection method based on meta-path learning and subgraph sampling

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] The present invention will be further described below in conjunction with the accompanying drawings.

[0034] refer to Figure 1 ~ Figure 3 , an APT network attack detection method based on meta-path learning and subgraph sampling, comprising the following steps:

[0035] 1) Construction of a heterogeneous graph based on log data: define the system behavior involved in the system log data, and construct a heterogeneous graph representing the system behavior on this basis;

[0036] In said step 1), the steps of building a heterogeneous graph based on log data are as follows:

[0037] (1-1) Concept map definition: First, define node types according to the system behaviors involved in the log data, including processes, files, networks, node attributes, etc.; then, define relationship types according to the interactive behavior between nodes, including process and The derivation relationship between processes, the reading relationship between processes and files, the crea...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

An APT network attack detection method based on meta-path learning and sub-graph sampling comprises the following steps: 1) heterogeneous graph construction based on log data: defining system behaviors involved in system log data, and constructing a heterogeneous graph representing the system behaviors on the basis of the system behaviors; 2) meta-path definition and meta-path learning: defining ameta-path in the heterogeneous graph, and performing node sequence sampling and node embedding learning based on the meta-path; and 3) constructing a detection model based on sub-graph sampling: sampling a sub-graph representing the to-be-detected element from the heterogeneous graph, and performing network attack detection by adopting the sub-graph on the basis. According to the invention, APT network attack monitoring is carried out based on the system log data, so that real damage behaviors of network attacks on the system can be found conveniently; a heterogeneous graph is adopted for modeling, and complex system behaviors can be represented; and a detection model is constructed by adopting subgraph sampling, so that the latency of APT network attack behaviors can be overcome to a certain extent.

Description

technical field [0001] The invention relates to the technical fields of network security and machine learning, in particular to an APT network attack detection method. Background technique [0002] APT network attack is a planned and continuous network attack launched against the government, core infrastructure, important industries, etc. Compared with traditional network attacks, APT network attacks have the characteristics of high concealment, long incubation period, and various attack methods, which makes it difficult for traditional network traffic-based detection methods to deal with them. Therefore, it is one of the effective means to deal with the concealment and diversity of APT network attacks to conduct all-round monitoring of system behavior to discover the actual damage behavior of APT network attacks on the system. [0003] On the other hand, with the development of machine learning technology, network attack detection methods based on machine learning have rec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/55G06F21/56G06F16/901G06N3/08G06F16/18
CPCG06F21/554G06F21/56G06N3/08G06F16/1815G06F16/9024
Inventor 王婷董程昱吕明琪朱添田陈铁明顾国民陈波江颉
Owner ZHEJIANG UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com