CN115118513A - Network data access security control method and system - Google Patents
Network data access security control method and system Download PDFInfo
- Publication number
- CN115118513A CN115118513A CN202210777933.6A CN202210777933A CN115118513A CN 115118513 A CN115118513 A CN 115118513A CN 202210777933 A CN202210777933 A CN 202210777933A CN 115118513 A CN115118513 A CN 115118513A
- Authority
- CN
- China
- Prior art keywords
- network
- network data
- feature vector
- access
- vector
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 239000013598 vector Substances 0.000 claims abstract description 145
- 239000011159 matrix material Substances 0.000 claims abstract description 74
- 238000003062 neural network model Methods 0.000 claims abstract description 29
- 238000012545 processing Methods 0.000 claims abstract description 28
- 238000012706 support-vector machine Methods 0.000 claims description 35
- 230000002159 abnormal effect Effects 0.000 claims description 25
- 230000004913 activation Effects 0.000 claims description 18
- 238000007781 pre-processing Methods 0.000 claims description 18
- 230000005540 biological transmission Effects 0.000 claims description 13
- 230000005856 abnormality Effects 0.000 claims description 12
- 210000002569 neuron Anatomy 0.000 claims description 12
- 238000011176 pooling Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 claims description 3
- 238000004458 analytical method Methods 0.000 abstract description 3
- 230000000007 visual effect Effects 0.000 abstract description 3
- 238000004590 computer program Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Biomedical Technology (AREA)
- Molecular Biology (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biophysics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network data access security control method and a system, wherein a neural network model is used for processing a network data stream characteristic matrix to extract the expression and the primary judgment result of the network data stream characteristic matrix in a high-dimensional characteristic space, the analysis of network data stream visual characteristic data is considered, the characteristic value of a covariance matrix is calculated by calculating the covariance matrix of a first characteristic matrix, the characteristic vector corresponding to the characteristic value is used as a second characteristic vector, and a spliced characteristic vector and a support vector model spliced based on the first characteristic vector and the second characteristic vector are executed to determine the state type of network data; and determining the current network data state type as the final network data state type by judging whether the current network state type is consistent with the preliminary judgment result of the network state, and determining whether the current network data access is in a safe state according to the final network data state type of the network, so that the accurate judgment of the safety of the network state access is improved.
Description
Technical Field
The invention belongs to the field of network access, and particularly relates to a network data access security control method and system.
Background
The security of network transmission is closely related to the transmitted information content, namely the security of the information content, including the confidentiality, authenticity and integrity of the information; because the network is a carrier of information transmission, the information security has an inherent relation with the network security, and all information on the network is necessarily related to the network security.
However, at present, access to a network is often triggered access performed by hardware devices, that is, exception triggering messages or alarms, but such a method cannot monitor potential data for exceptions, and generally, accuracy of security identification performed by network data monitoring is low, and data access security control cannot be well realized.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and a system for controlling network data access security, which perform preliminary state determination according to model learning based on a neural network and perform subsequent state determination based on a feature vector and a support vector machine, compare consistency of two state determinations, improve recognition accuracy, determine whether a current network data access is a security state, and improve accurate judgment of security of network state access.
And multi-modal data such as vehicle, environment, in-vehicle user behavior, voice and the like are fused to perform scene decision, active interaction scene service is provided, and accurate active interaction action recommendation is provided for the user.
In a first aspect of the present invention, a network data access security control method is provided, the method including:
receiving an access request, wherein the access request comprises a network access interface ID and an access time; capturing a network data stream passing through the network access interface according to an access request, and performing preprocessing operation on the network data stream to generate a first feature matrix;
inputting the first feature matrix into a first neural network model to obtain a first feature vector; meanwhile, a covariance matrix of the first feature matrix is calculated, an eigenvalue of the covariance matrix is calculated, and an eigenvector corresponding to the eigenvalue is used as a second eigenvector;
performing splicing on the first feature vector and the second feature vector to obtain a spliced feature vector; determining the network data state type based on the splicing feature vector and the support vector machine model; wherein the first neural network model, support vector machine model comprise a plurality of defined network state types;
and determining whether the current network data access is in a safe state or not according to the network data state type, and if the current network data access is in an abnormal state, forbidding the access.
Further, the preprocessing operation includes:
wherein, X is the network data flow, M is the first characteristic matrix, W is the preprocessing weight matrix, and b is the offset.
Further, the first feature vector and the second feature vector are spliced to obtain a spliced feature vector, and the method comprises the following steps:
determining a splicing vector of the first feature vector and the second feature vector, wherein the dimension of the splicing vector is the sum of the dimensions of the first feature vector and the second feature vector;
and performing splicing on the first feature vector and the second feature vector based on the splicing vector to obtain a splicing feature vector.
Further, each layer of the first neural network model comprises convolution processing, maximum value pooling processing along the first characteristic matrix and activation processing on input data in forward transmission of the layer, wherein in the activation processing process, the activation value of any neuron is stopped at a certain probability by randomly selecting a neuron node operation; the input of the first layer of the first neural network model is a first feature matrix, and the output is a first feature vector and a network state preliminary judgment result.
Further, determining a network data state type based on the stitched feature vector and a support vector machine model, the support vector machine model comprising a defined network state type, comprising:
predefining the types of network states as an abnormal state and a normal state, wherein the abnormal state at least comprises an offline abnormality and/or an intrusion abnormality; and the network data flow passing through the network access interface under the corresponding network state type;
and determining the current network data state type based on the splicing characteristic vector and the support vector machine model, and determining the current network data state type as the final network data state type if the current network state type is consistent with the preliminary judgment result of the network state.
Further, determining whether the current network data access is in a safe state according to the network data state type, and if the current network data access is in an abnormal state, prohibiting the access, including: if the determined network data state type is abnormal intrusion, triggering the system to break the network, prompting the user and displaying early warning information;
if the determined network data state type is normal, acquiring the transmission rate of the network access interface, and transmitting display information to a user; the display information includes a network access interface ID and a transmission rate fluctuation map.
In addition, in the second aspect of the present invention, a network data access security control system is further provided, where the system includes:
the access module receives an access request, wherein the access request comprises a network access interface ID and access time; capturing a network data stream passing through the network access interface according to an access request, and performing preprocessing operation on the network data stream to generate a first feature matrix;
the characteristic generating module is used for inputting the first characteristic matrix into the first neural network model so as to obtain a first characteristic vector; meanwhile, a covariance matrix of the first feature matrix is calculated, an eigenvalue of the covariance matrix is calculated, and an eigenvector corresponding to the eigenvalue is used as a second eigenvector;
the determining module is used for splicing the first feature vector and the second feature vector to obtain a spliced feature vector; determining the network data state type based on the splicing feature vector and the support vector machine model; wherein the first neural network model, support vector machine model comprise a plurality of defined network state types;
and the determining and controlling module is used for determining whether the current network data access is in a safe state or not according to the network data state type, and if the current network data access is in an abnormal state, the access is forbidden.
Further, the preprocessing operation includes:
wherein X is a network data stream, M is a first characteristic matrix, W is a preprocessing weight matrix, and b is an offset;
and performing splicing on the first feature vector and the second feature vector to obtain spliced feature vectors, wherein the splicing step comprises the following steps: determining a splicing vector of the first feature vector and the second feature vector, wherein the dimension of the splicing vector is the sum of the dimensions of the first feature vector and the second feature vector;
and performing splicing on the first feature vector and the second feature vector based on the splicing vector to obtain a splicing feature vector.
Further, each layer of the first neural network model comprises convolution processing, maximum value pooling processing along the first characteristic matrix and activation processing on input data in forward transmission of the layer, wherein in the activation processing process, the activation value of any neuron is stopped at a certain probability by randomly selecting a neuron node operation; the input of the first layer of the first neural network model is a first feature matrix, and the output is a first feature vector and a network state preliminary judgment result.
Further, determining a network data state type based on the stitched feature vector and a support vector machine model, the support vector machine model comprising a defined network state type, comprising:
predefining the types of network states as an abnormal state and a normal state, wherein the abnormal state at least comprises an offline abnormality and/or an intrusion abnormality; and the network data flow passing through the network access interface under the corresponding network state type;
and determining the current network data state type based on the splicing characteristic vector and the support vector machine model, and determining the current network data state type as the final network data state type if the current network state type is consistent with the preliminary judgment result of the network state.
According to the network data access security control method and system provided by the invention, the expression and the preliminary judgment result of the network data stream feature matrix on a high-dimensional feature space are extracted by using the neural network model to execute processing on the network data stream feature matrix, and meanwhile, the analysis on the network data stream visual feature data is considered, the feature vector corresponding to the feature value is used as a second feature vector by calculating the covariance matrix of the first feature matrix and calculating the feature value of the covariance matrix, and the splicing is further executed based on the first feature vector and the second feature vector to obtain the spliced feature vector; determining the network data state type based on the splicing feature vector and the support vector machine model; and determining the current network data state type as the final network data state type by judging whether the current network state type is consistent with the preliminary judgment result of the network state, and determining whether the current network data access is in a safe state according to the final network data state type of the network, so that the accurate judgment of the safety of the network state access is improved.
Drawings
Fig. 1 is a flowchart illustrating a flow chart of a network data access security control method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a network data access security control system according to an embodiment of the present invention.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the application. One skilled in the relevant art will recognize, however, that the subject matter of the present application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the application.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
The implementation details of the technical solution of the embodiment of the present application are set forth in detail below:
referring to fig. 1, fig. 1 is a schematic flowchart of a network data access security control method according to an embodiment of the present invention. As shown in fig. 1, a method for controlling network data access security according to an embodiment of the present invention includes:
s1, receiving an access request, wherein the access request comprises a network access interface ID and access time; capturing a network data stream passing through the network access interface according to an access request, and performing preprocessing operation on the network data stream to generate a first feature matrix;
s2, inputting the first feature matrix into the first neural network model to obtain a first feature vector; meanwhile, a covariance matrix of the first feature matrix is calculated, an eigenvalue of the covariance matrix is calculated, and an eigenvector corresponding to the eigenvalue is used as a second eigenvector;
s3, splicing the first eigenvector and the second eigenvector to obtain spliced eigenvectors; determining the network data state type based on the splicing feature vector and the support vector machine model; wherein the first neural network model, support vector machine model, comprises a plurality of defined network state types.
S4, determining whether the current network data access is safe state according to the network data state type, if it is abnormal state, forbidding access.
In this embodiment, the network access interface includes a heterogeneous USB interface or other network transmission interface.
Preferably, the preprocessing operation includes:
wherein, X is the network data flow, M is the first characteristic matrix, W is the preprocessing weight matrix, and b is the offset.
Preferably, the stitching the first feature vector and the second feature vector to obtain a stitched feature vector includes:
determining a splicing vector of the first feature vector and the second feature vector, wherein the dimension of the splicing vector is the sum of the dimensions of the first feature vector and the second feature vector;
and performing splicing on the first feature vector and the second feature vector based on the splicing vector to obtain a splicing feature vector.
In this embodiment, specifically, if the first feature vector is x i =[x i1 , x i2 , x i3 , x i4 , x i5 … x ia ]The second feature vector is y i =[y i1 , y i2 , y i3 , y i4 , y i5 … y ib ]Wherein i =1,2 … n. Setting stitching vector u = [ u ] 1 , u 2 , u 3 , u 4 … u a+b ](ii) a The splicing feature vector is K i =[ u 1 x i1 , u 2 x i2 , u 3 x i3 , u 4 x i4 , u 5 x i5 … u a x ia, u a+1 y i1 , u a+2 y i2 , u a+3 y i3 , u a+4 y i4 , u a+5 y i5 … u a+b y ib ]。
Preferably, each layer of the first neural network model includes, in the forward direction transfer of the layer, convolution processing of input data, maximum pooling processing along the first feature matrix, and activation processing, wherein in the activation processing, the activation value of any neuron is stopped at a certain probability by randomly selecting a neuron node operation; the input of the first layer of the first neural network model is a first feature matrix, and the output is a first feature vector and a network state preliminary judgment result.
Preferably, the network data state type is determined based on the stitched feature vector and a support vector machine model, the support vector machine model including a defined network state type, including:
predefining the types of network states as an abnormal state and a normal state, wherein the abnormal state at least comprises an offline abnormality and/or an intrusion abnormality; and the network data flow passing through the network access interface under the corresponding network state type;
and determining the current network data state type based on the splicing characteristic vector and the support vector machine model, and determining the current network data state type as the final network data state type if the current network state type is consistent with the preliminary judgment result of the network state.
Further, determining whether the current network data access is in a safe state according to the network data state type, and if the current network data access is in an abnormal state, prohibiting the access, including: if the determined network data state type is abnormal intrusion, triggering the system to break the network, prompting the user and displaying early warning information;
if the determined network data state type is normal, acquiring the transmission rate of the network access interface, and transmitting display information to a user; the display information includes a network access interface ID and a transmission rate fluctuation map.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a network data access security control system according to an embodiment of the present invention. As shown in fig. 2, a network data access security control system according to an embodiment of the present invention includes:
the access module 10 receives an access request, wherein the access request comprises a network access interface ID and access time; capturing a network data stream passing through the network access interface according to an access request, and performing preprocessing operation on the network data stream to generate a first feature matrix;
a feature generation module 20, which inputs the first feature matrix to the first neural network model to obtain a first feature vector; meanwhile, a covariance matrix of the first feature matrix is calculated, an eigenvalue of the covariance matrix is calculated, and an eigenvector corresponding to the eigenvalue is used as a second eigenvector;
the determining module 30 is configured to perform stitching on the first eigenvector and the second eigenvector to obtain a stitched eigenvector; determining the network data state type based on the splicing feature vector and the support vector machine model; wherein the first neural network model, support vector machine model comprise a plurality of defined network state types;
and the determining and controlling module 40 determines whether the current network data access is in a safe state according to the network data state type, and if the current network data access is in an abnormal state, the access is forbidden.
Preferably, the pretreatment operation comprises:
wherein X is a network data stream, M is a first characteristic matrix, W is a preprocessing weight matrix, and b is an offset;
and performing splicing on the first feature vector and the second feature vector to obtain spliced feature vectors, wherein the splicing step comprises the following steps: determining a splicing vector of the first feature vector and the second feature vector, wherein the dimension of the splicing vector is the sum of the dimensions of the first feature vector and the second feature vector;
and performing splicing on the first feature vector and the second feature vector based on the splicing vector to obtain a splicing feature vector.
Preferably, each layer of the first neural network model includes, in the forward direction transfer of the layer, convolution processing of input data, maximum pooling processing along the first feature matrix, and activation processing, wherein in the activation processing, the activation value of any neuron is stopped at a certain probability by randomly selecting a neuron node operation; the input of the first layer of the first neural network model is a first feature matrix, and the output is a first feature vector and a network state preliminary judgment result.
Preferably, the network data state type is determined based on the stitched feature vector and a support vector machine model, the support vector machine model including a defined network state type, including:
predefining the types of network states as an abnormal state and a normal state, wherein the abnormal state at least comprises an offline abnormality and/or an intrusion abnormality; and the network data flow passing through the network access interface under the corresponding network state type;
and determining the current network data state type based on the splicing characteristic vector and the support vector machine model, and determining the current network data state type as the final network data state type if the current network state type is consistent with the preliminary judgment result of the network state.
In addition, the system includes a display module to: if the determined network data state type is abnormal intrusion, triggering the system to break the network, prompting the user and displaying early warning information; if the determined network data state type is normal, acquiring the transmission rate of the network access interface, and transmitting display information to a user; the display information includes a network access interface ID and a transmission rate fluctuation map.
In the scheme of the above embodiment of the present invention, the provided method and system for controlling network data access security receive an access request, where the access request includes a network access interface ID and an access time; capturing a network data stream passing through the network access interface according to an access request, and performing preprocessing operation on the network data stream to generate a first feature matrix; inputting the first feature matrix into a first neural network model to obtain a first feature vector; meanwhile, a covariance matrix of the first feature matrix is calculated, an eigenvalue of the covariance matrix is calculated, and an eigenvector corresponding to the eigenvalue is used as a second eigenvector; performing splicing on the first feature vector and the second feature vector to obtain a spliced feature vector; determining the network data state type based on the splicing feature vector and the support vector machine model; wherein the first neural network model, support vector machine model comprise a plurality of defined network state types.
Performing processing on a network data stream feature matrix by using a neural network model to extract expression and a preliminary judgment result of the network data stream feature matrix on a high-dimensional feature space, considering analysis on network data stream visual feature data, calculating a covariance matrix of a first feature matrix, calculating a feature value of the covariance matrix, taking a feature vector corresponding to the feature value as a second feature vector, and performing splicing based on the first feature vector and the second feature vector to obtain a spliced feature vector; determining the network data state type based on the splicing feature vector and the support vector machine model; and determining the current network data state type as the final network data state type by judging whether the current network state type is consistent with the preliminary judgment result of the network state, and determining whether the current network data access is in a safe state according to the final network data state type of the network, so that the accurate judgment of the safety of the network state access is improved.
The embodiment of the invention also discloses a computer storage medium, wherein a computer program is stored on the storage medium, and when the computer program is executed by a processor, the method is executed.
Embodiments of the present application also provide a computer program product or computer program comprising computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the method described in the various alternative implementations described above.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.
The elements described as separate parts may or may not be physically separate, as one of ordinary skill in the art would appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general sense in the foregoing description for clarity of explanation of the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may also be implemented in the form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention essentially or partially contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a grid device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. A network data access security control method, the method comprising:
receiving an access request, wherein the access request comprises a network access interface ID and access time; capturing a network data stream passing through the network access interface according to an access request, and performing preprocessing operation on the network data stream to generate a first feature matrix;
inputting the first feature matrix into a first neural network model to obtain a first feature vector; meanwhile, a covariance matrix of the first feature matrix is calculated, an eigenvalue of the covariance matrix is calculated, and an eigenvector corresponding to the eigenvalue is used as a second eigenvector;
performing splicing on the first feature vector and the second feature vector to obtain a spliced feature vector; determining the network data state type based on the splicing feature vector and the support vector machine model; wherein the first neural network model and the support vector machine model comprise a plurality of defined network state types;
and determining whether the current network data access is in a safe state or not according to the network data state type, and if the current network data access is in an abnormal state, prohibiting the access.
2. The method of claim 1, wherein the preprocessing operation comprises:
wherein, X is the network data flow, M is the first characteristic matrix, W is the preprocessing weight matrix, and b is the offset.
3. The method of claim 2, wherein the stitching the first eigenvector and the second eigenvector to obtain a stitched eigenvector comprises:
determining a splicing vector of the first feature vector and the second feature vector, wherein the dimension of the splicing vector is the sum of the dimensions of the first feature vector and the second feature vector;
and performing splicing on the first feature vector and the second feature vector based on the splicing vector to obtain a splicing feature vector.
4. The method according to claim 2, wherein each layer of the first neural network model includes convolution processing, maximum pooling processing along the first feature matrix, and activation processing on input data in forward direction of layer, wherein during the activation processing, the activation value of any neuron is stopped with a certain probability by randomly selecting neuron node operation; the input of the first layer of the first neural network model is a first feature matrix, and the output is a first feature vector and a network state preliminary judgment result.
5. The method of claim 4, wherein determining the network data state type is based on the stitched feature vector and a support vector machine model, the support vector machine model comprising a defined network state type, comprises:
predefining the types of network states as an abnormal state and a normal state, wherein the abnormal state at least comprises an offline abnormality and/or an intrusion abnormality; and the network data flow passing through the network access interface under the corresponding network state type;
and determining the current network data state type based on the splicing characteristic vector and the support vector machine model, and determining the current network data state type as the final network data state type if the current network state type is consistent with the preliminary judgment result of the network state.
6. The method of claim 5, wherein determining whether the current network data access is in a security state according to the network data state type, and if the current network data access is in an abnormal state, prohibiting the access comprises: if the determined network data state type is abnormal intrusion, triggering the system to break the network, prompting the user and displaying early warning information;
if the determined network data state type is normal, acquiring the transmission rate of the network access interface, and transmitting display information to a user; the display information includes a network access interface ID and a transmission rate fluctuation map.
7. A network data access security control system, the system comprising:
the access module receives an access request, wherein the access request comprises a network access interface ID and access time; capturing a network data stream passing through the network access interface according to an access request, and performing preprocessing operation on the network data stream to generate a first feature matrix;
the characteristic generating module is used for inputting the first characteristic matrix into the first neural network model so as to obtain a first characteristic vector; meanwhile, a covariance matrix of the first feature matrix is calculated, an eigenvalue of the covariance matrix is calculated, and an eigenvector corresponding to the eigenvalue is used as a second eigenvector;
the determining module is used for splicing the first feature vector and the second feature vector to obtain a spliced feature vector; determining the network data state type based on the splicing feature vector and the support vector machine model; wherein the first neural network model, support vector machine model comprise a plurality of defined network state types;
and the determining and controlling module is used for determining whether the current network data access is in a safe state or not according to the network data state type, and if the current network data access is in an abnormal state, the access is forbidden.
