Network behavior abnormity detection method based on LSTM

A technology of anomaly detection and behavior, applied in the field of network security

Pending Publication Date: 2019-09-27
UNIV OF ELECTRONIC SCI & TECH OF CHINA
View PDF10 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The LSTM algorithm has been widely used in many artificial intelligence fields such as machine translation, sentiment analysis, image analysis, document summarization, speech recognition, and recommendation systems. Applications are still in their infancy for LSTM networks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network behavior abnormity detection method based on LSTM
  • Network behavior abnormity detection method based on LSTM
  • Network behavior abnormity detection method based on LSTM

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] Specific embodiments of the present invention will be described below in conjunction with the accompanying drawings, so that those skilled in the art can better understand the present invention. It should be noted that in the following description, when detailed descriptions of known functions and designs may dilute the main content of the present invention, these descriptions will be omitted here.

[0021] figure 1 It is a flow chart of a specific embodiment of an LSTM-based network behavior anomaly detection method of the present invention.

[0022] In this example, if figure 1 As shown, a kind of network behavior anomaly detection method based on LSTM of the present invention comprises the following steps:

[0023] S1: Network traffic data collection and cleaning

[0024] Network traffic data refers to the log information recorded by users when accessing specific network entities, such as access time, IP address, source port, destination port, and operation comman...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network behavior abnormity detection method based on LSTM. Firstly, network traffic data is collected and converted into a user behavior sequence according to the definition of user behaviors, and then the difference between network user main body behavior modes is considered, so that the user behavior sequence is classified according to a k-center point algorithm. Thirdly, the classified behavior sequence data is taken as the input of an LSTM long-short-term memory network, and a neural network model is trained in combination with an Attention mechanism; and finally, a to-be-detected behavior sequence is predicted through the trained model to determine the abnormal degree of the to-be-detected behavior sequence. According to the invention, the network traffic data is processed from the perspective of behaviors; the incidence relation between internal factors can be fully considered; a network behavior mode is established to distinguish user behaviors, then a manual feature extraction method adopted by traditional network anomaly detection is broken through, anomaly information is distinguished by combining the development fitting effect of an LSTM long-short-term memory network on large-scale network behavior sequence data streams, and the accuracy and efficiency of network anomaly detection are remarkably improved.

Description

technical field [0001] The invention belongs to the technical field of network security, and more specifically relates to an LSTM-based method for detecting abnormal network behavior. Background technique [0002] With the rapid development of the global network information industry, various data interactions are becoming more and more frequent. Today, when computers are more and more integrated into people's lives, people are increasingly inseparable from the Internet. In particular, the rise of the mobile Internet in recent years has brought people into the era of network information. However, in an increasingly complex network environment, attacks against network entities are becoming more and more frequent, and attack methods are becoming more and more diversified and complex. It will cause information leakage, network paralysis, and huge economic losses. Therefore, how to detect abnormal network behaviors in an efficient and accurate manner is very important for both ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F16/958G06F16/215G06F16/2458G06F11/34H04L12/24H04L29/06
CPCG06F16/958G06F16/215G06F16/2465G06F11/3438H04L41/142H04L63/1425
Inventor 邵俊明刘洋杨勤丽
Owner UNIV OF ELECTRONIC SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap