Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Abnormal host detection method and device based on host portrait, medium and equipment

An abnormal host and detection method technology, applied in the computer field, can solve the problems of host definition and detection, and achieve the effects of more effective feature values, long decay period, and comprehensive detection dimensions

Active Publication Date: 2021-12-03
极客信安(北京)科技有限公司
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, the existing method is essentially to detect the abnormality of the traffic and then infer the abnormal host, rather than define and detect the abnormality of the host itself, which has a large defect in accuracy

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal host detection method and device based on host portrait, medium and equipment
  • Abnormal host detection method and device based on host portrait, medium and equipment
  • Abnormal host detection method and device based on host portrait, medium and equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0078] Such as figure 1 As shown, according to the specific implementation manner of the present invention, in the first aspect, the present invention provides a method for detecting abnormal hosts based on host portraits, including:

[0079] Step S101: within the first set time segment, collect the first flow data of a plurality of host IPs to be tested based on the unsupervised learning method;

[0080] Among them, the unsupervised learning method is a method for solving various problems in pattern recognition based on training samples with unknown categories. In this embodiment, the IP flow data of the host to be tested is collected autonomously by the data collection device.

[0081] The first set time segment is an artificially set time period with an indefinite length, for example, including but not limited to daytime, night, working day, holiday, peak business period, fixed time period in the morning or afternoon of each day, etc.; A period of time can be set accordin...

Embodiment 2

[0131] Such as Figure 6 As shown, according to the specific embodiment of the present invention, in the second aspect, the present invention provides a device for detecting abnormal hosts based on host portraits, including: an acquisition unit 601, an extraction unit 602, a clustering unit 603, a processing unit 604, a merge Unit 605, training unit 606 and detection unit 607;

[0132] The collection unit 601 is configured to collect the first traffic data of a plurality of host IPs to be tested based on an unsupervised learning method within a first set time period;

[0133] The extracting unit 602 is configured to extract traffic characteristic values ​​and host-associated characteristic values ​​in the traffic data, wherein the traffic characteristic values ​​include the number of upstream and downstream data and the number of upstream and downstream flows; the host-associated characteristic values ​​include: Access port sequence, access IP sequence, access domain name seq...

Embodiment 3

[0176] Such as Figure 7 As shown, according to the specific implementation mode of the present invention, in the third aspect, this embodiment provides an electronic device, the device is used for a method for detecting an abnormal host based on a host image, and the electronic device includes: at least one processing and, a memory communicatively coupled to the at least one processor; wherein,

[0177] The memory stores instructions executable by the one processor, and the instructions are executed by the at least one processor, so that the at least one processor can perform: an abnormal host detection based on a host profile.

[0178] Refer below Figure 7 , which shows a schematic structural diagram of an electronic device 700 suitable for implementing the embodiments of the present disclosure. The terminal equipment in the embodiment of the present disclosure may include but not limited to such as mobile phone, notebook computer, digital broadcast receiver, PDA (persona...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an abnormal host detection method and device based on a host portrait, a medium and equipment. The method comprises the steps of collecting first flow data of multiple to-be-tested host IPs based on an unsupervised learning method within a first set time slice; extracting a traffic characteristic value and a host associated characteristic value in the traffic data; based on a graph segmentation method, performing to-be-tested host IP clustering on the similarity of the flow characteristic values and the relevance of the host relevance characteristic values to form a plurality of groups of to-be-tested hosts; vectorizing each group of collected flow characteristic values and host associated characteristic values to form characteristic vectors; performing normalization processing to respectively form a feature vector set of each group of to-be-tested hosts; respectively training the feature vector sets, and constructing respective detection models of the corresponding to-be-detected hosts in each group; and detecting abnormal behaviors of the to-be-detected host based on the detection model. According to the method, a wide training set is not needed, features are defined based on the time dimension and the space dimension, and dimension detection is more comprehensive.

Description

technical field [0001] The present invention relates to the field of computer technology, in particular, to a method, device, medium and equipment for detecting abnormal hosts based on host portraits. Background technique [0002] With the development of Internet technology, abnormal network phenomena have become commonplace, such as hacker attacks and other irregular means will produce abnormal network behavior. [0003] Therefore, it becomes very necessary to monitor network abnormal hosts when network abnormalities occur, wherein the network abnormal hosts refer to hosts with abnormal network behaviors. Such as sudden external scanning, opening of abnormal service ports, hosts attacking other hosts, etc. Hosts with abnormal network behavior are often invaded or controlled by attackers. Discovering hosts with abnormal behavior is of great significance for tracking network attackers and eliminating malicious network behaviors. [0004] Existing ways to discover abnormal h...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1425G06F18/23G06F18/214Y02D30/50
Inventor 不公告发明人
Owner 极客信安(北京)科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com