CN108494807A - Next-generation key message infrastructure network intruding detection system based on cloud computing - Google Patents

Next-generation key message infrastructure network intruding detection system based on cloud computing Download PDF

Info

Publication number
CN108494807A
CN108494807A CN201810533695.8A CN201810533695A CN108494807A CN 108494807 A CN108494807 A CN 108494807A CN 201810533695 A CN201810533695 A CN 201810533695A CN 108494807 A CN108494807 A CN 108494807A
Authority
CN
China
Prior art keywords
module
data information
iter
intrusion
cloud computing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810533695.8A
Other languages
Chinese (zh)
Inventor
谢铭
陈祖斌
翁小云
张鹏
袁勇
杭聪
马虹哲
黎新
黄俊杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangxi Power Grid Co Ltd
Original Assignee
Guangxi Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangxi Power Grid Co Ltd filed Critical Guangxi Power Grid Co Ltd
Priority to CN201810533695.8A priority Critical patent/CN108494807A/en
Publication of CN108494807A publication Critical patent/CN108494807A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Next-generation key message infrastructure network intruding detection system based on cloud computing, including user side module, communication module and high in the clouds module, the user side module is used for the gathered data packet from network and is analyzed and handled, to isolate data information, the data information isolated is standardized and dimension-reduction treatment, the data information transfer after dimension-reduction treatment is performed intrusion detection and stored to high in the clouds module by communication module, the high in the clouds module is detected the data information after the dimensionality reduction that receives, to determine whether intrusion behavior, and the result that will determine that is transmitted to user side module by communication module.Beneficial effects of the present invention are:Support vector machines and particle cluster algorithm are introduced into Intrusion Detection Technique, dimensionality reduction is carried out to network intrusions data using gray relative analysis method and eliminates redundancy processing, reduce the dimension of support vector machines input, the verification and measurement ratio of intrusion detection is effectively raised, while improving the speed of detection.

Description

Next-generation key message infrastructure network intruding detection system based on cloud computing
Technical field
The invention is related to key message infrastructure security detection field, and in particular to a kind of based under cloud computing Generation key message infrastructure network intruding detection system.
Background technology
As network-based service gradually extends to confidential information number present in social every field and network Amount increase substantially, network security technology has become more and more important, how to be effectively detected and guarding network invasion with The safety of Logistics networks data also begins to the concern and attention by people from all walks of life.Traditional network strick precaution is fire wall, fire prevention Wall has the advantages that simple, practical and transparency is high, and the safety for reaching certain in the case where not changing legacy network system is wanted It asks, but fire wall is a kind of network security tool of Passive Defence, fire wall can only provide refusal and be serviced by two kinds, The application requirement of user's complexity far can not be met, such Intrusion Detection comes into being.Intrusion Detection Technique is one Kind will find out the safety measure for the one group of malicious act that can endanger information resources integrality, confidentiality and availability, Neng Gouji When effectively find network intrusions behavior, to ensure the safety of network.
For the problem that traditional intruding detection system processing data payload is overweight, more host data Conjoint Analysis are not supported, The present invention proposes that a kind of next-generation key message infrastructure network intruding detection system based on cloud computing, cloud computing have spirit The features such as activity, quick-expansion, high reliability, safety, using cloud computing carry out network invasion monitoring, can support mostly into Journey concurrent processing effectively reduces the time of processing, improves the precision of processing, and greatly reduces the work of user terminal Amount.
Invention content
In view of the above-mentioned problems, the present invention is intended to provide a kind of next-generation key message infrastructure network based on cloud computing Intruding detection system.
The purpose of the invention is achieved through the following technical solutions:
Next-generation key message infrastructure network intruding detection system based on cloud computing, including it is user side module, logical Believe that module and high in the clouds module, the user side module include user interface, data acquisition unit, data processing unit and wind Dangerous administrative unit, the user interface are used to provide user's function of logging in, be turned off and on system, the data acquisition Unit is used for the gathered data packet from network, and the data packet to collecting carries out analyzing processing, to isolate data letter Breath, the data processing unit for being standardized to isolated data information, and to standardization after Data information carries out dimensionality reduction, and the data information transfer after dimension-reduction treatment to high in the clouds module is carried out invasion inspection by communication module It surveys, the risk management unit is used for the invasion that real-time display high in the clouds module detects as a result, and there is invasion row in detection For when alarm, the high in the clouds module includes intrusion detecting unit and cloud storage unit, the intrusion detecting unit for pair Data information after the dimensionality reduction received is detected, and to determine whether intrusion behavior, and the result that will determine that passes through Communication module is transmitted to user side module, the knot that the cloud storage unit is used to store the data information received and detection obtains Fruit.
The advantageous effect of the invention:The present invention provides a kind of next-generation key message infrastructure based on cloud computing Support vector machines and particle cluster algorithm are introduced into Intrusion Detection Technique by Network Intrusion Detection System, using grey correlation point Analysis method carries out dimensionality reduction to network intrusions data and eliminates redundancy processing, reduces the dimension of support vector machines input, to branch The kernel function held in vector machine is improved, and is sought to the parameter of support vector machines using improved particle cluster algorithm It is excellent, the verification and measurement ratio of intrusion detection is effectively raised, while improving the speed of detection.
Description of the drawings
Innovation and creation are described further using attached drawing, but the embodiment in attached drawing does not constitute and appoints to the invention What is limited, for those of ordinary skill in the art, without creative efforts, can also be according to the following drawings Obtain other attached drawings.
Fig. 1 is schematic structural view of the invention;
Reference numeral:
User side module 1;Communication module 2;High in the clouds module 3;User interface 11;Data acquisition unit 12;At data Manage unit 13;Risk management unit 14;Intrusion detecting unit 31;Cloud storage unit 32.
Specific implementation mode
The invention will be further described with the following Examples.
Referring to Fig. 1, a kind of next-generation key message infrastructure network intrusion detection based on cloud computing of the present embodiment System, including user side module 1, communication module 2 and high in the clouds module 3, the user side module 1 include user interface 11, Data acquisition unit 12, data processing unit 13 and risk management unit 14, the user interface 11 is for providing user The function of system is logged in, is turned off and on, the data acquisition unit 12 is used for the gathered data packet from network, and to acquiring The data packet arrived carries out analyzing processing, and to isolate data information, the data processing unit 13 is used for isolated Data information is standardized, and carries out dimensionality reduction to the data information after standardization, and will be dropped by communication module 2 Treated that data information transfer to high in the clouds module 3 performs intrusion detection for dimension, and the risk management unit 14 is used for real-time display Invasion that high in the clouds module detects as a result, and in detection there are alarming when intrusion behavior, the high in the clouds module 3 include into Invade detection unit 31 and cloud storage unit 32, the intrusion detecting unit 31 be used for the data information after the dimensionality reduction that receives into Row detection, to determine whether intrusion behavior, and the result that will determine that is transmitted to user side module 1 by communication module 2, The result that the cloud storage unit 32 is used to store the data information received and detection obtains.
Preferably, the data processing unit 13 using grey relational grade algorithm to the data information after standardization into Row dimension-reduction treatment.
This preferred embodiment provides a kind of next-generation key message infrastructure network intrusion detection system based on cloud computing System, support vector machines and particle cluster algorithm is introduced into Intrusion Detection Technique, using gray relative analysis method to network intrusions Data carry out dimensionality reduction and eliminate redundancy processing, reduce the dimension of support vector machines input, to the core in support vector machines Function is improved, and carries out optimizing to the parameter of support vector machines using improved particle cluster algorithm, is effectively raised The verification and measurement ratio of intrusion detection, while improving the speed of detection.
Preferably, intrusion detecting unit 31 carries out the data information after the dimension-reduction treatment that receives using support vector machines Detection, to determine whether intrusion behavior, is improved the kernel function of support vector machines, if training set is S={ x1,x2,…, xN, nuclear matrixkij=k (xi,xj), then improved kernel function k (xi,xj) calculation formula be:
In formula, the order of d representative polynomials, c indicates that the threshold value of perceptron, γ indicate that core width, i are sample number, δ and For weight, and
Improved kernel function has stronger learning ability and generalization ability simultaneously in this preferred embodiment, in addition, using Improved kernel function can not only effectively improve the performance of SVM, and improve discrimination, reduce extraction operation when Between.
Preferably, the intrusion detecting unit 31 carries out the parameter in support vector machines using modified particle swarm optiziation Optimization, uses a kind of improved inertia weight function, and it is w to define improved inertia weight function, then the calculation formula of w is:
Δ f=f (iter)-f (iter-1)
In formula, itermFor maximum iteration, iter is current iteration number, woFor initial weight, wendFinally to weigh Weight, fitness value when f (iter) is iter iteration, fitness value when f (iter-1) is (iter-1) secondary iteration.
This preferred embodiment is improved inertia weight using cosine function so that inertia weight at the beginning when decline ratio Relatively slowly, be conducive to population when starting and go to explore optimal solution with larger speed, will not reduce to smaller value too quickly and Into local search, to be easy precocity;The change that fitness function value is introduced in inertia weight function is turned to affecting parameters, Be capable of the search behavior of effective equilibrium particle, to improve particle spatial search capability adaptivity.
Preferably, the intrusion detecting unit 31 carries out the parameter in support vector machines using modified particle swarm optiziation Optimization, to the accelerated factor c in particle cluster algorithm1And c2It is improved, then accelerated factor c1And c2Calculation formula be:
In formula, cmIt is initially set maximum value, ciIt is initially set minimum value, iter is the algebraically when evolution, itermIt is the maximum iteration of algorithm.
Improved accelerated factor in this preferred embodiment avoids particle precocity to converge on local minimum, this When the external iteration later stage, the convergence capabilities of algorithm are improved, to the significantly more efficient optimal solution for searching out problem.
Finally it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than the present invention is protected The limitation of range is protected, although being explained in detail to the present invention with reference to preferred embodiment, those skilled in the art answer Work as understanding, technical scheme of the present invention can be modified or replaced equivalently, without departing from the reality of technical solution of the present invention Matter and range.

Claims (5)

1. the next-generation key message infrastructure network intruding detection system based on cloud computing, characterized in that including user terminal Module, communication module and high in the clouds module, the user side module include user interface, data acquisition unit, data processing Unit and risk management unit, the user interface is used to provide user's function of logging in, be turned off and on system, described Data acquisition unit is used for the gathered data packet from network, and the data packet to collecting carries out analyzing processing, to detach Go out data information, the data processing unit is used to be standardized isolated data information, and to standardization Treated, and data information carries out dimensionality reduction, is carried out the data information transfer after dimension-reduction treatment to high in the clouds module by communication module Intrusion detection, the risk management unit are used for the invasion that real-time display high in the clouds module detects as a result, and existing in detection It alarms when intrusion behavior, the high in the clouds module includes intrusion detecting unit and cloud storage unit, the intrusion detecting unit It is detected for the data information after the dimensionality reduction to receiving, to determine whether intrusion behavior, and the knot that will determine that Fruit is transmitted to user side module by communication module, and the cloud storage unit is used to store the data information received and detects The result arrived.
2. the next-generation key message infrastructure network intruding detection system according to claim 1 based on cloud computing, It is characterized in that the data processing unit carries out at dimensionality reduction the data information after standardization using grey relational grade algorithm Reason.
3. the next-generation key message infrastructure network intruding detection system according to claim 2 based on cloud computing, It is characterized in that intrusion detecting unit is detected the data information after the dimension-reduction treatment that receives using support vector machines, from And determine whether intrusion behavior, the kernel function of support vector machines is improved, if training set is S={ x1,x2,…,xN, core Matrix kij=k (xi,xj), then improved kernel function k (xi,xj) calculation formula be:
In formula, the order of d representative polynomials, c indicates that the threshold value of perceptron, γ indicate that core width, i are sample number, δ andFor power Weight, and
4. the next-generation key message infrastructure network intruding detection system according to claim 3 based on cloud computing, It is characterized in that the intrusion detecting unit optimizes the parameter in support vector machines using modified particle swarm optiziation, Using a kind of improved inertia weight function, it is w to define improved inertia weight function, then the calculation formula of w is:
Δ f=f (iter)-f (iter-1)
In formula, itermFor maximum iteration, iter is current iteration number, woFor initial weight, wendFor final weight, f (iter) be iter iteration when fitness value, f (iter-1) for (iter-1) secondary iteration when fitness value.
5. the next-generation key message infrastructure network intruding detection system according to claim 4 based on cloud computing, It is characterized in that the intrusion detecting unit optimizes the parameter in support vector machines using modified particle swarm optiziation, it is right Accelerated factor c in particle cluster algorithm1And c2It is improved, then accelerated factor c1And c2Calculation formula be:
In formula, cmIt is initially set maximum value, ciIt is initially set minimum value, iter is the algebraically when evolution, iterm It is the maximum iteration of algorithm.
CN201810533695.8A 2018-05-29 2018-05-29 Next-generation key message infrastructure network intruding detection system based on cloud computing Pending CN108494807A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810533695.8A CN108494807A (en) 2018-05-29 2018-05-29 Next-generation key message infrastructure network intruding detection system based on cloud computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810533695.8A CN108494807A (en) 2018-05-29 2018-05-29 Next-generation key message infrastructure network intruding detection system based on cloud computing

Publications (1)

Publication Number Publication Date
CN108494807A true CN108494807A (en) 2018-09-04

Family

ID=63351507

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810533695.8A Pending CN108494807A (en) 2018-05-29 2018-05-29 Next-generation key message infrastructure network intruding detection system based on cloud computing

Country Status (1)

Country Link
CN (1) CN108494807A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109696827A (en) * 2018-12-28 2019-04-30 西安邮电大学 The pid parameter setting method of inertia weight cosine adjustment particle swarm optimization algorithm
CN110334904A (en) * 2019-05-30 2019-10-15 北京理工大学 Key message types of infrastructures unit based on LightGBM belongs to determination method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103077347A (en) * 2012-12-21 2013-05-01 中国电力科学研究院 Combined type intrusion detecting method on basis of data fusion of improved core vector machine
CN105703963A (en) * 2014-11-26 2016-06-22 中国科学院沈阳自动化研究所 PSO-OCSVM based industrial control system communication behavior anomaly detection method
CN107027650A (en) * 2017-03-21 2017-08-11 中国农业大学 A kind of boar abnormal state detection method and device based on PSO SVM
CN108052968A (en) * 2017-12-08 2018-05-18 哈尔滨工程大学 A kind of perception intrusion detection method of QSFLA-SVM

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103077347A (en) * 2012-12-21 2013-05-01 中国电力科学研究院 Combined type intrusion detecting method on basis of data fusion of improved core vector machine
CN105703963A (en) * 2014-11-26 2016-06-22 中国科学院沈阳自动化研究所 PSO-OCSVM based industrial control system communication behavior anomaly detection method
CN107027650A (en) * 2017-03-21 2017-08-11 中国农业大学 A kind of boar abnormal state detection method and device based on PSO SVM
CN108052968A (en) * 2017-12-08 2018-05-18 哈尔滨工程大学 A kind of perception intrusion detection method of QSFLA-SVM

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
刘孔源: "基于核方法的网络入侵检测若干研究", 《中国优秀硕士学位论文全文数据库 信息科技辑(2015)》 *
刘逸群: "基于拉普拉斯降维和改进PSO_BP结合的入侵检测模型", 《中国优秀硕士学位论文全文数据库 信息科技辑(2018)》 *
肖丰佳: "基于粒子群优化支持向量机的入侵检测模型研究", 《中国优秀硕士学位论文全文数据库 信息科技辑(2012)》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109696827A (en) * 2018-12-28 2019-04-30 西安邮电大学 The pid parameter setting method of inertia weight cosine adjustment particle swarm optimization algorithm
CN109696827B (en) * 2018-12-28 2021-11-09 西安邮电大学 PID parameter setting method of inertia weight cosine adjustment particle swarm optimization algorithm
CN110334904A (en) * 2019-05-30 2019-10-15 北京理工大学 Key message types of infrastructures unit based on LightGBM belongs to determination method

Similar Documents

Publication Publication Date Title
CN110784481B (en) DDoS detection method and system based on neural network in SDN network
Gao et al. A distributed network intrusion detection system for distributed denial of service attacks in vehicular ad hoc network
Yavuz et al. Deep learning for detection of routing attacks in the internet of things
CN108769048A (en) A kind of secure visualization and Situation Awareness plateform system
CN111629006B (en) Malicious flow updating method fusing deep neural network and hierarchical attention mechanism
Peng et al. Network intrusion detection based on deep learning
CN111669384B (en) Malicious flow detection method integrating deep neural network and hierarchical attention mechanism
CN109309675A (en) A kind of network inbreak detection method based on convolutional neural networks
CN103368976A (en) Network security evaluation device based on attack graph adjacent matrix
CN112884204B (en) Network security risk event prediction method and device
CN111669385B (en) Malicious traffic monitoring system fusing deep neural network and hierarchical attention mechanism
CN115361150B (en) Security risk assessment method for power distribution network risk cascade under network attack
CN110276195A (en) A kind of smart machine intrusion detection method, equipment and storage medium
CN110351291A (en) Ddos attack detection method and device based on multiple dimensioned convolutional neural networks
CN108494807A (en) Next-generation key message infrastructure network intruding detection system based on cloud computing
CN115021997A (en) Network intrusion detection system based on machine learning
CN109871711B (en) Ocean big data sharing and distributing risk control model and method
CN117478433B (en) Network and information security dynamic early warning system
CN107493258A (en) A kind of intruding detection system based on network security
CN113902052A (en) Distributed denial of service attack network anomaly detection method based on AE-SVM model
CN115134159B (en) Safety alarm analysis optimization method
CN111092861A (en) Communication network safety prediction system
CN116319014A (en) Cloud-based multi-service abnormal behavior detection method and device
Tang et al. DDoS attack detection method based on V-support vector machine
CN115643108A (en) Safety assessment method, system and product for industrial Internet edge computing platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180904

RJ01 Rejection of invention patent application after publication