CN114422269A - Network security assessment method and system based on machine learning - Google Patents
Network security assessment method and system based on machine learning Download PDFInfo
- Publication number
- CN114422269A CN114422269A CN202210308554.2A CN202210308554A CN114422269A CN 114422269 A CN114422269 A CN 114422269A CN 202210308554 A CN202210308554 A CN 202210308554A CN 114422269 A CN114422269 A CN 114422269A
- Authority
- CN
- China
- Prior art keywords
- network security
- parameters
- historical data
- security
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/16—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Artificial Intelligence (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Evolutionary Biology (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Software Systems (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a network security assessment method and system based on machine learning, wherein an XGboost model is trained through multi-dimensional network security parameter historical data and a corresponding security score label, the trained XGboost model can be directly used for network security assessment, and does not need to rely on experts to assess network security, so that the technical problems that in the prior art, an expert assessment method is adopted to assess network security, the expert experience is relied on, the time cost is high, the efficiency is low, the reliability is low, and the network security assessment requirement under a large data environment is difficult to meet are solved. The safety score label is made through the evaluation of a plurality of experts, the data label used for training the XGboost model is finally obtained, and then the model used for network safety evaluation is obtained through training, so that the effect of simulating the grading of the plurality of experts is achieved, the one-sidedness and the limitation of the grading of a single expert are eliminated, and the reliability of the accuracy of the label is improved.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network security assessment method and system based on machine learning.
Background
With the development of information technology, the internet has a situation that the openness, the sharing performance and the interconnection degree are continuously expanded, and the network security problem is more and more severe.
The network security risk assessment is an important measure for protecting the information security of enterprises, and an expert scoring method is one of the existing network security risk assessment methods. However, the accuracy of the expert scoring method for network security risk assessment mainly depends on the reading experience of experts and the breadth and depth of rich knowledge, so that the experts participating in the assessment are required to have higher academic level and rich practical experience for the assessment system, have stronger subjectivity, high time cost, low efficiency and low reliability, and are difficult to meet the network security assessment requirement in a big data environment.
Disclosure of Invention
The invention provides a network security assessment method and system based on machine learning, which are used for solving the technical problems that in the prior art, an expert evaluation method is adopted for network security assessment, the network security assessment depends on expert experience, has strong subjectivity, high time cost, low efficiency and low reliability, and is difficult to meet the network security assessment requirement in a big data environment.
In view of this, the first aspect of the present invention provides a network security assessment method based on machine learning, including:
acquiring multi-dimensional network security parameter historical data and security score labels corresponding to each group of multi-dimensional network security parameter historical data;
training the XGboost model by using the multi-dimensional network security parameter historical data and the security score labels corresponding to the multi-dimensional network security parameter historical data to obtain a trained XGboost model;
and inputting the network security parameter data to be analyzed as variables into the trained XGboost model to perform network security risk scoring to obtain a network security scoring result.
Optionally, the multidimensional network security parameters include network security parameters, port security parameters, DNS security parameters, mail security parameters, patch vulnerability parameters, application security parameters, IP reputation parameters, asset exposure parameters, and data security parameters.
Optionally, the safety score labels corresponding to each group of multi-dimensional network safety parameter historical data are obtained by evaluating the network safety parameter historical data by an expert according to the influence degree of the network safety parameters.
Optionally, the obtaining of the multi-dimensional network security parameter historical data and the security score label corresponding to each group of multi-dimensional network security parameter historical data includes:
acquiring multi-dimensional network security parameter historical data;
carrying out data cleaning on the multi-dimensional network security parameter historical data;
extracting characteristic values of the historical data of the multidimensional network security parameters after data cleaning to form a characteristic vector consisting of the multidimensional network security parameters;
and obtaining a safety score label obtained by evaluating the characteristic vector by the expert according to the influence degree of the network safety parameter.
Optionally, the method further comprises:
the trained XGboost model was evaluated using F1-score as an evaluation index.
The invention provides a network security evaluation system based on machine learning in a second aspect, which comprises:
the data acquisition module is used for acquiring multi-dimensional network security parameter historical data and security score labels corresponding to each group of multi-dimensional network security parameter historical data;
the model training module is used for training the XGboost model by using the multi-dimensional network security parameter historical data and the security score labels corresponding to the multi-dimensional network security parameter historical data to obtain the trained XGboost model;
and the network security scoring module is used for inputting the network security parameter data to be analyzed as variables into the trained XGboost model to perform network security risk scoring to obtain a network security scoring result.
Optionally, the multidimensional network security parameters include network security parameters, port security parameters, DNS security parameters, mail security parameters, patch vulnerability parameters, application security parameters, IP reputation parameters, asset exposure parameters, and data security parameters.
Optionally, the safety score labels corresponding to each group of multi-dimensional network safety parameter historical data are obtained by evaluating the network safety parameter historical data by an expert according to the influence degree of the network safety parameters.
Optionally, the data obtaining module is specifically configured to:
acquiring multi-dimensional network security parameter historical data;
carrying out data cleaning on the multi-dimensional network security parameter historical data;
extracting characteristic values of the historical data of the multidimensional network security parameters after data cleaning to form a characteristic vector consisting of the multidimensional network security parameters;
and obtaining a safety score label obtained by evaluating the characteristic vector by the expert according to the influence degree of the network safety parameter.
Optionally, the method further comprises:
and the model evaluation module is used for evaluating the trained XGboost model by using F1-score as an evaluation index.
According to the technical scheme, the network security evaluation method and system based on machine learning provided by the invention have the following advantages:
according to the network security assessment method and system based on machine learning, the XGboost model is trained through multi-dimensional network security parameter historical data and the corresponding security score labels, the trained XGboost model can be directly used for network security assessment, and does not need to rely on experts to assess network security any more, so that the technical problems that in the prior art, an expert assessment method is adopted to assess network security, the expert experience is relied on, the method and system provided by the invention have strong subjectivity, high time cost, low efficiency and low reliability, and the network security assessment requirements under a large data environment are difficult to meet are solved.
Meanwhile, in the network security assessment method and system based on machine learning, the safety score label is formulated through the assessment of a plurality of experts, the data label used for training the XGboost model is finally obtained, and then the model used for network security assessment is obtained through training, so that the effect of simulating multi-expert scoring is achieved, the sidedness and limitation of scoring of a single expert are eliminated, and the reliability of the accuracy of the label is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other related drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a network security assessment method based on machine learning according to the present invention;
FIG. 2 is a schematic frame diagram of a network security assessment method based on machine learning according to the present invention;
fig. 3 is a schematic structural diagram of a network security evaluation system based on machine learning according to the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For easy understanding, please refer to fig. 1 and fig. 2, an embodiment of a network security assessment method based on machine learning is provided in the present invention, including:
It should be noted that the parameters affecting the network security have multiple dimensions, and the invention considers the comprehensiveness of the parameters affecting the network security, and includes network security parameter data of 9 dimensions, which are respectively a network security parameter, a port security parameter, a DNS security parameter, a mail security parameter, a patch vulnerability parameter, an application security parameter, an IP reputation parameter, an asset exposure parameter, and a data security parameter. For example, when the evaluation dimension is a network security dimension, the corresponding indicator factors may include: detecting that the digital certificate has been revoked, the SSL/TLS protocol uses an unsecured suite of algorithms, and the like. When the evaluation dimension is the port security dimension, the corresponding index factors may include: an Elasticsearch service is detected, a Redis service is detected, etc. When the evaluation dimension is a DNS security dimension, the corresponding index factors may include: open DNS recursive resolution service is detected, DNS domain transmission holes are detected, and the like. When the evaluation dimension is the mail security dimension, the corresponding index factors may include: SMTP service fails reverse DNS resolution, SMTP service does not enable TLS, etc. When the evaluation dimension is a patch vulnerability dimension, the corresponding index factors may include: SQL injection vulnerabilities, XSS vulnerabilities, and the like. When the evaluation dimension is the application security dimension, the corresponding indicator factors may include: the website does not enforce the application of HTTPS, and the website does not set Content-Security-Policy and the like. When the evaluation dimension is a data security dimension, the corresponding index factors may include: and detecting SVN or GIT information leakage, suspected sensitive file leakage and the like. When the assessment dimension is an asset exposure dimension, the corresponding indicator factors may include: code management background exposure, web application component background exposure, and the like. When the evaluation dimension is an IP reputation dimension, the corresponding indicator factors may include: detection of P2P network activity, detection of malware events, and the like.
