Unlock instant, AI-driven research and patent intelligence for your innovation.

An intrusion-oriented traceability data clustering method and device

A technology of data clustering and behavior, applied in the computer field, can solve problems such as the difficulty of distinguishing different user behaviors, achieve the effect of dynamic clustering and improve accuracy

Active Publication Date: 2022-04-01
HUAZHONG UNIV OF SCI & TECH
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of the above defects or improvement needs of the prior art, the present invention provides an intrusion behavior-oriented traceability data clustering method and device, aiming at solving the technical problem of difficulty in distinguishing different user behaviors

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An intrusion-oriented traceability data clustering method and device
  • An intrusion-oriented traceability data clustering method and device
  • An intrusion-oriented traceability data clustering method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] In order to make the object, technical solution and advantages of the present invention more clear, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention. In addition, the technical features involved in the various embodiments of the present invention described below can be combined with each other as long as they do not constitute a conflict with each other.

[0045] In the present invention, the terms "first", "second" and the like (if any) in the present invention and drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence.

[0046] refer to figure 1 , combined with Figure 2 to Figure 5 , the present invention will be described in further detail. figure 1 An embodiment of the pre...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an intrusion-oriented traceability data clustering method and device, which belong to the field of computer technology. The method includes: collecting traceability information of the system kernel, and performing preprocessing to filter nodes irrelevant to intrusion behavior and nodes related Dependency relationship; convert the preprocessed traceability information into a traceability graph, and construct the adjacency matrix and node attribute matrix of the traceability graph; select multiple root nodes from the traceability graph as seed nodes for random walk, and make the seed nodes walk according to The strategy performs a random walk to obtain the walking path of the traceability graph and the weight of the traceability edge; the walk strategy is: any node in the seed node walks from the adjacency matrix to its adjacent node with the probability p, and with the probability (1‑ p) Walk from the node attribute matrix to the node with the same attribute; perform clustering according to the walking path and the weight of the tracing edge. It can accurately distinguish different traceability events and provide more accurate data for subsequent detection and query.

Description

technical field [0001] The invention belongs to the field of computer technology, and more specifically relates to an intrusion-oriented traceability data clustering method and device. Background technique [0002] In the big battlefield of cyberspace, the two sides of the offensive and defensive game are essentially a confrontation of information acquisition capabilities. Only by obtaining more and more complete information can we formulate effective offensive and defensive strategies and gain an advantage in the game of cyberspace battlefield. The current host-based intrusion detection methods are mainly based on recording and analyzing Unix shell command data or system call information of intrusion behavior, such as the sequence and occurrence probability of system calls. However, these methods do not reveal detailed internal intrusion event information (such as system vulnerabilities and intrusion sources), and their detection accuracy is not high. Although unstructured...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40G06F16/901G06F16/906
CPCH04L63/1425G06F16/9024G06F16/906
Inventor 谢雨来吴雅锋郑胜周潘冯丹
Owner HUAZHONG UNIV OF SCI & TECH