Intrusion detection method based on traceability graph

A technology for intrusion detection and detection, which is applied in the field of intrusion detection based on traceability graphs, can solve the problems of massive traceability data performance overhead, loss of effective information, high overhead, etc., to meet timeliness requirements, expand perception scale, and speed up detection speed effect

Active Publication Date: 2022-07-05
HUAZHONG UNIV OF SCI & TECH
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] 1. Data collection overhead caused by excessive data volume: In order to build a complete system traceability map, the detection system needs to collect a large amount of data. Generally speaking, the amount of data collected by a single machine in a day will be on the order of GB
So storing and processing the data incurs a significant overhead
[0007] 2. Computational overhead caused by graph structure processing: Because of the original graph structure of the traceability graph, complete processing of its information will introduce a lot of overhead
[0008] 3. The preprocessing of the traceability graph leads to the loss of effective information: when preprocessing the data, only the dependencies between nodes in the traceability graph and the name information of the nodes themselves are used. This method loses important information such as the attributes of the nodes themselves. Therefore, there is a lack of in-depth mining of traceability information
[0009] In general, the existing traceability graph-based intrusion detection methods have performance overhead problems caused by massive traceability data and insufficient extraction of important information from traceability information.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion detection method based on traceability graph
  • Intrusion detection method based on traceability graph
  • Intrusion detection method based on traceability graph

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0064] An intrusion detection method based on traceability graph, comprising the following steps:

[0065] (S1) Obtain the traceability graph of the behavior to be detected, and calculate the importance of each node;

[0066] In order to further save storage space and improve detection efficiency, after collecting the traceability data of the behavior to be detected in this embodiment, information unrelated to intrusion detection, such as temporary files and environment variables generated during program execution, is also filtered out, so as to compress the dependency relationship. quantity;

[0067] (S2) Obtain the top N with the highest importance in the traceability graph 1 Each node is used as the central node, and K is selected from the neighborhood of each central node. 1 After constructing the first neighborhood matrix, perform feature extraction on it to obtain the first traceability feature;

[0068] (S3) Calculate the difference m between the first traceability f...

Embodiment 2

[0115] A computer-readable storage medium, including a stored computer program, when the computer program is executed by a processor, controls the device where the computer-readable storage medium is located to execute the intrusion detection method based on the traceability graph provided in the above-mentioned Embodiment 1.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an intrusion detection method based on a traceability graph, and belongs to the field of computer system security, and the method comprises the steps: obtaining a traceability graph of a to-be-detected behavior, and calculating the node importance; rapid judgment and accurate judgment are carried out. In the rapid judgment stage, N1 nodes with high importance and corresponding K1 neighborhood nodes are selected, the traceability graph is converted into a first neighborhood matrix through a mapping rule, so that main body features of the traceability graph are rapidly extracted, if the difference m1 between the features and normal rule behaviors is larger than a threshold ThH during detection, intrusion behaviors are judged, and if the difference m1lt is larger than a threshold ThH, the traceability graph is judged to be intrusive behaviors; if so, judging that the behavior is normal; if yes, judging whether TLt; tilt; Tilt; if yes, entering a precise judgment stage: expanding a central node N2 (N2gt; n1) and a neighborhood node K2 (K2gt; (K1) scale, deeply mining the traceability graph, constructing a second neighborhood matrix and extracting features, if the difference between the features and normal rule behaviors is m < 2lt >; if Th, determining the behavior as a normal behavior, otherwise, determining the behavior as an abnormal behavior. According to the invention, intrusion detection can be efficiently and accurately realized.

Description

technical field [0001] The invention belongs to the field of computer system security, and more particularly, relates to an intrusion detection method based on a traceability graph. Background technique [0002] As the network environment and attack methods become more and more complex, in the face of endless intrusion technologies and methods, how to identify a variety of network intrusion operations and attack behaviors in a timely manner, especially in the face of new network attacks and other never-before-seen attacks What kind of countermeasures to take becomes especially critical. [0003] Traditional host-based intrusion detection systems typically use system calls to analyze and identify intrusions. Since these methods do not use contextual information, they cannot identify the causal relationship between the attacker and the infected system, so they can only reduce the frequency of intrusions to a certain extent, but cannot fundamentally prevent hacking behaviors. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40G06F21/55G06N3/04G06N3/08
CPCH04L63/1416H04L63/1441G06F21/55G06N3/08H04L2463/146G06N3/045
Inventor 谢雨来冯丹李锦吴雅锋周潘
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap