CN111131149A - Method for acquiring data of mobile terminal in cross-domain mode and analyzing abnormal access - Google Patents
Method for acquiring data of mobile terminal in cross-domain mode and analyzing abnormal access Download PDFInfo
- Publication number
- CN111131149A CN111131149A CN201911105447.4A CN201911105447A CN111131149A CN 111131149 A CN111131149 A CN 111131149A CN 201911105447 A CN201911105447 A CN 201911105447A CN 111131149 A CN111131149 A CN 111131149A
- Authority
- CN
- China
- Prior art keywords
- data
- information
- mobile terminal
- values
- domains
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention relates to a method for acquiring data of a mobile terminal in a cross-domain manner and analyzing abnormal access, which comprises the following steps: step 1: distributing acquisition nodes in multiple network domains; step 2: completing information data butt joint between each acquisition node and a unified terminal platform mdm; and step 3: establishing a data interaction pipeline for the acquisition nodes and the central processing platform in each network domain; and 4, step 4: finishing information collection, and performing preliminary information filtering and warehousing; and 5: carrying out Lagrange interpolation on the missing value in the access information; step 6: reducing partial boundary values in the access information; and 7: performing dimensionality reduction treatment by using a PCA model; and 8: removing abnormal values and unreasonable values in the main characteristic value data by using the box diagram; and step 9: and training by using the classification model to generate a processing strategy model.
Description
Technical Field
The invention relates to a method, in particular to a method for acquiring data of a mobile terminal in a cross-domain mode and analyzing abnormal access, and belongs to the field of analysis of abnormal access of terminals.
Background
The following problems exist in the existing environment: the multi-domain terminal information is inconvenient to collect, collected access information is messy, the real-time performance of the collected information is not enough, each terminal access cannot be efficiently monitored and classified, and illegal terminal access can be distinguished in real time. Therefore, a new solution to solve the above problems is urgently needed.
Disclosure of Invention
The invention provides a method for acquiring mobile terminal data across domains and analyzing abnormal access aiming at the problems in the prior art, and the technical scheme solves the problems that the multi-domain terminal information is inconvenient to collect and the collected access information is messy in the prior environment, and each terminal access cannot be efficiently monitored and classified.
In order to achieve the above object, a technical solution of the present invention is a method for acquiring data of a mobile terminal across domains and analyzing abnormal access, wherein the method comprises the following steps:
step 1: distributing acquisition nodes in multiple network domains;
step 2: completing information data butt joint between each acquisition node and a unified terminal platform mdm;
and step 3: establishing a data interaction pipeline for the acquisition nodes and the central processing platform in each network domain;
and 4, step 4: finishing information collection, and performing preliminary information filtering and warehousing;
and 5: carrying out Lagrange interpolation on the missing value in the access information;
step 6: reducing partial boundary values in the access information;
and 7: performing dimensionality reduction treatment by using a PCA model;
and 8: removing abnormal values and unreasonable values in the main characteristic value data by using the box diagram;
and step 9: and training by using the classification model to generate a processing strategy model.
As an improvement of the present invention, the step 1 specifically includes: and arranging acquisition nodes with acquisition functions in each network domain.
As an improvement of the present invention, the step 2 specifically includes: and the information data is received through the acquisition node and the mdm according to a standard interface with good specification.
As an improvement of the present invention, step 3 is specifically to establish a push and pull task information and an acquisition result of a http protocol-based restful interface conforming to field network isolation for an acquisition node.
As an improvement of the present invention, the step 4 specifically includes: and carrying out preliminary information filtering on the collected information to remove obvious error data so as to ensure the quality of the data.
As an improvement of the present invention, the step 5 specifically includes: and supplementing some values (such as access duration, access time and the like) in the collected access information by means of Lagrange interpolation.
As an improvement of the present invention, the step 6 specifically includes: and performing open transformation on part of boundary values in the collected access information to make the boundary values fall in a normal distribution interval, and directly removing data falling outside the normal distribution interval.
As an improvement of the present invention, the step 7 specifically includes: performing dimensionality reduction on the processed data through a PCA (principal component analysis) model, extracting main characteristic values, and labeling
As an improvement of the present invention, the step 8 specifically includes: and processing the extracted characteristic values by using the box type graph, and directly removing the characteristic values which fall outside the box type graph. To ensure the accuracy of the extracted characteristic values.
As an improvement of the present invention, the step 9 specifically includes: and performing classification model training by taking the extracted characteristic values as input values to generate a processing strategy model.
Compared with the prior art, the invention has the following technical effects: the technical scheme provides anomaly analysis of mobile terminal access based on cross-domain information acquisition and classification model algorithm, so that the problems that data collection is difficult in a multi-network-domain environment in the office process of the mobile terminal, collected data information is messy, the collected information is not enough in real time and various access which is not in line with the specification cannot be found and processed in time are solved, and the problem that the classification process and the processing strategy model can be continuously optimized along with continuous accumulation and perfection of data collection.
Drawings
FIG. 1 is a flow chart of the present invention based on cross-domain information collection;
FIG. 2 is a flow chart of the abnormal access classification model algorithm of the present invention.
The specific implementation mode is as follows:
for the purpose of enhancing an understanding of the present invention, the present embodiment will be described in detail below with reference to the accompanying drawings.
Example 1: referring to fig. 1, a method for collecting mobile terminal data across domains and analyzing abnormal access, the method comprising the steps of:
step 1: distributing acquisition nodes in multiple network domains;
step 2: completing information data butt joint between each acquisition node and a unified terminal platform mdm;
and step 3: establishing a data interaction pipeline for the acquisition nodes and the central processing platform in each network domain;
and 4, step 4: finishing information collection, and performing preliminary information filtering and warehousing;
and 5: carrying out Lagrange interpolation on the missing value in the access information;
step 6: reducing partial boundary values in the access information;
and 7: performing dimensionality reduction treatment by using a PCA model;
and 8: removing abnormal values and unreasonable values in the main characteristic value data by using the box diagram;
and step 9: and training by using the classification model to generate a processing strategy model.
The step 1 specifically comprises the following steps: and arranging acquisition nodes with acquisition functions in each network domain.
The step 2 specifically comprises the following steps: and the information data is received through the acquisition node and the mdm according to a standard interface with good specification.
And step 3 specifically comprises the step of establishing a push and pull task information and an acquisition result of a http protocol-based restful interface which accords with field network isolation for the acquisition node.
The step 4 specifically comprises the following steps: and carrying out preliminary information filtering on the collected information to remove obvious error data so as to ensure the quality of the data.
The step 5 specifically comprises the following steps: and supplementing some values (such as access duration, access time and the like) in the collected access information by means of Lagrange interpolation.
The step 6 specifically comprises the following steps: and performing open transformation on part of boundary values in the collected access information to make the boundary values fall in a normal distribution interval, and directly removing data falling outside the normal distribution interval.
The step 7 specifically comprises the following steps: performing dimensionality reduction on the processed data through a PCA (principal component analysis) model, extracting main characteristic values, and labeling
The step 8 specifically comprises the following steps: and processing the extracted characteristic values by using the box type graph, and directly removing the characteristic values which fall outside the box type graph. To ensure the accuracy of the extracted characteristic values.
The step 9 specifically comprises: and performing classification model training by taking the extracted characteristic values as input values to generate a processing strategy model.
The specific implementation process is as follows:
fig. 1 shows a data acquisition flow chart based on the existing boundary of the present invention, and the main flow of the existing cross-boundary acquisition step shown in fig. 1 includes:
step A, distributing acquisition nodes at one end of a boundary;
b, issuing an acquisition task in a data management and control center, and pulling task information through an acquisition node at the other end of the boundary;
c, data connection between the acquisition node and the mdm terminal control platform is achieved;
step D, pushing the terminal access data to a data management and control center through the acquisition nodes;
the step A specifically comprises the following steps: arranging a collection node with data collection, task information pulling and result data pushing functions at the other end of the boundary of the data control center;
the step B specifically comprises the following steps: issuing task information in a data management and control center, and actively pulling the task information through a collection node (through an http protocol) at the other end of the boundary;
the step C is specifically as follows: the collection node receiving the task information opens a service for data docking of the mdm terminal control platform and starts to receive terminal access information of the mdm terminal control platform;
the step D is specifically as follows: the collection node actively pushes the received information to a data control center through an http protocol, and completes primary filtering of dirty data obviously not conforming to the service and base information storage
Fig. 2 shows a flowchart of deriving a corresponding policy model based on training of a classification model algorithm of the present invention, and the specific implementation steps shown in fig. 2 are mainly divided into the following steps:
step A, completing data collection and preliminary data filtering;
b, the terminal access information obtained in the step B is subjected to missing value supplement processing;
step C, performing boundary value specification on the obtained terminal access information;
step D, carrying out PCA model training on the accessed terminal access primary key;
step E, performing box type graph processing on the characteristic values extracted from the PCA model;
step F, performing classification model training on the characteristic value processed by the box type diagram as an output value, and outputting a response processing strategy model;
the step (A) is specifically as follows: and judging the service level of the terminal access information of the cross-domain mobile phone, and filtering error data obviously not meeting the basic requirements to ensure the quality of the data.
The step (B) body is as follows: the missing values of the access duration, the access time and the like in the terminal access information are supplemented in a Lagrange interpolation mode, so that the data are smoother.
The step (C) is as follows: and C, performing development processing on certain items (such as access duration, access time and the like) in the data processed in the step B, and deleting the data which are displayed outside the normal distribution interval of the whole data so as to ensure the accuracy of the data.
The step (D) is as follows: and C, performing PCA (principal component analysis) model training on the data processed in the step C, extracting a plurality of main characteristic values, and labeling for subsequent processing.
The step (E) is as follows: and D, performing box type graph processing on the characteristic value data processed in the step D, and taking out data which falls out of the box type graph.
The step (F) is as follows: and E, taking the data processed in the step E as an output value, training by a classification model algorithm, finally obtaining a processing strategy model, and ensuring the accuracy of the processing strategy model to be more than 95%.
It should be noted that the above-mentioned embodiments are not intended to limit the scope of the present invention, and all equivalent modifications and substitutions based on the above-mentioned technical solutions are within the scope of the present invention as defined in the claims.
Claims (10)
1. A method for collecting data of a mobile terminal in a cross-domain mode and analyzing abnormal access is characterized by comprising the following steps:
step 1: distributing acquisition nodes in multiple network domains;
step 2: completing information data butt joint between each acquisition node and a unified terminal platform mdm;
and step 3: establishing a data interaction pipeline for the acquisition nodes and the central processing platform in each network domain;
and 4, step 4: finishing information collection, and performing preliminary information filtering and warehousing;
and 5: carrying out Lagrange interpolation on the missing value in the access information;
step 6: reducing partial boundary values in the access information;
and 7: performing dimensionality reduction treatment by using a PCA model;
and 8: removing abnormal values and unreasonable values in the main characteristic value data by using the box diagram;
and step 9: and training by using the classification model to generate a processing strategy model.
2. The method for acquiring data of a mobile terminal across domains and analyzing abnormal access according to claim 1, wherein the step 1 specifically comprises: and arranging acquisition nodes with acquisition functions in each network domain.
3. The method for acquiring data of a mobile terminal across domains and analyzing abnormal access according to claim 1, wherein the step 2 specifically comprises: and the information data is received through the acquisition node and the mdm according to a standard interface with good specification.
4. The method for acquiring data of a mobile terminal in a cross-domain manner and analyzing abnormal access according to claim 1, wherein step 3 specifically comprises the step of establishing push and pull task information and acquisition results of a http protocol-based restful interface which conforms to field network isolation for an acquisition node.
5. The method for acquiring data of a mobile terminal across domains and analyzing abnormal access according to claim 1, wherein the step 4 specifically comprises: and carrying out preliminary information filtering on the collected information to remove obvious error data so as to ensure the quality of the data.
6. The method for acquiring data of a mobile terminal across domains and analyzing abnormal access according to claim 1, wherein the step 5 specifically comprises: and supplementing some values in the collected access information with missing values by means of Lagrange interpolation.
7. The method for acquiring data of a mobile terminal across domains and analyzing abnormal access according to claim 1, wherein the step 6 specifically comprises: and performing open transformation on part of boundary values in the collected access information to make the boundary values fall in a normal distribution interval, and directly removing data falling outside the normal distribution interval.
8. The method for collecting data of a mobile terminal across domains and analyzing abnormal access according to claim 1, wherein the step 7 specifically comprises: and performing dimensionality reduction on the processed data through a PCA (principal component analysis) model, providing main characteristic values and labeling.
9. The method for acquiring data of a mobile terminal across domains and analyzing abnormal access according to claim 1, wherein the step 8 specifically comprises: and processing the extracted characteristic values by using the box type graph, and directly removing the characteristic values which fall outside the box type graph.
10. The method for acquiring data of a mobile terminal across domains and analyzing abnormal access according to claim 1, wherein the step 9 specifically comprises: and performing classification model training by taking the extracted characteristic values as input values to generate a processing strategy model.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911105447.4A CN111131149A (en) | 2019-11-13 | 2019-11-13 | Method for acquiring data of mobile terminal in cross-domain mode and analyzing abnormal access |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911105447.4A CN111131149A (en) | 2019-11-13 | 2019-11-13 | Method for acquiring data of mobile terminal in cross-domain mode and analyzing abnormal access |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111131149A true CN111131149A (en) | 2020-05-08 |
Family
ID=70495545
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911105447.4A Pending CN111131149A (en) | 2019-11-13 | 2019-11-13 | Method for acquiring data of mobile terminal in cross-domain mode and analyzing abnormal access |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111131149A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2515499A1 (en) * | 2011-04-21 | 2012-10-24 | Wibu-Systems AG | Method for generating a cryptographic key for a secure digital data object on the basis of the current components of a computer |
| CN107332848A (en) * | 2017-07-05 | 2017-11-07 | 重庆邮电大学 | A kind of exception of network traffic real-time monitoring system based on big data |
| CN107451666A (en) * | 2017-07-15 | 2017-12-08 | 西安电子科技大学 | Breaker based on big data analysis assembles Tracing back of quality questions system and method |
| CN110113214A (en) * | 2019-05-16 | 2019-08-09 | 青岛博展智能科技有限公司 | A kind of 5G network automatic evaluation system neural network based, method and device |
| CN110213774A (en) * | 2019-05-23 | 2019-09-06 | 超讯通信股份有限公司 | A kind of 5G network automatic evaluation system neural network based, method and device |
| CN110287175A (en) * | 2019-05-19 | 2019-09-27 | 中国地质调查局西安地质调查中心 | A kind of big data intelligence measurement system of resources environment carrying capacity |
-
2019
- 2019-11-13 CN CN201911105447.4A patent/CN111131149A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2515499A1 (en) * | 2011-04-21 | 2012-10-24 | Wibu-Systems AG | Method for generating a cryptographic key for a secure digital data object on the basis of the current components of a computer |
| CN107332848A (en) * | 2017-07-05 | 2017-11-07 | 重庆邮电大学 | A kind of exception of network traffic real-time monitoring system based on big data |
| CN107451666A (en) * | 2017-07-15 | 2017-12-08 | 西安电子科技大学 | Breaker based on big data analysis assembles Tracing back of quality questions system and method |
| CN110113214A (en) * | 2019-05-16 | 2019-08-09 | 青岛博展智能科技有限公司 | A kind of 5G network automatic evaluation system neural network based, method and device |
| CN110287175A (en) * | 2019-05-19 | 2019-09-27 | 中国地质调查局西安地质调查中心 | A kind of big data intelligence measurement system of resources environment carrying capacity |
| CN110213774A (en) * | 2019-05-23 | 2019-09-06 | 超讯通信股份有限公司 | A kind of 5G network automatic evaluation system neural network based, method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109242460B (en) | Payment system based on multiple payment channels and account checking method thereof | |
| CN110781340B (en) | Offline evaluation method, system, device and storage medium for recall strategy of recommendation system | |
| CN110400100A (en) | A kind of customer service Real-time quality monitoring system and method | |
| CN112333751A (en) | Intelligent operation and maintenance data anomaly detection method and device based on 5G core network | |
| CN105550361A (en) | Log processing method and apparatus, and ask-answer information processing method and apparatus | |
| CN112612802B (en) | Real-time data middle station processing method, device and platform | |
| CN111131149A (en) | Method for acquiring data of mobile terminal in cross-domain mode and analyzing abnormal access | |
| CN113205808A (en) | AI (Artificial intelligence) consultation based cloud computing building method and system | |
| CN101594257A (en) | A kind of system and method for collecting user profile | |
| CN111125079A (en) | Remote operation and maintenance data cleaning method for power transmission and transformation equipment | |
| CN111371874B (en) | Industrial data transmission method and device, storage medium and electronic equipment | |
| CN113505326A (en) | Dynamic coding data transmission control method based on http protocol family | |
| CN109189743B (en) | Super node recognition filtering method and system with low resource consumption and oriented to large-flow real-time graph data | |
| CN116628728B (en) | Data storage analysis method and system based on feature perception | |
| KR20070061299A (en) | Apparatus, method and system for providing sla in e-government | |
| CN115879058A (en) | Panoramic display method, device, storage medium and system for multi-source data | |
| CN107306291B (en) | Terminal operation method and device | |
| CN108681812A (en) | Towards differentiation ecological requirements commercial affairs supply chains service system and management method | |
| CN117750408B (en) | Communication fault sniffing method based on Internet of things | |
| CN113538181A (en) | Student sharing and communication system and method | |
| CN109241094A (en) | A kind of data query method and device | |
| CN116303778A (en) | Hydrologic monitoring data processing method, equipment and medium | |
| CN116151801A (en) | Remote electricity inspection system based on electric power marketing information | |
| CN112181963A (en) | Data processing method, device, server and storage medium for digital enterprise | |
| Globa et al. | Big Data in Service Delivery System by Communication Operator |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200508 |