CN106845239A - A kind of operating system real-time alert method based on intelligence learning algorithm - Google Patents

A kind of operating system real-time alert method based on intelligence learning algorithm Download PDF

Info

Publication number
CN106845239A
CN106845239A CN201710107736.2A CN201710107736A CN106845239A CN 106845239 A CN106845239 A CN 106845239A CN 201710107736 A CN201710107736 A CN 201710107736A CN 106845239 A CN106845239 A CN 106845239A
Authority
CN
China
Prior art keywords
particle
learning algorithm
file
time
operating system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710107736.2A
Other languages
Chinese (zh)
Inventor
路廷文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201710107736.2A priority Critical patent/CN106845239A/en
Publication of CN106845239A publication Critical patent/CN106845239A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Biomedical Technology (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Evolutionary Computation (AREA)
  • Data Mining & Analysis (AREA)
  • Mathematical Physics (AREA)
  • Computational Linguistics (AREA)
  • Biophysics (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Virology (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention be more particularly directed to a kind of operating system real-time alert method based on intelligence learning algorithm.This is based on the operating system real-time alert method of intelligence learning algorithm, conventional particle group's algorithm is improved, random particle and random weights are with the addition of to ensure the verisimilitude of population, with the addition of memory technique and ensure that particle does not walk overlapping route and namely avoids local deadlock, improve success rate, intelligent deployment is realized, the file directory protection attacked will be most susceptible to;And the different Particle Swarm Optimization Models of different parameter correspondence, improve ageing, realize the function of real-time detecting system modification.

Description

A kind of operating system real-time alert method based on intelligence learning algorithm
Technical field
The present invention relates to computer security technique field, more particularly to a kind of operating system reality based on intelligence learning algorithm When alarming method.
Background technology
Along with developing rapidly for information technology, the scope and dynamics of network attack or host machine attack continuing to increase, From network AP P to personal document, from server to terminal personal-machine all the time not in the case where being the shrouding of network attack.
There are thousands of files below operating system, many users have a smattering of or know little about it to these files, The change of many files is that one kind of system is attacked, and different degrees of loss is caused to user.
Artificial threat is the artificial attack to network information system, by the weakness of searching system, is reached with unauthorized ways To destroying, cheat and steal the purposes such as data message.Both compare, well-designed artificial attack threatens hardly possible to guard against, species is more, Quantity is big.From the destructiveness to information, attack type can be divided into passive attack and active attack.
Many anti-virus tools or security bundle are all timing detections at present, although regular check is also capable of detecting when to attack The fact that, but real-time effect is sometimes regularly unable to reach, the loss for causing is also completely different.Such as:It is fixed When antivirus or timing scan can only have under the operation of user to property go search virus, it is impossible to reply may send out at any time , there are very big security breaches, the great hidden danger of the security presence of operating system and the network information in raw attack and threat.
In order to solve the above problems, it is capable of the safety of real-time monitoring operating system, the present invention proposes a kind of based on intelligence The operating system real-time alert method of learning algorithm.
The content of the invention
A kind of defect in order to make up prior art of the invention, there is provided simple efficient behaviour based on intelligence learning algorithm Make system real-time alert method.
The present invention is achieved through the following technical solutions:
A kind of operating system real-time alert method based on intelligence learning algorithm, it is characterised in that comprise the following steps:
(1) file system of the operating system according to user, is analyzed to the file that system file and user operate, and leads to Cross particle group optimizing learning algorithm, predict the access probability in same time period, by when commonly used file and system level File classified, collect in each time period and be easily accessed for file directory, finally draw be subject to attack text Part catalogue;
(2) according to the time period threshold value of input, locking is subject to the file directory attacked in the correspondence time period;
(3) optimal value of virtual particle operation is calculated using particle group optimizing learning algorithm, and judges whether population is received Hold back;
If particle power does not restrain, return to step (1), continue to optimize;If population restrains, in particle group optimizing study The optimal path of particle in living document detection function dynamic learning process is added in algorithm, judgement is subject to the file attacked In catalogue and whether file therein is changed;
(4) file directory for being subject to attack for drawing and file therein are protected, once judge to find to hold It is subject to file directory under fire or file therein is changed, real-time report realizes Real-time Alarm to user at once.
The particle group optimizing learning algorithm is improved conventional particle colony optimization algorithm, by 24 hours of one day It is divided into n time period, the frequency used file under certain path in each time period is particle, through after a while Practise, obtain out each time period domestic demand document to be protected catalogue.
N is no more than 24 natural number.
More excellent, n is 8, and 8 time periods were divided into by 24 hours, 3 hours each time periods.
More excellent, n is 12, and 12 time periods were divided into by 24 hours, 2 hours each time periods.
The particle group optimizing learning algorithm introduces memory technique, to ensure that when study the road of repetition will not be walked Line, i.e., the route oneself passed by;Current location and velocity optimal particle during particle follows colony in the optimization process and move, And through by for obtaining optimal solution after iterative search;In each generation, Particle tracking finds so far in itself optimal solution pbest and so far The optimal solution gbest that the present is found is scanned for;If it was found that current particle is not that to walk in optimal particle or discovery learning is weight Multiple route is then reinitialized.
In the particle group optimizing learning algorithm, the computing formula of particle current location is:
Present [i]=present [i-1]+v [i-1];
Wherein present [i] is particle current location, and present [i-1] is the position of the last particle for measuring, v [i-1] is the speed of the last particle for measuring.
In the particle group optimizing learning algorithm, the computing formula of particle rapidity is:
V []=w × v []+c1 × rand1 () × (pbest []-present [])+c2 × random2 () × (gbest[ ]-present[ ])
+random(v);
Wherein c1, c2 are constant 2, and random () takes the random number between (0,1), and rand () learns for particle group optimizing The increased random value of algorithm, is used to ensure the verisimilitude of particle group velocity, and w is random weights.
The beneficial effects of the invention are as follows:This is based on the operating system real-time alert method of intelligence learning algorithm, to traditional grain Swarm optimization is improved, and with the addition of random particle and random weights to ensure the verisimilitude of population, with the addition of note Recall technology and ensure that particle does not walk overlapping route and namely avoids local deadlock, improve success rate, realize intelligent deployment, The file directory protection attacked will be most susceptible to;And the different corresponding different Particle Swarm Optimization Models of parameter, carry It is high ageing, realize the function of real-time detecting system modification.
Brief description of the drawings
Accompanying drawing 1 is operating system real-time alert method schematic diagram of the present invention based on intelligence learning algorithm.
Specific embodiment
In order that the technical problems to be solved by the invention, technical scheme and beneficial effect become more apparent, below tie Drawings and Examples are closed, the present invention will be described in detail.It should be noted that specific embodiment described herein is only used To explain the present invention, it is not intended to limit the present invention.
Embodiment 1
This is based on the operating system real-time alert method of intelligence learning algorithm, comprises the following steps:
(1) file system of the operating system according to user, is analyzed to the file that system file and user operate, and leads to Cross particle group optimizing learning algorithm, predict the access probability in same time period, by when commonly used file and system level File classified, collect in each time period and be easily accessed for file directory, finally draw be subject to attack text Part catalogue;
(2) according to the time period threshold value of input, locking is subject to the file directory attacked in the correspondence time period;
(3) optimal value of virtual particle operation is calculated using particle group optimizing learning algorithm, and judges whether population is received Hold back;
If particle power does not restrain, return to step (1), continue to optimize;If population restrains, in particle group optimizing study The optimal path of particle in living document detection function dynamic learning process is added in algorithm, judgement is subject to the file attacked In catalogue and whether file therein is changed;
(4) file directory for being subject to attack for drawing and file therein are protected, once judge to find to hold It is subject to file directory under fire or file therein is changed, real-time report realizes Real-time Alarm to user at once.
The particle group optimizing learning algorithm is improved conventional particle colony optimization algorithm, by 24 hours of one day It is divided into 8 time periods, 3 hours each time periods.The frequency used file under certain path in each time period is particle, warp Study after a while, obtains out each time period domestic demand document to be protected catalogue.
The particle group optimizing learning algorithm introduces memory technique, to ensure that when study the road of repetition will not be walked Line, i.e., the route oneself passed by;Current location and velocity optimal particle during particle follows colony in the optimization process and move, And through by for obtaining optimal solution after iterative search;In each generation, Particle tracking finds so far in itself optimal solution pbest and so far The optimal solution gbest that the present is found is scanned for;If it was found that current particle is not that to walk in optimal particle or discovery learning is weight Multiple route is then reinitialized.
In the particle group optimizing learning algorithm, the computing formula of particle current location is:
Present [i]=present [i-1]+v [i-1];
Wherein present [i] is particle current location, and present [i-1] is the position of the last particle for measuring, v [i-1] is the speed of the last particle for measuring.
In the particle group optimizing learning algorithm, the computing formula of particle rapidity is:
V []=w × v []+c1 × rand1 () × (pbest []-present [])+c2 × random2 () × (gbest[ ]-present[ ])
+random(v);
Wherein c1, c2 are constant 2, and random () takes the random number between (0,1), and rand () learns for particle group optimizing The increased random value of algorithm, is used to ensure the verisimilitude of particle group velocity, and w is random weights.
Improved particle group optimizing learning algorithm is recorded a demerit without the final calculating for directly quoting algorithm, but is constantly used Optimal path in dynamic learning process, this is the use part for being different from traditional algorithm.This is based on intelligence learning algorithm In operating system real-time alert method, particle group optimizing learning algorithm just calculate finally without when all particles all flocks together As a result, but when a certain position is reached, particle group optimizing learning algorithm terminates, and now user takes most preferably according to orientation Result.
Embodiment 2
On the basis of embodiment 1, the particle group optimizing learning algorithm is changed to conventional particle colony optimization algorithm Enter, 12 time periods were divided into by 24 hours, 2 hours each time periods.File under certain path is used in each time period Frequency be particle, through study after a while, obtain out each time period domestic demand document to be protected catalogue.
Embodiment 3
On the basis of embodiment 1, the particle group optimizing learning algorithm is changed to conventional particle colony optimization algorithm Enter, 6 time periods were divided into by 24 hours, 4 hours each time periods.File under certain path is used in each time period Frequency is particle, through study after a while, obtains out each time period domestic demand document to be protected catalogue.
Embodiment 4
On the basis of embodiment 1, the particle group optimizing learning algorithm is changed to conventional particle colony optimization algorithm Enter, 24 time periods were divided into by 24 hours, 1 hour each time period.File under certain path is used in each time period Frequency be particle, through study after a while, obtain out each time period domestic demand document to be protected catalogue.
Embodiment 5
On the basis of embodiment 1, the particle group optimizing learning algorithm is changed to conventional particle colony optimization algorithm Enter, 4 time periods were divided into by 24 hours, 6 hours each time periods.File under certain path is used in each time period Frequency is particle, through study after a while, obtains out each time period domestic demand document to be protected catalogue.
Embodiment 6
On the basis of embodiment 1, the particle group optimizing learning algorithm is changed to conventional particle colony optimization algorithm Enter, 3 time periods were divided into by 24 hours, 8 hours each time periods.File under certain path is used in each time period Frequency is particle, through study after a while, obtains out each time period domestic demand document to be protected catalogue.
Embodiment 7
On the basis of embodiment 1, the particle group optimizing learning algorithm is changed to conventional particle colony optimization algorithm Enter, 2 time periods were divided into by 24 hours, 12 hours each time periods.File under certain path is used in each time period Frequency be particle, through study after a while, obtain out each time period domestic demand document to be protected catalogue.

