CN117441321A - 检测装置、检测方法以及检测程序 - Google Patents

检测装置、检测方法以及检测程序 Download PDF

Info

Publication number
CN117441321A
CN117441321A CN202180098971.2A CN202180098971A CN117441321A CN 117441321 A CN117441321 A CN 117441321A CN 202180098971 A CN202180098971 A CN 202180098971A CN 117441321 A CN117441321 A CN 117441321A
Authority
CN
China
Prior art keywords
natural language
language processing
feature
processing model
detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202180098971.2A
Other languages
English (en)
Chinese (zh)
Inventor
寺本泰大
山田真德
山中友贵
高桥知克
永井智大
小山高明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NTT Inc
Original Assignee
Nippon Telegraph and Telephone Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nippon Telegraph and Telephone Corp filed Critical Nippon Telegraph and Telephone Corp
Publication of CN117441321A publication Critical patent/CN117441321A/zh
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • G06N20/20Ensemble learning
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • G06N3/0455Auto-encoder networks; Encoder-decoder networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/0475Generative networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/088Non-supervised learning, e.g. competitive learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Evolutionary Computation (AREA)
  • Mathematical Physics (AREA)
  • Data Mining & Analysis (AREA)
  • Artificial Intelligence (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Biomedical Technology (AREA)
  • Molecular Biology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Virology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Input Circuits Of Receivers And Coupling Of Receivers And Audio Equipment (AREA)
  • Burglar Alarm Systems (AREA)
  • Geophysics And Detection Of Objects (AREA)
CN202180098971.2A 2021-06-07 2021-06-07 检测装置、检测方法以及检测程序 Pending CN117441321A (zh)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/021581 WO2022259317A1 (ja) 2021-06-07 2021-06-07 検出装置、検出方法及び検出プログラム

Publications (1)

Publication Number Publication Date
CN117441321A true CN117441321A (zh) 2024-01-23

Family

ID=84424980

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202180098971.2A Pending CN117441321A (zh) 2021-06-07 2021-06-07 检测装置、检测方法以及检测程序

Country Status (6)

Country Link
US (1) US20240267398A1 (https=)
EP (1) EP4333391A4 (https=)
JP (1) JP7632615B2 (https=)
CN (1) CN117441321A (https=)
AU (1) AU2021449966B2 (https=)
WO (1) WO2022259317A1 (https=)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024241596A1 (ja) * 2023-05-25 2024-11-28 日本電信電話株式会社 検知装置、検知方法及び検知プログラム
WO2026018748A1 (ja) * 2024-07-19 2026-01-22 パナソニックIpマネジメント株式会社 通信解釈方法、通信解釈装置、及び、プログラム

Family Cites Families (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4509904B2 (ja) * 2005-09-29 2010-07-21 富士通株式会社 ネットワークセキュリティ装置
US20150324686A1 (en) 2014-05-12 2015-11-12 Qualcomm Incorporated Distributed model learning
US9503467B2 (en) * 2014-05-22 2016-11-22 Accenture Global Services Limited Network anomaly detection
US10320813B1 (en) * 2015-04-30 2019-06-11 Amazon Technologies, Inc. Threat detection and mitigation in a virtualized computing environment
US9699205B2 (en) * 2015-08-31 2017-07-04 Splunk Inc. Network security system
US10270788B2 (en) * 2016-06-06 2019-04-23 Netskope, Inc. Machine learning based anomaly detection
US10685293B1 (en) * 2017-01-20 2020-06-16 Cybraics, Inc. Methods and systems for analyzing cybersecurity threats
GB201714917D0 (en) * 2017-09-15 2017-11-01 Spherical Defence Labs Ltd Detecting anomalous application messages in telecommunication networks
US10956670B2 (en) * 2018-03-03 2021-03-23 Samurai Labs Sp. Z O.O. System and method for detecting undesirable and potentially harmful online behavior
US12468951B2 (en) * 2018-06-12 2025-11-11 Ciena Corporation Unsupervised outlier detection in time-series data
JP7127525B2 (ja) 2018-12-19 2022-08-30 日本電信電話株式会社 検知装置、検知方法、および、検知プログラム
US12288039B1 (en) 2019-01-28 2025-04-29 Salesforce, Inc. Applied artificial intelligence technology for adaptively classifying sentences based on the concepts they express to improve natural language understanding
US11068656B2 (en) * 2019-04-10 2021-07-20 International Business Machines Corporation Displaying text classification anomalies predicted by a text classification model
US11783225B2 (en) * 2019-07-11 2023-10-10 Optum, Inc. Label-based information deficiency processing
US11258814B2 (en) * 2019-07-16 2022-02-22 Hewlett Packard Enterprise Development Lp Methods and systems for using embedding from Natural Language Processing (NLP) for enhanced network analytics
US12574393B2 (en) * 2019-08-29 2026-03-10 Darktrace Holdings Limited Cyber security system utilizing interactions between detected and hypothesize cyber-incidents
CN112446399B (zh) 2019-09-02 2025-09-16 华为技术有限公司 标签确定方法、装置和系统
CN111181939B (zh) 2019-12-20 2022-02-25 广东工业大学 一种基于集成学习的网络入侵检测方法及装置
US11316875B2 (en) * 2020-01-31 2022-04-26 Threatology, Inc. Method and system for analyzing cybersecurity threats and improving defensive intelligence
EP4111343A1 (en) * 2020-02-28 2023-01-04 Darktrace Holdings Limited An artificial intelligence adversary red team
CN112860484A (zh) * 2021-01-29 2021-05-28 深信服科技股份有限公司 容器运行时异常行为检测、模型训练方法及相关装置
US11805140B2 (en) * 2021-03-22 2023-10-31 Verizon Patent And Licensing Inc. Systems and methods for utilizing a machine learning model to detect anomalies and security attacks in software-defined networking
US20230135660A1 (en) * 2021-11-01 2023-05-04 Darktrace Holding Limited Educational Tool for Business and Enterprise Risk Management
US12335293B2 (en) * 2021-11-01 2025-06-17 Darktrace Holdings Limited Capturing importance in a network using graph theory
AU2023323833A1 (en) * 2022-08-08 2025-02-13 Darktrace Holdings Limited An interactive cyber security user interface

Also Published As

Publication number Publication date
AU2021449966B2 (en) 2025-08-14
WO2022259317A1 (ja) 2022-12-15
EP4333391A1 (en) 2024-03-06
JPWO2022259317A1 (https=) 2022-12-15
AU2021449966A1 (en) 2023-11-23
EP4333391A4 (en) 2024-11-27
US20240267398A1 (en) 2024-08-08
JP7632615B2 (ja) 2025-02-19

Similar Documents

Publication Publication Date Title
US10706229B2 (en) Content aware heterogeneous log pattern comparative analysis engine
US10243982B2 (en) Log analyzing device, attack detecting device, attack detection method, and program
US10514974B2 (en) Log analysis system, log analysis method and program recording medium
JP5946423B2 (ja) システム・ログの分類方法、プログラム及びシステム
CN114697068B (zh) 一种恶意流量识别方法及相关装置
CN111164575B (zh) 样本数据生成装置、样本数据生成方法和计算机能读取的存储介质
CN111651767A (zh) 一种异常行为检测方法、装置、设备及存储介质
CN110716868B (zh) 异常程序行为检测方法、装置
CN110826648A (zh) 一种利用时序聚类算法实现故障检测的方法
CN109118420B (zh) 水印识别模型建立及识别方法、装置、介质及电子设备
Zheng et al. Density peaks clustering‐based steady/transition mode identification and monitoring of multimode processes
CN116304909A (zh) 一种异常检测模型训练方法、故障场景定位方法及装置
CN115062144A (zh) 一种基于知识库和集成学习的日志异常检测方法与系统
CN117441321A (zh) 检测装置、检测方法以及检测程序
WO2014132611A1 (ja) システム分析装置、及び、システム分析方法
Peng et al. Imbalanced process fault diagnosis using enhanced auxiliary classifier gan
JP5834701B2 (ja) コンピューティング環境における資源の発見のための方法、装置、およびプログラム
CN118820772A (zh) 用于日志异常检测的模型训练及应用方法、设备和介质
Sui et al. Bridging the gap: Llm-powered transfer learning for log anomaly detection in new software systems
CN114266046A (zh) 网络病毒的识别方法、装置、计算机设备及存储介质
Guigou et al. Anomaly detection and motif discovery in symbolic representations of time series
CN118057319B (zh) 使用模体和形状子的单变量时间序列数据集的无监督分割
CN113316786A (zh) 漏洞利用工具包检测
KR101621959B1 (ko) 로그패턴추출장치, 로그패턴분석장치 및 그 방법
KR102418118B1 (ko) 주파수 합성을 이용한 딥러닝 기반 설비 진단 장치 및 방법

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Country or region after: Japan

Address after: Tokyo, Japan

Applicant after: Entiti Corp.

Address before: Tokyo, Japan

Applicant before: NIPPON TELEGRAPH AND TELEPHONE Corp.

Country or region before: Japan