Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Host abnormality detection method and system

An anomaly detection and host technology, applied in computer security devices, special data processing applications, instruments, etc., can solve problems such as real-time, low accuracy, and inability to detect unknown host intrusions, reduce workload, and realize real-time online applications. , the effect of reducing computational complexity

Inactive Publication Date: 2017-07-14
NO 709 RES INST OF CHINA SHIPBUILDING IND CORP
View PDF3 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the real-time performance and accuracy of these two methods for host intrusion detection are low, and they cannot detect the intrusion of unknown hosts.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention and are not intended to limit the invention.

[0029] The process flow of a host anomaly detection method provided by the present invention is as follows: figure 1 As shown, the specific process is as follows:

[0030] Step 1: Construct a list of sensitive hosts according to the potentially dangerous hosts detected by the network security monitoring system.

[0031] Specifically, firstly, the network security monitoring system detects potentially dangerous hosts, and then adds the potentially dangerous hosts to the list of sensitive hosts. Among them, the network security monitoring system can adopt the conventional IDS security ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention discloses a host abnormality detection method and system. The method comprises: constructing a list of sensitive hosts and collecting host running resource characteristics of the sensitive hosts; using the PCA algorithm to extract main characteristics of the host running resource characteristics; using the DBSCAN algorithm to carry out cluster analysis on the main characteristics to determine whether there is an abnormality point; and finally, using the sliding window algorithm to collect statistics of the number of abnormality points in the window and determining whether the sensitive host is an abnormal host according to the number of abnormality points. According to the method disclosed by the present invention, the known and unknown host abnormal behaviors within a duration can be effectively detected, the detection efficiency is significantly improved, the resource utilization rate is reduced, and the real time detection is improved; and in addition, without training, the method is efficient and simple, the system overhead is small, and host abnormality can be detected in real time.

Description

technical field [0001] The invention relates to the security field of a networked host system, in particular to a host anomaly detection method and system. Background technique [0002] With the rapid development of network technology, computer network has become a major industry related to the national economy and people's livelihood. For example, my country's Internet applications have gradually shifted from information content acquisition and leisure entertainment to high-risk types related to personal information and personal property safety such as e-commerce, social networking, and online finance. Therefore, the network security of various types of devices in various scenarios has become more and more important and prominent. [0003] With the rapid development of computer technology, there are more and more attacks on host behavior. According to the statistics of ICSA (International Computer Security Association), there are dozens of new viruses threatening computers...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F21/57G06F17/30
CPCG06F21/554G06F16/1734G06F21/577G06F2216/03
Inventor 童言吴琪陈伟张剑
Owner NO 709 RES INST OF CHINA SHIPBUILDING IND CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products