8. The network data access security control system of claim 7, wherein the preprocessing operation comprises:
wherein X is a network data stream, M is a first characteristic matrix, W is a preprocessing weight matrix, and b is an offset;
executing splicing on the first feature vector and the second feature vector to obtain a spliced feature vector, wherein the splicing process comprises the following steps: determining a splicing vector of the first feature vector and the second feature vector, wherein the dimension of the splicing vector is the sum of the dimensions of the first feature vector and the second feature vector;
and performing splicing on the first feature vector and the second feature vector based on the splicing vector to obtain a splicing feature vector.
9. The system according to claim 8, wherein each layer of the first neural network model includes convolution processing, maximum pooling processing along the first feature matrix, and activation processing on input data in forward direction of layer, wherein during the activation processing, the activation value of any neuron is stopped with a certain probability by randomly selecting neuron node operation; the input of the first layer of the first neural network model is a first feature matrix, and the output is a first feature vector and a network state preliminary judgment result.
10. The network data access security control system of claim 9, wherein the network data state type is determined based on the stitched feature vectors and a support vector machine model, the support vector machine model comprising a defined network state type, comprising:
predefining the types of network states as an abnormal state and a normal state, wherein the abnormal state at least comprises an offline abnormality and/or an intrusion abnormality; and the network data flow passing through the network access interface under the corresponding network state type;
and determining the current network data state type based on the splicing characteristic vector and the support vector machine model, and determining the current network data state type as the final network data state type if the current network state type is consistent with the preliminary judgment result of the network state.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210777933.6A CN115118513A (en) | 2022-07-04 | 2022-07-04 | Network data access security control method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210777933.6A CN115118513A (en) | 2022-07-04 | 2022-07-04 | Network data access security control method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115118513A true CN115118513A (en) | 2022-09-27 |
Family
ID=83329896
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210777933.6A Pending CN115118513A (en) | 2022-07-04 | 2022-07-04 | Network data access security control method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115118513A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116436700A (en) * | 2023-06-09 | 2023-07-14 | 北京中科网芯科技有限公司 | Monitoring method and system for network security event |
-
2022
- 2022-07-04 CN CN202210777933.6A patent/CN115118513A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116436700A (en) * | 2023-06-09 | 2023-07-14 | 北京中科网芯科技有限公司 | Monitoring method and system for network security event |
| CN116436700B (en) * | 2023-06-09 | 2023-08-22 | 北京中科网芯科技有限公司 | Monitoring method and system for network security event |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111652496B (en) | Running risk assessment method and device based on network security situation awareness system | |
| EP3800587A1 (en) | Method and machine learning system for detecting adversarial examples | |
| CN111931640B (en) | Abnormal sitting posture identification method and device, electronic equipment and storage medium | |
| CN108073821A (en) | Data safety processing method and device | |
| EP3812937A1 (en) | System and method for protection and detection of adversarial attacks against a classifier | |
| CN110298374B (en) | Driving track energy consumption analysis method and device based on deep learning | |
| CN111260620A (en) | Image anomaly detection method and device and electronic equipment | |
| CN111985921A (en) | Verification processing method based on block chain offline payment and digital financial service platform | |
| CN115118513A (en) | Network data access security control method and system | |
| CN111433786B (en) | Computing device and information input method for computing device | |
| CN115550053A (en) | Monitoring alarm prediction method and device | |
| CN116599766A (en) | Smart electric meter detection method, device, equipment and storage medium | |
| CN112860549A (en) | Method and device for obtaining test sample | |
| CN117097541A (en) | API service attack detection method, device, equipment and storage medium | |
| CN115314268B (en) | Malicious encryption traffic detection method and system based on traffic fingerprint and behavior | |
| CN116089920A (en) | Sensitive field early warning method, system, computer equipment and medium | |
| EP4254241A1 (en) | Method and device for image-based malware detection, and artificial intelligence-based endpoint detection and response system using same | |
| EP4184398A1 (en) | Identifying, or checking integrity of, a machine-learning classification model | |
| CN114826765A (en) | Network monitoring method and system based on special-shaped interface | |
| CN116057520A (en) | Method for training submodules and preventing capture of AI modules | |
| CN115250199B (en) | Data stream detection method and device, terminal equipment and storage medium | |
| CN115150439B (en) | Method and system for analyzing perception data, storage medium and electronic equipment | |
| CN110796237A (en) | Method and device for detecting attack resistance of deep neural network | |
| EP4398152A1 (en) | Analytics platform optimisation | |
| US20240046068A1 (en) | Information processing device for improving quality of generator of generative adversarial network (gan) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220927 |