CN116760643B - IPv6 risk quantification method, system, medium and device based on artificial intelligence - Google Patents
IPv6 risk quantification method, system, medium and device based on artificial intelligence Download PDFInfo
- Publication number
- CN116760643B CN116760643B CN202311050798.6A CN202311050798A CN116760643B CN 116760643 B CN116760643 B CN 116760643B CN 202311050798 A CN202311050798 A CN 202311050798A CN 116760643 B CN116760643 B CN 116760643B
- Authority
- CN
- China
- Prior art keywords
- ipv6
- unit
- risk
- data packet
- ipv6 data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000011002 quantification Methods 0.000 title claims abstract description 32
- 238000013473 artificial intelligence Methods 0.000 title claims abstract description 18
- 238000012502 risk assessment Methods 0.000 claims abstract description 40
- 238000012216 screening Methods 0.000 claims abstract description 34
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 23
- 238000004891 communication Methods 0.000 claims abstract description 22
- 238000002372 labelling Methods 0.000 claims abstract description 16
- 238000010801 machine learning Methods 0.000 claims abstract description 13
- 238000004458 analytical method Methods 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 10
- 238000013139 quantization Methods 0.000 claims description 9
- 238000013500 data storage Methods 0.000 claims description 7
- 238000000605 extraction Methods 0.000 claims description 7
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000011156 evaluation Methods 0.000 description 4
- 238000013528 artificial neural network Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 101001069691 Homo sapiens Protogenin Proteins 0.000 description 1
- 235000008694 Humulus lupulus Nutrition 0.000 description 1
- 102100033834 Protogenin Human genes 0.000 description 1
- 238000012098 association analyses Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000013527 convolutional neural network Methods 0.000 description 1
- 238000003066 decision tree Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000013178 mathematical model Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000007637 random forest analysis Methods 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 238000012706 support-vector machine Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Artificial Intelligence (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Medical Informatics (AREA)
- General Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Business, Economics & Management (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an IPv6 risk quantification method, a system, a medium and equipment based on artificial intelligence, wherein the system comprises a data acquisition unit, a labeling unit, a data screening unit, a data combination unit, a risk assessment unit and a risk quantification unit, wherein the data acquisition unit is in communication connection with the labeling unit, the labeling unit is in communication connection with the data screening unit, the data screening unit is in communication connection with the data combination unit, the data combination unit is in communication connection with the risk assessment unit, and the risk assessment unit is in communication connection with the risk quantification unit. The invention combines the machine learning algorithm and the network security technology, and improves the accuracy and the efficiency of IPv6 risk judgment.
Description
Technical Field
The invention relates to the technical field of computer network security, in particular to an IPv6 risk quantification method, system, medium and equipment based on artificial intelligence.
Background
With the rapid development of the internet, the IPv6 network protocol is widely used. However, with the popularization of IPv6 networks, network attacks are increasing, various types of network attack means are continuously emerging, and risks are also increasing.
Disclosure of Invention
Therefore, the technical problem to be solved by the invention is to provide the IPv6 risk quantification method, system, medium and equipment based on artificial intelligence, which combine a machine learning algorithm and a network security technology, and improve the accuracy and efficiency of IPv6 risk judgment.
In order to solve the technical problems, the invention provides the following technical scheme:
an IPv6 risk quantization method based on artificial intelligence comprises the following steps:
s1) collecting IPv6 data packets;
s2) classifying and marking the corresponding IPv6 data packet by utilizing key information in the IPv6 data packet acquired in the step S1), wherein the key information comprises an IPv6 address, a protocol type and a port number;
s3) screening the IPv6 data packet processed in the step S2), and screening the IPv6 data packet related to the security risk;
s4) combining and assembling the IPv6 data packets screened in the step S3) according to a preset rule;
s5) performing feature extraction and risk assessment and network security risk level analysis on the IPv6 data packet combined in the step S4) by using a machine learning algorithm;
and S6) quantifying the risk level of the IPv6 data packet combined in the step S4) according to the network risk level analysis result in the step S5) by utilizing a quantification model.
The method further comprises the steps of:
s7) storing and tracking the IP address corresponding to the IPv6 data packet quantized by the risk level in the step S6).
In the above method, in step S2), the key information in the IPv6 packet is labeled by:
s2-1) analyzing the IPv6 data acquired in the step S1) through protocol specifications and extracting key information;
s2-2) classifying and labeling the corresponding IPv6 data packet according to the key information extracted in the step S2-1).
In the above method, in step S3), before screening the IPv6 data packet processed in step S2), the IPv6 data packet processed in step S2) is de-duplicated.
The method, the specific steps of the step S5) are as follows:
s5-1) extracting the characteristics of the IPv6 data packet combined in the step S4) by using a machine learning algorithm, and taking the extracted characteristics as the attributes of the corresponding IPv6 data packet;
s5-2) matching the features extracted in the step S5-1) with historical data, and simultaneously performing risk assessment by using a supervised learning algorithm;
s5-3) carrying out risk classification on the IPv6 data packet according to the risk assessment result of the step S5-2).
In the above method, in step S6), when the risk level of the IPv6 packet combined in step S4) is quantified, the risk value of the IPv6 packet is weighted according to the attribute weight of the IPv6 packet.
A system for quantifying IPv6 risk by using the artificial intelligence-based IPv6 risk quantification method, comprising:
the data acquisition unit is used for acquiring IPv6 data packets;
the marking unit is used for classifying and marking the IPv6 data packet;
the data screening unit is used for screening the IPv6 data packets subjected to the classification marking;
the data combination unit is used for combining and assembling the IPv6 data packets obtained through screening according to a preset rule;
the risk assessment unit is used for carrying out feature extraction and risk assessment and network security risk level analysis on the combined IPv6 data packet;
the risk quantization unit is used for quantizing the risk level of the IPv6 data packet according to the network security risk level analysis result of the IPv6 data packet;
the data acquisition unit is in communication connection with the labeling unit, the labeling unit is in communication connection with the data screening unit, the data screening unit is in communication connection with the data combination unit, the data combination unit is in communication connection with the risk assessment unit, and the risk assessment unit is in communication connection with the risk quantification unit.
The system further comprises a data storage unit for storing data and an IP tracking unit for tracking the IP address, and the risk assessment unit, the risk quantification unit and the IP tracking unit are respectively in communication connection with the data storage unit.
A computer readable storage medium having stored thereon a computer program which when executed by a processor implements the above method.
Computer device comprising a readable storage medium, a processor and a computer program stored on the readable storage medium and executable on the processor, which computer program, when executed by the processor, implements the method described above.
The technical scheme of the invention has the following beneficial technical effects:
1. the invention realizes the safety risk identification and prevention of the IPv6 network protocol by technical means such as machine learning algorithm, improves the network safety defense level and can effectively prevent various network attack means.
2. High accuracy: by applying machine learning algorithms and network security techniques, risks in IPv6 networks can be more accurately identified and quantitatively assessed. Compared with the traditional manual judgment mode, the accuracy is higher.
3. High efficiency: by means of artificial intelligence technology, a large number of IPv6 data packets can be automatically processed, risk analysis and evaluation can be completed in a short time, and processing efficiency is improved.
4. Multidimensional analysis: the method can comprehensively consider a plurality of factors such as flow types, source addresses, target addresses, protocol types and the like through the steps of labeling, filtering, scoring and the like, so that comprehensive risk analysis is performed.
5. Risk quantification: by quantifying risks, risks of different levels can be classified and ordered, so that priority management and decision making of the risks are facilitated for users.
6. Accurate identification of malicious dynamic IP: the method can accurately identify and mark the malicious dynamic IP, help network security team to take countermeasures in time, and improve the security and defending ability of the network.
Drawings
FIG. 1 is a schematic diagram of the operation of an IPv6 risk quantification system based on artificial intelligence in the present invention;
FIG. 2 is a flowchart of an IPv6 risk quantization based on artificial intelligence in the present invention;
fig. 3 is a schematic diagram of a computer device in which artificial intelligence based IPv6 risk quantification may be performed in accordance with the present invention.
Detailed Description
The invention is further described below with reference to examples.
As shown in fig. 1, the IPv6 risk quantification system based on artificial intelligence in the present invention includes a data acquisition unit, a labeling unit, a data screening unit, a data combination unit, a risk assessment unit and a risk quantification unit, where the data acquisition unit is in communication connection with the labeling unit, the labeling unit is in communication connection with the data screening unit, the data screening unit is in communication connection with the data combination unit, the data combination unit is in communication connection with the risk assessment unit, and the risk assessment unit is in communication connection with the risk quantification unit.
In order to accurately identify the IP address with risk, in this embodiment, an IP tracking unit for IP address tracking and a data storage unit for storing data are further added, and the risk assessment unit, the risk quantification unit and the IP tracking unit are respectively connected with the data storage unit in a communication manner. In tracing the IP address having risk, the IP address tracing unit traces the IP address having risk according to the risk evaluation result stored in the data storage unit.
As shown in fig. 2, when the IPv6 risk quantization system based on artificial intelligence is used to quantize the IPv6 risk in the existing network, the following operations are performed:
s1) collecting IPv6 data packets;
s2) classifying and marking the corresponding IPv6 data packet by utilizing key information in the IPv6 data packet acquired in the step S1), wherein the key information comprises an IPv6 address, a protocol type and a port number;
s3) screening the IPv6 data packet processed in the step S2), and screening the IPv6 data packet related to the security risk;
s4) combining and assembling the IPv6 data packets screened in the step S3) according to a preset rule;
s5) performing feature extraction and risk assessment and network security risk level analysis on the IPv6 data packet combined in the step S4) by using a machine learning algorithm;
s6) quantifying the risk level of the IPv6 data packet combined in the step S4) according to the network risk level analysis result in the step S5) by utilizing a quantification model;
s7) storing and tracking the IP address corresponding to the IPv6 data packet quantized by the risk level in the step S6).
In this embodiment, the data acquisition unit acquires the IPv6 data packet by using a network sniffing technique. When a network packet is transmitted in an IPv6 network, the router forwards the IP address of the packet to the destination device. In this process, network sniffing techniques may be used to capture and record network packets. The capturing process of the IPv6 data packet generally uses the following methods:
1. the data packet capturing is performed through the network adapter.
Using capture software, such as Wireshark or tcpdump, etc., the software can access the network interface directly on the computer to obtain the IPv6 data packets transmitted over the interface. Typically, the user may choose to capture all of the data packets or only the data packets that passed the screening rules.
2. Packet capture is performed by a router or switch.
The use of SPAN (switch port analysis) functions (or port mirroring) built into the router or switch allows the packet grabber to capture all packets passing through each network interface. Special software, such as PRTG, wireshark, etc., may be used to grasp the IPv6 packets passing through the router or switch.
In capturing the IPv6 data packet by using the two methods, it should have enough rights to acquire the target device or the router, and ensure that the local computer has enough storage space and processor capability, and meanwhile, in the case of capturing the data packet by using the router or the switch, it needs to ensure that the network device supports technical characteristics such as SPAN function or port mirroring.
In step S2), the key information in the IPv6 packet is labeled by:
s2-1) analyzing the IPv6 data acquired in the step S1) through protocol specifications and extracting key information;
s2-2) classifying and labeling the corresponding IPv6 data packet according to the key information extracted in the step S2-1).
The IPv6 packet is only a binary string of 0 and 1 for the computer, and needs to parse its structure by a protocol specification, and extract various key information, such as an IP address, a protocol type, a port number, etc., and then label or classify the packet according to the various key information obtained after decoding, for example, label information such as an IPv6 address, a protocol type, a port number, a flow identifier, etc., so as to facilitate classification storage and statistical analysis. The manner of classifying the labels can be customized according to the needs, such as labeling different IP addresses, port numbers, protocol types, transmission directions, load types, etc.
The protocol specification in step S2-1) is an IPv6 protocol specification, and common fields in an IPv6 packet are as follows:
1. version number (Version): the version number of the IPv6 packet occupies 4 bits, fixed to 0110, indicating a version number of 6.
2. Traffic Class (Traffic Class): traffic classes occupy 8 bits for distinguishing between different types of services. The value of the traffic class field may be extracted.
3. Flow Label (Flow Label): the traffic label occupies 20 bits for marking the stream. The value of the traffic label field may be extracted.
4. Load Length (Payload Length): the payload length occupies 16 bits, representing the length of the payload, including the subsequent extension header. The value of the payload length field may be extracted.
5. Next Header (Next Header): the next header occupies 8 bits, indicating the type of payload. Different values correspond to different extension headers or protocols, e.g., TCP, UDP, ICMPv6, etc. The value of the next header field may be extracted.
6. Hop Limit (Hop Limit): the hop count limit occupies 8 bits, representing the maximum number of hops a packet can traverse in the network. The value of the hop limit field may be extracted.
7. Source Address (Source Address): the source address occupies 128 bits, representing the source IPv6 address of the transmitted packet. The value of the source address field may be extracted.
8. Destination address (Destination Address): the destination address occupies 128 bits, representing the destination IPv6 address of the received packet. The value of the destination address field may be extracted.
In step S3), before screening the IPv6 data packet processed in step S2), the IPv6 data packet processed in step S2) is de-duplicated. Because repeated packets tend to waste memory and computing resources, they need to be deduplicated. The deduplication may be performed in a manner such as UUID, UDP and TCP connection identification, time stamp, protocol identification, etc.
And after classifying, labeling and de-duplicating the IPv6 data packet, screening the data packet needing risk analysis according to a specific screening rule so as to facilitate subsequent risk assessment and analysis. The screening rules may be defined according to actual requirements, such as screening TCP or UDP packets, screening IP addresses, combinations of ports and protocol types, etc.
Since the data packets dissociated in the database are difficult to perform association analysis and risk assessment, the processed data packets need to be combined and assembled according to a predetermined rule for subsequent overall risk assessment. During the assembly process, it is necessary to ensure the integrity and reversibility of the data packets for storage and analysis. Wherein the predetermined rules may be employed depending on the specific requirements and characteristics of the data packet, such as:
1. time sequence rule: the data packets are combined in order of their time stamps to analyze the time series changes and trends.
2. Protocol matching rules: packets of the same protocol are grouped together according to their protocol type (e.g., TCP, UDP, etc.) for protocol level risk assessment.
3. Target IP matching rules: packets having the same destination IP address are combined together to analyze the risk situation associated with a particular destination.
4. Source IP matching rules: packets having the same source IP address are combined together to analyze the risk situation associated with a particular source.
5. Association field matching rules: data packets having the same associated fields are combined based on the associated fields (e.g., user ID, device ID, etc.) in the data packets for individual level risk assessment or user behavior analysis.
And performing risk assessment on the combined IPv6 data packet by using a machine learning algorithm through the following steps:
s5-1) extracting the characteristics of the IPv6 data packet combined in the step S4) by using a machine learning algorithm, and taking the extracted characteristics as the attributes of the corresponding IPv6 data packet; wherein, random forest algorithm, convolutional neural network, etc. can be used for extracting features;
s5-2) matching the features extracted in the step S5-1) with historical data, and simultaneously performing risk assessment by using a supervised learning algorithm; the supervised learning algorithm comprises a rule-based algorithm, a naive Bayesian algorithm, a support vector machine algorithm, a neural network algorithm and the like, and the risk level of each data packet can be obtained through the algorithms;
s5-3) carrying out risk classification on the IPv6 data packet according to the risk assessment result of the step S5-2).
In step S5-3), when risk classification is performed on the IPv6 data packets, each data packet is classified into a corresponding risk class according to the risk evaluation result, for example, a data packet with a high security level is classified into a low risk class, a data packet with a medium security level is classified into a medium risk class, and a data packet with a low security level is classified into a high risk class. In addition, sensitivity among different levels is also considered when risk levels are classified, and early warning is performed in time when a high risk level data packet is found.
In order to make the risk level of the IPv6 data packet more visual, the risk level of the IPv6 data packet is quantized by using a quantization model according to the network risk level analysis result, and then the risk quantization value of the whole IPv6 network can be calculated. The specific flow is as follows:
1) The risk level of each IPv6 packet is corresponding to a corresponding range of values, e.g., low risk is labeled 1 to 3, medium risk is labeled 4 to 6, high risk is labeled 7 to 10, etc. Scoring each data packet according to different risk grades to obtain corresponding risk values;
2) For each data packet, the risk value of each data packet is multiplied by the corresponding weight on the basis of converting the risk level into the corresponding value, and the weighted sum is carried out according to requirements, for example, the risk values of different attributes (such as a target IP address, a port, a protocol and the like) of the data packet can be weighted, the different attributes can be weighted proportionally, different weights can be given according to different importance, transmission content, equipment position and the like, for example, the data packet from the network edge can be given higher weight;
3) And carrying out weighted summation on the risk values obtained by calculation of each data packet to obtain a risk quantification value of the whole IPv6 network. For the scenario of historical continuous monitoring, trend factors can be considered to be taken into consideration so as to early warn network abnormal behaviors.
The quantization model is a model for converting predicted risk levels of each data packet into numerical values and quantizing different risk levels. This model may be a simple mathematical model, such as a linear model or an exponential model, or a more complex model, such as a neural network or decision tree.
According to the risk quantification value, the risk grade of the IPv6 data packet can be divided according to different risk quantiles according to the quantile principle, such as high risk, medium risk and low risk, and the risk assessment grade is further refined.
After the IPv6 risk quantification system based on artificial intelligence is deployed on different types of networks, proper risk level evaluation standards, such as service categories of networks, servers and the like, are defined according to infrastructure and service categories to provide effective support for early risk assessment and early warning.
Based on the above-mentioned IPv6 risk quantification method based on artificial intelligence, correspondingly, there is also provided a computer readable storage medium storing a computer program, which when executed by a processor, implements the steps of: firstly, collecting IPv6 data packets, then classifying and marking the corresponding IPv6 data packets by utilizing key information in the IPv6 data packets, then performing de-duplication and screening on the IPv6 data packets after classifying and marking, screening IPv6 data packets related to safety risks, then combining and assembling the screened IPv6 data packets according to preset rules, then performing feature extraction, risk assessment and network safety risk level analysis on the combined IPv6 data packets by utilizing a machine learning algorithm, and then quantifying the risk level of the combined IPv6 data packets according to a network risk level analysis result by utilizing a quantification model to finish risk quantification on the IPv6 data packets.
As shown in fig. 3, based on the above-mentioned IPv6 risk quantification method based on artificial intelligence and a computer readable storage medium, in this embodiment, there is further provided a computer device, which includes a readable storage medium, a processor, and a computer program stored on the readable storage medium and executable on the processor, wherein the readable storage medium and the processor are both disposed on a bus, and when the processor executes the computer program, the processor implements the following steps: firstly, collecting IPv6 data packets, then classifying and marking the corresponding IPv6 data packets by utilizing key information in the IPv6 data packets, then performing de-duplication and screening on the IPv6 data packets after classifying and marking, screening IPv6 data packets related to safety risks, then combining and assembling the screened IPv6 data packets according to preset rules, then performing feature extraction, risk assessment and network safety risk level analysis on the combined IPv6 data packets by utilizing a machine learning algorithm, and then quantifying the risk level of the combined IPv6 data packets according to a network risk level analysis result by utilizing a quantification model to finish risk quantification on the IPv6 data packets.
It is apparent that the above examples are given by way of illustration only and are not limiting of the embodiments. Other variations or modifications of the above teachings will be apparent to those of ordinary skill in the art. It is not necessary here nor is it exhaustive of all embodiments. While the obvious variations or modifications which are extended therefrom remain within the scope of the claims of this patent application.
Claims (10)
1. An IPv6 risk quantization method based on artificial intelligence is characterized by comprising the following steps:
s1) collecting IPv6 data packets;
s2) classifying and marking the corresponding IPv6 data packet by utilizing key information in the IPv6 data packet acquired in the step S1), wherein the key information comprises an IPv6 address, a protocol type and a port number;
s3) screening the IPv6 data packet processed in the step S2), and screening the IPv6 data packet related to the security risk;
s4) combining and assembling the IPv6 data packets screened in the step S3) according to a preset rule;
s5) performing feature extraction and risk assessment and network security risk level analysis on the IPv6 data packet combined in the step S4) by using a machine learning algorithm;
and S6) quantifying the risk level of the IPv6 data packet combined in the step S4) according to the network risk level analysis result in the step S5) by utilizing a quantification model.
2. The method as recited in claim 1, further comprising:
s7) storing and tracking the IP address corresponding to the IPv6 data packet quantized by the risk level in the step S6).
3. The method according to claim 1, wherein in step S2) the critical information in the IPv6 data packet is marked by:
s2-1) analyzing the IPv6 data acquired in the step S1) through protocol specifications and extracting key information;
s2-2) classifying and labeling the corresponding IPv6 data packet according to the key information extracted in the step S2-1).
4. The method of claim 1, wherein in step S3), the IPv6 data packet processed in step S2) is de-duplicated before the IPv6 data packet processed in step S2) is screened.
5. The method according to claim 1, wherein the specific steps of step S5) are:
s5-1) extracting the characteristics of the IPv6 data packet combined in the step S4) by using a machine learning algorithm, and taking the extracted characteristics as the attributes of the corresponding IPv6 data packet;
s5-2) matching the features extracted in the step S5-1) with historical data, and simultaneously performing risk assessment by using a supervised learning algorithm;
s5-3) carrying out risk classification on the IPv6 data packet according to the risk assessment result of the step S5-2).
6. The method according to claim 1, wherein in step S6), in quantifying the risk level of the IPv6 data packet combined in step S4), the risk value of the IPv6 data packet is weighted according to the attribute weight of the IPv6 data packet.
7. A system for quantifying IPv6 risk using the artificial intelligence based IPv6 risk quantification method of claim 1, comprising:
the data acquisition unit is used for acquiring IPv6 data packets;
the marking unit is used for classifying and marking the IPv6 data packet;
the data screening unit is used for screening the IPv6 data packets subjected to the classification marking;
the data combination unit is used for combining and assembling the IPv6 data packets obtained through screening according to a preset rule;
the risk assessment unit is used for carrying out feature extraction and risk assessment and network security risk level analysis on the combined IPv6 data packet;
the risk quantization unit is used for quantizing the risk level of the IPv6 data packet according to the network security risk level analysis result of the IPv6 data packet;
the data acquisition unit is in communication connection with the labeling unit, the labeling unit is in communication connection with the data screening unit, the data screening unit is in communication connection with the data combination unit, the data combination unit is in communication connection with the risk assessment unit, and the risk assessment unit is in communication connection with the risk quantification unit.
8. The system of claim 7, further comprising a data storage unit for storing data and an IP tracking unit for IP address tracking, the risk assessment unit and the risk quantification unit and the IP tracking unit being communicatively coupled to the data storage unit, respectively.
9. A computer readable storage medium having stored thereon a computer program, characterized in that the computer program, when executed by a processor, implements the method of any of claims 1-6.