Claims (8)

1. a kind of operating system real-time alert method based on intelligence learning algorithm, it is characterised in that comprise the following steps:
(1) file system of the operating system according to user, is analyzed, by grain to the file that system file and user operate Subgroup optimized learning algorithm, predicts access probability in same time period, by when commonly used file and system level text Part is classified, and is collected in each time period and is easily accessed for file directory, finally draws the file mesh for being subject to attack Record;
(2) according to the time period threshold value of input, locking is subject to the file directory attacked in the correspondence time period;
(3) optimal value of virtual particle operation is calculated using particle group optimizing learning algorithm, and judges whether population restrains;If Particle power does not restrain, then return to step (1), continues to optimize;If population restrains, added in particle group optimizing learning algorithm Living document detection function dynamic learning process in particle optimal path, judgement be subject to attack file directory in and its In file whether changed;
(4) file directory for being subject to attack for drawing and file therein are protected, once judge to find easily to meet with File directory or file therein under fire is changed, and real-time report realizes Real-time Alarm to user at once.
2. the operating system real-time alert method based on intelligence learning algorithm according to claim 1, it is characterised in that:Institute State particle group optimizing learning algorithm to improve conventional particle colony optimization algorithm, when being divided into n by 24 hours of one day Between section, the frequency used file under certain path in each time period is particle, through study after a while, obtains out every Individual time period domestic demand document to be protected catalogue.
3. the operating system real-time alert method based on intelligence learning algorithm according to claim 2, it is characterised in that:n To be not more than 24 natural number.
4. the operating system real-time alert method based on intelligence learning algorithm according to claim 3, it is characterised in that:n It is 8,8 time periods was divided into by 24 hours, 3 hours each time periods.
5. the operating system real-time alert method based on intelligence learning algorithm according to claim 3, it is characterised in that:n It is 12,12 time periods was divided into by 24 hours, 2 hours each time periods.
6. the operating system real-time alert method based on intelligence learning algorithm according to claim 2, it is characterised in that:Institute State particle group optimizing learning algorithm and introduce memory technique, to ensure that when study the route of repetition will not be walked, i.e., oneself The route passed by;Current location and velocity optimal particle during particle follows colony in the optimization process and move, and through by generation Optimal solution is obtained after iterative search;In each generation, Particle tracking finds so far optimal solution pbest in itself and find so far Optimal solution gbest is scanned for;If it was found that current particle is not that to walk in optimal particle or discovery learning is the route for repeating Then reinitialize.
7. the operating system real-time alert method based on intelligence learning algorithm according to claim 6, it is characterised in that:Institute State in particle group optimizing learning algorithm, the computing formula of particle current location is:
Present [i]=present [i-1]+v [i-1];
Wherein present [i] is particle current location, and present [i-1] is the position of the last particle for measuring, v [i-1] It is the speed of the particle that the last time measures.
8. the operating system real-time alert method based on intelligence learning algorithm according to claim 6, it is characterised in that:Institute State in particle group optimizing learning algorithm, the computing formula of particle rapidity is:
V []=w × v []+c1 × rand1 () × (pbest []-present [])+c2 × random2 () × (gbest []- present[])+random(v);
Wherein c1, c2 are constant 2, and random () takes the random number between (0,1), and rand () is particle group optimizing learning algorithm Increased random value, is used to ensure the verisimilitude of particle group velocity, and w is random weights.
CN201710107736.2A 2017-02-27 2017-02-27 A kind of operating system real-time alert method based on intelligence learning algorithm Pending CN106845239A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710107736.2A CN106845239A (en) 2017-02-27 2017-02-27 A kind of operating system real-time alert method based on intelligence learning algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710107736.2A CN106845239A (en) 2017-02-27 2017-02-27 A kind of operating system real-time alert method based on intelligence learning algorithm

Publications (1)

Publication Number Publication Date
CN106845239A true CN106845239A (en) 2017-06-13

Family

ID=59134271

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710107736.2A Pending CN106845239A (en) 2017-02-27 2017-02-27 A kind of operating system real-time alert method based on intelligence learning algorithm

Country Status (1)

Country Link
CN (1) CN106845239A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110677834A (en) * 2019-07-27 2020-01-10 广东毓秀科技有限公司 Rail transit battery state monitoring method based on Internet of things

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103973702A (en) * 2014-05-23 2014-08-06 浪潮电子信息产业股份有限公司 Information security defense rule intelligent deployment method based on improved particle swarm optimization
CN106203707A (en) * 2016-07-13 2016-12-07 浪潮电子信息产业股份有限公司 A kind of optimum path calculation method based on intellectual learning algorithm
CN106289293A (en) * 2016-08-11 2017-01-04 浪潮电子信息产业股份有限公司 A kind of city content Position Fixing Navigation System based on intellectual learning algorithm

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103973702A (en) * 2014-05-23 2014-08-06 浪潮电子信息产业股份有限公司 Information security defense rule intelligent deployment method based on improved particle swarm optimization
CN106203707A (en) * 2016-07-13 2016-12-07 浪潮电子信息产业股份有限公司 A kind of optimum path calculation method based on intellectual learning algorithm
CN106289293A (en) * 2016-08-11 2017-01-04 浪潮电子信息产业股份有限公司 A kind of city content Position Fixing Navigation System based on intellectual learning algorithm

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110677834A (en) * 2019-07-27 2020-01-10 广东毓秀科技有限公司 Rail transit battery state monitoring method based on Internet of things

Similar Documents

Publication Publication Date Title
Maglaras et al. Combining ensemble methods and social network metrics for improving accuracy of OCSVM on intrusion detection in SCADA systems
Zhu et al. Alert correlation for extracting attack strategies
Rahman et al. Attacks classification in adaptive intrusion detection using decision tree
CN111049680B (en) Intranet transverse movement detection system and method based on graph representation learning
CN106790186A (en) Multi-step attack detection method based on multi-source anomalous event association analysis
Niu et al. Identifying APT malware domain based on mobile DNS logging
Asif et al. Network intrusion detection and its strategic importance
CN110213226A (en) Associated cyber attack scenarios method for reconstructing and system are recognized based on risk total factor
CN108199875A (en) A kind of Network Intrusion Detection System and method
Dhakar et al. A novel data mining based hybrid intrusion detection framework
Krishnan Sadhasivan et al. A fusion of multiagent functionalities for effective intrusion detection system
CN110557397A (en) DDoS attack detection method based on chaos theory analysis
Chauhan et al. Selection of tree based ensemble classifier for detecting network attacks in IoT
Yu Analyze the worm-based attack in large scale P2P networks
Milan et al. Reducing false alarms in intrusion detection systems–a survey
Balan et al. Hybrid architecture with misuse and anomaly detection techniques for wireless networks
CN106845239A (en) A kind of operating system real-time alert method based on intelligence learning algorithm
Yang et al. Intrusion detection alarm filtering technology based on ant colony clustering algorithm
Nagle et al. Feature Extraction Based Classification Technique for Intrusion Detection System
Khor et al. Comparing single and multiple Bayesian classifiers approaches for network intrusion detection
Beng et al. A comparative study of alert correlations for intrusion detection
Tseng et al. Building a self-organizing phishing model based upon dynamic EMCUD
Khor et al. Forming an optimal feature set for classifying network intrusions involving multiple feature selection methods
Kiranmai et al. Extenuate DDoS attacks in cloud
Su et al. An online response system for anomaly traffic by incremental mining with genetic optimization

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170613