Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Apt network attack detection method based on meta-path learning and subgraph sampling

A network attack and detection method technology, applied in the field of network security and machine learning, can solve the problems of complex system behavior, information loss, modeling, etc., and achieve the effect of overcoming latency

Active Publication Date: 2021-11-23
ZHEJIANG UNIV OF TECH
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, due to the complexity of system behavior contained in system log data, it is difficult for general deep learning networks to model it.
However, if artificially predefined features are directly extracted from system log data, it will cause a huge loss of information due to the complexity of APT network attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Apt network attack detection method based on meta-path learning and subgraph sampling
  • Apt network attack detection method based on meta-path learning and subgraph sampling
  • Apt network attack detection method based on meta-path learning and subgraph sampling

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] The present invention will be further described below in conjunction with the accompanying drawings.

[0034] refer to Figure 1 ~ Figure 3 , an APT network attack detection method based on meta-path learning and subgraph sampling, comprising the following steps:

[0035] 1) Construction of heterogeneous graph based on log data: define system behavior involved in system log data, and build a heterogeneous graph representing system behavior on this basis;

[0036] In said step 1), the steps of building a heterogeneous graph based on log data are as follows:

[0037] (1-1) Concept map definition: first, define node types according to the system behaviors involved in the log data, including processes, files, networks, node attributes, etc.; then, define relationship types according to the interactive behavior between nodes, including process and The derivation relationship between processes, the reading relationship between processes and files, the creation relationship ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

An APT network attack detection method based on meta-path learning and subgraph sampling, including the following steps: 1) Construction of a heterogeneous graph based on log data: define the system behavior involved in the system log data, and construct a representation system behavior on this basis 2) Meta-path definition and meta-path learning: Define the meta-path in the heterogeneous graph, and then perform node sequence sampling and node embedding learning based on the meta-path; 3) Construction of detection model based on sub-graph sampling : Sampling the subgraph representing the elements to be detected from the heterogeneous graph, and then using the subgraph to detect network attacks. The invention monitors the APT network attack based on the system log data, which is convenient for discovering the real destructive behavior of the network attack on the system; the heterogeneous graph is used for modeling, which can represent complex system behavior; the sub-graph sampling is used to construct the detection model, which can overcome the The latent nature of APT network attack behavior.

Description

technical field [0001] The invention relates to the technical fields of network security and machine learning, in particular to an APT network attack detection method. Background technique [0002] APT network attack is a planned and continuous network attack launched against the government, core infrastructure, important industries, etc. Compared with traditional network attacks, APT network attacks have the characteristics of high concealment, long incubation period, and various attack methods, which makes it difficult for traditional network traffic-based detection methods to deal with them. Therefore, it is one of the effective means to deal with the concealment and diversity of APT network attacks to conduct all-round monitoring of system behavior to discover the actual damage behavior of APT network attacks on the system. [0003] On the other hand, with the development of machine learning technology, network attack detection methods based on machine learning have rec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/55G06F21/56G06F16/901G06N3/08G06F16/18
CPCG06F21/554G06F21/56G06N3/08G06F16/1815G06F16/9024
Inventor 王婷董程昱吕明琪朱添田陈铁明顾国民陈波江颉
Owner ZHEJIANG UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com