一种基于无监督学习的威胁感知系统
首发时间:2018-12-07
摘要:及时主动地发现网络入侵行为在今天的网络安全世界里变得尤为重要。本文结合无监督学习模型对网络入侵行为进行建模分析,构建一个威胁感知系统。本文详细介绍了特征的建立和编码过程,提出了基于规则、攻击图和行为图的特征构建方法,并使用NMF和自编码器进行特征编码,降低了特征之间的相关性。使用加入时序关系的关联分析模型挖掘攻击序列得到各种攻击的共性行为和挖掘用户访问序列得到多数用户的访问习惯。最后使用聚类算法对数据按照攻击类型自动化地分类,并通过准确率和召回率指标对模型进行评估,达到了预期的要求。
For information in English, please click here
A Threat Perception System Based on Unsupervised Learning
Abstract:The timely and active discovery of network intrusion has become especially important in today\'s cyber security world. In this paper, the unsupervised learning model is used to model and analyze network intrusion, and a threat perception system is constructed. This paper introduces the process of feature construction and coding in detail, and puts forward the method of feature construction based on pattern recognition, attack graph and behavior graph, NMF and auto-encoder are used for feature embedding, which can reduce the correlation between features. Using the correlation analysis model with temporal relation to mine the attack sequence to get the common behavior of all kinds of attacks and mining the user access sequence to get the access habit of most users. Finally, clusA Threat Perception System Based on Unsupervised Learningtering algorithm is used to classify the data automatically according to the attack type, and the model is evaluated by the indexes of accuracy and recall, which meets the expected requirements.
Keywords: Clustering association rule attack graph behavior graph
基金:
引用
No.****
动态公开评议
共计0人参与
勘误表
一种基于无监督学习的威胁感知系统
评论
全部评论0/1000