CN113452581B - Method and device for extracting characteristics of streaming data, storage medium and computer equipment - Google Patents

Method and device for extracting characteristics of streaming data, storage medium and computer equipment Download PDF

Info

Publication number
CN113452581B
CN113452581B CN202110999767.XA CN202110999767A CN113452581B CN 113452581 B CN113452581 B CN 113452581B CN 202110999767 A CN202110999767 A CN 202110999767A CN 113452581 B CN113452581 B CN 113452581B
Authority
CN
China
Prior art keywords
data
feature
target
network security
extractor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110999767.XA
Other languages
Chinese (zh)
Other versions
CN113452581A (en
Inventor
辜乘风
徐�明
魏国富
殷钱安
周晓勇
陶景龙
余贤喆
梁淑云
刘胜
王启凡
马影
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information and Data Security Solutions Co Ltd
Original Assignee
Information and Data Security Solutions Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information and Data Security Solutions Co Ltd filed Critical Information and Data Security Solutions Co Ltd
Priority to CN202110999767.XA priority Critical patent/CN113452581B/en
Priority to PCT/CN2021/117111 priority patent/WO2023029066A1/en
Publication of CN113452581A publication Critical patent/CN113452581A/en
Application granted granted Critical
Publication of CN113452581B publication Critical patent/CN113452581B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2282Tablespace storage structures; Management thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • G06F16/24568Data stream processing; Continuous queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • Signal Processing (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Biology (AREA)
  • Computational Linguistics (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Medical Informatics (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a method and a device for extracting characteristics of streaming data, a storage medium and computer equipment, wherein the method comprises the following steps: receiving streaming data and acquiring a network security feature extraction requirement corresponding to the streaming data, wherein the network security feature extraction requirement comprises at least one target dimension to be extracted and at least one target feature to be extracted; generating a feature data extractor according to the target dimension and the target feature; and extracting network security feature data corresponding to the target dimension and the target feature from the streaming data by using the feature data extractor. By constructing the feature data extractor and extracting the network security feature data of the streaming data through the feature data extractor, the method and the device can extract the instantaneity feature of the streaming data, and reduce the occupation amount of resources while fully playing the low-delay characteristic of the streaming data.

Description

Method and device for extracting characteristics of streaming data, storage medium and computer equipment
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a method and an apparatus for extracting characteristics of streaming data, a storage medium, and a computer device.
Background
Streaming data is a set of sequential, massive, fast, continuous arriving data sequences, a dynamic collection of data that increases over time. Due to the characteristics of low delay and high throughput, the streaming data is widely applied to services with high requirements on data real-time performance, such as network security services for failing host judgment, DNS request quantity extraction, and the like.
In the network security service, most streaming data need to be applied after feature extraction, and when the current streaming data is subjected to feature extraction, a time period is usually preset according to the actual situation of the network security service, and then the streaming data is uniformly processed according to the time period to extract the desired features. On one hand, the characteristic extraction method cannot fully play the characteristic of low delay of the streaming data, on the other hand, the streaming data needs to be stored uniformly before the characteristic extraction is carried out uniformly on the streaming data according to the time period, and when the throughput of the streaming data is higher, a large amount of host resources need to be occupied.
Therefore, how to extract the immediate features of the streaming data in the network security service, which reduces the resource occupation while fully playing the low-latency characteristics of the streaming data, becomes a problem to be solved in the field.
Disclosure of Invention
In view of this, the present application provides a method and an apparatus for extracting characteristics of streaming data, a storage medium, and a computer device, which can perform immediate characteristic extraction on streaming data in a network security service, and reduce the occupation of resources while fully playing the low latency characteristics of the streaming data.
According to an aspect of the present application, there is provided a feature extraction method for streaming data, including:
receiving streaming data and acquiring a network security feature extraction requirement corresponding to the streaming data, wherein the network security feature extraction requirement comprises at least one target dimension to be extracted and at least one target feature to be extracted, the target dimension comprises at least one of an IP dimension, a time dimension and a mac local area network address dimension, and the target feature comprises at least one of a DNS request quantity feature, an ICMP request quantity feature, an HTTP request quantity feature, a DNS domain name set feature and a page access frequency feature;
generating a feature data extractor according to the target dimension and the target feature;
and extracting network security feature data corresponding to the target dimension and the target feature from the streaming data by using the feature data extractor.
Optionally, the network security feature extraction requirement includes a request DNS domain name duplication removal number, where the request DNS domain name duplication removal number includes the IP dimension and the DNS domain name set feature.
Optionally, before the obtaining of the network security feature extraction requirement corresponding to the streaming data, the method further includes:
and screening the streaming data according to preset data screening conditions, wherein the preset data screening conditions comprise a preset data protocol.
Optionally, the generating a feature data extractor according to the target dimension and the target feature specifically includes:
respectively establishing a feature data extraction tool matched with each target feature according to each target feature;
generating the feature data extractor in dependence on the target dimension, the target feature and the feature data extraction tool, wherein the feature data extractor comprises an extractor head and an extractor body, the extractor head being configured to indicate the target dimension and the target feature, the extractor body comprising the feature data extraction tool.
Optionally, the extracting, by using the feature data extractor, network security feature data corresponding to the target dimension and the target feature in the streaming data specifically includes:
inputting the streaming data into the feature data extractor, so that the feature data extractor groups the streaming data according to the target dimension, and extracting network security feature data matched with the target feature from the grouped streaming data.
Optionally, after extracting network security feature data corresponding to the target dimension and the target feature in the streaming data, the method further includes:
generating a feature data set list based on an extractor head of the feature data extractor and the network security feature data, wherein the feature data set list comprises a first header comprising the target dimension, a second header comprising the target feature, and a list result corresponding to each first header and each second header, the list result comprising the network security feature data corresponding to each target dimension and each target feature.
Optionally, after generating the feature data set list, the method further includes:
in response to a sample data acquisition instruction, searching target feature data corresponding to the sample data acquisition instruction from the feature data set list, wherein the sample data acquisition instruction comprises any first header and/or any second header, and the sample data acquisition instruction is used for acquiring a model training sample;
judging whether the target characteristic data is numerical data or not, and calling a corresponding data processing model based on the data type of the target characteristic data when the target characteristic data is non-numerical data;
and converting the target characteristic data into numerical data according to the data processing model so as to perform model training by using the converted target characteristic data.
Optionally, before generating the feature data set list based on the extractor head of the feature data extractor and the network security feature data, the method further comprises:
judging whether the network security feature data are numerical data or not, and calling a corresponding data processing model based on the data type of the network security feature data when the network security feature data are non-numerical data;
and converting the network security feature data into numerical data according to the data processing model so as to generate a feature data set list by using the converted network security feature data.
Optionally, before the receiving the streaming data, the method further includes:
receiving a model training task;
analyzing training sample characteristics required by executing the model training task, and determining the network security feature extraction requirement according to the training sample characteristics;
accordingly, after the generating the feature data set list, the method further comprises:
reading network security feature data corresponding to each header in the feature data set list, and establishing a training sample set corresponding to the model training task according to the read network security feature data;
and training the model by utilizing the training sample set.
According to another aspect of the present application, there is provided a feature extraction apparatus for streaming data, including:
the system comprises a demand acquisition module, a demand acquisition module and a demand analysis module, wherein the demand acquisition module receives streaming data and acquires a network security feature extraction demand corresponding to the streaming data, the network security feature extraction demand comprises at least one target dimension to be extracted and at least one target feature to be extracted, the target dimension comprises at least one of an IP dimension, a time dimension and a mac local area network address dimension, and the target feature comprises at least one of a DNS request quantity feature, an ICMP request quantity feature, an HTTP request quantity feature, a DNS domain name set feature and a page access frequency feature;
the extractor generating module is used for generating a characteristic data extractor according to the target dimension and the target characteristic;
and the characteristic data extraction module is used for extracting network security characteristic data corresponding to the target dimension and the target characteristic from the streaming data by using the characteristic data extractor.
Optionally, the network security feature extraction requirement includes a request DNS domain name duplication removal number, where the request DNS domain name duplication removal number includes the IP dimension and the DNS domain name set feature.
Optionally, the apparatus further comprises:
the streaming data screening module is configured to screen the streaming data according to a preset data screening condition before the network security feature extraction requirement corresponding to the streaming data is acquired, where the preset data screening condition includes a preset data protocol.
Optionally, the extractor generating module specifically includes:
the extraction tool establishing unit is used for establishing a feature data extraction tool matched with each target feature respectively according to each target feature;
an extractor generating unit configured to generate the feature data extractor according to the target dimension, the target feature, and the feature data extraction tool, wherein the feature data extractor includes an extractor head and an extractor body, the extractor head is configured to indicate the target dimension and the target feature, and the extractor body includes the feature data extraction tool.
Optionally, the feature data extraction module is specifically configured to:
inputting the streaming data into the feature data extractor, so that the feature data extractor groups the streaming data according to the target dimension, and extracting network security feature data matched with the target feature from the grouped streaming data.
Optionally, the apparatus further comprises:
a list generation module, configured to generate, after the extracting of the network security feature data corresponding to the target dimension and the target feature in the streaming data, a feature data set list based on an extractor head of the feature data extractor and the network security feature data, wherein the feature data set list includes a first header including the target dimension, a second header including the target feature, and a list result corresponding to each first header and each second header, and the list result includes the network security feature data corresponding to each target dimension and each target feature.
Optionally, the apparatus further comprises:
the searching module is used for searching target characteristic data corresponding to the sample data acquisition instruction from the characteristic data set list according to the sample data acquisition instruction, wherein the sample data acquisition instruction comprises any first header and/or any second header, and the sample data acquisition instruction is used for acquiring a model training sample;
the judging module is used for judging whether the target characteristic data is numerical data or not and calling a corresponding data processing model based on the data type of the target characteristic data when the target characteristic data is non-numerical data;
and the conversion module is used for converting the target characteristic data into numerical data according to the data processing model so as to perform model training by using the converted target characteristic data.
Optionally, the apparatus further comprises:
a judging module, configured to judge whether the network security feature data is numeric data before generating a feature data set list based on an extractor head of the feature data extractor and the network security feature data, and call a corresponding data processing model based on a data type of the network security feature data when the network security feature data is non-numeric data;
and the conversion module is used for converting the network security feature data into numerical data according to the data processing model so as to generate a feature data set list by using the converted network security feature data.
Optionally, the apparatus further comprises:
a training task receiving module, configured to receive a model training task before the streaming data is received;
the requirement determining module is used for analyzing training sample characteristics required by executing the model training task and determining the network security feature extraction requirement according to the training sample characteristics;
correspondingly, the device further comprises:
a training sample set determining module, configured to read network security feature data corresponding to each header in the feature data set list after the feature data set list is generated, and establish a training sample set corresponding to the model training task according to the read network security feature data;
and the model training module is used for training the model by utilizing the training sample set.
According to still another aspect of the present application, there is provided a storage medium having stored thereon a computer program which, when executed by a processor, implements the above-described feature extraction method for streaming data.
According to yet another aspect of the present application, there is provided a computer device, including a storage medium, a processor, and a computer program stored on the storage medium and executable on the processor, the processor implementing the above feature extraction method for streaming data when executing the program.
By means of the technical scheme, the method and the device for extracting the characteristics of the streaming data, the storage medium and the computer device receive the streaming data, acquire the network security characteristic extraction requirement for extracting the network security characteristic data of the streaming data, analyze the network security characteristic extraction requirement, acquire at least one target dimension to be extracted and at least one target characteristic to be extracted, generate the characteristic data extractor according to the target dimension and the target characteristic, and further extract the network security characteristic data of the received streaming data according to the generated characteristic data extractor. By constructing the feature data extractor and extracting the network security feature data of the streaming data through the feature data extractor, the method and the device can extract the instantaneity feature of the streaming data, and reduce the occupation amount of resources while fully playing the low-delay characteristic of the streaming data.
The foregoing description is only an overview of the technical solutions of the present application, and the present application can be implemented according to the content of the description in order to make the technical means of the present application more clearly understood, and the following detailed description of the present application is given in order to make the above and other objects, features, and advantages of the present application more clearly understandable.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic flowchart illustrating a feature extraction method for streaming data according to an embodiment of the present application;
fig. 2 is a schematic flow chart illustrating another method for extracting features of streaming data according to an embodiment of the present disclosure;
FIG. 3 is a schematic diagram illustrating a structure of a feature data extractor provided in an embodiment of the present application;
fig. 4 is a schematic structural diagram illustrating a feature data set list provided in an embodiment of the present application;
fig. 5 shows a schematic structural diagram of a feature extraction apparatus for streaming data according to an embodiment of the present application.
Detailed Description
The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
In this embodiment, a method for extracting features of streaming data is provided, as shown in fig. 1, where the method includes:
step 101, receiving streaming data, and obtaining a network security feature extraction requirement corresponding to the streaming data, wherein the network security feature extraction requirement includes at least one target dimension to be extracted and at least one target feature to be extracted, the target dimension includes at least one of an IP dimension, a time dimension, and a mac local area network address dimension, and the target feature includes at least one of a DNS request quantity feature, an ICMP request quantity feature, an HTTP request quantity feature, a DNS domain name set feature, and a page access frequency feature;
in the embodiment of the application, the streaming data can be used for network security services such as determining a lost host, extracting the number of DNS requests and the like. The streaming data feature extraction method provided by the embodiment of the application receives streaming data and acquires the network security feature extraction requirement for extracting the network security feature data of the streaming data. Analyzing the network security feature extraction requirement, and acquiring a target dimension to be extracted and a target feature to be extracted, wherein the target dimension to be extracted and the target feature to be extracted are at least one, and as different services may have different network security feature data extraction requirements, the target dimension to be extracted and the target feature to be extracted may be multiple. For example, the target dimension may be an IP dimension, a time dimension, a mac local area network address dimension, and the like, and the target feature may be a DNS (Domain Name System, computer Domain Name) request quantity feature, an ICMP (internet Control Message Protocol) request quantity feature, an HTTP (HyperText Transfer Protocol) request quantity feature, a DNS Domain Name aggregation feature, a page access number feature, and the like. For example, taking a scenario of finding a lost host in an intranet as an example, since a research object is a host of the intranet, feature extraction may be performed with an intranet host IP as a target dimension, or both the intranet host IP and time may be used as the target dimension.
102, generating a feature data extractor according to the target dimension and the target feature;
in this embodiment, after the target dimension and the target feature are acquired, the feature data extractor is generated according to the target dimension and the target feature. If the target features are multiple, then a feature data extractor is generated according to different target features and all target dimensions. For example, a certain network security feature extraction requirement includes 2 target dimensions (target dimension a and target dimension B, respectively) and 3 target features (target feature a, target feature B, and target feature c, respectively), then 3 feature data extractors (feature data extractor 1, feature data extractor 2, and feature data extractor 3, respectively) are correspondingly generated, the feature data extractor 1 may be generated based on target dimension a, target dimension B, and target feature a, the feature data extractor 2 may be generated based on target dimension a, target dimension B, and target feature B, and the feature data extractor 3 may be generated based on target dimension a, target dimension B, and target feature c. The above description of the feature data extractor is only an example, and should not limit the scope of the present application.
And 103, extracting network security feature data corresponding to the target dimension and the target feature from the streaming data by using the feature data extractor.
