CN111125685A - Method and device for predicting network security situation - Google Patents

Method and device for predicting network security situation Download PDF

Info

Publication number
CN111125685A
CN111125685A CN201811278810.8A CN201811278810A CN111125685A CN 111125685 A CN111125685 A CN 111125685A CN 201811278810 A CN201811278810 A CN 201811278810A CN 111125685 A CN111125685 A CN 111125685A
Authority
CN
China
Prior art keywords
attribute
splitting
attributes
network data
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811278810.8A
Other languages
Chinese (zh)
Inventor
陈珍文
贺嘉
李雁
郑袁平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Henan Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Henan Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Henan Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201811278810.8A priority Critical patent/CN111125685A/en
Publication of CN111125685A publication Critical patent/CN111125685A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention provides a method and a device for predicting a network security situation, wherein the method comprises the steps of obtaining network data, wherein the network data comprises data corresponding to at least two attributes; according to the network data, sequentially determining splitting attributes for attribute splitting each time from the at least two attributes, wherein the determining sequence of the splitting attributes is related to the influence degree on the network security situation prediction result; according to the sequentially determined splitting attributes, performing successive attribute splitting on the network data to generate a decision tree; and predicting the network security situation according to the decision tree to obtain a prediction result. The embodiment of the invention improves the accuracy and efficiency of network security situation prediction.

Description

Method and device for predicting network security situation
Technical Field
The embodiment of the invention relates to the technical field of network security, in particular to a method and a device for predicting a network security situation.
Background
With the rapid development of internet technology, the composition of the internet becomes more complex, the scale becomes increasingly large, and the network security threats are more complex and more diverse. Aiming at the network security threat, various network security devices are put into practical use, and the management of the network security is gradually developed into multi-device cooperative management and fusion of various audit data from single-machine detection and management; in addition, the security state of the network system is also more concerned so as to be able to predict potential threats and prepare for defense, so the security threat situation prediction is a hot spot of recent research in the network security field.
At present, the method of performing association mining analysis on the weblog by using a data mining technology, particularly an association rule method, is a very important technical means for predicting the situation of the security threat. The prior algorithm is one of the existing mining algorithms of the association rules, but the algorithm needs to scan the database for many times, the memory consumption is large, the mining on large data volume is time-consuming, and the mining efficiency is not high. Of course, the prior algorithm is used for log analysis, and the association mining of the logs cannot be rapidly realized, so that the efficiency of security situation prediction is low.
Disclosure of Invention
The embodiment of the invention provides a method and a device for predicting a network security situation, which aim to solve the problem of low security situation prediction efficiency in the prior art.
In order to solve the foregoing technical problem, in a first aspect, an embodiment of the present invention provides a method for predicting a network security situation, where the method includes:
acquiring network data, wherein the network data comprises data corresponding to at least two attributes;
according to the network data, determining splitting attributes for attribute splitting each time in sequence from the at least two attributes;
according to the sequentially determined splitting attributes, performing successive attribute splitting on the network data to generate a decision tree;
and predicting the network security situation according to the decision tree to obtain a prediction result.
In a second aspect, an embodiment of the present invention provides an apparatus for predicting a network security situation, where the apparatus includes:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring network data, and the network data comprises data corresponding to at least two attributes;
a second obtaining module, configured to sequentially determine, according to the network data, a splitting attribute for performing attribute splitting each time from the at least two attributes;
the third acquisition module is used for performing successive attribute splitting on the network data according to the sequentially determined splitting attributes to generate a decision tree;
and the fourth acquisition module is used for predicting the network security situation according to the decision tree to obtain a prediction result.
In a third aspect, an embodiment of the present invention provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the method for predicting a network security situation when executing the computer program.
In a fourth aspect, an embodiment of the present invention provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the method for predicting a network security situation.
According to the method and the device for predicting the network security situation, provided by the embodiment of the invention, the splitting attributes of attribute splitting each time are sequentially determined from at least two attributes according to the network data comprising the data corresponding to the at least two attributes, the determining sequence of the splitting attributes is related to the influence degree on the network security situation prediction result, then the network data is subjected to successive attribute splitting according to the sequentially determined splitting attributes to generate the decision tree, finally, the network security situation is predicted according to the decision tree to obtain the prediction result, and the effect degree of the network security situation prediction result on the basis of the attributes is subjected to hierarchical splitting, so that the accuracy of the final network security situation prediction is ensured, and the prediction efficiency of the network security situation is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a flow chart illustrating steps of a method for predicting a network security situation according to an embodiment of the present invention;
FIG. 2 is a schematic diagram illustrating attribute splitting when a split attribute is traffic according to an embodiment of the present invention;
FIG. 3 is a block diagram of a device for predicting network security posture according to an embodiment of the present invention;
fig. 4 is a schematic physical structure diagram of an electronic device in an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, a flowchart of steps of a method for predicting a network security situation in an embodiment of the present invention is shown, where the method includes the following steps:
step 101: network data is acquired.
In this step, specifically, the acquired network data includes data corresponding to at least two attributes.
Specifically, because the change of the network resource reflects the change of the network security situation, and the CPU resource and the memory resource in the network are important resources in the network, when the network is not used or is attacked, the two resources may be exhausted, thereby causing the performance of the network to be degraded or even to be broken down. In addition, different behaviors can cause changes in disk resources, and network behaviors are hidden in traffic. Therefore, the at least two attributes in this embodiment may include: CPU utilization, traffic consumption, memory consumption, and disk consumption.
Therefore, by acquiring the data of the attributes, the change of the network security situation can be accurately reflected through the data of the attributes.
Specifically, the acquired network data may be represented by the following table:
data identification Flow rate CUP utilization rate Memory consumption Disk consumption
ID1 A1 B1 C1 D1
ID2 A2 B2 C2 D2
... ... ... ... ...
Specifically, as can be seen from the above table, each piece of data (data corresponding to each data identifier) in the network data includes data with 4 attributes, such as CPU utilization, traffic consumption, memory consumption, and disk consumption.
It should be noted that, of course, the values of the data corresponding to each attribute in the above table are only represented by a1, a2, B1, B2, C1, C2, D1, D2, and the like as examples, and in the case of actual application, the values are actual values in the network.
Step 102: according to the network data, the splitting attribute for splitting the attribute each time is determined in sequence from at least two attributes.
In this step, specifically, the determination order of the split attributes is related to the degree of influence on the network security situation prediction result.
Therefore, according to the network data, the splitting attributes of attribute splitting at each time are sequentially determined from at least two attributes, the determining sequence of the splitting attributes is related to the influence degree of the splitting attributes on the network security situation prediction result, the effect degree of the attribute-based network security situation prediction result on the basis of the hierarchical splitting is achieved, the accuracy of final network security situation prediction is guaranteed, and the prediction efficiency of the network security situation is improved.
