CN108076060B - Neural network situation prediction method based on dynamic k-means clustering - Google Patents

Neural network situation prediction method based on dynamic k-means clustering Download PDF

Info

Publication number
CN108076060B
CN108076060B CN201711361681.4A CN201711361681A CN108076060B CN 108076060 B CN108076060 B CN 108076060B CN 201711361681 A CN201711361681 A CN 201711361681A CN 108076060 B CN108076060 B CN 108076060B
Authority
CN
China
Prior art keywords
network
situation
neural network
security
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711361681.4A
Other languages
Chinese (zh)
Other versions
CN108076060A (en
Inventor
刘意先
魏雅娟
王佩
范九伦
郑茗化
焦瑞芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian University of Posts and Telecommunications
Original Assignee
Xian University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian University of Posts and Telecommunications filed Critical Xian University of Posts and Telecommunications
Priority to CN201711361681.4A priority Critical patent/CN108076060B/en
Publication of CN108076060A publication Critical patent/CN108076060A/en
Application granted granted Critical
Publication of CN108076060B publication Critical patent/CN108076060B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • G06F18/232Non-hierarchical techniques
    • G06F18/2321Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions
    • G06F18/23213Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions with fixed number of clusters, e.g. K-means clustering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/147Network analysis or design for predicting network behaviour
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Mining & Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Molecular Biology (AREA)
  • Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Biophysics (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Probability & Statistics with Applications (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Biomedical Technology (AREA)

Abstract

The neural network situation prediction method based on the dynamic k-means clustering comprises the following steps: 1) collecting network security basic data of a certain system, wherein data indexes are the number of hosts infected with network viruses, the number of tampered networks, the number of networks implanted into a backdoor, the number of security event reports, the number of counterfeit pages, and the number of security holes and high-risk holes, and normalizing the network security basic data; 2) clustering the normalized network security basic data by using a dynamic k-means clustering algorithm, and determining the parameters and the number N of central neurons of the RBF neural network; 3) using the normalized data to participate in RBF neural network training, calculating the width of RBF neurons and determining neuron output; 4) in the training process, the output weight of the RBF neural network is encoded, and the optimal weight is obtained by using a PSO algorithm, so that the prediction precision of the network situation is improved; 5) predicting the network situation of a month by using the trained RBF neural network, comparing the predicted network situation with the estimated value of the network situation of the month, and calculating an error; the method has the characteristic of high prediction precision.

Description

Neural network situation prediction method based on dynamic k-means clustering
Technical Field
The invention belongs to the technical field of network situation prediction, and particularly relates to a neural network situation prediction method based on dynamic k-means clustering.
Background
The increasingly complex network environment and unpredictable network security vulnerabilities make network management efforts exceptionally laborious. In recent years, the emergence of network situation prediction technology facilitates network management work by collecting and processing information of security elements (such as vulnerability information, the number of hosts infected with viruses, and the like) on the bottom layer of a system. The network situation prediction technology can not only provide data analysis for the security situation of the future network, but also help a network manager to make management decisions in advance, so that the network anti-attack capability of the system in which the network situation prediction technology is located is improved, and the probability of occurrence of unsafe events is reduced. Therefore, the network situation prediction technology is a topic that needs to be researched urgently nowadays.
Bass et al originally proposed the concept of network situation awareness in 2000, and summarized the basic concept, target and related characteristics of network situation awareness. But how to acquire, understand and apply the network security situation information and predict the future network development trend are not described.
SrihariR provides a concept-based network situation awareness method. And extracting elements of the concept to obtain situation perception information. The method has good effect on extracting the elements, and has the defects that only single invasion attack can be resisted, and the data source is single, so that the situation prediction is not deeply researched.
StephenL proposes a visualization technology of network traffic information based on a three-dimensional space. X, Y, Z three-dimensional coordinates are adopted to depict a network address, a source IP and a port number, and a system based on a rotating cube structure is designed, so that the situation assessment capability is better. However, the method focuses on the visualization research of the current network situation, and the network situation prediction is not involved.
And the LiuZ and the like are combined with the existing element extraction technology, and data are fused by adopting a data mining method, so that the network situation is only evaluated and predicted. The adoption of the data mining technology enables the results of network situation evaluation and prediction to be more accurate, but simultaneously, the problems of dimension explosion, slow algorithm operation and the like are caused by excessive redundant data and excessive calculation complexity.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention aims to provide a neural network situation prediction method based on dynamic k-means clustering, which is more accurate than the traditional neural network situation prediction method.
In order to achieve the purpose, the invention adopts the technical scheme that: the neural network situation prediction method based on the dynamic k-means clustering comprises the following steps:
step 1, collecting network security basic data of a certain system within half a year, wherein data indexes are the number of infected network virus hosts, the number of tampered networks, the number of networks implanted into a backdoor, the number of security event reports, the number of counterfeit pages, the number of security holes and high-risk holes, and carrying out normalization processing on the network security basic data to ensure that the value of the network security basic data is normalized within the range of [0,1 ];
step 2, utilizing a dynamic k-means clustering algorithm to normalize the normalized network security basic data X ═ X1,x2,…,xn]TClustering is carried out to determine the central neuron parameter C of the RBF neural networkj=[cj1,cj2,…,cjn]TAnd the number n; n represents the number of cluster centers of the same LAN, and j represents different LANs.
Step 3, using the normalized network security basic data to participate in RBF neural network training and calculating the width D of RBF neuronsj=[dj1,dj2,…,djn],
Figure GDA0002742913350000021
dfThe width adjustment coefficient is evaluated to be less than 1, and the neuron output z is determinedj
Figure GDA0002742913350000022
Step 4, in the training process, using a PSO algorithm to obtain an output weight W of the RBF neural network as [ omega ]12,…,ωp]TP represents the total number of weight coefficients, so that the network situation prediction precision is improved;
step 5, predicting the network situation of a month by using the trained RBF neural network,
Figure GDA0002742913350000023
and comparing with the evaluation value of the network situation in the current month, wherein the evaluation value of the network situation in the current month is obtained by evaluating and scoring each index by referring to the CVSS standard and randomly selecting 10 network security experts and taking the average value of the indexes, calculating the error according to the following formula,
Figure GDA0002742913350000024
the MSE can evaluate the change degree of data, and the smaller the value of the MSE is, the better accuracy of the prediction model describing the experimental data is shown, wherein y in the formulaiA state of charge evaluation value is represented,
Figure GDA0002742913350000025
the situation prediction value is shown, and a represents the total number of situation evaluation values.
The invention has the beneficial effects that:
compared with the prior art, the invention discovers that the application of the dynamic k-means clustering algorithm and the particle swarm optimization algorithm in the neural network is combined by analyzing the predicted value and the prediction error of the algorithm, and the network situation prediction precision is obviously improved. Therefore, the invention has application prospect.
The method is based on an RBF (radial basis function) neural network, and a network situation prediction method based on a dynamic k-means algorithm combined with a Particle Swarm Optimization (PSO) algorithm is provided, the dynamic k-means clustering algorithm overcomes the defect of artificially determining initial clustering centers, and the method for dynamically adjusting the clustering centers is adopted, so that the mutual distance between the initial clustering centers is as far as possible, and the network center selection of the RBF is more accurate. The Particle Swarm Optimization (PSO) algorithm aims at selecting the most appropriate RBF weights.
A network environment is set up for simulation, and analysis finds that compared with the traditional RBF neural network for predicting the network situation, the prediction accuracy of the algorithm is improved. Therefore, the algorithm provided by the invention has certain feasibility and effectiveness in network situation prediction.
