Analysis and prediction of network connection behavior anomaly based on knowledge graph features

Abstract

More and more complex and diverse network security problems bring great challenges to the analysis of abnormal network behavior. In order to detect the abnormal connection behavior of the network more accurately, this paper first uses the knowledge graph technology to extract the graph feature parameters that can reflect the node and the overall situation of the network, and then proposes a two-stage unsupervised anomaly analysis method for the abnormal changes of the feature parameters. In the first stage, the anomaly analysis of the whole network graph features is carried out based on clustering technology, so the rough positioning is carried out. In the second stage, the abnormal trend analysis is performed on the graph features of important nodes to determine the category of abnormal connection behavior. On this basis, the time series prediction method is used to predict the node graph features, so as to provide early warning for network security. The experimental results show that the method can effectively extract the network abnormal behavior and predict the development trend of the network in the future, and provide a good support for the understanding of network security situation.