CN106845239A - A kind of operating system real-time alert method based on intelligence learning algorithm - Google Patents
A kind of operating system real-time alert method based on intelligence learning algorithm Download PDFInfo
- Publication number
- CN106845239A CN106845239A CN201710107736.2A CN201710107736A CN106845239A CN 106845239 A CN106845239 A CN 106845239A CN 201710107736 A CN201710107736 A CN 201710107736A CN 106845239 A CN106845239 A CN 106845239A
- Authority
- CN
- China
- Prior art keywords
- particle
- learning algorithm
- file
- time
- operating system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Biomedical Technology (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- Evolutionary Computation (AREA)
- Data Mining & Analysis (AREA)
- Mathematical Physics (AREA)
- Computational Linguistics (AREA)
- Biophysics (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Virology (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention be more particularly directed to a kind of operating system real-time alert method based on intelligence learning algorithm.This is based on the operating system real-time alert method of intelligence learning algorithm, conventional particle group's algorithm is improved, random particle and random weights are with the addition of to ensure the verisimilitude of population, with the addition of memory technique and ensure that particle does not walk overlapping route and namely avoids local deadlock, improve success rate, intelligent deployment is realized, the file directory protection attacked will be most susceptible to;And the different Particle Swarm Optimization Models of different parameter correspondence, improve ageing, realize the function of real-time detecting system modification.
Description
Technical field
The present invention relates to computer security technique field, more particularly to a kind of operating system reality based on intelligence learning algorithm
When alarming method.
Background technology
Along with developing rapidly for information technology, the scope and dynamics of network attack or host machine attack continuing to increase,
From network AP P to personal document, from server to terminal personal-machine all the time not in the case where being the shrouding of network attack.
There are thousands of files below operating system, many users have a smattering of or know little about it to these files,
The change of many files is that one kind of system is attacked, and different degrees of loss is caused to user.
Artificial threat is the artificial attack to network information system, by the weakness of searching system, is reached with unauthorized ways
To destroying, cheat and steal the purposes such as data message.Both compare, well-designed artificial attack threatens hardly possible to guard against, species is more,
Quantity is big.From the destructiveness to information, attack type can be divided into passive attack and active attack.
Many anti-virus tools or security bundle are all timing detections at present, although regular check is also capable of detecting when to attack
The fact that, but real-time effect is sometimes regularly unable to reach, the loss for causing is also completely different.Such as:It is fixed
When antivirus or timing scan can only have under the operation of user to property go search virus, it is impossible to reply may send out at any time
, there are very big security breaches, the great hidden danger of the security presence of operating system and the network information in raw attack and threat.
In order to solve the above problems, it is capable of the safety of real-time monitoring operating system, the present invention proposes a kind of based on intelligence
The operating system real-time alert method of learning algorithm.
The content of the invention
A kind of defect in order to make up prior art of the invention, there is provided simple efficient behaviour based on intelligence learning algorithm
Make system real-time alert method.
The present invention is achieved through the following technical solutions:
A kind of operating system real-time alert method based on intelligence learning algorithm, it is characterised in that comprise the following steps:
(1) file system of the operating system according to user, is analyzed to the file that system file and user operate, and leads to
Cross particle group optimizing learning algorithm, predict the access probability in same time period, by when commonly used file and system level
File classified, collect in each time period and be easily accessed for file directory, finally draw be subject to attack text
Part catalogue;
(2) according to the time period threshold value of input, locking is subject to the file directory attacked in the correspondence time period;
(3) optimal value of virtual particle operation is calculated using particle group optimizing learning algorithm, and judges whether population is received
Hold back;
If particle power does not restrain, return to step (1), continue to optimize;If population restrains, in particle group optimizing study
The optimal path of particle in living document detection function dynamic learning process is added in algorithm, judgement is subject to the file attacked
In catalogue and whether file therein is changed;
(4) file directory for being subject to attack for drawing and file therein are protected, once judge to find to hold
It is subject to file directory under fire or file therein is changed, real-time report realizes Real-time Alarm to user at once.
The particle group optimizing learning algorithm is improved conventional particle colony optimization algorithm, by 24 hours of one day
It is divided into n time period, the frequency used file under certain path in each time period is particle, through after a while
Practise, obtain out each time period domestic demand document to be protected catalogue.
N is no more than 24 natural number.
More excellent, n is 8, and 8 time periods were divided into by 24 hours, 3 hours each time periods.
More excellent, n is 12, and 12 time periods were divided into by 24 hours, 2 hours each time periods.
The particle group optimizing learning algorithm introduces memory technique, to ensure that when study the road of repetition will not be walked
Line, i.e., the route oneself passed by;Current location and velocity optimal particle during particle follows colony in the optimization process and move,
And through by for obtaining optimal solution after iterative search;In each generation, Particle tracking finds so far in itself optimal solution pbest and so far
The optimal solution gbest that the present is found is scanned for;If it was found that current particle is not that to walk in optimal particle or discovery learning is weight
Multiple route is then reinitialized.
In the particle group optimizing learning algorithm, the computing formula of particle current location is:
Present [i]=present [i-1]+v [i-1];
Wherein present [i] is particle current location, and present [i-1] is the position of the last particle for measuring, v
[i-1] is the speed of the last particle for measuring.
In the particle group optimizing learning algorithm, the computing formula of particle rapidity is:
V []=w × v []+c1 × rand1 () × (pbest []-present [])+c2 × random2 () ×
(gbest[ ]-present[ ])
+random(v);
Wherein c1, c2 are constant 2, and random () takes the random number between (0,1), and rand () learns for particle group optimizing
The increased random value of algorithm, is used to ensure the verisimilitude of particle group velocity, and w is random weights.
The beneficial effects of the invention are as follows:This is based on the operating system real-time alert method of intelligence learning algorithm, to traditional grain
Swarm optimization is improved, and with the addition of random particle and random weights to ensure the verisimilitude of population, with the addition of note
Recall technology and ensure that particle does not walk overlapping route and namely avoids local deadlock, improve success rate, realize intelligent deployment,
The file directory protection attacked will be most susceptible to;And the different corresponding different Particle Swarm Optimization Models of parameter, carry
It is high ageing, realize the function of real-time detecting system modification.
Brief description of the drawings
Accompanying drawing 1 is operating system real-time alert method schematic diagram of the present invention based on intelligence learning algorithm.
Specific embodiment
In order that the technical problems to be solved by the invention, technical scheme and beneficial effect become more apparent, below tie
Drawings and Examples are closed, the present invention will be described in detail.It should be noted that specific embodiment described herein is only used
To explain the present invention, it is not intended to limit the present invention.
Embodiment 1
This is based on the operating system real-time alert method of intelligence learning algorithm, comprises the following steps:
(1) file system of the operating system according to user, is analyzed to the file that system file and user operate, and leads to
Cross particle group optimizing learning algorithm, predict the access probability in same time period, by when commonly used file and system level
File classified, collect in each time period and be easily accessed for file directory, finally draw be subject to attack text
Part catalogue;
(2) according to the time period threshold value of input, locking is subject to the file directory attacked in the correspondence time period;
(3) optimal value of virtual particle operation is calculated using particle group optimizing learning algorithm, and judges whether population is received
Hold back;
If particle power does not restrain, return to step (1), continue to optimize;If population restrains, in particle group optimizing study
The optimal path of particle in living document detection function dynamic learning process is added in algorithm, judgement is subject to the file attacked
In catalogue and whether file therein is changed;
(4) file directory for being subject to attack for drawing and file therein are protected, once judge to find to hold
It is subject to file directory under fire or file therein is changed, real-time report realizes Real-time Alarm to user at once.
The particle group optimizing learning algorithm is improved conventional particle colony optimization algorithm, by 24 hours of one day
It is divided into 8 time periods, 3 hours each time periods.The frequency used file under certain path in each time period is particle, warp
Study after a while, obtains out each time period domestic demand document to be protected catalogue.
The particle group optimizing learning algorithm introduces memory technique, to ensure that when study the road of repetition will not be walked
Line, i.e., the route oneself passed by;Current location and velocity optimal particle during particle follows colony in the optimization process and move,
And through by for obtaining optimal solution after iterative search;In each generation, Particle tracking finds so far in itself optimal solution pbest and so far
The optimal solution gbest that the present is found is scanned for;If it was found that current particle is not that to walk in optimal particle or discovery learning is weight
Multiple route is then reinitialized.
In the particle group optimizing learning algorithm, the computing formula of particle current location is:
Present [i]=present [i-1]+v [i-1];
Wherein present [i] is particle current location, and present [i-1] is the position of the last particle for measuring, v
[i-1] is the speed of the last particle for measuring.
In the particle group optimizing learning algorithm, the computing formula of particle rapidity is:
V []=w × v []+c1 × rand1 () × (pbest []-present [])+c2 × random2 () ×
(gbest[ ]-present[ ])
+random(v);
Wherein c1, c2 are constant 2, and random () takes the random number between (0,1), and rand () learns for particle group optimizing
The increased random value of algorithm, is used to ensure the verisimilitude of particle group velocity, and w is random weights.
Improved particle group optimizing learning algorithm is recorded a demerit without the final calculating for directly quoting algorithm, but is constantly used
Optimal path in dynamic learning process, this is the use part for being different from traditional algorithm.This is based on intelligence learning algorithm
In operating system real-time alert method, particle group optimizing learning algorithm just calculate finally without when all particles all flocks together
As a result, but when a certain position is reached, particle group optimizing learning algorithm terminates, and now user takes most preferably according to orientation
Result.
Embodiment 2
On the basis of embodiment 1, the particle group optimizing learning algorithm is changed to conventional particle colony optimization algorithm
Enter, 12 time periods were divided into by 24 hours, 2 hours each time periods.File under certain path is used in each time period
Frequency be particle, through study after a while, obtain out each time period domestic demand document to be protected catalogue.
Embodiment 3
On the basis of embodiment 1, the particle group optimizing learning algorithm is changed to conventional particle colony optimization algorithm
Enter, 6 time periods were divided into by 24 hours, 4 hours each time periods.File under certain path is used in each time period
Frequency is particle, through study after a while, obtains out each time period domestic demand document to be protected catalogue.
Embodiment 4
On the basis of embodiment 1, the particle group optimizing learning algorithm is changed to conventional particle colony optimization algorithm
Enter, 24 time periods were divided into by 24 hours, 1 hour each time period.File under certain path is used in each time period
Frequency be particle, through study after a while, obtain out each time period domestic demand document to be protected catalogue.
Embodiment 5
On the basis of embodiment 1, the particle group optimizing learning algorithm is changed to conventional particle colony optimization algorithm
Enter, 4 time periods were divided into by 24 hours, 6 hours each time periods.File under certain path is used in each time period
Frequency is particle, through study after a while, obtains out each time period domestic demand document to be protected catalogue.
Embodiment 6
On the basis of embodiment 1, the particle group optimizing learning algorithm is changed to conventional particle colony optimization algorithm
Enter, 3 time periods were divided into by 24 hours, 8 hours each time periods.File under certain path is used in each time period
Frequency is particle, through study after a while, obtains out each time period domestic demand document to be protected catalogue.
Embodiment 7
On the basis of embodiment 1, the particle group optimizing learning algorithm is changed to conventional particle colony optimization algorithm
Enter, 2 time periods were divided into by 24 hours, 12 hours each time periods.File under certain path is used in each time period
Frequency be particle, through study after a while, obtain out each time period domestic demand document to be protected catalogue.
Claims (8)
1. a kind of operating system real-time alert method based on intelligence learning algorithm, it is characterised in that comprise the following steps:
(1) file system of the operating system according to user, is analyzed, by grain to the file that system file and user operate
Subgroup optimized learning algorithm, predicts access probability in same time period, by when commonly used file and system level text
Part is classified, and is collected in each time period and is easily accessed for file directory, finally draws the file mesh for being subject to attack
Record;
(2) according to the time period threshold value of input, locking is subject to the file directory attacked in the correspondence time period;
(3) optimal value of virtual particle operation is calculated using particle group optimizing learning algorithm, and judges whether population restrains;If
Particle power does not restrain, then return to step (1), continues to optimize;If population restrains, added in particle group optimizing learning algorithm
Living document detection function dynamic learning process in particle optimal path, judgement be subject to attack file directory in and its
In file whether changed;
(4) file directory for being subject to attack for drawing and file therein are protected, once judge to find easily to meet with
File directory or file therein under fire is changed, and real-time report realizes Real-time Alarm to user at once.
2. the operating system real-time alert method based on intelligence learning algorithm according to claim 1, it is characterised in that:Institute
State particle group optimizing learning algorithm to improve conventional particle colony optimization algorithm, when being divided into n by 24 hours of one day
Between section, the frequency used file under certain path in each time period is particle, through study after a while, obtains out every
Individual time period domestic demand document to be protected catalogue.
3. the operating system real-time alert method based on intelligence learning algorithm according to claim 2, it is characterised in that:n
To be not more than 24 natural number.
4. the operating system real-time alert method based on intelligence learning algorithm according to claim 3, it is characterised in that:n
It is 8,8 time periods was divided into by 24 hours, 3 hours each time periods.
5. the operating system real-time alert method based on intelligence learning algorithm according to claim 3, it is characterised in that:n
It is 12,12 time periods was divided into by 24 hours, 2 hours each time periods.
6. the operating system real-time alert method based on intelligence learning algorithm according to claim 2, it is characterised in that:Institute
State particle group optimizing learning algorithm and introduce memory technique, to ensure that when study the route of repetition will not be walked, i.e., oneself
The route passed by;Current location and velocity optimal particle during particle follows colony in the optimization process and move, and through by generation
Optimal solution is obtained after iterative search;In each generation, Particle tracking finds so far optimal solution pbest in itself and find so far
Optimal solution gbest is scanned for;If it was found that current particle is not that to walk in optimal particle or discovery learning is the route for repeating
Then reinitialize.
7. the operating system real-time alert method based on intelligence learning algorithm according to claim 6, it is characterised in that:Institute
State in particle group optimizing learning algorithm, the computing formula of particle current location is:
Present [i]=present [i-1]+v [i-1];
Wherein present [i] is particle current location, and present [i-1] is the position of the last particle for measuring, v [i-1]
It is the speed of the particle that the last time measures.
8. the operating system real-time alert method based on intelligence learning algorithm according to claim 6, it is characterised in that:Institute
State in particle group optimizing learning algorithm, the computing formula of particle rapidity is:
V []=w × v []+c1 × rand1 () × (pbest []-present [])+c2 × random2 () × (gbest []-
present[])+random(v);
Wherein c1, c2 are constant 2, and random () takes the random number between (0,1), and rand () is particle group optimizing learning algorithm
Increased random value, is used to ensure the verisimilitude of particle group velocity, and w is random weights.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710107736.2A CN106845239A (en) | 2017-02-27 | 2017-02-27 | A kind of operating system real-time alert method based on intelligence learning algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710107736.2A CN106845239A (en) | 2017-02-27 | 2017-02-27 | A kind of operating system real-time alert method based on intelligence learning algorithm |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106845239A true CN106845239A (en) | 2017-06-13 |
Family
ID=59134271
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710107736.2A Pending CN106845239A (en) | 2017-02-27 | 2017-02-27 | A kind of operating system real-time alert method based on intelligence learning algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106845239A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110677834A (en) * | 2019-07-27 | 2020-01-10 | 广东毓秀科技有限公司 | Rail transit battery state monitoring method based on Internet of things |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103973702A (en) * | 2014-05-23 | 2014-08-06 | 浪潮电子信息产业股份有限公司 | Information security defense rule intelligent deployment method based on improved particle swarm optimization |
CN106203707A (en) * | 2016-07-13 | 2016-12-07 | 浪潮电子信息产业股份有限公司 | A kind of optimum path calculation method based on intellectual learning algorithm |
CN106289293A (en) * | 2016-08-11 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | A kind of city content Position Fixing Navigation System based on intellectual learning algorithm |
-
2017
- 2017-02-27 CN CN201710107736.2A patent/CN106845239A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103973702A (en) * | 2014-05-23 | 2014-08-06 | 浪潮电子信息产业股份有限公司 | Information security defense rule intelligent deployment method based on improved particle swarm optimization |
CN106203707A (en) * | 2016-07-13 | 2016-12-07 | 浪潮电子信息产业股份有限公司 | A kind of optimum path calculation method based on intellectual learning algorithm |
CN106289293A (en) * | 2016-08-11 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | A kind of city content Position Fixing Navigation System based on intellectual learning algorithm |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110677834A (en) * | 2019-07-27 | 2020-01-10 | 广东毓秀科技有限公司 | Rail transit battery state monitoring method based on Internet of things |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Maglaras et al. | Combining ensemble methods and social network metrics for improving accuracy of OCSVM on intrusion detection in SCADA systems | |
Zhu et al. | Alert correlation for extracting attack strategies | |
Rahman et al. | Attacks classification in adaptive intrusion detection using decision tree | |
CN111049680B (en) | Intranet transverse movement detection system and method based on graph representation learning | |
CN106790186A (en) | Multi-step attack detection method based on multi-source anomalous event association analysis | |
Niu et al. | Identifying APT malware domain based on mobile DNS logging | |
Asif et al. | Network intrusion detection and its strategic importance | |
CN110213226A (en) | Associated cyber attack scenarios method for reconstructing and system are recognized based on risk total factor | |
CN108199875A (en) | A kind of Network Intrusion Detection System and method | |
Dhakar et al. | A novel data mining based hybrid intrusion detection framework | |
Krishnan Sadhasivan et al. | A fusion of multiagent functionalities for effective intrusion detection system | |
CN110557397A (en) | DDoS attack detection method based on chaos theory analysis | |
Chauhan et al. | Selection of tree based ensemble classifier for detecting network attacks in IoT | |
Yu | Analyze the worm-based attack in large scale P2P networks | |
Milan et al. | Reducing false alarms in intrusion detection systems–a survey | |
Balan et al. | Hybrid architecture with misuse and anomaly detection techniques for wireless networks | |
CN106845239A (en) | A kind of operating system real-time alert method based on intelligence learning algorithm | |
Yang et al. | Intrusion detection alarm filtering technology based on ant colony clustering algorithm | |
Nagle et al. | Feature Extraction Based Classification Technique for Intrusion Detection System | |
Khor et al. | Comparing single and multiple Bayesian classifiers approaches for network intrusion detection | |
Beng et al. | A comparative study of alert correlations for intrusion detection | |
Tseng et al. | Building a self-organizing phishing model based upon dynamic EMCUD | |
Khor et al. | Forming an optimal feature set for classifying network intrusions involving multiple feature selection methods | |
Kiranmai et al. | Extenuate DDoS attacks in cloud | |
Su et al. | An online response system for anomaly traffic by incremental mining with genetic optimization |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170613 |