CN110380897A - Network security situation awareness model and method based on improved BP - Google Patents

Network security situation awareness model and method based on improved BP Download PDF

Info

Publication number
CN110380897A
CN110380897A CN201910597740.0A CN201910597740A CN110380897A CN 110380897 A CN110380897 A CN 110380897A CN 201910597740 A CN201910597740 A CN 201910597740A CN 110380897 A CN110380897 A CN 110380897A
Authority
CN
China
Prior art keywords
data
network
attack
loophole
assets
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910597740.0A
Other languages
Chinese (zh)
Inventor
李京昆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei Yangzhong Jushi Information Technology Co Ltd
Original Assignee
Hubei Yangzhong Jushi Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei Yangzhong Jushi Information Technology Co Ltd filed Critical Hubei Yangzhong Jushi Information Technology Co Ltd
Priority to CN201910597740.0A priority Critical patent/CN110380897A/en
Publication of CN110380897A publication Critical patent/CN110380897A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/147Network analysis or design for predicting network behaviour
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses network security situation awareness models and method based on improved BP, the model includes data preprocessing module, situation computing module, parameter optimization module and Tendency Prediction module, this method comprises: collecting the data set of separate sources, the principal component information for being used for Situation Awareness is extracted, assets attack threat data and system state data are obtained;Threat data calculation risk value is attacked according to the assets of the network equipment, and assesses the security postures of whole network;BP neural network is improved using L-M optimization algorithm, the weighting parameter of Optimized BP Neural Network, and obtain optimal weighting parameter after successive ignition, best initial weights parameter is substituted into BP neural network, the prediction of Lai Jinhang network safety situation.The present invention effectively avoids the problem of BP neural network falls into locally optimal solution, greatly enhances the convergence rate and generalization ability of BP neural network, makes BP neural network that can obtain good effect in Tendency Prediction.

Description

Network security situation awareness model and method based on improved BP
Technical field:
The present invention relates to computer network security fields, and in particular to a kind of network security based on improved BP Situation Awareness model and method.
Background technique:
With the fast development of network technology, assault also increases year by year, and network security problem is worked as people Preceding focus of attention.Network safety situation is predicted, the safe shape of network can be grasped before assault occurs State avoids to take corresponding safeguard procedures by unnecessary attack and loss;
At present for the research of network security situation awareness, majority is grinding for Cyberthreat quantization and safety situation evaluation Study carefully, a small number of prediction models also may be only available for specific standards system and application scenarios, it is difficult to which it is very accurate, efficient to realize Prediction effect.BP (Back Propagation, error backpropagation algorithm) network is neural network most widely used at present One of model, structure is simple, and simulation capacity is strong, it is easy to accomplish, be widely used in recent years assessment prediction, expert system and The fields such as image procossing;
But BP neural network is easily trapped into the situation of local optimum in the training process, keeps its pace of learning slack-off, receives It holds back that the time is elongated, limits its ability in terms of Tendency Prediction.
Summary of the invention:
For the defects of background technique, the network peace based on improved BP that it is an object of that present invention to provide a kind of Full Situation Awareness model and method mainly utilize Levenberg-Marquardt optimization algorithm (abbreviation L-M algorithm) to BP mind It is improved through network, applies it to network security situation awareness field, realize a kind of novel network safety situation sense Perception model and method, the model calculate network safety situation by carrying out statistic of classification to a large amount of vulnerability informations and log information Value improves BP nerve net as the input of BP neural network, and using the weight of L-M algorithm optimization BP neural network The convergence rate and generalization ability of network accurately predict the network safety situation value in future time section, draw network security Tendency Prediction figure, to solve the situation that BP neural network is easily trapped into local optimum in the training process.
To achieve the above object, present invention provide the technical scheme that
A kind of network security situation awareness model based on improved BP, including data preprocessing module, situation Computing module, parameter optimization module and Tendency Prediction module, in which:
The data preprocessing module for collecting the data set of separate sources, and is therefrom extracted for network security The principal component information of Situation Awareness after the redundancy for eliminating multi-source data, excavates each data then again through data relation analysis Between relevance, thus obtain for network safety situation calculate needed for vulnerability information, system operation information, attack information And assets information, and therefrom obtain corresponding assets loophole threat data, assets attack threat data and system mode;
The situation computing module, the assets loophole threat data for being obtained according to data preprocessing module, assets are attacked Threat data and current system mode are hit, the importance of the network equipment in a network is evaluated, calculates the wind of the network equipment Danger value, and assess the security postures of whole network;
The parameter optimization module is calculated for determining the overall structure, input data and output data of BP neural network Target error function improves BP neural network using L-M algorithm, by L-M algorithm in gradient descent method and Gauss- It is adaptively adjusted between Newton method, carrys out the weighting parameter of Optimized BP Neural Network, and obtain optimal power after successive ignition Value parameter;
The Tendency Prediction module, for best initial weights parameter to be substituted into BP neural network, with adjacent trimestral network Security postures value exports the network safety situation predicted value in lower January as input data, and draws network security situation awareness Figure, the prediction of Lai Jinhang network safety situation.
In above-mentioned model, the data preprocessing module include data acquisition module, data Principle component extraction module and Data relation analysis module;
The data acquisition module includes loophole data, system operation data, attack data and assets for acquiring The data set of these four types of separate sources of data;
Wherein, loophole data are to be collected by way of crawler from websites such as CNNVD, CNVD and CVE;System operation Data are collected from the log information of system host;Attack data are from equipment such as IDS, firewall and interchangers Log information in collect;Asset data refers to hardware equipment information and subscriber information message in network system;
The data Principle component extraction module, for from data collecting module collected to above-mentioned four classes separate sources number According to concentration, the number of principal components evidence useful to network security situation awareness is extracted, with boosting algorithm efficiency and reduces model calculating Burden;
Wherein, the number of principal components useful to network security situation awareness for needing to extract from loophole data is according to comprising leakage The title in hole, issuing time, influences the attack type that equipment, threat level and the loophole cause at type;It needs to transport from system The number of principal components useful to network security situation awareness extracted in row data is according to the quantity of service comprising host unlatching, service Type, open port and the network information;Need to extract from attack data is useful to network security situation awareness Number of principal components evidence includes attacker IP, attacker's ownership place, victim IP, victim's ownership place, under fire platform, attack end Mouth, attack type, attack time, attack and vulnerability exploit information;Need to extract from asset data pacifies network The useful number of principal components evidence of full Situation Awareness includes device type, hardware parameter, equipment connection number and privacy of user number therein According to amount;
The data relation analysis module, for according to data Principle component extraction module extract to network safety situation Useful number of principal components evidence is perceived, analysis is associated, obtains corresponding assets loophole threat data, assets attack threat data And the system running environment met when the outburst of all kinds of attacks, so that system mode is divided into safe condition, early warning shape State, attack state and damaged condition;
Wherein, assets loophole threat data is to be associated analysis with loophole data by asset data to obtain;Assets are attacked Hitting threat data is to be associated analysis with attack data by loophole data to obtain;All kinds of attacks meet when breaking out System running environment be to be associated analysis by system operation data and attack data to obtain.
In above-mentioned model, the assets loophole threat data, particular by as under type obtains: first by assets number It is associated according to loophole data, is then directed to a certain device type, count the number of all types of loophole outbursts in the one section time Amount, finally calculates its threat degree according to the threat level of loophole, it is quick-fried to obtain the loophole of a certain device type whithin a period of time Hair rule, i.e. assets loophole threat data;
The assets attack threat data, particular by as under type obtains: first by loophole data and attack thing Then number of packages is directed to a certain loophole type, the number of loophole outburst attack is utilized in statistics a period of time according to being associated Amount calculates the attack outburst rate of the type loophole;And then the attack of obtained assets loophole threat data and loophole is broken out Rate is associated analysis, obtains the attack outburst rule of a certain Asset Type whithin a period of time, i.e. assets attack threat data.
A kind of network security situational awareness method based on improved BP, it includes following steps:
S1, the data set for collecting separate sources extract the principal component information for being used for network security situation awareness, are used for Loophole data, system operation data, attack data and the asset data that network safety situation calculates, and carry out data correlation Analysis, eliminates the redundancy of multi-source data, and the relevance between mining data obtains assets loophole threat data, assets attack Threat data and system state data;
S2, the assets according to obtained in step S1 attack threat data, obtain the importance W of equipment in a networki, utilize Risk assessment function Ei=F (Ti×Di), calculate the value-at-risk E of the network equipmenti, and the importance W of bonding apparatus in a networki, Calculate whole network security postures value E, E=∑ WiEi
S3, the overall structure for determining BP neural network, input data and output data calculate target error function, use L-M algorithm improves BP neural network, is adaptively adjusted between gradient descent method and Gauss-Newton method by L-M algorithm It is whole, carry out the weighting parameter of Optimized BP Neural Network, and optimal weighting parameter is obtained after successive ignition;
S4, best initial weights parameter is substituted into BP neural network, using adjacent trimestral network safety situation value as input Data, export the network safety situation predicted value in lower January, and draw network security situation awareness figure, Lai Jinhang network security state Gesture prediction.
On the basis of above scheme, step S1 specifically includes the following steps:
S101, it is collected by data acquisition module comprising loophole data, system operation data, attack data and assets The data set of data these fourth types separate sources;
S102, four class separate sources being collected by data Principle component extraction module from step S101 data acquisition module Data set in, extract the principal component information for network security situation awareness, principal component packet contains from loophole data In extract loophole title, type, issuing time, influence equipment, the attack type that threat level and the loophole cause, The host that extracts from system operation data opens quantity of service, service type, open port and the network information, from attack thing Attacker IP, attacker's ownership place, victim IP, victim's ownership place, the under fire platform, attack end extracted in number of packages evidence Mouth, attack type, attack time, attack and vulnerability exploit information and the device type extracted from asset data, Service type, open port, equipment connection number and private data amount therein;
S103, the asset data principal component information and loophole that will be extracted in step S102 by data relation analysis module Data principal component information is associated, and for a certain device type, counts the quantity of all types of loophole outbursts in the one section time, Its threat degree is calculated according to the threat level of all types of loopholes, obtains the loophole outburst of a certain device type whithin a period of time Rule, i.e. assets loophole threat data, and so on, the assets loophole threat data of whole network can be obtained;
S104, it by the loophole data principal component information extracted in step S102 and is attacked by data relation analysis module Event data principal component information is associated, and for a certain loophole type, is counted in the one section time and is attacked using loophole outburst The quantity of event is hit, the attack outburst rate of the type loophole is calculated, then by the attack outburst rate and step of the type loophole Assets loophole threat data obtained in S103 is associated analysis, and it is quick-fried to obtain the attack of a certain Asset Type whithin a period of time Hair rule, i.e. assets attack threat data, and so on, the assets attack threat data of whole network can be obtained;
S105, the system operation data principal component that will be extracted in step S102 by data relation analysis module (1.3) Information and attack data principal component information are associated analysis, obtain the system operation met when the outburst of all kinds of attacks Environment, and then system mode is divided into safe condition, alert status, attack state and damaged condition.
In the above-mentioned methods, the step S2 specifically includes the following steps:
S201, the importance W according to the asset data assessment equipment of equipment in a networki;Its evaluation process specifically includes Following steps:
1) the privacy of user quantity stored in the connection quantity and equipment of statistics equipment in a network;
2) Performance Level of equipment is defined according to device type and service coverage;
3) these attribute values are added up and are standardized, set by the performance rate that equipment is defined according to hardware parameter Standby importance W in a networki
S202, application risk valuation functions Ei=F (Ti×Di), calculate the value-at-risk E of equipmenti
Wherein, function F is preset risk assessment function, TiThe attack faced by equipment current slot threatens Value, DiFor the current system mode of equipment, × it is matrix multiple operation, go to S203;
S203: the importance W of the equipment obtained in conjunction with step S201 in a networki, calculate the security postures of overall network Value E, calculation formula are as follows:
E=∑ WiEi
Wherein, WiFor the importance of equipment in a network, EiFor the value-at-risk of equipment.
In the above-mentioned methods, the step S3 specifically includes the following steps:
S301, three layers of BP neural network structure comprising a hidden layer are established, wherein input layer number is 3, output Node layer number is 1, and trimestral situation was worth sample data as input in the past, and the data of output are that the situation of next month is pre- Measured value, while according to Hecht-Nielsen theory, 2N+1 is set by node in hidden layer, wherein N is input number of nodes, hidden Transmission function containing layer uses tansig function, and output layer transmission function uses purelin function;
S302, the input vector for determining each sample data are xi=(xi1, xi2, xi3), target output value yi, first calculate Input vector xiIn the output valve v of hidden layer node hih, calculation formula are as follows:
Wherein, wkFor the weight of input layer k, θhFor the threshold value of hidden layer node h, f is transmission function tansig letter Number, successively calculates all nodes later, obtains the output vector v of hidden layeri
S303, the v by acquiringihThe output valve of output layer, and output layer only one node are calculated, output layer is calculated Output valve ziFormula are as follows:
Wherein, w 'hFor the weight of hidden layer node h, γ is the threshold value for exporting node layer, and f ' is transmission function purelin Function;
S304, pass through the output valve z of the output layer acquirediWith target output value yi, calculate the error of single sample data Ei, calculation formula are as follows:
S305, pass through the error E of the single sample data acquiredi, calculate the error E of all sample datas, calculation formula Are as follows:
Wherein, p is sample data volume;
S306, by the error E of all sample datas acquired, define quick in Levenberg-Marquardt algorithm Sensitivity value, calculation formula are as follows:
Wherein,Indicate the sensitivity value that i-th of sample data that error E inputs m layers changes,Indicate m layers of net Weighted sum of the network to sample data i;
S307, by the error E of all sample datas, calculate the recurrence formula of sensitivity value:
Wherein,Indicate susceptibility of the error E to m layers of q-th of the sample data inputted variation of all sample datas Value,Indicate m+1 layers of sensitivity value, wm+1The weight vector for indicating m+1 layers, by formula as it can be seen that sensitivity value can be layer-by-layer Recursion, by the last layer by propagating backward to first layer;
S308, the element calculation formula for calculating error to the Jacobian matrix J of weight differential, in matrix are as follows:
S309, the weight that BP neural network is adjusted using Jacobian matrix J, adjust formula are as follows:
Δ w=(JTJ+μI)-1JTe
Wherein, e is error vector, and μ is a scalar, when μ increase when, it close to smaller learning rate gradient Descent method, when μ drops to 0, which has reformed into Gauss-Newton method, and therefore, L-M algorithm is in gradient descent method and height This-Newton method between smooth reconciliation algorithm.
S310, new weight vector w '=w+ Δ w, and the error sum of squares E ' new with w ' calculating are calculated, if E ' < E, Then step 302 is jumped to divided by θ (θ > 1) with μ;Otherwise, step 309 is jumped to multiplied by θ with μ;When error sum of squares E reduces When to target error threshold value, algorithm can be considered restraining, and obtain best initial weights parameter.
The present invention is based on the working principles of the network security situation awareness model of improved BP are as follows: first passes through to adopting The feature extraction and association analysis for collecting information obtain attacking threat data and system state data for the assets of Situation Awareness; Then the situation value of the network equipment is obtained using risk assessment function, in conjunction with the importance of equipment, realized to network security state The assessment of gesture finally improves BP neural network using L-M optimization algorithm, and originally single gradient descent method is improved to Method is adjusted with the adaptive weight that Gauss-Newton method blends, improves the speed of right-value optimization and the extensive energy of BP network Power realizes the function of network safety situation prediction.
Compared with the prior art, the advantages of the present invention are as follows: by using the weight tune of L-M algorithm improvement BP neural network Section process makes its each iteration be no longer along single negative gradient direction, but allowable error is searched along the direction of deterioration Rope, the method that right-value optimization is adaptively adjusted between gradient descent method and Gauss-Newton method effectively prevent BP nerve Network falls into the problem of locally optimal solution, greatly enhances the convergence rate and generalization ability of BP neural network, makes BP Neural network can obtain good effect during Tendency Prediction.
Detailed description of the invention:
Fig. 1 is that the present invention is based on the schematic diagrames of the network security situation awareness model of improved BP;
Fig. 2 is that the present invention is based on the flow charts of the network security situational awareness method of improved BP;
Fig. 3 is the flow chart of step S3 in Fig. 2.
Specific embodiment:
For a clearer understanding of the technical characteristics, objects and effects of the present invention, now control attached drawing is described in detail A specific embodiment of the invention.
As shown in fig.1, a kind of network safety situation sense based on improved BP provided in an embodiment of the present invention Perception model, including data preprocessing module 1, situation computing module 2, parameter optimization module 3 and Tendency Prediction module 4;Wherein:
Data preprocessing module 1 for collecting the data set of separate sources, and is therefrom extracted for network safety situation The principal component information of perception after the redundancy for eliminating multi-source data, is excavated between each data then again through data relation analysis Relevance, to obtain the vulnerability information needed for calculating for network safety situation, system operation information, attack information and money Information is produced, and therefrom obtains corresponding assets loophole threat data, assets attack threat data and system mode;
Situation computing module 2, assets loophole threat data, assets attack for being obtained according to data preprocessing module 1 Threat data and current system mode evaluate the importance of the network equipment in a network, calculate the risk of the network equipment Value, and assess the security postures of whole network;
Parameter optimization module 3 calculates mesh for determining the overall structure, input data and output data of BP neural network Error function is marked, BP neural network is improved using L-M algorithm, by L-M algorithm in gradient descent method and Gauss-ox It is adaptively adjusted between the method for pausing, carrys out the weighting parameter of Optimized BP Neural Network, and obtain optimal weight after successive ignition Parameter;
Tendency Prediction module 4, for best initial weights parameter to be substituted into BP neural network, with adjacent trimestral network security Situation value exports the network safety situation predicted value in lower January as input data, and draws network security situation awareness figure, comes Carry out network safety situation prediction.
Shown in Figure 1, in embodiments of the present invention, data preprocessing module 1 includes data acquisition module 1.1, data Principle component extraction module 1.2 and data relation analysis module 1.3;
Data acquisition module 1.1 includes loophole data, system operation data, attack data and assets for acquiring The data set of these four types of separate sources of data;
Wherein, loophole data are to be collected by way of crawler from websites such as CNNVD, CNVD and CVE;System operation Data are collected from the log information of system host;Attack data are from equipment such as IDS, firewall and interchangers Log information in collect;Asset data refers to hardware equipment information and subscriber information message in network system;
Data Principle component extraction module 1.2, for from the collected above-mentioned four classes separate sources of data acquisition module 1.1 In data set, the number of principal components evidence useful to network security situation awareness is extracted, by boosting algorithm efficiency and is reduced in terms of model Calculate burden;
Wherein, the number of principal components useful to network security situation awareness for needing to extract from loophole data is according to comprising leakage The title in hole, issuing time, influences the attack type that equipment, threat level and the loophole cause at type;It needs to transport from system The number of principal components useful to network security situation awareness extracted in row data is according to the quantity of service comprising host unlatching, service Type, open port and the network information;Need to extract from attack data is useful to network security situation awareness Number of principal components evidence includes attacker IP, attacker's ownership place, victim IP, victim's ownership place, under fire platform, attack end Mouth, attack type, attack time, attack and vulnerability exploit information;Need to extract from asset data pacifies network The useful number of principal components evidence of full Situation Awareness includes device type, hardware parameter, equipment connection number and privacy of user number therein According to amount;
Data relation analysis module 1.3, for according to data Principle component extraction module 1.2 extract to network security state Gesture perceives useful number of principal components evidence, is associated analysis, obtains corresponding assets loophole threat data, assets attack threatens number The system running environment met when accordingly and all kinds of attacks are broken out, so that system mode is divided into safe condition, early warning State, attack state and damaged condition;
Wherein, assets loophole threat data is to be associated analysis with loophole data by asset data to obtain;Assets are attacked Hitting threat data is to be associated analysis with attack data by loophole data to obtain;All kinds of attacks meet when breaking out System running environment be to be associated analysis by system operation data and attack data to obtain.More specifically, In Situation Awareness model embodiment of the present invention, assets loophole threat data, particular by as under type obtains:
First asset data and loophole data are associated, are then directed to a certain device type, is counted in the one section time The quantity of all types of loophole outbursts, finally calculates its threat degree according to the threat level of loophole, obtains a certain device type and exist Loophole in a period of time breaks out rule, i.e. assets loophole threat data;
More specifically, assets attack threat data in Situation Awareness model embodiment of the present invention, particular by As under type obtains:
First loophole data and attack data are associated, are then directed to a certain loophole type, statistics a period of time The interior quantity using loophole outburst attack, calculates the attack outburst rate of the type loophole;And then the assets that will be obtained The attack outburst rate of loophole threat data and loophole is associated analysis, obtains the attack of a certain Asset Type whithin a period of time Outburst rule, i.e. assets attack threat data.
Refering to shown in Fig. 2 and Fig. 3, a kind of network security state based on improved BP provided in an embodiment of the present invention Gesture cognitive method comprising following steps:
S1, the data set for collecting separate sources extract the principal component information for being used for network security situation awareness, are used for Loophole data, system operation data, attack data and the asset data that network safety situation calculates, and carry out data correlation Analysis, eliminates the redundancy of multi-source data, and the relevance between mining data obtains assets loophole threat data, assets attack Threat data and system state data;
S2, the assets according to obtained in step S1 attack threat data, obtain the importance W of equipment in a networki, utilize Risk assessment function Ei=F (Ti×Di), calculate the value-at-risk E of the network equipmenti, and the importance W of bonding apparatus in a networki, Calculate whole network security postures value E, E=∑ WiEi
S3, the overall structure for determining BP neural network, input data and output data calculate target error function, use L-M algorithm improves BP neural network, is adaptively adjusted between gradient descent method and Gauss-Newton method by L-M algorithm It is whole, carry out the weighting parameter of Optimized BP Neural Network, and optimal weighting parameter is obtained after successive ignition;
S4, best initial weights parameter is substituted into BP neural network, using adjacent trimestral network safety situation value as input Data, export the network safety situation predicted value in lower January, and draw network security situation awareness figure, Lai Jinhang network security state Gesture prediction.
More specifically, in Situation Awareness embodiment of the method for the present invention, step S1, specifically includes the following steps:
S101, it is collected by data acquisition module comprising loophole data, system operation data, attack data and assets The data set of data these fourth types separate sources;
Wherein, loophole data can be collected by way of crawler from websites such as CNNVD, CNVD and CVE;System operation Data can be by obtaining in the log information of system host;Attack data can be from the day of the equipment such as IDS, firewall and interchanger It is obtained in will information;Asset data refers to hardware equipment information and subscriber information message in network system.
S102, four class separate sources being collected by data Principle component extraction module from step S101 data acquisition module Data set in, extract the principal component information for network security situation awareness, principal component packet contains from loophole data In extract loophole title, type, issuing time, influence equipment, the attack type that threat level and the loophole cause, The host that extracts from system operation data opens quantity of service, service type, open port and the network information, from attack thing Attacker IP, attacker's ownership place, victim IP, victim's ownership place, the under fire platform, attack end extracted in number of packages evidence Mouth, attack type, attack time, attack and vulnerability exploit information and the device type extracted from asset data, Service type, open port, equipment connection number and private data amount therein;
S103, the asset data principal component information and loophole that will be extracted in step S102 by data relation analysis module Data principal component information is associated, and for a certain device type, counts the quantity of all types of loophole outbursts in the one section time, Its threat degree is calculated according to the threat level of all types of loopholes, obtains the loophole outburst of a certain device type whithin a period of time Rule, i.e. assets loophole threat data, and so on, the assets loophole threat data of whole network can be obtained;
S104, it by the loophole data principal component information extracted in step S102 and is attacked by data relation analysis module Event data principal component information is associated, and for a certain loophole type, is counted in the one section time and is attacked using loophole outburst The quantity of event is hit, the attack outburst rate of the type loophole is calculated, then by the attack outburst rate and step of the type loophole Assets loophole threat data obtained in S103 is associated analysis, and it is quick-fried to obtain the attack of a certain Asset Type whithin a period of time Hair rule, i.e. assets attack threat data, and so on, the assets attack threat data of whole network can be obtained;
S105, the system operation data principal component that will be extracted in step S102 by data relation analysis module (1.3) Information and attack data principal component information are associated analysis, obtain the system operation met when the outburst of all kinds of attacks Environment, and then system mode is divided into safe condition, alert status, attack state and damaged condition.
More specifically, in Situation Awareness embodiment of the method for the present invention, step S2, specifically includes the following steps:
S201, the importance W according to the asset data assessment equipment of equipment in a networki;Its evaluation process specifically includes Following steps:
1) the privacy of user quantity stored in the connection quantity and equipment of statistics equipment in a network;
2) Performance Level of equipment is defined according to device type and service coverage;
3) these attribute values are added up and are standardized, set by the performance rate that equipment is defined according to hardware parameter Standby importance W in a networki
S202, application risk valuation functions Ei=F (Ti×Di), calculate the value-at-risk E of equipmenti
Wherein, function F is preset risk assessment function, TiThe attack faced by equipment current slot threatens Value, DiFor the current system mode of equipment, × it is matrix multiple operation, go to S203;
S203: the importance W of the equipment obtained in conjunction with step S201 in a networki, calculate the security postures of overall network Value E, calculation formula are as follows:
E=∑ WiEi
Wherein, WiFor the importance of equipment in a network, EiFor the value-at-risk of equipment.
More specifically, in Situation Awareness embodiment of the method for the present invention, step S3, specifically includes the following steps:
S301, three layers of BP neural network structure comprising a hidden layer are established, wherein input layer number is 3, output Node layer number is 1, and trimestral situation was worth sample data as input in the past, and the data of output are that the situation of next month is pre- Measured value, while according to Hecht-Nielsen theory, 2N+1 is set by node in hidden layer, wherein N is input number of nodes, is led to Emulation experiment is crossed, after the convergence rate and the output accuracy that comprehensively consider neural network, sets 7 for node in hidden layer, is implied Layer transmission function uses tansig function (neural net layer transmission function), and output layer transmission function uses purelin function (line Property transmission function);
S302, the input vector for determining each sample data are xi=(xi1, xi2, xi3), target output value yi, first calculate Input vector xiIn the output valve v of hidden layer node hih, calculation formula are as follows:
Wherein, wkFor the weight of input layer k, θhFor the threshold value of hidden layer node h, f is transmission function tansig letter Number, successively calculates all nodes later, obtains the output vector v of hidden layeri
S303, the v by acquiringihThe output valve of output layer, and output layer only one node are calculated, output layer is calculated Output valve ziFormula are as follows:
Wherein, w 'hFor the weight of hidden layer node h, γ is the threshold value for exporting node layer, and f ' is transmission function purelin Function;
S304, pass through the output valve z of the output layer acquirediWith target output value yi, calculate the error of single sample data Ei, calculation formula are as follows:
S305, pass through the error E of the single sample data acquiredi, calculate the error E of all sample datas, calculation formula Are as follows:
Wherein, p is sample data volume;
S306, by the error E of all sample datas acquired, define quick in Levenberg-Marquardt algorithm Sensitivity value, calculation formula are as follows:
Wherein,Indicate the sensitivity value that i-th of sample data that error E inputs m layers changes,Indicate m layers of net Weighted sum of the network to sample data i;
S307, by the error E of all sample datas, calculate the recurrence formula of sensitivity value:
Wherein,Indicate susceptibility of the error E to m layers of q-th of the sample data inputted variation of all sample datas Value,Indicate m+1 layers of sensitivity value, wm+1The weight vector for indicating m+1 layers, by formula as it can be seen that sensitivity value can be layer-by-layer Recursion, by the last layer by propagating backward to first layer;
S308, the element calculation formula for calculating error to the Jacobian matrix J of weight differential, in matrix are as follows:
S309, the weight that BP neural network is adjusted using Jacobian matrix J, adjust formula are as follows:
Δ w=(JTJ+μI)-1JTe
Wherein, e is error vector, and μ is a scalar, when μ increase when, it close to smaller learning rate gradient Descent method, when μ drops to 0, which has reformed into Gauss-Newton method, and therefore, L-M algorithm is in gradient descent method and height This-Newton method between smooth reconciliation algorithm.
S310, new weight vector w '=w+ Δ w, and the error sum of squares E ' new with w ' calculating are calculated, if E ' < E, Then step 302 is jumped to divided by θ (θ > 1) with μ;Otherwise, step 309 is jumped to multiplied by θ with μ;When error sum of squares E reduces When to target error threshold value, algorithm can be considered restraining, and obtain best initial weights parameter.
The present invention is based on the working principles of the network security situation awareness model of improved BP are as follows: first passes through to adopting The feature extraction and association analysis for collecting information obtain attacking threat data and system state data for the assets of Situation Awareness; Then the situation value of the network equipment is obtained using risk assessment function, in conjunction with the importance of equipment, realized to network security state The assessment of gesture finally improves BP neural network using L-M optimization algorithm, and originally single gradient descent method is improved to Method is adjusted with the adaptive weight that Gauss-Newton method blends, improves the speed of right-value optimization and the extensive energy of BP network Power realizes the function of network safety situation prediction.

Claims (7)

1. the network security situation awareness model based on improved BP, it is characterised in that: including data preprocessing module (1), situation computing module (2), parameter optimization module (3) and Tendency Prediction module (4), in which:
The data preprocessing module (1), for collecting the data set of separate sources, and therefrom extracts for network security state Gesture perception principal component information, then again through data relation analysis, after the redundancy for eliminating multi-source data, excavate each data it Between relevance, thus obtain for network safety situation calculate needed for vulnerability information, system operation information, attack information and Assets information, and therefrom obtain corresponding assets loophole threat data, assets attack threat data and system mode;
The situation computing module (2), assets loophole threat data, assets for being obtained according to data preprocessing module (1) Threat data and current system mode are attacked, the importance of the network equipment in a network is evaluated, calculates the network equipment Value-at-risk, and assess the security postures of whole network;
The parameter optimization module (3) calculates for determining the overall structure, input data and output data of BP neural network Target error function improves BP neural network using L-M algorithm, by L-M algorithm in gradient descent method and Gauss- It is adaptively adjusted between Newton method, carrys out the weighting parameter of Optimized BP Neural Network, and obtain optimal power after successive ignition Value parameter;
The Tendency Prediction module (4) is pacified for best initial weights parameter to be substituted into BP neural network with adjacent trimestral network Full situation value exports the network safety situation predicted value in lower January as input data, and draws network security situation awareness figure, To carry out network safety situation prediction.
2. the network security situation awareness model according to claim 1 based on improved BP, it is characterised in that:
The data preprocessing module (1) includes data acquisition module (1.1), data Principle component extraction module (1.2) and data Association analysis module (1.3);
The data acquisition module (1.1) includes loophole data, system operation data, attack data and money for acquiring Produce the data set of these four types of separate sources of data;
Wherein, loophole data are to be collected by way of crawler from websites such as CNNVD, CNVD and CVE;System operation data It is to be collected from the log information of system host;Attack data are the days from equipment such as IDS, firewall and interchangers It is collected in will information;Asset data refers to hardware equipment information and subscriber information message in network system;
The data Principle component extraction module (1.2), for coming from the collected above-mentioned four classes difference of data acquisition module (1.1) In the data set in source, the number of principal components evidence useful to network security situation awareness is extracted, with boosting algorithm efficiency and reduces mould Type computation burden;
Wherein, the number of principal components useful to network security situation awareness for needing to extract from loophole data is according to comprising loophole Title, issuing time, influences the attack type that equipment, threat level and the loophole cause at type;It needs to run number from system The number of principal components useful to network security situation awareness extracted in is according to the quantity of service comprising host unlatching, service class Type, open port and the network information;The master useful to network security situation awareness for needing to extract from attack data Compositional data include attacker IP, attacker's ownership place, victim IP, victim's ownership place, under fire platform, attacked port, Attack type, attack time, attack and vulnerability exploit information;Need to extract from asset data to network security state Gesture perceives useful number of principal components according to comprising device type, hardware parameter, equipment connection number and privacy of user data volume therein;
The data relation analysis module (1.3) pacifies network for what is extracted according to data Principle component extraction module (1.2) The useful number of principal components evidence of full Situation Awareness, is associated analysis, obtains corresponding assets loophole threat data, assets attack prestige The system running environment that meets when side of body data and all kinds of attacks are broken out, thus by system mode be divided into safe condition, Alert status, attack state and damaged condition;
Wherein, assets loophole threat data is to be associated analysis with loophole data by asset data to obtain;Assets attack prestige Coercing data is to be associated analysis with attack data by loophole data to obtain;All kinds of attacks break out when meet be System running environment is to be associated analysis by system operation data and attack data to obtain.
3. the network security situation awareness model according to claim 1 based on improved BP, it is characterised in that:
The assets loophole threat data, particular by as under type obtains: first carrying out asset data and loophole data Then association is directed to a certain device type, the quantity of all types of loophole outbursts in the one section time is counted, finally according to loophole Threat level calculates its threat degree, obtains the loophole outburst rule of a certain device type whithin a period of time, i.e. assets loophole Threat data;
The assets attack threat data, particular by as under type obtains: first by loophole data and attack number According to being associated, it is then directed to a certain loophole type, the quantity of loophole outburst attack, meter are utilized in statistics a period of time Calculate the attack outburst rate of the type loophole;And then by the attack outburst rate of obtained assets loophole threat data and loophole into Row association analysis, obtains the attack outburst rule of a certain Asset Type whithin a period of time, i.e. assets attack threat data.
4. a kind of network security situational awareness method based on improved BP, characterized by the following steps:
S1, the data set for collecting separate sources extract the principal component information for being used for network security situation awareness, obtain for network Loophole data, system operation data, attack data and the asset data that security postures calculate, and carry out data correlation point Analysis, eliminates the redundancy of multi-source data, and the relevance between mining data obtains assets loophole threat data, assets attack prestige Coerce data and system state data;
S2, the assets according to obtained in step S1 attack threat data, obtain the importance W of equipment in a networki, utilize risk Valuation functions Ei=F (Ti×Di), calculate the value-at-risk E of the network equipmenti, and the importance W of bonding apparatus in a networki, calculate Whole network security postures value E, E=∑ WiEi
S3, the overall structure for determining BP neural network, input data and output data are calculated target error function, are calculated using L-M Method improves BP neural network, is adaptively adjusted between gradient descent method and Gauss-Newton method by L-M algorithm, comes The weighting parameter of Optimized BP Neural Network, and optimal weighting parameter is obtained after successive ignition;
S4, best initial weights parameter is substituted into BP neural network, using adjacent trimestral network safety situation value as input data, The network safety situation predicted value in lower January is exported, and draws network security situation awareness figure, Lai Jinhang network safety situation is pre- It surveys.
5. as claimed in claim 4 based on the network security situational awareness method of improved BP, it is characterised in that: step Rapid S1 specifically includes the following steps:
S101, it is collected by data acquisition module comprising loophole data, system operation data, attack data and asset data The data set of these four types of separate sources;
The number of S102, four class separate sources being collected by data Principle component extraction module from step S101 data acquisition module According to concentration, the principal component information for network security situation awareness is extracted, principal component packet contains to be mentioned from loophole data The loophole title got, issuing time, influences attack type that equipment, threat level and the loophole cause, from being at type The host that extracts opens quantity of service, service type, open port and the network information, from attack number in system operation data The attacker IP that is extracted in, attacker's ownership place, victim IP, victim's ownership place, under fire platform, attacked port, Attack type, attack time, attack and vulnerability exploit information and the device type extracted from asset data, clothes Service type, open port, equipment connection number and private data amount therein;
S103, by data relation analysis module by the asset data principal component information extracted in step S102 and loophole data Principal component information is associated, and for a certain device type, counts the quantity of all types of loophole outbursts in the one section time, according to The threat level of all types of loopholes calculates its threat degree, obtains the loophole outburst rule of a certain device type whithin a period of time Rule, i.e. assets loophole threat data, and so on, the assets loophole threat data of whole network can be obtained;
S104, the loophole data principal component information and attack that will be extracted in step S102 by data relation analysis module Data principal component information is associated, and for a certain loophole type, is counted and is utilized loophole outburst attack thing in the one section time The quantity of part calculates the attack outburst rate of the type loophole, then will be in the attack outburst rate of the type loophole and step S103 Obtained assets loophole threat data is associated analysis, obtains the attack outburst rule of a certain Asset Type whithin a period of time Rule, i.e. assets attack threat data, and so on, the assets attack threat data of whole network can be obtained;
S105, it by the system operation data principal component information extracted in step S102 and is attacked by data relation analysis module Event data principal component information is associated analysis, obtains the system running environment met when the outburst of all kinds of attacks, in turn System mode is divided into safe condition, alert status, attack state and damaged condition.
6. as claimed in claim 4 based on the network security situational awareness method of improved BP, it is characterised in that: step Rapid S2 specifically includes the following steps:
S201, the importance W according to the asset data assessment equipment of equipment in a networki;Its evaluation process specifically includes following step It is rapid:
1) the privacy of user quantity stored in the connection quantity and equipment of statistics equipment in a network;
2) Performance Level of equipment is defined according to device type and service coverage;
3) these attribute values are added up and are standardized, obtained equipment and exist by the performance rate that equipment is defined according to hardware parameter Importance W in networki
S202, application risk valuation functions Ei=F (Ti×Di), calculate the value-at-risk E of equipmenti
Wherein, function F is preset risk assessment function, TiThe attack threat value faced by equipment current slot, Di For the current system mode of equipment, × it is matrix multiple operation, go to S203;
S203: the importance W of the equipment obtained in conjunction with step S201 in a networki, the security postures value E of overall network is calculated, is counted It is as follows to calculate formula:
E=∑ WiEi
Wherein, WiFor the importance of equipment in a network, EiFor the value-at-risk of equipment.
7. as claimed in claim 4 based on the network security situational awareness method of improved BP, it is characterised in that: step Rapid S3 specifically includes the following steps:
S301, three layers of BP neural network structure comprising a hidden layer are established, wherein input layer number is 3, output layer section Points are 1, and trimestral situation was worth sample data as input in the past, and the data of output are the Tendency Prediction of next month Value, while according to Hecht-Nielsen theory, 2N+1 is set by node in hidden layer, wherein N is input number of nodes, is implied Layer transmission function uses tansig function, and output layer transmission function uses purelin function;
S302, the input vector for determining each sample data are xi=(xi1, xi2, xi3), target output value yi, first calculate input Vector xiIn the output valve v of hidden layer node hih, calculation formula are as follows:
Wherein, wkFor the weight of input layer k, θhFor the threshold value of hidden layer node h, f is transmission function tansig function, it All nodes are successively calculated afterwards, obtain the output vector v of hidden layeri
S303, the v by acquiringihThe output valve of output layer, and output layer only one node are calculated, the output of output layer is calculated Value ziFormula are as follows:
Wherein, w 'hFor the weight of hidden layer node h, γ is the threshold value for exporting node layer, and f ' is transmission function purelin function;
S304, pass through the output valve z of the output layer acquirediWith target output value yi, calculate the error E of single sample datai, meter Calculate formula are as follows:
S305, pass through the error E of the single sample data acquiredi, calculate the error E of all sample datas, calculation formula are as follows:
Wherein, p is sample data volume;
S306, by the error E of all sample datas acquired, define the susceptibility in Levenberg-Marquardt algorithm Value, calculation formula are as follows:
Wherein,Indicate the sensitivity value that i-th of sample data that error E inputs m layers changes,Indicate m layer network pair The weighted sum of sample data i;
S307, by the error E of all sample datas, calculate the recurrence formula of sensitivity value:
Wherein,Indicate sensitivity value of the error E to m layers of q-th of the sample data inputted variation of all sample datas,Indicate m+1 layers of sensitivity value, wm+1The weight vector for indicating m+1 layers, by formula as it can be seen that sensitivity value can be passed successively It pushes away, by the last layer by propagating backward to first layer;
S308, the element calculation formula for calculating error to the Jacobian matrix J of weight differential, in matrix are as follows:
S309, the weight that BP neural network is adjusted using Jacobian matrix J, adjust formula are as follows:
Δ w=(JTJ+μI)-1JTe
Wherein, e is error vector, and μ is a scalar, and when μ increases, it declines close to the gradient with smaller learning rate Method, when μ drops to 0, which has reformed into Gauss-Newton method, and therefore, L-M algorithm is in gradient descent method and Gauss- Smooth reconciliation algorithm between Newton method.
310, new weight vector w '=w+ Δ w, and the error sum of squares E ' new with W ' calculating are calculated, if E ' < E, uses μ Divided by θ (θ > 1), step 302 is jumped to;Otherwise, step 309 is jumped to multiplied by θ with μ;When error sum of squares E is reduced to target When error threshold, algorithm can be considered restraining, and obtain best initial weights parameter.
CN201910597740.0A 2019-07-04 2019-07-04 Network security situation awareness model and method based on improved BP Pending CN110380897A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910597740.0A CN110380897A (en) 2019-07-04 2019-07-04 Network security situation awareness model and method based on improved BP

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910597740.0A CN110380897A (en) 2019-07-04 2019-07-04 Network security situation awareness model and method based on improved BP

Publications (1)

Publication Number Publication Date
CN110380897A true CN110380897A (en) 2019-10-25

Family

ID=68251852

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910597740.0A Pending CN110380897A (en) 2019-07-04 2019-07-04 Network security situation awareness model and method based on improved BP

Country Status (1)

Country Link
CN (1) CN110380897A (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111262858A (en) * 2020-01-16 2020-06-09 郑州轻工业大学 Network security situation prediction method based on SA _ SOA _ BP neural network
CN112165485A (en) * 2020-09-25 2021-01-01 山东炎黄工业设计有限公司 Intelligent prediction method for large-scale network security situation
CN112488417A (en) * 2020-12-14 2021-03-12 国网江苏省电力有限公司苏州供电分公司 Power grid operation characteristic sensing method and system based on LBP and neural network
CN112565255A (en) * 2020-12-04 2021-03-26 广东电网有限责任公司珠海供电局 Electric power Internet of things equipment safety early warning method based on BP neural network
CN112653680A (en) * 2020-12-14 2021-04-13 广东电网有限责任公司 Model training method, network situation prediction method, device, equipment and medium
CN113824699A (en) * 2021-08-30 2021-12-21 深圳供电局有限公司 Network security detection method and device
CN113965404A (en) * 2021-11-02 2022-01-21 公安部第三研究所 Network security situation self-adaptive active defense system and method
CN114500015A (en) * 2022-01-14 2022-05-13 北京网藤科技有限公司 Situation awareness system based on industrial network and control method thereof
WO2022100118A1 (en) * 2020-11-13 2022-05-19 华为技术有限公司 Model processing method and related device
CN116723034A (en) * 2023-07-03 2023-09-08 深圳市奥晏科技发展有限公司 Intelligent data monitoring system and method for internet information security
CN116886582A (en) * 2023-08-21 2023-10-13 扬州大自然网络信息有限公司 Network security assessment recording method and system based on BP neural network
CN117014230A (en) * 2023-10-07 2023-11-07 天云融创数据科技(北京)有限公司 Network security situation awareness method and system based on big data
CN117014230B (en) * 2023-10-07 2024-05-24 天云融创数据科技(北京)有限公司 Network security situation awareness method and system based on big data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104951836A (en) * 2014-03-25 2015-09-30 上海市玻森数据科技有限公司 Posting predication system based on nerual network technique
CN108400895A (en) * 2018-03-19 2018-08-14 西北大学 One kind being based on the improved BP neural network safety situation evaluation algorithm of genetic algorithm
CN108494810A (en) * 2018-06-11 2018-09-04 中国人民解放军战略支援部队信息工程大学 Network security situation prediction method, apparatus and system towards attack

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104951836A (en) * 2014-03-25 2015-09-30 上海市玻森数据科技有限公司 Posting predication system based on nerual network technique
CN108400895A (en) * 2018-03-19 2018-08-14 西北大学 One kind being based on the improved BP neural network safety situation evaluation algorithm of genetic algorithm
CN108494810A (en) * 2018-06-11 2018-09-04 中国人民解放军战略支援部队信息工程大学 Network security situation prediction method, apparatus and system towards attack

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘海天,韩伟红,贾焰: "基于BP神经网络的网络安全指标体系构建", 《信息技术与网络安全》 *
王钰,郭其一,李维刚: "基于改进BP神经网络的预测模型及其应用", 《计算机测量与控制》 *

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111262858A (en) * 2020-01-16 2020-06-09 郑州轻工业大学 Network security situation prediction method based on SA _ SOA _ BP neural network
CN112165485A (en) * 2020-09-25 2021-01-01 山东炎黄工业设计有限公司 Intelligent prediction method for large-scale network security situation
WO2022100118A1 (en) * 2020-11-13 2022-05-19 华为技术有限公司 Model processing method and related device
CN112565255A (en) * 2020-12-04 2021-03-26 广东电网有限责任公司珠海供电局 Electric power Internet of things equipment safety early warning method based on BP neural network
CN112488417A (en) * 2020-12-14 2021-03-12 国网江苏省电力有限公司苏州供电分公司 Power grid operation characteristic sensing method and system based on LBP and neural network
CN112653680A (en) * 2020-12-14 2021-04-13 广东电网有限责任公司 Model training method, network situation prediction method, device, equipment and medium
CN112488417B (en) * 2020-12-14 2022-06-21 国网江苏省电力有限公司苏州供电分公司 Power grid operation characteristic sensing method and system based on LBP and neural network
CN112653680B (en) * 2020-12-14 2022-04-12 广东电网有限责任公司 Model training method, network situation prediction method, device, equipment and medium
CN113824699A (en) * 2021-08-30 2021-12-21 深圳供电局有限公司 Network security detection method and device
CN113824699B (en) * 2021-08-30 2023-11-14 深圳供电局有限公司 Network security detection method and device
CN113965404A (en) * 2021-11-02 2022-01-21 公安部第三研究所 Network security situation self-adaptive active defense system and method
WO2023077617A1 (en) * 2021-11-02 2023-05-11 公安部第三研究所 Network security situation adaptive active defense system and method
CN114500015A (en) * 2022-01-14 2022-05-13 北京网藤科技有限公司 Situation awareness system based on industrial network and control method thereof
CN114500015B (en) * 2022-01-14 2024-02-27 北京网藤科技有限公司 Situation awareness system based on industrial network and control method thereof
CN116723034A (en) * 2023-07-03 2023-09-08 深圳市奥晏科技发展有限公司 Intelligent data monitoring system and method for internet information security
CN116723034B (en) * 2023-07-03 2024-05-28 深圳市奥晏科技发展有限公司 Intelligent data monitoring system and method for internet information security
CN116886582A (en) * 2023-08-21 2023-10-13 扬州大自然网络信息有限公司 Network security assessment recording method and system based on BP neural network
CN116886582B (en) * 2023-08-21 2024-01-30 扬州大自然网络信息有限公司 Network security assessment recording method and system based on BP neural network
CN117014230A (en) * 2023-10-07 2023-11-07 天云融创数据科技(北京)有限公司 Network security situation awareness method and system based on big data
CN117014230B (en) * 2023-10-07 2024-05-24 天云融创数据科技(北京)有限公司 Network security situation awareness method and system based on big data

Similar Documents

Publication Publication Date Title
CN110380897A (en) Network security situation awareness model and method based on improved BP
CN110392048A (en) Network security situation awareness model and method based on CE-RBF
Kim et al. Method of intrusion detection using deep neural network
CN107909299B (en) People hinders Claims Resolution data risk checking method and system
CN110380896A (en) Network security situation awareness model and method based on attack graph
CN106341414B (en) A kind of multi-step attack safety situation evaluation method based on Bayesian network
CN107623697A (en) A kind of network security situation evaluating method based on attacking and defending Stochastic Game Model
Rieke et al. Fraud detection in mobile payments utilizing process behavior analysis
CN110400220A (en) A kind of suspicious transaction detection method of intelligence based on semi-supervised figure neural network
CN107786369A (en) Based on the perception of IRT step analyses and LSTM powerline network security postures and Forecasting Methodology
CN108718310A (en) Multi-level attack signatures generation based on deep learning and malicious act recognition methods
CN109919624B (en) Network loan fraud group recognition and early warning method based on space-time aggregation
CN106713341A (en) Network security early-warning method and system based on big data
CN106254317A (en) A kind of data security exception monitoring system
CN111818102B (en) Defense efficiency evaluation method applied to network target range
CN108494802A (en) Key message infrastructure security based on artificial intelligence threatens Active Defending System Against
Jaiganesh et al. An analysis of intrusion detection system using back propagation neural network
CN106209829A (en) A kind of network security management system based on warning strategies
CN110009224A (en) Suspect&#39;s violation probability prediction technique, device, computer equipment and storage medium
CN109698823A (en) A kind of Cyberthreat discovery method
CN104915600A (en) Android application security risk evaluating method and device
Qayyum et al. Fraudulent call detection for mobile networks
Ni et al. A Victim-Based Framework for Telecom Fraud Analysis: A Bayesian Network Model
CN111127201A (en) Financial anti-money laundering cloud computing resource optimal allocation system and method based on SMDP
Akinbowale et al. Development of a multi-objectives integer programming model for allocation of anti-fraud capacities during cyberfraud mitigation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191025