Anomaly data detection method of server running network traffic based on small sample learning

Abstract

The invention discloses a method for detecting abnormal data of server running network traffic based on small-sample learning. The method first screens out the frequency of occurrence of network traffic to obtain small-sample training data, and then adds abnormal type marks to the small-sample training data; The marked abnormal web browsing data is learned by the CNN method to obtain small-sample abnormal elements; finally, the similarity and flow probability calculations are performed on the small-sample abnormal elements to characterize whether the sample is abnormal. The screening method of network traffic occurrence frequency is used to solve the problem of huge difference between abnormal network traffic data and normal network traffic data during server operation. The anomaly detection method of the present invention can be better applied to the complex and changeable network service environment where the server is located.

Description

technical field [0001] The invention relates to abnormality detection of server network service environment, more particularly, relates to a server operation network flow abnormal data detection method based on small sample learning in a network service environment with unbalanced sample size. In the present invention, the learning and training process of using small samples for abnormal network traffic data is called building an ADMSS model. Background technique [0002] With the rapid development of cloud computing and big data technology, network security has gradually become an issue of increasing concern. As an important means of protection, network anomaly detection is one of the hotspots in the research of network service management, and it has also attracted more and more attention from scholars and engineers. like figure 1 A network intrusion environment shown in the figure, the attacker attacks the target host through the zombie host. For the target host, the lo...

AI Technical Summary

Problems solved by technology

[0006] In order to solve the technical problem that the server cannot guarantee network security through the existing detection model when faced with new, abnormal, and small-sample network traffic data information, thus causing the server to become the target of attack, the present invention proposes a A method for detecting abnormal data of server running network traffic based on small sample learning

The first aspect of the present invention uses frequency segmentation to solve the problem that the abnormal network flow data and normal network flow data that occur during server operation have a huge difference in data volume; this frequency segmentation can effectively help the ADMSS model to be marked as abnormal Learn more new features of the server network service environment from the network traffic data; secondly, use the server operation manager (server manager) to add labels to the newly emerging server network traffic abnormal data, and then label the abnormal network traffic data Carry out small sample training; In the third aspect, applying the method of the present invention can effectively detect server abnormality under the environment of emerging abnormal server network traffic

Images