Method and system for realizing automatic association of security events based on unsupervised learning

Method and system for realizing automatic association of security events based on unsupervised learning

The invention discloses a method and a system for realizing automatic association of security events based on unsupervised learning, and belongs to the field of network security and deep learning. In the method, firstly, each security event is combined with a context thereof through a sequence extra...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: QIAN KEXIANG, ZHANG DAOJUAN, LUO XI, WANG JUNHUI, CHEN KAI, DUAN ZITONG, YIN LIHUA
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator QIAN KEXIANG
ZHANG DAOJUAN
LUO XI
WANG JUNHUI
CHEN KAI
DUAN ZITONG
YIN LIHUA
description The invention discloses a method and a system for realizing automatic association of security events based on unsupervised learning, and belongs to the field of network security and deep learning. In the method, firstly, each security event is combined with a context thereof through a sequence extractor to form a context event sequence; the event prediction module then takes each context sequence as an input and predicts the current event, where an encoder, an attention decoder, and an event decoder are employed to integrate context information from the bidirectional sequence. According to the method, the relevance between the current event and the context event can be obtained, so that possible attacks can be found; the unsupervised characteristic allows the model to be quickly updated by using a new security event sequence, can adapt to a quickly changing attack mode, can automatically associate related events, does not need manual association by a security operator, and greatly reduces manual labor. 本发明公开了
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_CN118114236A</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>CN118114236A</sourcerecordid><originalsourceid>FETCH-epo_espacenet_CN118114236A3</originalsourceid><addsrcrecordid>eNqNjDEKwkAQRdNYiHqH8QAWa0RsJSg2WtmHcTNJFpKZsDMbiKc3ggew-v_xH3-ZNXeyVipArkAnNeqhlgiRsAvvwA1gMunRggdUFR_mKgxSg5JPMdgENBKbwguVKpi3xJoGimP4ckcYef5ZZ4saO6XNL1fZ9np5FrcdDVKSDuiJycri4dzJucM-P57zf5wPIaJAyA</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Method and system for realizing automatic association of security events based on unsupervised learning</title><source>esp@cenet</source><creator>QIAN KEXIANG ; ZHANG DAOJUAN ; LUO XI ; WANG JUNHUI ; CHEN KAI ; DUAN ZITONG ; YIN LIHUA</creator><creatorcontrib>QIAN KEXIANG ; ZHANG DAOJUAN ; LUO XI ; WANG JUNHUI ; CHEN KAI ; DUAN ZITONG ; YIN LIHUA</creatorcontrib><description>The invention discloses a method and a system for realizing automatic association of security events based on unsupervised learning, and belongs to the field of network security and deep learning. In the method, firstly, each security event is combined with a context thereof through a sequence extractor to form a context event sequence; the event prediction module then takes each context sequence as an input and predicts the current event, where an encoder, an attention decoder, and an event decoder are employed to integrate context information from the bidirectional sequence. According to the method, the relevance between the current event and the context event can be obtained, so that possible attacks can be found; the unsupervised characteristic allows the model to be quickly updated by using a new security event sequence, can adapt to a quickly changing attack mode, can automatically associate related events, does not need manual association by a security operator, and greatly reduces manual labor. 本发明公开了</description><language>chi ; eng</language><subject>CALCULATING ; COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS ; COMPUTING ; COUNTING ; ELECTRIC DIGITAL DATA PROCESSING ; PHYSICS</subject><creationdate>2024</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20240531&amp;DB=EPODOC&amp;CC=CN&amp;NR=118114236A$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25542,76290</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20240531&amp;DB=EPODOC&amp;CC=CN&amp;NR=118114236A$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>QIAN KEXIANG</creatorcontrib><creatorcontrib>ZHANG DAOJUAN</creatorcontrib><creatorcontrib>LUO XI</creatorcontrib><creatorcontrib>WANG JUNHUI</creatorcontrib><creatorcontrib>CHEN KAI</creatorcontrib><creatorcontrib>DUAN ZITONG</creatorcontrib><creatorcontrib>YIN LIHUA</creatorcontrib><title>Method and system for realizing automatic association of security events based on unsupervised