Communication abnormity discovery method and device based on baseline behavior description

An anomaly discovery and communication technology, which is applied in the intersection of network security and computer science, can solve problems such as the inability to identify new unknown network attacks

Active Publication Date: 2021-11-02
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The present invention can not only identify known abnormal traffic, but also solve the problem that new unknown network attacks cannot be identified based on statistical rules and binary classification methods

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Communication abnormity discovery method and device based on baseline behavior description
  • Communication abnormity discovery method and device based on baseline behavior description
  • Communication abnormity discovery method and device based on baseline behavior description

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the purpose, features and advantages of the present invention more obvious and understandable, the technical core of the present invention will be further described in detail below in conjunction with the accompanying drawings . It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0046] In the present invention, an effective method for abnormality of network communication relationship is designed. The general idea of ​​this method is to use the preprocessing tool set to segment, clean, and standardize the network traffic data collected in the real environment, and then build a model based on the capsule autoencoder to learn the spatial characteristics of normal network communication behavior, describe the baseline behavior, a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a communication abnormity discovery method and device based on baseline behavior description, and the method comprises the steps of carrying out the data cleaning and preprocessing of to-be-measured traffic data, and obtaining a traffic matrix y; and constructing an auto-encoder by using a CapsNet model, obtaining a reconstructed traffic matrix of the traffic matrix y based on the auto-encoder, and obtaining a communication anomaly discovery result according to the traffic matrix y and the reconstructed traffic matrix. According to the method, the features can be automatically extracted from the input data, the specific positions between the traffic features and the arrangement sequence between the data can be used as learning features, and the direction of the vector can represent attributes such as the size and the relative position of the feature value, so that normal behaviors can be identified, known abnormal behaviors can be detected, and novel unknown network attacks can be found.

Description

technical field [0001] The invention belongs to the interdisciplinary technical field of network security and computer science, and in particular relates to a method and device for discovering communication abnormalities based on baseline behavior characterization. It proposes an abnormal communication behavior discovery model, which establishes a normal behavior baseline based on a capsule autoencoder. Provides clues for discovering uncharacterized or unknown network anomalies. The invention covers preprocessing of network traffic data, model training based on a capsule autoencoder, and abnormal detection of communication relations. Background technique [0002] As the status of the Internet in social life is getting higher and higher, people's dependence on the Internet is getting stronger and stronger. However, while the popularization of the Internet has brought convenience to people's lives, the problem of network security has become increasingly serious. Among all ki...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06N3/04G06N3/08
CPCH04L63/1425H04L63/1416G06N3/08G06N3/045
Inventor 刘俊荣潘海琪卢志刚崔泽林崔苏苏姜波
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap