CN114422269A - Network security assessment method and system based on machine learning - Google Patents

Network security assessment method and system based on machine learning Download PDF

Info

Publication number
CN114422269A
CN114422269A CN202210308554.2A CN202210308554A CN114422269A CN 114422269 A CN114422269 A CN 114422269A CN 202210308554 A CN202210308554 A CN 202210308554A CN 114422269 A CN114422269 A CN 114422269A
Authority
CN
China
Prior art keywords
network security
parameters
historical data
security
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210308554.2A
Other languages
Chinese (zh)
Inventor
胡维
梁露露
韩冰
罗广超
李季
赵远杰
陈幼雷
陈晓峰
李可
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Yuanbao Technology Co ltd
Original Assignee
Beijing Yuanbao Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Yuanbao Technology Co ltd filed Critical Beijing Yuanbao Technology Co ltd
Priority to CN202210308554.2A priority Critical patent/CN114422269A/en
Publication of CN114422269A publication Critical patent/CN114422269A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/16Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Evolutionary Biology (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Software Systems (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a network security assessment method and system based on machine learning, wherein an XGboost model is trained through multi-dimensional network security parameter historical data and a corresponding security score label, the trained XGboost model can be directly used for network security assessment, and does not need to rely on experts to assess network security, so that the technical problems that in the prior art, an expert assessment method is adopted to assess network security, the expert experience is relied on, the time cost is high, the efficiency is low, the reliability is low, and the network security assessment requirement under a large data environment is difficult to meet are solved. The safety score label is made through the evaluation of a plurality of experts, the data label used for training the XGboost model is finally obtained, and then the model used for network safety evaluation is obtained through training, so that the effect of simulating the grading of the plurality of experts is achieved, the one-sidedness and the limitation of the grading of a single expert are eliminated, and the reliability of the accuracy of the label is improved.

Description

Network security assessment method and system based on machine learning
Technical Field
The invention relates to the technical field of network security, in particular to a network security assessment method and system based on machine learning.
Background
With the development of information technology, the internet has a situation that the openness, the sharing performance and the interconnection degree are continuously expanded, and the network security problem is more and more severe.
The network security risk assessment is an important measure for protecting the information security of enterprises, and an expert scoring method is one of the existing network security risk assessment methods. However, the accuracy of the expert scoring method for network security risk assessment mainly depends on the reading experience of experts and the breadth and depth of rich knowledge, so that the experts participating in the assessment are required to have higher academic level and rich practical experience for the assessment system, have stronger subjectivity, high time cost, low efficiency and low reliability, and are difficult to meet the network security assessment requirement in a big data environment.
Disclosure of Invention
The invention provides a network security assessment method and system based on machine learning, which are used for solving the technical problems that in the prior art, an expert evaluation method is adopted for network security assessment, the network security assessment depends on expert experience, has strong subjectivity, high time cost, low efficiency and low reliability, and is difficult to meet the network security assessment requirement in a big data environment.
In view of this, the first aspect of the present invention provides a network security assessment method based on machine learning, including:
acquiring multi-dimensional network security parameter historical data and security score labels corresponding to each group of multi-dimensional network security parameter historical data;
training the XGboost model by using the multi-dimensional network security parameter historical data and the security score labels corresponding to the multi-dimensional network security parameter historical data to obtain a trained XGboost model;
and inputting the network security parameter data to be analyzed as variables into the trained XGboost model to perform network security risk scoring to obtain a network security scoring result.
Optionally, the multidimensional network security parameters include network security parameters, port security parameters, DNS security parameters, mail security parameters, patch vulnerability parameters, application security parameters, IP reputation parameters, asset exposure parameters, and data security parameters.
Optionally, the safety score labels corresponding to each group of multi-dimensional network safety parameter historical data are obtained by evaluating the network safety parameter historical data by an expert according to the influence degree of the network safety parameters.
Optionally, the obtaining of the multi-dimensional network security parameter historical data and the security score label corresponding to each group of multi-dimensional network security parameter historical data includes:
acquiring multi-dimensional network security parameter historical data;
carrying out data cleaning on the multi-dimensional network security parameter historical data;
extracting characteristic values of the historical data of the multidimensional network security parameters after data cleaning to form a characteristic vector consisting of the multidimensional network security parameters;
and obtaining a safety score label obtained by evaluating the characteristic vector by the expert according to the influence degree of the network safety parameter.
Optionally, the method further comprises:
the trained XGboost model was evaluated using F1-score as an evaluation index.
The invention provides a network security evaluation system based on machine learning in a second aspect, which comprises:
the data acquisition module is used for acquiring multi-dimensional network security parameter historical data and security score labels corresponding to each group of multi-dimensional network security parameter historical data;
the model training module is used for training the XGboost model by using the multi-dimensional network security parameter historical data and the security score labels corresponding to the multi-dimensional network security parameter historical data to obtain the trained XGboost model;
and the network security scoring module is used for inputting the network security parameter data to be analyzed as variables into the trained XGboost model to perform network security risk scoring to obtain a network security scoring result.
Optionally, the multidimensional network security parameters include network security parameters, port security parameters, DNS security parameters, mail security parameters, patch vulnerability parameters, application security parameters, IP reputation parameters, asset exposure parameters, and data security parameters.
Optionally, the safety score labels corresponding to each group of multi-dimensional network safety parameter historical data are obtained by evaluating the network safety parameter historical data by an expert according to the influence degree of the network safety parameters.
Optionally, the data obtaining module is specifically configured to:
acquiring multi-dimensional network security parameter historical data;
carrying out data cleaning on the multi-dimensional network security parameter historical data;
extracting characteristic values of the historical data of the multidimensional network security parameters after data cleaning to form a characteristic vector consisting of the multidimensional network security parameters;
and obtaining a safety score label obtained by evaluating the characteristic vector by the expert according to the influence degree of the network safety parameter.
Optionally, the method further comprises:
and the model evaluation module is used for evaluating the trained XGboost model by using F1-score as an evaluation index.
According to the technical scheme, the network security evaluation method and system based on machine learning provided by the invention have the following advantages:
according to the network security assessment method and system based on machine learning, the XGboost model is trained through multi-dimensional network security parameter historical data and the corresponding security score labels, the trained XGboost model can be directly used for network security assessment, and does not need to rely on experts to assess network security any more, so that the technical problems that in the prior art, an expert assessment method is adopted to assess network security, the expert experience is relied on, the method and system provided by the invention have strong subjectivity, high time cost, low efficiency and low reliability, and the network security assessment requirements under a large data environment are difficult to meet are solved.
Meanwhile, in the network security assessment method and system based on machine learning, the safety score label is formulated through the assessment of a plurality of experts, the data label used for training the XGboost model is finally obtained, and then the model used for network security assessment is obtained through training, so that the effect of simulating multi-expert scoring is achieved, the sidedness and limitation of scoring of a single expert are eliminated, and the reliability of the accuracy of the label is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other related drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a network security assessment method based on machine learning according to the present invention;
FIG. 2 is a schematic frame diagram of a network security assessment method based on machine learning according to the present invention;
fig. 3 is a schematic structural diagram of a network security evaluation system based on machine learning according to the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For easy understanding, please refer to fig. 1 and fig. 2, an embodiment of a network security assessment method based on machine learning is provided in the present invention, including:
step 101, obtaining multi-dimensional network security parameter historical data and security score labels corresponding to each group of multi-dimensional network security parameter historical data.
It should be noted that the parameters affecting the network security have multiple dimensions, and the invention considers the comprehensiveness of the parameters affecting the network security, and includes network security parameter data of 9 dimensions, which are respectively a network security parameter, a port security parameter, a DNS security parameter, a mail security parameter, a patch vulnerability parameter, an application security parameter, an IP reputation parameter, an asset exposure parameter, and a data security parameter. For example, when the evaluation dimension is a network security dimension, the corresponding indicator factors may include: detecting that the digital certificate has been revoked, the SSL/TLS protocol uses an unsecured suite of algorithms, and the like. When the evaluation dimension is the port security dimension, the corresponding index factors may include: an Elasticsearch service is detected, a Redis service is detected, etc. When the evaluation dimension is a DNS security dimension, the corresponding index factors may include: open DNS recursive resolution service is detected, DNS domain transmission holes are detected, and the like. When the evaluation dimension is the mail security dimension, the corresponding index factors may include: SMTP service fails reverse DNS resolution, SMTP service does not enable TLS, etc. When the evaluation dimension is a patch vulnerability dimension, the corresponding index factors may include: SQL injection vulnerabilities, XSS vulnerabilities, and the like. When the evaluation dimension is the application security dimension, the corresponding indicator factors may include: the website does not enforce the application of HTTPS, and the website does not set Content-Security-Policy and the like. When the evaluation dimension is a data security dimension, the corresponding index factors may include: and detecting SVN or GIT information leakage, suspected sensitive file leakage and the like. When the assessment dimension is an asset exposure dimension, the corresponding indicator factors may include: code management background exposure, web application component background exposure, and the like. When the evaluation dimension is an IP reputation dimension, the corresponding indicator factors may include: detection of P2P network activity, detection of malware events, and the like.
The parameters of each dimension can be divided into three levels of high, medium and low according to the severity degree of influencing the network security, and a plurality of characteristic indexes are arranged under each level. The target enterprise network is scanned by using a scanning technology, and the number of problems found by scanning corresponding to the characteristic indexes under each dimension, namely the characteristic value, can be obtained. And after acquiring the historical data of the multi-dimensional network security parameters, cleaning the historical data. The expert can grade the washed network security parameter historical data, namely the characteristic vector formed by characteristic values corresponding to each group of multidimensional network security parameter historical data according to the influence degree of the network security parameter. For example, each group of multi-dimensional network security parameter historical data includes 102 characteristic indexes, wherein the network security dimension has 30 indexes, 10 high-risk indexes, 8 medium-risk indexes and 12 low-risk indexes. According to the result of the scanning,
Figure 792762DEST_PATH_IMAGE001
the number of problems corresponding to the first high-risk index is shown,
Figure 946401DEST_PATH_IMAGE002
indicating the number of problems corresponding to the second high risk indicator, …,
Figure 341610DEST_PATH_IMAGE003
representing the number of problems corresponding to the tenth high-risk index;
Figure 93666DEST_PATH_IMAGE004
indicating the number of problems corresponding to the first intermediate risk indicator, …,
Figure 853811DEST_PATH_IMAGE005
representing the eighth intermediate risk indicator pairThe number of problems to be solved;
Figure 557063DEST_PATH_IMAGE006
indicating the number of problems corresponding to the first low risk indicator, …,
Figure 755963DEST_PATH_IMAGE007
representing the number of problems corresponding to the twelfth low-risk index;
Figure 362525DEST_PATH_IMAGE008
and expressing the number of problems corresponding to the first high-risk index in the port safety dimension. For other dimensions, and so on. Corresponding feature vectors can finally be generated
Figure 293572DEST_PATH_IMAGE009
And a corresponding safe score label z.
And 102, training the XGboost model by using the multi-dimensional network security parameter historical data and the security score labels corresponding to the multi-dimensional network security parameter historical data to obtain the trained XGboost model.
It should be noted that the XGBoost model is trained by using the multi-dimensional network security parameter historical data and the security score labels corresponding to the multi-dimensional network security parameter historical data. Defining learning rate, iteration rounds, maximum tree (regression tree) depth, feature sampling per tree (one feature split point per tree), sample sampling, and regularization coefficients. Each iteration produces a regression tree, each iteration depends on the parameters of the previous tree, i.e. the parameters of the current regression tree are the parameters of the previous tree plus the newly trained residual, and the square loss function is made to be
Figure 47901DEST_PATH_IMAGE010
Wherein, in the step (A),
Figure 722596DEST_PATH_IMAGE001
in the form of an actual value of the value,
Figure 688059DEST_PATH_IMAGE011
is a predicted value. The XGboost objective function is:
Figure 55586DEST_PATH_IMAGE012
wherein the content of the first and second substances,nas to the number of samples,
Figure 297212DEST_PATH_IMAGE013
is as followsiThe corresponding loss of the sample of the strip,
Figure 510018DEST_PATH_IMAGE014
as a regularization term, i.e. alltThe complexity of the trees is summed.
Starting from a tree with the depth of 1, enumerating all features for a current node from a root node for each tree, sorting samples belonging to the current node according to feature values (namely sorting according to the size of all possible values of each feature, if the number of problems is possibly 0,1,2, then sorting according to the sequence of 0,1, 2.), determining an optimal splitting point of the feature through information gain, and selecting the splitting point to traverse each sorted feature in a greedy manner, wherein the left side of the feature is the left side of the feature
Figure 91172DEST_PATH_IMAGE015
On the right side are
Figure 862557DEST_PATH_IMAGE016
The following gains are calculated:
Figure DEST_PATH_IMAGE017
wherein the content of the first and second substances,
Figure 529162DEST_PATH_IMAGE018
indicating the corresponding loss of the current split point,Iin order to be a set of characteristics,LandRrespectively represent a left sub-tree and a right sub-tree,gandhfirst derivatives of Taylor expansion terms of functions respectively corresponding to previous treesAnd the second derivative of the first and second order,
Figure 545659DEST_PATH_IMAGE019
and
Figure 43637DEST_PATH_IMAGE020
is a regularization parameter that represents the complexity of the model.
And selecting the most profitable feature as a splitting feature, and splitting by using the optimal splitting point of the feature. And selecting the tree with the maximum profit as a model tree. The XGBoost model training process is to obtain a plurality of model trees through the iteration (a root node of each tree is a split point corresponding to the current feature, and each non-leaf node is also a split point). The specific learning process can be formalized as:
Figure 752967DEST_PATH_IMAGE021
wherein, in the step (A),tfor the number of training rounds at present,
Figure 139823DEST_PATH_IMAGE022
as a function of the previous round of training,
Figure 22329DEST_PATH_IMAGE023
for a new function to be trained, initially,
Figure 312496DEST_PATH_IMAGE024
. The final learned parameter is the sum of the parameters corresponding to each tree, i.e.
Figure 192727DEST_PATH_IMAGE025
. When prediction is carried out, the characteristics are introduced and calculated
Figure 568345DEST_PATH_IMAGE026
The value is the score to be predicted.
And 103, inputting the network security parameter data to be analyzed as variables into the trained XGboost model to perform network security risk scoring to obtain a network security scoring result.
After the XGboost model is trained, the trained XGboost model can be directly used for network security assessment.
According to the network security assessment method based on machine learning, the XGboost model is trained through multi-dimensional network security parameter historical data and corresponding security score labels, the trained XGboost model can be directly used for network security scoring, and machine learning training is introduced to adaptively generate model parameters on the basis of expert scoring data, so that the network security assessment model is formed, and the network security assessment method does not need to rely on experts to assess network security any more.
Meanwhile, in the network security assessment method and system based on machine learning, the safety score label is formulated through the assessment of a plurality of experts, the data label used for training the XGboost model is finally obtained, and then the model used for network security assessment is obtained through training, so that the effect of simulating multi-expert scoring is achieved, the sidedness and limitation of scoring of a single expert are eliminated, and the reliability of the accuracy of the label is improved.
In one embodiment, after the trained XGBoost model is obtained, the trained XGBoost model may also be evaluated using F1-score as an evaluation index. The mathematical representation of F1-score is:
Figure 988962DEST_PATH_IMAGE027
wherein the content of the first and second substances,
Figure 897750DEST_PATH_IMAGE028
in order to be able to predict the accuracy,
Figure 948882DEST_PATH_IMAGE029
is the recall value.
Defining TP as correct prediction answer, FP as wrong to predict other classes as this class, and FN as predicted by this class label as other class labels.
Figure 811796DEST_PATH_IMAGE030
Figure 36104DEST_PATH_IMAGE031
The quality of the model can be evaluated by calculating the value of F1-score, and if the F1-score does not meet the requirement, the model parameters need to be adjusted for retraining. Therefore, the evaluation accuracy of the XGboost model can be ensured.
For easy understanding, please refer to fig. 3, an embodiment of a machine learning-based network security assessment system according to the present invention includes:
the data acquisition module is used for acquiring multi-dimensional network security parameter historical data and security score labels corresponding to each group of multi-dimensional network security parameter historical data;
the model training module is used for training the XGboost model by using the multi-dimensional network security parameter historical data and the security score labels corresponding to the multi-dimensional network security parameter historical data to obtain the trained XGboost model;
and the network security scoring module is used for inputting the network security parameter data to be analyzed as variables into the trained XGboost model to perform network security risk scoring to obtain a network security scoring result.
The multidimensional network security parameters include network security parameters, port security parameters, DNS security parameters, mail security parameters, patch vulnerability parameters, application security parameters, IP reputation parameters, asset exposure parameters, and data security parameters.
And the safety score labels corresponding to each group of multi-dimensional network safety parameter historical data are obtained by the experts according to the influence degree of the network safety parameters on the network safety parameter historical data.
The data acquisition module is specifically configured to:
acquiring multi-dimensional network security parameter historical data;
carrying out data cleaning on the multi-dimensional network security parameter historical data;
extracting characteristic values of the historical data of the multidimensional network security parameters after data cleaning to form a characteristic vector consisting of the multidimensional network security parameters;
and obtaining a safety score label obtained by evaluating the characteristic vector by the expert according to the influence degree of the network safety parameter.
Further comprising:
and the model evaluation module is used for evaluating the trained XGboost model by using F1-score as an evaluation index.
According to the network security evaluation system based on machine learning, the XGboost model is trained through multi-dimensional network security parameter historical data and the corresponding security score labels, the trained XGboost model can be directly used for network security risk scoring, and the model parameters are adaptively generated by machine learning training introduced on the basis of expert scoring data, so that the network security evaluation model is formed, the network security risk is not required to be evaluated by depending on an expert, and the technical problems that in the prior art, the network security risk evaluation is carried out by adopting an expert scoring method, the network security risk evaluation depends on expert experience, the network security evaluation model has strong subjectivity, high time cost, low efficiency and low reliability, and the network security evaluation requirements under a big data environment are difficult to meet are solved.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A network security assessment method based on machine learning is characterized by comprising the following steps:
acquiring multi-dimensional network security parameter historical data and security score labels corresponding to each group of multi-dimensional network security parameter historical data;
training the XGboost model by using the multi-dimensional network security parameter historical data and the security score labels corresponding to the multi-dimensional network security parameter historical data to obtain a trained XGboost model;
and inputting the network security parameter data to be analyzed as variables into the trained XGboost model to perform network security risk scoring to obtain a network security scoring result.
2. The machine-learning-based network security assessment method according to claim 1, wherein the multidimensional network security parameters comprise network security parameters, port security parameters, DNS security parameters, mail security parameters, patch vulnerability parameters, application security parameters, IP reputation parameters, asset exposure parameters and data security parameters.
3. The machine learning-based network security assessment method according to claim 1, wherein the security score labels corresponding to each set of multi-dimensional network security parameter historical data are obtained by an expert evaluating the network security parameter historical data according to the influence degree of the network security parameters.
4. The machine learning-based network security assessment method according to claim 3, wherein obtaining multi-dimensional network security parameter historical data and security score labels corresponding to each set of multi-dimensional network security parameter historical data comprises:
acquiring multi-dimensional network security parameter historical data;
carrying out data cleaning on the multi-dimensional network security parameter historical data;
extracting characteristic values of the historical data of the multidimensional network security parameters after data cleaning to form a characteristic vector consisting of the multidimensional network security parameters;
and obtaining a safety score label obtained by evaluating the characteristic vector by the expert according to the influence degree of the network safety parameter.
5. The machine learning-based network security assessment method according to claim 1, further comprising:
the trained XGboost model was evaluated using F1-score as an evaluation index.
6. A machine learning-based network security assessment system, comprising:
the data acquisition module is used for acquiring multi-dimensional network security parameter historical data and security score labels corresponding to each group of multi-dimensional network security parameter historical data;
the model training module is used for training the XGboost model by using the multi-dimensional network security parameter historical data and the security score labels corresponding to the multi-dimensional network security parameter historical data to obtain the trained XGboost model;
and the network security scoring module is used for inputting the network security parameter data to be analyzed as variables into the trained XGboost model to perform network security risk scoring to obtain a network security scoring result.
7. The machine-learning based network security assessment system according to claim 6, wherein the multidimensional network security parameters comprise network security parameters, port security parameters, DNS security parameters, mail security parameters, patch vulnerability parameters, application security parameters, IP reputation parameters, asset exposure parameters and data security parameters.
8. The machine learning-based network security assessment system according to claim 6, wherein the security score labels corresponding to each set of multi-dimensional network security parameter historical data are obtained by an expert evaluating the network security parameter historical data according to the influence degree of the network security parameters.
9. The machine-learning-based network security assessment system of claim 8, wherein the data acquisition module is specifically configured to:
acquiring multi-dimensional network security parameter historical data;
carrying out data cleaning on the multi-dimensional network security parameter historical data;
extracting characteristic values of the historical data of the multidimensional network security parameters after data cleaning to form a characteristic vector consisting of the multidimensional network security parameters;
and obtaining a safety score label obtained by evaluating the characteristic vector by the expert according to the influence degree of the network safety parameter.
10. The machine-learning-based network security assessment system according to claim 6, further comprising:
and the model evaluation module is used for evaluating the trained XGboost model by using F1-score as an evaluation index.
CN202210308554.2A 2022-03-28 2022-03-28 Network security assessment method and system based on machine learning Pending CN114422269A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210308554.2A CN114422269A (en) 2022-03-28 2022-03-28 Network security assessment method and system based on machine learning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210308554.2A CN114422269A (en) 2022-03-28 2022-03-28 Network security assessment method and system based on machine learning