Step 103: and according to the sequentially determined splitting attributes, performing successive attribute splitting on the network data to generate a decision tree.
In this step, specifically, when the decision tree is generated by performing successive attribute splitting on the network data according to the sequentially determined splitting attributes, the decision tree may be generated by performing successive attribute splitting on the network data according to the sequentially determined splitting attributes and the class label type preset for each splitting attribute.
For example, as shown in fig. 2, when the traffic attributes in the CPU utilization, the traffic consumption, the memory consumption, and the disk consumption are determined as split attributes, the network data may be split according to class label types (i.e., class 1 label to class j label) preset by the traffic attributes, so as to generate the decision tree shown in fig. 2.
Of course, it should be noted here that, on the leaf node of the generated decision tree, the data corresponding to the unique attribute after the last attribute splitting is performed in the at least two attributes, so that the network security situation can be predicted according to the data on the leaf node of the decision tree.
Step 104: and predicting the network security situation according to the decision tree to obtain a prediction result.
In this step, specifically, when predicting the network security situation according to the decision tree, the obtained prediction result may be safe, general, unsafe, and the like, where both general and unsafe indicate that there is a risk in network security.
In addition, specifically, after the network security situation is predicted according to the decision tree and the prediction result is obtained, when the prediction result indicates that the network has a risk, the warning information can be displayed, so that the source tracing can be performed based on the generated decision tree to find out factors influencing the future network security situation.
In this way, in this embodiment, according to the network data including data corresponding to at least two attributes, the splitting attribute for performing attribute splitting each time is sequentially determined from the at least two attributes, and the determination order of the splitting attribute is related to the influence degree of the splitting attribute on the network security situation prediction result, then, according to the sequentially determined splitting attribute, the network data is subjected to successive attribute splitting to generate a decision tree, and finally, according to the decision tree, the network security situation is predicted to obtain the prediction result, so that the effect degree of the network security situation prediction result on the basis of the attributes is subjected to hierarchical splitting, thereby ensuring the accuracy of the final network security situation prediction and improving the prediction efficiency of the network security situation.
In addition, in this embodiment, when determining the split attribute that performs attribute splitting each time in sequence from the at least two attributes according to the network data, a split influence value of each of the at least two attributes may be calculated according to the network data, then according to the split influence value of each attribute, the attribute with the smallest split influence value is determined as the first split attribute, the first split attribute is deleted from the at least two attributes, so as to obtain the remaining attributes of the at least two attributes, then according to the network data, the split influence values of the remaining attributes of the at least two attributes are calculated, and according to the split influence value of each remaining attribute, the remaining attribute with the smallest split influence value is determined as the second split attribute.
It should be noted that, when the network data includes at least three attributes, in this embodiment, the second split attribute needs to be deleted from the at least two attributes to obtain remaining attributes of the at least two attributes, then the split influence value of the remaining attributes of the at least two attributes is calculated according to the network data, and the remaining attribute with the smallest split influence value is determined as the third split attribute according to the split influence value of each remaining attribute. That is, in the embodiment, when the splitting attribute of this time is determined, the attribute with the smallest splitting influence value in the remaining attributes is always determined as the splitting attribute of this time, so that the influence degree of other attributes except the splitting attribute in the attributes on the distinguishing capability of the network security situation prediction is relatively large, the accuracy of the final network security situation prediction can be ensured, and the prediction efficiency of the network security situation is improved.
Specifically, each of the at least two attributes is preset with a plurality of category label types; at this time, when the splitting influence value of each of the at least two attributes is calculated according to the network data, the splitting influence value of each of the at least two attributes may be calculated according to the network data by the following formula;
Figure BDA0001847617980000051
Figure BDA0001847617980000061
Figure BDA0001847617980000062
Figure BDA0001847617980000063
wherein the content of the first and second substances,
di represents the ith attribute of the at least two attributes; (Di) represents a splitting influence value of the attribute Di; q represents a class mark type preset by the attribute Di; w is ajRepresenting the weight of the jth category in the attribute Di in all the category categories in the attribute Di; p is a radical ofjRepresenting the ratio of the jth category in the attribute Di to all the category categories in the attribute Di; m isiRepresenting the quantity of data corresponding to the attribute Di; m represents the number of the network data; n isjIndicating the amount of data corresponding to the jth type of the attribute Di.
Specifically, in the determination process of the split attributes, the influence degree of each attribute Di on the final network security situation prediction result can be comprehensively evaluated, and finally, an attribute that is most likely to separate different network security situations is found as the split attribute to split the data. Therefore, the network security situation can be predicted from the most classified attributes through the method, and the accuracy of network security situation prediction is guaranteed.
For example, for 4 attributes such as traffic, CPU utilization, memory consumption, and disk consumption, if the split impact value of traffic is calculated to be 0.694, the split impact value of CPU utilization is 0.911, the split impact value of memory consumption is 0.892, and the split impact value of disk consumption is 0.789. Then the traffic attribute with the smallest splitting impact value is selected as the splitting attribute to split it, as shown in fig. 2. Of course, as can be seen from fig. 2, when the traffic attribute is split as the splitting attribute, the splitting needs to be performed according to the class label type preset by the traffic attribute.
Of course, it should be noted here that when the split attribute is determined again in the remaining attributes except the traffic attribute, the split influence values of the CPU utilization, the memory consumption, and the disk consumption need to be calculated, and an attribute with the smallest split influence value is selected as the split attribute to split the split attribute. And the steps are sequentially and circularly split layer by layer, and finally the prediction result of the safety situation, namely the final conclusion of safety, general safety, insecurity and the like is obtained.
In this way, according to the method for predicting the network security situation provided by this embodiment, the splitting attribute for performing attribute splitting each time is sequentially determined from the at least two attributes according to the network data including the data corresponding to the at least two attributes, and the determination order of the splitting attributes is related to the degree of influence on the network security situation prediction result, then the successive attribute splitting is performed on the network data according to the sequentially determined splitting attributes to generate the decision tree, and finally the network security situation is predicted according to the decision tree to obtain the prediction result, so that the hierarchical splitting is performed on the degree of influence of the network security situation prediction result based on the attributes, thereby ensuring the accuracy of the final network security situation prediction and improving the prediction efficiency of the network security situation.
In addition, as shown in fig. 3, a block diagram of a device for predicting a network security situation in an embodiment of the present invention is shown, where the device includes:
a first obtaining module 301, configured to obtain network data, where the network data includes data corresponding to at least two attributes;
a second obtaining module 302, configured to sequentially determine, according to the network data, a splitting attribute for performing attribute splitting each time from the at least two attributes;
a third obtaining module 303, configured to perform successive attribute splitting on the network data according to the sequentially determined splitting attributes, so as to generate a decision tree;
and the fourth obtaining module 304 is configured to predict a network security situation according to the decision tree to obtain a prediction result.
Optionally, the at least two attributes comprise: CPU utilization, traffic consumption, memory consumption, and disk consumption.
Optionally, the second obtaining module 302 includes:
a calculating unit, configured to calculate a splitting influence value of each of at least two attributes according to the network data;
the first determining unit is used for determining the attribute with the minimum splitting influence value as a first splitting attribute according to the splitting influence value of each attribute;
an obtaining unit, configured to delete the first split attribute from the at least two attributes, so as to obtain a remaining attribute of the at least two attributes;
and the second determining unit is used for calculating the splitting influence value of the residual attribute in the at least two attributes according to the network data, and determining the residual attribute with the minimum splitting influence value as the second splitting attribute according to the splitting influence value of each residual attribute.
Optionally, each of the at least two attributes is preset with a plurality of category types;
the calculation unit is used for calculating the splitting influence value of each attribute in at least two attributes according to the network data through the following formula;
Figure BDA0001847617980000071
Figure BDA0001847617980000072
Figure BDA0001847617980000081
Figure BDA0001847617980000082
wherein the content of the first and second substances,
di represents the ith attribute of the at least two attributes; (Di) represents a splitting influence value of the attribute Di; q represents genusThe category type preset by the sex Di; w is ajRepresenting the weight of the jth category in the attribute Di in all the category categories in the attribute Di; p is a radical ofjRepresenting the ratio of the jth category in the attribute Di to all the category categories in the attribute Di; m isiRepresenting the quantity of data corresponding to the attribute Di; m represents the number of the network data; n isjIndicating the amount of data corresponding to the jth type of the attribute Di.
Optionally, the third obtaining module 303 is configured to perform attribute-to-attribute splitting on the network data successively according to the sequentially determined splitting attributes and the class label type preset for each splitting attribute, so as to generate a decision tree.
Optionally, the apparatus further comprises:
and the display module is used for displaying warning information when the prediction result indicates that the network has risks.
In this way, according to the method for predicting the network security situation provided by this embodiment, the splitting attribute for performing attribute splitting each time is sequentially determined from the at least two attributes according to the network data including the data corresponding to the at least two attributes, and the determination order of the splitting attributes is related to the degree of influence on the network security situation prediction result, then the successive attribute splitting is performed on the network data according to the sequentially determined splitting attributes to generate the decision tree, and finally the network security situation is predicted according to the decision tree to obtain the prediction result, so that the hierarchical splitting is performed on the degree of influence of the network security situation prediction result based on the attributes, thereby ensuring the accuracy of the final network security situation prediction and improving the prediction efficiency of the network security situation.
In addition, as shown in fig. 4, an entity structure diagram of the electronic device provided in the embodiment of the present invention is shown, where the electronic device may include: a processor (processor)410, a communication Interface 420, a memory (memory)430 and a communication bus 440, wherein the processor 410, the communication Interface 420 and the memory 430 are communicated with each other via the communication bus 440. The processor 410 may invoke a computer program stored on the memory 430 and executable on the processor 410 to perform the methods provided by the various embodiments described above, including, for example: acquiring network data, wherein the network data comprises data corresponding to at least two attributes; according to the network data, sequentially determining splitting attributes for attribute splitting each time from the at least two attributes, wherein the determining sequence of the splitting attributes is related to the influence degree on the network security situation prediction result; according to the sequentially determined splitting attributes, performing successive attribute splitting on the network data to generate a decision tree; and predicting the network security situation according to the decision tree to obtain a prediction result.
In addition, the logic instructions in the memory 430 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Embodiments of the present invention further provide a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program is implemented to perform the method provided in the foregoing embodiments when executed by a processor, and the method includes: acquiring network data, wherein the network data comprises data corresponding to at least two attributes; according to the network data, sequentially determining splitting attributes for attribute splitting each time from the at least two attributes, wherein the determining sequence of the splitting attributes is related to the influence degree on the network security situation prediction result; according to the sequentially determined splitting attributes, performing successive attribute splitting on the network data to generate a decision tree; and predicting the network security situation according to the decision tree to obtain a prediction result.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (9)

1. A method for predicting a network security situation, the method comprising:
acquiring network data, wherein the network data comprises data corresponding to at least two attributes;
according to the network data, sequentially determining splitting attributes for attribute splitting each time from the at least two attributes, wherein the determining sequence of the splitting attributes is related to the influence degree on the network security situation prediction result;
according to the sequentially determined splitting attributes, performing successive attribute splitting on the network data to generate a decision tree;
and predicting the network security situation according to the decision tree to obtain a prediction result.
2. The method of claim 1, wherein the at least two attributes comprise: CPU utilization, traffic consumption, memory consumption, and disk consumption.
3. The method of claim 1, wherein the determining the split attribute for each attribute split in sequence from the at least two attributes according to the network data comprises:
calculating a split influence value of each attribute of the at least two attributes according to the network data;
determining the attribute with the minimum splitting influence value as a first splitting attribute according to the splitting influence value of each attribute;
deleting the first split attribute from the at least two attributes to obtain a remaining attribute of the at least two attributes;
and calculating the splitting influence value of the residual attribute in the at least two attributes according to the network data, and determining the residual attribute with the minimum splitting influence value as a second splitting attribute according to the splitting influence value of each residual attribute.
4. The method according to claim 3, wherein each of the at least two attributes is preset with a plurality of types of labels;
the calculating a split impact value for each of at least two attributes according to the network data includes:
calculating a split influence value of each attribute of the at least two attributes according to the network data through the following formula;
Figure FDA0001847617970000011
Figure FDA0001847617970000012
Figure FDA0001847617970000021
Figure FDA0001847617970000022
wherein the content of the first and second substances,
di represents the ith attribute of the at least two attributes; (Di) represents a splitting influence value of the attribute Di; q represents a class mark type preset by the attribute Di; w is ajRepresenting the weight of the jth category in the attribute Di in all the category categories in the attribute Di; p is a radical ofjRepresenting the ratio of the jth category in the attribute Di to all the category categories in the attribute Di; m isiRepresenting the quantity of data corresponding to the attribute Di; m represents the number of the network data; n isjIndicating the amount of data corresponding to the jth type of the attribute Di.
5. The method of claim 1, wherein the performing successive attribute splitting on the network data to generate a decision tree according to the sequentially determined splitting attributes comprises:
and performing successive attribute splitting on the network data according to the sequentially determined splitting attributes and the class mark type preset by each splitting attribute to generate a decision tree.
6. The method of claim 1, wherein after predicting the network security situation according to the decision tree and obtaining a prediction result, the method further comprises:
and displaying warning information when the prediction result indicates that the network has risks.
7. An apparatus for predicting a network security posture, the apparatus comprising:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring network data, and the network data comprises data corresponding to at least two attributes;
a second obtaining module, configured to sequentially determine, according to the network data, a splitting attribute for performing attribute splitting each time from the at least two attributes;
the third acquisition module is used for performing successive attribute splitting on the network data according to the sequentially determined splitting attributes to generate a decision tree;
and the fourth acquisition module is used for predicting the network security situation according to the decision tree to obtain a prediction result.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method for predicting a network security situation according to any one of claims 1 to 6 when executing the computer program.
9. A non-transitory computer readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method for predicting a network security situation according to any one of claims 1 to 6.
CN201811278810.8A 2018-10-30 2018-10-30 Method and device for predicting network security situation Pending CN111125685A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811278810.8A CN111125685A (en) 2018-10-30 2018-10-30 Method and device for predicting network security situation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811278810.8A CN111125685A (en) 2018-10-30 2018-10-30 Method and device for predicting network security situation

