Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Web log abnormal behavior identification method based on knowledge graph

A technology of knowledge graph and recognition method, which is applied in the direction of using information identifiers to retrieve Web data, natural language data processing, and network data retrieval, etc., which can solve the problems of small role of log analysis, improve recognition rate, increase feature attributes, improve The effect of analysis and recognition ability

Pending Publication Date: 2022-04-12
BEIJING INFORMATION SCI & TECH UNIV
View PDF0 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

It can be found that the use of knowledge graphs makes work tasks easier, but in log analysis, a subfield of network information security, there is currently no complete and effective knowledge graph to support researchers to complete the work of log analysis
Although the document Yan Zhihao et al. constructed a domain name system knowledge graph based on Alexa's top 100w domain names in "CDN Domain Name Identification Technology Based on Domain Name System Knowledge Graph", the function of the domain name system knowledge graph constructed by it is limited to the identification of CDN domain names. The log analysis of the

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web log abnormal behavior identification method based on knowledge graph
  • Web log abnormal behavior identification method based on knowledge graph
  • Web log abnormal behavior identification method based on knowledge graph

Examples

Experimental program
Comparison scheme
Effect test

experiment example

[0284] 1. Experimental data

[0285] The present invention uses network server logs provided by a scientific research institution as experimental data, and the average daily blocking amount of harmful information by the server reaches hundreds of millions of times. Because the log data involves privacy and security issues, the present invention encrypts the data. Table 8 shows an example of some of the web server log data provided:

[0286] Table 8 Partial data table of web server log

[0287] Table 8Partial data table of web server log

[0288]

[0289]

[0290] 2. Experimental environment

[0291] The experimental environment of the present invention is as follows: the compilation environment is Scala2.12.13 based on Spark 3.1.2 and Hadoop 2.7.1, the database uses Neo4j and MySQL, and the development tool is IntelliJ IDEA 2021.1.3 x64.

[0292] 3. Evaluation Standards

[0293] Accuracy rate P identified by abnormal behavior t , recall rate R e , F 1 Three indic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

In order to improve the capability of analyzing the logs of the network DNS server, the invention innovatively proposes the construction of the domain name resolution system-oriented knowledge graph by integrating multiple technologies. The method comprises the following steps: firstly, designing an automatic crawler model based on the combination of aiohttp and dig technologies by applying the principles of domain name resolution, an authoritative domain name server, alias resolution, an autonomous system and the like, and constructing a corresponding domain knowledge base; secondly, on the basis of the knowledge base, designing a domain name resolution system-oriented knowledge graph prototype and completing the construction of the knowledge graph, wherein the node scale of the knowledge graph prototype reaches nearly 5 million; and finally, completing construction of a web log abnormal behavior recognition model based on assistance of the knowledge graph. Through experiment and practical application feedback, the knowledge graph plays a key role in the process of detecting and analyzing the abnormal behavior of the web server log, and the recognition rate of the abnormal behavior model of the web log is improved.

Description

technical field [0001] The invention relates to a knowledge graph-based webi log abnormal behavior recognition method, which belongs to the technical field of knowledge graph information utilization. Background technique [0002] Generally speaking, source governance is the best method. How to detect abnormal online behavior can start from the source of domain name resolution. Domain name resolution is the process of converting a domain name into an IP through a dedicated domain name resolution server (DNS). Each resolution will generate four types of log data, including DNS, URL, IP, and SSL logs. The logs may be filled with a large number of machine behaviors such as crawlers, port scans, brute force domain name cracking, and connectivity tests, that is, abnormal behaviors. [0003] The applicant's research found that most of the work of identifying abnormal behaviors in the prior art is done by researchers using log analysis tools with single functions and limited beh...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F16/36G06F16/35G06F16/951G06F16/955G06F16/958G06F40/258G06F40/279
Inventor 张仰森黄改娟段瑞雪陈若愚胡昌秀
Owner BEIJING INFORMATION SCI & TECH UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com