CN110380897A - Network security situation awareness model and method based on improved BP - Google Patents
Network security situation awareness model and method based on improved BP Download PDFInfo
- Publication number
- CN110380897A CN110380897A CN201910597740.0A CN201910597740A CN110380897A CN 110380897 A CN110380897 A CN 110380897A CN 201910597740 A CN201910597740 A CN 201910597740A CN 110380897 A CN110380897 A CN 110380897A
- Authority
- CN
- China
- Prior art keywords
- data
- network
- attack
- loophole
- assets
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/147—Network analysis or design for predicting network behaviour
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses network security situation awareness models and method based on improved BP, the model includes data preprocessing module, situation computing module, parameter optimization module and Tendency Prediction module, this method comprises: collecting the data set of separate sources, the principal component information for being used for Situation Awareness is extracted, assets attack threat data and system state data are obtained;Threat data calculation risk value is attacked according to the assets of the network equipment, and assesses the security postures of whole network;BP neural network is improved using L-M optimization algorithm, the weighting parameter of Optimized BP Neural Network, and obtain optimal weighting parameter after successive ignition, best initial weights parameter is substituted into BP neural network, the prediction of Lai Jinhang network safety situation.The present invention effectively avoids the problem of BP neural network falls into locally optimal solution, greatly enhances the convergence rate and generalization ability of BP neural network, makes BP neural network that can obtain good effect in Tendency Prediction.
Description
Technical field:
The present invention relates to computer network security fields, and in particular to a kind of network security based on improved BP
Situation Awareness model and method.
Background technique:
With the fast development of network technology, assault also increases year by year, and network security problem is worked as people
Preceding focus of attention.Network safety situation is predicted, the safe shape of network can be grasped before assault occurs
State avoids to take corresponding safeguard procedures by unnecessary attack and loss;
At present for the research of network security situation awareness, majority is grinding for Cyberthreat quantization and safety situation evaluation
Study carefully, a small number of prediction models also may be only available for specific standards system and application scenarios, it is difficult to which it is very accurate, efficient to realize
Prediction effect.BP (Back Propagation, error backpropagation algorithm) network is neural network most widely used at present
One of model, structure is simple, and simulation capacity is strong, it is easy to accomplish, be widely used in recent years assessment prediction, expert system and
The fields such as image procossing;
But BP neural network is easily trapped into the situation of local optimum in the training process, keeps its pace of learning slack-off, receives
It holds back that the time is elongated, limits its ability in terms of Tendency Prediction.
Summary of the invention:
For the defects of background technique, the network peace based on improved BP that it is an object of that present invention to provide a kind of
Full Situation Awareness model and method mainly utilize Levenberg-Marquardt optimization algorithm (abbreviation L-M algorithm) to BP mind
It is improved through network, applies it to network security situation awareness field, realize a kind of novel network safety situation sense
Perception model and method, the model calculate network safety situation by carrying out statistic of classification to a large amount of vulnerability informations and log information
Value improves BP nerve net as the input of BP neural network, and using the weight of L-M algorithm optimization BP neural network
The convergence rate and generalization ability of network accurately predict the network safety situation value in future time section, draw network security
Tendency Prediction figure, to solve the situation that BP neural network is easily trapped into local optimum in the training process.
To achieve the above object, present invention provide the technical scheme that
A kind of network security situation awareness model based on improved BP, including data preprocessing module, situation
Computing module, parameter optimization module and Tendency Prediction module, in which:
The data preprocessing module for collecting the data set of separate sources, and is therefrom extracted for network security
The principal component information of Situation Awareness after the redundancy for eliminating multi-source data, excavates each data then again through data relation analysis
Between relevance, thus obtain for network safety situation calculate needed for vulnerability information, system operation information, attack information
And assets information, and therefrom obtain corresponding assets loophole threat data, assets attack threat data and system mode;
The situation computing module, the assets loophole threat data for being obtained according to data preprocessing module, assets are attacked
Threat data and current system mode are hit, the importance of the network equipment in a network is evaluated, calculates the wind of the network equipment
Danger value, and assess the security postures of whole network;
The parameter optimization module is calculated for determining the overall structure, input data and output data of BP neural network
Target error function improves BP neural network using L-M algorithm, by L-M algorithm in gradient descent method and Gauss-
It is adaptively adjusted between Newton method, carrys out the weighting parameter of Optimized BP Neural Network, and obtain optimal power after successive ignition
Value parameter;
The Tendency Prediction module, for best initial weights parameter to be substituted into BP neural network, with adjacent trimestral network
Security postures value exports the network safety situation predicted value in lower January as input data, and draws network security situation awareness
Figure, the prediction of Lai Jinhang network safety situation.
In above-mentioned model, the data preprocessing module include data acquisition module, data Principle component extraction module and
Data relation analysis module;
The data acquisition module includes loophole data, system operation data, attack data and assets for acquiring
The data set of these four types of separate sources of data;
Wherein, loophole data are to be collected by way of crawler from websites such as CNNVD, CNVD and CVE;System operation
Data are collected from the log information of system host;Attack data are from equipment such as IDS, firewall and interchangers
Log information in collect;Asset data refers to hardware equipment information and subscriber information message in network system;
The data Principle component extraction module, for from data collecting module collected to above-mentioned four classes separate sources number
According to concentration, the number of principal components evidence useful to network security situation awareness is extracted, with boosting algorithm efficiency and reduces model calculating
Burden;
Wherein, the number of principal components useful to network security situation awareness for needing to extract from loophole data is according to comprising leakage
The title in hole, issuing time, influences the attack type that equipment, threat level and the loophole cause at type;It needs to transport from system
The number of principal components useful to network security situation awareness extracted in row data is according to the quantity of service comprising host unlatching, service
Type, open port and the network information;Need to extract from attack data is useful to network security situation awareness
Number of principal components evidence includes attacker IP, attacker's ownership place, victim IP, victim's ownership place, under fire platform, attack end
Mouth, attack type, attack time, attack and vulnerability exploit information;Need to extract from asset data pacifies network
The useful number of principal components evidence of full Situation Awareness includes device type, hardware parameter, equipment connection number and privacy of user number therein
According to amount;
The data relation analysis module, for according to data Principle component extraction module extract to network safety situation
Useful number of principal components evidence is perceived, analysis is associated, obtains corresponding assets loophole threat data, assets attack threat data
And the system running environment met when the outburst of all kinds of attacks, so that system mode is divided into safe condition, early warning shape
State, attack state and damaged condition;
Wherein, assets loophole threat data is to be associated analysis with loophole data by asset data to obtain;Assets are attacked
Hitting threat data is to be associated analysis with attack data by loophole data to obtain;All kinds of attacks meet when breaking out
System running environment be to be associated analysis by system operation data and attack data to obtain.
In above-mentioned model, the assets loophole threat data, particular by as under type obtains: first by assets number
It is associated according to loophole data, is then directed to a certain device type, count the number of all types of loophole outbursts in the one section time
Amount, finally calculates its threat degree according to the threat level of loophole, it is quick-fried to obtain the loophole of a certain device type whithin a period of time
Hair rule, i.e. assets loophole threat data;
The assets attack threat data, particular by as under type obtains: first by loophole data and attack thing
Then number of packages is directed to a certain loophole type, the number of loophole outburst attack is utilized in statistics a period of time according to being associated
Amount calculates the attack outburst rate of the type loophole;And then the attack of obtained assets loophole threat data and loophole is broken out
Rate is associated analysis, obtains the attack outburst rule of a certain Asset Type whithin a period of time, i.e. assets attack threat data.
A kind of network security situational awareness method based on improved BP, it includes following steps:
S1, the data set for collecting separate sources extract the principal component information for being used for network security situation awareness, are used for
Loophole data, system operation data, attack data and the asset data that network safety situation calculates, and carry out data correlation
Analysis, eliminates the redundancy of multi-source data, and the relevance between mining data obtains assets loophole threat data, assets attack
Threat data and system state data;
S2, the assets according to obtained in step S1 attack threat data, obtain the importance W of equipment in a networki, utilize
Risk assessment function Ei=F (Ti×Di), calculate the value-at-risk E of the network equipmenti, and the importance W of bonding apparatus in a networki,
Calculate whole network security postures value E, E=∑ WiEi;
S3, the overall structure for determining BP neural network, input data and output data calculate target error function, use
L-M algorithm improves BP neural network, is adaptively adjusted between gradient descent method and Gauss-Newton method by L-M algorithm
It is whole, carry out the weighting parameter of Optimized BP Neural Network, and optimal weighting parameter is obtained after successive ignition;
S4, best initial weights parameter is substituted into BP neural network, using adjacent trimestral network safety situation value as input
Data, export the network safety situation predicted value in lower January, and draw network security situation awareness figure, Lai Jinhang network security state
Gesture prediction.
On the basis of above scheme, step S1 specifically includes the following steps:
S101, it is collected by data acquisition module comprising loophole data, system operation data, attack data and assets
The data set of data these fourth types separate sources;
S102, four class separate sources being collected by data Principle component extraction module from step S101 data acquisition module
Data set in, extract the principal component information for network security situation awareness, principal component packet contains from loophole data
In extract loophole title, type, issuing time, influence equipment, the attack type that threat level and the loophole cause,
The host that extracts from system operation data opens quantity of service, service type, open port and the network information, from attack thing
Attacker IP, attacker's ownership place, victim IP, victim's ownership place, the under fire platform, attack end extracted in number of packages evidence
Mouth, attack type, attack time, attack and vulnerability exploit information and the device type extracted from asset data,
Service type, open port, equipment connection number and private data amount therein;
S103, the asset data principal component information and loophole that will be extracted in step S102 by data relation analysis module
Data principal component information is associated, and for a certain device type, counts the quantity of all types of loophole outbursts in the one section time,
Its threat degree is calculated according to the threat level of all types of loopholes, obtains the loophole outburst of a certain device type whithin a period of time
Rule, i.e. assets loophole threat data, and so on, the assets loophole threat data of whole network can be obtained;
S104, it by the loophole data principal component information extracted in step S102 and is attacked by data relation analysis module
Event data principal component information is associated, and for a certain loophole type, is counted in the one section time and is attacked using loophole outburst
The quantity of event is hit, the attack outburst rate of the type loophole is calculated, then by the attack outburst rate and step of the type loophole
Assets loophole threat data obtained in S103 is associated analysis, and it is quick-fried to obtain the attack of a certain Asset Type whithin a period of time
Hair rule, i.e. assets attack threat data, and so on, the assets attack threat data of whole network can be obtained;
S105, the system operation data principal component that will be extracted in step S102 by data relation analysis module (1.3)
Information and attack data principal component information are associated analysis, obtain the system operation met when the outburst of all kinds of attacks
Environment, and then system mode is divided into safe condition, alert status, attack state and damaged condition.
In the above-mentioned methods, the step S2 specifically includes the following steps:
S201, the importance W according to the asset data assessment equipment of equipment in a networki;Its evaluation process specifically includes
Following steps:
1) the privacy of user quantity stored in the connection quantity and equipment of statistics equipment in a network;
2) Performance Level of equipment is defined according to device type and service coverage;
3) these attribute values are added up and are standardized, set by the performance rate that equipment is defined according to hardware parameter
Standby importance W in a networki;
S202, application risk valuation functions Ei=F (Ti×Di), calculate the value-at-risk E of equipmenti;
Wherein, function F is preset risk assessment function, TiThe attack faced by equipment current slot threatens
Value, DiFor the current system mode of equipment, × it is matrix multiple operation, go to S203;
S203: the importance W of the equipment obtained in conjunction with step S201 in a networki, calculate the security postures of overall network
Value E, calculation formula are as follows:
E=∑ WiEi
Wherein, WiFor the importance of equipment in a network, EiFor the value-at-risk of equipment.
In the above-mentioned methods, the step S3 specifically includes the following steps:
S301, three layers of BP neural network structure comprising a hidden layer are established, wherein input layer number is 3, output
Node layer number is 1, and trimestral situation was worth sample data as input in the past, and the data of output are that the situation of next month is pre-
Measured value, while according to Hecht-Nielsen theory, 2N+1 is set by node in hidden layer, wherein N is input number of nodes, hidden
Transmission function containing layer uses tansig function, and output layer transmission function uses purelin function;
S302, the input vector for determining each sample data are xi=(xi1, xi2, xi3), target output value yi, first calculate
Input vector xiIn the output valve v of hidden layer node hih, calculation formula are as follows:
Wherein, wkFor the weight of input layer k, θhFor the threshold value of hidden layer node h, f is transmission function tansig letter
Number, successively calculates all nodes later, obtains the output vector v of hidden layeri;
S303, the v by acquiringihThe output valve of output layer, and output layer only one node are calculated, output layer is calculated
Output valve ziFormula are as follows:
Wherein, w 'hFor the weight of hidden layer node h, γ is the threshold value for exporting node layer, and f ' is transmission function purelin
Function;
S304, pass through the output valve z of the output layer acquirediWith target output value yi, calculate the error of single sample data
Ei, calculation formula are as follows:
S305, pass through the error E of the single sample data acquiredi, calculate the error E of all sample datas, calculation formula
Are as follows:
Wherein, p is sample data volume;
S306, by the error E of all sample datas acquired, define quick in Levenberg-Marquardt algorithm
Sensitivity value, calculation formula are as follows:
Wherein,Indicate the sensitivity value that i-th of sample data that error E inputs m layers changes,Indicate m layers of net
Weighted sum of the network to sample data i;
S307, by the error E of all sample datas, calculate the recurrence formula of sensitivity value:
Wherein,Indicate susceptibility of the error E to m layers of q-th of the sample data inputted variation of all sample datas
Value,Indicate m+1 layers of sensitivity value, wm+1The weight vector for indicating m+1 layers, by formula as it can be seen that sensitivity value can be layer-by-layer
Recursion, by the last layer by propagating backward to first layer;
S308, the element calculation formula for calculating error to the Jacobian matrix J of weight differential, in matrix are as follows:
S309, the weight that BP neural network is adjusted using Jacobian matrix J, adjust formula are as follows:
Δ w=(JTJ+μI)-1JTe
Wherein, e is error vector, and μ is a scalar, when μ increase when, it close to smaller learning rate gradient
Descent method, when μ drops to 0, which has reformed into Gauss-Newton method, and therefore, L-M algorithm is in gradient descent method and height
This-Newton method between smooth reconciliation algorithm.
S310, new weight vector w '=w+ Δ w, and the error sum of squares E ' new with w ' calculating are calculated, if E ' < E,
Then step 302 is jumped to divided by θ (θ > 1) with μ;Otherwise, step 309 is jumped to multiplied by θ with μ;When error sum of squares E reduces
When to target error threshold value, algorithm can be considered restraining, and obtain best initial weights parameter.
The present invention is based on the working principles of the network security situation awareness model of improved BP are as follows: first passes through to adopting
The feature extraction and association analysis for collecting information obtain attacking threat data and system state data for the assets of Situation Awareness;
Then the situation value of the network equipment is obtained using risk assessment function, in conjunction with the importance of equipment, realized to network security state
The assessment of gesture finally improves BP neural network using L-M optimization algorithm, and originally single gradient descent method is improved to
Method is adjusted with the adaptive weight that Gauss-Newton method blends, improves the speed of right-value optimization and the extensive energy of BP network
Power realizes the function of network safety situation prediction.
Compared with the prior art, the advantages of the present invention are as follows: by using the weight tune of L-M algorithm improvement BP neural network
Section process makes its each iteration be no longer along single negative gradient direction, but allowable error is searched along the direction of deterioration
Rope, the method that right-value optimization is adaptively adjusted between gradient descent method and Gauss-Newton method effectively prevent BP nerve
Network falls into the problem of locally optimal solution, greatly enhances the convergence rate and generalization ability of BP neural network, makes BP
Neural network can obtain good effect during Tendency Prediction.
Detailed description of the invention:
Fig. 1 is that the present invention is based on the schematic diagrames of the network security situation awareness model of improved BP;
Fig. 2 is that the present invention is based on the flow charts of the network security situational awareness method of improved BP;
Fig. 3 is the flow chart of step S3 in Fig. 2.
Specific embodiment:
For a clearer understanding of the technical characteristics, objects and effects of the present invention, now control attached drawing is described in detail
A specific embodiment of the invention.
As shown in fig.1, a kind of network safety situation sense based on improved BP provided in an embodiment of the present invention
Perception model, including data preprocessing module 1, situation computing module 2, parameter optimization module 3 and Tendency Prediction module 4;Wherein:
Data preprocessing module 1 for collecting the data set of separate sources, and is therefrom extracted for network safety situation
The principal component information of perception after the redundancy for eliminating multi-source data, is excavated between each data then again through data relation analysis
Relevance, to obtain the vulnerability information needed for calculating for network safety situation, system operation information, attack information and money
Information is produced, and therefrom obtains corresponding assets loophole threat data, assets attack threat data and system mode;
Situation computing module 2, assets loophole threat data, assets attack for being obtained according to data preprocessing module 1
Threat data and current system mode evaluate the importance of the network equipment in a network, calculate the risk of the network equipment
Value, and assess the security postures of whole network;
Parameter optimization module 3 calculates mesh for determining the overall structure, input data and output data of BP neural network
Error function is marked, BP neural network is improved using L-M algorithm, by L-M algorithm in gradient descent method and Gauss-ox
It is adaptively adjusted between the method for pausing, carrys out the weighting parameter of Optimized BP Neural Network, and obtain optimal weight after successive ignition
Parameter;
Tendency Prediction module 4, for best initial weights parameter to be substituted into BP neural network, with adjacent trimestral network security
Situation value exports the network safety situation predicted value in lower January as input data, and draws network security situation awareness figure, comes
Carry out network safety situation prediction.
Shown in Figure 1, in embodiments of the present invention, data preprocessing module 1 includes data acquisition module 1.1, data
Principle component extraction module 1.2 and data relation analysis module 1.3;
Data acquisition module 1.1 includes loophole data, system operation data, attack data and assets for acquiring
The data set of these four types of separate sources of data;
Wherein, loophole data are to be collected by way of crawler from websites such as CNNVD, CNVD and CVE;System operation
Data are collected from the log information of system host;Attack data are from equipment such as IDS, firewall and interchangers
Log information in collect;Asset data refers to hardware equipment information and subscriber information message in network system;
Data Principle component extraction module 1.2, for from the collected above-mentioned four classes separate sources of data acquisition module 1.1
In data set, the number of principal components evidence useful to network security situation awareness is extracted, by boosting algorithm efficiency and is reduced in terms of model
Calculate burden;
Wherein, the number of principal components useful to network security situation awareness for needing to extract from loophole data is according to comprising leakage
The title in hole, issuing time, influences the attack type that equipment, threat level and the loophole cause at type;It needs to transport from system
The number of principal components useful to network security situation awareness extracted in row data is according to the quantity of service comprising host unlatching, service
Type, open port and the network information;Need to extract from attack data is useful to network security situation awareness
Number of principal components evidence includes attacker IP, attacker's ownership place, victim IP, victim's ownership place, under fire platform, attack end
Mouth, attack type, attack time, attack and vulnerability exploit information;Need to extract from asset data pacifies network
The useful number of principal components evidence of full Situation Awareness includes device type, hardware parameter, equipment connection number and privacy of user number therein
According to amount;
Data relation analysis module 1.3, for according to data Principle component extraction module 1.2 extract to network security state
Gesture perceives useful number of principal components evidence, is associated analysis, obtains corresponding assets loophole threat data, assets attack threatens number
The system running environment met when accordingly and all kinds of attacks are broken out, so that system mode is divided into safe condition, early warning
State, attack state and damaged condition;
Wherein, assets loophole threat data is to be associated analysis with loophole data by asset data to obtain;Assets are attacked
Hitting threat data is to be associated analysis with attack data by loophole data to obtain;All kinds of attacks meet when breaking out
System running environment be to be associated analysis by system operation data and attack data to obtain.More specifically,
In Situation Awareness model embodiment of the present invention, assets loophole threat data, particular by as under type obtains:
First asset data and loophole data are associated, are then directed to a certain device type, is counted in the one section time
The quantity of all types of loophole outbursts, finally calculates its threat degree according to the threat level of loophole, obtains a certain device type and exist
Loophole in a period of time breaks out rule, i.e. assets loophole threat data;
More specifically, assets attack threat data in Situation Awareness model embodiment of the present invention, particular by
As under type obtains:
First loophole data and attack data are associated, are then directed to a certain loophole type, statistics a period of time
The interior quantity using loophole outburst attack, calculates the attack outburst rate of the type loophole;And then the assets that will be obtained
The attack outburst rate of loophole threat data and loophole is associated analysis, obtains the attack of a certain Asset Type whithin a period of time
Outburst rule, i.e. assets attack threat data.
Refering to shown in Fig. 2 and Fig. 3, a kind of network security state based on improved BP provided in an embodiment of the present invention
Gesture cognitive method comprising following steps:
S1, the data set for collecting separate sources extract the principal component information for being used for network security situation awareness, are used for
Loophole data, system operation data, attack data and the asset data that network safety situation calculates, and carry out data correlation
Analysis, eliminates the redundancy of multi-source data, and the relevance between mining data obtains assets loophole threat data, assets attack
Threat data and system state data;
S2, the assets according to obtained in step S1 attack threat data, obtain the importance W of equipment in a networki, utilize
Risk assessment function Ei=F (Ti×Di), calculate the value-at-risk E of the network equipmenti, and the importance W of bonding apparatus in a networki,
Calculate whole network security postures value E, E=∑ WiEi;
S3, the overall structure for determining BP neural network, input data and output data calculate target error function, use
L-M algorithm improves BP neural network, is adaptively adjusted between gradient descent method and Gauss-Newton method by L-M algorithm
It is whole, carry out the weighting parameter of Optimized BP Neural Network, and optimal weighting parameter is obtained after successive ignition;
S4, best initial weights parameter is substituted into BP neural network, using adjacent trimestral network safety situation value as input
Data, export the network safety situation predicted value in lower January, and draw network security situation awareness figure, Lai Jinhang network security state
Gesture prediction.
More specifically, in Situation Awareness embodiment of the method for the present invention, step S1, specifically includes the following steps:
S101, it is collected by data acquisition module comprising loophole data, system operation data, attack data and assets
The data set of data these fourth types separate sources;
Wherein, loophole data can be collected by way of crawler from websites such as CNNVD, CNVD and CVE;System operation
Data can be by obtaining in the log information of system host;Attack data can be from the day of the equipment such as IDS, firewall and interchanger
It is obtained in will information;Asset data refers to hardware equipment information and subscriber information message in network system.
S102, four class separate sources being collected by data Principle component extraction module from step S101 data acquisition module
Data set in, extract the principal component information for network security situation awareness, principal component packet contains from loophole data
In extract loophole title, type, issuing time, influence equipment, the attack type that threat level and the loophole cause,
The host that extracts from system operation data opens quantity of service, service type, open port and the network information, from attack thing
Attacker IP, attacker's ownership place, victim IP, victim's ownership place, the under fire platform, attack end extracted in number of packages evidence
Mouth, attack type, attack time, attack and vulnerability exploit information and the device type extracted from asset data,
Service type, open port, equipment connection number and private data amount therein;
S103, the asset data principal component information and loophole that will be extracted in step S102 by data relation analysis module
Data principal component information is associated, and for a certain device type, counts the quantity of all types of loophole outbursts in the one section time,
Its threat degree is calculated according to the threat level of all types of loopholes, obtains the loophole outburst of a certain device type whithin a period of time
Rule, i.e. assets loophole threat data, and so on, the assets loophole threat data of whole network can be obtained;
S104, it by the loophole data principal component information extracted in step S102 and is attacked by data relation analysis module
Event data principal component information is associated, and for a certain loophole type, is counted in the one section time and is attacked using loophole outburst
The quantity of event is hit, the attack outburst rate of the type loophole is calculated, then by the attack outburst rate and step of the type loophole
Assets loophole threat data obtained in S103 is associated analysis, and it is quick-fried to obtain the attack of a certain Asset Type whithin a period of time
Hair rule, i.e. assets attack threat data, and so on, the assets attack threat data of whole network can be obtained;
S105, the system operation data principal component that will be extracted in step S102 by data relation analysis module (1.3)
Information and attack data principal component information are associated analysis, obtain the system operation met when the outburst of all kinds of attacks
Environment, and then system mode is divided into safe condition, alert status, attack state and damaged condition.
More specifically, in Situation Awareness embodiment of the method for the present invention, step S2, specifically includes the following steps:
S201, the importance W according to the asset data assessment equipment of equipment in a networki;Its evaluation process specifically includes
Following steps:
1) the privacy of user quantity stored in the connection quantity and equipment of statistics equipment in a network;
2) Performance Level of equipment is defined according to device type and service coverage;
3) these attribute values are added up and are standardized, set by the performance rate that equipment is defined according to hardware parameter
Standby importance W in a networki;
S202, application risk valuation functions Ei=F (Ti×Di), calculate the value-at-risk E of equipmenti;
Wherein, function F is preset risk assessment function, TiThe attack faced by equipment current slot threatens
Value, DiFor the current system mode of equipment, × it is matrix multiple operation, go to S203;
S203: the importance W of the equipment obtained in conjunction with step S201 in a networki, calculate the security postures of overall network
Value E, calculation formula are as follows:
E=∑ WiEi
Wherein, WiFor the importance of equipment in a network, EiFor the value-at-risk of equipment.
More specifically, in Situation Awareness embodiment of the method for the present invention, step S3, specifically includes the following steps:
S301, three layers of BP neural network structure comprising a hidden layer are established, wherein input layer number is 3, output
Node layer number is 1, and trimestral situation was worth sample data as input in the past, and the data of output are that the situation of next month is pre-
Measured value, while according to Hecht-Nielsen theory, 2N+1 is set by node in hidden layer, wherein N is input number of nodes, is led to
Emulation experiment is crossed, after the convergence rate and the output accuracy that comprehensively consider neural network, sets 7 for node in hidden layer, is implied
Layer transmission function uses tansig function (neural net layer transmission function), and output layer transmission function uses purelin function (line
Property transmission function);
S302, the input vector for determining each sample data are xi=(xi1, xi2, xi3), target output value yi, first calculate
Input vector xiIn the output valve v of hidden layer node hih, calculation formula are as follows:
Wherein, wkFor the weight of input layer k, θhFor the threshold value of hidden layer node h, f is transmission function tansig letter
Number, successively calculates all nodes later, obtains the output vector v of hidden layeri;
S303, the v by acquiringihThe output valve of output layer, and output layer only one node are calculated, output layer is calculated
Output valve ziFormula are as follows:
Wherein, w 'hFor the weight of hidden layer node h, γ is the threshold value for exporting node layer, and f ' is transmission function purelin
Function;
S304, pass through the output valve z of the output layer acquirediWith target output value yi, calculate the error of single sample data
Ei, calculation formula are as follows:
S305, pass through the error E of the single sample data acquiredi, calculate the error E of all sample datas, calculation formula
Are as follows:
Wherein, p is sample data volume;
S306, by the error E of all sample datas acquired, define quick in Levenberg-Marquardt algorithm
Sensitivity value, calculation formula are as follows:
Wherein,Indicate the sensitivity value that i-th of sample data that error E inputs m layers changes,Indicate m layers of net
Weighted sum of the network to sample data i;
S307, by the error E of all sample datas, calculate the recurrence formula of sensitivity value:
Wherein,Indicate susceptibility of the error E to m layers of q-th of the sample data inputted variation of all sample datas
Value,Indicate m+1 layers of sensitivity value, wm+1The weight vector for indicating m+1 layers, by formula as it can be seen that sensitivity value can be layer-by-layer
Recursion, by the last layer by propagating backward to first layer;
S308, the element calculation formula for calculating error to the Jacobian matrix J of weight differential, in matrix are as follows:
S309, the weight that BP neural network is adjusted using Jacobian matrix J, adjust formula are as follows:
Δ w=(JTJ+μI)-1JTe
Wherein, e is error vector, and μ is a scalar, when μ increase when, it close to smaller learning rate gradient
Descent method, when μ drops to 0, which has reformed into Gauss-Newton method, and therefore, L-M algorithm is in gradient descent method and height
This-Newton method between smooth reconciliation algorithm.
S310, new weight vector w '=w+ Δ w, and the error sum of squares E ' new with w ' calculating are calculated, if E ' < E,
Then step 302 is jumped to divided by θ (θ > 1) with μ;Otherwise, step 309 is jumped to multiplied by θ with μ;When error sum of squares E reduces
When to target error threshold value, algorithm can be considered restraining, and obtain best initial weights parameter.
The present invention is based on the working principles of the network security situation awareness model of improved BP are as follows: first passes through to adopting
The feature extraction and association analysis for collecting information obtain attacking threat data and system state data for the assets of Situation Awareness;
Then the situation value of the network equipment is obtained using risk assessment function, in conjunction with the importance of equipment, realized to network security state
The assessment of gesture finally improves BP neural network using L-M optimization algorithm, and originally single gradient descent method is improved to
Method is adjusted with the adaptive weight that Gauss-Newton method blends, improves the speed of right-value optimization and the extensive energy of BP network
Power realizes the function of network safety situation prediction.
Claims (7)
1. the network security situation awareness model based on improved BP, it is characterised in that: including data preprocessing module
(1), situation computing module (2), parameter optimization module (3) and Tendency Prediction module (4), in which:
The data preprocessing module (1), for collecting the data set of separate sources, and therefrom extracts for network security state
Gesture perception principal component information, then again through data relation analysis, after the redundancy for eliminating multi-source data, excavate each data it
Between relevance, thus obtain for network safety situation calculate needed for vulnerability information, system operation information, attack information and
Assets information, and therefrom obtain corresponding assets loophole threat data, assets attack threat data and system mode;
The situation computing module (2), assets loophole threat data, assets for being obtained according to data preprocessing module (1)
Threat data and current system mode are attacked, the importance of the network equipment in a network is evaluated, calculates the network equipment
Value-at-risk, and assess the security postures of whole network;
The parameter optimization module (3) calculates for determining the overall structure, input data and output data of BP neural network
Target error function improves BP neural network using L-M algorithm, by L-M algorithm in gradient descent method and Gauss-
It is adaptively adjusted between Newton method, carrys out the weighting parameter of Optimized BP Neural Network, and obtain optimal power after successive ignition
Value parameter;
The Tendency Prediction module (4) is pacified for best initial weights parameter to be substituted into BP neural network with adjacent trimestral network
Full situation value exports the network safety situation predicted value in lower January as input data, and draws network security situation awareness figure,
To carry out network safety situation prediction.
2. the network security situation awareness model according to claim 1 based on improved BP, it is characterised in that:
The data preprocessing module (1) includes data acquisition module (1.1), data Principle component extraction module (1.2) and data
Association analysis module (1.3);
The data acquisition module (1.1) includes loophole data, system operation data, attack data and money for acquiring
Produce the data set of these four types of separate sources of data;
Wherein, loophole data are to be collected by way of crawler from websites such as CNNVD, CNVD and CVE;System operation data
It is to be collected from the log information of system host;Attack data are the days from equipment such as IDS, firewall and interchangers
It is collected in will information;Asset data refers to hardware equipment information and subscriber information message in network system;
The data Principle component extraction module (1.2), for coming from the collected above-mentioned four classes difference of data acquisition module (1.1)
In the data set in source, the number of principal components evidence useful to network security situation awareness is extracted, with boosting algorithm efficiency and reduces mould
Type computation burden;
Wherein, the number of principal components useful to network security situation awareness for needing to extract from loophole data is according to comprising loophole
Title, issuing time, influences the attack type that equipment, threat level and the loophole cause at type;It needs to run number from system
The number of principal components useful to network security situation awareness extracted in is according to the quantity of service comprising host unlatching, service class
Type, open port and the network information;The master useful to network security situation awareness for needing to extract from attack data
Compositional data include attacker IP, attacker's ownership place, victim IP, victim's ownership place, under fire platform, attacked port,
Attack type, attack time, attack and vulnerability exploit information;Need to extract from asset data to network security state
Gesture perceives useful number of principal components according to comprising device type, hardware parameter, equipment connection number and privacy of user data volume therein;
The data relation analysis module (1.3) pacifies network for what is extracted according to data Principle component extraction module (1.2)
The useful number of principal components evidence of full Situation Awareness, is associated analysis, obtains corresponding assets loophole threat data, assets attack prestige
The system running environment that meets when side of body data and all kinds of attacks are broken out, thus by system mode be divided into safe condition,
Alert status, attack state and damaged condition;
Wherein, assets loophole threat data is to be associated analysis with loophole data by asset data to obtain;Assets attack prestige
Coercing data is to be associated analysis with attack data by loophole data to obtain;All kinds of attacks break out when meet be
System running environment is to be associated analysis by system operation data and attack data to obtain.
3. the network security situation awareness model according to claim 1 based on improved BP, it is characterised in that:
The assets loophole threat data, particular by as under type obtains: first carrying out asset data and loophole data
Then association is directed to a certain device type, the quantity of all types of loophole outbursts in the one section time is counted, finally according to loophole
Threat level calculates its threat degree, obtains the loophole outburst rule of a certain device type whithin a period of time, i.e. assets loophole
Threat data;
The assets attack threat data, particular by as under type obtains: first by loophole data and attack number
According to being associated, it is then directed to a certain loophole type, the quantity of loophole outburst attack, meter are utilized in statistics a period of time
Calculate the attack outburst rate of the type loophole;And then by the attack outburst rate of obtained assets loophole threat data and loophole into
Row association analysis, obtains the attack outburst rule of a certain Asset Type whithin a period of time, i.e. assets attack threat data.
4. a kind of network security situational awareness method based on improved BP, characterized by the following steps:
S1, the data set for collecting separate sources extract the principal component information for being used for network security situation awareness, obtain for network
Loophole data, system operation data, attack data and the asset data that security postures calculate, and carry out data correlation point
Analysis, eliminates the redundancy of multi-source data, and the relevance between mining data obtains assets loophole threat data, assets attack prestige
Coerce data and system state data;
S2, the assets according to obtained in step S1 attack threat data, obtain the importance W of equipment in a networki, utilize risk
Valuation functions Ei=F (Ti×Di), calculate the value-at-risk E of the network equipmenti, and the importance W of bonding apparatus in a networki, calculate
Whole network security postures value E, E=∑ WiEi;
S3, the overall structure for determining BP neural network, input data and output data are calculated target error function, are calculated using L-M
Method improves BP neural network, is adaptively adjusted between gradient descent method and Gauss-Newton method by L-M algorithm, comes
The weighting parameter of Optimized BP Neural Network, and optimal weighting parameter is obtained after successive ignition;
S4, best initial weights parameter is substituted into BP neural network, using adjacent trimestral network safety situation value as input data,
The network safety situation predicted value in lower January is exported, and draws network security situation awareness figure, Lai Jinhang network safety situation is pre-
It surveys.
5. as claimed in claim 4 based on the network security situational awareness method of improved BP, it is characterised in that: step
Rapid S1 specifically includes the following steps:
S101, it is collected by data acquisition module comprising loophole data, system operation data, attack data and asset data
The data set of these four types of separate sources;
The number of S102, four class separate sources being collected by data Principle component extraction module from step S101 data acquisition module
According to concentration, the principal component information for network security situation awareness is extracted, principal component packet contains to be mentioned from loophole data
The loophole title got, issuing time, influences attack type that equipment, threat level and the loophole cause, from being at type
The host that extracts opens quantity of service, service type, open port and the network information, from attack number in system operation data
The attacker IP that is extracted in, attacker's ownership place, victim IP, victim's ownership place, under fire platform, attacked port,
Attack type, attack time, attack and vulnerability exploit information and the device type extracted from asset data, clothes
Service type, open port, equipment connection number and private data amount therein;
S103, by data relation analysis module by the asset data principal component information extracted in step S102 and loophole data
Principal component information is associated, and for a certain device type, counts the quantity of all types of loophole outbursts in the one section time, according to
The threat level of all types of loopholes calculates its threat degree, obtains the loophole outburst rule of a certain device type whithin a period of time
Rule, i.e. assets loophole threat data, and so on, the assets loophole threat data of whole network can be obtained;
S104, the loophole data principal component information and attack that will be extracted in step S102 by data relation analysis module
Data principal component information is associated, and for a certain loophole type, is counted and is utilized loophole outburst attack thing in the one section time
The quantity of part calculates the attack outburst rate of the type loophole, then will be in the attack outburst rate of the type loophole and step S103
Obtained assets loophole threat data is associated analysis, obtains the attack outburst rule of a certain Asset Type whithin a period of time
Rule, i.e. assets attack threat data, and so on, the assets attack threat data of whole network can be obtained;
S105, it by the system operation data principal component information extracted in step S102 and is attacked by data relation analysis module
Event data principal component information is associated analysis, obtains the system running environment met when the outburst of all kinds of attacks, in turn
System mode is divided into safe condition, alert status, attack state and damaged condition.
6. as claimed in claim 4 based on the network security situational awareness method of improved BP, it is characterised in that: step
Rapid S2 specifically includes the following steps:
S201, the importance W according to the asset data assessment equipment of equipment in a networki;Its evaluation process specifically includes following step
It is rapid:
1) the privacy of user quantity stored in the connection quantity and equipment of statistics equipment in a network;
2) Performance Level of equipment is defined according to device type and service coverage;
3) these attribute values are added up and are standardized, obtained equipment and exist by the performance rate that equipment is defined according to hardware parameter
Importance W in networki;
S202, application risk valuation functions Ei=F (Ti×Di), calculate the value-at-risk E of equipmenti;
Wherein, function F is preset risk assessment function, TiThe attack threat value faced by equipment current slot, Di
For the current system mode of equipment, × it is matrix multiple operation, go to S203;
S203: the importance W of the equipment obtained in conjunction with step S201 in a networki, the security postures value E of overall network is calculated, is counted
It is as follows to calculate formula:
E=∑ WiEi
Wherein, WiFor the importance of equipment in a network, EiFor the value-at-risk of equipment.
7. as claimed in claim 4 based on the network security situational awareness method of improved BP, it is characterised in that: step
Rapid S3 specifically includes the following steps:
S301, three layers of BP neural network structure comprising a hidden layer are established, wherein input layer number is 3, output layer section
Points are 1, and trimestral situation was worth sample data as input in the past, and the data of output are the Tendency Prediction of next month
Value, while according to Hecht-Nielsen theory, 2N+1 is set by node in hidden layer, wherein N is input number of nodes, is implied
Layer transmission function uses tansig function, and output layer transmission function uses purelin function;
S302, the input vector for determining each sample data are xi=(xi1, xi2, xi3), target output value yi, first calculate input
Vector xiIn the output valve v of hidden layer node hih, calculation formula are as follows:
Wherein, wkFor the weight of input layer k, θhFor the threshold value of hidden layer node h, f is transmission function tansig function, it
All nodes are successively calculated afterwards, obtain the output vector v of hidden layeri;
S303, the v by acquiringihThe output valve of output layer, and output layer only one node are calculated, the output of output layer is calculated
Value ziFormula are as follows:
Wherein, w 'hFor the weight of hidden layer node h, γ is the threshold value for exporting node layer, and f ' is transmission function purelin function;
S304, pass through the output valve z of the output layer acquirediWith target output value yi, calculate the error E of single sample datai, meter
Calculate formula are as follows:
S305, pass through the error E of the single sample data acquiredi, calculate the error E of all sample datas, calculation formula are as follows:
Wherein, p is sample data volume;
S306, by the error E of all sample datas acquired, define the susceptibility in Levenberg-Marquardt algorithm
Value, calculation formula are as follows:
Wherein,Indicate the sensitivity value that i-th of sample data that error E inputs m layers changes,Indicate m layer network pair
The weighted sum of sample data i;
S307, by the error E of all sample datas, calculate the recurrence formula of sensitivity value:
Wherein,Indicate sensitivity value of the error E to m layers of q-th of the sample data inputted variation of all sample datas,Indicate m+1 layers of sensitivity value, wm+1The weight vector for indicating m+1 layers, by formula as it can be seen that sensitivity value can be passed successively
It pushes away, by the last layer by propagating backward to first layer;
S308, the element calculation formula for calculating error to the Jacobian matrix J of weight differential, in matrix are as follows:
S309, the weight that BP neural network is adjusted using Jacobian matrix J, adjust formula are as follows:
Δ w=(JTJ+μI)-1JTe
Wherein, e is error vector, and μ is a scalar, and when μ increases, it declines close to the gradient with smaller learning rate
Method, when μ drops to 0, which has reformed into Gauss-Newton method, and therefore, L-M algorithm is in gradient descent method and Gauss-
Smooth reconciliation algorithm between Newton method.
310, new weight vector w '=w+ Δ w, and the error sum of squares E ' new with W ' calculating are calculated, if E ' < E, uses μ
Divided by θ (θ > 1), step 302 is jumped to;Otherwise, step 309 is jumped to multiplied by θ with μ;When error sum of squares E is reduced to target
When error threshold, algorithm can be considered restraining, and obtain best initial weights parameter.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910597740.0A CN110380897A (en) | 2019-07-04 | 2019-07-04 | Network security situation awareness model and method based on improved BP |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910597740.0A CN110380897A (en) | 2019-07-04 | 2019-07-04 | Network security situation awareness model and method based on improved BP |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110380897A true CN110380897A (en) | 2019-10-25 |
Family
ID=68251852
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910597740.0A Pending CN110380897A (en) | 2019-07-04 | 2019-07-04 | Network security situation awareness model and method based on improved BP |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110380897A (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111262858A (en) * | 2020-01-16 | 2020-06-09 | 郑州轻工业大学 | Network security situation prediction method based on SA _ SOA _ BP neural network |
CN112165485A (en) * | 2020-09-25 | 2021-01-01 | 山东炎黄工业设计有限公司 | Intelligent prediction method for large-scale network security situation |
CN112488417A (en) * | 2020-12-14 | 2021-03-12 | 国网江苏省电力有限公司苏州供电分公司 | Power grid operation characteristic sensing method and system based on LBP and neural network |
CN112565255A (en) * | 2020-12-04 | 2021-03-26 | 广东电网有限责任公司珠海供电局 | Electric power Internet of things equipment safety early warning method based on BP neural network |
CN112653680A (en) * | 2020-12-14 | 2021-04-13 | 广东电网有限责任公司 | Model training method, network situation prediction method, device, equipment and medium |
CN113824699A (en) * | 2021-08-30 | 2021-12-21 | 深圳供电局有限公司 | Network security detection method and device |
CN113965404A (en) * | 2021-11-02 | 2022-01-21 | 公安部第三研究所 | Network security situation self-adaptive active defense system and method |
CN114500015A (en) * | 2022-01-14 | 2022-05-13 | 北京网藤科技有限公司 | Situation awareness system based on industrial network and control method thereof |
WO2022100118A1 (en) * | 2020-11-13 | 2022-05-19 | 华为技术有限公司 | Model processing method and related device |
CN116723034A (en) * | 2023-07-03 | 2023-09-08 | 深圳市奥晏科技发展有限公司 | Intelligent data monitoring system and method for internet information security |
CN116886582A (en) * | 2023-08-21 | 2023-10-13 | 扬州大自然网络信息有限公司 | Network security assessment recording method and system based on BP neural network |
CN117014230A (en) * | 2023-10-07 | 2023-11-07 | 天云融创数据科技(北京)有限公司 | Network security situation awareness method and system based on big data |
CN117014230B (en) * | 2023-10-07 | 2024-05-24 | 天云融创数据科技(北京)有限公司 | Network security situation awareness method and system based on big data |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104951836A (en) * | 2014-03-25 | 2015-09-30 | 上海市玻森数据科技有限公司 | Posting predication system based on nerual network technique |
CN108400895A (en) * | 2018-03-19 | 2018-08-14 | 西北大学 | One kind being based on the improved BP neural network safety situation evaluation algorithm of genetic algorithm |
CN108494810A (en) * | 2018-06-11 | 2018-09-04 | 中国人民解放军战略支援部队信息工程大学 | Network security situation prediction method, apparatus and system towards attack |
-
2019
- 2019-07-04 CN CN201910597740.0A patent/CN110380897A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104951836A (en) * | 2014-03-25 | 2015-09-30 | 上海市玻森数据科技有限公司 | Posting predication system based on nerual network technique |
CN108400895A (en) * | 2018-03-19 | 2018-08-14 | 西北大学 | One kind being based on the improved BP neural network safety situation evaluation algorithm of genetic algorithm |
CN108494810A (en) * | 2018-06-11 | 2018-09-04 | 中国人民解放军战略支援部队信息工程大学 | Network security situation prediction method, apparatus and system towards attack |
Non-Patent Citations (2)
Title |
---|
刘海天,韩伟红,贾焰: "基于BP神经网络的网络安全指标体系构建", 《信息技术与网络安全》 * |
王钰,郭其一,李维刚: "基于改进BP神经网络的预测模型及其应用", 《计算机测量与控制》 * |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111262858A (en) * | 2020-01-16 | 2020-06-09 | 郑州轻工业大学 | Network security situation prediction method based on SA _ SOA _ BP neural network |
CN112165485A (en) * | 2020-09-25 | 2021-01-01 | 山东炎黄工业设计有限公司 | Intelligent prediction method for large-scale network security situation |
WO2022100118A1 (en) * | 2020-11-13 | 2022-05-19 | 华为技术有限公司 | Model processing method and related device |
CN112565255A (en) * | 2020-12-04 | 2021-03-26 | 广东电网有限责任公司珠海供电局 | Electric power Internet of things equipment safety early warning method based on BP neural network |
CN112488417A (en) * | 2020-12-14 | 2021-03-12 | 国网江苏省电力有限公司苏州供电分公司 | Power grid operation characteristic sensing method and system based on LBP and neural network |
CN112653680A (en) * | 2020-12-14 | 2021-04-13 | 广东电网有限责任公司 | Model training method, network situation prediction method, device, equipment and medium |
CN112488417B (en) * | 2020-12-14 | 2022-06-21 | 国网江苏省电力有限公司苏州供电分公司 | Power grid operation characteristic sensing method and system based on LBP and neural network |
CN112653680B (en) * | 2020-12-14 | 2022-04-12 | 广东电网有限责任公司 | Model training method, network situation prediction method, device, equipment and medium |
CN113824699A (en) * | 2021-08-30 | 2021-12-21 | 深圳供电局有限公司 | Network security detection method and device |
CN113824699B (en) * | 2021-08-30 | 2023-11-14 | 深圳供电局有限公司 | Network security detection method and device |
CN113965404A (en) * | 2021-11-02 | 2022-01-21 | 公安部第三研究所 | Network security situation self-adaptive active defense system and method |
WO2023077617A1 (en) * | 2021-11-02 | 2023-05-11 | 公安部第三研究所 | Network security situation adaptive active defense system and method |
CN114500015A (en) * | 2022-01-14 | 2022-05-13 | 北京网藤科技有限公司 | Situation awareness system based on industrial network and control method thereof |
CN114500015B (en) * | 2022-01-14 | 2024-02-27 | 北京网藤科技有限公司 | Situation awareness system based on industrial network and control method thereof |
CN116723034A (en) * | 2023-07-03 | 2023-09-08 | 深圳市奥晏科技发展有限公司 | Intelligent data monitoring system and method for internet information security |
CN116723034B (en) * | 2023-07-03 | 2024-05-28 | 深圳市奥晏科技发展有限公司 | Intelligent data monitoring system and method for internet information security |
CN116886582A (en) * | 2023-08-21 | 2023-10-13 | 扬州大自然网络信息有限公司 | Network security assessment recording method and system based on BP neural network |
CN116886582B (en) * | 2023-08-21 | 2024-01-30 | 扬州大自然网络信息有限公司 | Network security assessment recording method and system based on BP neural network |
CN117014230A (en) * | 2023-10-07 | 2023-11-07 | 天云融创数据科技(北京)有限公司 | Network security situation awareness method and system based on big data |
CN117014230B (en) * | 2023-10-07 | 2024-05-24 | 天云融创数据科技(北京)有限公司 | Network security situation awareness method and system based on big data |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110380897A (en) | Network security situation awareness model and method based on improved BP | |
CN110392048A (en) | Network security situation awareness model and method based on CE-RBF | |
Kim et al. | Method of intrusion detection using deep neural network | |
CN107909299B (en) | People hinders Claims Resolution data risk checking method and system | |
CN110380896A (en) | Network security situation awareness model and method based on attack graph | |
CN106341414B (en) | A kind of multi-step attack safety situation evaluation method based on Bayesian network | |
CN107623697A (en) | A kind of network security situation evaluating method based on attacking and defending Stochastic Game Model | |
Rieke et al. | Fraud detection in mobile payments utilizing process behavior analysis | |
CN110400220A (en) | A kind of suspicious transaction detection method of intelligence based on semi-supervised figure neural network | |
CN107786369A (en) | Based on the perception of IRT step analyses and LSTM powerline network security postures and Forecasting Methodology | |
CN108718310A (en) | Multi-level attack signatures generation based on deep learning and malicious act recognition methods | |
CN109919624B (en) | Network loan fraud group recognition and early warning method based on space-time aggregation | |
CN106713341A (en) | Network security early-warning method and system based on big data | |
CN106254317A (en) | A kind of data security exception monitoring system | |
CN111818102B (en) | Defense efficiency evaluation method applied to network target range | |
CN108494802A (en) | Key message infrastructure security based on artificial intelligence threatens Active Defending System Against | |
Jaiganesh et al. | An analysis of intrusion detection system using back propagation neural network | |
CN106209829A (en) | A kind of network security management system based on warning strategies | |
CN110009224A (en) | Suspect's violation probability prediction technique, device, computer equipment and storage medium | |
CN109698823A (en) | A kind of Cyberthreat discovery method | |
CN104915600A (en) | Android application security risk evaluating method and device | |
Qayyum et al. | Fraudulent call detection for mobile networks | |
Ni et al. | A Victim-Based Framework for Telecom Fraud Analysis: A Bayesian Network Model | |
CN111127201A (en) | Financial anti-money laundering cloud computing resource optimal allocation system and method based on SMDP | |
Akinbowale et al. | Development of a multi-objectives integer programming model for allocation of anti-fraud capacities during cyberfraud mitigation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191025 |