Exception aggregation method and system based on attribute weight and rule driving

An aggregation method and abnormal technology, applied in the field of data identification, can solve problems such as limited aggregation effect and neglect of time series relationship, and achieve the effect of solving low analysis efficiency and reducing the number of abnormalities

Pending Publication Date: 2021-12-28
跨境云(横琴)科技创新研究中心有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, aggregation methods based on attribute similarity pay more attention to the similarity of anomalies, ignoring the temporal relationship between anomalies
However, the aggregation method based on timing and network features needs to manually define a large number of aggregation rules, and the aggregation effect on the exception itself is very limited.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Exception aggregation method and system based on attribute weight and rule driving
  • Exception aggregation method and system based on attribute weight and rule driving
  • Exception aggregation method and system based on attribute weight and rule driving

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0109] As an optional implementation of the present invention, when the current abnormality satisfies the preset aggregation condition, aggregating the current abnormality into the matching existing aggregated abnormality includes:

[0110] Step a: Judging whether there is an aggregation exception of the same type as the current exception in the existing aggregation exception; if it exists, continue to judge whether the abnormal occurrence time of the current exception is less than the time threshold;

[0111] Step b: If the abnormal occurrence time of the current abnormality is less than the time threshold, determine whether there is an aggregated abnormality with the same value as the current abnormality on the condition attribute set defined by the aggregation rule in the existing aggregated exception;

[0112] Step c: If there is an aggregation exception with the same value as the current exception on the condition attribute set defined by the aggregation rule in the existi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an exception aggregation method and system based on attribute weight and rule driving. The method comprises the following steps: performing format unification on a plurality of original exception data so as to construct an abnormal information decision table, and according to the same value relation of exception condition attributes and decision attributes; for exceptions of a plurality of exception types, calculating knowledge granularity and rough conditional entropy of a condition attribute set of the exceptions; for each exception type, calculating an attribute weight of each condition attribute for each exception type; when judging that a current exception meets a preset aggregation condition, aggregating the current exception into an existing aggregation exception matched with the current exception; if the current exception does not meet the preset aggregation condition, adding the current exception as a new aggregation exception into the existing aggregation exception. According to the method, the attribute similarity is obtained by calculating the attribute weight, and exception aggregation is performed according to the preset aggregation rule, so that the exception number can be effectively reduced, and the problem of low analysis efficiency caused by a large number of exceptions is solved.

Description

technical field [0001] The present invention relates to the technical field of data identification, in particular to an abnormal aggregation method and system driven by attribute weights and rules. Background technique [0002] With the development of network technology, when a network attack occurs, the system will generate a large number of abnormalities. In terms of system traffic, there will be exceptions related to traffic analysis. In terms of system applications, there will be exceptions in application logs. In terms of the operation of the system itself, exceptions in system audit logs will be generated. Therefore, the identification of abnormal data is a necessary means to maintain network security. [0003] In the process of detecting anomalies, the existing network anomaly detection and aggregation methods generate a huge amount of anomaly data, which is difficult to analyze one by one. When the network encounters an attack, a large number of abnormalities and a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F16/22G06K9/62H04L29/06
CPCG06F16/2282H04L63/1425H04L63/1416G06F18/22
Inventor 周运贤吕燕蒋风浪叶思迪胡重阳崔浩易大勇
Owner 跨境云(横琴)科技创新研究中心有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap