NETWORK SPACE SECURITY THREAT DETECTION METHOD AND SYSTEM BASED ON HETEROGENEOUS GRAPH EMBEDDING

摘要

The embodiments of the present application provide a network space security threat detection method and system based on heterogeneous graph embedding, comprising: obtaining entity behavior data; associating all data items in the entity behavior data according to a meta-attribute association relationship to obtain a data item sequence, and constructing a heterogeneous graph on the basis of the data item sequence; converting each node in the heterogeneous graph into a low-dimensional vector on the basis of a graph embedding learning method, to obtain vectorized expression of each node; and analyzing the features of the vectorized expression to determine whether the data item corresponding to the vectorized expression is a malicious behavior. According to the embodiments, a heterogeneous graph for threat detection is established, entity behavior data items are simplified and represented in a vectorized manner, and the provided data item level threat detection for network space security does not need later manual correction and does not need labeled data items as training samples, thereby effectively improving the detection precision and the detection feasibility.