Publications (1)

Publication Number Publication Date
CN114422269A true CN114422269A (en) 2022-04-29

Family

ID=81263798

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210308554.2A Pending CN114422269A (en) 2022-03-28 2022-03-28 Network security assessment method and system based on machine learning

Country Status (1)

Country Link
CN (1) CN114422269A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116192538A (en) * 2023-04-28 2023-05-30 北京源堡科技有限公司 Network security assessment method, device, equipment and medium based on machine learning

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105939200A (en) * 2015-07-08 2016-09-14 北京匡恩网络科技有限责任公司 Method and system for performing network security risk evaluation by utilizing expert system
CN111401914A (en) * 2020-04-02 2020-07-10 支付宝(杭州)信息技术有限公司 Risk assessment model training and risk assessment method and device
US20210314333A1 (en) * 2020-04-07 2021-10-07 Fireeye, Inc. Churn-aware machine learning for cybersecurity threat detection
CN113542278A (en) * 2021-07-16 2021-10-22 北京源堡科技有限公司 Network security assessment method, system and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105939200A (en) * 2015-07-08 2016-09-14 北京匡恩网络科技有限责任公司 Method and system for performing network security risk evaluation by utilizing expert system
CN111401914A (en) * 2020-04-02 2020-07-10 支付宝(杭州)信息技术有限公司 Risk assessment model training and risk assessment method and device
US20210314333A1 (en) * 2020-04-07 2021-10-07 Fireeye, Inc. Churn-aware machine learning for cybersecurity threat detection
CN113542278A (en) * 2021-07-16 2021-10-22 北京源堡科技有限公司 Network security assessment method, system and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116192538A (en) * 2023-04-28 2023-05-30 北京源堡科技有限公司 Network security assessment method, device, equipment and medium based on machine learning
CN116192538B (en) * 2023-04-28 2023-07-11 北京源堡科技有限公司 Network security assessment method, device, equipment and medium based on machine learning

Similar Documents

Publication Publication Date Title
EP3574430B1 (en) Continuous learning for intrusion detection
CN111565205B (en) Network attack identification method and device, computer equipment and storage medium
CN111695597B (en) Credit fraud group identification method and system based on improved isolated forest algorithm
CN114221790A (en) BGP (Border gateway protocol) anomaly detection method and system based on graph attention network
US11886587B2 (en) Malware detection by distributed telemetry data analysis
Ahakonye et al. Agnostic CH-DT technique for SCADA network high-dimensional data-aware intrusion detection system
CN113269327A (en) Flow anomaly prediction method based on machine learning
CN114422269A (en) Network security assessment method and system based on machine learning
Han et al. Anomaly Detection in the Open World: Normality Shift Detection, Explanation, and Adaptation.
Zaccarelli et al. Anomaly detection in seismic data–metadata using simple machine‐learning models
Lin et al. Machine learning with variational autoencoder for imbalanced datasets in intrusion detection
CN116192538B (en) Network security assessment method, device, equipment and medium based on machine learning
CN112039907A (en) Automatic testing method and system based on Internet of things terminal evaluation platform
CN116346475A (en) Hidden high-risk behavior operation anomaly scoring method and system
CN115622793A (en) Attack type identification method and device, electronic equipment and storage medium
CN111930808B (en) Method and system for improving blacklist accuracy by using key value matching model
CN114553517A (en) Nonlinear weighted network security assessment method, device, equipment and storage medium
CN113347021B (en) Model generation method, collision library detection method, device, electronic equipment and computer readable storage medium
EP4254237A1 (en) Security data processing device, security data processing method, and computer-readable storage medium for storing program for processing security data
CN118282707A (en) Intrusion detection method based on incremental training
Gunavathie et al. Domain Knowledge Driven Unified Architecture for IoT Device Identification using Deep Metric Representation Learning
Vallabhapurapu et al. Hybrid Feature Selection for Effective Intrusion Detection
CN118138297A (en) Network security situation assessment method based on GA-LGBM
Wolsing et al. Deployment Challenges of Industrial Intrusion Detection Systems
CN117749477A (en) Network traffic anomaly detection method based on generation countermeasure network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20220429

RJ01 Rejection of invention patent application after publication