| 发明名称 |
IN-SITU TRAINABLE INTRUSION DETECTION SYSTEM |
| 摘要 |
A computer implemented method detects intrusions using a computer by analysing network traffic. The method includes a semi-supervised learning module connected to a network node. The learning module uses labeled and unlabeled data to train a semi-supervised machine learning sensor. The method records events that include a feature set made up of unauthorized intrusions and benign computer requests. The method identifies at least some of the benign computer requests that occur during the recording of the events while treating the remainder of the data as unlabeled. The method trains the semi-supervised learning module at the network node in-situ, such that the semi-supervised learning modules may identify malicious traffic without relying on specific rules, signatures, or anomaly detection. |
| 申请公布号 |
US2015067857(A1) |
申请公布日期 |
2015.03.05 |
| 申请号 |
US201414468000 |
申请日期 |
2014.08.25 |
| 申请人 |
UT Battelle, LLC |
发明人 |
Symons Christopher T.;Beaver Justin M.;Gillen Rob;Potok Thomas E. |
| 分类号 |
H04L29/06;G06N99/00 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer implemented method that detects intrusions using a computer by analysing network traffic:
coupling a semi-supervised learning module to a network node that uses labeled an unlabeled data to train a semi-supervised machine learning sensor; recording events that comprise a feature set that include unauthorized intrusions and benign requests; identifying at least some of the benign behavior that occurs during the recording of the events while treating the remainder of the data as unlabeled; and training the semi-supervised learning module at the network node in-situ, such that the semi-supervised learning modules may identify malicious traffic without relying on specific rules, signatures, or an anomaly detection. |
| 地址 |
Oak Ridge TN US |