In this embodiment, network security feature data of the received streaming data is extracted according to the generated feature data extractor, the network security feature data corresponding to the target dimension and the target feature. For example, when the DNS request quantity feature sent by the host in the intranet needs to be extracted, the target feature may be the DNS request quantity sent by the host in the intranet, the target dimension may be a host IP address, a corresponding feature data extractor is generated according to the DNS request quantity and the host IP address, and a specific DNS request quantity value in the streaming data is extracted according to the feature data extractor.
By applying the technical scheme of the embodiment, streaming data is received, a network security feature extraction requirement for network security feature data extraction of the streaming data is acquired, the network security feature extraction requirement is analyzed, at least one target dimension to be extracted and at least one target feature to be extracted are acquired, a feature data extractor is generated according to the target dimension and the target feature, and then the network security feature data of the received streaming data is extracted according to the generated feature data extractor. By constructing the feature data extractor and extracting the network security feature data of the streaming data through the feature data extractor, the method and the device can extract the instantaneity feature of the streaming data, and reduce the occupation amount of resources while fully playing the low-delay characteristic of the streaming data.
Further, as a refinement and an extension of the specific implementation of the above embodiment, in order to fully illustrate the specific implementation process of the embodiment, another feature extraction method for streaming data is provided, as shown in fig. 2, the method includes:
step 201, receiving streaming data, and screening the streaming data according to a preset data screening condition, wherein the preset data screening condition includes a preset data protocol;
in this embodiment, after receiving the streaming data, the received streaming data is screened according to the preset data screening condition, and the streaming data meeting the preset data screening condition may enter subsequent processing. For different network security services, the preset data screening conditions may also be different. Due to the huge amount of streaming data and the numerous formats, a data protocol is usually included in the preset data screening conditions, and a part of the streaming data is screened out through the preset data protocol. For example, taking a network traffic analysis scenario as an example, the obtained streaming data includes a large number of different data protocol types, including a DNS protocol, a TCP protocol, or a UDP protocol, and if only network security feature data of the streaming data of the DNS data protocol needs to be extracted in a specific scenario, the obtained streaming data may be preliminarily screened, and the streaming data conforming to the DNS data protocol type is screened out, and then a subsequent operation is performed. According to the embodiment of the application, the received streaming data is screened through the preset data screening conditions, so that the processing amount of the streaming data is reduced, the resource occupation of a computer is reduced, and the streaming data processing efficiency is improved.
Step 202, obtaining a network security feature extraction requirement corresponding to the streaming data, where the network security feature extraction requirement includes at least one target dimension to be extracted and at least one target feature to be extracted, the target dimension includes at least one of an IP dimension, a time dimension, and a mac local area network address dimension, and the target feature includes at least one of a DNS request quantity feature, an ICMP request quantity feature, an HTTP request quantity feature, a DNS domain name set feature, and a page access frequency feature;
step 203, generating a feature data extractor according to the target dimension and the target feature;
in this embodiment of the present application, optionally, step 203 specifically includes:
respectively establishing a feature data extraction tool matched with each target feature according to each target feature; generating the feature data extractor in dependence on the target dimension, the target feature and the feature data extraction tool, wherein the feature data extractor comprises an extractor head and an extractor body, the extractor head being configured to indicate the target dimension and the target feature, the extractor body comprising the feature data extraction tool.
In the embodiment, after at least one target dimension to be extracted and at least one target feature to be extracted are determined, a feature data extraction tool matched with the target feature is established according to each target feature, and then a feature data extractor is generated by using the target dimension, the target feature and the feature data extraction tool. The feature data extractor mainly comprises two components, one is an extractor head, and the other is an extractor body. The extractor head may indicate a target dimension and a target feature, and the extractor body may include a feature data extraction tool corresponding to the target dimension and the target feature. For example, the target feature may be the maximum value of the streaming data, and the corresponding feature data extraction tool may be a function method, i.e., a MAX () function. And after one streaming data is input, dynamically calculating the maximum value of the streaming data after the target dimensionality is filtered, updating the corresponding network security feature data according to a MAX () function, and taking the final maximum value as the network security feature data. The structure of the feature data extractor is shown in fig. 3.
Step 204, extracting network security feature data corresponding to the target dimension and the target feature from the streaming data by using the feature data extractor; in this embodiment of the present application, optionally, step 204 specifically includes:
inputting the streaming data into the feature data extractor, so that the feature data extractor groups the streaming data according to the target dimension, and extracting network security feature data matched with the target feature from the grouped streaming data.
In the embodiment, after the feature data extractor is generated, streaming data is input into the feature data extractor, after the feature data extractor receives the streaming data, a group to which the current data belongs in the feature extractor is found according to a target dimension, if the group does not exist, a new group is created, and then, network security feature data matched with a target feature is extracted from the grouped streaming data through a feature data extraction tool and is updated to the group to which the current streaming data belongs. For example, when the target dimension is a host IP address, after streaming data including information of IP =192.168.10.10 enters the feature extractor at a certain time, the feature extractor finds a packet with the target dimension of 192.168.10.10 according to IP =192.168.10.10, extracts network security feature data, and updates the network security feature data of the packet 192.168.10.10. According to the embodiment of the application, the current streaming data is grouped through the target dimension in the feature data extractor, then the grouped streaming data is extracted and updated through the network security feature data, the data is received each time only through updating the grouping numerical value corresponding to the data, other groups are unchanged, and the extraction efficiency of the network security feature data of the streaming data is improved.
Step 205, generating a feature data set list based on the network security feature data and an extractor head of the feature data extractor, wherein the feature data set list includes a first header including the target dimension, a second header including the target feature, and a list result corresponding to each first header and each second header, and the list result includes the network security feature data corresponding to each target dimension and each target feature;
in this embodiment, screened streaming data is received, a corresponding network security feature extraction requirement is obtained, the network security feature extraction requirement may include at least one target dimension to be extracted and at least one target feature to be extracted, then a corresponding feature data extractor is generated according to the target dimension and the target feature, and corresponding network security feature data is extracted by the feature data extractor.
Further, a feature data set list is generated based on the extractor head of the feature data extractor and the network security feature data extracted by the feature data extractor. The feature data set list may include three components, namely a first header component, a second header component, and a list result component, where each list result corresponds to a first header and a second header, respectively. The first header may be a target dimension, the second header may be a target feature, and the list result may be network security feature data corresponding to each target dimension and each target feature. According to the embodiment of the application, the characteristic data set list is generated, so that the required network security characteristic data can be conveniently checked and used by workers, and the operation of the related workers is facilitated.
Step 206, in response to a sample data acquisition instruction, searching target feature data corresponding to the sample data acquisition instruction from the feature data set list, wherein the sample data acquisition instruction comprises any first header and/or any second header, and the sample data acquisition instruction is used for acquiring a model training sample;
in this embodiment, after the feature data set list is generated, when a relevant worker wants to use the network security feature data in the feature data set list, the target feature data corresponding to the sample data obtaining instruction is searched from the feature data set list in response to the sample data obtaining instruction. Specifically, any corresponding first header and/or any corresponding second header may be analyzed from the sample data acquisition instruction, and corresponding target feature data may be searched according to the first header and the second header. And the sample data acquisition instruction is used for acquiring target characteristic data from the characteristic data set list, and further taking the target characteristic data as a sample of model training.
Step 207, judging whether the target characteristic data is numerical data or not, and calling a corresponding data processing model based on the data type of the target characteristic data when the target characteristic data is non-numerical data;
in this embodiment, after the target feature data is found, it is determined whether the target feature data is numerical data. Because the target feature data is used for training the model and is used as the input of the machine learning model, it needs to be ensured that the target feature data is numerical data before being input into the machine learning model, and the network security feature data extracted by the feature data extractor may have various types, such as data types of sets, dictionaries, tuples and the like. And when the target characteristic data is non-numerical data, calling a data processing model corresponding to the data type according to the data type of the target characteristic data. For example, when the target feature data is the number of the DNS domain name duplication removers requested by the host, the feature data extractor returns a data set including all the DNS domain names, calls a corresponding data processing model, counts the set length of the DNS domain name, and finally obtains the target feature data as the number of the DNS domain name duplication removers.
And 208, converting the target characteristic data into numerical data according to the data processing model so as to perform model training by using the converted target characteristic data.
In this embodiment, non-numerical target feature data is converted into numerical data according to the data processing model, and then model training can be performed using the converted target feature data.
In this embodiment of the present application, optionally, the network security feature extraction requirement includes a request DNS domain name duplication removal number, where the request DNS domain name duplication removal number includes the IP dimension and the DNS domain name set feature.
Further, an embodiment of the present application provides another method for extracting features of streaming data, where the method includes:
step 301, receiving a model training task; analyzing training sample characteristics required by executing the model training task, and determining the network security feature extraction requirement according to the training sample characteristics;
in this embodiment, when a worker wants to train a model, the worker receives a model training task, analyzes which training sample features are required for executing the model training task, and further determines a corresponding network security feature extraction requirement according to the training sample features. The training sample characteristics can include training sample characteristics corresponding to training samples input into the model and training sample characteristics corresponding to training samples output from the model, and therefore network security feature extraction requirements of the training samples input into the model and network security feature extraction requirements of the training samples output by the model are determined respectively. For example, when a worker wants to train the wire speed recognition model, the training task of the wire speed recognition model is received, the training sample characteristics required by the training task analysis are determined according to the input of the worker, and then the network security feature extraction requirement is determined. According to the embodiment of the application, the required training sample characteristics are determined by receiving the model training task, and then the corresponding network security feature extraction requirements are determined, so that the network security feature data used for model training can be extracted automatically according to the network security feature extraction requirements, and the acquisition efficiency of the network security feature data used for training the model is improved.
Step 302, receiving streaming data, and acquiring a network security feature extraction requirement corresponding to the streaming data, wherein the network security feature extraction requirement includes at least one target dimension to be extracted and at least one target feature to be extracted;
step 303, generating a feature data extractor according to the target dimension and the target feature;
step 304, extracting network security feature data corresponding to the target dimension and the target feature from the streaming data by using the feature data extractor;
in this embodiment, streaming data is received, a corresponding network security feature extraction requirement is obtained, the network security feature extraction requirement may include at least one target dimension to be extracted and at least one target feature to be extracted, then a corresponding feature data extractor is generated according to the target dimension and the target feature, and corresponding network security feature data is extracted by the feature data extractor.
305, judging whether the network security feature data is numerical data or not, and calling a corresponding data processing model based on the data type of the network security feature data when the network security feature data is non-numerical data;
step 306, converting the network security feature data into numerical data according to the data processing model, so as to generate a feature data set list by using the converted network security feature data;
in this embodiment, after the corresponding network security feature data is extracted according to the feature data extractor, the network security feature data may be further judged one by one, when the network security feature data is found to be non-numerical data, the corresponding data processing model is called based on the data type of the network security feature data, the non-numerical feature data is further converted into the corresponding numerical feature data according to the data processing model, and then a feature data set list may be generated by using the converted network security feature data.
Step 307 of generating a feature data set list based on the network security feature data and an extractor head of the feature data extractor, wherein the feature data set list includes a first header including the target dimension, a second header including the target feature, and a list result corresponding to each first header and each second header, the list result including the network security feature data corresponding to each target dimension and each target feature;
in this embodiment, after all the network security feature data are converted into numerical feature data, a feature data set list is generated based on the extractor head of the feature data extractor and the network security feature data extracted by the feature data extractor. The feature data set list may include three components, namely a first header component, a second header component, and a list result component, where each list result corresponds to a first header and a second header, respectively. The first header may be a target dimension, the second header may be a target feature, and the list result may be numerical feature data corresponding to each target dimension and each target feature, as shown in fig. 4. The network security feature data in the feature data set list generated by the embodiment of the application are numerical feature data, and when the worker takes the network security feature data, the numerical feature data are directly taken, and can be directly input into the machine learning model, so that the efficiency of machine model training is improved.
308, reading network security feature data corresponding to each header in the feature data set list, and establishing a training sample set corresponding to the model training task according to the read network security feature data; and training the model by utilizing the training sample set.
In this embodiment, after the network security feature data corresponding to each header in the feature data set list is read, a training sample set corresponding to the model training task is established according to the read network security feature data, the network security feature data in the training sample set are all numerical type feature data, and the model is trained by further using the training sample set.
Further, as a specific implementation of the method in fig. 1, an embodiment of the present application provides a feature extraction apparatus for streaming data, as shown in fig. 5, the apparatus includes:
the system comprises a demand acquisition module, a demand acquisition module and a demand analysis module, wherein the demand acquisition module receives streaming data and acquires a network security feature extraction demand corresponding to the streaming data, the network security feature extraction demand comprises at least one target dimension to be extracted and at least one target feature to be extracted, the target dimension comprises at least one of an IP dimension, a time dimension and a mac local area network address dimension, and the target feature comprises at least one of a DNS request quantity feature, an ICMP request quantity feature, an HTTP request quantity feature, a DNS domain name set feature and a page access frequency feature;
the extractor generating module is used for generating a characteristic data extractor according to the target dimension and the target characteristic;
and the characteristic data extraction module is used for extracting network security characteristic data corresponding to the target dimension and the target characteristic from the streaming data by using the characteristic data extractor.
Optionally, the network security feature extraction requirement includes a request DNS domain name duplication removal number, where the request DNS domain name duplication removal number includes the IP dimension and the DNS domain name set feature.
In this embodiment of the present application, optionally, the apparatus further includes:
the streaming data screening module is configured to screen the streaming data according to a preset data screening condition before the network security feature extraction requirement corresponding to the streaming data is acquired, where the preset data screening condition includes a preset data protocol.
In this embodiment of the application, optionally, the extractor generating module specifically includes:
the extraction tool establishing unit is used for establishing a feature data extraction tool matched with each target feature respectively according to each target feature;
an extractor generating unit configured to generate the feature data extractor according to the target dimension, the target feature, and the feature data extraction tool, wherein the feature data extractor includes an extractor head and an extractor body, the extractor head is configured to indicate the target dimension and the target feature, and the extractor body includes the feature data extraction tool.
In this embodiment of the application, optionally, the feature data extraction module is specifically configured to:
inputting the streaming data into the feature data extractor, so that the feature data extractor groups the streaming data according to the target dimension, and extracting network security feature data matched with the target feature from the grouped streaming data.
In this embodiment of the present application, optionally, the apparatus further includes:
a list generation module, configured to generate, after the extracting of the network security feature data corresponding to the target dimension and the target feature in the streaming data, a feature data set list based on an extractor head of the feature data extractor and the network security feature data, wherein the feature data set list includes a first header including the target dimension, a second header including the target feature, and a list result corresponding to each first header and each second header, and the list result includes the network security feature data corresponding to each target dimension and each target feature.
In this embodiment of the present application, optionally, the apparatus further includes:
the searching module is used for searching target characteristic data corresponding to the sample data acquisition instruction from the characteristic data set list according to the sample data acquisition instruction, wherein the sample data acquisition instruction comprises any first header and/or any second header, and the sample data acquisition instruction is used for acquiring a model training sample;
the judging module is used for judging whether the target characteristic data is numerical data or not and calling a corresponding data processing model based on the data type of the target characteristic data when the target characteristic data is non-numerical data;
and the conversion module is used for converting the target characteristic data into numerical data according to the data processing model so as to perform model training by using the converted target characteristic data.
In this embodiment of the present application, optionally, the apparatus further includes:
a judging module, configured to judge whether the network security feature data is numeric data before generating a feature data set list based on an extractor head of the feature data extractor and the network security feature data, and call a corresponding data processing model based on a data type of the network security feature data when the network security feature data is non-numeric data;
and the conversion module is used for converting the network security feature data into numerical data according to the data processing model so as to generate a feature data set list by using the converted network security feature data.
In this embodiment of the present application, optionally, the apparatus further includes:
a training task receiving module, configured to receive a model training task before the streaming data is received;
the requirement determining module is used for analyzing training sample characteristics required by executing the model training task and determining the network security feature extraction requirement according to the training sample characteristics;
correspondingly, the device further comprises:
a training sample set determining module, configured to read network security feature data corresponding to each header in the feature data set list after the feature data set list is generated, and establish a training sample set corresponding to the model training task according to the read network security feature data;
and the model training module is used for training the model by utilizing the training sample set.
According to still another aspect of the present application, there is provided a storage medium having stored thereon a computer program which, when executed by a processor, implements the above-described feature extraction method for streaming data.
It should be noted that other corresponding descriptions of the functional units related to the feature extraction device for streaming data provided in the embodiment of the present application may refer to corresponding descriptions in the methods in fig. 1 to fig. 2, and are not described herein again.
Based on the methods shown in fig. 1 to 2, correspondingly, the present application further provides a storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the method for extracting the features of the streaming data shown in fig. 1 to 2.
Based on such understanding, the technical solution of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.), and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the implementation scenarios of the present application.
Based on the above methods shown in fig. 1 to fig. 2 and the virtual device embodiment shown in fig. 5, in order to achieve the above object, an embodiment of the present application further provides a computer device, which may specifically be a personal computer, a server, a network device, and the like, where the computer device includes a storage medium and a processor; a storage medium for storing a computer program; a processor for executing a computer program to implement the above-described feature extraction method for streaming data as shown in fig. 1 to 2.
Optionally, the computer device may also include a user interface, a network interface, a camera, Radio Frequency (RF) circuitry, sensors, audio circuitry, a WI-FI module, and so forth. The user interface may include a Display screen (Display), an input unit such as a keypad (Keyboard), etc., and the optional user interface may also include a USB interface, a card reader interface, etc. The network interface may optionally include a standard wired interface, a wireless interface (e.g., a bluetooth interface, WI-FI interface), etc.
It will be appreciated by those skilled in the art that the present embodiment provides a computer device architecture that is not limiting of the computer device, and that may include more or fewer components, or some components in combination, or a different arrangement of components.
The storage medium may further include an operating system and a network communication module. An operating system is a program that manages and maintains the hardware and software resources of a computer device, supporting the operation of information handling programs, as well as other software and/or programs. The network communication module is used for realizing communication among components in the storage medium and other hardware and software in the entity device.
Through the above description of the embodiments, those skilled in the art will clearly understand that the present application can be implemented by software plus a necessary general hardware platform, and can also be implemented by hardware. Receiving streaming data, acquiring a network security feature extraction requirement for network security feature data extraction of the streaming data, analyzing the network security feature extraction requirement, acquiring at least one target dimension to be extracted and at least one target feature to be extracted, generating a feature data extractor according to the target dimension and the target feature, and extracting the network security feature data of the received streaming data according to the generated feature data extractor. By constructing the feature data extractor and extracting the network security feature data of the streaming data through the feature data extractor, the method and the device can extract the instantaneity feature of the streaming data, and reduce the occupation amount of resources while fully playing the low-delay characteristic of the streaming data.
Those skilled in the art will appreciate that the figures are merely schematic representations of one preferred implementation scenario and that the blocks or flow diagrams in the figures are not necessarily required to practice the present application. Those skilled in the art will appreciate that the modules in the devices in the implementation scenario may be distributed in the devices in the implementation scenario according to the description of the implementation scenario, or may be located in one or more devices different from the present implementation scenario with corresponding changes. The modules of the implementation scenario may be combined into one module, or may be further split into a plurality of sub-modules.
The above application serial numbers are for description purposes only and do not represent the superiority or inferiority of the implementation scenarios. The above disclosure is only a few specific implementation scenarios of the present application, but the present application is not limited thereto, and any variations that can be made by those skilled in the art are intended to fall within the scope of the present application.

Claims (18)

1. A method for extracting characteristics of streaming data, comprising:
receiving streaming data and acquiring a network security feature extraction requirement corresponding to the streaming data, wherein the network security feature extraction requirement comprises at least one target dimension to be extracted and at least one target feature to be extracted, the target dimension comprises at least one of an IP dimension, a time dimension and a mac local area network address dimension, and the target feature comprises at least one of a DNS request quantity feature, an ICMP request quantity feature, an HTTP request quantity feature, a DNS domain name set feature and a page access frequency feature;
generating a feature data extractor according to the target dimension and the target feature;
extracting network security feature data corresponding to the target dimension and the target feature from the streaming data by using the feature data extractor;
generating a feature data extractor according to the target dimension and the target feature specifically includes:
respectively establishing a feature data extraction tool matched with each target feature according to each target feature; generating the feature data extractor in dependence on the target dimension, the target feature and the feature data extraction tool, wherein the feature data extractor comprises an extractor head and an extractor body, the extractor head being configured to indicate the target dimension and the target feature, the extractor body comprising the feature data extraction tool.
2. The method of claim 1, wherein the network security feature extraction requirement comprises a request DNS domain name deduplication quantity, and wherein the request DNS domain name deduplication quantity comprises the IP dimension and the DNS domain name aggregation feature.
3. The method according to claim 1, wherein before the obtaining of the network security feature extraction requirement corresponding to the streaming data, the method further comprises:
and screening the streaming data according to preset data screening conditions, wherein the preset data screening conditions comprise a preset data protocol.
4. The method according to claim 1, wherein the extracting, by using the feature data extractor, network security feature data corresponding to the target dimension and the target feature in the streaming data specifically includes:
inputting the streaming data into the feature data extractor, so that the feature data extractor groups the streaming data according to the target dimension, and extracting network security feature data matched with the target feature from the grouped streaming data.
5. The method of claim 1, wherein after extracting network security feature data corresponding to the target dimension and the target feature from the streaming data, the method further comprises:
generating a feature data set list based on an extractor head of the feature data extractor and the network security feature data, wherein the feature data set list comprises a first header comprising the target dimension, a second header comprising the target feature, and a list result corresponding to each first header and each second header, the list result comprising the network security feature data corresponding to each target dimension and each target feature.
6. The method of claim 5, wherein after generating the list of feature data sets, the method further comprises:
in response to a sample data acquisition instruction, searching target feature data corresponding to the sample data acquisition instruction from the feature data set list, wherein the sample data acquisition instruction comprises any first header and/or any second header, and the sample data acquisition instruction is used for acquiring a model training sample;
judging whether the target characteristic data is numerical data or not, and calling a corresponding data processing model based on the data type of the target characteristic data when the target characteristic data is non-numerical data;
and converting the target characteristic data into numerical data according to the data processing model so as to perform model training by using the converted target characteristic data.
7. The method of claim 5, wherein prior to generating the feature set list based on the extractor head of the feature data extractor and the network security feature data, the method further comprises:
judging whether the network security feature data are numerical data or not, and calling a corresponding data processing model based on the data type of the network security feature data when the network security feature data are non-numerical data;
and converting the network security feature data into numerical data according to the data processing model so as to generate a feature data set list by using the converted network security feature data.
8. The method of claim 5, wherein prior to receiving the streaming data, the method further comprises:
receiving a model training task;
analyzing training sample characteristics required by executing the model training task, and determining the network security feature extraction requirement according to the training sample characteristics;
accordingly, after the generating the feature data set list, the method further comprises:
reading network security feature data corresponding to each header in the feature data set list, and establishing a training sample set corresponding to the model training task according to the read network security feature data;
and training the model by utilizing the training sample set.
9. An apparatus for extracting features of streaming data, comprising:
the system comprises a demand acquisition module, a demand acquisition module and a demand analysis module, wherein the demand acquisition module receives streaming data and acquires a network security feature extraction demand corresponding to the streaming data, the network security feature extraction demand comprises at least one target dimension to be extracted and at least one target feature to be extracted, the target dimension comprises at least one of an IP dimension, a time dimension and a mac local area network address dimension, and the target feature comprises at least one of a DNS request quantity feature, an ICMP request quantity feature, an HTTP request quantity feature, a DNS domain name set feature and a page access frequency feature;
the extractor generating module is used for generating a characteristic data extractor according to the target dimension and the target characteristic;
the characteristic data extraction module is used for extracting network security characteristic data corresponding to the target dimension and the target characteristic from the streaming data by using the characteristic data extractor;
the extractor generation module specifically includes:
the extraction tool establishing unit is used for establishing a feature data extraction tool matched with each target feature respectively according to each target feature;
an extractor generating unit configured to generate the feature data extractor according to the target dimension, the target feature, and the feature data extraction tool, wherein the feature data extractor includes an extractor head and an extractor body, the extractor head is configured to indicate the target dimension and the target feature, and the extractor body includes the feature data extraction tool.
10. The apparatus of claim 9, wherein the network security feature extraction requirement comprises a request DNS domain name deduplication quantity, and wherein the request DNS domain name deduplication quantity comprises the IP dimension and the DNS domain name aggregation feature.
11. The apparatus of claim 9, further comprising:
the streaming data screening module is configured to screen the streaming data according to a preset data screening condition before the network security feature extraction requirement corresponding to the streaming data is acquired, where the preset data screening condition includes a preset data protocol.
12. The apparatus of claim 9, wherein the feature data extraction module is specifically configured to:
inputting the streaming data into the feature data extractor, so that the feature data extractor groups the streaming data according to the target dimension, and extracting network security feature data matched with the target feature from the grouped streaming data.
13. The apparatus of claim 9, further comprising:
a list generation module, configured to generate, after the extracting of the network security feature data corresponding to the target dimension and the target feature in the streaming data, a feature data set list based on an extractor head of the feature data extractor and the network security feature data, wherein the feature data set list includes a first header including the target dimension, a second header including the target feature, and a list result corresponding to each first header and each second header, and the list result includes the network security feature data corresponding to each target dimension and each target feature.
14. The apparatus of claim 13, further comprising:
the searching module is used for searching target characteristic data corresponding to the sample data acquisition instruction from the characteristic data set list according to the sample data acquisition instruction, wherein the sample data acquisition instruction comprises any first header and/or any second header, and the sample data acquisition instruction is used for acquiring a model training sample;
the judging module is used for judging whether the target characteristic data is numerical data or not and calling a corresponding data processing model based on the data type of the target characteristic data when the target characteristic data is non-numerical data;
and the conversion module is used for converting the target characteristic data into numerical data according to the data processing model so as to perform model training by using the converted target characteristic data.
15. The apparatus of claim 13, further comprising:
a judging module, configured to judge whether the network security feature data is numeric data before generating a feature data set list based on an extractor head of the feature data extractor and the network security feature data, and call a corresponding data processing model based on a data type of the network security feature data when the network security feature data is non-numeric data;
and the conversion module is used for converting the network security feature data into numerical data according to the data processing model so as to generate a feature data set list by using the converted network security feature data.
16. The apparatus of claim 13, further comprising:
a training task receiving module, configured to receive a model training task before the streaming data is received;
the requirement determining module is used for analyzing training sample characteristics required by executing the model training task and determining the network security feature extraction requirement according to the training sample characteristics;
correspondingly, the device further comprises:
a training sample set determining module, configured to read network security feature data corresponding to each header in the feature data set list after the feature data set list is generated, and establish a training sample set corresponding to the model training task according to the read network security feature data;
and the model training module is used for training the model by utilizing the training sample set.
17. A storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the method of any of claims 1 to 8.
18. A computer device comprising a storage medium, a processor and a computer program stored on the storage medium and executable on the processor, characterized in that the processor implements the method of any one of claims 1 to 8 when executing the computer program.
CN202110999767.XA 2021-08-30 2021-08-30 Method and device for extracting characteristics of streaming data, storage medium and computer equipment Active CN113452581B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202110999767.XA CN113452581B (en) 2021-08-30 2021-08-30 Method and device for extracting characteristics of streaming data, storage medium and computer equipment
PCT/CN2021/117111 WO2023029066A1 (en) 2021-08-30 2021-09-08 Feature extraction method and apparatus for streaming data, and storage medium and computer device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110999767.XA CN113452581B (en) 2021-08-30 2021-08-30 Method and device for extracting characteristics of streaming data, storage medium and computer equipment

Publications (2)

Publication Number Publication Date
CN113452581A CN113452581A (en) 2021-09-28
CN113452581B true CN113452581B (en) 2021-12-14

Family

ID=77818808

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110999767.XA Active CN113452581B (en) 2021-08-30 2021-08-30 Method and device for extracting characteristics of streaming data, storage medium and computer equipment

Country Status (2)

Country Link
CN (1) CN113452581B (en)
WO (1) WO2023029066A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116668380B (en) * 2023-07-28 2023-10-03 北京中科网芯科技有限公司 Message processing method and device of convergence diverter equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105022960A (en) * 2015-08-10 2015-11-04 济南大学 Multi-feature mobile terminal malicious software detecting method based on network flow and multi-feature mobile terminal malicious software detecting system based on network flow

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102202064B (en) * 2011-06-13 2013-09-25 刘胜利 Method for extracting behavior characteristics of Trojan communication based on network data flow analysis
US10187401B2 (en) * 2015-11-06 2019-01-22 Cisco Technology, Inc. Hierarchical feature extraction for malware classification in network traffic
CN112398779B (en) * 2019-08-12 2022-11-01 中国科学院国家空间科学中心 Network traffic data analysis method and system
CN111224946A (en) * 2019-11-26 2020-06-02 杭州安恒信息技术股份有限公司 TLS encrypted malicious traffic detection method and device based on supervised learning
CN111181986A (en) * 2019-12-31 2020-05-19 奇安信科技集团股份有限公司 Data security detection method, model training method, device and computer equipment
CN111478921A (en) * 2020-04-27 2020-07-31 深信服科技股份有限公司 Method, device and equipment for detecting communication of hidden channel
CN112019449B (en) * 2020-08-14 2022-06-17 四川电科网安科技有限公司 Traffic identification packet capturing method and device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105022960A (en) * 2015-08-10 2015-11-04 济南大学 Multi-feature mobile terminal malicious software detecting method based on network flow and multi-feature mobile terminal malicious software detecting system based on network flow

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Image Retrieval in Data Stream Using Principle Component Analysis;Han-Bing Yan等;《IEEE》;20120517;全文 *

Also Published As

Publication number Publication date
WO2023029066A1 (en) 2023-03-09
CN113452581A (en) 2021-09-28

Similar Documents

Publication Publication Date Title
CN110533085B (en) Same-person identification method and device, storage medium and computer equipment
CN109669795B (en) Crash information processing method and device
CN114157502B (en) Terminal identification method and device, electronic equipment and storage medium
CN110798445B (en) Public gateway interface testing method and device, computer equipment and storage medium
CN110795756A (en) Data desensitization method and device, computer equipment and computer readable storage medium
CN113452581B (en) Method and device for extracting characteristics of streaming data, storage medium and computer equipment
CN110830551A (en) Service request processing method, device and system
CN110807548A (en) Data acquisition method, device, equipment and medium based on wind power bidding user
CN109309665B (en) Access request processing method and device, computing device and storage medium
CN114416485A (en) Data processing method and device
CN108920377B (en) Log playback test method, system and device and readable storage medium
CN110737645A (en) data migration method between different systems, data migration system and related equipment
CN112822121A (en) Traffic identification method, traffic determination method and knowledge graph establishment method
CN114598597A (en) Multi-source log analysis method and device, computer equipment and medium
CN113395367B (en) HTTPS service identification method and device, storage medium and electronic equipment
CN110471776B (en) Application data communication method, device and system
CN111211939A (en) Device and method for realizing efficient flow table counting based on network processor
CN112052248A (en) Audit big data processing method and system
CN107037262B (en) Big data spectrum analysis system and method thereof
CN115865457A (en) Network attack behavior identification method, server and medium
CN113364780B (en) Network attack victim determination method, equipment, storage medium and device
CN113949690B (en) IPv6 seed address sampling method, device, equipment and storage medium
CN111106980B (en) Bandwidth binding detection method and device
CN111143743B (en) Method and device for automatically expanding application identification library
CN113434792B (en) Training method of network address matching model and network address matching method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant