Unlock instant, AI-driven research and patent intelligence for your innovation.

Unsupervised deep auto-encoding network-based unknown threat detection method and system for HTTP data

A self-encoding network and unknown threat technology, applied in digital transmission systems, transmission systems, neural learning methods, etc., can solve problems such as difficult to deal with attackers' attack methods, ineffective and comprehensive detection, and difficult to effectively detect unknown threats

Pending Publication Date: 2022-05-31
西安烽火软件科技有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Traditional threat detection for HTTP data is based on rules. By maintaining a large number of known attack method features and using feature rule matching to check attack behavior in HTTP data, this method is simple and effective, but in today's complex network environment and flexible and changeable In the case of network threats, it is difficult to effectively detect unknown threats, limited capabilities, difficult to deal with attackers' flexible and changeable attack methods, and difficult to balance misjudgment and missed judgment.
[0004] In addition, with the rapid development of machine learning in recent years, many deep learning algorithms have been applied in the direction of unknown threat detection, but the disadvantage is that most of them are based on supervised algorithms, which require a large number of experienced network security experts to mark a large number of sample data for training
Secondly, most unsupervised algorithms are based on URLs, but network attack theories exist in various formats of HTTP data, which cannot be effectively and comprehensively detected

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Unsupervised deep auto-encoding network-based unknown threat detection method and system for HTTP data
  • Unsupervised deep auto-encoding network-based unknown threat detection method and system for HTTP data
  • Unsupervised deep auto-encoding network-based unknown threat detection method and system for HTTP data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0064] like figure 1 As shown in the present invention, an unknown threat detection method based on unsupervised deep self-encoding network for HTTP data, comprising the following steps:

[0065] S101, data access, access HTTP request data;

[0066] S102, data cleaning, cleaning the HTTP request data;

[0067] S103, feature extraction, performing feature extraction on the cleaned HTTP data;

[0068] S104, model matching, performing model matching on the extracted feature data, where the model matching algorithm includes an HTTP request hierarchical distribution algorithm and an unsupervised deep self-encoding model algorithm;

[0069] The HTTP request hierarchical distribution algorithm can split the HTTP request data into five layers: ACTION, URL, PROTO, HEADERS, and BODY (such as Figure 5 shown), and respectively perform S103 to complete the scalar processing, and then hand over to different unsupervised deep self-encoding model algorithms respectively;

[0070] The uns...

Embodiment 2

[0107] An unknown threat detection system based on unsupervised deep self-encoding network, the specific implementation is as follows:

[0108] like figure 1 As shown in the figure, the unknown threat detection system accesses the non-abnormal data filtered by the traditional protection system, and cleans the HTTP data after receiving the HTTP data. There are a lot of duplicate HTTP data in the Internet, for example, different people visit a web page at the same time , so that the HOST, URL and other parameters of the HTTP data are basically the same. These same data will bring additional pressure to the system. It is necessary to use a whitelist method to deduplicate the duplicate data. Then the data needs to be encoded and decoded. In the process of network transmission, the data will be encoded due to the problems of privacy data and character ambiguity. Here, the encoded data needs to be restored. Recognition such as: base64 encoding, URL encoding, and then do the corresp...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an unknown threat detection method and system based on an unsupervised deep self-encoding network for HTTP data, and the method comprises the following steps: S101, data access: accessing HTTP request data; s102, data cleaning: cleaning the HTTP request data; s103, feature extraction: carrying out feature extraction on the cleaned HTTP data; s104, model matching: carrying out model matching on the extracted feature data; and S105, threat detection: carrying out threat detection on a model result. According to the unknown threat detection method and system for the HTTP data based on the unsupervised deep self-encoding network, unknown threats in the HTTP data can be effectively detected through the unsupervised deep self-encoding network, and the defect that a traditional threat detection method based on rules cannot effectively detect the unknown threats is effectively overcome.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an unknown threat detection method and system based on an unsupervised deep self-encoding network for HTTP data. Background technique [0002] HTTP Hyper Text Transfer Protocol (HTP) is the core communication protocol used to access the Internet and is a communication protocol used by all web applications. Therefore, HTTP data is an important medium for attackers to carry out network attacks. Attackers often use HTTP data to Disguise, modify, and launch network attacks such as SQL injection, XSS, RCE, etc. [0003] The traditional threat detection for HTTP data is based on rules. By maintaining a large number of known attack method characteristics, feature rule matching is used to check the attack behavior in HTTP data. This method is simple and effective, but in today's complex network environment and flexible and changeable It is difficult to effectively detect unknow...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/40H04L67/02G06N3/08
CPCH04L63/1416H04L63/1425H04L67/02G06N3/084G06N3/088
Inventor 鲁煦蒋家琪万武宜王渊杨江超周帅锋
Owner 西安烽火软件科技有限公司