Method and device for adjusting network attack prediction model
The invention provides a method and equipment for adjusting a network attack prediction model. The method comprises the following steps: generating an attacked event sequence of each attacked device based on a security event log; performing training by using the attacked event sequence set of all at...
Gespeichert in:
1. Verfasser: | |
---|---|
Format: | Patent |
Sprache: | chi ; eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | The invention provides a method and equipment for adjusting a network attack prediction model. The method comprises the following steps: generating an attacked event sequence of each attacked device based on a security event log; performing training by using the attacked event sequence set of all attacked devices to obtain an LSTM model LSTM (W1, W2); embedding all attacked event sequences into a multi-dimensional vector space by using a model obtained by training; clustering points of all the attacked event sequences in the multi-dimensional vector space to obtain N clusters; and performing fine tuning on the LSTM model by using the attacked event sequence corresponding to the point in the multi-dimensional vector space in each cluster to obtain an adjusted LSTM model of each cluster, so that the network anti-attack equipment predicts a subsequent attack event of a real-time attack sequence in the network based on the adjusted LSTM model of each cluster, wherein 1 |
---|