TY - JOUR
T1 - 基于深度学习的网络恶意登录异常检测方法研究
AU - Ming, Ze
AU - Song, Wen Ai
AU - Shan, Chun
AU - Wang, Zhen Yu
AU - Wei, Sheng Jun
N1 - Publisher Copyright:
© 2021, Editorial Department of Journal of North University of China (Natural Science Edition). All right reserved.
PY - 2021/8
Y1 - 2021/8
N2 - Aiming at the problems of low accuracy of feature extraction of user operation logs in the process of network malicious login anomaly detection, poor generalization, low recognition rate of network attacks, and untimely feedback from network administrators, this article combined attention mechanism and recurrent neural network, proposing an anomaly detection method for malicious network login based on deep learning. First, for different types of user operation logs, this article used two encoding methods, word-level and char-level; then, the LSTM model was used to extract the characteristic information contained in the user operation day to identify the normal behavior in the user operation log; then, the attention mechanism was used to make the model pay more attention to the characteristic information of normal operations, while filtering redundant operations to obtain user operation scores; finally, a threshold was set to determine whether the log stream was malicious login, and fed back to the network administrator at the same time. Experimental results show that the method proposed in this paper can encode different user logs, the feature extraction accuracy is high, and the F1-Score of network malicious login anomaly detection reaches 0.976.
AB - Aiming at the problems of low accuracy of feature extraction of user operation logs in the process of network malicious login anomaly detection, poor generalization, low recognition rate of network attacks, and untimely feedback from network administrators, this article combined attention mechanism and recurrent neural network, proposing an anomaly detection method for malicious network login based on deep learning. First, for different types of user operation logs, this article used two encoding methods, word-level and char-level; then, the LSTM model was used to extract the characteristic information contained in the user operation day to identify the normal behavior in the user operation log; then, the attention mechanism was used to make the model pay more attention to the characteristic information of normal operations, while filtering redundant operations to obtain user operation scores; finally, a threshold was set to determine whether the log stream was malicious login, and fed back to the network administrator at the same time. Experimental results show that the method proposed in this paper can encode different user logs, the feature extraction accuracy is high, and the F1-Score of network malicious login anomaly detection reaches 0.976.
KW - Attention mechanism
KW - Deep learning
KW - LSTM
KW - Malicious login
UR - http://www.scopus.com/inward/record.url?scp=85114910052&partnerID=8YFLogxK
U2 - 10.3969/j.issn.1673-3193.2021.04.006
DO - 10.3969/j.issn.1673-3193.2021.04.006
M3 - 文章
AN - SCOPUS:85114910052
SN - 1673-3193
VL - 42
SP - 325
EP - 331
JO - Zhongbei Daxue Xuebao (Ziran Kexue Ban)/Journal of North University of China (Natural Science Edition)
JF - Zhongbei Daxue Xuebao (Ziran Kexue Ban)/Journal of North University of China (Natural Science Edition)
IS - 4
ER -