CN109547431A - A kind of network security situation evaluating method based on CS and improved BP - Google Patents

A kind of network security situation evaluating method based on CS and improved BP Download PDF

Info

Publication number
CN109547431A
CN109547431A CN201811376507.1A CN201811376507A CN109547431A CN 109547431 A CN109547431 A CN 109547431A CN 201811376507 A CN201811376507 A CN 201811376507A CN 109547431 A CN109547431 A CN 109547431A
Authority
CN
China
Prior art keywords
network
neural network
cuckoo
output
weight
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811376507.1A
Other languages
Chinese (zh)
Inventor
李文萃
郭少勇
王世文
刘岩
杨润华
喻鹏
徐思雅
安致嫄
吴利杰
丁铖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Beijing University of Posts and Telecommunications
Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Beijing University of Posts and Telecommunications
Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Beijing University of Posts and Telecommunications, Information and Telecommunication Branch of State Grid Henan Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201811376507.1A priority Critical patent/CN109547431A/en
Publication of CN109547431A publication Critical patent/CN109547431A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/004Artificial life, i.e. computing arrangements simulating life
    • G06N3/006Artificial life, i.e. computing arrangements simulating life based on simulated virtual individual or collective life forms, e.g. social simulations or particle swarm optimisation [PSO]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/084Backpropagation, e.g. using gradient descent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A kind of network security situation evaluating method based on CS and improved BP of the invention, including four steps: S1, obtain network safety situation element, composing training sample set and test sample collection, determine BP neural network structure S2, optimal initial weight and threshold value S3 are found using cuckoo search (CS) algorithm, introduce factor of momentum and steepness factor improved BP S4, improved BP neural network is trained, trained network is finally used for networks security situation assessment, obtains final situation value and security level.The present invention realizes that network safety situation is accurately quantitatively evaluated using improved BP, reduces the subjective impact of expert view in Traditional measurements method, objective to be comprehensively reflected network security integral status;It is made improvements in conjunction with cuckoo searching algorithm, introducing factor of momentum and steepness factor, accelerates convergence rate, reduce space-time expense, improve the accuracy and practicability of networks security situation assessment.

Description

CS (circuit switched) and improved BP (back propagation) neural network-based network security situation assessment method
Technical Field
The invention relates to the technical field of network security, in particular to a network security situation assessment method based on a CS (circuit switched) and an improved BP (back propagation) neural network.
Background
With the rapid development of Internet technology, the network scale is gradually increased and complicated, the attacks are diversified, the security events are greatly increased, and the security problem becomes increasingly prominent and urgent. The network security situation assessment is to perform comprehensive analysis and real-time assessment on the global security situation of a network system by using an assessment algorithm on the basis of fusing element information related to network security, so as to help managers to grasp the security condition of the whole network, provide guidance for network security management command and decision, and reduce risks and losses to the minimum.
Currently, evaluation of network security situation at home and abroad is mainly classified into 3 types: (1) the method based on the mathematical model comprises (2) knowledge-based reasoning methods based on an analytic hierarchy process, a deviation method, a fuzzy comprehensive evaluation method, a set-pair analysis method and the like, comprises (3) pattern recognition methods based on a Bayesian algorithm, a DS evidence theory, a graph model, a Markov and the like, and comprises a support vector machine, an artificial neural network, a rough set theory, gray correlation and the like.
The former two methods are applied more, but have the defects of strong subjective dependence, difficult acquisition of priori knowledge, unsuitable dynamic complex network environment and the like, compared with the evaluation method based on pattern recognition, the evaluation method has higher accuracy and objectivity and can be more suitable for the dynamically uncertain network environment, the BP neural network is a multilayer feedforward network, and is widely applied to the situation evaluation field due to the advantages of strong self-learning capability, better generalization capability, fault-tolerant capability and the like, but from the application effect, the following defects exist at present: (1) the evaluation data source is single, so that the evaluation result has one-sidedness and low reliability. (2) The space-time overhead is large, the real-time requirement cannot be met, and the evaluation result is not accurate enough (3) the traditional BP neural network has the defects of easy formation of local minimum, easy oscillation, slow convergence rate and the like.
Disclosure of Invention
In view of the above situation, and in order to overcome the defects of the prior art, the present invention aims to provide a network security situation assessment method based on a CS and an improved BP neural network, which integrates comprehensive network security situation factors, performs accurate situation assessment through autonomous learning and iterative updating, and has a faster operation speed, thereby improving the accuracy and the assessment efficiency of network security situation assessment, and truly reflecting the overall network security situation.
The technical proposal for solving the problem is that the method comprises the following four steps,
s1, acquiring network security situation factors, forming a training sample set and a test sample set, and determining a BP neural network structure;
s2, searching for an optimal initial weight and a threshold by using a Cuckoo Search (CS) algorithm;
s3, improving the BP neural network by introducing momentum factors and steepness factors;
and S4, training the improved BP neural network, and using the trained network for network security situation evaluation to obtain a final situation value and a security level.
The method for evaluating the network security situation based on the CS and the improved BP neural network according to claim 1, wherein the network security situation elements are obtained in step S1, and a training sample set and a testing sample set are formed by normalizing situation element data including system configuration information, system operation information, and network traffic information to obtain situation index data with a uniform format, and a training sample set and a testing sample set are formed;
in step S1, the BP neural network structure is determined, and assuming that N signals are input, the input vector is X ═ X (X)1,x2,…,xn) If the number of nodes in the hidden layer is M, the output vector of the hidden layer is Y ═ Y1,y2,…,ym) If the number of nodes in the output layer is L, the output layer vector is O ═ O1,o2,…,ol) The desired output vector is D ═ D (D)1,d2,…,dl) The weight matrix from the input layer to the hidden layer is W ═ W (W)1,W2,…,Wj,…,Wm) The weight from the hidden layer to the output layer is V ═ V1,V2,…,Vk,…,Vl) The hidden layer having a threshold value thetajThe output layer has a threshold value rkOutput value y of the jth neuron of the hidden layerjOutput of k-th neuron of output layer okAnd then:
in the above formula, f (x) is a transfer function of the hidden layer, and a sigmoid function is generally adopted, and the formula is as follows:
preferably, the step S2 of finding the optimal initial weight and threshold by using a Cuckoo Search (CS) algorithm specifically includes:
s21, initializing the population, and randomly generating n cuckoos according to the weight and threshold characteristics of the neural networkEncoding n cuckoos in a floating point number encoding mode;
and S22, calculating the fitness, wherein the fitness function is the reciprocal of the total error function of the neural network, and the fitness function is as follows:
s23, updating the position, and reserving the optimal cuckoo of the previous generationUpdating the position of cuckoo according to the following formula to obtain
Wherein,indicating the position of the ith bird nest in the t generation,for point-to-point multiplication, α>0 is the step size (generally α -1), L (lambda) is the Levy random search path, and the random step size lambda follows the Levy distribution;
s24, selecting, replacing, deleting operation, randomly generating a value in [0, 1 ]]Fraction r of interval, comparison r and probability of finding paIf r is>paUpdating the positions of all cuckoos according to the formula (12), calculating and comparing the fitness of the new cuckoos and the original cuckoos, reserving the cuckoos with higher fitness, and obtaining the updated positions of the cuckoosIf r is ≦ paThe original cuckoo is kept;
the elimination operation is to eliminate n × p to keep the population in the optimal state all the timeaThe individual with the worst fitness value; to keep the population size constant, n × p will be randomly generatedaSolutions (need to be on n x p)aPerforming rounding operations); meanwhile, the individuals with better fitness value are directly transmitted to the next generation;
s25, judging whether the optimal cuckoo meets the conditions or whether the iterative algebra meets the requirements, if so, decoding the optimal cuckoo to obtain the optimal weight and threshold, and executing the step S3; otherwise, step S23 is executed.
Preferably, the improvement of the conventional BP neural network by introducing the momentum factor and the steepness factor in step S3 is specifically:
s31, momentum factors are introduced, and a weight correction process of the neural network is improved by adopting an additional momentum method, which comprises the following specific steps: the weight adjustment quantity obtained by calculating the error of this time is partially superposed on the weight adjustment quantity obtained by calculating the error of this time, and the weight adjustment formula with momentum term designed by the invention is as follows:
Δw(k+1)=(1-α)ηD(k)+αΔw(k)
wherein,represented as a negative gradient at time k,
w is the network weight, Δ w is the increment of the weight, k is the training times, α is the momentum factor, 0< α <1, generally about 0.95, η is the learning rate;
s32, introducing a gradient factor lambda in the original transfer function, and the improvement principle is as follows: after the weight adjustment enters the flat region, the net input of the neuron is tried to be compressed, so that the output of the neuron exits the saturation region of the transfer function, thereby changing the shape of the error function, and the adjustment is separated from the flat region, and the formula is as follows:
in the formula, net is the input of the neuron, when the delta E is found to be close to zero and the model output has larger deviation with the actual value, the condition that the model has entered the flat zone can be judged, and at the moment, the lambda is more than 1; when the flat area is exited, let λ be 1 again.
Preferably, the training of the improved BP neural network in step S4, and the using of the trained network for network security situation assessment specifically includes:
s41, initializing a neural network, namely inputting the optimal initial weight and threshold combination of the BP neural network obtained by the cuckoo algorithm of the step S2 into the network as parameters to initialize the parameters, and inputting the rest parameters of the BP network, including iteration times N, momentum factors α and training allowable errors epsilon;
s42, calculating the output of the input layer, the intermediate hidden layer and the output layer, wherein each neuron of the input layer does not process the input vector, and the output y of the intermediate hidden layer is calculated according to the step of claim 2jAnd output o of the output layerk
S43, outputting o according to the calculationkAnd the actual output dkCalculating error e of each neuron of output layerkAnd calculating the total error E of the system, wherein the formula is as follows:
s44, calculating weight correction according to the step S31, and further adjusting the weight of each neuron;
s45, randomly selecting the next training data to be provided to the BP neural network, and guiding all the training data to train the BP neural network;
s46, judging whether the global error E of the neural network meets the precision requirement, if E < epsilon, finishing the training of the network; otherwise, go to step S43 to continue adjusting the connection weights of each layer, and perform iterative training until the global error of the network satisfies the condition or the iteration number reaches N;
and S47, inputting the test situation data into a trained neural network with evaluation capability, obtaining a situation value SA of the network through mapping, and finally obtaining the security level of the network by contrasting a network overall situation level table.
Due to the adoption of the technical scheme, compared with the prior art, the invention has the following advantages;
1, accurate quantitative evaluation of network security situation is realized by utilizing an improved BP neural network, subjective influence of expert opinions in a traditional evaluation method is reduced, and the overall network security condition is objectively and comprehensively reflected;
aiming at the defects that the traditional BP neural network is low in convergence speed, easy to vibrate, easy to sink into local minimum and the like, the convergence speed is accelerated by combining a cuckoo search algorithm and improving the traditional BP neural network by introducing a momentum factor and a steepness factor, the space-time overhead is reduced, and the accuracy and the practicability of network security situation assessment are improved.
Drawings
Fig. 1 is a flowchart of a network security situation assessment method based on a CS and improved BP neural network according to the present invention.
Fig. 2 is a diagram of a neural network structure according to an embodiment of the present invention.
Fig. 3 is a graph comparing error curves of the evaluation method based on the CS and the improved BP neural network provided in the embodiment of the present invention with the evaluation method based on the conventional BP neural network.
Fig. 4 is a comparison graph of the evaluation accuracy of the evaluation method based on the CS and the improved BP neural network according to the present invention and the evaluation method based on the conventional BP neural network.
Detailed Description
The foregoing and other technical matters, features and effects of the present invention will be apparent from the following detailed description of the embodiments, which is to be read in connection with the accompanying drawings of fig. 1 to 4. The structural contents mentioned in the following embodiments are all referred to the attached drawings of the specification.
In one embodiment, a network security situation assessment method based on a CS and an improved BP neural network comprises the following four steps,
s1, acquiring network security situation factors, forming a training sample set and a test sample set, and determining a BP neural network structure;
s2, searching for an optimal initial weight and a threshold by using a Cuckoo Search (CS) algorithm;
s3, aiming at the defects that the traditional BP neural network is low in convergence speed, easy to vibrate, easy to fall into local minimum and the like, a momentum factor and a gradient factor are introduced to improve the BP neural network;
and S4, training the improved BP neural network, and using the trained network for network security situation evaluation to obtain a final situation value and a security level.
In a second embodiment, on the basis of the first embodiment, the step S1 specifically includes:
and S11, acquiring network security situation factors to form a training sample set and a testing sample set, wherein the evaluation data source mainly comes from three categories, namely system configuration information, system operation information and network flow information. The first type of data source refers to network design and configuration conditions, such as a network topology structure, installation and setting of service software, vulnerability of a system and the like; the second kind of data source refers to the system operation condition when the network system is attacked, and mainly comes from the system operation log library; the third kind of data source mainly refers to various flow conditions of network instant messaging, and can be obtained through monitoring of special software. According to the current network situation and the actual requirements of an index system, the method selects Netflow data, Snort logs and Nessus scanning logs as situation index data sources. The three kinds of data cover information of three aspects of traffic, attack and vulnerability. The method reflects basic operation state information of the network, the attack threats and potential security threat conditions faced by the network, and can provide comprehensive data support for network security situation perception.
S12, determining a BP neural network structure, and fig. 2 is a diagram of a neural network structure according to an embodiment of the present invention. The BP neural network comprises 1 input layer, 1 output layer and a plurality of hidden layers, neurons between adjacent layers are connected through a reasonable activation function to maintain parameters of the network, and are trained through a combination of forward propagation and backward propagation processes, and an input vector is X (X) assuming that N signals are input1,x2,…,xn) If the number of nodes in the hidden layer is M, the output vector of the hidden layer is Y ═ Y1,y2,…,ym) If the number of nodes in the output layer is L, the output layer vector is O ═ O1,o2,…,ol) The desired output vector is D ═ D (D)1,d2,…,dl) The weight matrix from the input layer to the hidden layer is W ═ W (W)1,W2,…,Wj,…,Wm) The weight from the hidden layer to the output layer is V ═ V1,V2,…,Vk,…,Vl) The hidden layer having a threshold value thetajThe output layer has a threshold value rk. Output value y of the jth neuron of the hidden layerjOutput of k-th neuron of output layer okAnd then:
in the above formula, f (x) is a transfer function of the hidden layer, and a sigmoid function is generally adopted, and the formula is as follows:
in the embodiment of the invention, the number of nodes of an input layer is 8, and the nodes correspond to 8 situation evaluation elements: number of secure devices (x) within subnet1) Total number of open ports (x) of each critical device within the subnet2) Frequency (x) of key devices accessing mainstream security websites3) Number of alarms (x)4) Network bandwidth usage (x)5) Historical frequency of occurrence of security events (x)6) Subnet traffic rate of change (x)7) Mean time between failures (x) of subnets8). The number of output nodes is 1 and is marked as SA (i.e., network security posture value). The hidden layer node number is obtained by a trial and error method. Firstly, setting fewer hidden nodes through an empirical formula, then increasing the number of the hidden nodes with the same amount each time, and selecting the number of the corresponding nodes with the minimum training error on the premise of using the same sample set. The number m of initial hidden nodes is:
wherein: n represents the number of nodes of the input layer; l represents the number of output layer nodes; δ represents a constant from 0 to 10; the number of nodes in the hidden layer is selected from 4 according to the formula, and the number of the nodes is obtained through trial and error 6.
In a third embodiment, on the basis of the first embodiment, the step S2 specifically includes:
the initial weight and the threshold of the BP neural network are randomly distributed, so the training time is generally longer, and the weight and the threshold obtained by training are not optimal, so the optimal weight and threshold are searched by adopting a Cuckoo (CS) algorithm, and the specific steps are as follows:
s21, initializing the population, and randomly generating n cuckoos according to the weight and threshold characteristics of the neural networkThe n cuckoos are coded, the coding mode adopts floating-point number coding, the floating-point number coding is visual, the method has the characteristics of easily controlled coding length, high coding precision, strong large-space searching capability and the like, and the calculation complexity can be reduced, so that the floating-point number coding is adopted. All the weights and thresholds of the BP neural network are coded into a cuckoo according to the design structure of the BP neural network, and then the code of the cuckoo is as follows:
W11W21…WN1V11V21…V1Lθ1…W1MW2M…WNMVM1VM2…VMLθMr1…rL
wherein N is the number of nodes of an input layer of the network, M is the number of nodes of a hidden layer, L is the number of nodes of an output layer, a weight matrix from the input layer to the hidden layer is W, a weight matrix from the hidden layer to the output layer is V, a threshold matrix of the hidden layer is theta, and a threshold matrix of the output layer is r;
and S23, calculating the fitness, wherein the cuckoo algorithm belongs to a meta-heuristic optimization algorithm, and the quality of individuals in a group is measured by the fitness. The higher the fitness value is, the closer the individual is to the optimal solution, and by combining the characteristic that the total error of the BP neural network is smaller and better, the fitness function designed by the embodiment is the reciprocal of the sum of absolute values of errors between the actual output and the predicted output of the network, namely:
and substituting the situation index data acquired in the step S1 into a fitness function to calculate the fitness of the generation of cuckoos. Selecting cuckoo with optimal fitness
And S23, updating the position. Cuckoo with retained previous generation optimalityUpdating the position of cuckoo to obtainThe location update formula is as follows:
wherein,indicating the position of the ith bird nest in the t generation,for point-to-point multiplication, α>0 is the step size (typically α -1), L (λ) is the L vy random search path, and the random step size λ obeys the L vy distribution.
And calculating the fitness of the cuckoo generation, comparing the fitness with the fitness of the previous generation, updating the position if the fitness is better, and otherwise, still keeping the position of the nest of the previous generation.
And S24, selecting, replacing and deleting. Randomly generating a random number in [0, 1 ]]Fraction r of interval, comparison r and probability of finding paThe size of (2). If r is>paUpdating the positions of all cuckoos, calculating and comparing the fitness of the new cuckoos and the original cuckoos, reserving the cuckoos with higher fitness, and obtaining the updated positions of the cuckoosIf r is ≦ paAnd the original cuckoo is kept.
The elimination operation is to eliminate n × p to keep the population in the optimal state all the timeaThe individual with the worst fitness value; to keep the population size constant, n × p will be randomly generatedaSolutions (need to be on n x p)aPerforming rounding operations); at the same time, the value of adaptability is betterIndividuals, will pass directly to the next generation.
S25, judging whether the optimal cuckoo meets the conditions or whether the iterative algebra meets the requirements, if so, decoding the optimal cuckoo to obtain the optimal weight and threshold, and executing the step S3; otherwise, step S23 is executed.
The cuckoo algorithm belongs to a meta-heuristic optimization algorithm, and the quality of individuals in a group is measured by fitness. A higher fitness value represents a closer approach of the individual to the optimal solution. By combining the characteristic that the smaller the total error of the BP neural network is, the better the total error is, the fitness function designed by the embodiment is the reciprocal of the sum of absolute values of errors between the actual output and the predicted output of the network, namely:
and substituting the situation index data acquired in the step S1 into a fitness function to calculate the fitness of the generation of cuckoos. Selecting cuckoo with optimal fitness
And S23, updating the position. Cuckoo with retained previous generation optimalityUpdating the position of cuckoo to obtainThe location update formula is as follows:
wherein,indicating the position of the ith bird nest in the t generation,for point-to-point multiplication, α>0 is the step size (typically α -1), L (λ) is the L vy random search path, and the random step size λ obeys the L vy distribution.
And calculating the fitness of the cuckoo generation, comparing the fitness with the fitness of the previous generation, updating the position if the fitness is better, and otherwise, still keeping the position of the nest of the previous generation.
And S24, selecting, replacing and deleting. Randomly generating a random number in [0, 1 ]]Fraction r of interval, comparison r and probability of finding paThe size of (2). If r is>paUpdating the positions of all cuckoos, calculating and comparing the fitness of the new cuckoos and the original cuckoos, reserving the cuckoos with higher fitness, and obtaining the updated positions of the cuckoosIf r is less than or equal to pa, the original cuckoo is kept.
The elimination operation is to eliminate n × p to keep the population in the optimal state all the timeaThe individual with the worst fitness value; to keep the population size constant, n × p will be randomly generatedaSolutions (need to be on n x p)aPerforming rounding operations); meanwhile, the individuals with better fitness value are directly transmitted to the next generation.
S25, judging whether the optimal cuckoo meets the conditions or whether the iterative algebra meets the requirements, if so, decoding the optimal cuckoo to obtain the optimal weight and threshold, and executing the step S3; otherwise, step S23 is executed.
In a fourth embodiment, on the basis of the first embodiment, the step S3 specifically includes:
s31, momentum factors are introduced, the standard BP algorithm is a simple steepest descent static optimization method in essence, when w (k) is corrected, correction is carried out only according to the negative gradient direction of the k step, the previous accumulated experience, namely the gradient direction of the previous moment is not considered, therefore, the training process is often oscillated and converged slowly, and the specific method of the weight adjustment algorithm of the additional momentum method is as follows: and overlapping a part of the weight adjustment quantity of the last time or the last times to the weight adjustment quantity calculated according to the error of the current time to be used as the actual weight adjustment quantity of the current time. The weight value adjusting formula with momentum items designed by the invention is as follows:
Dw(k+1)=(1-α)ηD(k)+αDw(k)
wherein,represented as a negative gradient at time k.
w is the network weight, Dw is the increment of the weight, k is the training times, α is the momentum factor, 0< α <1, generally about 0.95, η is the learning rate, which is constant in the standard BP neural network.
The meaning of the above formula is that the influence of the previous weight change on the current weight adjustment trend is transmitted through a momentum factor, when the momentum factor α is zero, the weight change is generated only according to the gradient descent method, when the momentum factor α is 1, the new weight change is set as the previous weight change, and the change part generated according to the gradient method is ignoredij(k+1)=Dwij(k) Thereby preventing DwijThe presence of 0 helps to jump the network out of the local minima of the error surface. The momentum factor added by the method is actually equivalent to a damping term, reduces the oscillation trend in the learning process, plays a role in buffering and smoothing, and improves the convergence.
S32, when the sum of squared errors is close to zero in the training process, the neural network with the steepness factor BP may still have a large deviation between the output of the model and the actual value, and the reason for this is because there is a flat area on the error surface. To prevent this from happening during network training, the present invention introduces a method of steepness factor to improve the standard BP algorithm. The improvement principle is as follows: after the weight adjustment enters the plateau region, the net input of the neuron is compressed to make its output exit the saturation region of the transfer function, thereby changing the shape of the error function and making the adjustment leave the plateau region. Specifically, a gradient factor lambda is introduced into the original transfer function:
where net is the input to the neuron. When the delta E is close to zero and the model output and the actual value have larger deviation, the method can judge that the model enters a flat area, and the lambda is more than 1; when the flat area is exited, let λ be 1 again. When λ >1, the net coordinate is compressed by λ times, and the sensitive area of the neuron function becomes longer, thereby causing the net t having a larger absolute value to exit the saturation area. When λ is 1, the transfer function is restored, with higher sensitivity to smaller net. The application shows that the method is very effective for improving the convergence speed and accuracy of the neural network algorithm.
In a fifth embodiment, on the basis of the first embodiment, the step S4 specifically includes:
and S41, initializing a neural network 1) initializing parameters, and inputting the optimal initial weight and threshold combination of the BP neural network obtained in the step S2 into the network as parameters, besides, initializing the other parameters of the BP network, including iteration times N, momentum factors α and training allowable errors epsilon 2) taking training situation data as input vectors and taking situation values evaluated by experts as output vectors into the optimized BP neural network.
And S42, calculating the output of the input layer, wherein each neuron of the input layer does not process the input vector and simply transmits the input vector as the output to the hidden layer. Calculating the output of each neuron of the middle hidden layer, wherein the formula is as follows:
calculating the output of each neuron of the output layer, wherein the formula is as follows:
in the above formula, f (x) is a transfer function of the hidden layer, a sigmoid function is generally adopted, and the steepness factor λ is introduced in the embodiment of the present invention, and the formula is as follows:
s43, output o obtained according to calculationkAnd the actual output dkAnd calculating the total error E of the system, wherein the formula is as follows:
s44, the total error E of the system is a weight vij,wjkThe weight value can be adjusted through a gradient descent method, so that the error E is reduced, and iterative optimization solution is realized. The embodiment of the invention adopts an additional momentum factor method to optimize the weight correction process. With wjkFor example, the formula is as follows:
Dw(k+1)=(1-α)ηD(k)+αDw(k)
and S45, randomly selecting the next training data to be provided to the improved BP neural network, and guiding all the training data to train the improved BP neural network.
And S46, judging whether the global error E of the neural network meets the precision requirement. If E < epsilon, then the training of the network is ended; otherwise, the step (3) is carried out to continuously adjust the connection weight of each layer, and the iterative training is carried out until the global error of the network meets the condition or the iteration frequency reaches N.
And S47, inputting the test situation data into a trained neural network with evaluation capability, obtaining the situation value SA of the network through mapping, and finally obtaining the security level of the network through comparing the table 2.
The neural network evaluation result SA is a numerical value within a certain threshold interval, and lacks a certain practical guiding significance, so in actual production life, the network security level corresponding to the network security situation value needs to be defined. On the basis of reference risk assessment, the invention divides the grades of the network security situation into five grades { excellent, good, medium, poor and dangerous }, and the situation value range and the network behavior characteristics of each grade are shown in table 2:
TABLE 2 network Overall situation level Table
When the method is used, in order to enable a person skilled in the art to better understand the scheme, the scheme is explained below by using a practical application scene, and a simulation comparison test is performed by adopting a simulated network security data and the network security situation evaluation method provided by the invention. According to the embodiment of the application, a network experiment environment is set up, and a common User and an Attacker attach can access all hosts on the network through the Internet. And (2) periodically collecting intrusion detection system IDS attack information, collecting vulnerability scanning information in a host Nessus, collecting Snort log alarm information and collecting network flow information by a router Netflow, wherein the information is used as a multi-source heterogeneous original data source of the simulation experiment, and then an organization expert manually evaluates the security risk to obtain the actual level of the network security situation. Extracting the number (x) of secure devices within a subnet1) Keys within subnetTotal number of open ports (x) of device2) Frequency (x) of key devices accessing mainstream security websites3) Number of alarms (x)4) Network bandwidth usage (x)5) Historical frequency of occurrence of security events (x)6) Subnet traffic rate of change (x)7) Mean time between failures (x) of subnets8). The 8 evaluation indexes form a sample set as an input of an evaluation model, and an expert evaluation result is output as an expected result, so that 1500 pieces of data are obtained. Randomly selecting 1000 samples as a training set for training the improved BP neural network; the remaining 500 samples are used as a test set for checking whether the evaluation result of the network security situation evaluation model is consistent with the actual result, namely the generalization capability of the model;
in the cuckoo optimizing part, selecting the cuckoo population scale, setting the discovery probability p as 40aThe number of nodes of an implicit layer is set to be 6 by adopting a trial and error method, the output of an output layer is a situation value, the number of output nodes is 1, a transfer function is a standard sigmoid function, the maximum iteration number is set to be 1000, a target function error epsilon is 0.05, and a momentum factor α is 0.95. the embodiment of the invention designs a comparison test before and after algorithm optimization, fig. 3 shows an error curve comparison graph of the evaluation method based on the CS and the improved BP neural network provided by the embodiment of the invention and an error curve comparison graph of the evaluation method based on the traditional BP neural network, as shown in fig. 3, compared with the traditional BP neural network, the evaluation method based on the Cuckoo search algorithm and the improved BP neural network, provided by the embodiment of the invention, has no local minimum problem, has higher convergence speed and convergence effect, the CS algorithm only needs few resources to find the initial optimal weight and the BP neural network, effectively shortens the later period of the consumption, trains the BP neural network, and the convergence factor, and the convergence effect is improved, and the evaluation method based on the initial optimal weight and the traditional BP neural network is provided by the inventionAnd (5) comparing the graph. As shown in fig. 4, as the sample capacity increases, the evaluation accuracy of the conventional BP network algorithm decreases, and the accuracy curve of the evaluation method provided by the embodiment of the present invention is stable at 97.5% or more, which shows that the evaluation method provided by the embodiment of the present invention has higher evaluation accuracy and more stable evaluation effect.
While the invention has been described in further detail with reference to specific embodiments thereof, it is not intended that the invention be limited to the specific embodiments thereof; for those skilled in the art to which the present invention pertains and related technologies, the extension, operation method and data replacement should fall within the protection scope of the present invention based on the technical solution of the present invention.

Claims (5)

1. A network security situation assessment method based on a CS and an improved BP neural network is characterized by comprising the following four steps,
s1, acquiring network security situation factors, forming a training sample set and a test sample set, and determining a BP neural network structure;
s2, searching for an optimal initial weight and a threshold by using a Cuckoo Search (CS) algorithm;
s3, improving the BP neural network by introducing momentum factors and steepness factors;
and S4, training the improved BP neural network, and using the trained network for network security situation evaluation to obtain a final situation value and a security level.
2. The method for evaluating the network security situation based on the CS and the improved BP neural network according to claim 1, wherein the network security situation elements are obtained in step S1, and a training sample set and a testing sample set are formed by normalizing situation element data including system configuration information, system operation information, and network traffic information to obtain situation index data with a uniform format, and a training sample set and a testing sample set are formed;
in step S1, the BP neural network structure is determined, and assuming that N signals are input, the input vector is X ═ X (X)1,x2,…,xn) If the number of nodes in the hidden layer is M, the output vector of the hidden layer is Y ═ Y1,y2,…,ym) If the number of nodes in the output layer is L, the output layer vector is O ═ O1,o2,…,ol) The desired output vector is D ═ D (D)1,d2,…,dl) The weight matrix from the input layer to the hidden layer is W ═ W (W)1,W2,…,Wj,…,Wm) The weight from the hidden layer to the output layer is V ═ V1,V2,…,Vk,…,Vl) The hidden layer having a threshold value thetajThe output layer has a threshold value rkOutput value y of the jth neuron of the hidden layerjOutput of k-th neuron of output layer okAnd then:
in the above formula, f (x) is a transfer function of the hidden layer, and a sigmoid function is generally adopted, and the formula is as follows:
3. the method for evaluating network security situation based on CS and improved BP neural network according to claim 1, wherein the finding of optimal initial weight and threshold value by using Cuckoo Search (CS) algorithm in step S2 specifically comprises:
s21, initializing the population, and randomly generating n cuckoo x according to the weight and threshold characteristics of the neural network(0)=(x1 (0),x2 (0),...,xn (0)) Encoding n cuckoos, wherein the encoding mode adopts floating point number encoding;
and S22, calculating the fitness, wherein the fitness function is the reciprocal of the total error function of the neural network, and the fitness function is as follows:
s23, updating the position, and reserving the optimal cuckoo x of the previous generationi (0)Updating the position of cuckoo according to the following formula to obtain x(t)=(x1 (t),x2 (t),...,xn (t))
Wherein x is(t)Indicating the position of the ith bird nest in the t generation,for point-to-point multiplication, α>0 is the step size (generally α -1), L (lambda) is the Levy random search path, and the random step size lambda follows the Levy distribution;
s24, selecting, replacing, deleting operation, randomly generating a value in [0, 1 ]]Fraction r of interval, comparison r and probability of finding paIf r > paThen, the station is updated according to the formula (12)Calculating and comparing the fitness of the new cuckoo and the original cuckoo according to the positions of cuckoos, reserving the cuckoo with larger fitness, and obtaining the updated cuckoo position x(t+1)=(x1 (t+1),x2 (t +1),...,xn (t+1)) (ii) a If r is ≦ paThe original cuckoo is kept;
the elimination operation is to eliminate n × p to keep the population in the optimal state all the timeaThe individual with the worst fitness value; to keep the population size constant, n × p will be randomly generatedaSolutions (need to be on n x p)aPerforming rounding operations); meanwhile, the individuals with better fitness value are directly transmitted to the next generation;
s25, judging whether the optimal cuckoo meets the conditions or whether the iterative algebra meets the requirements, if so, decoding the optimal cuckoo to obtain the optimal weight and threshold, and executing the step S3; otherwise, step S23 is executed.
4. The method for evaluating network security situation based on CS and improved BP neural network according to claim 1, wherein the step S3 of introducing momentum factor and steepness factor to improve the conventional BP neural network specifically comprises:
s31, momentum factors are introduced, and a weight correction process of the neural network is improved by adopting an additional momentum method, which comprises the following specific steps: the weight adjustment quantity obtained by calculating the error of this time is partially superposed on the weight adjustment quantity obtained by calculating the error of this time, and the weight adjustment formula with momentum term designed by the invention is as follows:
Δw(k+1)=(1-α)ηD(k)+αΔw(k)
wherein,represented as a negative gradient at time k,
w is the network weight, Δ w is the increment of the weight, k is the training times, α is the momentum factor, 0< α <1, generally about 0.95, η is the learning rate;
s32, introducing a gradient factor lambda in the original transfer function, and the improvement principle is as follows: after the weight adjustment enters the flat region, the net input of the neuron is tried to be compressed, so that the output of the neuron exits the saturation region of the transfer function, thereby changing the shape of the error function, and the adjustment is separated from the flat region, and the formula is as follows:
in the formula, net is the input of the neuron, when the delta E is found to be close to zero and the model output has larger deviation with the actual value, the model can be judged to enter a flat area, and the lambda is more than 1; when the flat area is exited, let λ be 1 again.
5. The method for evaluating network security situation based on CS and improved BP neural network according to claim 1, wherein the step S4 of training the improved BP neural network and using the trained network for evaluating network security situation specifically comprises:
s41, initializing a neural network, namely inputting the optimal initial weight and threshold combination of the BP neural network obtained by the cuckoo algorithm of the step S2 into the network as parameters to initialize the parameters, and inputting the rest parameters of the BP network, including iteration times N, momentum factors α and training allowable errors epsilon;
s42, calculating the output of the input layer, the intermediate hidden layer and the output layer, wherein each neuron of the input layer does not process the input vector, and the output y of the intermediate hidden layer is calculated according to the step of claim 2jAnd output o of the output layerk
S43, outputting o according to the calculationkAnd the actual output dkCalculating error e of each neuron of output layerkAnd calculating the total error E of the system, wherein the formula is as follows:
s44, calculating weight correction according to the step S31, and further adjusting the weight of each neuron;
s45, randomly selecting the next training data to be provided to the BP neural network, and guiding all the training data to train the BP neural network;
s46, judging whether the global error E of the neural network meets the precision requirement, if E < epsilon, finishing the training of the network; otherwise, go to step S43 to continue adjusting the connection weights of each layer, and perform iterative training until the global error of the network satisfies the condition or the iteration number reaches N;
and S47, inputting the test situation data into a trained neural network with evaluation capability, obtaining a situation value SA of the network through mapping, and finally obtaining the security level of the network by contrasting a network overall situation level table.
CN201811376507.1A 2018-11-19 2018-11-19 A kind of network security situation evaluating method based on CS and improved BP Pending CN109547431A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811376507.1A CN109547431A (en) 2018-11-19 2018-11-19 A kind of network security situation evaluating method based on CS and improved BP

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811376507.1A CN109547431A (en) 2018-11-19 2018-11-19 A kind of network security situation evaluating method based on CS and improved BP

Publications (1)

Publication Number Publication Date
CN109547431A true CN109547431A (en) 2019-03-29

Family

ID=65848164

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811376507.1A Pending CN109547431A (en) 2018-11-19 2018-11-19 A kind of network security situation evaluating method based on CS and improved BP

Country Status (1)

Country Link
CN (1) CN109547431A (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110149333A (en) * 2019-05-23 2019-08-20 桂林电子科技大学 A kind of network security situation evaluating method based on SAE+BPNN
CN110363232A (en) * 2019-06-27 2019-10-22 南京理工大学 Millimeter wave detector New Jamming Effects Evaluation Method based on BP neural network
CN110472501A (en) * 2019-07-10 2019-11-19 南京邮电大学 A kind of fingerprint pore coding specification method neural network based
CN110543412A (en) * 2019-05-27 2019-12-06 上海工业控制安全创新科技有限公司 Automobile electronic function safety assessment method based on neural network accessibility
CN111126550A (en) * 2019-12-25 2020-05-08 武汉科技大学 Neural network molten steel temperature forecasting method based on Monte Carlo method
CN111262858A (en) * 2020-01-16 2020-06-09 郑州轻工业大学 Network security situation prediction method based on SA _ SOA _ BP neural network
CN111327494A (en) * 2020-02-14 2020-06-23 山东工商学院 Multi-domain SDN network traffic situation assessment method and system
CN112418340A (en) * 2020-11-27 2021-02-26 北京无线电测量研究所 Composite weighted fusion method and system with oscillation damping
CN112511351A (en) * 2020-12-01 2021-03-16 北京理工大学 Security situation prediction method and system based on MES identification data intercommunication system
CN112529683A (en) * 2020-11-27 2021-03-19 百维金科(上海)信息科技有限公司 Method and system for evaluating credit risk of customer based on CS-PNN
CN112615843A (en) * 2020-12-08 2021-04-06 国网四川省电力公司信息通信公司 Power Internet of things network security situation assessment method based on multi-channel SAE-AdaBoost
CN112700006A (en) * 2020-12-29 2021-04-23 平安科技(深圳)有限公司 Network architecture searching method, device, electronic equipment and medium
CN112713881A (en) * 2020-12-10 2021-04-27 国网四川省电力公司电力科学研究院 Synchronous clock maintaining system and method based on edge calculation
CN112905436A (en) * 2021-04-25 2021-06-04 中航机载系统共性技术有限公司 Quality evaluation prediction method for complex software
CN112926739A (en) * 2021-03-11 2021-06-08 北京计算机技术及应用研究所 Network countermeasure effectiveness evaluation method based on neural network model
CN113254319A (en) * 2020-02-12 2021-08-13 北京沃东天骏信息技术有限公司 Log alarm-based method and device
CN113487010A (en) * 2021-05-21 2021-10-08 国网浙江省电力有限公司杭州供电公司 Power grid network security event analysis method based on machine learning
CN115051864A (en) * 2022-06-21 2022-09-13 郑州轻工业大学 PCA-MF-WNN-based network security situation element extraction method and system
CN115412301A (en) * 2022-08-02 2022-11-29 云南电网有限责任公司信息中心 Network security prediction analysis method and system
CN116074658A (en) * 2023-03-06 2023-05-05 成都大汇物联科技有限公司 Hydropower station dam foundation monitoring method and system based on Internet of things

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102054199A (en) * 2010-12-31 2011-05-11 中国人民解放军63983部队 BP (Back Propagation) neural network algorithm based method for analyzing coating aging
CN106789214A (en) * 2016-12-12 2017-05-31 广东工业大学 It is a kind of based on the just remaining pair network situation awareness method and device of string algorithm
CN107122869A (en) * 2017-05-11 2017-09-01 中国人民解放军装备学院 The analysis method and device of Network Situation
CN107222333A (en) * 2017-05-11 2017-09-29 中国民航大学 A kind of network node safety situation evaluation method based on BP neural network
CN107782857A (en) * 2017-10-09 2018-03-09 江苏大学 Flexible measurement method based on the edible fungus fermented process key parameter for improving CS BPNN
US20180288100A1 (en) * 2016-01-08 2018-10-04 Secureworks Corp. Systems and Methods for Security Configuration

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102054199A (en) * 2010-12-31 2011-05-11 中国人民解放军63983部队 BP (Back Propagation) neural network algorithm based method for analyzing coating aging
US20180288100A1 (en) * 2016-01-08 2018-10-04 Secureworks Corp. Systems and Methods for Security Configuration
CN106789214A (en) * 2016-12-12 2017-05-31 广东工业大学 It is a kind of based on the just remaining pair network situation awareness method and device of string algorithm
CN107122869A (en) * 2017-05-11 2017-09-01 中国人民解放军装备学院 The analysis method and device of Network Situation
CN107222333A (en) * 2017-05-11 2017-09-29 中国民航大学 A kind of network node safety situation evaluation method based on BP neural network
CN107782857A (en) * 2017-10-09 2018-03-09 江苏大学 Flexible measurement method based on the edible fungus fermented process key parameter for improving CS BPNN

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
王志华: "基于CS-BPNN的网络安全态势评估方法研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
谢丽霞: "基于布谷鸟搜索优化BP神经网络的网络安全态势评估方法", 《计算机应用》 *

Cited By (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110149333B (en) * 2019-05-23 2021-06-29 桂林电子科技大学 Network security situation assessment method based on SAE + BPNN
CN110149333A (en) * 2019-05-23 2019-08-20 桂林电子科技大学 A kind of network security situation evaluating method based on SAE+BPNN
CN110543412A (en) * 2019-05-27 2019-12-06 上海工业控制安全创新科技有限公司 Automobile electronic function safety assessment method based on neural network accessibility
CN110363232A (en) * 2019-06-27 2019-10-22 南京理工大学 Millimeter wave detector New Jamming Effects Evaluation Method based on BP neural network
CN110363232B (en) * 2019-06-27 2022-09-27 南京理工大学 BP neural network-based millimeter wave detector interference effect evaluation method
CN110472501B (en) * 2019-07-10 2022-08-30 南京邮电大学 Neural network-based fingerprint sweat pore coding classification method
CN110472501A (en) * 2019-07-10 2019-11-19 南京邮电大学 A kind of fingerprint pore coding specification method neural network based
CN111126550A (en) * 2019-12-25 2020-05-08 武汉科技大学 Neural network molten steel temperature forecasting method based on Monte Carlo method
CN111262858A (en) * 2020-01-16 2020-06-09 郑州轻工业大学 Network security situation prediction method based on SA _ SOA _ BP neural network
CN111262858B (en) * 2020-01-16 2020-12-25 郑州轻工业大学 Network security situation prediction method based on SA _ SOA _ BP neural network
CN113254319A (en) * 2020-02-12 2021-08-13 北京沃东天骏信息技术有限公司 Log alarm-based method and device
CN111327494A (en) * 2020-02-14 2020-06-23 山东工商学院 Multi-domain SDN network traffic situation assessment method and system
CN111327494B (en) * 2020-02-14 2023-05-16 山东工商学院 Multi-domain SDN network flow situation assessment method and system
CN112418340A (en) * 2020-11-27 2021-02-26 北京无线电测量研究所 Composite weighted fusion method and system with oscillation damping
CN112418340B (en) * 2020-11-27 2024-06-04 北京无线电测量研究所 Composite weighted fusion method and system with oscillation damping
CN112529683A (en) * 2020-11-27 2021-03-19 百维金科(上海)信息科技有限公司 Method and system for evaluating credit risk of customer based on CS-PNN
CN112511351A (en) * 2020-12-01 2021-03-16 北京理工大学 Security situation prediction method and system based on MES identification data intercommunication system
CN112615843B (en) * 2020-12-08 2022-07-08 国网四川省电力公司信息通信公司 Power Internet of things network security situation assessment method based on multi-channel SAE-AdaBoost
CN112615843A (en) * 2020-12-08 2021-04-06 国网四川省电力公司信息通信公司 Power Internet of things network security situation assessment method based on multi-channel SAE-AdaBoost
CN112713881A (en) * 2020-12-10 2021-04-27 国网四川省电力公司电力科学研究院 Synchronous clock maintaining system and method based on edge calculation
CN112700006A (en) * 2020-12-29 2021-04-23 平安科技(深圳)有限公司 Network architecture searching method, device, electronic equipment and medium
CN112926739A (en) * 2021-03-11 2021-06-08 北京计算机技术及应用研究所 Network countermeasure effectiveness evaluation method based on neural network model
CN112926739B (en) * 2021-03-11 2024-03-19 北京计算机技术及应用研究所 Network countermeasure effectiveness evaluation method based on neural network model
CN112905436A (en) * 2021-04-25 2021-06-04 中航机载系统共性技术有限公司 Quality evaluation prediction method for complex software
CN112905436B (en) * 2021-04-25 2023-10-27 中航机载系统共性技术有限公司 Quality evaluation prediction method for complex software
CN113487010A (en) * 2021-05-21 2021-10-08 国网浙江省电力有限公司杭州供电公司 Power grid network security event analysis method based on machine learning
CN113487010B (en) * 2021-05-21 2024-01-05 国网浙江省电力有限公司杭州供电公司 Power grid network security event analysis method based on machine learning
CN115051864B (en) * 2022-06-21 2024-02-27 郑州轻工业大学 PCA-MF-WNN-based network security situation element extraction method and system
CN115051864A (en) * 2022-06-21 2022-09-13 郑州轻工业大学 PCA-MF-WNN-based network security situation element extraction method and system
CN115412301A (en) * 2022-08-02 2022-11-29 云南电网有限责任公司信息中心 Network security prediction analysis method and system
CN115412301B (en) * 2022-08-02 2024-03-22 云南电网有限责任公司信息中心 Predictive analysis method and system for network security
CN116074658B (en) * 2023-03-06 2023-08-25 成都大汇物联科技有限公司 Hydropower station dam foundation monitoring method and system based on Internet of things
CN116074658A (en) * 2023-03-06 2023-05-05 成都大汇物联科技有限公司 Hydropower station dam foundation monitoring method and system based on Internet of things

Similar Documents

Publication Publication Date Title
CN109547431A (en) A kind of network security situation evaluating method based on CS and improved BP
CN106453293B (en) A kind of network security situation prediction method based on improved BPNN
CN111262858B (en) Network security situation prediction method based on SA _ SOA _ BP neural network
CN117539726B (en) Energy efficiency optimization method and system for green intelligent computing center
CN105117602B (en) A kind of metering device running status method for early warning
CN112966714B (en) Edge time sequence data anomaly detection and network programmable control method
Rais et al. Dynamic Ant Colony System with Three Level Update Feature Selection for Intrusion Detection.
CN117041019B (en) Log analysis method, device and storage medium of content delivery network CDN
CN111813858B (en) Distributed neural network hybrid synchronous training method based on self-organizing grouping of computing nodes
CN109919356A (en) One kind being based on BP neural network section water demand prediction method
CN115099133A (en) TLMPA-BP-based cluster system reliability evaluation method
CN112766603A (en) Traffic flow prediction method, system, computer device and storage medium
CN118041661A (en) Abnormal network flow monitoring method, device and equipment based on deep learning and readable storage medium
CN104092503A (en) Artificial neural network spectrum sensing method based on wolf pack optimization
CN115687995A (en) Big data environmental pollution monitoring method and system
CN111414927A (en) Method for evaluating seawater quality
US20230126695A1 (en) Ml model drift detection using modified gan
CN113836818B (en) Ocean current motion prediction algorithm based on BP neural network prediction model
CN115659201A (en) Gas concentration detection method and monitoring system for Internet of things
KR20230099132A (en) Concept drift detecting apparatus, adaptive prediction system using the same and adaptive prediction method thereof
Musthafa et al. Evaluation of IDS model by improving accuracy and reducing overfitting using stacking LSTM
CN116366359B (en) Intelligent collaborative self-evolution defense method and system for industrial control network
CN118381683B (en) Distributed monitoring method and device for industrial control network attack event
CN113408709B (en) Condition calculation method based on unit importance
CN117216722B (en) Sensor time sequence data-based multi-source heterogeneous data fusion system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190329

RJ01 Rejection of invention patent application after publication