Uhlelo lokuhlaziya ithrafikhi ngaphandle kokuyichaza. Le ndlela ibizwa nje ngokuthi "ukufunda ngomshini". Kuvele ukuthi uma umthamo omkhulu kakhulu wethrafikhi ehlukahlukene unikezwa okokufaka kwesigaba esikhethekile, uhlelo lungathola izenzo zekhodi enonya ngaphakathi kwethrafikhi ebethelwe ngezinga eliphezulu kakhulu lokungenzeka.
Izinsongo eziku-inthanethi zishintshile futhi zaba ngobuhlakani. Muva nje, wona kanye umqondo wokuhlasela nokuzivikela usushintshile. Inani lemicimbi kunethiwekhi lenyuke kakhulu. Ukuhlasela sekube yinkimbinkimbi futhi abaduni banokufinyelela okubanzi.
Ngokwezibalo ze-Cisco, onyakeni odlule, abahlaseli baphinde kathathu inani le-malware abayisebenzisela imisebenzi yabo, noma kunalokho, ukubethela ukuze bawafihle. Kuyaziwa ngombono wokuthi i-algorithm "elungile" yokubethela ayikwazi ukuphulwa. Ukuze uqonde ukuthi yini efihliwe ngaphakathi kwethrafikhi ebethelwe, kuyadingeka ukuthi uyisuse ukubethela wazi ukhiye, noma uzame ukuyisusa usebenzisa amaqhinga ahlukahlukene, noma ukugebenga ngokuqondile, noma ukusebenzisa uhlobo oluthile lobungozi kumaphrothokholi we-cryptographic.
Isithombe sezinsongo zenethiwekhi zesikhathi sethu
Ukufunda ngomshini
Yazi ubuchwepheshe mathupha! Ngaphambi kokuthi ukhulume ngokuthi ubuchwepheshe bokuqanjwa komshini obusekelwe ekufundeni busebenza kanjani, kuyadingeka ukuqonda ukuthi ubuchwepheshe benethiwekhi ye-neural busebenza kanjani.
Ukufunda Ngomshini kuyingxenye ebanzi yobuhlakani bokwenziwa efunda izindlela zokwenza ama-algorithms angafunda. Le sayensi ihloselwe ukudala amamodeli ezibalo "wokuqeqesha" ikhompuyutha. Inhloso yokufunda ukubikezela okuthile. Ngokuqonda komuntu, le nqubo siyibiza ngegama "ukuhlakanipha". Ukuhlakanipha kubonakala kubantu abaye baphila isikhathi eside (ingane eneminyaka engu-2 ayikwazi ukuhlakanipha). Uma siphendukela kumaqabane aphezulu ukuze sithole iseluleko, sibanikeza ulwazi oluthile mayelana nomcimbi (idatha yokokufaka) futhi sibacele usizo. Bona, bakhumbula zonke izimo ezivela ekuphileni ngandlela-thile ezihlobene nenkinga yakho (isisekelo solwazi) futhi, ngokusekelwe kulolu lwazi (idatha), sinikeze uhlobo lokubikezela (iseluleko). Lolu hlobo lwezeluleko lwaqala ukubizwa ngokuthi isibikezelo ngoba umuntu onikeza iseluleko akazi ngokuqinisekile ukuthi kuzokwenzekani, kodwa uyathatha kuphela. Okuhlangenwe nakho ekuphileni kubonisa ukuthi umuntu angaba olungile, noma angaba nephutha.
Akufanele uqhathanise amanethiwekhi e-neural ne-algorithm yegatsha (uma-ke). Lezi yizinto ezahlukene futhi kukhona umehluko omkhulu. I-algorithm ye-branching "inokuqonda" okucacile kokuthi yini okufanele yenziwe. Ngizobonisa ngezibonelo.
Umsebenzi. Nquma ibanga lokubhuleka lemoto ngokusekelwe ekwenziweni kwayo nonyaka yokwakhiwa.
Isibonelo se-algorithm yegatsha. Uma imoto i-brand 1 futhi yakhululwa ngo-2012, ibanga layo lokubhuleka lingamamitha angu-10, ngaphandle kwalokho, uma imoto i-brand 2 futhi yakhululwa ngo-2011, njalonjalo.
Isibonelo senethiwekhi ye-neural. Siqoqa idatha yamabanga amabhuleki emoto kule minyaka engu-20 edlule. Ngokwenza nangonyaka, sihlanganisa ithebula lefomu elithi “unyaka wokwenza ibanga lokubhuleka”. Sikhipha leli thebula kunethiwekhi ye-neural futhi siqale ukulifundisa. Ukuqeqeshwa kwenziwa kanje: sondla idatha kunethiwekhi ye-neural, kodwa ngaphandle kwendlela yokubhuleka. I-neuron izama ukubikezela ukuthi ibanga lokubhuleka lizosuselwa kuthebula elilayishwe kulo. Ibikezela okuthile bese ibuza umsebenzisi ukuthi “Ingabe ngiqinisile?” Ngaphambi kombuzo, udala ikholomu yesine, ikholomu yokuqagela. Uma eqinisile, ubhala u-1 kukholamu yesine, uma enephutha, ubhala 0. Inethiwekhi ye-neural idlulela esehlakalweni esilandelayo (ngisho noma yenze iphutha). Yile ndlela inethiwekhi efunda ngayo futhi lapho ukuqeqeshwa sekuqediwe (umbandela othile wokuhlangana usufinyelelwe), sithumela idatha mayelana nemoto esiyithandayo futhi ekugcineni sithole impendulo.
Ukususa umbuzo mayelana nemibandela yokuhlangana, ngizochaza ukuthi lena ifomula esuselwe kwizibalo yezibalo. Isibonelo esimangalisayo samafomula amabili ahlukene okuhlangana. Okubomvu - ukuhlangana kanambambili, okuluhlaza okwesibhakabhaka - ukuhlangana okujwayelekile.
I-Binomial kanye nokusabalalisa kwamathuba avamile
Ukwenza kucace kakhudlwana, buza umbuzo othi “Ayini amathuba okuhlangana ne-dinosaur?” Kunezimpendulo ezi-2 ezingaba khona lapha. Inketho 1 - incane kakhulu (igrafu eluhlaza okwesibhakabhaka). Inketho 2 - kungaba umhlangano noma cha (igrafu ebomvu).
Yiqiniso, ikhompuyutha ayiyena umuntu futhi ifunda ngendlela ehlukile. Kunezinhlobo ezi-2 zokuqeqeshwa kwamahhashi ensimbi: ukufunda okusekelwe ecaleni и imfundo yokufundisa.
Ukufundisa ngokwesibonelo kuyindlela yokufundisa kusetshenziswa imithetho yezibalo. Ochwepheshe bezibalo baqoqa amathebula ezibalo, bafinyelele iziphetho futhi balayishe umphumela kunethiwekhi ye-neural - ifomula yokubala.
Ukufunda ngokudonsela phansi - ukufunda kwenzeka ngokuphelele ku-neuron (kusuka ekuqoqweni kwedatha kuya ekuhlaziyweni kwayo). Lapha itafula lakhiwa ngaphandle kwefomula, kodwa ngezibalo.
Ukubuka kabanzi kobuchwepheshe kuzothatha ezinye izindatshana ezimbalwa. Okwamanje, lokhu kuzokwanela ukuqonda kwethu okujwayelekile.
I-Neuroplasticity
Ku-biology kukhona umqondo onjalo - neuroplasticity. I-Neuroplasticity yikhono lama-neurons (amangqamuzana obuchopho) ukwenza "ngokwesimo." Ngokwesibonelo, umuntu ongaboni kahle uzwa imisindo, amaphunga nezinzwa kangcono. Lokhu kwenzeka ngenxa yokuthi ingxenye yobuchopho (ingxenye yama-neuron) enesibopho sokubona isabalalisa kabusha umsebenzi wayo kweminye imisebenzi.
Isibonelo esimangalisayo se-neuroplasticity empilweni i-BrainPort lollipop.
Ngo-2009, iNyuvesi yaseWisconsin eMadison yamemezela ukukhululwa kwensiza entsha eyathuthukisa imibono “yokuboniswa kolimi” - yayibizwa ngeBrainPort. I-BrainPort isebenza ngokuvumelana ne-algorithm elandelayo: isignali yevidiyo ithunyelwa isuka kukhamera iye kuphrosesa, elawula ukusondeza, ukukhanya nezinye imingcele yesithombe. Iphinde iguqule amasignali edijithali abe ama-impulses kagesi, empeleni ithatha imisebenzi ye-retina.