learning</title><description>The invention discloses a method and a system for realizing automatic association of security events based on unsupervised learning, and belongs to the field of network security and deep learning. In the method, firstly, each security event is combined with a context thereof through a sequence extractor to form a context event sequence; the event prediction module then takes each context sequence as an input and predicts the current event, where an encoder, an attention decoder, and an event decoder are employed to integrate context information from the bidirectional sequence. According to the method, the relevance between the current event and the context event can be obtained, so that possible attacks can be found; the unsupervised characteristic allows the model to be quickly updated by using a new security event sequence, can adapt to a quickly changing attack mode, can automatically associate related events, does not need manual association by a security operator, and greatly reduces manual labor. 本发明公开了</description><subject>CALCULATING</subject><subject>COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>PHYSICS</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2024</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNjDEKwkAQRdNYiHqH8QAWa0RsJSg2WtmHcTNJFpKZsDMbiKc3ggew-v_xH3-ZNXeyVipArkAnNeqhlgiRsAvvwA1gMunRggdUFR_mKgxSg5JPMdgENBKbwguVKpi3xJoGimP4ckcYef5ZZ4saO6XNL1fZ9np5FrcdDVKSDuiJycri4dzJucM-P57zf5wPIaJAyA</recordid><startdate>20240531</startdate><enddate>20240531</enddate><creator>QIAN KEXIANG</creator><creator>ZHANG DAOJUAN</creator><creator>LUO XI</creator><creator>WANG JUNHUI</creator><creator>CHEN KAI</creator><creator>DUAN ZITONG</creator><creator>YIN LIHUA</creator><scope>EVB</scope></search><sort><creationdate>20240531</creationdate><title>Method and system for realizing automatic association of security events based on unsupervised learning</title><author>QIAN KEXIANG ; ZHANG DAOJUAN ; LUO XI ; WANG JUNHUI ; CHEN KAI ; DUAN ZITONG ; YIN LIHUA</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_CN118114236A3</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>chi ; eng</language><creationdate>2024</creationdate><topic>CALCULATING</topic><topic>COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>PHYSICS</topic><toplevel>online_resources</toplevel><creatorcontrib>QIAN KEXIANG</creatorcontrib><creatorcontrib>ZHANG DAOJUAN</creatorcontrib><creatorcontrib>LUO XI</creatorcontrib><creatorcontrib>WANG JUNHUI</creatorcontrib><creatorcontrib>CHEN KAI</creatorcontrib><creatorcontrib>DUAN ZITONG</creatorcontrib><creatorcontrib>YIN LIHUA</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>QIAN KEXIANG</au><au>ZHANG DAOJUAN</au><au>LUO XI</au><au>WANG JUNHUI</au><au>CHEN KAI</au><au>DUAN ZITONG</au><au>YIN LIHUA</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Method and system for realizing automatic association of security events based on unsupervised learning</title><date>2024-05-31</date><risdate>2024</risdate><abstract>The invention discloses a method and a system for realizing automatic association of security events based on unsupervised learning, and belongs to the field of network security and deep learning. In the method, firstly, each security event is combined with a context thereof through a sequence extractor to form a context event sequence; the event prediction module then takes each context sequence as an input and predicts the current event, where an encoder, an attention decoder, and an event decoder are employed to integrate context information from the bidirectional sequence. According to the method, the relevance between the current event and the context event can be obtained, so that possible attacks can be found; the unsupervised characteristic allows the model to be quickly updated by using a new security event sequence, can adapt to a quickly changing attack mode, can automatically associate related events, does not need manual association by a security operator, and greatly reduces manual labor. 本发明公开了</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language chi ; eng
recordid cdi_epo_espacenet_CN118114236A
source esp@cenet
subjects CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
title Method and system for realizing automatic association of security events based on unsupervised learning
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-29T13%3A42%3A12IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=QIAN%20KEXIANG&rft.date=2024-05-31&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3ECN118114236A%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true