公开(公告)号：US20250013740A1

公开(公告)日：2025-01-09

申请号：US18695628

申请日：2023-08-09

Applicant: HUAZHONG UNIVERSITY OF SCIENCE AND TECHNOLOGY

Inventor： Yulai XIE ,  Shuangbiao DAI ,  Dan FENG

IPC: G06F21/55

Abstract: The present invention discloses a provenance graph-oriented host intrusion detection method and system, and a storage medium, which relates to the field of cyber security. The method includes: S1, acquiring provenance data of a host to be tested, to construct a provenance graph representing user behaviors; S2, mapping nodes in the provenance graph to roles, constructing a node feature matrix composed of feature vectors which can be used to represent attribute features, structural features, and inter-node interactive relationship of the nodes in the provenance graph, and mapping nodes having similar feature vectors to the same role; S3, performing an attention-guided attribute temporal random walk by comprehensively considering attributes of the nodes in the provenance graph, the temporal relationship between edges, and an attention parameter between different roles; and S4, converting the acquired attribute temporal random walk sequence into an embedding vector to extract a feature of the provenance graph, and performing intrusion anomaly detection. The present invention can perform deep representation learning on provenance data, reduce the workload of training a detection model, and improve the accuracy and efficiency of intrusion detection.

公开(公告)号：US20220334918A1

公开(公告)日：2022-10-20

申请号：US17763926

申请日：2020-06-16

Applicant: HUAZHONG UNIVERSITY OF SCIENCE AND TECHNOLOGY

Inventor： Wei TONG ,  Dan FENG ,  Jingning LIU ,  Xueliang WEI ,  Weilin ZHU

IPC: G06F11/10 ,  G06F11/07 ,  G06F11/14

Abstract: Disclosed in the present invention are a method and a system for ensuring the failure atomicity in a non-volatile memory, which belong to the field of computer storage. The method comprises: executing transactions encapsulated by one or more operations that need to ensure the failure atomicity in accordance with the following steps: executing operations in a current transaction in sequence, for each write operation in the current transaction, determining whether the oldest value of its corresponding data is saved into a log of the non-volatile memory, if so, then creating an UndoRedo log entry for it, otherwise creating a Redo log entry for it; using corresponding log management strategies according to types of log entries; after all operations are executed, committing the current transaction; and completing the execution of the current transaction; wherein information recorded in the UndoRedo log entries comprises: transaction number, write operation address, and oldest value and new value of corresponding data; and information recorded in the Redo log entries comprises: transaction number, write operation address, and new value of corresponding data. The present invention can reduce the overhead caused by ensuring the failure atomicity in the NVMM.