Unlock instant, AI-driven research and patent intelligence for your innovation.

Multi-element behavior detection method and system based on hyper-converged server system, and medium

A server system and detection method technology, applied in the field of multi-behavior detection based on hyper-converged server system, can solve the problems of difficult to cover network behavior, difficult to detect intrusion behavior, large system overhead, etc., achieve easy deployment, reduce resource consumption, improve The effect of accuracy

Pending Publication Date: 2022-02-08
国网浙江省电力有限公司双创中心 +1
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Through the above analysis, the existing problems and defects of the prior art are as follows: in the existing intrusion detection system, the system overhead is large and the detection rate is low
[0004] The difficulty in solving the above problems and defects is: the existing intrusion detection system is a model that defines intrusion behavior and normal behavior in advance, and it is difficult to cover all network behaviors; the current network environment has a huge amount of data and a large throughput, and it is difficult to quickly and accurately detect intrusion

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-element behavior detection method and system based on hyper-converged server system, and medium
  • Multi-element behavior detection method and system based on hyper-converged server system, and medium
  • Multi-element behavior detection method and system based on hyper-converged server system, and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0091] The method of the present invention includes the following modules:

[0092] Acquisition module: used to collect network behavior characteristics between virtual machines in the cluster of hyper-converged server systems, and capture the frequency of various network behaviors between virtual machines by modifying the protocol between virtual machines in the cluster;

[0093] Storage module: used to store the network behavior characteristics among virtual machines in the cluster of hyper-converged server systems, count the frequency of use of various network behaviors in a fixed total amount, and collect the access density maps of various network behaviors by using the network behavior capture function storing, the access density map is used as a data source for building a model module to describe network behavior;

[0094] Model building module: used to build a network behavior model among virtual machines in the cluster of the hyper-converged server system. The construc...

Embodiment 2

[0127] The multi-behavior detection method based on the hyper-converged server system provided by the embodiment of the present invention analyzes the characteristics of the network behavior between virtual machines from the exploit mechanism of the vulnerability, and selects various network behavior frequencies as the network behavior characteristics between virtual machines , use the collector to collect protocol messages corresponding to network behavior, extract network behavior characteristics between virtual machines, select and design appropriate dimensionality reduction and clustering algorithms, process data of network behavior characteristics between virtual machines, and construct normal virtual machines of the system Take the hyper-converged server as an example to build an attack detection system and design corresponding test modules to evaluate the performance of the attack detection system.

[0128] as attached figure 2 As shown, the multiple behavior detection...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of network security, and discloses a multi-element behavior detection method and system based on a hyper-converged server system, and a medium. The method comprises the steps: constructing a network behavior model between virtual machines in a cluster of the hyper-converged server system by associating multivariate behaviors of the hyper-converged server system with a network protocol message, and carrying out multivariate behavior detection. According to the multivariate behavior detection method based on the hyper-converged server system, the accuracy of attack detection is improved, and the requirements of safety and data sharing of the server can be better met. A hyper-converged server system is used as a prototype system, effective analysis and representation of network behavior characteristic data between the virtual machines are provided through a network behavior acquisition module between the virtual machines and a proper dimension reduction and clustering algorithm, and construction of a normal network behavior model of the system and detection and analysis of abnormal network behaviors are realized.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a multiple behavior detection method, system and medium based on a hyper-converged server system. Background technique [0002] At present, various attacks against servers are emerging in an endless stream, and security incidents such as network usage obstruction and data leakage caused by attacks frequently occur. Servers are usually used as the core equipment of IT systems to provide specific services to the outside world through the network. Therefore, intrusion detection of servers is very important. Especially important, in the existing anomaly detection research, the method of anomaly detection based on a single information source such as network traffic is easily evaded by attackers, resulting in a low detection rate. And with the development of ubiquitous Internet of Things perception and detection technology, various intelligent systems and applicati...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F21/53G06K9/62G06F17/16G06F17/18
CPCG06F21/554G06F21/53G06F17/16G06F17/18G06F18/23213G06F18/241G06F18/25
Inventor 刘周斌陈华智董知周林世溪吴千蔡怡挺卢剑辉陈显辉李炜景峰
Owner 国网浙江省电力有限公司双创中心