Ilolipop yeBrainPort enezibuko nekhamera
BrainPort emsebenzini
Ngokufanayo ngekhompyutha. Uma inethiwekhi ye-neural izwa ushintsho enqubweni, iyazivumelanisa nayo. Lena inzuzo eyinhloko yamanethiwekhi e-neural uma kuqhathaniswa namanye ama-algorithms - ukuzimela. Uhlobo lwesintu.
Izibalo Zethrafikhi Ezibethelwe
I-Encrypted Traffic Analytics iyingxenye yesistimu ye-Stealthwatch. I-Stealthwatch iwukungena kwe-Cisco ekuqapheni ukuphepha nezixazululo zezibalo ezisebenzisa idatha ye-telemetry yebhizinisi kusuka kungqalasizinda yenethiwekhi ekhona.
I-Stealthwatch Enterprise isuselwe Kulayisense Yesilinganiso Sokugeleza, Isiqoqi Esigelezayo, Ikhonsoli Yokuphatha kanye namathuluzi Enzwa Egelezayo.
Cisco Stealthwatch Interface
Inkinga yokubhala ngemfihlo yaba yimbi kakhulu ngenxa yokuthi ithrafikhi eningi yaqala ukubethelwa. Ngaphambilini, ikhodi kuphela eyayibethelwe (ikakhulukazi), kodwa manje yonke ithrafikhi ibethelwe futhi ukuhlukanisa idatha "ehlanzekile" kumagciwane sekunzima kakhulu. Isibonelo esimangalisayo yi-WannaCry, esebenzise i-Tor ukuze ifihle ukuba khona kwayo ku-inthanethi.
Ukubona ngeso lengqondo ukukhula kokubethela kwethrafikhi kunethiwekhi
Ukubethela ku-macroeconomics
Uhlelo lwe-Encrypted Traffic Analytics (ETA) luyadingeka ngokunembile ukuze usebenze ngethrafikhi ebethelwe ngaphandle kokuyisusa. Abahlaseli bahlakaniphile futhi basebenzisa i-crypto-resistant encryption algorithms, futhi ukuwaphula akuyona nje inkinga, kodwa futhi kubiza kakhulu ezinhlanganweni.
Uhlelo lusebenza kanje. Ithrafikhi ethile iza enkampanini. Iwela ku-TLS (ukuphepha kwesendlalelo sezokuthutha). Ake sithi ithrafikhi ibethelwe. Sizama ukuphendula imibuzo embalwa mayelana nokuthi hlobo luni lokuxhumana olwenziwe.
Isebenza kanjani uhlelo lwe-Encrypted Traffic Analytics (ETA).
Ukuze siphendule le mibuzo sisebenzisa ukufunda ngomshini kulolu hlelo. Ucwaningo oluvela kwa-Cisco luyathathwa futhi ngokusekelwe kulezi zifundo ithebula lidalwa ngemiphumela emi-2 - ithrafikhi enobungozi kanye "enhle". Yebo, asazi ngokuqinisekile ukuthi hlobo luni lwethrafikhi olungene ohlelweni ngokuqondile ngesikhathi samanje, kodwa singakwazi ukulandelela umlando wethrafikhi ngaphakathi nangaphandle kwenkampani sisebenzisa idatha evela esigabeni somhlaba. Ekupheleni kwalesi sigaba, sithola ithebula elikhulu elinedatha.
Ngokusekelwe emiphumeleni yocwaningo, izici zesici zibonakala - imithetho ethile engabhalwa phansi ngendlela yezibalo. Le mithetho izohluka kakhulu kuye ngemibandela ehlukene - usayizi wamafayela adlulisiwe, uhlobo lokuxhumana, izwe okuvela kulo le thrafikhi, njll. Njengomphumela womsebenzi, itafula elikhulu laphenduka iqoqo lezinqwaba zamafomula. Zimbalwa zazo, kodwa lokhu akwanele emsebenzini onethezekile.
Okulandelayo, kusetshenziswa ubuchwepheshe bokufunda komshini - ukuhlangana kwefomula futhi kususelwa kumphumela wokuhlangana sithola i-trigger - iswishi, lapho uma idatha ikhishwa sithola iswishi (ifulegi) endaweni ephakanyisiwe noma eyehlisiwe.
Isigaba esiwumphumela ukuthola isethi yezibangeli ezihlanganisa u-99% wethrafikhi.
Izinyathelo zokuhlolwa kwethrafikhi ku-ETA
Njengomphumela womsebenzi, enye inkinga ixazululwa - ukuhlasela okuvela ngaphakathi. Asisekho isidingo sokuthi abantu abaphakathi nendawo bahlunge ithrafikhi mathupha (Ngiyazicwilisa njengamanje). Okokuqala, akusadingeki ukuthi uchithe imali eningi kumphathi wesistimu onekhono (ngiyaqhubeka nokuziminza). Okwesibili, ayikho ingozi yokugebenga kusuka ngaphakathi (okungenani ingxenye).
Umqondo Ophelelwe yisikhathi Womuntu Ophakathi Naphakathi
Manje, ake sithole ukuthi isistimu isekelwe kuphi.
Uhlelo lusebenza kuma-protocol zokuxhumana angu-4: I-TCP/IP - Iphrothokholi yokudluliswa kwedatha ye-inthanethi, i-DNS - iseva yegama lesizinda, i-TLS - iphrothokholi yokuphepha kwezingqimba zokuthutha, i-SPLT (I-SpaceWire Physical Layer Tester) - umhloli wengqimba yokuxhumana ngokomzimba.
Amaphrothokholi asebenza ne-ETA
Ukuqhathanisa kwenziwa ngokuqhathanisa idatha. Ngokusebenzisa izivumelwano ze-TCP/IP, isithunzi samasayithi siyahlolwa (umlando wokuvakashela, inhloso yokudala isayithi, njll.), ngenxa yephrothokholi ye-DNS, singalahla amakheli esayithi "amabi". Iphrothokholi ye-TLS isebenza nezigxivizo zeminwe zesayithi futhi iqinisekisa isayithi ngokumelene nethimba lezimo eziphuthumayo zekhompyutha (isitifiketi). Isinyathelo sokugcina sokuhlola ukuxhumeka ukuhlola izinga lomzimba. Imininingwane yalesi sigaba ayicacisiwe, kodwa iphuzu limi kanje: ukuhlola i-sine ne-cosine curves ye-curves yokudlulisa idatha ekufakweni kwe-oscillographic, i.e. Ngenxa yesakhiwo sesicelo kusendlalelo esibonakalayo, sinquma inhloso yokuxhuma.
Njengomphumela wokusebenza kwesistimu, singathola idatha kuthrafikhi ebethelwe. Ngokuhlola amaphakethe, singakwazi ukufunda ulwazi oluningi ngangokunokwenzeka ezinkambini ezingabhaliwe ephaketheni ngokwalo. Ngokuhlola iphakethe kungqimba olubonakalayo, sithola izici zephakethe (ingxenye noma ngokuphelele). Futhi, ungakhohlwa mayelana nedumela lezingosi. Uma ngabe isicelo sivela komunye umthombo we-.anyanisi, akufanele usithembe. Ukwenza kube lula ukusebenza ngalolu hlobo lwedatha, imephu yobungozi idaliwe.
Umphumela womsebenzi we-ETA
Futhi konke kubonakala kuhamba kahle, kodwa ake sikhulume mayelana nokuthunyelwa kwenethiwekhi.
Ukuqaliswa okungokoqobo kwe-ETA
Kuvela ama-nuances amaningi kanye nobuqili lapha. Okokuqala, lapho udala lolu hlobo lwe
amanethiwekhi anesofthiwe yezinga eliphezulu, ukuqoqwa kwedatha kuyadingeka. Qoqa idatha ngokwakho ngokuphelele
zasendle, kodwa ukusebenzisa uhlelo lokuphendula sekuvele kuthakazelisa kakhulu. Okwesibili, idatha
kufanele kube nokuningi, okusho ukuthi izinzwa zenethiwekhi ezifakiwe kufanele zisebenze
hhayi ngokuzimela kuphela, kodwa futhi nangemodi eshunwe kahle, edala ubunzima obuningi.
Izinzwa kanye nesistimu ye-Stealthwatch
Ukufaka inzwa yinto eyodwa, kodwa ukuyimisa kuwumsebenzi ohluke ngokuphelele. Ukuze ulungiselele izinzwa, kukhona inkimbinkimbi esebenza ngokuvumelana ne-topology elandelayo - ISR = I-Cisco Integrated Services Router; I-ASR = I-Cisco Aggregation Services Router; CSR = Cisco Cloud Services Router; I-WLC = I-Cisco Wireless LAN Controller; IE = Cisco Industrial Ethernet Switch; ASA = Cisco Adaptive Security Appliance; FTD = Cisco Firepower Threat Defense Solution; I-WSA = Ithuluzi Lokuvikela Iwebhu; ISE = Injini Yezinkonzo Zomazisi
Ukuqapha okuphelele kucatshangelwa noma iyiphi idatha ye-telemetric
Abalawuli benethiwekhi baqala ukuzwa i-arrhythmia esuka kunombolo yamagama "Cisco" esigabeni sangaphambilini. Intengo yalesi simangaliso ayincane, kodwa akusikho lokho esikhuluma ngakho namuhla...
Ukuziphatha komgebengu we-inthanethi kuzolingiswa ngale ndlela elandelayo. I-Stealthwatch iqapha ngokucophelela umsebenzi wawo wonke amadivayisi kunethiwekhi futhi iyakwazi ukudala iphethini yokuziphatha okuvamile. Ukwengeza, lesi sixazululo sinikeza ukuqonda okujulile ngokuziphatha okungafanele okwaziwayo. Isixazululo sisebenzisa cishe ama-algorithms okuhlaziya ahlukene angu-100 noma ama-heuristics abhekana nezinhlobo ezahlukene zokuziphatha kwethrafikhi njengokuskena, amafreyimu ama-alamu asokhaya, ukungena ngemvume kwe-brute-force, ukuthwebula idatha okusolisayo, ukuvuza kwedatha okusolwayo, njll. . Imicimbi yezokuphepha esohlwini ingena ngaphansi kwesigaba sama-alamu anengqondo wezinga eliphezulu. Eminye imicimbi yezokuphepha ingaphinda icuphe i-alamu ngokwayo. Ngakho-ke, uhlelo luyakwazi ukuhlobanisa izigameko eziningi ezihlukene ezihlukene futhi lizihlanganise ukuze linqume uhlobo lokuhlasela olungase lube khona, liphinde likuxhumanise nedivayisi ethile nomsebenzisi (Umfanekiso 2). Ngokuzayo, isigameko singafundwa ngokuhamba kwesikhathi futhi kucatshangelwe idatha ye-telemetry ehlobene. Lokhu kwakha ulwazi lwesimo ngokungcono kakhulu. Odokotela abahlola isiguli ukuze baqonde ukuthi yini engalungile ababheki izimpawu bebodwa. Babheka isithombe esikhulu ukwenza ukuxilongwa. Ngokufanayo, i-Stealthwatch ithwebula yonke imisebenzi engaqondakali kunethiwekhi futhi iyihlole ngokuphelele ukuze ithumele ama-alamu aqaphela umongo, ngaleyo ndlela isiza ochwepheshe bezokuphepha ukuthi babeke ubungozi kuqala.
Ukutholwa okudidayo kusetshenziswa indlela yokuziphatha
Ukuthunyelwa ngokomzimba kwenethiwekhi kubukeka kanjena:
Inketho yokuphakelwa kwenethiwekhi yegatsha (yenziwe lula)
Inketho yokuphakelwa kwenethiwekhi yegatsha
Inethiwekhi isetshenzisiwe, kodwa umbuzo mayelana ne-neuron uhlala uvulekile. Bahlela inethiwekhi yokudlulisa idatha, bafaka izinzwa embundwini futhi baqala uhlelo lokuqoqa ulwazi, kodwa i-neuron ayizange ibambe iqhaza kulolu daba. Sala kahle.
Inethiwekhi ye-neural eminingi
Isistimu ihlaziya ukuziphatha komsebenzisi nedivayisi ukuze kutholwe izifo ezinonya, ukuxhumana nomyalo nokulawula amaseva, ukuvuza kwedatha, kanye nezinhlelo zokusebenza ezingahle zingadingeki ezisebenza kungqalasizinda yenhlangano. Kunezendlalelo eziningi zokucutshungulwa kwedatha lapho inhlanganisela yobuhlakani bokwenziwa, ukufunda komshini, namasu ezibalo zezibalo kusiza inethiwekhi ukuthi izifundise umsebenzi wayo ojwayelekile ukuze ikwazi ukubona umsebenzi onobungozi.
Ipayipi lokuhlaziya ukuphepha kwenethiwekhi, eliqoqa idatha ye-telemetry kuzo zonke izingxenye zenethiwekhi enwetshiwe, okuhlanganisa ithrafikhi ebethelwe, isici esiyingqayizivele se-Stealthwatch. Ithuthukisa ukuqonda ngokwandayo kokuthi "okuxakayo," bese ihlukanisa izici zangempela "zomsebenzi osongelayo," futhi ekugcineni yenza isinqumo sokugcina sokuthi idivayisi noma umsebenzisi ufakwe engcupheni ngempela. Ikhono lokuhlanganisa izingcezu ezincane ezakha ubufakazi ndawonye ukuze wenze isinqumo sokugcina mayelana nokuthi impahla ifakwe engcupheni liza ngokuhlaziywa nokuhlobana okucophelela kakhulu.
Leli khono libalulekile ngoba ibhizinisi elijwayelekile lingathola inani elikhulu lama-alamu nsuku zonke, futhi akunakwenzeka ukuphenya ngalinye ngoba ochwepheshe bezokuphepha banezinsiza ezilinganiselwe. Imojula yokufunda komshini icubungula inani elikhulu lolwazi eduze nesikhathi sangempela ukuze ikhombe izigameko ezibucayi ngezinga eliphezulu lokuzethemba, futhi iyakwazi nokuhlinzeka ngezifundo ezicacile zesenzo sokuxazulula ngokushesha.
Ake sibhekisise izindlela eziningi zokufunda zomshini ezisetshenziswa i-Stealthwatch. Uma isigameko sithunyelwa enjinini yokufunda yomshini ye-Stealthwatch, sidlula kufaneli yokuhlaziya ukuphepha esebenzisa inhlanganisela yamasu okufunda omshini agadiwe nangagadiwe.
Amakhono okufunda omshini anamazinga amaningi
Ileveli 1. Ukutholwa okudidayo nokwethenjwa kwemodeli
Kuleli zinga, u-99% wethrafikhi ulahlwa kusetshenziswa izitholi zezibalo ze-anomaly. Lezi zinzwa zihlangene zakha amamodeli ayinkimbinkimbi alokho okujwayelekile nokuthi yini, ngokuphambene, engavamile. Nokho, okungajwayelekile akusho ukuthi kuyingozi. Okuningi okwenzekayo kunethiwekhi yakho akuhlangene nosongo—kuyaxaka. Kubalulekile ukuhlukanisa izinqubo ezinjalo ngaphandle kokubheka ukuziphatha okusongelayo. Ngalesi sizathu, imiphumela yalezi zithonjana ibuye ihlaziywe ukuze kuthathwe ukuziphatha okungajwayelekile okungachazwa futhi kuthenjwa. Ekugcineni, ingxenye encane kuphela yemicu ebaluleke kakhulu kanye nezicelo ekwenza kube izendlalelo 2 no-3. Ngaphandle kokusetshenziswa kwamasu anjalo okufunda komshini, izindleko zokusebenza zokuhlukanisa isiginali nomsindo zingaba phezulu kakhulu.
Ukutholwa okungaqondakali. Isinyathelo sokuqala sokuthola okudidayo sisebenzisa amasu okufunda omshini wezibalo ukuze ahlukanise ithrafikhi evamile yezibalo nethrafikhi exakile. Izitholi ezingazodwana ezingaphezu kuka-70 zicubungula idatha ye-telemetry I-Stealthwatch eqoqa kuthrafikhi edlula ku-perimeter yenethiwekhi yakho, ehlukanisa ithrafikhi ye-Domain Name System (DNS) yangaphakathi kudatha yeseva elibamba, uma ikhona. Isicelo ngasinye sicutshungulwa ama-detector angaphezu kuka-70, futhi umtshina ngamunye usebenzisa i-algorithm yawo yezibalo ukwenza ukuhlolwa kokudidayo okutholiwe. Lawa maphuzu ahlanganisiwe futhi izindlela zezibalo eziningi zisetshenziswa ukuze kukhiqizwe isikolo esisodwa kumbuzo ngamunye. Lesi sibalo esihlanganisiwe sibe sesisetshenziswa ukuhlukanisa ithrafikhi evamile neyindida.
Ukumodela ukwethenjwa. Okulandelayo, izicelo ezifanayo ziqoqwa, futhi amaphuzu aphelele adidayo emaqenjini anjalo anqunywa njengesilinganiso sesikhathi eside. Ngokuhamba kwesikhathi, imibuzo eminingi iyahlaziywa ukuze kutholwe isilinganiso sesikhathi eside, ngaleyo ndlela kuncishiswe ukuhlehlisa okungamanga kanye nokubi okungamanga. Imiphumela yemodeli yokuthembana isetshenziselwa ukukhetha isethi engaphansi yethrafikhi amaphuzu ayo adidayo adlula umkhawulo onqunywa ngokuguquguqukayo ukuze iyise kuleveli yokucubungula elandelayo.
Izinga 2. Ukuhlukaniswa komcimbi kanye nokumodela into
Kuleli zinga, imiphumela etholwe ezigabeni ezedlule ihlukaniswa futhi inikezwe izehlakalo ezithile ezinonya. Imicimbi ihlukaniswa ngokusekelwe kunani elinikezwe abahlukanisi bokufunda komshini ukuze kuqinisekiswe izinga lokunemba elingaguquguquki elingaphezu kuka-90%. Phakathi kwazo:
- amamodeli alayini asuselwe ku-Neyman-Pearson lemma (umthetho wokusabalalisa okuvamile ukusuka kugrafu ekuqaleni kwesihloko)
- sekela imishini ye-vector usebenzisa ukufunda okuhlukahlukene
- amanethiwekhi we-neural kanye ne-algorithm yehlathi engahleliwe.
Le micimbi yokuvikela ehlukanisiwe ibe isihlotshaniswa nesiphetho esisodwa ngokuhamba kwesikhathi. Kukulesi sigaba lapho kwakhiwa khona incazelo yokusongela, esekelwe lapho kwakhiwa isithombe esiphelele sokuthi umhlaseli ofanele ukwazile kanjani ukuzuza imiphumela ethile.
Ukuhlukaniswa kwemicimbi. Isethi engaphansi engaqondakali ngokwezibalo kusukela kuleveli yangaphambilini isatshalaliswa ezigabeni eziyi-100 noma ngaphezulu kusetshenziswa abahlukanisi bezigaba. Iningi labahlukanisi lisekelwe ekuziphatheni komuntu ngamunye, ebudlelwaneni beqembu, noma ekuziphatheni esikalini somhlaba noma sendawo, kuyilapho ezinye zingacaciswa. Isibonelo, isihlukanisi singabonisa ithrafikhi ye-C&C, isandiso esisolisayo, noma isibuyekezo sesofthiwe esingagunyaziwe. Ngokusekelwe emiphumeleni yalesi sigaba, isethi yezehlakalo ezididayo ohlelweni lwezokuvikela, elihlukaniswe ngezigaba ezithile, liyakhiwa.
Ukumodela into. Uma inani lobufakazi obusekela umbono wokuthi into ethile iyingozi lidlula umkhawulo wezinto ezibonakalayo, usongo luyanqunywa. Izehlakalo ezihlobene ezithonye incazelo yosongo zihlotshaniswa nosongo olunjalo futhi zibe yingxenye yemodeli yesikhathi eside ehlukile yento. Njengoba ubufakazi bunqwabelana ngokuhamba kwesikhathi, isistimu ikhomba izinsongo ezintsha lapho umkhawulo wezinto ezibonakalayo ufinyelelwa. Le threshold value iyashintshashintsha futhi ilungiswa ngobuhlakani ngokusekelwe ezingeni lengozi yosongo nezinye izici. Ngemva kwalokhu, usongo luvela kuphaneli yolwazi yesixhumi esibonakalayo sewebhu futhi ludluliselwa ezingeni elilandelayo.
Ileveli 3. Ukumodela Ubudlelwano
Inhloso yokumodela ubudlelwano iwukuhlanganisa imiphumela etholwe emazingeni adlule ngokombono womhlaba wonke, kungabhekwa nje kuphela indawo kodwa nesimo somhlaba wonke sesigameko esifanele. Kungalesi sigaba lapho unganquma khona ukuthi zingaki izinhlangano ezihlangabezane nokuhlaselwa okunjalo ukuze uqonde ukuthi ngabe bekuqondiswe kuwe ngqo noma kuyingxenye yomkhankaso womhlaba wonke, futhi usanda kubanjwa.
Izehlakalo ziyaqinisekiswa noma zitholwe. Isigameko esiqinisekisiwe sisho ukuzethemba okungu-99 kuya ku-100% ngenxa yokuthi amasu namathuluzi ahlotshaniswayo abonwe ngaphambilini esebenza ngesilinganiso esikhulu (somhlaba). Izehlakalo ezitholiwe zihlukile kuwe futhi ziyingxenye yomkhankaso oqondiswe kakhulu. Okutholakele esikhathini esidlule kwabelwana nenkambo eyaziwayo, okukongela isikhathi nezisetshenziswa ekuphenduleni. Ziza namathuluzi ophenyo owadingayo ukuze uqonde ukuthi ubani okuhlaselile kanye nezinga umkhankaso owawuqondise ngalo ibhizinisi lakho ledijithali. Njengoba ungacabanga, inani lezehlakalo eziqinisekisiwe lidlula kude inani labatholiwe ngesizathu esilula sokuthi izigameko eziqinisekisiwe azibandakanyi izindleko ezinkulu kubahlaseli, kuyilapho izigameko ezitholiwe zenza.
ezibizayo ngoba kufanele zibe zintsha futhi zenziwe ngezifiso. Ngokudala ikhono lokuhlonza izehlakalo eziqinisekisiwe, ezomnotho zomdlalo zigcine zishintshile zavuna abavikeli, okubanikeza inzuzo ehlukile.
Ukuqeqeshwa kwamazinga amaningi esistimu yokuxhumana kwe-neural esekelwe ku-ETA
Imephu yobungozi yomhlaba wonke
Imephu yomhlaba wonke yobungozi idalwe ngokuhlaziywa okusetshenziswa ama-algorithms okufunda komshini kwelinye lamasethi amakhulu edatha ohlobo lwayo embonini. Ihlinzeka ngezibalo zokuziphatha ezinabile ezimayelana namaseva aku-inthanethi, ngisho noma engaziwa. Amaseva anjalo ahlotshaniswa nokuhlaselwa futhi angase ahileleke noma asetshenziswe njengengxenye yokuhlasela esikhathini esizayo. Lokhu akulona "uhlu olumnyama", kodwa isithombe esibanzi seseva okukhulunywa ngayo ngokubuka kwezokuphepha. Lolu lwazi lomongo olumayelana nomsebenzi walawa maseva luvumela izitholi zokufunda komshini we-Stealthwatch nezihlukanisi zezigaba ukuthi zibikezele ngokunembile izinga lengozi ehlobene nokuxhumana namaseva anjalo.
Ungabuka amakhadi atholakalayo .
Imephu yomhlaba ekhombisa amakheli e-IP ayizigidi ezingama-460
Manje inethiwekhi iyafunda futhi isukume ukuze ivikele inethiwekhi yakho.
Ekugcineni, i-panacea itholakele?
Ngeshwa akukho. Ngokuhlangenwe nakho kokusebenza nesistimu, ngingasho ukuthi kunezinkinga ezi-2 zomhlaba jikelele.
Inkinga 1. Inani. Yonke inethiwekhi ifakwe ohlelweni lweCisco. Lokhu kuhle nokubi. Uhlangothi oluhle ukuthi akudingeki ukhathazeke futhi ufake inqwaba yamapulaki afana ne-D-Link, i-MikroTik, njll. Okubi yizindleko ezinkulu zesistimu. Uma ucabangela isimo sezomnotho sebhizinisi laseRussia, ngesikhathi samanje kuphela umnikazi ocebile wenkampani enkulu noma ibhange angakwazi ukukhokhela lesi simangaliso.
Inkinga 2: Ukuqeqeshwa. Angizange ngibhale esihlokweni isikhathi sokuqeqeshwa kwenethiwekhi ye-neural, kodwa hhayi ngoba ayikho, kodwa ngoba ifunda ngaso sonke isikhathi futhi asikwazi ukubikezela ukuthi izofunda nini. Yiqiniso, akhona amathuluzi ezibalo zezibalo (thatha ukwakheka okufanayo kombandela wokuhlangana kwe-Pearson), kodwa lezi yizinyathelo eziyingxenye. Sithola amathuba okuhlunga ithrafikhi, futhi noma kunjalo kuphela ngaphansi kwesimo sokuthi ukuhlasela sekuvele kwaziwa futhi kwaziwa.
Ngaphandle kwalezi zinkinga ezi-2, senze igxathu elikhulu ekuthuthukisweni kokuphepha kolwazi ngokujwayelekile kanye nokuvikelwa kwenethiwekhi ikakhulukazi. Leli qiniso lingakhuthaza ucwaningo lobuchwepheshe benethiwekhi namanethiwekhi e-neural, manje ayindlela ethembisa kakhulu.
Source: www.habr.com