Intrusion behavior-oriented tracing data clustering method and device

A technology of data clustering and behavior, applied in the computer field, can solve problems such as the difficulty of distinguishing different user behaviors, achieve the effect of dynamic clustering and improve accuracy

Active Publication Date: 2021-11-05
HUAZHONG UNIV OF SCI & TECH
View PDF12 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of the above defects or improvement needs of the prior art, the present invention provides an intrusion behavior-oriented traceability data clustering method and device, aiming at solving the technical problem of difficulty in distinguishing different user behaviors

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion behavior-oriented tracing data clustering method and device
  • Intrusion behavior-oriented tracing data clustering method and device
  • Intrusion behavior-oriented tracing data clustering method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention. In addition, the technical features involved in the various embodiments of the present invention described below can be combined with each other as long as they do not constitute a conflict with each other.

[0045] In the present invention, the terms "first", "second" and the like (if any) in the present invention and drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence.

[0046] refer to figure 1 , combined with Figure 2 to Figure 5 , the present invention will be described in further detail. figure 1 An embodiment of the presen...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an intrusion behavior-oriented tracing data clustering method and device, and belongs to the technical field of computers, and the method comprises the steps: collecting tracing information of a system kernel, and carrying out the preprocessing to filter nodes irrelevant to an intrusion behavior and dependency relationships related to the nodes; converting the preprocessed tracing information into a tracing graph, and constructing an adjacent matrix and a node attribute matrix of the tracing graph; selecting a plurality of root nodes from the tracing graph as seed nodes of random walk, and enabling the seed nodes to walk randomly according to a walk policy to obtain a walk path of the tracing graph and a weight of a tracing edge, wherein the walk policy is that any node in the seed nodes walks from an adjacent matrix to an adjacent node at a probability p, and walks from a node attribute matrix to a node having the same attribute with the node attribute matrix at a probability (1-p); and performing clustering according to the walk path and the weight of the tracing edge. Different tracing events can be accurately distinguished, and more accurate data can be provided for subsequent detection and query.

Description

technical field [0001] The invention belongs to the field of computer technology, and more specifically relates to an intrusion-oriented traceability data clustering method and device. Background technique [0002] In the big battlefield of cyberspace, the two sides of the offensive and defensive game are essentially a confrontation of information acquisition capabilities. Only by obtaining more and more complete information can we formulate effective offensive and defensive strategies and gain an advantage in the game of cyberspace battlefield. The current host-based intrusion detection methods are mainly based on recording and analyzing Unix shell command data or system call information of intrusion behavior, such as the sequence and occurrence probability of system calls. However, these methods do not reveal detailed internal intrusion event information (such as system vulnerabilities and intrusion sources), and their detection accuracy is not high. Although unstructured...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F16/901G06F16/906
CPCH04L63/1425G06F16/9024G06F16/906
Inventor 谢雨来吴雅锋郑胜周潘冯丹
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap