Multilayer traffic intrusion detection method based on relative information entropy and semi-supervised clustering

A semi-supervised clustering and relative information technology, applied in the field of network traffic anomaly detection, can solve problems such as difficulty in obtaining the global optimal solution, and achieve the effects of rapid detection, accurate intrusion detection, and high accuracy

Pending Publication Date: 2021-08-17
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the algorithm is easy to fall into the local optimal trap, and it is difficult to obtain the global optimal solution.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multilayer traffic intrusion detection method based on relative information entropy and semi-supervised clustering
  • Multilayer traffic intrusion detection method based on relative information entropy and semi-supervised clustering
  • Multilayer traffic intrusion detection method based on relative information entropy and semi-supervised clustering

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0024] The present invention designs a multi-layer traffic intrusion detection method based on relative information entropy and semi-supervised clustering, which is used to realize intrusion detection for the network between two target terminals. In practical applications, such as figure 1 As shown, the specific steps are as follows.

[0025] Step A. Sequentially collect the network communication traffic between the two target terminals, and analyze the protocol based on DPI to obtain the traffic log data corresponding to each network communication, and then enter step B.

[0026] Step B. For each network communication flow, obtain the characteristic value corresponding to each specified characteristic attribute of the network flow, and then obtain the characteristic value corresponding to each designated characteristic ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a multi-layer traffic intrusion detection method based on relative information entropy and semi-supervised clustering, which adopts a brand new control strategy, comprehensively considers features of different dimensions in analysis of traffic data services, so that a detection result has higher accuracy, and has higher accuracy in analysis of features of each dimension. According to the scheme, the concept of relative information entropy is introduced, the random degree of feature distribution in different time periods is well described, and quick detection of network abnormal behaviors is achieved by calculating the relative information entropy value of each dimension feature; besides, for the problem that at present, many intrusion detection methods based on machine learning need a large amount of marked data to distinguish anomalies, the scheme combines information entropy and semi-supervised clustering modes, and only a small amount of marked data is needed to obtain better performance; therefore, efficient and accurate intrusion detection is comprehensively realized for the network, and the stability of network operation is ensured.

Description

technical field [0001] The invention relates to a multi-layer traffic intrusion detection method based on relative information entropy and semi-supervised clustering, and belongs to the technical field of network traffic anomaly detection. Background technique [0002] The development of the Industrial Internet is facing a situation where the industry is developing rapidly and the network security situation is severe. In the process of transformation and upgrading of traditional industrial systems to industrial Internet ecosystems, the optimization of production efficiency brought about by technological innovation has greatly improved industrial productivity, but at the same time it is also facing all-round security challenges. The Industrial Internet is widely used in all walks of life in industrial production. Once a large number of key information infrastructures are attacked, it will not only cause huge economic losses, but also cause environmental disasters and casualti...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06N20/00G06K9/62
CPCH04L63/1425H04L63/1458H04L63/145G06N20/00G06F18/23213
Inventor 刘泳锐刘中金邢燕祯秦志鹏陈解元范广杨朝晖吕志梅安黎东李华
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap