CN112488238A - Hybrid anomaly detection method based on countermeasure self-encoder - Google Patents
Hybrid anomaly detection method based on countermeasure self-encoder Download PDFInfo
- Publication number
- CN112488238A CN112488238A CN202011469743.5A CN202011469743A CN112488238A CN 112488238 A CN112488238 A CN 112488238A CN 202011469743 A CN202011469743 A CN 202011469743A CN 112488238 A CN112488238 A CN 112488238A
- Authority
- CN
- China
- Prior art keywords
- encoder
- classifier
- self
- feature vectors
- anomaly detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 75
- 239000013598 vector Substances 0.000 claims abstract description 68
- 238000012549 training Methods 0.000 claims abstract description 61
- 230000004927 fusion Effects 0.000 claims abstract description 25
- 238000012360 testing method Methods 0.000 claims abstract description 16
- 230000006870 function Effects 0.000 claims description 25
- 238000000034 method Methods 0.000 claims description 23
- 230000002159 abnormal effect Effects 0.000 claims description 16
- 230000004913 activation Effects 0.000 claims description 9
- 230000003042 antagnostic effect Effects 0.000 claims description 9
- 238000000605 extraction Methods 0.000 claims description 5
- 238000013507 mapping Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 238000007499 fusion processing Methods 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 238000002790 cross-validation Methods 0.000 description 3
- 238000013135 deep learning Methods 0.000 description 3
- 230000009467 reduction Effects 0.000 description 3
- 238000005315 distribution function Methods 0.000 description 2
- 238000010606 normalization Methods 0.000 description 2
- 238000013450 outlier detection Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- ORILYTVJVMAKLC-UHFFFAOYSA-N Adamantane Natural products C1C(C2)CC3CC1CC2C3 ORILYTVJVMAKLC-UHFFFAOYSA-N 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000013527 convolutional neural network Methods 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000010998 test method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/243—Classification techniques relating to the number of classes
- G06F18/2433—Single-class perspective, e.g. one-against-all classification; Novelty detection; Outlier detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
- G06N20/20—Ensemble learning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/048—Activation functions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Artificial Intelligence (AREA)
- General Physics & Mathematics (AREA)
- Evolutionary Computation (AREA)
- Life Sciences & Earth Sciences (AREA)
- Software Systems (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Biomedical Technology (AREA)
- Evolutionary Biology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- Health & Medical Sciences (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Medical Informatics (AREA)
- Image Analysis (AREA)
Abstract
本发明公开了一种基于对抗自编码器的混合异常检测方法,首先,对对抗自编码器模型进行改进,并利用改进后的所述对抗自编码器模型提取加噪输入数据特征;接着,对提取的两种特征进行加权融合处理;然后,将融合得到的融合特征向量作为训练数据,利用集成学习的方式集成训练ifroest分类器、LOF分类器和K‑means分类器,得到检测分类器;最后,利用改进后的所述对抗自编码器模型提取测试集中的两组特征向量,并将两组所述特征向量融合后输入所述检测分类器,得到异常检测结果。相比于现有的技术,本发明利用对抗自编码器与传统异常检测方法相结合,能够更加准确地对数据集进行异常检测,提高异常检测的准确率。
The invention discloses a hybrid anomaly detection method based on an adversarial self-encoder. First, an adversarial self-encoder model is improved, and the improved adversarial self-encoder model is used to extract noise-added input data features; The two extracted features are subjected to weighted fusion processing; then, the fusion feature vector obtained by fusion is used as training data, and the ifroest classifier, LOF classifier and K-means classifier are integrated and trained by means of ensemble learning to obtain a detection classifier; finally , using the improved confrontation autoencoder model to extract two sets of feature vectors in the test set, and fuse the two sets of feature vectors and input them into the detection classifier to obtain anomaly detection results. Compared with the prior art, the present invention utilizes the adversarial self-encoder combined with the traditional anomaly detection method, which can more accurately perform anomaly detection on the data set and improve the accuracy of anomaly detection.
Description
Technical Field
The invention relates to the technical field of anomaly detection, in particular to a hybrid anomaly detection method based on a confrontation self-encoder.
Background
The abnormal point is defined as a data object which is obviously different from other data distribution, and abnormal information can be mined from mass data, interest patterns can be extracted and the like by analyzing the data distribution characteristics of the abnormal point. Therefore, outlier detection (outlier detection) becomes one of the research hotspots in the data mining field. The traditional abnormal point detection methods are numerous, and the time performance and the accuracy performance in the detection process are mainly considered. However, with the development of cloud computing and big data technology, the traditional method for mining abnormal node information through a single node computing mode cannot meet the increasing data computing requirements. An artificial intelligence technology represented by a deep learning technology provides a new research direction for detecting the abnormal point.
At present, a method of constructing a hybrid model by combining a deep learning method is continuously applied to an actual scene in recent years. The method has the characteristic of no need of training the model in advance, so the method belongs to a method with high cost performance. However, for complex and high-dimensional data, the method is difficult to capture the inherent attributes of the data, and in addition, when the AE is used for dimension reduction, the degree of dimension reduction greatly affects the final result, repeated parameter adjustment is needed, and the accuracy of anomaly detection is reduced.
Disclosure of Invention
The invention aims to provide a hybrid anomaly detection method based on a countermeasures self-encoder, which improves the accuracy of anomaly detection.
In order to achieve the above object, the present invention provides a hybrid anomaly detection method based on a countering self-encoder, comprising the following steps:
improving a countermeasure self-encoder model, and extracting characteristics of noise-added input data by using the improved countermeasure self-encoder model;
performing weighted fusion on the two groups of extracted characteristic vectors to obtain fusion characteristic vectors;
taking the fusion feature vector as training data, and integrally training an error classifier, an LOF classifier and a K-means classifier by utilizing an integrated learning mode to obtain a detection classifier;
and extracting two groups of feature vectors in a test set by using the improved confrontation self-encoder model, fusing the two groups of feature vectors, and inputting the fused feature vectors into the detection classifier to obtain an abnormal detection result.
Wherein, improving the antagonistic self-encoder model and extracting the characteristics of the noise-added input data by using the improved antagonistic self-encoder model comprises the following steps:
taking a LeakyReLU function and a Tanh function as activation functions of a first convolutional layer, a third convolutional layer and a fourth convolutional layer in two encoders in a self-encoder model, forming a self-encoder by a generator and the first encoder, and improving the activation function and the mapping function of a discriminator;
normalizing the acquired data set, and performing noise adding processing on the divided training set;
and training the improved confrontation self-encoder model, and extracting two groups of characteristics of the training set.
Training the improved confrontation self-encoder model, and extracting two groups of characteristics of the training set, wherein the training comprises:
inputting the noisy training set into the improved confrontation self-encoder model, performing feature extraction by using a first encoder, and reconstructing the training set by using the generator to take the extracted first group of feature vectors as input;
and performing feature extraction on the reconstructed training set by using a second encoder to obtain a second group of feature vectors.
Wherein, carry out the weight fusion to two sets of characteristic vectors of drawing out, obtain and fuse the characteristic vector, include:
and multiplying the first group of feature vectors by a weighting coefficient, multiplying the second group of feature vectors by subtracting the weighting coefficient from 1, adding the two products, and combining the corresponding labels to obtain corresponding fusion feature vectors.
The fusion feature vector is used as training data, and the ifroest classifier, the LOF classifier and the K-means classifier are integrally trained in an integrated learning mode to obtain a detection classifier, and the method comprises the following steps:
serializing three classifiers by using an AdaBoost algorithm, inputting the fusion feature vector as a training set into an ifoest classifier for training, adjusting weight distribution to obtain a weight coefficient, inputting the training set into a next classifier until the ifoest classifier, an LOF classifier and a K-means classifier are trained, and integrating all the weight coefficients to obtain a detection classifier.
Wherein, the improved confrontation self-encoder model is used for extracting two groups of characteristic vectors in a test set, and the two groups of characteristic vectors are fused and then input into the detection classifier to obtain an abnormal detection result, which comprises the following steps:
denoising the divided test set, and extracting two groups of feature vectors by using a first encoder and a second encoder in the improved confrontation self-encoder model;
and performing weighted fusion on the two groups of feature vectors, and inputting the feature vectors into a search detection classifier to obtain an abnormal detection result of each test sample.
The invention relates to a hybrid anomaly detection method based on a countermeasure self-encoder, which comprises the steps of firstly, improving a countermeasure self-encoder model, and extracting noise-added input data characteristics by utilizing the improved countermeasure self-encoder model; then, carrying out weighted fusion processing on the two extracted features; then, taking the fused feature vector obtained by fusion as training data, and integrally training an ifoest classifier, an LOF classifier and a K-means classifier by utilizing an integrated learning mode to obtain a detection classifier; and finally, extracting two groups of feature vectors in a test set by using the improved confrontation self-encoder model, fusing the two groups of feature vectors, and inputting the fused feature vectors into the detection classifier to obtain an abnormal detection result. Compared with the prior art, the method has the advantages that the countermeasure autoencoder is combined with the traditional anomaly detection method, so that the anomaly detection can be more accurately carried out on the data set, and the accuracy of the anomaly detection is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic diagram illustrating the steps of a hybrid anomaly detection method based on a countering self-encoder according to the present invention.
Fig. 2 is a flow chart of a hybrid anomaly detection method based on a countering self-encoder provided by the invention.
FIG. 3 is a framework of a hybrid anomaly detection model based on an improved robust self-encoder provided by the present invention.
Fig. 4 is an encoder model structure of the improved robust autoencoder provided by the present invention.
Fig. 5 is a view of the improved discriminator model structure against the self-encoder provided by the present invention.
Fig. 6 is a generator model structure for an improved robust autoencoder provided by the present invention.
FIG. 7 is a model structure for ensemble learning provided by the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
Referring to fig. 1 to 3, the present invention provides a hybrid anomaly detection method based on a run-length encoder, comprising the following steps:
s101, improving a confrontation self-encoder model, and extracting characteristics of noise-added input data by using the improved confrontation self-encoder model.
Specifically, an improved antagonistic self-encoder model is constructed, and features of input data are extracted. The DCGAN model is improved and comprises two encoders E1 and E2, a generator G and a discriminator D, wherein the two encoders E1 and E2 adopt the same structure: the four convolution layers are used for dimension reduction, the second layer and the third layer adopt BatchNormalization technology, the activation function of the first three layers is LeakyReLU function, and the activation function of the last layer is Tanh. The generator G and the first encoder E1 form a self-encoder, which has four layers of inverse convolution neural networks, the first three layers use Batch Normalization technology, the activation function is LeakyReLU function, and the last layer uses Tanh as the activation function. The discriminator D has a similar network structure to the first encoder E1, and uses a four-layer convolutional neural network, the second and third layers use Batch Normalization technology, the activation function of the first three layers is a leak relu function, and the last layer uses Sigmoid as an output mapping function, as shown in fig. 4 to 6.
And normalizing the data set into a single-channel or three-channel picture with the same specification size. And splitting the data set into a training set and a testing set according to the ratio of 4:1, and training the improved self-countervailing encoder model on the training set. The noise adding processing is carried out on the training set before training, so that the characteristics representing the input data can be better extracted. The network adopts Adam algorithm to update parameters of each layer of the network, and the iteration times are 200 generations. The generator G and the discriminator D are trained first, and after training is completed, the encoders E1 and E2 are trained using noisy data. Three loss functions are included:
Lenc=||z1-z2||2
Lcon=||x-x′||1
Ladv=||f(x)-f(x')||2
the specific training process comprises the following steps: inputting m single-channel noise-added gray images or RGB three-channel noise-added images with the same pixel size into a confrontation self-encoder modelThe noisy training set is denoted as S { (x)1,y1),...,(xm,ym) In which xiRepresenting noisy n-dimensional data, yiIs a data tag. After convolutional layer feature extraction by the first encoder E1, each picture is represented as a first set of feature vectors Z1={(z11,y1),...,(z1m,ym) And outputting and storing the form of the Chinese character. The generator G reconstructs a training set using these feature vectors as input, and outputs reconstructed data S { (x)1',y1),...,(xm',ym)}. The discriminator D is responsible for ensuring that the reconstructed data is as similar as possible to the original data. The second encoder E2, after re-extracting the features, represents a second set of feature vectors Z2={(z21,y1),...,(z2m,ym) And storing.
And S102, carrying out weighted fusion on the two groups of extracted characteristic vectors to obtain fusion characteristic vectors.
Specifically, for the two sets of feature vectors Z obtained in S11={(z11,y1),...,(z1m,ym) Z and2={(z21,y1),...,(z2m,ym) And performing weighted fusion processing on the feature data of every two data respectively:
wherein, the lambda is a weighting coefficient and is selected from 0 to 1 according to the actual situation.
For the obtained Z31~Z3mAdd their original tag y1~ymForm a new set of eigenvectors Z3={(z31,y1),...,(z3m,ym)}。
S103, taking the fusion feature vector as training data, and integrally training an ifoest classifier, an LOF classifier and a K-means classifier by utilizing an integrated learning mode to obtain a detection classifier.
Specifically, serializing three classifiers by using an AdaBoost algorithm, inputting the fused feature vector as a training set into an ifoest classifier for training, adjusting weight distribution to obtain a weight coefficient, inputting the training set into a next classifier until the training of the ifoest classifier, an LOF classifier and a K-means classifier is completed, and integrating all the weight coefficients to obtain a detection classifier, as shown in fig. 7, S31: data Z after model training3In the process of importing the AdaBoost detection model, firstly, weight distribution W of training data is initialized1=(w11,...,w1m),w1i1/m, wherein i is 1, 2. Each training sample is given the same weight, and the fusion feature vector is taken as a training set.
S32: using the training set to train iforcest, i.e. classifier h1(z) adjusting the iTree number through cross validation, and setting an abnormal ratio according to the sample label to enable a loss function e1And minimum. Calculate h1Error of (z)
If get e1And if the number is more than 0.5, the training of the next classifier is directly skipped. Calculating a weight coefficient
Updating the weight distribution W2=(w21,...,w2m),
Where i 1, 2., m, f (z) is the distribution function of the raw data.
S33: enter next classifier LOF, train LOF using training set, i.e. classifier h2(z). Minimizing the loss function e by adjusting the K value in the LOF algorithm through cross-validation2Threshold t of training LOF1:(t1',k)=argmint1',ke2Even if the loss function e2Minimum t1' is denoted by t1Comparing the abnormality score with a threshold value t1Is determined by the sizeConstant value, and calculate h2Error of (z)
If get e2And if the number is more than 0.5, the training of the next classifier is directly skipped. Calculating a weight coefficient
Updating the weight distribution W3=(w31,...,w3m),
Where i 1, 2., m, f (z) is the distribution function of the raw data.
S34: enter the next classifier K-means, i.e. classifier h3(z). Adjusting the number K of clustering clusters in the K-means algorithm through cross validation, and selecting the relative distance D of each clustering center as an abnormal score to minimize the error e3Training K-means to obtain a threshold value t2:(D,k)=arg minD,ke2Even if the loss function e3The smallest D is denoted as t2Comparing the relative distance D with a threshold value t2To determine an outlier; and calculate h3Error of (z)
If get e3And if the number is more than 0.5, the training of the next classifier is skipped directly. Calculating a weight coefficient
Linearly combining the 3 classifiers to obtain a final detection classifier or a final strong classifier
And S104, extracting two groups of feature vectors in a test set by using the improved confrontation self-encoder model, fusing the two groups of feature vectors, and inputting the fused feature vectors into the detection classifier to obtain an abnormal detection result.
Specifically, firstly, the test data set is subjected to noise adding, then the noise is sent to a trained improved confrontation self-encoder model, and two groups of feature vectors Z of the test set are extracted through encoders E1 and E21' and Z2'and weighted fusion in the step S102 is performed to obtain a fused feature vector Z'.
The fused feature vector Z' is taken as input data and sent to the detection classifier h (Z) obtained in step S103, and the strong classifier outputs the anomaly score of each test sample, thereby obtaining an anomaly detection result.
In order to verify the effectiveness of the hybrid anomaly detection model based on the anti-self encoder, the method of the invention is compared with the anomaly detection effects of three traditional anomaly detection algorithms in an MNIST data set, and the comparison result is shown in Table 1. Compared with three traditional anomaly detection methods, the accuracy value and the AUC value of the method provided by the invention are greatly improved, and the method is proved to have higher reliability.
TABLE 1 comparison of the four test methods
| Iforest | LOF | OCSVM | Text algorithm | |
| Rate of accuracy | 89.81 | 84.57 | 70.82 | 92.38 |
| AUC value | 0.79 | 0.83 | 0.80 | 0.95 |
Compared with the prior art, the invention has the following remarkable advantages:
1. compared with the characteristics extracted by the traditional machine learning method, the characteristics extracted by the method are more abstract and representative, and the accuracy rate of anomaly detection can be effectively improved.
2. The integrated learning in the deep learning is introduced, three traditional anomaly detection algorithms, namely, iforest, LOF and K-means, are respectively integrated through the AdaBoost algorithm, and compared with the method of directly using the traditional anomaly detection algorithms, the method is more accurate, can process data with high dimensionality, and does not need to make feature selection.
3. By resisting two groups of feature vectors decoded by the self-encoder model and performing weighted fusion on the two groups of feature vectors, the features of the extracted input data are more representative, and compared with a method for extracting the features of the self-encoder alone, the method is more reliable and has higher accuracy rate of anomaly detection.
The invention relates to a hybrid anomaly detection method based on a countermeasure self-encoder, which comprises the steps of firstly, improving a countermeasure self-encoder model, and extracting noise-added input data characteristics by utilizing the improved countermeasure self-encoder model; then, carrying out weighted fusion processing on the two extracted features; then, taking the fused feature vector obtained by fusion as training data, and integrally training an ifoest classifier, an LOF classifier and a K-means classifier by utilizing an integrated learning mode to obtain a detection classifier; and finally, extracting two groups of feature vectors in a test set by using the improved confrontation self-encoder model, fusing the two groups of feature vectors, and inputting the fused feature vectors into the detection classifier to obtain an abnormal detection result. Compared with the prior art, the method has the advantages that the countermeasure autoencoder is combined with the traditional anomaly detection method, so that the anomaly detection can be more accurately carried out on the data set, and the accuracy of the anomaly detection is improved.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (6)
1. A hybrid anomaly detection method based on a countering self-encoder is characterized by comprising the following steps:
improving a countermeasure self-encoder model, and extracting characteristics of noise-added input data by using the improved countermeasure self-encoder model;
performing weighted fusion on the two groups of extracted characteristic vectors to obtain fusion characteristic vectors;
taking the fusion feature vector as training data, and integrally training an error classifier, an LOF classifier and a K-means classifier by utilizing an integrated learning mode to obtain a detection classifier;
and extracting two groups of feature vectors in a test set by using the improved confrontation self-encoder model, fusing the two groups of feature vectors, and inputting the fused feature vectors into the detection classifier to obtain an abnormal detection result.
2. The robust self-encoder based hybrid anomaly detection method of claim 1, wherein a robust self-encoder model is improved and the noisy input data features are extracted using the improved robust self-encoder model, comprising:
taking a LeakyReLU function and a Tanh function as activation functions of a first convolutional layer, a third convolutional layer and a fourth convolutional layer in two encoders in a self-encoder model, forming a self-encoder by a generator and the first encoder, and improving the activation function and the mapping function of a discriminator;
normalizing the acquired data set, and performing noise adding processing on the divided training set;
and training the improved confrontation self-encoder model, and extracting two groups of characteristics of the training set.
3. The hybrid anomaly detection method based on the antagonistic self-encoder as claimed in claim 2, wherein the training of the improved antagonistic self-encoder model to extract two sets of features of the training set comprises:
inputting the noisy training set into the improved confrontation self-encoder model, performing feature extraction by using a first encoder, and reconstructing the training set by using the generator to take the extracted first group of feature vectors as input;
and performing feature extraction on the reconstructed training set by using a second encoder to obtain a second group of feature vectors.
4. The hybrid anomaly detection method based on the antagonistic self-encoder as claimed in claim 3, wherein the weighted fusion of the two groups of extracted feature vectors to obtain a fused feature vector comprises:
and multiplying the first group of feature vectors by a weighting coefficient, multiplying the second group of feature vectors by subtracting the weighting coefficient from 1, adding the two products, and combining the corresponding labels to obtain corresponding fusion feature vectors.
5. The hybrid anomaly detection method based on the antagonistic self-encoder as claimed in claim 1, wherein the fused feature vector is used as training data, and an error classifier, an LOF classifier and a K-means classifier are integrally trained in an ensemble learning manner to obtain a detection classifier, and the method comprises the following steps:
serializing three classifiers by using an AdaBoost algorithm, inputting the fusion feature vector as a training set into an ifoest classifier for training, adjusting weight distribution to obtain a weight coefficient, inputting the training set into a next classifier until the ifoest classifier, an LOF classifier and a K-means classifier are trained, and integrating all the weight coefficients to obtain a detection classifier.
6. The hybrid anomaly detection method based on the antagonistic self-encoder as claimed in claim 1, wherein the improved antagonistic self-encoder model is used to extract two groups of feature vectors in a test set, and the two groups of feature vectors are fused and input into the detection classifier to obtain an anomaly detection result, comprising:
denoising the divided test set, and extracting two groups of feature vectors by using a first encoder and a second encoder in the improved confrontation self-encoder model;
and performing weighted fusion on the two groups of feature vectors, and inputting the feature vectors into a search detection classifier to obtain an abnormal detection result of each test sample.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011469743.5A CN112488238B (en) | 2020-12-14 | 2020-12-14 | Hybrid anomaly detection method based on countermeasure self-encoder |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011469743.5A CN112488238B (en) | 2020-12-14 | 2020-12-14 | Hybrid anomaly detection method based on countermeasure self-encoder |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112488238A true CN112488238A (en) | 2021-03-12 |
| CN112488238B CN112488238B (en) | 2022-11-15 |
Family
ID=74916383
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011469743.5A Active CN112488238B (en) | 2020-12-14 | 2020-12-14 | Hybrid anomaly detection method based on countermeasure self-encoder |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112488238B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113033817A (en) * | 2021-03-19 | 2021-06-25 | 南方科技大学 | OOD detection method and device based on hidden space, server and storage medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160127405A1 (en) * | 2014-10-29 | 2016-05-05 | Ricoh Company, Ltd. | Information processing system, information processing apparatus, and information processing method |
| CN108182452A (en) * | 2017-12-29 | 2018-06-19 | 哈尔滨工业大学(威海) | Aero-engine fault detection method and system based on grouping convolution self-encoding encoder |
| US20180314985A1 (en) * | 2017-04-24 | 2018-11-01 | Virginia Tech Intellectual Properties, Inc. | Learning and deploying compression of radio signals |
| CN109741292A (en) * | 2017-10-27 | 2019-05-10 | 罗伯特·博世有限公司 | The method for detecting abnormal image in the first image data set with confrontation self-encoding encoder |
| CN109919032A (en) * | 2019-01-31 | 2019-06-21 | 华南理工大学 | A video anomalous behavior detection method based on action prediction |
| US20200076840A1 (en) * | 2018-09-05 | 2020-03-05 | Oracle International Corporation | Malicious activity detection by cross-trace analysis and deep learning |
| KR20200040469A (en) * | 2018-10-10 | 2020-04-20 | 주식회사 케이티 | Method, system and computer program for detecting error of facilities in building |
| WO2020095303A1 (en) * | 2018-11-09 | 2020-05-14 | Augury Systems Ltd. | Automated analysis of non-stationary machine performance |
| CN111598881A (en) * | 2020-05-19 | 2020-08-28 | 西安电子科技大学 | Image anomaly detection method based on variational self-encoder |
| CN111950695A (en) * | 2019-05-15 | 2020-11-17 | 辉达公司 | Syntax migration using one or more neural networks |
-
2020
- 2020-12-14 CN CN202011469743.5A patent/CN112488238B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160127405A1 (en) * | 2014-10-29 | 2016-05-05 | Ricoh Company, Ltd. | Information processing system, information processing apparatus, and information processing method |
| US20180314985A1 (en) * | 2017-04-24 | 2018-11-01 | Virginia Tech Intellectual Properties, Inc. | Learning and deploying compression of radio signals |
| CN109741292A (en) * | 2017-10-27 | 2019-05-10 | 罗伯特·博世有限公司 | The method for detecting abnormal image in the first image data set with confrontation self-encoding encoder |
| CN108182452A (en) * | 2017-12-29 | 2018-06-19 | 哈尔滨工业大学(威海) | Aero-engine fault detection method and system based on grouping convolution self-encoding encoder |
| US20200076840A1 (en) * | 2018-09-05 | 2020-03-05 | Oracle International Corporation | Malicious activity detection by cross-trace analysis and deep learning |
| KR20200040469A (en) * | 2018-10-10 | 2020-04-20 | 주식회사 케이티 | Method, system and computer program for detecting error of facilities in building |
| WO2020095303A1 (en) * | 2018-11-09 | 2020-05-14 | Augury Systems Ltd. | Automated analysis of non-stationary machine performance |
| CN109919032A (en) * | 2019-01-31 | 2019-06-21 | 华南理工大学 | A video anomalous behavior detection method based on action prediction |
| CN111950695A (en) * | 2019-05-15 | 2020-11-17 | 辉达公司 | Syntax migration using one or more neural networks |
| CN111598881A (en) * | 2020-05-19 | 2020-08-28 | 西安电子科技大学 | Image anomaly detection method based on variational self-encoder |
Non-Patent Citations (3)
| Title |
|---|
| SALMAN H. KHAN等: "Adversarial Training of Variational Auto-Encoders for High Fidelity Image Generation", 《2018 IEEE WINTER CONFERENCE ON APPLICATIONS OF COMPUTER VISION (WACV)》 * |
| 夏火松等: "基于自编码器和集成学习的半监督异常检测算法", 《计算机工程与科学》 * |
| 李清奇: "一种基于自编码的混凝土裂纹识别方法", 《北京交通大学学报》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113033817A (en) * | 2021-03-19 | 2021-06-25 | 南方科技大学 | OOD detection method and device based on hidden space, server and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112488238B (en) | 2022-11-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110572696B (en) | A Video Generation Method Combining Variational Autoencoder and Generative Adversarial Network | |
| Chen et al. | Unsupervised Multi-Manifold Clustering by Learning Deep Representation. | |
| CN110516536B (en) | A Weakly Supervised Video Behavior Detection Method Based on Complementarity of Temporal Category Activation Maps | |
| Thai et al. | Image classification using support vector machine and artificial neural network | |
| CN106295694B (en) | Face recognition method for iterative re-constrained group sparse representation classification | |
| CN112183501B (en) | Depth counterfeit image detection method and device | |
| CN108304826A (en) | Facial expression recognizing method based on convolutional neural networks | |
| CN112784929B (en) | Small sample image classification method and device based on double-element group expansion | |
| CN110175551B (en) | Sign language recognition method | |
| CN114842267A (en) | Image classification method and system based on label noise domain adaptation | |
| CN111046900A (en) | Semi-supervised generation confrontation network image classification method based on local manifold regularization | |
| CN106203628B (en) | A kind of optimization method and system enhancing deep learning algorithm robustness | |
| CN112818764A (en) | Low-resolution image facial expression recognition method based on feature reconstruction model | |
| CN110263855B (en) | A Method for Image Classification Using Common Base Capsule Projection | |
| CN106339719A (en) | Image identification method and image identification device | |
| CN114120041A (en) | A Few-Sample Classification Method Based on Dual Adversarial Variational Autoencoders | |
| CN113628201A (en) | Pathological slice analysis method, electronic device and readable storage medium based on deep learning | |
| CN107358172B (en) | A face feature point initialization method based on face orientation classification | |
| CN103914705A (en) | Hyperspectral image classification and wave band selection method based on multi-target immune cloning | |
| CN108595558A (en) | A kind of image labeling method of data balancing strategy and multiple features fusion | |
| Gorijala et al. | Image generation and editing with variational info generative AdversarialNetworks | |
| CN111291810B (en) | Information processing model generation method based on target attribute decoupling and related equipment | |
| CN113361346A (en) | Scale parameter self-adaptive face recognition method for replacing adjustment parameters | |
| CN114049675B (en) | Facial expression recognition method based on light-weight two-channel neural network | |
| CN109447147B (en) | Image Clustering Method Based on Double-Graph Sparse Deep Matrix Decomposition |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20210312 Assignee: Guilin Qinghong Technology Co.,Ltd. Assignor: GUILIN University OF ELECTRONIC TECHNOLOGY Contract record no.: X2023980045229 Denomination of invention: A hybrid anomaly detection method based on adversarial autoencoder Granted publication date: 20221115 License type: Common License Record date: 20231102 |