A deep embedded self-taught learning system and method for detecting suspicious network behaviours

A deep embedded self-taught learning system and method for detecting suspicious network behaviours

The invention processes network traffic data to detect and classify malicious behaviours. The invention pre-processes 205 network traffic data to extract time-series features, tokenise categorical features and embed tokenised features into dimensional embedding vectors. The pre-processed traffic dat...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Chan Jin Hao, Quek Hanyang, Lee Joon Sern
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention processes network traffic data to detect and classify malicious behaviours. The invention pre-processes 205 network traffic data to extract time-series features, tokenise categorical features and embed tokenised features into dimensional embedding vectors. The pre-processed traffic data is fed into an autoencoder 212 (typically a deep neural network) which produces a lower dimension encoding 218 of the traffic data. The encoder output feeds a classifier neural network 225 which detects patterns which match malicious behaviour and possibly issues an alert.The autoencoder is trained by bootstrapping using a training set of traffic data. The classifier is first trained/initialised using labelled training data, and then subsequently trained using a mix of labelled data (static labels) and unlabelled data (dynamic labels).