Publications (1)

Publication Number Publication Date
CN111125685A true CN111125685A (en) 2020-05-08

Family

ID=70484525

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811278810.8A Pending CN111125685A (en) 2018-10-30 2018-10-30 Method and device for predicting network security situation

Country Status (1)

Country Link
CN (1) CN111125685A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114615007A (en) * 2022-01-13 2022-06-10 中国科学院信息工程研究所 Tunnel mixed flow classification method and system based on random forest

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105808582A (en) * 2014-12-30 2016-07-27 华为技术有限公司 Parallel generation method and device of decision tree on the basis of layered strategy
CN108040062A (en) * 2017-12-19 2018-05-15 湖北工业大学 A kind of network security situation evaluating method based on evidential reasoning rule
CN108667834A (en) * 2018-04-28 2018-10-16 广东电网有限责任公司 Network security situational awareness method based on artificial immunity and grey relational grade analysis

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105808582A (en) * 2014-12-30 2016-07-27 华为技术有限公司 Parallel generation method and device of decision tree on the basis of layered strategy
CN108040062A (en) * 2017-12-19 2018-05-15 湖北工业大学 A kind of network security situation evaluating method based on evidential reasoning rule
CN108667834A (en) * 2018-04-28 2018-10-16 广东电网有限责任公司 Network security situational awareness method based on artificial immunity and grey relational grade analysis

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114615007A (en) * 2022-01-13 2022-06-10 中国科学院信息工程研究所 Tunnel mixed flow classification method and system based on random forest

Similar Documents

Publication Publication Date Title
US11087329B2 (en) Method and apparatus of identifying a transaction risk
CN105590055B (en) Method and device for identifying user credible behaviors in network interaction system
KR20160147622A (en) Method and device for identificating a file
CN111931048B (en) Artificial intelligence-based black product account detection method and related device
CN111401700A (en) Data analysis method, device, computer system and readable storage medium
CN108228875B (en) Log analysis method and device based on perfect hash
CN110855648B (en) Early warning control method and device for network attack
CN110689084B (en) Abnormal user identification method and device
CN111199474A (en) Risk prediction method and device based on network diagram data of two parties and electronic equipment
CN111222976A (en) Risk prediction method and device based on network diagram data of two parties and electronic equipment
CN112801773A (en) Enterprise risk early warning method, device, equipment and storage medium
CN109729069B (en) Abnormal IP address detection method and device and electronic equipment
CN110751354B (en) Abnormal user detection method and device
CN113312560A (en) Group detection method and device and electronic equipment
CN111125685A (en) Method and device for predicting network security situation
CN112613176A (en) Slow SQL statement prediction method and system
EP2731021B1 (en) Apparatus, program, and method for reconciliation processing in a graph database
CN112612810A (en) Slow SQL statement identification method and system
CN115208938B (en) User behavior control method and device and computer readable storage medium
CN115168509A (en) Processing method and device of wind control data, storage medium and computer equipment
CN113704251A (en) Method and device for layout of home page of distributed storage database all-in-one machine
CN114257427A (en) Target user identification method and device, electronic equipment and storage medium
CN113869904A (en) Suspicious data identification method, device, electronic equipment, medium and computer program
CN113052509A (en) Model evaluation method, model evaluation apparatus, electronic device, and storage medium
KR102675087B1 (en) Method for generating and visualizing threat intelligence-based ontology and computing device using the same

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200508