CN109951468A - A kind of network attack detecting method and system based on the optimization of F value - Google Patents
A kind of network attack detecting method and system based on the optimization of F value Download PDFInfo
- Publication number
- CN109951468A CN109951468A CN201910183415.XA CN201910183415A CN109951468A CN 109951468 A CN109951468 A CN 109951468A CN 201910183415 A CN201910183415 A CN 201910183415A CN 109951468 A CN109951468 A CN 109951468A
- Authority
- CN
- China
- Prior art keywords
- network data
- value
- network
- detection
- hypergraph
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
This application discloses a kind of network attack detecting methods and system based on the optimization of F value, wherein, this method comprises: step 1, according to F value computation model, calculate the corresponding mistake point cost value of network data received, and generate cost value matrix, wherein network data includes marked network data and unmarked network data;Step 2, according to network data, the corresponding hypergraph of network data is constructed;Step 3, according to cost value matrix and hypergraph, the corresponding prediction category of network data is calculated;Step 4, according to prediction category, the unmarked network data in network data is detected.By the technical solution in the application, the verification and measurement ratio to unbalanced data is improved, mistake point cost value is optimized using F value evaluation index, improves the accuracy and reliability of Network Abnormal Data Detection.
Description
Technical field
This application involves the technical fields of Network anomaly detection, attack in particular to a kind of network based on the optimization of F value
Hit detection method and a kind of network attack detection system based on the optimization of F value.
Background technique
With the fast development of network technology, assault also occurs again and again, faces increasingly increased data traffic,
How efficiently and accurately detects that abnormal flow wherein included becomes more important, to follow due to the flow in network agreement
Numerous types, and wherein comprising between a large amount of different types of data and data there is serious unbalanced problem,
How balance detection rate and the accuracy rate for unbalanced data, improve detection of the system for heterogeneous networks abnormal data
Rate, efficient, accurate detection abnormal data information seem particularly significant.It is directed generally to mention for the method for abnormality detection at present
The accuracy of high detection, and do not lie in the integrate-cost for reducing detection.
And in the prior art, exception of network traffic detects the significant challenge faced are as follows:
1) there are serious imbalance problems for different types of data in data traffic, it is difficult to while improving the inspection of all types data
Survey rate;
2) it is difficult to construct the high level data association between flow, the complicated association between mining data.
Summary of the invention
The purpose of the application is: being replaced using there is the F value measurement index of preferable detection performance for unbalanced data
Accuracy rate optimizes mistake point cost value, and uses it to the verification and measurement ratio maximumlly improved for unbalanced data, improves
The accuracy and reliability of Network Abnormal Data Detection.
The technical solution of the application first aspect is: a kind of network attack detecting method based on the optimization of F value is provided, it should
Method includes: step 1, according to F value computation model, calculates the corresponding mistake point cost value of the network data received, and generate generation
Cost matrix, wherein network data includes marked network data and unmarked network data, and mistake divides the calculation formula of cost value
Are as follows:
In formula, FβFor the F value calculation formula of two classification, mcFβFor polytypic F value calculation formula, r is distribution parameter, and β is
Adjustment parameter;
Step 2, according to network data, the corresponding hypergraph of network data is constructed;Step 3, according to cost value matrix and hypergraph,
Calculate the corresponding prediction category of network data;Step 4, according to prediction category, the unmarked network data in network data is detected.
In any of the above-described technical solution, further, distribution parameter r be [0.2,0.4,0.6,0.8] in order according to
One Uniform Distribution Families of secondary selection, the value of adjustment parameter β are 1.
It in any of the above-described technical solution, further, in the step 3, specifically includes: step 31, according to hypergraph, carrying out
Laplace regularization transformation, generates type matrix;Step 32, according to type matrix and cost value matrix, cost-sensitive is constructed
Hypergraph learning model;Step 33, according to cost-sensitive hypergraph learning model, prediction category F is calculated.
In any of the above-described technical solution, further, in the step 4, specifically include: step 41, according to network data
In marked network data, detection prediction category, generate detection score;Step 42, the prediction category of detection highest scoring is chosen,
It is denoted as anomaly data detection model;Step 43, according to anomaly data detection model, the unmarked network number in network data is detected
According to.
The technical solution of the application second aspect is: a kind of network attack detection system based on the optimization of F value is provided, it should
System includes: generation unit, construction unit, computing unit and detection unit;Generation unit is used for according to F value computation model,
The corresponding mistake point cost value of network data received is calculated, and generates cost value matrix, wherein network data includes marked
Network data and unmarked network data, mistake divide the calculation formula of cost value are as follows:
In formula, FβFor the F value calculation formula of two classification, mcFβFor polytypic F value calculation formula, r is distribution parameter, and β is
Adjustment parameter;
Construction unit is used to construct the corresponding hypergraph of network data according to network data;Computing unit is used for according to cost
Value matrix and hypergraph calculate the corresponding prediction category of network data;Detection unit is used to detect network data according to prediction category
In unmarked network data.
In any of the above-described technical solution, further, distribution parameter r be [0.2,0.4,0.6,0.8] in order according to
One Uniform Distribution Families of secondary selection, the value of adjustment parameter β are 1.
In any of the above-described technical solution, further, in computing unit, specifically include: generation module, construct module with
And computing module;Generation module is used to carry out Laplace regularization transformation according to hypergraph, generates type matrix;Construct module
For constructing cost-sensitive hypergraph learning model according to type matrix and cost value matrix;Computing module is used for quick according to cost
Feel hypergraph learning model, calculates prediction category F.
In any of the above-described technical solution, further, in detection unit, specifically include: grading module, mark module with
And detection module;Grading module is used for according to network data marked in network data, detection prediction category, and generation detects
Point;Mark module is used to choose the prediction category of detection highest scoring, is denoted as anomaly data detection model;Detection module is used for root
According to anomaly data detection model, the unmarked network data in network data is detected.
The beneficial effect of the application is: by calculating the mistake point cost value of the network data received using F value model,
Mistake point cost value is optimized using F value evaluation index, avoids the unbalanced problem of different type network Data Detection rate,
Optimize the verification and measurement ratio to unbalanced data.The hypergraph of network data received again by building, optimize network data it
Between relevance, improve the accuracy of the prediction category of network data, and then according to prediction category, examine to network data
It surveys, improves the accuracy and reliability of Network Abnormal Data Detection.
Detailed description of the invention
The advantages of above-mentioned and/or additional aspect of the application, will become bright in combining description of the following accompanying drawings to embodiment
It shows and is readily appreciated that, in which:
Fig. 1 is the exemplary flow according to the network attack detecting method based on the optimization of F value of one embodiment of the application
Figure;
Fig. 2 is the schematic block diagram according to the network attack detection system based on the optimization of F value of one embodiment of the application.
Specific embodiment
It is with reference to the accompanying drawing and specific real in order to be more clearly understood that the above objects, features, and advantages of the application
Mode is applied the application is further described in detail.It should be noted that in the absence of conflict, the implementation of the application
Feature in example and embodiment can be combined with each other.
In the following description, many details are elaborated in order to fully understand the application, still, the application may be used also
To be implemented using other than the one described here other modes, therefore, the protection scope of the application is not by described below
Specific embodiment limitation.
Embodiment one:
As shown in Figure 1, this implementation provides a kind of network attack detecting method based on the optimization of F value, comprising:
Step 1, according to F value computation model, the corresponding mistake point cost value of the network data received is calculated, and generates cost
Value matrix, wherein the network data includes marked network data and unmarked network data, and the mistake divides the meter of cost value
Calculate formula are as follows:
Two classification,
More classification,
In formula, FβFor the cost value calculation formula of two classification, mcFβFor polytypic cost value calculation formula, β is to adjust ginseng
Number, r are the distribution parameter successively chosen in order in [0.2,0.4,0.6,0.8].
It is right when the network data received belongs to the first classification (class1) for two classifying type network datas
The calculation formula for the mistake point cost value answered are as follows:
When the network data received belongs to the second classification (class2), corresponding mistake divides the calculation formula of cost value
Are as follows:
For more classifying type network datas, according to type belonging to the network data received, in calculation formulaIt is selected, details are not described herein again.
Preferably, distribution parameter r is that one successively chosen in order in [0.2,0.4,0.6,0.8] is uniformly distributed ginseng
Number, the value of adjustment parameter β are 1.
Specifically, in network data detection process, for any one network data, generic can be two points
Class, or more classification, correspondingly, F value computation model includes that the F value calculation formula of two classification and polytypic F value calculate
Formula.
The marginal probability for the network data of k classification (k classification) is set as Pk, the probability that mistake is divided into k classification is FPk
(h), the wrong probability for being divided into other classifications is FNk(h), therefore, e (h) is set in corresponding wrong distribution to indicate are as follows:
E (h)=(FN1(h),FP1(h),…,FNk(h),FPk(h),…,FNL(h),FPL(h)),
The e of e (h) is set in i.e. wrong distribution2k-1Position is labeled as FNk(h), e2kPosition is labeled as FPk(h), in formula, h is classification
Device.
When network data is two-category data, corresponding F value calculation formula are as follows:
When network data is more classification data, corresponding F value calculation formula are as follows:
According to the difference of the affiliated classification data type of network data, two classification or more classification select corresponding calculating public
Formula can find out the corresponding F value of the network data and mistake point cost value.The value range of F value is set as [0,1], according to F value
Value range defines a series of equally distributed distribution parameter ri, such as [0.2,0.4,0.6,0.8].For each distribution ginseng
Number ri, the calculation formula that can use above-mentioned mistake point cost value calculates corresponding mistake point cost value, generates cost value matrix γ
∈Rn*n, cost value matrix γ is diagonal matrix, and n is the sum of network data.
For belonging to the network data of two classification, according to distribution parameter ri, the cost value matrix γ of generation are as follows:
For belonging to polytypic network data, according to distribution parameter ri, the cost value matrix γ of generation are as follows:
Step 2, according to the network data, the corresponding hypergraph of the network data is constructed;
Specifically, hypergraph is constructed using star-like expanding method, hypergraph structure can be described as G=(V;E;W), wherein will
Point V of the network data received as hypergraph, the corresponding connection relationship of each network data is super side E, the weight on every super side
Value is weight W, and the connection relationship of hypergraph, the calculation formula of H-matrix are described using H-matrix are as follows:
In formula, vcentralFor the central point of hypergraph,The average value of distance between hypergraph midpoint,
d(vi,vcentral) it is super side epUpper viWith central point vcentralThe distance between, a is adjustment parameter, in this implementation
In example, adjustment parameter a=0.05.
Step 3, according to the cost value matrix and the hypergraph, the corresponding prediction category of the network data is calculated;
In the step 3, specifically include:
Step 31, according to the hypergraph, Laplace regularization transformation is carried out, generates type matrix F (vi,m);
Specifically, hypergraph is subjected to Laplace regularization transformation, corresponding calculation formula are as follows:
δ (e)=∑v∈VH (v, e),
D (v)=∑e∈EW (e) h (v, e),
In formula, W (e) is the weight of super side e, F (vi, m) and it is node viType matrix, show node viRepresentative net
Whether network data belong to m-th of classification, F (vi, m) be 1 represent node viBelong to m-th of classification, represents node v for 0iNo
Belong to m-th of classification, δ (e) is the degree of super side e, and the degree of all super side e constitutes diagonal matrix De, d (v) is the degree of node v, institute
There is the degree of node v to constitute focusing matrix Dv, it can set:
Therefore, Laplace regularization converts corresponding calculation formula and can be denoted as:
Ω=F (vi,m)TΔF(vi,m)。
Step 32, according to the type matrix and the cost value matrix, cost-sensitive hypergraph learning model is constructed;
Step 33, according to the cost-sensitive hypergraph learning model, the prediction category F is calculated.
Specifically, the corresponding type matrix F (v of hypergraph can be found out by Laplace regularizationi, m), according to type square
Battle array F (vi, m) and cost value matrix γ, construct cost-sensitive hypergraph learning model, corresponding calculation formula are as follows:
In formula, Y is the known label value matrix of marked network data in network data, the two identical as type matrix F
Dimension be n*m, n is the sum of network data, and m is the number of all categories, corresponding for known label value matrix Y
It is identified as 1 under classification, other m-1 station location marker is 0, and for unmarked network data, all bit identifications are 0,
For the regularization expression formula for optimizing hypergraph structure, γ, μ, λ are adjustment parameter, NeFor data volume.
During the calculation formula optimization of cost-sensitive hypergraph learning model, since the optimization of formula is convex, so
It can use alternative optimization strategy to optimize.
Firstly, fixed W optimizes w, formula be can be written as:
Ask local derviation that can obtain w:
Secondly, fixed w, optimizes W, formula can be written as:
Ask local derviation available W:
In formula,It is unit matrix.
By multiple iteration, target function value is reduced, is optimized, it can corresponding prediction category F:
F=Xw.
Step 4, according to the prediction category, the unmarked network data in the network data is detected.
In the step 4, specifically include:
Step 41, the marked network data according to the network data detects the prediction category, generates detection
Score;
Step 42, the prediction category for choosing the detection highest scoring, is denoted as anomaly data detection model;
Step 43, according to the anomaly data detection model, the unmarked network number in the network data is detected
According to.
Specifically, utilize what is received using obtained multiple cost value matrix γ, available multiple prediction category F
Marked network data in network data, the multiple prediction category F detected, according to prediction category F to marked network
The detection of data is compared with known label value matrix Y, generates corresponding detection score, according still further to the height of detection score
Sequence is ranked up prediction category F, chooses the prediction category of highest scoring, is denoted as anomaly data detection model, utilizes selection
Anomaly data detection model out detects the unmarked network data in the network data received, judges unmarked
Whether network data is network attack data.
Preferably, it in step 4, specifically includes:
Step 401, the marked network data according to the network data detects the prediction category, generates inspection
It measures point;
Step 402, the sequence descending according to the detection score, chooses the prediction class equal with preset quantity
Mark, using blending algorithm, merges multiple prediction categories of selection, fusion results is denoted as anomaly data detection model;
Step 403, according to the anomaly data detection model, the unmarked network number in the network data is detected
According to.
Embodiment two:
As shown in Fig. 2, present embodiments providing a kind of network attack detection system 100 based on the optimization of F value, comprising: raw
At unit 101, construction unit 102, computing unit 103 and detection unit 104;Generation unit 101 is used to calculate mould according to F value
Type calculates the corresponding mistake point cost value of the network data received, and generates cost value matrix, wherein network data includes
Token network data and unmarked network data, mistake divide the calculation formula of cost value are as follows:
In formula, FβFor the F value calculation formula of two classification, mcFβFor polytypic F value calculation formula, r is distribution parameter, and β is
Adjustment parameter;
It is right when the network data received belongs to the first classification (class1) for two classifying type network datas
The calculation formula for the mistake point cost value answered are as follows:
When the network data received belongs to the second classification (class2), corresponding mistake divides the calculation formula of cost value
Are as follows:
For more classifying type network datas, according to type belonging to the network data received, in calculation formulaIt is selected, details are not described herein again.
Preferably, distribution parameter r is that one successively chosen in order in [0.2,0.4,0.6,0.8] is uniformly distributed ginseng
Number, the value of adjustment parameter β are 1.
Specifically, in network data detection process, for any one network data, generic can be two points
Class, or more classification, correspondingly, F value computation model includes that the F value calculation formula of two classification and polytypic F value calculate
Formula.
The marginal probability for the network data of k classification (k classification) is set as Pk, the probability that mistake is divided into k classification is FPk
(h), the wrong probability for being divided into other classifications is FNk(h), therefore, e (h) is set in corresponding wrong distribution to indicate are as follows:
E (h)=(FN1(h),FP1(h),…,FNk(h),FPk(h),…,FNL(h),FPL(h)),
The e of e (h) is set in i.e. wrong distribution2k-1Position is labeled as FNk(h), e2kPosition is labeled as FPk(h), in formula, h is classification
Device.
When network data is two-category data, corresponding F value calculation formula are as follows:
When network data is more classification data, corresponding F value calculation formula are as follows:
According to the difference of the affiliated classification data type of network data, two classification or more classification select corresponding calculating public
Formula can find out the corresponding F value of the network data and mistake point cost value.The value range of F value is set as [0,1], according to F value
Value range defines a series of equally distributed distribution parameter ri, such as [0.2,0.4,0.6,0.8].For each distribution ginseng
Number ri, the calculation formula that can use above-mentioned mistake point cost value calculates corresponding mistake point cost value, generates cost value matrix γ
∈Rn*n, cost value matrix γ is diagonal matrix, and n is the sum of network data.
For belonging to the network data of two classification, according to distribution parameter ri, the cost value matrix γ of generation are as follows:
For belonging to polytypic network data, according to distribution parameter ri, the cost value matrix γ of generation are as follows:
Construction unit 102 is used to construct the corresponding hypergraph of network data according to network data;
Specifically, hypergraph is constructed using star-like expanding method, hypergraph structure can be described as G=(V;E;W), wherein will
Point V of the network data received as hypergraph, the corresponding connection relationship of each network data is super side E, the weight on every super side
Value is weight W, and the connection relationship of hypergraph, the calculation formula of H-matrix are described using H-matrix are as follows:
In formula, vcentralFor the central point of hypergraph,The average value of distance between hypergraph midpoint,
d(vi,vcentral) it is super side epUpper viWith central point vcentralThe distance between, a is adjustment parameter, in this implementation
In example, adjustment parameter a=0.05.
Computing unit 103 is used to calculate the corresponding prediction category of network data according to cost value matrix and hypergraph;
Further, in computing unit 103, specifically include: generation module constructs module and computing module;Generate mould
Block is used to carry out Laplace regularization transformation according to hypergraph, generates type matrix;
Specifically, hypergraph is subjected to Laplace regularization transformation, corresponding calculation formula are as follows:
δ (e)=∑v∈VH (v, e),
D (v)=∑e∈EW (e) h (v, e),
In formula, W (e) is the weight of super side e, F (vi, m) and it is node viType matrix, show node viRepresentative net
Whether network data belong to m-th of classification, F (vi, m) be 1 represent node viBelong to m-th of classification, represents node v for 0iNo
Belong to m-th of classification, δ (e) is the degree of super side e, and the degree of all super side e constitutes diagonal matrix De, d (v) is the degree of node v, institute
There is the degree of node v to constitute focusing matrix Dv, it can set:
Therefore, Laplace regularization converts corresponding calculation formula and can be denoted as:
Ω=F (vi,m)TΔF(vi,m)。
Module is constructed to be used to construct cost-sensitive hypergraph learning model according to type matrix and cost value matrix;Calculate mould
Block is used to calculate prediction category F according to cost-sensitive hypergraph learning model.
Specifically, the corresponding type matrix F (v of hypergraph can be found out by Laplace regularizationi, m), according to type square
Battle array F (vi, m) and cost value matrix γ, construct cost-sensitive hypergraph learning model, corresponding calculation formula are as follows:
In formula, Y is the known label value matrix of marked network data in network data, the two identical as type matrix F
Dimension be n*m, n is the sum of network data, and m is the number of all categories, corresponding for known label value matrix Y
It is identified as 1 under classification, other m-1 station location marker is 0, and for unmarked network data, all bit identifications are 0,
For the regularization expression formula for optimizing hypergraph structure, γ, μ, λ are adjustment parameter, NeFor data volume.
During the calculation formula optimization of cost-sensitive hypergraph learning model, since the optimization of formula is convex, so
It can use alternative optimization strategy to optimize.
Firstly, fixed W optimizes w, formula be can be written as:
Ask local derviation that can obtain w:
Secondly, fixed w, optimizes W, formula can be written as:
Ask local derviation available W:
In formula,It is unit matrix.
By multiple iteration, target function value is reduced, is optimized, it can corresponding prediction category F:
F=Xw.
Detection unit 104 is used to detect the unmarked network data in network data according to prediction category.
Further, it in detection unit 104, specifically includes: grading module, mark module and detection module;Score mould
Block is used for according to network data marked in network data, and detection prediction category generates detection score;Mark module is for choosing
The prediction category for detecting highest scoring, is denoted as anomaly data detection model;Detection module is used for according to anomaly data detection model,
Detect the unmarked network data in network data.
Specifically, utilize what is received using obtained multiple cost value matrix γ, available multiple prediction category F
Marked network data in network data, the multiple prediction category F detected, according to prediction category F to marked network
The detection of data is compared with known label value matrix Y, generates corresponding detection score, according still further to the height of detection score
Sequence is ranked up prediction category F, chooses the prediction category of highest scoring, is denoted as anomaly data detection model, utilizes selection
Anomaly data detection model out detects the unmarked network data in the network data received, judges unmarked
Whether network data is network attack data.
Preferably, it in detection unit 104, specifically includes: score generation module, Fusion Module and abnormality detection module;
Score generation module is used for according to network data marked in network data, and detection prediction category generates detection score;Merge mould
Block is used for the sequence descending according to detection score, chooses the prediction category equal with preset quantity and is melted using blending algorithm
The multiple prediction categories chosen are closed, fusion results are denoted as anomaly data detection model;Abnormality detection module is used for according to exception
Data Detection model detects the unmarked network data in network data.
The technical solution for having been described in detail above with reference to the accompanying drawings the application, present applicant proposes a kind of based on the optimization of F value
Network attack detecting method and system, wherein this method comprises: step 1 calculates the network received according to F value computation model
The corresponding mistake of data divides cost value, and generates cost value matrix, wherein network data includes marked network data and unmarked
Network data;Step 2, according to network data, the corresponding hypergraph of network data is constructed;Step 3, according to cost value matrix and super
Figure calculates the corresponding prediction category of network data;Step 4, according to prediction category, the unmarked network number in network data is detected
According to.By the technical solution in the application, the verification and measurement ratio to unbalanced data is improved, divides generation to mistake using F value evaluation index
Value optimizes, and improves the accuracy and reliability of Network Abnormal Data Detection.
Step in the application can be sequentially adjusted, combined, and deleted according to actual needs.
Unit in the application device can be combined, divided and deleted according to actual needs.
Although disclosing the application in detail with reference to attached drawing, it will be appreciated that, these descriptions are only exemplary, not
For limiting the application of the application.The protection scope of the application may include not departing from this Shen by appended claims
It please be in the case where protection scope and spirit for various modifications, remodeling and equivalent scheme made by inventing.
Claims (8)
1. a kind of network attack detecting method based on the optimization of F value, which is characterized in that this method comprises:
Step 1, according to F value computation model, the corresponding mistake point cost value of the network data received is calculated, and generates cost value square
Battle array, wherein the network data includes marked network data and unmarked network data, and the mistake divides the calculating of cost value public
Formula are as follows:
In formula, FβFor the F value calculation formula of two classification, mcFβFor polytypic F value calculation formula, r is distribution parameter, and β is to adjust
Parameter;
Step 2, according to the network data, the corresponding hypergraph of the network data is constructed;
Step 3, according to the cost value matrix and the hypergraph, the corresponding prediction category of the network data is calculated;
Step 4, according to the prediction category, the unmarked network data in the network data is detected.
2. the network attack detecting method as described in claim 1 based on the optimization of F value, which is characterized in that the distribution parameter r
For the Uniform Distribution Families successively chosen in order in [0.2,0.4,0.6,0.8], the value of adjustment parameter β is 1.
3. the network attack detecting method as described in claim 1 based on the optimization of F value, which is characterized in that in the step 3, tool
Body includes:
Step 31, according to the hypergraph, Laplace regularization transformation is carried out, generates type matrix;
Step 32, according to the type matrix and the cost value matrix, cost-sensitive hypergraph learning model is constructed;
Step 33, according to the cost-sensitive hypergraph learning model, the prediction category F is calculated.
4. the network attack detecting method as described in claim 1 based on the optimization of F value, which is characterized in that in the step 4, tool
Body includes:
Step 41, the marked network data according to the network data, detects the prediction category, and generation detects
Point;
Step 42, the prediction category for choosing the detection highest scoring, is denoted as anomaly data detection model;
Step 43, according to the anomaly data detection model, the unmarked network data in the network data is detected.
5. a kind of network attack detection system based on the optimization of F value, which is characterized in that the system includes: generation unit, and building is single
Member, computing unit and detection unit;
The generation unit is used to calculate the corresponding mistake point cost value of the network data received, and raw according to F value computation model
At cost value matrix, wherein the network data includes marked network data and unmarked network data, and the mistake divides cost
The calculation formula of value are as follows:
In formula, FβFor the F value calculation formula of two classification, mcFβFor polytypic F value calculation formula, r is distribution parameter, and β is to adjust
Parameter;
The construction unit is used to construct the corresponding hypergraph of the network data according to the network data;
The computing unit is used to calculate the corresponding prediction class of the network data according to the cost value matrix and the hypergraph
Mark;
The detection unit is used to detect the unmarked network data in the network data according to the prediction category.
6. the network attack detection system as claimed in claim 5 based on the optimization of F value, which is characterized in that the distribution parameter r
For the Uniform Distribution Families successively chosen in order in [0.2,0.4,0.6,0.8], the value of adjustment parameter β is 1.
7. the network attack detection system as claimed in claim 5 based on the optimization of F value, which is characterized in that the computing unit
In, specifically include: generation module constructs module and computing module;
The generation module is used to carry out Laplace regularization transformation according to the hypergraph, generates type matrix;
The building module is used to construct cost-sensitive hypergraph according to the type matrix and the cost value matrix and learn mould
Type;
The computing module is used to calculate the prediction category F according to the cost-sensitive hypergraph learning model.
8. the network attack detection system as claimed in claim 5 based on the optimization of F value, which is characterized in that the detection unit
In, it specifically includes: grading module, mark module and detection module;
Institute's scoring module is used for the marked network data according to the network data, detects the prediction category, raw
At detection score;
The mark module is used to choose the prediction category of the detection highest scoring, is denoted as anomaly data detection model;
The detection module is used to detect the unmarked net in the network data according to the anomaly data detection model
Network data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910183415.XA CN109951468B (en) | 2019-03-12 | 2019-03-12 | Network attack detection method and system based on F value optimization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910183415.XA CN109951468B (en) | 2019-03-12 | 2019-03-12 | Network attack detection method and system based on F value optimization |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109951468A true CN109951468A (en) | 2019-06-28 |
| CN109951468B CN109951468B (en) | 2020-08-28 |
Family
ID=67009501
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910183415.XA Active CN109951468B (en) | 2019-03-12 | 2019-03-12 | Network attack detection method and system based on F value optimization |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109951468B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111181939A (en) * | 2019-12-20 | 2020-05-19 | 广东工业大学 | Network intrusion detection method and device based on ensemble learning |
| CN111586051A (en) * | 2020-05-08 | 2020-08-25 | 清华大学 | Network anomaly detection method based on hypergraph structure quality optimization |
| CN113723550A (en) * | 2021-09-06 | 2021-11-30 | 珠海横琴跨境说网络科技有限公司 | Hypergraph-based anomaly detection method and system capable of simultaneously optimizing cost and false detection rate |
| CN114969351A (en) * | 2022-08-01 | 2022-08-30 | 长沙市智为信息技术有限公司 | Web attack detection method and device based on hypergraph aggregation network |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101986299A (en) * | 2010-10-28 | 2011-03-16 | 浙江大学 | Multi-task personalized web service method based on hypergraph |
| US20120130988A1 (en) * | 2010-11-22 | 2012-05-24 | Ianywhere Solutions, Inc. | Highly Adaptable Query Optimizer Search Space Generation Process |
| CN103345645A (en) * | 2013-06-27 | 2013-10-09 | 复旦大学 | Commodity image category forecasting method based on online shopping platform |
| US20140072117A1 (en) * | 2012-09-07 | 2014-03-13 | Vitaly Y. Barinov | Method of Distributed Aggregation in a Call Center |
| CN103793467A (en) * | 2013-09-10 | 2014-05-14 | 浙江鸿程计算机系统有限公司 | Method for optimizing real-time query on big data on basis of hyper-graphs and dynamic programming |
| CN104090936A (en) * | 2014-06-27 | 2014-10-08 | 华南理工大学 | News recommendation method based on hypergraph sequencing |
-
2019
- 2019-03-12 CN CN201910183415.XA patent/CN109951468B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101986299A (en) * | 2010-10-28 | 2011-03-16 | 浙江大学 | Multi-task personalized web service method based on hypergraph |
| US20120130988A1 (en) * | 2010-11-22 | 2012-05-24 | Ianywhere Solutions, Inc. | Highly Adaptable Query Optimizer Search Space Generation Process |
| US20140072117A1 (en) * | 2012-09-07 | 2014-03-13 | Vitaly Y. Barinov | Method of Distributed Aggregation in a Call Center |
| CN103345645A (en) * | 2013-06-27 | 2013-10-09 | 复旦大学 | Commodity image category forecasting method based on online shopping platform |
| CN103793467A (en) * | 2013-09-10 | 2014-05-14 | 浙江鸿程计算机系统有限公司 | Method for optimizing real-time query on big data on basis of hyper-graphs and dynamic programming |
| CN104090936A (en) * | 2014-06-27 | 2014-10-08 | 华南理工大学 | News recommendation method based on hypergraph sequencing |
Non-Patent Citations (2)
| Title |
|---|
| ISAAC AKOGWU 等: "《Factorial analysis of error correction performance using simulated next-generation sequencing data》", 《2016 IEEE INTERNATIONAL CONFERENCE ON BIOINFORMATICS AND BIOMEDICINE (BIBM)》 * |
| 陈远 等: "《基于主成分分析和随机森林的恶意网站评估与识别》", 《数据分析与知识发现》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111181939A (en) * | 2019-12-20 | 2020-05-19 | 广东工业大学 | Network intrusion detection method and device based on ensemble learning |
| CN111181939B (en) * | 2019-12-20 | 2022-02-25 | 广东工业大学 | Network intrusion detection method and device based on ensemble learning |
| CN111586051A (en) * | 2020-05-08 | 2020-08-25 | 清华大学 | Network anomaly detection method based on hypergraph structure quality optimization |
| CN111586051B (en) * | 2020-05-08 | 2021-06-01 | 清华大学 | Network anomaly detection method based on hypergraph structure quality optimization |
| CN113723550A (en) * | 2021-09-06 | 2021-11-30 | 珠海横琴跨境说网络科技有限公司 | Hypergraph-based anomaly detection method and system capable of simultaneously optimizing cost and false detection rate |
| CN113723550B (en) * | 2021-09-06 | 2023-12-05 | 珠海横琴跨境说网络科技有限公司 | Abnormality detection method and system for optimizing cost and false detection rate based on hypergraph |
| CN114969351A (en) * | 2022-08-01 | 2022-08-30 | 长沙市智为信息技术有限公司 | Web attack detection method and device based on hypergraph aggregation network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109951468B (en) | 2020-08-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109951468A (en) | A kind of network attack detecting method and system based on the optimization of F value | |
| CN106572493B (en) | Rejecting outliers method and system in LTE network | |
| CN110135079A (en) | A kind of macroscopical photoelastic evaluation method and system of offshore oil well control equipment | |
| CN109523086A (en) | The qualitative forecasting method and system of chemical products based on random forest | |
| CN105404947A (en) | User quality detection method and device | |
| CN108563875A (en) | Analog circuit measuring point and frequency based on multiple-objection optimization combine preferred method | |
| Ueno et al. | Computerized adaptive testing based on decision tree | |
| CN103577876A (en) | Credible and incredible user recognizing method based on feedforward neural network | |
| CN105335379B (en) | The method and apparatus to sort to the combination of mutation, test case, random seed in mutation test | |
| CN109121083B (en) | Indoor positioning method based on fingerprint similarity of AP (Access Point) sequence | |
| CN110502277A (en) | A kind of bad taste detection method of code based on BP neural network | |
| CN110705045A (en) | Link prediction method for constructing weighting network by using network topological characteristics | |
| CN109034232B (en) | Automatic output system and control method for urban planning condition verification result report | |
| CN114266289A (en) | Complex equipment health state assessment method | |
| CN108052718A (en) | The module instance collocation method and device of track traffic product | |
| CN109150845A (en) | Monitor the method and system of terminal flow | |
| CN106886467B (en) | Preferred method is tested based on the multitask of grouping-synthesis multi-target evolution | |
| CN106156857A (en) | The method and apparatus selected for mixed model | |
| CN103294828B (en) | The verification method of data mining model dimension and demo plant | |
| CN103279549B (en) | A kind of acquisition methods of target data of destination object and device | |
| CN110399286A (en) | A kind of automatic generation of test data based on independent pathway | |
| JP7212292B2 (en) | LEARNING DEVICE, LEARNING METHOD AND LEARNING PROGRAM | |
| CN115408949B (en) | Load model parameter identification method System, apparatus and medium | |
| CN101894216B (en) | Method of discovering SNP group related to complex disease from SNP information | |
| KR101090892B1 (en) | Method of providing information for predicting enzyme selectivity of metabolism phase ii reactions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |