專利讓與公告

一種網路入侵偵測方法，其步驟包括藉由一連線資料轉換模組選取數個網路封包統計資料之數個特徵值；藉由一特徵正規化模組將所有特徵值正規化至同一度量，以獲得數個封包特徵資料；藉由一無監督式入侵偵測引擎利用結合網格式與密度式之資料分群技術，以建立至少一入侵特徵模型；藉由一入侵偵測模型評估模組評估該入侵特徵模型，以獲得偵測正確率佳之一入侵偵測模型；最後，藉由該入侵偵測模型偵測一待偵測網路封包統計資料是否屬於異常連線行為。 A detecting method of network invasion comprises following steps: obtaining several features of several packet statistics via a labeled data transforming model; normalizing all features into the same measure to obtain several packet featuring data via a feature normalizing model; building at least one invasion feature model via an unsupervised invasion detecting engine combined with the grid-based and density-based data clustering algorithm; estimating the invasion feature models to obtain the one with high accuracy via an estimating model; and finally, detecting an undetected packet statistic is anomaly or not via the invasion feature model.