Drawings
Fig. 1(a) CNVD counts the number of network virus hosts infected in the last half of 2017.
Fig. 1(b) CNVD counts a graph of network security vulnerabilities and high-risk vulnerabilities in the last half of 2017.
FIG. 2 is a Particle Swarm Optimization (PSO) flow chart.
Fig. 3 is a schematic structural diagram of an RBF neural network.
FIG. 4 is a topological structure diagram of an experimental environment of the present invention.
FIG. 5 is a comparison graph of predicted values of the algorithm of the present invention and the conventional algorithm.
FIG. 6 is a comparison graph of the prediction error of the algorithm of the present invention and the conventional algorithm.
Detailed Description
The structural and operational principles of the present invention are explained in further detail below with reference to the accompanying drawings and examples.
The local area network built for the laboratory in the experimental environment built by the embodiment comprises a plurality of hosts, routers, a firewall and a switch. The host is configured as an Intel (R) core (TM) i7-4790 CPU 3.60GHz, 8.00GB memory, 64-bit operating system.
Both normal users and attackers can access the hosts within the local area network. Selecting a plurality of hosts in a local area network for attack, wherein the attack means is as follows:
injecting CVE-2016-9732, CVE-2016-2979 and CVE-2016-2973 bugs to perform cross-site scripting attack on the host.
Injecting CVE-2016-2299, CVE-2016-4040 and CVE-2016-3172 bugs to carry out SQL injection attack on the host.
Injecting CVE-2017 and 10804 loopholes to obtain the privacy information of the host user.
The method comprises the steps of detecting and analyzing a local area network by using burpsuit and WireShark software, obtaining the number of infected network virus hosts, the number of tampered networks, the number of implanted backdoors and basic data of security vulnerabilities and high-risk vulnerabilities when the local area network is attacked within one year, and taking the basic data as a research foundation. As shown in fig. 4, which is an experimental environment topology, only a portion of the hosts are shown due to the limited space topology. Table 1 is a table for collecting monthly basic network security data of the constructed lan within one year.
TABLE 1 network Security basic data sample
Figure GDA0002742913350000031
The neural network situation prediction method based on the dynamic k-means clustering comprises the following steps:
step 1, collecting network security basic data of a certain system within half a year, wherein data indexes are the number of infected network virus hosts, the number of tampered networks, the number of networks implanted into a backdoor, the number of security event reports, the number of counterfeit pages, the number of security holes and high-risk holes, and carrying out normalization processing on the network security basic data to ensure that the value of the network security basic data is normalized within the range of [0,1 ];
step 2, utilizing a dynamic k-means clustering algorithm to normalize the normalized network security basic data X ═ X1,x2,…,xn]TClustering is carried out to determine the central neuron parameter C of the RBF neural networkj=[cj1,cj2,…,cjn]TAnd the number n; n represents the number of cluster centers of the same LAN, and j represents different LANs.
Step 3, using the normalized network security basic data to participate in RBF neural network training and calculating the width D of RBF neuronsj=[dj1,dj2,…,djn],
Figure GDA0002742913350000041
dfThe width adjustment coefficient is evaluated to be less than 1, and the neuron output z is determinedj
Figure GDA0002742913350000042
Step 4, in the training process, using a PSO algorithm to obtain an output weight W of the RBF neural network as [ omega ]12,…,ωp]TP represents the total number of weight coefficients, so that the network situation prediction precision is improved;
step 5, makePredicting the network situation of a month by using the trained RBF neural network,
Figure GDA0002742913350000043
and comparing with the evaluation value of the network situation in the current month, wherein the evaluation value of the network situation in the current month is obtained by evaluating and scoring each index by referring to the CVSS standard and randomly selecting 10 network security experts and taking the average value of the indexes, calculating the error according to the following formula,
Figure GDA0002742913350000044
the MSE can evaluate the change degree of data, and the smaller the value of the MSE is, the better accuracy of the prediction model describing the experimental data is shown, wherein y in the formulaiA state of charge evaluation value is represented,
Figure GDA0002742913350000045
the situation prediction value is shown, and a represents the total number of situation evaluation values.
Table 2 network situation level table under CVSS standard
Figure GDA0002742913350000046
Fig. 1(a) is a graph of the number of hosts infected with network viruses in the last half year of 2017 counted by the CNVD, and fig. 1(b) is a graph of the number of network security vulnerabilities and high-risk vulnerabilities in the last half year of 2017 counted by the CNVD, respectively.
A national information security vulnerability sharing platform (CNVD) is an information security vulnerability information sharing knowledge base which is commonly established by a national computer network emergency technology processing coordination center in combination with domestic important information system units, basic telecommunication operators, network security manufacturers and the like.
The CNVD refers to CVSS (universal vulnerability scoring system) evaluation criteria for setting of network security levels. And (3) dividing the security level of the network security situation into 5 levels by combining the key element characteristics of network threats, vulnerabilities and the like, wherein the 5 levels are respectively safe, slight danger, general danger, moderate danger and high danger, and the equivalent description is carried out by using numerical values in the interval of [0,1 ]. The network situation levels under the CVSS standard are shown in table 1.
The basic information mainly collected by the CNVD comprises the number of infected network virus hosts, the number of tampered networks, the number of implanted backdoor networks, the number of counterfeit pages, the number of security event reports, and the number of security vulnerabilities and high-risk vulnerabilities. The basic data of the system collected by the simulation experiment are the above seven types.
The characteristic parameters of each index often have different dimensions and physical meanings. If the data directly participate in the network situation prediction operation, unpredictable errors can be caused by the data with different physical units, and the situation prediction fails. Therefore, according to actual needs, the situation evaluation index is normalized, interference of a data physical unit is removed, and a data value is normalized in a range of [0,1 ]. The index initialization formula is as follows:
Figure GDA0002742913350000051
wherein: x is the number ofiRepresenting a data value, xmaxDenotes the numerical upper limit, xminRepresents the lower numerical limit.
By collecting the half-year basic information in the local area network (see fig. 4) built by the embodiment, the PSO-RBF neural network in the algorithm is used for training, and finally the situation of the local area network is predicted.
The experimental analysis is compared with the traditional RBF neural network prediction algorithm. The comparison includes a predicted value and a prediction error. Where the prediction error is evaluated using Mean Square Error (MSE). Table 3 compares the predicted output and true value of the present algorithm with the conventional algorithm. Fig. 5 and 6 are a predicted value comparison graph and a prediction error comparison graph of the algorithm and the conventional algorithm, respectively.
The mean square error is the expected value of the square of the difference between the estimated value of the parameter and the true value of the parameter. The MSE can evaluate the change degree of the data, and the smaller the value of the MSE is, the better the accuracy of the prediction model for describing the experimental data is. The expression is as follows:
Figure GDA0002742913350000052
in the formula yiThe true value of the situation is represented,
Figure GDA0002742913350000053
the situation prediction value is shown, and a represents the total number of situation evaluation values.
TABLE 3 comparison of predicted output and true value of the present algorithm with conventional algorithms
Figure GDA0002742913350000061
Through analysis and discovery of a predicted value and a prediction error of the algorithm, the application of the dynamic k-means clustering algorithm and the particle swarm optimization algorithm in the neural network is combined, and the prediction precision of the network situation is obviously improved. Therefore, the algorithm of the invention can be expected to have a certain application prospect.
Referring to fig. 2, fig. 2 is a flow chart of Particle Swarm Optimization (PSO) algorithm.
Particle swarm optimization algorithm
The Particle Swarm Optimization (PSO) algorithm belongs to one of swarm intelligence algorithms and is designed by simulating the predation behavior of a bird swarm.
Particle swarm optimization simulates birds in a flock of birds by designing a particle that has only two attributes, velocity and position. Each particle independently searches the optimal solution in the search space to obtain the current individual extreme value PbestAnd sharing the extreme value with other particles in the whole particle swarm to find out the optimal individual extreme value as the current global optimal solution G of the whole particle swarmbest. All particles in the population are according to PbestAnd GbestAdjusting the speed and position of the device. The algorithm steps and expressions are as follows:
particle swarm initialization
The maximum speed interval needs to be set, the position information is the whole search space, and the speed and the position are initialized randomly. The population size m is set.
Individual extrema and global optimum solution
And the individual extreme value is historical optimal position information found for each particle, a global optimal solution is found from the individual historical optimal solutions, and the global optimal solution is compared with the historical optimal solution to select the optimal solution as the current historical optimal solution.
Update speed and position formula
a. Velocity update formula:
Vid=ωVid+C1random(0,1)(Pid-Xid)+C2random(0,1)(Pgd-Xid)
where ω is called the inertia factor, C1And C2Called the acceleration constant, and is generally taken as C1=C2∈[0,4]. random (0,1) indicates the interval is [0,1]]The random number of (2). PidRepresenting the individual extremum of the ith variable in the d-dimension. PgdRepresenting a globally optimal solution in the d-dimension.
b. Location update formula:
Xid=Xid+Vid
(iv) end conditions
The termination conditions are divided into two categories, one is the maximum number of iterations: gmax(ii) a Secondly, the error between two adjacent generations stops within a specified range. The second termination condition is used herein.
Referring to fig. 3, fig. 3 is a schematic structural diagram of an RBF neural network, wherein, in order to be suitable for situation prediction, the RBF neural network used in the present invention includes m input nodes, n hidden nodes, and l output nodes, and the full response function is a gaussian function. The expression and calculation method of each parameter are as follows:
determining an input vector X:
X=[x1,x2,...,xn]Tand n is the number of input layer units. From the first section, the number of input vectors is 7.
Initializing the connection weight from the hidden layer to the output layer:
W=[ω12,…,ωp]T(p ═ 1, 2.., n), where p is the number of hidden layer elements. The initialization and selection of connection weights is determined by a particle swarm optimization algorithm (PSO).
Determining the neuron center parameters of the hidden layer:
Cj=[cj1,cj2,…,cjn]Tand n is the number of neuron centers. The centers of different hidden layer neurons should have different values, and the corresponding widths of the centers can be adjusted, so that different input information characteristics can be maximally reflected by the different hidden layer neurons. Determining neural network center C using a dynamic k-means clustering algorithm hereinji
Fourthly, initializing width vector Dj=[dj1,dj2,...,djn](n is the number of neuron centers), which is defined as follows:
Figure GDA0002742913350000071
wherein d isfThe width adjustment coefficient is less than 1, and has the effect that each neuron can easily realize the sensing capability on local information, thereby being beneficial to improving the local response capability of the RBF neural network.
The width vector affects the range of action of the neuron on the input information: the smaller the width, the narrower the shape of the corresponding hidden layer neuron's action function, the smaller the response of information near the center of other neurons at that neuron
Fifthly, calculating the output value z of the jth neuron of the hidden layerjIt is defined as follows:
Figure GDA0002742913350000072
wherein C isjIs the central vector of the jth neuron of the hidden layer, DjFor the jth neuron width vector of the hidden layer, and CjCorrespondingly, | | | is the euclidean norm.
Output of output layer neurons:
Figure GDA0002742913350000073
wherein p is the number of weight coefficients.
In addition, the RBF network can control an optimal solution through a fitness function, and the optimization goal is that an error function MSE of the expected output Y' and the actual output Y of the network is minimum, and then an error function E is:
Figure GDA0002742913350000081

Claims (1)

1. the neural network situation prediction method based on the dynamic k-means clustering is characterized by comprising the following steps of:
step 1, collecting network security basic data of a certain system within half a year, wherein data indexes are the number of infected network virus hosts, the number of tampered networks, the number of networks implanted into a backdoor, the number of security event reports, the number of counterfeit pages, the number of security holes and high-risk holes, and carrying out normalization processing on the network security basic data to ensure that the value of the network security basic data is normalized within the range of [0,1 ];
step 2, utilizing a dynamic k-means clustering algorithm to normalize the normalized network security basic data X ═ X1,x2,...,xn]TClustering is carried out to determine the central neuron parameter C of the RBF neural networkj=[cj1,cj2,…,cjn]TAnd n, wherein n represents the number of the clustering centers of the same local area network, and j represents different local area networks;
step 3, using the normalized network security basic data to participate in RBF neural network training and calculating the width D of RBF neuronsj=[dj1,dj2,...,djn],
Figure FDA0002742913340000011
dfThe width adjustment coefficient is evaluated to be less than 1, and the neuron output z is determinedj
Figure FDA0002742913340000012
Step 4, in the training process, using a PSO algorithm to obtain an output weight W of the RBF neural network as [ W [ [ W ]1,w2,…,wp]TP represents the total number of weight coefficients, so that the network situation prediction precision is improved;
step 5, predicting the network situation of a month by using the trained RBF neural network,
Figure FDA0002742913340000021
and comparing with the evaluation value of the network situation in the current month, wherein the evaluation value of the network situation in the current month is obtained by evaluating and scoring each index by referring to the CVSS standard and randomly selecting 10 network security experts and taking the average value of the indexes, calculating the error according to the following formula,
Figure FDA0002742913340000022
the MSE can evaluate the change degree of data, and the smaller the value of the MSE is, the better accuracy of the prediction model describing the experimental data is shown, wherein y in the formulaiA state of charge evaluation value is represented,
Figure FDA0002742913340000023
the situation prediction value is shown, and a represents the total number of situation evaluation values.
CN201711361681.4A 2017-12-18 2017-12-18 Neural network situation prediction method based on dynamic k-means clustering Active CN108076060B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711361681.4A CN108076060B (en) 2017-12-18 2017-12-18 Neural network situation prediction method based on dynamic k-means clustering

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711361681.4A CN108076060B (en) 2017-12-18 2017-12-18 Neural network situation prediction method based on dynamic k-means clustering

Publications (2)

Publication Number Publication Date
CN108076060A CN108076060A (en) 2018-05-25
CN108076060B true CN108076060B (en) 2020-12-08

Family

ID=62158864

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711361681.4A Active CN108076060B (en) 2017-12-18 2017-12-18 Neural network situation prediction method based on dynamic k-means clustering

Country Status (1)

Country Link
CN (1) CN108076060B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109856530B (en) * 2018-12-25 2021-11-02 国网江苏省电力有限公司南京供电分公司 On-load tap-changer on-line monitoring fault diagnosis method
CN110276476A (en) * 2019-05-27 2019-09-24 南京信息工程大学 A kind of automobile engine smoke intensity prediction technique based on PSO-RBF neural network
CN110855467B (en) * 2019-08-19 2022-02-08 中国电子科技集团公司第三十研究所 Network comprehensive situation prediction method based on computer vision technology
CN110796237B (en) * 2019-10-28 2023-04-07 宁夏吉虎科技有限公司 Method and device for detecting attack resistance of deep neural network
CN111474490B (en) * 2020-04-09 2022-06-24 北方工业大学 Rapid screening method for batteries used in echelon
CN111242291A (en) * 2020-04-24 2020-06-05 支付宝(杭州)信息技术有限公司 Neural network backdoor attack detection method and device and electronic equipment
CN112291098B (en) * 2020-10-30 2023-05-02 北京源堡科技有限公司 Network security risk prediction method and related device thereof
CN113364742B (en) * 2021-05-17 2022-10-11 北京邮电大学 Quantitative elastic calculation method and device for network security threat
CN117254981B (en) * 2023-11-17 2024-02-02 长扬科技(北京)股份有限公司 Industrial control network security situation prediction method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1367534A3 (en) * 2002-05-30 2008-07-02 L'oreal Method involving artificial intelligence
CN106339357A (en) * 2016-08-12 2017-01-18 北京同余科技有限公司 Optimizing parameterized network information security detection system and method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1367534A3 (en) * 2002-05-30 2008-07-02 L'oreal Method involving artificial intelligence
CN106339357A (en) * 2016-08-12 2017-01-18 北京同余科技有限公司 Optimizing parameterized network information security detection system and method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于动态聚类算法的IRC 僵尸网络检测;刘建波;《哈尔滨商业大学学报( 自然科学版)》;20111031;第27卷(第5期);713-716 *
基于混沌PSO算法优化RBF网络入侵检测模型;王亚等;《计算机工程与应用》;20130531;第49卷(第10期);84-87 *

Also Published As

Publication number Publication date
CN108076060A (en) 2018-05-25

Similar Documents

Publication Publication Date Title
CN108076060B (en) Neural network situation prediction method based on dynamic k-means clustering
Miehling et al. A POMDP approach to the dynamic defense of large-scale cyber networks
Hu et al. Online adaboost-based parameterized methods for dynamic distributed network intrusion detection
CN112766343B (en) Network security situation assessment method based on improved WOA-SVM
Hassan et al. An improved binary manta ray foraging optimization algorithm based feature selection and random forest classifier for network intrusion detection
CN111709022B (en) Hybrid alarm association method based on AP clustering and causal relationship
Yin et al. Towards accurate intrusion detection based on improved clonal selection algorithm
CN114301712A (en) Industrial internet alarm log correlation analysis method and system based on graph method
Song et al. A method of intrusion detection based on woa-xgboost algorithm
CN108769001A (en) Malicious code detecting method based on the analysis of network behavior feature clustering
Chen et al. An effective metaheuristic algorithm for intrusion detection system
Nadiammai et al. An evaluation of clustering technique over intrusion detection system
CN114037145B (en) Network security situation prediction method and system
Ensafi et al. Optimizing fuzzy k-means for network anomaly detection using pso
Ravipati et al. A survey on different machine learning algorithms and weak classifiers based on KDD and NSL-KDD datasets
Wang et al. Network intrusion detection method based on improved CNN in Internet of Things environment
KR102085415B1 (en) Method and Apparatus of Intrusion Detection for Wi-Fi Network Based on Weight-Selected Neural Networks
Fries Classification of network traffic using fuzzy clustering for network security
De-La-Hoz-Franco et al. Implementation of an intrusion detection system based on self organizing map
Sunita et al. A hybrid approach of intrusion detection using ANN and FCM
Zhao et al. Hybrid intrusion detection method based on improved bisecting k-means in cloud computing
Adil et al. An Improved Intrusion Detection Approach using Synthetic Minority Over-Sampling Technique and Deep Belief Network.
Tajari Siahmarzkooh et al. A Novel Anomaly-based Intrusion Detection System using Whale Optimization Algorithm WOA-Based Intrusion Detection System
Liu A computer network intrusion detection technology based on improved neural network algorithm
Borah et al. Towards the development of an efficient intrusion detection system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant