CN111291860A - Anomaly detection method based on convolutional neural network feature compression - Google Patents
Anomaly detection method based on convolutional neural network feature compression Download PDFInfo
- Publication number
- CN111291860A CN111291860A CN202010031422.0A CN202010031422A CN111291860A CN 111291860 A CN111291860 A CN 111291860A CN 202010031422 A CN202010031422 A CN 202010031422A CN 111291860 A CN111291860 A CN 111291860A
- Authority
- CN
- China
- Prior art keywords
- data
- neural network
- convolutional neural
- model
- vector
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Molecular Biology (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Evolutionary Computation (AREA)
- Biophysics (AREA)
- Biomedical Technology (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Health & Medical Sciences (AREA)
- Burglar Alarm Systems (AREA)
Abstract
The invention belongs to the technical field of deep learning intrusion detection, and particularly relates to an anomaly detection method based on convolutional neural network feature compression. According to the method, the data characteristics are preprocessed by adopting the technology of single-hot coding and dispersion standardization, so that the deep learning model can more effectively identify the characteristics of a data set, and the distortion rate of the data is reduced; compressing the one-hot coded sparse vector into a dense vector through an embedding layer, and reducing the training time of each model; the original data is subjected to linear transformation through dispersion standardization, so that the original linear relation of the data is still kept after the data are changed, and the accuracy of the model in intrusion detection can be improved. The invention has the advantages of high intrusion detection accuracy, short training time and high prediction precision, and can be widely applied to the aspects of network intrusion detection and the like.
Description
Technical Field
The invention belongs to the technical field of deep learning intrusion detection, and particularly relates to an anomaly detection method based on convolutional neural network feature compression.
Background
In recent years, while network technologies have been rapidly developed, intrusion behaviors into network communication systems have become more and more common in the fields of industry, education, medical care, and the like. With this trend, many scholars have made a lot of effort in anomaly detection, and these efforts can be mainly summarized into two categories: and carrying out intrusion detection by utilizing a traditional mathematical model and carrying out intrusion detection by utilizing a deep learning model. The traditional intrusion detection method by using a mathematical model mainly comprises the steps of constructing a network association diagram by using a probability model, and carrying out probability inference and intrusion judgment through the diagram. Foreign scholars have used a Bayesian model to construct a threat attack graph, and finally, attack chains are detected through the graph. Other scholars further establish a service dependency graph, solve local threats through dynamic iteration and then speculate a global threat chain. Domestic scholars have also made this effort by creating a time-dependent network by collecting information flow between memories, threads, files, and then speculating intrusion paths through a bayesian network.
The means for detecting abnormal intrusion by using the deep learning model is mainly to characterize the characteristics of network abnormal behaviors through a heuristic algorithm and then try to approximate a global optimal solution by fitting data to a high-dimensional plane through multiple iterative training by using the deep learning model. Finally, by training this network, the model can identify abnormal behaviors or features. The result of using the generation countermeasure network to detect intrusion is significantly better than the conventional machine learning model in the case of a small amount of data. In addition, there are also learners who use a bidirectional long and short memory network and a recurrent neural network to detect intrusion, however, these methods are not so effective in cases involving large-scale network environment anomaly detection, because the existing models are difficult to converge quickly in a short time as the network size and data increase. Therefore, aiming at the problem, the embedded model can be used for compressing the sparse features, so that the accuracy of intrusion detection can be ensured while the model training time is reduced.
Disclosure of Invention
The invention aims to provide an anomaly detection method based on convolutional neural network feature compression, which solves the problems that in the existing system, the deep learning model is too long in training time, cannot effectively perform anomaly detection on large-scale data quantity, and is high in data distortion rate.
The purpose of the invention is realized by the following technical scheme: the method comprises the following steps:
step 1: inputting a data set to be detected, and dividing a training set into a test set and a training set;
step 2: digitizing the characteristics of the data in the data set to be detected by using the one-hot code;
and step 3: standardizing data in a data set to be detected;
because the difference between the characteristic values in the data set is larger, the convolution neural network model pays more attention to the higher digital index and ignores the lower digital index, at the moment, the original data is subjected to linear transformation through dispersion standardization, so that the transformation result falls between intervals of [0,1], and the linear relation in the original data is not changed, and the formula is as follows:
wherein the content of the first and second substances,is the vector before transformation;is the transformed vector;
and 4, step 4: establishing a convolutional neural network model;
the convolutional neural network model comprises 1 embedded layer, 4 1-dimensional convolutional layers and 4 full-connection layers, wherein the embedded layer is a feedforward type neural network, and for each neural unit of the embedded layer, the expression is as follows: assuming a set S of signal vectors, the weight and offset of the node j in the embedding layer is thetajAnd bjThe formula is as follows:
wherein act represents an activation function, OjAn output representing a jth neuron; based on the above expression, the definition of an embedding layer is: suppose thatIs thatWhen the number of input and output nodes of the vector after conversion is m and n, respectively, there is a matrix Θ of dimension n × m [ θ ═ mT]And an n-dimensional vectorThe following formula is satisfied:
and 5: compressing the one-hot coded sparse vector into a dense vector through an embedding layer; after compression, the convolution process for the model is formulated as follows:
wherein the content of the first and second substances,inputting a vector for the ith layer of the convolutional neural network;represents the ith layer of convolution kernel; symbolRepresenting a convolution operation;is the disparity vector for the ith layer; act is an activation function;
step 6: inputting the training set into a convolutional neural network model for training;
evaluating the performance of the convolutional neural network model in intrusion detection by using a confusion matrix; all data in the dataset fall into the following four categories: TP, TN, FP and FN, where T (and F represent correct or incorrect classification results, respectively, P and N (represent positive and negative examples in model prediction results, respectively;
evaluating the function of the convolutional neural network model by adopting the accuracy AC, the detection rate DR and the error alarm rate FAR;
AC represents the proportion of the correct classification number in the classification result in the total samples;
DR represents the probability of correct detection of the model when intrusion occurs;
the FAR represents the probability that a certain normal behavior is judged as intrusion by a model;
when AC is more than or equal to 98%, DR is more than or equal to 98% and FAR is less than 0.6%, judging that the convolutional neural network model meets the requirements, and stopping training;
and 7: inputting the test set into a trained convolutional neural network model to obtain a detection result; after each item of data in the test set is calculated through a convolutional neural network model, a vector with the length of 5 is obtained, and the bits from 1 to 5 are respectively the possibility of normal recording, the possibility of denial of service attack, the possibility of monitoring and other detection activities, the possibility of illegal access from a remote machine and the possibility of illegal access of an ordinary user to the privilege of a local super user.
The invention has the beneficial effects that:
the invention designs an anomaly detection method based on convolutional neural network feature compression, which adopts the technology of single-hot coding and dispersion standardization to preprocess data features, so that a deep learning model can more effectively identify the features of a data set, thereby reducing the distortion rate of data; compressing the one-hot coded sparse vector into a dense vector through an embedding layer, and reducing the training time of each model; the original data is subjected to linear transformation through dispersion standardization, so that the original linear relation of the data is still kept after the data are changed, and the accuracy of the model in intrusion detection can be improved. The invention has the advantages of high intrusion detection accuracy, short training time and high prediction precision, and can be widely applied to the aspects of network intrusion detection and the like.
Drawings
FIG. 1 is a flow chart of an anomaly detection method based on convolutional neural network feature compression.
Fig. 2 is a diagram of an embedded convolutional neural network structure.
Fig. 3 is a comparison graph of different learning rates.
Fig. 4 is a comparison of different systems.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
The invention designs an anomaly detection method based on convolutional neural network feature compression, which mainly adopts the principle that an embedded model is used for compressing sparse features, and finally data are fitted through a convolutional neural network. The method is mainly used for improving the success rate of intrusion detection by utilizing a system embedded with a deep learning model under the condition of large-scale data, reducing the training time of the deep learning model and finally obtaining a vector with the length of 5, so that whether the data is abnormal or not is judged, the main structure of the method is provided with an embedded layer for compressing sparse features, four one-dimensional convolution layers are used for carrying out convolution operation, 4 full-connection layers are used for integrating the purified features, and the high-level meaning of the data features is obtained and finally used for data classification. The invention has the advantages of high intrusion detection accuracy, short training time and high prediction precision, and can be widely applied to the aspects of network intrusion detection and the like.
The invention relates to the field of deep learning intrusion detection, wherein an intrusion is detected by using a convolutional neural network model in deep learning, and an embedded model is used for compressing sparse features to improve the detection precision. The invention describes an anomaly detection method based on convolutional neural network feature compression.
The invention relates to an anomaly detection method based on convolutional neural network feature compression, which compresses sparse matrix features through an embedded model and identifies and detects intrusion according to the compressed features, thereby improving the accuracy of intrusion detection, reducing the training time of a deep learning model and having certain research and practical values. The invention mainly comprises the following steps:
step 1: inputting a data set to be detected, and dividing a training set into a test set and a training set;
step 2: digitizing the characteristics of the data in the data set to be detected by using the one-hot code;
and step 3: standardizing data in a data set to be detected;
because the difference between the characteristic values in the data set is larger, the convolution neural network model pays more attention to the higher digital index and ignores the lower digital index, at the moment, the original data is subjected to linear transformation through dispersion standardization, so that the transformation result falls between intervals of [0,1], and the linear relation in the original data is not changed, and the formula is as follows:
wherein the content of the first and second substances,is the vector before transformation;is the transformed vector;
and 4, step 4: establishing a convolutional neural network model;
the convolutional neural network model comprises 1 embedded layer, 4 1-dimensional convolutional layers and 4 full-connection layers, wherein the embedded layer is a feedforward type neural network, and for each neural unit of the embedded layer, the expression is as follows: assuming a set S of signal vectors, the weight and offset of the node j in the embedding layer is thetajAnd bjThe formula is as follows:
wherein act represents an activation function, OjAn output representing a jth neuron; based on the above expression, the definition of an embedding layer is: suppose thatIs thatWhen the number of input and output nodes of the vector after conversion is m and n, respectively, there is a matrix Θ of dimension n × m [ θ ═ mT]And an n-dimensional vectorThe following formula is satisfied:
and 5: compressing the one-hot coded sparse vector into a dense vector through an embedding layer; after compression, the convolution process for the model is formulated as follows:
wherein the content of the first and second substances,inputting a vector for the ith layer of the convolutional neural network;represents the ith layer of convolution kernel; symbolRepresenting a convolution operation;is the disparity vector for the ith layer; act is an activation function;
step 6: inputting the training set into a convolutional neural network model for training;
evaluating the performance of the convolutional neural network model in intrusion detection by using a confusion matrix; all data in the dataset fall into the following four categories: TP, TN, FP and FN, where T (and F represent correct or incorrect classification results, respectively, P and N (represent positive and negative examples in model prediction results, respectively;
evaluating the function of the convolutional neural network model by adopting the accuracy AC, the detection rate DR and the error alarm rate FAR;
AC represents the proportion of the correct classification number in the classification result in the total samples;
DR represents the probability of correct detection of the model when intrusion occurs;
the FAR represents the probability that a certain normal behavior is judged as intrusion by a model;
when AC is more than or equal to 98%, DR is more than or equal to 98% and FAR is less than 0.6%, judging that the convolutional neural network model meets the requirements, and stopping training;
and 7: inputting the test set into a trained convolutional neural network model to obtain a detection result; after each item of data in the test set is calculated through a convolutional neural network model, a vector with the length of 5 is obtained, and the bits from 1 to 5 are respectively the possibility of normal recording, the possibility of denial of service attack, the possibility of monitoring and other detection activities, the possibility of illegal access from a remote machine and the possibility of illegal access of an ordinary user to the privilege of a local super user.
The embedded model is used for compressing sparse features, the purposes of improving prediction precision and reducing training time are finally achieved, and each neural unit of an embedded layer is described as follows: assuming a set S of signal vectors, the weight and offset of the node j in the embedding layer is thetajAnd bjThe formula is as follows:
in the formula, act represents the activation function, OjRepresenting the output of the jth neuron, the embedding layer can be defined, based on the above expression, as follows: suppose thatIs thatAfter the vector is converted, the number of input and output nodes is m and n, respectively, and there is a matrix theta of dimension n x m [ theta ]T]And an n-dimensional vectorThe following formula is satisfied:
with these formulas, we can compress the one-hot coded sparse vector into a dense vector through the embedding layer.
The symbolic features in the data features are converted into numerical data through the one-hot coding, so that the model identification and intrusion detection in the system are more convenient.
Data normalization, which applies a dispersion normalization method to convert the original data so that the result falls between [0,1] and the linear relationship of the original data is not changed, because the difference of the eigenvalues in the data set is large, the large eigenvalue is emphasized more in the system processing, and the small eigenvalue is easy to ignore, and the formula is as follows
The method aims to solve the problems that in the existing system, the deep learning model is too long in training time, abnormal detection cannot be effectively carried out on large-scale data quantity, the deep learning model is high in data distortion rate and the like. The invention provides an anomaly detection method based on convolutional neural network feature compression, which utilizes an embedded model to compress sparse features, finally fits data through a convolutional neural network, then improves the learning rate of the model when training the model so as to achieve the aim of rapid convergence, and when the training termination condition is reached, evaluates the performance of the system through a test data set, and finally obtains a vector with the length of 5 as a criterion, thereby verifying whether the abnormal behavior is detected, and mainly comprises the following steps:
(1) data preprocessing: feature digitization and data normalization
(2) Establishing a model: the model mainly comprises an embedded layer, 4 1-dimensional convolutional layers and 4 full-connection layers.
(3) The models were trained by setting the learning rates to 0.01, 0.001, and 0.0001 and performing convolution operations on the models.
(4) The model training results are compared with the remaining comparative model results.
(5) The system is applied to the NSL-KDD data set to obtain the result of abnormal data in the NSL-KDD data set.
Compared with the prior system, the invention has the advantages that:
1. and (3) reducing the data distortion rate: the data features are preprocessed by adopting the technology of single-hot coding and dispersion standardization, so that the deep learning model can more effectively identify the features of the data set, and the distortion rate of the data is reduced.
2. Reducing the training time of the model: the invention compresses the sparse vector of the one-hot coding into the dense vector through the embedded layer, thereby reducing the training time of each model.
3. And the intrusion detection precision is improved under the condition of large data size: the original data is subjected to linear transformation through dispersion standardization, so that the original linear relation of the data is still kept after the data are changed, and the accuracy of the model in intrusion detection can be improved.
Example 1:
firstly, preprocessing a data set, firstly, digitizing the characteristics of the data by using one-hot coding, secondly, standardizing the data, wherein the difference between characteristic values in the data set is larger, so that a convolutional neural network model pays more attention to higher digital indexes and neglects lower digital indexes, and at the moment, the original data is linearly transformed through dispersion standardization, so that the transformation result falls between intervals of [0,1], and the linear relation in the original data is not changed. The formula is as follows:
After preprocessing the data, the invention establishes a convolutional neural network-based model, which comprises an embedded layer, 4 1-dimensional convolutional layers and 4 fully-connected layers, wherein the embedded layer is a feedforward type neural network, and for each neural unit of the embedded layer, the model can be expressed as: assuming a set S of signal vectors, the weight and offset of the node j in the embedding layer is thetajAnd bjThe formula is as follows:
in the formula, act represents the activation function, OjRepresenting the output of the jth neuron, the embedding layer can be defined, based on the above expression, as follows: suppose thatIs thatAfter the vector is converted, the number of input and output nodes is m and n, respectively, and there is a matrix theta of dimension n x m [ theta ]T]And an n-dimensional vectorThe following formula is satisfied:
with these formulas, we can compress the one-hot coded sparse vector into a dense vector through the embedding layer. After compression, the convolution process for the model is formulated as follows:
wherein, let us assume the i-th layer input vector of the convolutional neural network as Ti,Representing the i-th layer of convolution kernel, symbolWhich represents a convolution operation, is a function of,is the firstThe offset vector for i layers, act is the activation function. Through the training step of the convolution operation,
finally, a vector with the length of 5 is obtained, and the bits from 1 to 5 are respectively the possibility of normal recording, the possibility of denial of service attack, the possibility of monitoring and other detection activities, the possibility of illegal access from a remote machine and the possibility of illegal access of an ordinary user to the privilege of a local super user. For example, the end result is (0.7, 0.05, 0.05, 0.1, 0.1), from which we can determine that this piece of data is 70% likely to be normal behavior data, 5% likely to be a denial of service attack, and 5% likely to be the possibility of monitoring and other probing activities. 10% may be illegal access from a remote machine and 10% may be illegal access to the local supervisor privileges of the average user. Therefore, the data can be judged to be normal behavior data.
Finally, the model parameters are continuously adjusted in the training process, so that the system performance is better. In the experimental process, we use the confusion matrix to evaluate the performance of the system in intrusion detection, and all data in the data set must be classified into the following four types: TP, TN, FP and FN, where t (true) and f (false) represent correct or incorrect classification results, respectively, and P (positive) and N (negative) represent positive and negative examples in model prediction results, respectively, e.g., TP indicates that intrusion behavior occurs under actual conditions and is detected by the model, and in addition, the following three indicators are used to evaluate the function of the model in our system: accuracy (AC), Detection Rate (DR) and False Alarm Rate (FAR). The calculation formula is as follows:
(1) AC represents the proportion of the correct class number in the classification result to the total sample.
(2) DR represents the probability of the model detecting correctly when an intrusion occurs
(3) Probability of false positive of some normal behavior as intrusion by FAR representative model
Our experimental environment is as follows:
Intel(R)Core(TM)i7-7700HQ 2.80GHz
GPU:NVIDIA GeForce GTX1060
RAM:16GB
to evaluate our system's ability to recognize intrusions, we chose the NSL-KDD dataset to train and test our system, which contains 125973 records, with 41 features and 1 label for each record: of which 7 are symbolic features and 34 are continuous features. As shown in fig. 3, fig. 3 is a comparison graph of different learning rates, LR is the learning rate, Accuracy is the Accuracy, and Epoch is the training period. We have conducted three experiments and we can see that the system fluctuates more in accuracy during training when the learning rate is 0.0001, appears to be more stable when the learning rate is 0.001, and performs best when we set the learning rate to 0.01, since we consider the optimal value of the learning rate to be 0.01.
We have also compared some other systems, as shown in fig. 4, fig. 4 is a comparison graph of different systems, AC is the accuracy, DR is the probability of correct detection of the model when an intrusion occurs, and FAR is the probability of the model misjudging some normal behavior as an intrusion. Bayesian is a Bayesian model, SVM is a support vector machine, CNN-IDS is a traditional convolutional neural network, LSTM-RNN is a long-short term memory network and a cyclic neural network, and GAN is a pairwise anti-network. The system is better than the traditional system based on machine learning in the aspects of accurate determination and false alarm rate, and results show that the traditional system based on machine learning is difficult to ensure the identification accuracy when the data volume is large, but the system based on deep learning has good performance, the system based on CNN-IDS uses data dimension reduction to remarkably reduce the false alarm rate in data preprocessing, but the detection rate is slightly inferior to that of the method, and in addition, the system based on GAN and CNN-IDS can cause data distortion to a certain degree, so the accurate determination and detection rate is slightly inferior to that of the system. The LSTM-RNN based approach has a higher detection rate than our system, but our approach performs better than the above system in terms of false alarm rate. In summary, the accuracy rate (AC) of the data intrusion detection of our system is superior to that of other detection systems, and can reach 98.03%, and the false alarm rate of our detection system is lower than that of other systems, and is only 0.54%. Therefore, our system is superior to other systems in intrusion detection.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (1)
1. An anomaly detection method based on convolutional neural network feature compression is characterized by comprising the following steps:
step 1: inputting a data set to be detected, and dividing a training set into a test set and a training set;
step 2: digitizing the characteristics of the data in the data set to be detected by using the one-hot code;
and step 3: standardizing data in a data set to be detected;
because the difference between the characteristic values in the data set is larger, the convolution neural network model pays more attention to the higher digital index and ignores the lower digital index, at the moment, the original data is subjected to linear transformation through dispersion standardization, so that the transformation result falls between intervals of [0,1], and the linear relation in the original data is not changed, and the formula is as follows:
wherein the content of the first and second substances,is the vector before transformation;is the transformed vector;
and 4, step 4: establishing a convolutional neural network model;
the convolutional neural network model comprises 1 embedded layer, 4 1-dimensional convolutional layers and 4 full-connection layers, wherein the embedded layer is a feedforward type neural network, and for each neural unit of the embedded layer, the expression is as follows: assuming a set S of signal vectors, the weight and offset of the node j in the embedding layer is thetajAnd bjThe formula is as follows:
wherein act represents an activation function, OjAn output representing a jth neuron; based on the above expression, the definition of an embedding layer is: suppose thatIs thatWhen the number of input and output nodes of the vector after conversion is m and n, respectively, there is a matrix Θ of dimension n × m [ θ ═ mT]And an n-dimensional vectorThe following formula is satisfied:
and 5: compressing the one-hot coded sparse vector into a dense vector through an embedding layer; after compression, the convolution process for the model is formulated as follows:
wherein the content of the first and second substances,inputting a vector for the ith layer of the convolutional neural network;represents the ith layer of convolution kernel; symbolRepresenting a convolution operation;is the disparity vector for the ith layer; act is an activation function;
step 6: inputting the training set into a convolutional neural network model for training;
evaluating the performance of the convolutional neural network model in intrusion detection by using a confusion matrix; all data in the dataset fall into the following four categories: TP, TN, FP and FN, where T (and F represent correct or incorrect classification results, respectively, P and N (represent positive and negative examples in model prediction results, respectively;
evaluating the function of the convolutional neural network model by adopting the accuracy AC, the detection rate DR and the error alarm rate FAR;
AC represents the proportion of the correct classification number in the classification result in the total samples;
DR represents the probability of correct detection of the model when intrusion occurs;
the FAR represents the probability that a certain normal behavior is judged as intrusion by a model;
when AC is more than or equal to 98%, DR is more than or equal to 98% and FAR is less than 0.6%, judging that the convolutional neural network model meets the requirements, and stopping training;
and 7: inputting the test set into a trained convolutional neural network model to obtain a detection result; after each item of data in the test set is calculated through a convolutional neural network model, a vector with the length of 5 is obtained, and the bits from 1 to 5 are respectively the possibility of normal recording, the possibility of denial of service attack, the possibility of monitoring and other detection activities, the possibility of illegal access from a remote machine and the possibility of illegal access of an ordinary user to the privilege of a local super user.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010031422.0A CN111291860A (en) | 2020-01-13 | 2020-01-13 | Anomaly detection method based on convolutional neural network feature compression |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010031422.0A CN111291860A (en) | 2020-01-13 | 2020-01-13 | Anomaly detection method based on convolutional neural network feature compression |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111291860A true CN111291860A (en) | 2020-06-16 |
Family
ID=71028397
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010031422.0A Pending CN111291860A (en) | 2020-01-13 | 2020-01-13 | Anomaly detection method based on convolutional neural network feature compression |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111291860A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112287338A (en) * | 2020-11-30 | 2021-01-29 | 国网新疆电力有限公司电力科学研究院 | Intrusion detection method and device based on ADASYN algorithm and improved convolutional neural network |
CN112433518A (en) * | 2020-10-20 | 2021-03-02 | 中国科学院沈阳计算技术研究所有限公司 | Industrial control system intrusion detection method based on recurrent neural network |
CN112463387A (en) * | 2020-12-07 | 2021-03-09 | 浙江工业大学 | Method for identifying deep learning model on local server based on GPU (graphics processing Unit) space-time resource consumption |
