Inkqubo yokuhlalutya itrafikhi ngaphandle kokuyicoca. Le ndlela ibizwa nje "ngokufunda ngomatshini". Kuye kwavela ukuba ukuba umthamo omkhulu kakhulu wezithuthi ezahlukeneyo zondliwa kwigalelo lomlinganisi okhethekileyo, inkqubo inokubona izenzo zekhowudi enobungozi ngaphakathi kwetrafikhi efihliweyo ngeqondo eliphezulu kakhulu lokunokwenzeka.
Izisongelo ezikwi-Intanethi zitshintshile kwaye zikrelekrele. Kutshanje, ingcamango yokuhlaselwa kunye nokukhusela itshintshile. Inani leziganeko kwinethiwekhi liye landa kakhulu. Ukuhlaselwa kuye kwaba yinkimbinkimbi kwaye abahlaseli banokufikelela ngokubanzi.
Ngokwezibalo zeCisco, kulo nyaka uphelileyo, abahlaseli baye baphinda kathathu inani le-malware abayisebenzisayo kwimisebenzi yabo, okanye kunoko, ukubethela ukufihla. Kuyaziwa kwithiyori ukuba i-algorithm "echanekileyo" yokubethela ayinakophulwa. Ukuze uqonde ukuba yintoni efihliweyo ngaphakathi kwetrafikhi efihliweyo, kuyafuneka ukuba uyiguqule usazi isitshixo, okanye uzame ukuyifihla usebenzisa amaqhinga ahlukeneyo, okanye ukuqhekeza ngokuthe ngqo, okanye ukusebenzisa uhlobo oluthile lobuthathaka kwiiprothokholi ze-cryptographic.
Umfanekiso wezoyikiso zenethiwekhi zexesha lethu
Ukufunda ngomatshini
Yazi iteknoloji ngokobuqu! Phambi kokuba uthethe malunga nendlela itekhnoloji yokufunda esekwe kumatshini esebenza ngayo, kuyafuneka ukuba uqonde ukuba isebenza njani itekhnoloji ye-neural network.
Ukufunda ngoomatshini licandelwana elibanzi lobukrelekrele bokwenziwa obufunda iindlela zokwenza iialgorithms ezinokufunda. Le nzululwazi ijolise ekudaleni iimodeli zemathematika "zokuqeqesha" ikhompyutha. Injongo yokufunda kukuqikelela okuthile. Ekuqondeni komntu, le nkqubo siyibiza ngokuba ligama "ubulumko". Ubulumko buzibonakalisa kubantu abaye bahlala ixesha elide (umntwana oneminyaka emi-2 akanakuba nobulumko). Xa sibhenela kumaqabane aphezulu ngengcebiso, sibanika ulwazi malunga nomsitho (idatha yegalelo) kwaye sibacele uncedo. Bona, bakhumbule zonke iimeko ezivela ebomini ngendlela ethile ehambelana nengxaki yakho (isiseko solwazi) kwaye, ngokusekelwe kolu lwazi (idatha), usinike uhlobo lokubikezela (ingcebiso). Olu hlobo lweengcebiso lwaqala ukubizwa ngokuba luqikelelo kuba umntu onika iingcebiso akazi ngokuqinisekileyo ukuba kuya kwenzeka ntoni, kodwa uthatha kuphela. Amava obomi abonisa ukuba umntu unokulunga, okanye angaphazama.
Akufanele uthelekise iinethiwekhi ze-neural kunye ne-algorithm ye-branching (ukuba-enye). Ezi zizinto ezahlukeneyo kwaye kukho iiyantlukwano eziphambili. I-algorithm ye-branching ine "ukuqonda" okucacileyo kwento yokwenza. Ndiza kubonisa ngemizekelo.
Umsebenzi. Gqiba umgama wokunyathela imoto ngokusekwe kwindlela eyakhiwe ngayo kunye nonyaka wokwenziwa kwayo.
Umzekelo we-algorithm ye-branching. Ukuba imoto i-brand 1 kwaye yakhululwa ngo-2012, umgama wayo wokuqhawula iimitha ezili-10, ngaphandle koko, ukuba imoto i-brand 2 kwaye yakhululwa ngo-2011, njalo njalo.
Umzekelo wenethiwekhi ye-neural. Siqokelela idatha kwimigama yokuqhobosha imoto kule minyaka ingama-20 idlulileyo. Ngokwenza kunye nonyaka, siqulunqa itheyibhile yefom "unyaka wokwenza umgama wokwenza ibraking". Sikhupha le theyibhile kwinethiwekhi ye-neural kwaye siqale ukuyifundisa. Uqeqesho lwenziwa ngolu hlobo lulandelayo: sondla idatha kwinethiwekhi ye-neural, kodwa ngaphandle kwendlela yokuqhawula. I-neuron izama ukuqikelela ukuba umgama wokuqhobosha uya kusekelwa kwitafile elayishwe kuyo. Iqikelela into kwaye ibuze umsebenzisi "Ngaba ndilungile?" Ngaphambi kombuzo, wenza ikholamu yesine, ikholamu yokuqikelela. Ukuba ulungile, ngoko ubhala u-1 kwikholamu yesine, ukuba akalunganga, ubhala u-0. Inethiwekhi ye-neural iqhubela phambili kwisiganeko esilandelayo (nokuba yenze impazamo). Yile ndlela inethiwekhi efunda ngayo kwaye xa uqeqesho lugqityiwe (umlinganiselo othile wokudibanisa ufikeleleke), sithumela idatha malunga nemoto esinomdla kuyo kwaye ekugqibeleni sifumane impendulo.
Ukususa umbuzo malunga nekhrayitheriya yokudibanisa, ndiya kuchaza ukuba le yifomyula ephuma kwimathematika yezibalo. Umzekelo omangalisayo weefomyula ezimbini ezahlukeneyo zokuhlangana. Ubomvu - ukudibanisa ibhinari, blue - ukudibanisa okuqhelekileyo.
Unikezelo olunokwenzeka lweBinomial kunye nesiqhelo
Ukuyenza icace ngakumbi, buza umbuzo "Yintoni enokwenzeka yokudibana nedayinaso?" Kukho iimpendulo ezi-2 ezinokwenzeka apha. Ukhetho loku-1 - lincinci kakhulu (igrafu eluhlaza okwesibhakabhaka). Ukhetho lwesi-2 - nokuba yintlanganiso okanye hayi (igrafu ebomvu).
Kakade ke, ikhompyutha ayingomntu kwaye ifunda ngendlela eyahlukileyo. Kukho iintlobo ezi-2 zoqeqesho lwamahashe entsimbi: ukufunda okusekwe kwimeko ΠΈ imfundo ephantsi.
Ukufundisa ngeprecedent yindlela yokufundisa kusetyenziswa imithetho yemathematika. Iingcali zezibalo ziqokelela iitheyibhile zezibalo, zenze izigqibo kwaye zilayishe umphumo kuthungelwano lwe-neural - ifomula yokubala.
Ukufunda ngokunciphisa - ukufunda kwenzeka ngokupheleleyo kwi-neuron (ukusuka ekuqokeleleni idatha ukuya kuhlalutyo lwayo). Apha itafile yenziwe ngaphandle kwefomula, kodwa ngezibalo.
Ujongo olubanzi lwetekhnoloji inokuthatha amanye amanqaku alishumi elinambini. Okwangoku, oku kuya kwanela ukuqonda kwethu ngokubanzi.
I-Neuroplasticity
Kwi-biology kukho ingcamango enjalo - neuroplasticity. I-Neuroplasticity kukukwazi kwee-neurons (iiseli zengqondo) ukwenza "ngokwemeko." Ngokomzekelo, umntu ongaboniyo uyeva izandi, ivumba nezivamvo ngcono. Oku kwenzeka ngenxa yokuba inxalenye yengqondo (inxalenye ye-neurons) ejongene nombono ihambisa umsebenzi wayo kwezinye izinto zokusebenza.
Umzekelo omangalisayo we-neuroplasticity ebomini yiBrainPort lollipop.
Kwi-2009, iYunivesithi yaseWisconsin eMadison yamemezela ukukhululwa kwesixhobo esitsha esaphuhlisa iingcamango "zokubonisa ulwimi" - kwakubizwa ngokuba yiBrainPort. I-BrainPort isebenza ngokwe-algorithm ilandelayo: isignali yevidiyo ithunyelwa ukusuka kwikhamera ukuya kwiprosesa, elawula ukusondeza, ukukhanya kunye nezinye iiparamitha zemifanekiso. Ikwaguqula imiqondiso yedijithali ibe ziimpembelelo zombane, ngokuyintloko ithatha imisebenzi yeretina.
