A Threat Perception System Based on Unsupervised Learning

• 1、School of Cyber Security Space, Beijing University of Posts and Telecommunications, Beijing 100876

Abstract：The timely and active discovery of network intrusion has become especially important in today\'s cyber security world. In this paper, the unsupervised learning model is used to model and analyze network intrusion, and a threat perception system is constructed. This paper introduces the process of feature construction and coding in detail, and puts forward the method of feature construction based on pattern recognition, attack graph and behavior graph, NMF and auto-encoder are used for feature embedding, which can reduce the correlation between features. Using the correlation analysis model with temporal relation to mine the attack sequence to get the common behavior of all kinds of attacks and mining the user access sequence to get the access habit of most users. Finally, clusA Threat Perception System Based on Unsupervised Learningtering algorithm is used to classify the data automatically according to the attack type, and the model is evaluated by the indexes of accuracy and recall, which meets the expected requirements.

Keywords： Clustering association rule attack graph behavior graph