首页 | 本学科首页   官方微博 | 高级检索  
     

利用流挖掘和图挖掘的内网异常检测方法
引用本文:孙伟,张羽. 利用流挖掘和图挖掘的内网异常检测方法[J]. 计算机科学与探索, 2020, 14(7): 1154-1163
作者姓名:孙伟  张羽
作者单位:北京交通大学 计算机与信息技术学院,北京 100044;中国科学院大学 网络空间安全学院,北京 100049;中国科学院 信息工程研究所,北京 100093
基金项目:国家自然科学基金Nos.61702474,61602467;国家重点研发计划No.2016QY03D0503。
摘    要:内网恶意内部活动的证据通常隐藏在大型数据流中,例如数月或数年累积的系统日志,然而数据流往往是无界的、不断变化的和未标记的。因此,为实现高度准确的异常检测,提出集成流挖掘和图挖掘的内网异常检测方法,在发挥图挖掘的无监督优势的同时,融入了流挖掘的良好自适应能力。采用集成的方法,通过集成分类和更新,当出现概念漂移时,保证集成适应当前概念,使之可以检测到内网恶意行为。实验证明基于集成的方法比传统的单模型方法更有效,可以有效识别随时间改变其行为来隐藏恶意活动的内网异常,在面对隐藏在大量数据流中的内网异常且无标记的数据时,所提出的基于流挖掘和图挖掘的集成方法是十分有意义的。

关 键 词:异常检测  图计算  内网异常  集成学习

Intranet Anomaly Detection Method Using Flow Mining and Graph Mining
SUN Wei,ZHANG Yu. Intranet Anomaly Detection Method Using Flow Mining and Graph Mining[J]. Journal of Frontier of Computer Science and Technology, 2020, 14(7): 1154-1163
Authors:SUN Wei  ZHANG Yu
Affiliation:(School of Computer and Information Technology,Beijing Jiaotong University,Beijing 100044,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China)
Abstract:Evidence of malicious activity on the intranet is often hidden in large data streams,such as system logs that accumulate over months or years,whereas data flows are often unbounded,changing,and unlabeled.Therefore,in order to achieve highly accurate anomaly detection,this paper proposes an intranet anomaly detection method that integrates flow mining and graph mining,which not only gives full play to the unsupervised advantages of graph mining,but also integrates the good adaptive ability of flow mining.Through the ensemble classification and update,when the concept drift occurs,this paper uses the ensemble-based method to ensure that the ensemble adapts to the current concept,so that it can detect the malicious behavior of the intranet.Experiments show that this method is more effective than the traditional single-model based method,and can effectively detect the intranet anomalies,which changes their behavior over time to hide malicious activities.The method based on flow mining and graph mining proposed in this paper is very meaningful for the abnormal and unlabeled data of the intranet hidden in a large number of data streams.
Keywords:anomaly detection  graph computing  intranet anomaly  ensemble learning
本文献已被 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号