Research On Intrusion Detection Method Based On Provenance Data Processing Optimization

With the massive expansion of network data,the detection of intrusion behavior has become more difficult.Provenance records the source of data and characterizes the dependencies between data objects.Combining provenance and convolutional neural networks and applying it to intrusion detection is an important method to improve the effect of intrusion detection.However,at present,this method can not mine the provenance information well and it is impossible to determine the specific intrusion behavior when the multi-user behavior intrusion occurs at the same time,,resulting in problems such as large time consumption,low detection rate,and high false detection rate in the detection process.Aiming at the above problems,a research on intrusion detection method based on provenance data processing optimization is proposed.First,an optimized label propagation method based on provenance is designed.The importance of nodes is used to determine the propagation priority.The user behavior provenance data is clustered by event,the threshold is updated to handle small events,and the provenance behavior operation is reasonably separated.Secondly,the importance of the node is measured by using the state attributes of the provenance node itself and the dependencies between the nodes.For each event provenance graph,a node with strong expressive ability is selected as the central node and its normalized neighborhood is constructed,and one-dimensional convolution method is used to retain some important features of the neighborhood and reduce feature loss.With the strength of the fast learning of data features by the convolutional neural network,the neighborhood matrix vector is used as the input of the convolutional neural network,to speed up the detection speed,and obtain better detection results.The experimental results show that,compared with the detection method combining the provenance graph and the provenance path,the real-time misuse detection algorithm based on provenance,and the convolutional neural network intrusion detection method based on provenance,this method can currently reduce the false detection rate by up to46.5 %,increase the detection rate by 2%?50%.