APT attack stage detection method and system based on time convolutional network, medium and equipment

The invention provides an APT attack stage detection method and system based on a time convolution network, a medium and equipment. The method comprises the following steps: S1, carrying out data collection; s2, data preprocessing is carried out, a series of steps of feature extraction, feature sele...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	LI SHUDONG, QI YULU, LIN KAIHAN, GU ZHAOQUAN, MEI YANGYANG, HAN WEIHONG
Format:	Patent
Sprache:	chi ; eng
Schlagworte:	CALCULATING COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS COMPUTING COUNTING ELECTRIC COMMUNICATION TECHNIQUE ELECTRIC DIGITAL DATA PROCESSING ELECTRICITY PHYSICS TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

Beschreibung
Zusammenfassung:	The invention provides an APT attack stage detection method and system based on a time convolution network, a medium and equipment. The method comprises the following steps: S1, carrying out data collection; s2, data preprocessing is carried out, a series of steps of feature extraction, feature selection, missing value completion and data standardization are carried out on collected multi-source and heterogeneous data to construct a feature set, and then a training set and a test set are divided; s3, training a prediction model, inputting time sequence features into the stacked TCN residual blocks to extract deep-level sequence features, and optimizing the model through a cross entropy loss function by using an ELU activation function; carrying out prediction by using a Softmax function; and S4, performing deployment and monitoring. According to the method, whether the security event belongs to the APT attack or not is judged by predicting the network killing chain stage corresponding to the APT attack stage,