基于深度学习的网络恶意登录异常检测方法研究

Translated title of the contribution: Research on Anomaly Detection of Network Malicious Login Based on Deep Learning

Ze Ming, Wen Ai Song*, Chun Shan, Zhen Yu Wang, Sheng Jun Wei

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)

Abstract

Aiming at the problems of low accuracy of feature extraction of user operation logs in the process of network malicious login anomaly detection, poor generalization, low recognition rate of network attacks, and untimely feedback from network administrators, this article combined attention mechanism and recurrent neural network, proposing an anomaly detection method for malicious network login based on deep learning. First, for different types of user operation logs, this article used two encoding methods, word-level and char-level; then, the LSTM model was used to extract the characteristic information contained in the user operation day to identify the normal behavior in the user operation log; then, the attention mechanism was used to make the model pay more attention to the characteristic information of normal operations, while filtering redundant operations to obtain user operation scores; finally, a threshold was set to determine whether the log stream was malicious login, and fed back to the network administrator at the same time. Experimental results show that the method proposed in this paper can encode different user logs, the feature extraction accuracy is high, and the F1-Score of network malicious login anomaly detection reaches 0.976.

Translated title of the contributionResearch on Anomaly Detection of Network Malicious Login Based on Deep Learning
Original languageChinese (Traditional)
Pages (from-to)325-331
Number of pages7
JournalZhongbei Daxue Xuebao (Ziran Kexue Ban)/Journal of North University of China (Natural Science Edition)
Volume42
Issue number4
DOIs
Publication statusPublished - Aug 2021

Fingerprint

Dive into the research topics of 'Research on Anomaly Detection of Network Malicious Login Based on Deep Learning'. Together they form a unique fingerprint.

Cite this