| Popis: |
Abnormal host detection is a critical issue in an enterprise intranet data center. The traditional anomaly host detection method mainly focuses on detecting anomaly behavior, and the abnormality determination for a single behavior point often has certain limitations. For example, the entire attack process cannot be completely restored. And it will cause a lot of underreporting. Therefore, in this paper, we propose A Behavior Sequence Clustering-based Enterprise Network Anomaly Host Detection Method to solve the problem of anomaly host detection of an enterprise network. We use the Toeplitz Inverse Covariance-Based Clustering (TICC) algorithm [1] to segment and cluster time series data and mining anomaly host behavior sequences, identify the anomaly host of the enterprise network. The experimental results show that the Behavior Sequence Clustering-based Enterprise Network Anomaly Host Recognition Method can quickly identify the anomaly host and accurately restore the complete attack process. |
