Botnet family scale anomaly detection method and device

The embodiment of the invention relates to a botnet family scale anomaly detection method and device, electronic equipment and a storage medium, and particularly relates to the technical field of network security. The detection method comprises the following steps: counting the number of propagation...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	FU QIANG, WANG JIE, YAO LI, ZHANG HONGBAO, TIAN YE, YANG MANZHI, GUO JING, LIANG YU, JIN HONG, LI YOUHAO, ZHOU ZHONGYI, AMANTAI, CAI LIN, CHEN XIAOGUANG, WEN SENHAO
Format:	Patent
Sprache:	chi ; eng
Schlagworte:	CALCULATING COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS COMPUTING COUNTING ELECTRIC COMMUNICATION TECHNIQUE ELECTRICITY PHYSICS TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

Beschreibung
Zusammenfassung:	The embodiment of the invention relates to a botnet family scale anomaly detection method and device, electronic equipment and a storage medium, and particularly relates to the technical field of network security. The detection method comprises the following steps: counting the number of propagation sources of the botnet family in each predetermined unit duration in a monitoring interval according to historical data; generating a training sample set according to the number of the propagation sources in each predetermined unit duration, and training an isolated forest model according to the training sample set; monitoring the number of propagation sources of the botnet family in the monitoring interval within the predetermined unit duration in real time, and calculating an abnormal value score of the number of propagation sources in the isolated forest model; and performing anomaly detection on propagation of the botnet family according to the abnormal value score, thereby realizing anomaly detection on the fa