Ilolipop yeBrainPort eneeglasi kunye nekhamera
BrainPort emsebenzini
Kuyafana nakwikhompyuter. Ukuba inethiwekhi ye-neural ibona utshintsho kwinkqubo, iyaziqhelanisa nayo. Le yinzuzo ephambili yeenethiwekhi ze-neural xa kuthelekiswa nezinye i-algorithms - ukuzimela. Uhlobo lobuntu.
Uhlalutyo Lwendlela Efihliweyo
Uhlalutyo Lwendlela Efihliweyo yinxalenye yenkqubo yeStealthwatch. I-Stealthwatch sisisombululo seCisco sokhuseleko olukhokelayo kwishishini kunye nesisombululo esixhasa idatha ye-telemetry yeshishini kwiziseko zonxibelelwano ezikhoyo.
UShishino lweStealthwatch lusekwe kwiLayisensi yoMyinge wokuHamba, uMqokeleli wokuHamba, iKhonsoli yoLawulo kunye nezixhobo zoVavanyo lokuHamba.
Cisco Stealthwatch Interface
Ingxaki ngoguqulelo oluntsonkothileyo yaba nzima kakhulu ngenxa yokuba uninzi lwetrafikhi lwaqala ukubethelwa. Ngaphambili, ikhowudi kuphela yayifihliwe (ubukhulu becala), kodwa ngoku zonke izithuthi zifihliwe kwaye ukwahlula idatha "ecocekileyo" kwiintsholongwane kuye kwaba nzima kakhulu. Umzekelo omangalisayo yi-WannaCry, esebenzisa iTor ukufihla ubukho bayo kwi-intanethi.
Ukubonwa kokukhula koguqulelo oluntsonkothileyo lwetrafikhi kuthungelwano
Uguqulelo oluntsonkothileyo kwi-macroeconomics
Inkqubo ye-Encrypted Traffic Analytics (ETA) iyimfuneko ngokuchanekileyo ekusebenzeni ngetrafikhi efihliweyo ngaphandle kokuyicoca. Abahlaseli bahlakaniphile kwaye basebenzisa i-crypto-resistant encryption algorithms, kwaye ukuwaphula akuyona nje ingxaki, kodwa kubiza kakhulu kwimibutho.
Inkqubo isebenza ngolu hlobo lulandelayo. Ezinye iitrafikhi ziza kwinkampani. Iwela kwi-TLS (ukhuseleko lomgangatho wezothutho). Masithi itrafikhi ifihliwe. Sizama ukuphendula inani lemibuzo malunga nokuba luhlobo luni lonxibelelwano olwenziweyo.
Isebenza njani inkqubo ye-Encrypted Traffic Analytics (ETA).
Ukuphendula le mibuzo sisebenzisa ukufunda ngomatshini kule nkqubo. Uphando oluvela kwiCisco luthathiwe kwaye lusekwe kwezi zifundo itheyibhile yenziwe kwiziphumo ezi-2 - ezinobungozi kunye "ezilungileyo" zetrafikhi. Ewe kunjalo, asazi ngokuqinisekileyo ukuba luhlobo luni lwetrafikhi olungene kwinkqubo ngokuthe ngqo kulo mzuzu wangoku ngexesha, kodwa sinokulanda imbali yetrafikhi ngaphakathi nangaphandle kwenkampani sisebenzisa idatha evela kwinqanaba lehlabathi. Ekupheleni kwesi sigaba, sifumana itafile enkulu enedatha.
Ngokusekelwe kwiziphumo zophando, iimpawu zeempawu zichongiwe - imigaqo ethile enokuthi ibhalwe phantsi kwifom yemathematika. Le mithetho iya kuhluka kakhulu ngokuxhomekeka kwiikhrayitheriya ezahlukeneyo - ubungakanani beefayile ezidluliselweyo, uhlobo loqhagamshelwano, ilizwe apho le traffic ivela khona, njl. Njengomphumo womsebenzi, itafile enkulu yajika yaba yimfumba yeefomyula. Zimbalwa zazo, kodwa oku akwanelanga kumsebenzi otofotofo.
Okulandelayo, iteknoloji yokufunda umatshini isetyenzisiweyo - ukuguqulwa kwefomula kwaye isekelwe kwisiphumo sokudibanisa sifumana i-trigger - i-switch, apho xa idatha iphuma sifumana iswitshi (iflegi) kwindawo ephakanyisiweyo okanye ehlisiwe.
Inqanaba lesiphumo kukufumana iseti yezinto ezibangela ukuba zigqume i-99% yezithuthi.
Amanyathelo okuhlolwa kwetrafikhi kwi-ETA
Njengomphumo womsebenzi, enye ingxaki isonjululwe - ukuhlaselwa kwangaphakathi. Akusekho sidingo sabantu abasembindini wokuhluza i-traffic ngesandla (ndiyatshona ngokwam okwangoku). Okokuqala, akusafuneki ukuba uchithe imali eninzi kumlawuli wenkqubo onobuchule (ndiyaqhubeka nokuzintywila). Okwesibini, akukho bungozi bokugqekeza ngaphakathi (ubuncinci ngokuyinxenye).
Ingcamango yoMntu oseMbindini ophelelwe lixesha
Ngoku, makhe sibone ukuba le nkqubo isekwe phezu kweyiphi na.
Inkqubo isebenza kwiiprotokholi zonxibelelwano ze-4: i-TCP / IP - i-protocol yokudlulisa idatha ye-Intanethi, i-DNS - iseva yegama lesizinda, i-TLS - iprotocol yokhuseleko lwe-transport layer, i-SPLT (i-SpaceWire Physical Layer Tester) - umhloli wonxibelelwano lomzimba.
Iiprothokholi ezisebenza ne-ETA
Ukuthelekisa kwenziwa ngokuthelekisa idatha. Ukusebenzisa iiprothokholi ze-TCP / IP, idumela leendawo lihlolwe (imbali yokutyelela, injongo yokudala indawo, njl.), Siyabonga kwiprotocol ye-DNS, sinokulahla iidilesi zesayithi "ezimbi". Iprothokholi ye-TLS isebenza ngomnwe wesiza kwaye iqinisekisa isiza ngokuchasene neqela leempendulo zikaxakeka zekhompyutha (isatifikethi). Isinyathelo sokugqibela ekujongeni uxhulumaniso lujonga kwinqanaba lomzimba. Iinkcukacha zeli nqanaba azichazwanga, kodwa ingongoma yile ilandelayo: ukujonga i-sine kunye ne-cosine curves of curves transmission curves on installations of oscillographic, i.e. Siyabulela kwisakhiwo sesicelo kwinqanaba lomzimba, sinquma injongo yokudibanisa.
Njengomphumo wokusebenza kwenkqubo, sinokufumana idatha kwitrafikhi efihliweyo. Ngokuphonononga iipakethi, sinokufunda ulwazi oluninzi kangangoko sinakho kwiindawo ezingafihlwanga kwipakethi ngokwayo. Ngokuhlola ipakethe kwinqanaba lomzimba, sifumanisa iimpawu zepakethi (inxalenye okanye ngokupheleleyo). Kwakhona, musa ukulibala malunga nodumo lweendawo. Ukuba isicelo sivela kumthombo othile we-onion, akufanele uyithembe. Ukwenza kube lula ukusebenza ngolu hlobo lwedatha, imephu yomngcipheko yenziwe.
Iziphumo zomsebenzi we-ETA
Kwaye yonke into ibonakala ilungile, kodwa makhe sithethe malunga nokuthunyelwa kwenethiwekhi.
Ukuphunyezwa ngokubonakalayo kwe-ETA
Inani lee-nuances kunye nobuqili buvela apha. Okokuqala, xa udala olu hlobo
uthungelwano ngesoftware ekumgangatho ophezulu, uqokelelo lwedatha luyafuneka. Qokelela idatha ngesandla ngokupheleleyo
zasendle, kodwa ukuphumeza inkqubo impendulo sele umdla ngakumbi. Okwesibini, idatha
kufuneka kubekho okuninzi, okuthetha ukuba abenzi boluvo bothungelwano abafakelweyo kufuneka basebenze
hayi ngokuzimela kuphela, kodwa nakwimowudi elungiswe kakuhle, eyenza inani lobunzima.
Iinzwa kunye nenkqubo yeStealthwatch
Ukufakela inzwa yinto enye, kodwa ukuseta kungumsebenzi owahluke ngokupheleleyo. Ukuqwalasela i-sensor, kukho i-complex esebenza ngokuhambelana ne-topology elandelayo - ISR = I-Cisco Integrated Services Router; ASR = Cisco Aggregation Services Router; CSR = Cisco Cloud Services Router; I-WLC = UMlawuli we-LAN ongenazingcingo weCisco; IE = Cisco Industrial Ethernet Tshintsha; I-ASA = IsiXhobo soKhuseleko esiLungelelayo seCisco; FTD = Cisco Firepower Threat Defense Solution; I-WSA = IsiXhobo soKhuseleko lweWebhu; ISE = Injini yeeNkonzo zesazisi
Ukubeka iliso okubanzi kuthathela ingqalelo nayiphi na idatha yetelemetric
Abalawuli benethiwekhi baqala ukufumana i-arrhythmia ukusuka kwinani lamagama "Cisco" kumhlathi odlulileyo. Ixabiso lalo mmangaliso alincinci, kodwa ayisiyiyo le nto sithetha ngayo namhlanje ...
Ukuziphatha kwe-hacker kuya kulandelwa ngolu hlobo lulandelayo. I-Stealthwatch ibeka esweni ngononophelo umsebenzi wesixhobo ngasinye kwinethiwekhi kwaye iyakwazi ukwenza ipateni yokuziphatha okuqhelekileyo. Ukongeza, esi sicombululo sibonelela ngengqiqo enzulu malunga nokuziphatha okungafanelekanga okwaziwayo. Isisombululo sisebenzisa malunga ne-100 i-algorithms yokuhlalutya eyahlukeneyo okanye i-heuristics ejongene neentlobo ezahlukeneyo zokuziphatha kwe-traffic ezifana nokuskena, iifreyimu ze-alarm host, ukungena kwe-brute-force, ukuthathwa kwedatha ekrokrelwayo, ukuvuza kwedatha ekrokrelwayo, njl. Iziganeko zokhuseleko ezidwelisiweyo ziwela phantsi koluhlu lwee-alam ezikwinqanaba eliphezulu. Eminye imisitho yokhuseleko inokuqalisa i-alam ngokwayo. Ngaloo ndlela, inkqubo iyakwazi ukulungelelanisa iziganeko ezininzi ezizimeleyo ezizimeleyo kwaye zidibanise ukumisela uhlobo olunokwenzeka lokuhlaselwa, kunye nokuludibanisa nesixhobo esithile kunye nomsebenzisi (Umfanekiso 2). Kwixesha elizayo, isiganeko sinokufundwa ngexesha kwaye sithathela ingqalelo idatha ye-telemetry ehambelanayo. Oku kubandakanya ulwazi olusemxholweni kangangoko. Oogqirha abaxilonga isigulana ukuze baqonde ukuba yintoni engalunganga abajongi iimpawu bebodwa. Bajonga umfanekiso omkhulu ukwenza uxilongo. Ngokukwanjalo, iStealthwatch ibamba yonke into engaqhelekanga kwinethiwekhi kwaye iyivavanye ngokugqibeleleyo ukuze ithumele iialam eziwaziyo umxholo, ngaloo ndlela inceda iingcali zokhuseleko ukuba zibeke phambili umngcipheko.
Ukufunyaniswa okungaqhelekanga kusetyenziswa umfuziselo wokuziphatha
Ukusasazwa ngokomzimba kwenethiwekhi kujongeka ngolu hlobo:
Inketho yokusasazwa kwenethiwekhi yesebe (yenziwe lula)
Inketho yokusasazwa kwenethiwekhi yesebe
Inethiwekhi isetyenzisiwe, kodwa umbuzo malunga ne-neuron uhlala uvulekile. Baququzelele inethiwekhi yokuhanjiswa kwedatha, bafake i-sensors kwimida kwaye baqalise inkqubo yokuqokelela ulwazi, kodwa i-neuron ayizange ithathe inxaxheba kulo mbandela. Uxolo.
Inethiwekhi ye-neural eninzi
Inkqubo ihlalutya indlela yokusebenza komsebenzisi kunye nesixhobo ukufumanisa usulelo olubi, unxibelelwano kunye nomyalelo kunye neeseva zolawulo, ukuvuza kwedatha, kunye nezicelo ezinokuthi zingafunwa ezisebenza kwisiseko sombutho. Kukho iileya ezininzi zokusetyenzwa kwedatha apho indibaniselwano yobukrelekrele bokwenziwa, ukufunda ngoomatshini, kunye neendlela zobalo zezibalo zinceda uthungelwano ukuba luzifundele umsebenzi walo wesiqhelo ukuze lubhaqe umsebenzi ongalunganga.
Umbhobho wohlalutyo lokhuseleko lwenethiwekhi, oqokelela idatha ye-telemetry kuzo zonke iindawo zothungelwano olwandisiweyo, kubandakanywa netrafikhi efihliweyo, luphawu olulodwa lweStealthwatch. Ngokunyukayo iphuhlisa ukuqonda ukuba yintoni na "engaqhelekanga," emva koko ihlele ezona mpawu "zomsebenzi woloyiko," kwaye ekugqibeleni yenza isigwebo sokugqibela malunga nokuba isixhobo okanye umsebenzisi uthotyelwe ngokwenene. Ukukwazi ukudibanisa amaqhekeza amancinci adibanisa ubungqina bokwenza isigqibo sokugqibela malunga nokuba i-asethi ithotyelwe phantsi iza ngohlalutyo olunononophelo kunye nokulungelelaniswa.
Obu buchule bubalulekile kuba ishishini eliqhelekileyo linokufumana inani elikhulu leealam yonke imihla, kwaye akunakwenzeka ukuphanda nganye nganye kuba iingcali zokhuseleko zinezixhobo ezilinganiselweyo. Imodyuli yokufunda umatshini iqhuba ubuninzi bolwazi malunga nexesha langempela lokuchonga iziganeko ezibalulekileyo kunye nenqanaba eliphezulu lokuzithemba, kwaye iyakwazi nokubonelela ngezifundo ezicacileyo zokusombulula ngokukhawuleza.
Makhe sijonge ngakumbi kwiindlela ezininzi zokufunda koomatshini ezisetyenziswa yiStealthwatch. Xa isiganeko singeniswa kwi-injini yokufunda yomatshini we-Stealthwatch, idlula kwifuneli yohlalutyo lokhuseleko esebenzisa indibanisela yobuchule bokufunda koomatshini obugadwayo nongagadwanga.
Amanqanaba amaninzi okufunda koomatshini
Inqanaba loku-1. Ukufunyaniswa okungaqhelekanga kunye nomzekelo wokuthembela
Kweli nqanaba, i-99% ye-traffic ilahlwa kusetyenziswa i-statistical anomaly detectors. Ezi zinzwa kunye zenza imodeli enzima yento eqhelekileyo kwaye yintoni, ngokuchaseneyo, engaqhelekanga. Nangona kunjalo, ukungaqhelekanga akuyongozi. Izinto ezininzi ezenzekayo kuthungelwano lwakho azinanto yakwenza nesisongeloβiyinto engaqhelekanga. Kubalulekile ukuhlela iinkqubo ezinjalo ngaphandle kokujonga ukuziphatha okusongelayo. Ngenxa yesi sizathu, iziphumo zezo detectors zihlalutywa ngakumbi ukuze kubanjwe ukuziphatha okungaqhelekanga okunokuchazwa kunye nokuthenjwa. Ekugqibeleni, kuphela iqhezu elincinci leyona misonto ibaluleke kakhulu kunye nezicelo ezenza ukuba zibe kumgangatho wesi-2 kunye no-3. Ngaphandle kokusetyenziswa kobuchule bokufunda koomatshini, iindleko zokusebenza zokwahlula umqondiso kwingxolo ziya kuba phezulu kakhulu.
Ukufunyaniswa okungaqhelekanga. Inyathelo lokuqala ekubhaqweni okungaqhelekanga lisebenzisa ubuchule bokufunda koomatshini bobalo ukwahlula itrafikhi eqhelekileyo ngokwezibalo kwitrafikhi engaqhelekanga. Ngaphezulu kwama-70 ama-detectors aqhuba idatha ye-telemetry I-Stealthwatch iqokelela kwitrafikhi edlula kwi-perimeter yenethiwekhi yakho, isahlula i-Domain Name System yangaphakathi (DNS) itrafikhi kwidatha ye-proxy server, ukuba ikhona. Isicelo ngasinye siqwalaselwa ngaphezulu kwe-70 ye-detector, kunye ne-detector nganye isebenzisa i-algorithm ye-statistical algorithm ukwenza uvavanyo lwezinto ezingaqhelekanga ezifunyenweyo. La manqaku adityanisiwe kwaye iindlela ezininzi zamanani zisetyenziselwa ukuvelisa inqaku elinye kumbuzo ngamnye. Eli nqaku lidityanisiwe lisetyenziswa ukwahlula itrafikhi eqhelekileyo kunye nengaqhelekanga.
Ukwenza umzekelo wokuthembana. Okulandelayo, izicelo ezifanayo zibekwe ngokwamaqela, kwaye i-aggregate anomaly score yaloo maqela igqitywe njengomndilili wexesha elide. Ngokuhamba kwexesha, imibuzo engaphezulu ihlalutywa ukumisela umyinge wexesha elide, ngaloo ndlela kuncitshiswe iimpembelelo zobuxoki kunye nezibi zobuxoki. Iziphumo zemodeli yokuthembela zisetyenziselwa ukukhetha iseti esezantsi yetrafikhi apho amanqaku angaqhelekanga angaphezulu komda omiselwe ngamandla ukuya kwinqanaba lokuqhubekeka elilandelayo.
Inqanaba lesi-2. Ukuhlelwa kwesiganeko kunye nomzekelo wezinto
Kule nqanaba, iziphumo ezifunyenwe kwizigaba zangaphambili zihlelwa kwaye zinikezelwe kwiziganeko ezithile ezinobungozi. Iziganeko zihlelwa ngokusekelwe kwixabiso elinikezelwe ngabahluli bokufunda ngomatshini ukuqinisekisa izinga lokuchaneka okungaguqukiyo ngaphezu kwe-90%. Phakathi kwabo:
- iimodeli zomgca ezisekwe kwiNeyman-Pearson lemma (umthetho wonikezelo oluqhelekileyo ukusuka kwigrafu ekuqaleni kwenqaku)
- ukuxhasa oomatshini be-vector usebenzisa ukufunda ngezinto ezininzi
- iinethiwekhi ze-neural kunye ne-algorithm yehlathi engacwangciswanga.
Ezi ziganeko zokhuseleko zodwa zinxulunyaniswa nesiphelo esinye ekuhambeni kwexesha. Kuleli nqanaba ukuba inkcazo yesongelo yenziwe, ngokusekelwe apho umfanekiso opheleleyo wenziwa njani umhlaseli ofanelekileyo uphumelele ukufezekisa iziphumo ezithile.
Ukuhlelwa kweziganeko. Iseti engaqhelekanga ngokwezibalo ukusuka kwinqanaba langaphambili isasazwe kwiindidi ezili-100 okanye ngaphezulu kusetyenziswa abahluli. Uninzi lwabahluli lusekwe kwindlela yokuziphatha komntu ngamnye, kubudlelwane beqela, okanye kwindlela yokuziphatha kwinqanaba lehlabathi okanye lendawo, ngelixa ezinye zinokungqale. Umzekelo, umhleli angabonisa itrafikhi yeC&C, ulwandiso olukrokrisayo, okanye uhlaziyo lwesoftware olungagunyaziswanga. Ngokusekelwe kwiziphumo zeli nqanaba, iseti yeziganeko ezingaqhelekanga kwinkqubo yokhuseleko, ezihlelwe kwiindidi ezithile, zenziwe.
Imodeli yento. Ukuba isixa sobungqina obuxhasa i-hypothesis yokuba into ethile iyingozi idlula umda wezinto eziphathekayo, isongelo sinqunywe. Iziganeko ezichaphazelekayo eziphembelele inkcazo yesongelo zinxulunyaniswa nesongelo esinjalo kwaye sibe yinxalenye yemodeli yexesha elide lezinto. Njengoko ubungqina buqokelelana ngokuhamba kwexesha, inkqubo ichonga izoyikiso ezitsha xa kufikwa kumda wezinto eziphathekayo. Eli xabiso lomda liguquguqukayo kwaye lihlengahlengiswa ngobukrelekrele ngokusekelwe kwinqanaba lomngcipheko wengozi kunye nezinye izinto. Emva koku, isoyikiso sibonakala kwiphaneli yolwazi lwe-interface yewebhu kwaye idluliselwe kwinqanaba elilandelayo.
Inqanaba lesi-3. Imodeli yobudlelwane
Injongo yomzekelo wobudlelwane kukudibanisa iziphumo ezifunyenwe kumanqanaba angaphambili ukusuka kumbono wehlabathi jikelele, ukuqwalasela kungekhona kuphela indawo yendawo kodwa kunye nomxholo wehlabathi jikelele wesiganeko esifanelekileyo. Kukweli nqanaba apho unokumisela ukuba mingaphi na imibutho eye yadibana nohlaselo olunjalo ukuze uqonde ukuba ibijoliswe kuwe na okanye yinxalenye yephulo lehlabathi, kwaye usanda kubanjwa.
Iziganeko ziqinisekisiwe okanye zifunyenwe. Isiganeko esiqinisekisiweyo sithetha ukuzithemba kwi-99 ukuya kwi-100% ngenxa yokuba ubuchule kunye nezixhobo ezinxulumene nazo ziye zabonwa ngaphambili zisebenza kwisikali esikhulu (sehlabathi). Izehlo ezichongiweyo zezodwa kuwe kwaye ziyinxalenye yephulo ekujoliswe kulo.Izinto ezifunyenwe kwixesha elidlulileyo kwabelwana ngazo kunye nesenzo esaziwayo, okonga ixesha kunye nezixhobo zokuphendula. Baza nezixhobo zophando ozidingayo ukuze uqonde ukuba ngubani owakuhlaselayo kunye nobungakanani apho iphulo lalijolise kwishishini lakho ledijithali. Njengoko unokucinga, inani leziganeko eziqinisekisiweyo lidlula kakhulu inani labachongiweyo ngenxa yesizathu esilula sokuba iziganeko eziqinisekisiweyo azibandakanyi iindleko ezininzi kubahlaseli, ngelixa iziganeko ezifunyenweyo zenza.
zibiza kakhulu kuba kufuneka zibe ntsha kwaye zenziwe ngokwezifiso. Ngokudala ukukwazi ukuchonga izehlo eziqinisekisiweyo, uqoqosho lomdlalo luye lwatshintsha ekugqibeleni luthanda abakhuseli, lubanika inzuzo eyahlukileyo.
Uqeqesho lwamanqanaba amaninzi lwenkqubo yoxhulumaniso lwe-neural esekelwe kwi-ETA
Imephu yomngcipheko wehlabathi
Imephu yomngcipheko wehlabathi idalwe ngohlalutyo olusetyenziswa ngoomatshini bokufunda algorithms kwenye yezona datha zinkulu zohlobo lwayo kushishino. Ibonelela ngezibalo zokuziphatha ezibanzi malunga neeseva kwi-Intanethi, nokuba azaziwa. Iiseva ezinjalo zidibene nokuhlaselwa kwaye zinokubandakanyeka okanye zisetyenziswe njengenxalenye yohlaselo kwixesha elizayo. Oku akusiyo "uluhlu olumnyama", kodwa umfanekiso obanzi womncedisi ochaphazelekayo ukusuka kwindawo yokhuseleko. Olu lwazi lomxholo malunga nomsebenzi wezi seva ivumela i-Stealthwatch's i-detectors yokufunda koomatshini kunye nabahlalutyi ukuba baqikelele ngokuchanekileyo umgangatho womngcipheko onxulumene nonxibelelwano kunye nabancedisi abanjalo.
Ungawajonga amakhadi akhoyo .
Imephu yehlabathi ebonisa i-460 yezigidi zeedilesi ze-IP
Ngoku inethwekhi iyafunda kwaye iphakame ukukhusela inethiwekhi yakho.
Ekugqibeleni, i-panacea ifunyenwe?
Ngelishwa akukho. Ukususela kumava okusebenza kunye nenkqubo, ndingatsho ukuba kukho iingxaki ze-2 zehlabathi.
Ingxaki 1. Ixabiso. Inethiwekhi yonke isetyenziswe kwinkqubo yeCisco. Le nto ilungile kwaye imbi. Icala elilungileyo kukuba akufuneki ukhathazeke kwaye ufake iqela leeplagi ezifana ne-D-Link, iMikroTik, njl. I-downside yindleko enkulu yenkqubo. Ukuqwalasela imeko yezoqoqosho kwishishini laseRashiya, okwangoku kuphela umnini ocebileyo wenkampani enkulu okanye ibhanki unokukwazi ukufumana lo mmangaliso.
Ingxaki yesi-2: Uqeqesho. Andizange ndibhale kwinqaku ixesha loqeqesho lwenethiwekhi ye-neural, kodwa kungekhona ngenxa yokuba ingekho, kodwa ngenxa yokuba ifunda lonke ixesha kwaye asikwazi ukuqikelela ukuba iya kufunda nini. Ewe, kukho izixhobo zezibalo zemathematika (thatha ukuqulunqwa okufanayo kwe-Pearson convergence criterion), kodwa le yimilinganiselo yesiqingatha. Sifumana ithuba lokucoca i-traffic, kwaye nangona kunjalo kuphela phantsi kwemeko yokuba uhlaselo sele luyinkosi kwaye lwaziwa.
Ngaphandle kwezi ngxaki zi-2, senze umtsi omkhulu kuphuhliso lokhuseleko lolwazi ngokubanzi kunye nokhuseleko lwenethiwekhi ngokukodwa. Le nyani inokukhuthaza kuphononongo lwetekhnoloji yenethiwekhi kunye neenethiwekhi ze-neural, ngoku ezilukhokelo oluthembisayo kakhulu.
umthombo: www.habr.com