The parameters of each dimension can be divided into three levels of high, medium and low according to the severity degree of influencing the network security, and a plurality of characteristic indexes are arranged under each level. The target enterprise network is scanned by using a scanning technology, and the number of problems found by scanning corresponding to the characteristic indexes under each dimension, namely the characteristic value, can be obtained. And after acquiring the historical data of the multi-dimensional network security parameters, cleaning the historical data. The expert can grade the washed network security parameter historical data, namely the characteristic vector formed by characteristic values corresponding to each group of multidimensional network security parameter historical data according to the influence degree of the network security parameter. For example, each group of multi-dimensional network security parameter historical data includes 102 characteristic indexes, wherein the network security dimension has 30 indexes, 10 high-risk indexes, 8 medium-risk indexes and 12 low-risk indexes. According to the result of the scanning,the number of problems corresponding to the first high-risk index is shown,indicating the number of problems corresponding to the second high risk indicator, …,representing the number of problems corresponding to the tenth high-risk index;indicating the number of problems corresponding to the first intermediate risk indicator, …,representing the eighth intermediate risk indicator pairThe number of problems to be solved;indicating the number of problems corresponding to the first low risk indicator, …,representing the number of problems corresponding to the twelfth low-risk index;and expressing the number of problems corresponding to the first high-risk index in the port safety dimension. For other dimensions, and so on. Corresponding feature vectors can finally be generatedAnd a corresponding safe score label z.
And 102, training the XGboost model by using the multi-dimensional network security parameter historical data and the security score labels corresponding to the multi-dimensional network security parameter historical data to obtain the trained XGboost model.
It should be noted that the XGBoost model is trained by using the multi-dimensional network security parameter historical data and the security score labels corresponding to the multi-dimensional network security parameter historical data. Defining learning rate, iteration rounds, maximum tree (regression tree) depth, feature sampling per tree (one feature split point per tree), sample sampling, and regularization coefficients. Each iteration produces a regression tree, each iteration depends on the parameters of the previous tree, i.e. the parameters of the current regression tree are the parameters of the previous tree plus the newly trained residual, and the square loss function is made to beWherein, in the step (A),in the form of an actual value of the value,is a predicted value. The XGboost objective function is:
wherein the content of the first and second substances,nas to the number of samples,is as followsiThe corresponding loss of the sample of the strip,as a regularization term, i.e. alltThe complexity of the trees is summed.
Starting from a tree with the depth of 1, enumerating all features for a current node from a root node for each tree, sorting samples belonging to the current node according to feature values (namely sorting according to the size of all possible values of each feature, if the number of problems is possibly 0,1,2, then sorting according to the sequence of 0,1, 2.), determining an optimal splitting point of the feature through information gain, and selecting the splitting point to traverse each sorted feature in a greedy manner, wherein the left side of the feature is the left side of the featureOn the right side areThe following gains are calculated:
wherein the content of the first and second substances,indicating the corresponding loss of the current split point,Iin order to be a set of characteristics,LandRrespectively represent a left sub-tree and a right sub-tree,gandhfirst derivatives of Taylor expansion terms of functions respectively corresponding to previous treesAnd the second derivative of the first and second order,andis a regularization parameter that represents the complexity of the model.
And selecting the most profitable feature as a splitting feature, and splitting by using the optimal splitting point of the feature. And selecting the tree with the maximum profit as a model tree. The XGBoost model training process is to obtain a plurality of model trees through the iteration (a root node of each tree is a split point corresponding to the current feature, and each non-leaf node is also a split point). The specific learning process can be formalized as:wherein, in the step (A),tfor the number of training rounds at present,as a function of the previous round of training,for a new function to be trained, initially,. The final learned parameter is the sum of the parameters corresponding to each tree, i.e.. When prediction is carried out, the characteristics are introduced and calculatedThe value is the score to be predicted.
And 103, inputting the network security parameter data to be analyzed as variables into the trained XGboost model to perform network security risk scoring to obtain a network security scoring result.
After the XGboost model is trained, the trained XGboost model can be directly used for network security assessment.
According to the network security assessment method based on machine learning, the XGboost model is trained through multi-dimensional network security parameter historical data and corresponding security score labels, the trained XGboost model can be directly used for network security scoring, and machine learning training is introduced to adaptively generate model parameters on the basis of expert scoring data, so that the network security assessment model is formed, and the network security assessment method does not need to rely on experts to assess network security any more.
Meanwhile, in the network security assessment method and system based on machine learning, the safety score label is formulated through the assessment of a plurality of experts, the data label used for training the XGboost model is finally obtained, and then the model used for network security assessment is obtained through training, so that the effect of simulating multi-expert scoring is achieved, the sidedness and limitation of scoring of a single expert are eliminated, and the reliability of the accuracy of the label is improved.
In one embodiment, after the trained XGBoost model is obtained, the trained XGBoost model may also be evaluated using F1-score as an evaluation index. The mathematical representation of F1-score is:
wherein the content of the first and second substances,in order to be able to predict the accuracy,is the recall value.
Defining TP as correct prediction answer, FP as wrong to predict other classes as this class, and FN as predicted by this class label as other class labels.
The quality of the model can be evaluated by calculating the value of F1-score, and if the F1-score does not meet the requirement, the model parameters need to be adjusted for retraining. Therefore, the evaluation accuracy of the XGboost model can be ensured.
For easy understanding, please refer to fig. 3, an embodiment of a machine learning-based network security assessment system according to the present invention includes:
the data acquisition module is used for acquiring multi-dimensional network security parameter historical data and security score labels corresponding to each group of multi-dimensional network security parameter historical data;
the model training module is used for training the XGboost model by using the multi-dimensional network security parameter historical data and the security score labels corresponding to the multi-dimensional network security parameter historical data to obtain the trained XGboost model;
and the network security scoring module is used for inputting the network security parameter data to be analyzed as variables into the trained XGboost model to perform network security risk scoring to obtain a network security scoring result.
The multidimensional network security parameters include network security parameters, port security parameters, DNS security parameters, mail security parameters, patch vulnerability parameters, application security parameters, IP reputation parameters, asset exposure parameters, and data security parameters.
And the safety score labels corresponding to each group of multi-dimensional network safety parameter historical data are obtained by the experts according to the influence degree of the network safety parameters on the network safety parameter historical data.
The data acquisition module is specifically configured to:
acquiring multi-dimensional network security parameter historical data;
carrying out data cleaning on the multi-dimensional network security parameter historical data;
extracting characteristic values of the historical data of the multidimensional network security parameters after data cleaning to form a characteristic vector consisting of the multidimensional network security parameters;
and obtaining a safety score label obtained by evaluating the characteristic vector by the expert according to the influence degree of the network safety parameter.
Further comprising:
and the model evaluation module is used for evaluating the trained XGboost model by using F1-score as an evaluation index.
According to the network security evaluation system based on machine learning, the XGboost model is trained through multi-dimensional network security parameter historical data and the corresponding security score labels, the trained XGboost model can be directly used for network security risk scoring, and the model parameters are adaptively generated by machine learning training introduced on the basis of expert scoring data, so that the network security evaluation model is formed, the network security risk is not required to be evaluated by depending on an expert, and the technical problems that in the prior art, the network security risk evaluation is carried out by adopting an expert scoring method, the network security risk evaluation depends on expert experience, the network security evaluation model has strong subjectivity, high time cost, low efficiency and low reliability, and the network security evaluation requirements under a big data environment are difficult to meet are solved.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A network security assessment method based on machine learning is characterized by comprising the following steps:
acquiring multi-dimensional network security parameter historical data and security score labels corresponding to each group of multi-dimensional network security parameter historical data;
training the XGboost model by using the multi-dimensional network security parameter historical data and the security score labels corresponding to the multi-dimensional network security parameter historical data to obtain a trained XGboost model;
and inputting the network security parameter data to be analyzed as variables into the trained XGboost model to perform network security risk scoring to obtain a network security scoring result.
2. The machine-learning-based network security assessment method according to claim 1, wherein the multidimensional network security parameters comprise network security parameters, port security parameters, DNS security parameters, mail security parameters, patch vulnerability parameters, application security parameters, IP reputation parameters, asset exposure parameters and data security parameters.
3. The machine learning-based network security assessment method according to claim 1, wherein the security score labels corresponding to each set of multi-dimensional network security parameter historical data are obtained by an expert evaluating the network security parameter historical data according to the influence degree of the network security parameters.
4. The machine learning-based network security assessment method according to claim 3, wherein obtaining multi-dimensional network security parameter historical data and security score labels corresponding to each set of multi-dimensional network security parameter historical data comprises:
acquiring multi-dimensional network security parameter historical data;
carrying out data cleaning on the multi-dimensional network security parameter historical data;
extracting characteristic values of the historical data of the multidimensional network security parameters after data cleaning to form a characteristic vector consisting of the multidimensional network security parameters;
and obtaining a safety score label obtained by evaluating the characteristic vector by the expert according to the influence degree of the network safety parameter.
5. The machine learning-based network security assessment method according to claim 1, further comprising:
the trained XGboost model was evaluated using F1-score as an evaluation index.
6. A machine learning-based network security assessment system, comprising:
the data acquisition module is used for acquiring multi-dimensional network security parameter historical data and security score labels corresponding to each group of multi-dimensional network security parameter historical data;
the model training module is used for training the XGboost model by using the multi-dimensional network security parameter historical data and the security score labels corresponding to the multi-dimensional network security parameter historical data to obtain the trained XGboost model;
and the network security scoring module is used for inputting the network security parameter data to be analyzed as variables into the trained XGboost model to perform network security risk scoring to obtain a network security scoring result.
7. The machine-learning based network security assessment system according to claim 6, wherein the multidimensional network security parameters comprise network security parameters, port security parameters, DNS security parameters, mail security parameters, patch vulnerability parameters, application security parameters, IP reputation parameters, asset exposure parameters and data security parameters.
8. The machine learning-based network security assessment system according to claim 6, wherein the security score labels corresponding to each set of multi-dimensional network security parameter historical data are obtained by an expert evaluating the network security parameter historical data according to the influence degree of the network security parameters.
9. The machine-learning-based network security assessment system of claim 8, wherein the data acquisition module is specifically configured to:
acquiring multi-dimensional network security parameter historical data;
carrying out data cleaning on the multi-dimensional network security parameter historical data;
extracting characteristic values of the historical data of the multidimensional network security parameters after data cleaning to form a characteristic vector consisting of the multidimensional network security parameters;
and obtaining a safety score label obtained by evaluating the characteristic vector by the expert according to the influence degree of the network safety parameter.
10. The machine-learning-based network security assessment system according to claim 6, further comprising:
and the model evaluation module is used for evaluating the trained XGboost model by using F1-score as an evaluation index.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210308554.2A CN114422269A (en) | 2022-03-28 | 2022-03-28 | Network security assessment method and system based on machine learning |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210308554.2A CN114422269A (en) | 2022-03-28 | 2022-03-28 | Network security assessment method and system based on machine learning |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114422269A true CN114422269A (en) | 2022-04-29 |
Family
ID=81263798
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210308554.2A Pending CN114422269A (en) | 2022-03-28 | 2022-03-28 | Network security assessment method and system based on machine learning |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114422269A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116192538A (en) * | 2023-04-28 | 2023-05-30 | 北京源堡科技有限公司 | Network security assessment method, device, equipment and medium based on machine learning |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105939200A (en) * | 2015-07-08 | 2016-09-14 | 北京匡恩网络科技有限责任公司 | Method and system for performing network security risk evaluation by utilizing expert system |
CN111401914A (en) * | 2020-04-02 | 2020-07-10 | 支付宝(杭州)信息技术有限公司 | Risk assessment model training and risk assessment method and device |
US20210314333A1 (en) * | 2020-04-07 | 2021-10-07 | Fireeye, Inc. | Churn-aware machine learning for cybersecurity threat detection |
CN113542278A (en) * | 2021-07-16 | 2021-10-22 | 北京源堡科技有限公司 | Network security assessment method, system and device |
-
2022
- 2022-03-28 CN CN202210308554.2A patent/CN114422269A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105939200A (en) * | 2015-07-08 | 2016-09-14 | 北京匡恩网络科技有限责任公司 | Method and system for performing network security risk evaluation by utilizing expert system |
CN111401914A (en) * | 2020-04-02 | 2020-07-10 | 支付宝(杭州)信息技术有限公司 | Risk assessment model training and risk assessment method and device |
US20210314333A1 (en) * | 2020-04-07 | 2021-10-07 | Fireeye, Inc. | Churn-aware machine learning for cybersecurity threat detection |
CN113542278A (en) * | 2021-07-16 | 2021-10-22 | 北京源堡科技有限公司 | Network security assessment method, system and device |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116192538A (en) * | 2023-04-28 | 2023-05-30 | 北京源堡科技有限公司 | Network security assessment method, device, equipment and medium based on machine learning |
CN116192538B (en) * | 2023-04-28 | 2023-07-11 | 北京源堡科技有限公司 | Network security assessment method, device, equipment and medium based on machine learning |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3574430B1 (en) | Continuous learning for intrusion detection | |
CN111565205B (en) | Network attack identification method and device, computer equipment and storage medium | |
CN111695597B (en) | Credit fraud group identification method and system based on improved isolated forest algorithm | |
CN114221790A (en) | BGP (Border gateway protocol) anomaly detection method and system based on graph attention network | |
US11886587B2 (en) | Malware detection by distributed telemetry data analysis | |
Ahakonye et al. | Agnostic CH-DT technique for SCADA network high-dimensional data-aware intrusion detection system | |
CN113269327A (en) | Flow anomaly prediction method based on machine learning | |
CN114422269A (en) | Network security assessment method and system based on machine learning | |
Han et al. | Anomaly Detection in the Open World: Normality Shift Detection, Explanation, and Adaptation. | |
Zaccarelli et al. | Anomaly detection in seismic data–metadata using simple machine‐learning models | |
Lin et al. | Machine learning with variational autoencoder for imbalanced datasets in intrusion detection | |
CN116192538B (en) | Network security assessment method, device, equipment and medium based on machine learning | |
CN112039907A (en) | Automatic testing method and system based on Internet of things terminal evaluation platform | |
CN116346475A (en) | Hidden high-risk behavior operation anomaly scoring method and system | |
CN115622793A (en) | Attack type identification method and device, electronic equipment and storage medium | |
CN111930808B (en) | Method and system for improving blacklist accuracy by using key value matching model | |
CN114553517A (en) | Nonlinear weighted network security assessment method, device, equipment and storage medium | |
CN113347021B (en) | Model generation method, collision library detection method, device, electronic equipment and computer readable storage medium | |
EP4254237A1 (en) | Security data processing device, security data processing method, and computer-readable storage medium for storing program for processing security data | |
CN118282707A (en) | Intrusion detection method based on incremental training | |
Gunavathie et al. | Domain Knowledge Driven Unified Architecture for IoT Device Identification using Deep Metric Representation Learning | |
Vallabhapurapu et al. | Hybrid Feature Selection for Effective Intrusion Detection | |
CN118138297A (en) | Network security situation assessment method based on GA-LGBM | |
Wolsing et al. | Deployment Challenges of Industrial Intrusion Detection Systems | |
CN117749477A (en) | Network traffic anomaly detection method based on generation countermeasure network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220429 |
|
RJ01 | Rejection of invention patent application after publication |