CN112632549A (en) * | 2021-01-06 | 2021-04-09 | 四川大学 | Web attack detection method based on context analysis |
CN112784965A (en) * | 2021-01-28 | 2021-05-11 | 广西大学 | Large-scale multi-element time series data abnormity detection method oriented to cloud environment |
CN112866246A (en) * | 2021-01-18 | 2021-05-28 | 北方工业大学 | DDoS detection method and device based on deep learning, electronic equipment and storage medium |
WO2022111387A1 (en) * | 2020-11-30 | 2022-06-02 | 华为技术有限公司 | Data processing method and related apparatus |
WO2023085457A1 (en) * | 2021-11-11 | 2023-05-19 | 한국전자기술연구원 | Memory structure and control method for efficient deep learning training |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170098153A1 (en) * | 2015-10-02 | 2017-04-06 | Baidu Usa Llc | Intelligent image captioning |
CN107301246A (en) * | 2017-07-14 | 2017-10-27 | 河北工业大学 | Chinese Text Categorization based on ultra-deep convolutional neural networks structural model |
CN108268283A (en) * | 2016-12-31 | 2018-07-10 | 英特尔公司 | For operating the computing engines framework data parallel to be supported to recycle using yojan |
CN108288109A (en) * | 2018-01-11 | 2018-07-17 | 安徽优思天成智能科技有限公司 | Motor-vehicle tail-gas concentration prediction method based on LSTM depth space-time residual error networks |
CN108604313A (en) * | 2016-02-12 | 2018-09-28 | 微软技术许可有限责任公司 | The predictive modeling of automation and frame |
CN109379379A (en) * | 2018-12-06 | 2019-02-22 | 中国民航大学 | Based on the network inbreak detection method for improving convolutional neural networks |
CN109934282A (en) * | 2019-03-08 | 2019-06-25 | 哈尔滨工程大学 | A kind of SAR objective classification method expanded based on SAGAN sample with auxiliary information |
CN109947864A (en) * | 2018-06-27 | 2019-06-28 | 淮阴工学院 | One kind being based on the heuristic short text feature extraction and classifying method of TF-IDF and CNN |
CN110062233A (en) * | 2019-04-25 | 2019-07-26 | 西安交通大学 | The compression method and system of the sparse weight matrix of the full articulamentum of convolutional neural networks |
CN110309195A (en) * | 2019-05-10 | 2019-10-08 | 电子科技大学 | A kind of content recommendation method based on FWDL model |
CN110351244A (en) * | 2019-06-11 | 2019-10-18 | 山东大学 | A kind of network inbreak detection method and system based on multireel product neural network fusion |
-
2020
- 2020-01-13 CN CN202010031422.0A patent/CN111291860A/en active Pending
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170098153A1 (en) * | 2015-10-02 | 2017-04-06 | Baidu Usa Llc | Intelligent image captioning |
CN108604313A (en) * | 2016-02-12 | 2018-09-28 | 微软技术许可有限责任公司 | The predictive modeling of automation and frame |
CN108268283A (en) * | 2016-12-31 | 2018-07-10 | 英特尔公司 | For operating the computing engines framework data parallel to be supported to recycle using yojan |
CN107301246A (en) * | 2017-07-14 | 2017-10-27 | 河北工业大学 | Chinese Text Categorization based on ultra-deep convolutional neural networks structural model |
CN108288109A (en) * | 2018-01-11 | 2018-07-17 | 安徽优思天成智能科技有限公司 | Motor-vehicle tail-gas concentration prediction method based on LSTM depth space-time residual error networks |
CN109947864A (en) * | 2018-06-27 | 2019-06-28 | 淮阴工学院 | One kind being based on the heuristic short text feature extraction and classifying method of TF-IDF and CNN |
CN109379379A (en) * | 2018-12-06 | 2019-02-22 | 中国民航大学 | Based on the network inbreak detection method for improving convolutional neural networks |
CN109934282A (en) * | 2019-03-08 | 2019-06-25 | 哈尔滨工程大学 | A kind of SAR objective classification method expanded based on SAGAN sample with auxiliary information |
CN110062233A (en) * | 2019-04-25 | 2019-07-26 | 西安交通大学 | The compression method and system of the sparse weight matrix of the full articulamentum of convolutional neural networks |
CN110309195A (en) * | 2019-05-10 | 2019-10-08 | 电子科技大学 | A kind of content recommendation method based on FWDL model |
CN110351244A (en) * | 2019-06-11 | 2019-10-18 | 山东大学 | A kind of network inbreak detection method and system based on multireel product neural network fusion |
Non-Patent Citations (5)
Title |
---|
JONATHAN D. DEFREEUW: "Embedding Network Information for Machine Learning-based Intrusion Detection", 《THESIS SUBMITTED TO THE FACULTY OF THE VIRGINIA POLYTECHNIC INSTITUTE AND STATE UNIVERSITY》 * |
SLX_SHARE: "Keras使用笔记", 《HTTPS://BLOG.CSDN.NET/SLX_SHARE/ARTICLE/DETAILS/90373237》 * |
张海刚等: "基于全局优化支持向量机的多类别高炉故障诊断", 《工程科学学报》 * |
池亚平等: "基于GR-CNN算法的网络入侵检测模型设计与实现", 《计算机应用与软件》 * |
贾凡等: "基于卷积神经网络的入侵检测算法", 《北京理工大学学报》 * |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112433518A (en) * | 2020-10-20 | 2021-03-02 | 中国科学院沈阳计算技术研究所有限公司 | Industrial control system intrusion detection method based on recurrent neural network |
CN112433518B (en) * | 2020-10-20 | 2022-02-11 | 中国科学院沈阳计算技术研究所有限公司 | Industrial control system intrusion detection method based on recurrent neural network |
CN112287338A (en) * | 2020-11-30 | 2021-01-29 | 国网新疆电力有限公司电力科学研究院 | Intrusion detection method and device based on ADASYN algorithm and improved convolutional neural network |
WO2022111387A1 (en) * | 2020-11-30 | 2022-06-02 | 华为技术有限公司 | Data processing method and related apparatus |
CN112463387A (en) * | 2020-12-07 | 2021-03-09 | 浙江工业大学 | Method for identifying deep learning model on local server based on GPU (graphics processing Unit) space-time resource consumption |
CN112463387B (en) * | 2020-12-07 | 2024-03-29 | 浙江工业大学 | Method for identifying deep learning model on local server based on GPU space-time resource consumption |
CN112632549A (en) * | 2021-01-06 | 2021-04-09 | 四川大学 | Web attack detection method based on context analysis |
CN112632549B (en) * | 2021-01-06 | 2022-07-12 | 四川大学 | Web attack detection method based on context analysis |
CN112866246A (en) * | 2021-01-18 | 2021-05-28 | 北方工业大学 | DDoS detection method and device based on deep learning, electronic equipment and storage medium |
CN112784965A (en) * | 2021-01-28 | 2021-05-11 | 广西大学 | Large-scale multi-element time series data abnormity detection method oriented to cloud environment |
CN112784965B (en) * | 2021-01-28 | 2022-07-29 | 广西大学 | Large-scale multi-element time series data anomaly detection method oriented to cloud environment |
WO2023085457A1 (en) * | 2021-11-11 | 2023-05-19 | 한국전자기술연구원 | Memory structure and control method for efficient deep learning training |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111291860A (en) | Anomaly detection method based on convolutional neural network feature compression | |
WO2023123941A1 (en) | Data anomaly detection method and apparatus | |
CN108881196B (en) | Semi-supervised intrusion detection method based on depth generation model | |
CN111538741B (en) | Deep learning analysis method and system for big data of alarm condition | |
CN115688035A (en) | Time sequence power data anomaly detection method based on self-supervision learning | |
KR100795227B1 (en) | Method and apparatus for analyzing signal pattern of sensor array | |
CN110636066B (en) | Network security threat situation assessment method based on unsupervised generative reasoning | |
CN112039903B (en) | Network security situation assessment method based on deep self-coding neural network model | |
CN111556016B (en) | Network flow abnormal behavior identification method based on automatic encoder | |
CN111600905A (en) | Anomaly detection method based on Internet of things | |
CN114372493B (en) | Computer cable electromagnetic leakage characteristic analysis method | |
CN113420294A (en) | Malicious code detection method based on multi-scale convolutional neural network | |
CN109784668A (en) | A kind of sample characteristics dimension-reduction treatment method for electric power monitoring system unusual checking | |
CN113554361A (en) | Comprehensive energy system data processing and calculating method and processing system | |
CN115277189A (en) | Unsupervised intrusion flow detection and identification method based on generative countermeasure network | |
CN112733456B (en) | Electricity stealing prevention behavior identification method and system | |
CN113762355A (en) | User abnormal electricity consumption behavior detection method based on non-invasive load decomposition | |
CN113079158A (en) | Network big data security protection method based on deep learning | |
CN117092581A (en) | Segment consistency-based method and device for detecting abnormity of electric energy meter of self-encoder | |
CN111107082A (en) | Immune intrusion detection method based on deep belief network | |
CN112131570B (en) | PCA-based password hard code detection method, device and medium | |
CN114912109A (en) | Abnormal behavior sequence identification method and system based on graph embedding | |
Chen et al. | Feature selection based on BP neural network and adaptive particle swarm algorithm | |
Wang et al. | Study on missing data filling algorithm of nuclear power plant operation parameters | |
Yang et al. | Prediction of criminal tendency of high-risk personnel based on combination of principal component analysis and support vector machine |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200616 |