Method and device for adjusting network attack prediction model

The invention provides a method and equipment for adjusting a network attack prediction model. The method comprises the following steps: generating an attacked event sequence of each attacked device based on a security event log; performing training by using the attacked event sequence set of all at...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: JIN ZHAOYAN
Format: Patent
Sprache:chi ; eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention provides a method and equipment for adjusting a network attack prediction model. The method comprises the following steps: generating an attacked event sequence of each attacked device based on a security event log; performing training by using the attacked event sequence set of all attacked devices to obtain an LSTM model LSTM (W1, W2); embedding all attacked event sequences into a multi-dimensional vector space by using a model obtained by training; clustering points of all the attacked event sequences in the multi-dimensional vector space to obtain N clusters; and performing fine tuning on the LSTM model by using the attacked event sequence corresponding to the point in the multi-dimensional vector space in each cluster to obtain an adjusted LSTM model of each cluster, so that the network anti-attack equipment predicts a subsequent attack event of a real-time attack sequence in the network based on the adjusted LSTM model of each cluster, wherein 1