首页>
外国专利>
GENERATION APPARATUS AND METHOD OF DETECTION RULES FOR ATTACK BEHAVIOR BASED ON INFORMATION OF NETWORK SESSION
GENERATION APPARATUS AND METHOD OF DETECTION RULES FOR ATTACK BEHAVIOR BASED ON INFORMATION OF NETWORK SESSION
展开▼
机译:基于网络会话信息的攻击行为检测装置及检测方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
The present invention relates to a method and apparatus for automatically generating and automatically updating attack behavior detection rules for network session characteristic information. The network data classified by session characteristic information may be divided into session characteristic information and normal data type, attack type, and unknown type. Network session feature information extracting unit converting to input data format including properties of belonging network data type and extended C4.5 algorithm applied to network data converted to input data format to construct decision tree, and final node of decision tree Generates the accuracy of decision tree based on error rate, and generates detection rule patterned by network data type based on the characteristics of network data type, conditional expression for selecting node with optimal information gain of decision tree, and accuracy. Detection including automatic detection rule generation Create and update rules automatically.;Network session property information, detection rule, decision tree, auto generation, auto update
展开▼