CN105959316A - Network security authentication system - Google Patents
Network security authentication system Download PDFInfo
- Publication number
- CN105959316A CN105959316A CN201610540807.3A CN201610540807A CN105959316A CN 105959316 A CN105959316 A CN 105959316A CN 201610540807 A CN201610540807 A CN 201610540807A CN 105959316 A CN105959316 A CN 105959316A
- Authority
- CN
- China
- Prior art keywords
- sample
- max
- data
- clusters
- center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network security authentication system, comprising a data capturing module, used for capturing suspicious traffic and abnormal behaviors of an import and export system to form sample data; a data preprocessing module, used for carrying out screening preprocessing on the sample data, removing the noise data in the sample data and carrying out dimensionality reduction processing on the sample data; and a behavior analysis module, used for carrying out clustering analysis on the preprocessed sample data by adopting an improved K-Means clustering method, and carrying out aggressive behavior detection based on an artificial neural network algorithm to identify potential unknown attacks in the network. The network security authentication system disclosed by the invention can detect known and unknown network attacks, carry out clustering analysis on the preprocessed suspicious traffic and the abnormal behaviors of the import and export system by adopting the improved K-Means clustering method and can accurately separate the network attacks of various types, so as to achieve very high accuracy and a very low false alarm rate.
Description
Technical field
The present invention relates to Internet technical field, be specifically related to internet security checking system.
Background technology
In correlation technique, network security detecting system uses Passive Defence technology, such as firewall technology and intrusion detection skill mostly
Art etc..Firewall technology only filters static data, can not stop the attack from network internal;Intrusion Detection Technique is not only
Can not effectively detect the attack of UNKNOWN TYPE it is also possible to occur failing to report and reporting by mistake.
Summary of the invention
For the problems referred to above, the present invention provides internet security to verify system.
The purpose of the present invention realizes by the following technical solutions:
Internet security checking system, including data capture module, data preprocessing module, behavior analysis module;Described data
Trapping module, for capturing the suspicious traffic of turnover system and Deviant Behavior, forms sample data;Described data prediction
Module, for sample data carries out screening pretreatment, the noise data in removal sample data, then sample data is carried out
Dimension-reduction treatment;Described behavior analysis module, for using the K-means clustering method of improvement to enter pretreated sample data
Row cluster analysis, and carry out aggressive behavior detection based on artificial neural network algorithm, identify unknown attack potential in network.
Preferably, described data capture module uses the suspicious traffic of fire wall collection turnover system.
Preferably, described data capture module is described by using intruding detection system to monitor network transmission in real time to capture
Deviant Behavior.
Wherein, the described K-means clustering method using improvement carries out cluster analysis to pretreated sample data, including:
1) described sample data is divided into n sample, n sample is carried out vectorization, calculated by included angle cosine function all
Sample similarity between any two, obtains similarity matrix XS;
2) each row of similarity matrix XS is sued for peace, calculate the similarity of each sample and whole original sample, if
XS=[sim (ai,aj)]n×n, i, j=1 ..., n, wherein sim (ai,aj) represent sample ai,ajBetween similarity, sum formula is:
3) XS is arranged in descending orderp, p=1 ..., n, if XSpBy front 4 values arranged from big to small it is
XSmax,XSmax-1,XSmax-2,XSmax-3If,Select and maximum
XSmaxCorresponding sample as first initial center that clusters, otherwise select with
XSmax,XSmax-1,XSmax-2,XSmax-3The average of four corresponding samples is as first initial bunch center;
4) it is XS by maximummaxIn corresponding matrix, the element of row vector carries out ascending order arrangement, it is assumed that front k-1 minimum unit
Element is XSpq, q=1 ..., k-1, k-1 minimum element XS before selectingpqCorresponding sample is as at the beginning of remaining k-1
The center that clusters begun, wherein said k value is hidden layer number, determines according to test of many times;
5) calculate residue sample and each initial similarity clustered between center, residue sample is distributed to the highest the gathering of similarity
In bunch, form the k after change and cluster;
6) average of each sample in clustering after calculating change, replaces in clustering before updating as the center that clusters after updating
The heart;
7) if the center that clusters before Geng Xining is identical with the center that clusters after renewal, or object function has reached minima, stops more
Newly, described object function is:
Wherein, ClL during expression k clusters clusters, axIt is the sample during l clusters,It is l the center clustered.
Wherein, the span of the described ratio value T set is as [1.4,1.8].
The invention have the benefit that
1, known and unknown network can be attacked and detect, by the K-means clustering method that improves to pretreated respectively
The sample data of the network suspicious traffic and Deviant Behavior of planting turnover system carries out cluster analysis, can be accurately by various types of
Network attack distinguishes, thus reaches the highest accuracy rate and the lowest rate of false alarm;
2, provide the K-means clustering method of improvement, be prevented effectively from the single occasionality taking arbitrary sampling method to be brought,
Improve cluster stability, further increase the accuracy of internet security checking.
Accompanying drawing explanation
The invention will be further described to utilize accompanying drawing, but the embodiment in accompanying drawing does not constitute any limitation of the invention, for
Those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtains the attached of other according to the following drawings
Figure.
Fig. 1 is the connection diagram of each module of the present invention;
Fig. 2 is the principle schematic of present system running.
Reference:
Data capture module 1, data preprocessing module 2, behavior analysis module 3.
Detailed description of the invention
The invention will be further described with the following Examples.
Embodiment 1
Seeing Fig. 1, Fig. 2, the internet security checking system of the present embodiment, including data capture module 1, data prediction mould
Block 2, behavior analysis module 3;Described data capture module 1 is used for the suspicious traffic to turnover system and Deviant Behavior captures,
Form sample data;Described data preprocessing module 2, for carrying out screening pretreatment, in removal sample data to sample data
Noise data, then sample data is carried out dimension-reduction treatment;Described behavior analysis module 3, for using the K-means of improvement
Clustering method carries out cluster analysis to pretreated sample data, and carries out aggressive behavior detection based on artificial neural network algorithm,
Identify unknown attack potential in network.
Wherein, described data capture module 1 uses the suspicious traffic of fire wall collection turnover system.
Wherein, described data capture module 1 is described by using intruding detection system to monitor network transmission in real time to capture
Deviant Behavior.
Wherein, the described K-means clustering method using improvement carries out cluster analysis to pretreated sample data, including:
1) described sample data is divided into n sample, n sample is carried out vectorization, calculated by included angle cosine function all
Sample similarity between any two, obtains similarity matrix XS;
2) each row of similarity matrix XS is sued for peace, calculate the similarity of each sample and whole original sample, if
XS=[sim (ai,aj)]n×n, i, j=1 ..., n, wherein sim (βi,aj) represent sample ai,ajBetween similarity, sum formula is:
3) XS is arranged in descending orderp, p=1 ..., n, if XSpBy front 4 values arranged from big to small it is
XSmax,XSmax-1,XSmax-2,XSmax-3If,Select and maximum
XSmaxCorresponding sample as first initial center that clusters, otherwise select with
XSmax,XSmax-1,XSmax-2,XSmax-3The average of four corresponding samples is as first initial bunch center;
4) it is XS by maximummaxIn corresponding matrix, the element of row vector carries out ascending order arrangement, it is assumed that front k-1 minimum unit
Element is XSpq, q=1 ..., k-1, k-1 minimum element XS before selectingpqCorresponding sample is as at the beginning of remaining k-1
The center that clusters begun, wherein said k value is hidden layer number, determines according to test of many times;
5) calculate residue sample and each initial similarity clustered between center, residue sample is distributed to the highest the gathering of similarity
In bunch, form the k after change and cluster;
6) average of each sample in clustering after calculating change, replaces in clustering before updating as the center that clusters after updating
The heart;
7) if the center that clusters before Geng Xining is identical with the center that clusters after renewal, or object function has reached minima, stops more
Newly, described object function is:
Wherein, ClL during expression k clusters clusters, axIt is the sample during l clusters,It is l the center clustered.
Known and unknown network attack can be detected by having the beneficial effect that of the present embodiment, gathered by the K-means improved
Class method carries out cluster analysis to the pretreated network suspicious traffic of various turnover systems and the sample data of Deviant Behavior, can
To be distinguished by various types of network attacks accurately, thus reach the highest accuracy rate and the lowest rate of false alarm;Provide and change
The K-means clustering method entered, is prevented effectively from the single occasionality taking arbitrary sampling method to be brought, improves cluster stability,
Further increase the accuracy of internet security checking, wherein set ratio value T=1.4, the accuracy of internet security checking
Relatively improve 2%.
Embodiment 2
Seeing Fig. 1, Fig. 2, the internet security checking system of the present embodiment, including data capture module 1, data prediction mould
Block 2, behavior analysis module 3;Described data capture module 1 is used for the suspicious traffic to turnover system and Deviant Behavior captures,
Form sample data;Described data preprocessing module 2, for carrying out screening pretreatment, in removal sample data to sample data
Noise data, then sample data is carried out dimension-reduction treatment;Described behavior analysis module 3, for using the K-means of improvement
Clustering method carries out cluster analysis to pretreated sample data, and carries out aggressive behavior detection based on artificial neural network algorithm,
Identify unknown attack potential in network.
Wherein, described data capture module 1 uses the suspicious traffic of fire wall collection turnover system.
Wherein, described data capture module 1 is described by using intruding detection system to monitor network transmission in real time to capture
Deviant Behavior.
Wherein, the described K-means clustering method using improvement carries out cluster analysis to pretreated sample data, including:
1) described sample data is divided into n sample, n sample is carried out vectorization, calculated by included angle cosine function all
Sample similarity between any two, obtains similarity matrix XS;
2) each row of similarity matrix XS is sued for peace, calculate the similarity of each sample and whole original sample, if
XS=[sim (ai,aj)]n×n, i, j=1 ..., n, wherein sim (ai,aj) represent sample ai,ajBetween similarity, sum formula is:
3) XS is arranged in descending orderp, p=1 ..., n, if XSpBy front 4 values arranged from big to small it is
XSmax,XSmax-1,XSmax-2,XSmax-3If,Select and maximum
XSmaxCorresponding sample as first initial center that clusters, otherwise select with
XSmax,XSmax-1,XSmax-2,XSmax-3The average of four corresponding samples is as first initial bunch center;
4) it is XS by maximummaxIn corresponding matrix, the element of row vector carries out ascending order arrangement, it is assumed that front k-1 minimum unit
Element is XSpq, q=1 ..., k-1, k-1 minimum element XS before selectingpqCorresponding sample is as at the beginning of remaining k-1
The center that clusters begun, wherein said k value is hidden layer number, determines according to test of many times;
5) calculate residue sample and each initial similarity clustered between center, residue sample is distributed to the highest the gathering of similarity
In bunch, form the k after change and cluster;
6) average of each sample in clustering after calculating change, replaces in clustering before updating as the center that clusters after updating
The heart;
7) if the center that clusters before Geng Xining is identical with the center that clusters after renewal, or object function has reached minima, stops more
Newly, described object function is:
Wherein, ClL during expression k clusters clusters, axIt is the sample during l clusters,It is l the center clustered.
Known and unknown network attack can be detected by having the beneficial effect that of the present embodiment, gathered by the K-means improved
Class method carries out cluster analysis to the pretreated network suspicious traffic of various turnover systems and the sample data of Deviant Behavior, can
To be distinguished by various types of network attacks accurately, thus reach the highest accuracy rate and the lowest rate of false alarm;Provide and change
The K-means clustering method entered, is prevented effectively from the single occasionality taking arbitrary sampling method to be brought, improves cluster stability
Further increasing the accuracy of internet security checking, wherein set ratio value T=1.45, it is accurate that internet security is verified
Degree improves 2.5% relatively.
Embodiment 3
Seeing Fig. 1, Fig. 2, the internet security checking system of the present embodiment, including data capture module 1, data prediction mould
Block 2, behavior analysis module 3;Described data capture module 1 is used for the suspicious traffic to turnover system and Deviant Behavior captures,
Form sample data;Described data preprocessing module 2, for carrying out screening pretreatment, in removal sample data to sample data
Noise data, then sample data is carried out dimension-reduction treatment;Described behavior analysis module 3, for using the K-means of improvement
Clustering method carries out cluster analysis to pretreated sample data, and carries out aggressive behavior detection based on artificial neural network algorithm,
Identify unknown attack potential in network.
Wherein, described data capture module 1 uses the suspicious traffic of fire wall collection turnover system.
Wherein, described data capture module 1 is described by using intruding detection system to monitor network transmission in real time to capture
Deviant Behavior.
Wherein, the described K-means clustering method using improvement carries out cluster analysis to pretreated sample data, including:
1) described sample data is divided into n sample, n sample is carried out vectorization, calculated by included angle cosine function all
Sample similarity between any two, obtains similarity matrix XS;
2) each row of similarity matrix XS is sued for peace, calculate the similarity of each sample and whole original sample, if
XS=[sim (ai,aj)]n×n, i, j=1 ..., n, wherein sim (ai,aj) represent sample ai,ajBetween similarity, sum formula is:
3) XS is arranged in descending orderp, p=1 ..., n, if XSpBy front 4 values arranged from big to small it is
XSmax,XSmax-1,XSmax-2,XSmax-3If,Select and maximum
XSmaxCorresponding sample as first initial center that clusters, otherwise select with
XSmax,XSmax-1,XSmax-2,XSmax-3The average of four corresponding samples is as first initial bunch center;
4) it is XS by maximummaxIn corresponding matrix, the element of row vector carries out ascending order arrangement, it is assumed that front k-1 minimum unit
Element is XSpq, q=1 ..., k-1, k-1 minimum element XS before selectingpqCorresponding sample is as at the beginning of remaining k-1
The center that clusters begun, wherein said k value is hidden layer number, determines according to test of many times;
5) calculate residue sample and each initial similarity clustered between center, residue sample is distributed to the highest the gathering of similarity
In bunch, form the k after change and cluster;
6) average of each sample in clustering after calculating change, replaces in clustering before updating as the center that clusters after updating
The heart;
7) if the center that clusters before Geng Xining is identical with the center that clusters after renewal, or object function has reached minima, stops more
Newly, described object function is:
Wherein, ClL during expression k clusters clusters, axIt is the sample during l clusters,It is l the center clustered.
Known and unknown network attack can be detected by having the beneficial effect that of the present embodiment, gathered by the K-means improved
Class method carries out cluster analysis to the pretreated network suspicious traffic of various turnover systems and the sample data of Deviant Behavior, can
To be distinguished by various types of network attacks accurately, thus reach the highest accuracy rate and the lowest rate of false alarm;Provide and change
The K-means clustering method entered, is prevented effectively from the single occasionality taking arbitrary sampling method to be brought, improves cluster stability,
Further increase the accuracy of internet security checking, wherein set ratio value T=1.5, the accuracy of internet security checking
Relatively improve 4%.
Embodiment 4
Seeing Fig. 1, Fig. 2, the internet security checking system of the present embodiment, including data capture module 1, data prediction mould
Block 2, behavior analysis module 3;Described data capture module 1 is used for the suspicious traffic to turnover system and Deviant Behavior captures,
Form sample data;Described data preprocessing module 2, for carrying out screening pretreatment, in removal sample data to sample data
Noise data, then sample data is carried out dimension-reduction treatment;Described behavior analysis module 3, for using the K-means of improvement
Clustering method carries out cluster analysis to pretreated sample data, and carries out aggressive behavior detection based on artificial neural network algorithm,
Identify unknown attack potential in network.
Wherein, described data capture module 1 uses the suspicious traffic of fire wall collection turnover system.
Wherein, described data capture module 1 is described by using intruding detection system to monitor network transmission in real time to capture
Deviant Behavior.
Wherein, the described K-means clustering method using improvement carries out cluster analysis to pretreated sample data, including:
1) described sample data is divided into n sample, n sample is carried out vectorization, calculated by included angle cosine function all
Sample similarity between any two, obtains similarity matrix XS;
2) each row of similarity matrix XS is sued for peace, calculate the similarity of each sample and whole original sample, if
XS=[sim (ai,aj)]n×n, i, j=1 ..., n, wherein sim (ai,aj) represent sample ai,ajBetween similarity, sum formula is:
3) XS is arranged in descending orderp, p=1 ..., n, if XSpBy front 4 values arranged from big to small it is
XSmax,XSmax-1,XSmax-2,XSmax-3If,Select and maximum
XSmaxCorresponding sample as first initial center that clusters, otherwise select with
XSmax,XSmax-1,XSmxx-2,XSmax-3The average of four corresponding samples is as first initial bunch center;
4) it is XS by maximummaxIn corresponding matrix, the element of row vector carries out ascending order arrangement, it is assumed that front k-1 minimum unit
Element is XSpq, q=1 ..., k-1, k-1 minimum element XS before selectingpqCorresponding sample is as at the beginning of remaining k-1
The center that clusters begun, wherein said k value is hidden layer number, determines according to test of many times;
5) calculate residue sample and each initial similarity clustered between center, residue sample is distributed to the highest the gathering of similarity
In bunch, form the k after change and cluster;
6) average of each sample in clustering after calculating change, replaces in clustering before updating as the center that clusters after updating
The heart;
7) if the center that clusters before Geng Xining is identical with the center that clusters after renewal, or object function has reached minima, stops more
Newly, described object function is:
Wherein, ClL during expression k clusters clusters, axIt is the sample during l clusters,It is l the center clustered.
Known and unknown network attack can be detected by having the beneficial effect that of the present embodiment, gathered by the K-means improved
Class method carries out cluster analysis to the pretreated network suspicious traffic of various turnover systems and the sample data of Deviant Behavior, can
To be distinguished by various types of network attacks accurately, thus reach the highest accuracy rate and the lowest rate of false alarm;Provide and change
The K-means clustering method entered, is prevented effectively from the single occasionality taking arbitrary sampling method to be brought, improves cluster stability,
Further increasing the accuracy of internet security checking, wherein set ratio value T=1.55, it is accurate that internet security is verified
Degree improves 2.8% relatively.
Embodiment 5
Seeing Fig. 1, Fig. 2, the internet security checking system of the present embodiment, including data capture module 1, data prediction mould
Block 2, behavior analysis module 3;Described data capture module 1 is used for the suspicious traffic to turnover system and Deviant Behavior captures,
Form sample data;Described data preprocessing module 2, for carrying out screening pretreatment, in removal sample data to sample data
Noise data, then sample data is carried out dimension-reduction treatment;Described behavior analysis module 3, for using the K-means of improvement
Clustering method carries out cluster analysis to pretreated sample data, and carries out aggressive behavior detection based on artificial neural network algorithm,
Identify unknown attack potential in network.
Wherein, described data capture module 1 uses the suspicious traffic of fire wall collection turnover system.
Wherein, described data capture module 1 is described by using intruding detection system to monitor network transmission in real time to capture
Deviant Behavior.
Wherein, the described K-means clustering method using improvement carries out cluster analysis to pretreated sample data, including:
1) described sample data is divided into n sample, n sample is carried out vectorization, calculated by included angle cosine function all
Sample similarity between any two, obtains similarity matrix XS;
2) each row of similarity matrix XS is sued for peace, calculate the similarity of each sample and whole original sample, if
XS=[sim (ai,aj)]n×n, i, j=1 ..., n, wherein sim (ai,aj) represent sample ai,ajBetween similarity, sum formula is:
3) XS is arranged in descending orderp, p=1 ..., n, if XSpBy front 4 values arranged from big to small it is
XSmax,XSmax-1,XSmax-2,XSmax-3If,Select and maximum
XSmaxCorresponding sample as first initial center that clusters, otherwise select with
XSmax,XSmax-1,XSmax-2,XSmax-3The average of four corresponding samples is as first initial bunch center;
4) it is XS by maximummaxIn corresponding matrix, the element of row vector carries out ascending order arrangement, it is assumed that front k-1 minimum unit
Element is XSpq, q=1 ..., k-1, k-1 minimum element XS before selectingpqCorresponding sample is as at the beginning of remaining k-1
The center that clusters begun, wherein said k value is hidden layer number, determines according to test of many times;
5) calculate residue sample and each initial similarity clustered between center, residue sample is distributed to the highest the gathering of similarity
In bunch, form the k after change and cluster;
6) average of each sample in clustering after calculating change, replaces in clustering before updating as the center that clusters after updating
The heart;
7) if the center that clusters before Geng Xining is identical with the center that clusters after renewal, or object function has reached minima, stops more
Newly, described object function is:
Wherein, ClL during expression k clusters clusters, axIt is the sample during l clusters,It is l the center clustered.
Known and unknown network attack can be detected by having the beneficial effect that of the present embodiment, gathered by the K-means improved
Class method carries out cluster analysis to the pretreated network suspicious traffic of various turnover systems and the sample data of Deviant Behavior, can
To be distinguished by various types of network attacks accurately, thus reach the highest accuracy rate and the lowest rate of false alarm;Provide and change
The K-means clustering method entered, is prevented effectively from the single occasionality taking arbitrary sampling method to be brought, and improves cluster stable
Property, further increase the accuracy of internet security checking, wherein set ratio value T=1.6, the standard of internet security checking
Exactness improves 3.2% relatively.
Last it should be noted that, above example is only in order to illustrate technical scheme, rather than to scope
Restriction, although having made to explain to the present invention with reference to preferred embodiment, it will be understood by those within the art that,
Technical scheme can be modified or equivalent, without deviating from the spirit and scope of technical solution of the present invention.
Claims (5)
1. internet security checking system, it is characterised in that include data capture module, data preprocessing module, behavior analysis module;
Described data capture module, for capturing the suspicious traffic of turnover system and Deviant Behavior, forms sample data;
Described data preprocessing module, for sample data carries out screening pretreatment, the noise data in removal sample data,
Then sample data is carried out dimension-reduction treatment;
Described behavior analysis module, for using the K-means clustering method of improvement to cluster pretreated sample data
Analyze, and carry out aggressive behavior detection based on artificial neural network algorithm, identify unknown attack potential in network.
Internet security the most according to claim 1 checking system, it is characterised in that described data capture module uses fire wall
Gather the suspicious traffic of turnover system.
Internet security the most according to claim 1 checking system, it is characterised in that described data capture module is entered by use
Invade detecting system network transmission is monitored in real time and captures described Deviant Behavior.
Internet security the most according to claim 1 checking system, it is characterised in that the K-means cluster that described employing improves
Method carries out cluster analysis to pretreated sample data, including:
1) described sample data is divided into n sample, n sample is carried out vectorization, calculated by included angle cosine function all
Sample similarity between any two, obtains similarity matrix XS;
2) each row of similarity matrix XS is sued for peace, calculate the similarity of each sample and whole original sample, if
XS=[sim (ai, aj)]n×n, i, j=1 ..., n, wherein sim (ai, aj) represent sample ai,ajBetween similarity, sum formula is:
3) XS is arranged in descending orderp, p=1 ..., n, if XSpBy front 4 values arranged from big to small it is
XSmax,XSmax-1,XSmax-2,XSmax-3If,Select and maximum
XSmaxCorresponding sample as first initial center that clusters, otherwise select with
XSmax,XSmax-1,XSmax-2,XSmax-3The average of four corresponding samples is as first initial bunch center;
4) it is XS by maximummaxIn corresponding matrix, the element of row vector carries out ascending order arrangement, it is assumed that front k-1 minimum unit
Element is XSpq, q=1 ..., k-1, k-1 minimum element XS before selectingpqCorresponding sample is as at the beginning of remaining k-1
The center that clusters begun, wherein said k is the cluster number set;
5) calculate residue sample and each initial similarity clustered between center, residue sample is distributed to the highest the gathering of similarity
In bunch, form the k after change and cluster;
6) average of each sample in clustering after calculating change, replaces in clustering before updating as the center that clusters after updating
The heart;
7) if the center that clusters before Geng Xining is identical with the center that clusters after renewal, or object function has reached minima, stops more
Newly, described object function is:
Wherein, ClL during expression k clusters clusters, axIt is the sample during l clusters,It is during l clusters
The heart.
Internet security the most according to claim 1 checking system, it is characterised in that the value model of the ratio value T of described setting
Enclose for [1.4,1.6].
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610540807.3A CN105959316A (en) | 2016-07-06 | 2016-07-06 | Network security authentication system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610540807.3A CN105959316A (en) | 2016-07-06 | 2016-07-06 | Network security authentication system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105959316A true CN105959316A (en) | 2016-09-21 |
Family
ID=56900544
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610540807.3A Withdrawn CN105959316A (en) | 2016-07-06 | 2016-07-06 | Network security authentication system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105959316A (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106548252A (en) * | 2016-10-28 | 2017-03-29 | 深圳大图科创技术开发有限公司 | Based on the distribution network structure constructing system for improving K means clusters |
CN107896229A (en) * | 2017-12-26 | 2018-04-10 | 黄河交通学院 | A kind of method, system and the mobile terminal of computer network abnormality detection |
CN107895171A (en) * | 2017-10-31 | 2018-04-10 | 天津大学 | A kind of intrusion detection method based on K averages Yu depth confidence network |
CN108418841A (en) * | 2018-05-18 | 2018-08-17 | 广西电网有限责任公司 | Next-generation key message infrastructure network Security Situation Awareness Systems based on AI |
CN109976709A (en) * | 2017-12-28 | 2019-07-05 | 国民技术股份有限公司 | Randomness detecting method, device, equipment and computer readable storage medium |
CN110191085A (en) * | 2019-04-09 | 2019-08-30 | 中国科学院计算机网络信息中心 | Based on polytypic intrusion detection method, device and storage medium |
CN110572362A (en) * | 2019-08-05 | 2019-12-13 | 北京邮电大学 | network attack detection method and device for multiple types of unbalanced abnormal traffic |
CN111131237A (en) * | 2019-12-23 | 2020-05-08 | 深圳供电局有限公司 | Microgrid attack identification method based on BP neural network and grid-connected interface device |
CN111209563A (en) * | 2019-12-27 | 2020-05-29 | 北京邮电大学 | Network intrusion detection method and system |
CN112367338A (en) * | 2020-11-27 | 2021-02-12 | 腾讯科技(深圳)有限公司 | Malicious request detection method and device |
-
2016
- 2016-07-06 CN CN201610540807.3A patent/CN105959316A/en not_active Withdrawn
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106548252A (en) * | 2016-10-28 | 2017-03-29 | 深圳大图科创技术开发有限公司 | Based on the distribution network structure constructing system for improving K means clusters |
CN107895171A (en) * | 2017-10-31 | 2018-04-10 | 天津大学 | A kind of intrusion detection method based on K averages Yu depth confidence network |
CN107896229A (en) * | 2017-12-26 | 2018-04-10 | 黄河交通学院 | A kind of method, system and the mobile terminal of computer network abnormality detection |
CN109976709A (en) * | 2017-12-28 | 2019-07-05 | 国民技术股份有限公司 | Randomness detecting method, device, equipment and computer readable storage medium |
CN108418841A (en) * | 2018-05-18 | 2018-08-17 | 广西电网有限责任公司 | Next-generation key message infrastructure network Security Situation Awareness Systems based on AI |
CN108418841B (en) * | 2018-05-18 | 2019-02-19 | 广西电网有限责任公司 | Next-generation key message infrastructure network Security Situation Awareness Systems based on AI |
CN110191085A (en) * | 2019-04-09 | 2019-08-30 | 中国科学院计算机网络信息中心 | Based on polytypic intrusion detection method, device and storage medium |
CN110191085B (en) * | 2019-04-09 | 2021-09-10 | 中国科学院计算机网络信息中心 | Intrusion detection method and device based on multiple classifications and storage medium |
CN110572362A (en) * | 2019-08-05 | 2019-12-13 | 北京邮电大学 | network attack detection method and device for multiple types of unbalanced abnormal traffic |
CN111131237A (en) * | 2019-12-23 | 2020-05-08 | 深圳供电局有限公司 | Microgrid attack identification method based on BP neural network and grid-connected interface device |
CN111131237B (en) * | 2019-12-23 | 2020-12-29 | 深圳供电局有限公司 | Microgrid attack identification method based on BP neural network and grid-connected interface device |
CN111209563A (en) * | 2019-12-27 | 2020-05-29 | 北京邮电大学 | Network intrusion detection method and system |
CN111209563B (en) * | 2019-12-27 | 2022-04-08 | 北京邮电大学 | Network intrusion detection method and system |
CN112367338A (en) * | 2020-11-27 | 2021-02-12 | 腾讯科技(深圳)有限公司 | Malicious request detection method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105959316A (en) | Network security authentication system | |
US10389745B2 (en) | System and methods for detecting bots real-time | |
CN105577679B (en) | A kind of anomalous traffic detection method based on feature selecting and density peaks cluster | |
CN106656991B (en) | A kind of Cyberthreat detection system and detection method | |
CN109858244B (en) | Method and system for detecting abnormal behaviors of processes in container | |
Petrovic | A comparison between the silhouette index and the davies-bouldin index in labelling ids clusters | |
CN107493277B (en) | Large data platform online anomaly detection method based on maximum information coefficient | |
US8245301B2 (en) | Network intrusion detection visualization | |
CN112114995B (en) | Terminal abnormality analysis method, device, equipment and storage medium based on process | |
CN104753946A (en) | Security analysis framework based on network traffic meta data | |
CN109088869B (en) | APT attack detection method and device | |
CN105471882A (en) | Behavior characteristics-based network attack detection method and device | |
CN103761748A (en) | Method and device for detecting abnormal behaviors | |
CN105959162A (en) | Distributed electric power enterprise information network safety management system | |
CN108111463A (en) | The self study of various dimensions baseline and abnormal behaviour analysis based on average value and standard deviation | |
CN106951776A (en) | A kind of Host Anomaly Detection method and system | |
CN109428857A (en) | A kind of detection method and device of malice detection behavior | |
CN110598959A (en) | Asset risk assessment method and device, electronic equipment and storage medium | |
CN102510388A (en) | Negative selection intrusion detection method based on variable self-body radius | |
RU180789U1 (en) | DEVICE OF INFORMATION SECURITY AUDIT IN AUTOMATED SYSTEMS | |
Werner et al. | Near real-time intrusion alert aggregation using concept-based learning | |
Luktarhan et al. | Multi-stage attack detection algorithm based on hidden markov model | |
CN116074092B (en) | Attack scene reconstruction system based on heterogram attention network | |
CN111339986A (en) | Frequency law mining method and system for equipment based on time domain/frequency domain analysis | |
CN110737890A (en) | internal threat detection system and method based on heterogeneous time sequence event embedding learning |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C04 | Withdrawal of patent application after publication (patent law 2001) | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20160921 |