Multi-stage attack scene construction method and system based on graph convolutional neural network

The invention discloses a multi-step attack detection and scene construction method based on a graph convolutional neural network. The method includes matching a suspicious attack flow corresponding to an IDS alarm from network traffic; extracting features by using the matched suspicious attack stre...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	WANG YIPENG, LYU HONGSHUO, LAI YINGXU, MAO BEIFENG, LIU JING
Format:	Patent
Sprache:	chi ; eng
Schlagworte:	CALCULATING COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS COMPUTING COUNTING ELECTRIC DIGITAL DATA PROCESSING HANDLING RECORD CARRIERS PHYSICS PRESENTATION OF DATA RECOGNITION OF DATA RECORD CARRIERS
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

Beschreibung
Zusammenfassung:	The invention discloses a multi-step attack detection and scene construction method based on a graph convolutional neural network. The method includes matching a suspicious attack flow corresponding to an IDS alarm from network traffic; extracting features by using the matched suspicious attack streams, calculating the similarity between the streams to construct a similarity relationship matrix, converting the features of the streams into node attributes, and converting the similarity relationship matrix into an adjacent matrix to construct a suspicious stream graph; performing semi-supervised classification on the suspicious flow graph constructed in the step 2 by using a graph convolutional neural network, and dividing the suspicious flow into different attack stages; establishing a stage communication graph with a weight for each attack stage, and extracting a high-quality scene sub-graph from the stage communication graph to obtain a complete attack scene. The detection effects of a plurality of models ar