10. Computer device comprising a readable storage medium, a processor and a computer program stored on the readable storage medium and executable on the processor, characterized in that the computer program when executed by the processor implements the method according to any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311050798.6A CN116760643B (en) | 2023-08-21 | 2023-08-21 | IPv6 risk quantification method, system, medium and device based on artificial intelligence |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311050798.6A CN116760643B (en) | 2023-08-21 | 2023-08-21 | IPv6 risk quantification method, system, medium and device based on artificial intelligence |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116760643A CN116760643A (en) | 2023-09-15 |
| CN116760643B true CN116760643B (en) | 2023-10-20 |
Family
ID=87955576
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311050798.6A Active CN116760643B (en) | 2023-08-21 | 2023-08-21 | IPv6 risk quantification method, system, medium and device based on artificial intelligence |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116760643B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB201901737D0 (en) * | 2019-02-07 | 2019-03-27 | Egress Software Tech Ltd | Method and system for processing data packages |
| CN113656808A (en) * | 2021-08-31 | 2021-11-16 | 平安医疗健康管理股份有限公司 | Data security evaluation method, device, equipment and storage medium |
| CN115114329A (en) * | 2021-03-18 | 2022-09-27 | 腾讯科技(深圳)有限公司 | Method and device for detecting data stream abnormity, electronic equipment and storage medium |
| CN116506217A (en) * | 2023-06-20 | 2023-07-28 | 北京门石信息技术有限公司 | Analysis method, system, storage medium and terminal for security risk of service data stream |
| CN116545704A (en) * | 2023-05-12 | 2023-08-04 | 清华大学 | IPv6 address credit risk detection method and device based on time delay |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9942250B2 (en) * | 2014-08-06 | 2018-04-10 | Norse Networks, Inc. | Network appliance for dynamic protection from risky network activities |
-
2023
- 2023-08-21 CN CN202311050798.6A patent/CN116760643B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB201901737D0 (en) * | 2019-02-07 | 2019-03-27 | Egress Software Tech Ltd | Method and system for processing data packages |
| CN115114329A (en) * | 2021-03-18 | 2022-09-27 | 腾讯科技(深圳)有限公司 | Method and device for detecting data stream abnormity, electronic equipment and storage medium |
| CN113656808A (en) * | 2021-08-31 | 2021-11-16 | 平安医疗健康管理股份有限公司 | Data security evaluation method, device, equipment and storage medium |
| CN116545704A (en) * | 2023-05-12 | 2023-08-04 | 清华大学 | IPv6 address credit risk detection method and device based on time delay |
| CN116506217A (en) * | 2023-06-20 | 2023-07-28 | 北京门石信息技术有限公司 | Analysis method, system, storage medium and terminal for security risk of service data stream |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116760643A (en) | 2023-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109960729B (en) | Method and system for detecting HTTP malicious traffic | |
| CN107528832B (en) | Baseline construction and unknown abnormal behavior detection method for system logs | |
| CN104270392B (en) | A kind of network protocol identification method learnt based on three grader coorinated trainings and system | |
| CN103297427B (en) | A kind of unknown network protocol recognition method and system | |
| CN113259313A (en) | Malicious HTTPS flow intelligent analysis method based on online training algorithm | |
| WO2010114363A1 (en) | Method and system for alert classification in a computer network | |
| CN111274218A (en) | Multi-source log data processing method for power information system | |
| CN115134250A (en) | Network attack source tracing evidence obtaining method | |
| CN106972968B (en) | Network abnormal flow detection method based on cross entropy and Mahalanobis distance | |
| Mughaid et al. | Utilizing machine learning algorithms for effectively detection iot ddos attacks | |
| CN107332802B (en) | Firewall policy monitoring method and device | |
| CN117411703A (en) | Modbus protocol-oriented industrial control network abnormal flow detection method | |
| CN116760643B (en) | IPv6 risk quantification method, system, medium and device based on artificial intelligence | |
| CN112291213A (en) | Abnormal flow analysis method and device based on intelligent terminal | |
| CN115659351B (en) | Information security analysis method, system and equipment based on big data office | |
| CN116614258A (en) | Network danger prediction model of security situation awareness system | |
| CN116302809A (en) | Edge end data analysis and calculation device | |
| KR102559398B1 (en) | Security monitoring intrusion detection alarm processing device and method using artificial intelligence | |
| CN114666273A (en) | Application layer unknown network protocol oriented traffic classification method | |
| Ramström | Botnet detection on flow data using the reconstruction error from Autoencoders trained on Word2Vec network embeddings | |
| CN113162904B (en) | Power monitoring system network security alarm evaluation method based on probability graph model | |
| Kumar et al. | Machine learning based traffic classification using low level features and statistical analysis | |
| Yu et al. | Mining anomaly communication patterns for industrial control systems | |
| CN112929364A (en) | Data leakage detection method and system based on ICMP tunnel analysis | |
| Tafazzoli et al. | A proposed architecture for network forensic system in large-scale networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |