CN112766343B - Network security situation assessment method based on improved WOA-SVM - Google Patents

Network security situation assessment method based on improved WOA-SVM Download PDF

Info

Publication number
CN112766343B
CN112766343B CN202110034429.2A CN202110034429A CN112766343B CN 112766343 B CN112766343 B CN 112766343B CN 202110034429 A CN202110034429 A CN 202110034429A CN 112766343 B CN112766343 B CN 112766343B
Authority
CN
China
Prior art keywords
whale
woa
optimal
svm
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110034429.2A
Other languages
Chinese (zh)
Other versions
CN112766343A (en
Inventor
张然
刘敏
胡颖
刘洋
潘芷涵
蔡增玉
张启坤
甘勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou University of Light Industry
Original Assignee
Zhengzhou University of Light Industry
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou University of Light Industry filed Critical Zhengzhou University of Light Industry
Priority to CN202110034429.2A priority Critical patent/CN112766343B/en
Publication of CN112766343A publication Critical patent/CN112766343A/en
Application granted granted Critical
Publication of CN112766343B publication Critical patent/CN112766343B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2411Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on the proximity to a decision surface, e.g. support vector machines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • Physics & Mathematics (AREA)
  • Artificial Intelligence (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a network security situation assessment method based on an improved WOA-SVM, which comprises the following steps: forming a sample set by using the existing network security data; initializing a WOA algorithm and an SA algorithm; selecting spiral predation or random search prey, updating the current whale position in the WOA algorithm by using a self-adaptive weight method, and updating the current optimal position and global optimal position of the whale; judging whether to accept a new whale position according to the sudden jump probability of the SA algorithm; judging whether the termination condition of iteration is met; and assigning the obtained value of the global optimal position to the SVM, carrying out SVM network training by using the regression fitting analysis optimal parameter, and converting the evaluation value into a network security level. The invention utilizes the global optimization characteristic of WOA to search the optimal parameter of SVM, utilizes the adaptive weight to adjust the whale position updating coefficient, and adopts SA algorithm to increase the random searching factor, thereby avoiding trapping into local extreme value and improving the global optimization capability.

Description

Network security situation assessment method based on improved WOA-SVM
Technical Field
The invention relates to the technical field of network security situation assessment, in particular to a network security situation assessment method based on an improved WOA-SVM.
Background
With the high-speed development and application of technologies such as internet, big data, cloud computing and artificial intelligence in China, the security of network space also faces more and more risks and threats, and the more prominent problems are DDoS attack, APT attack, the continuous rising of the number of high-risk vulnerabilities, the frequent occurrence of data leakage events, the continuous emergence of grey application programs and the potential safety hazards brought by high and new technologies. The security problem faced by the current network system is mainly expressed in that: the related network security data quantity is gradually increased and increasingly becomes data; network security events are continuously cut apart so as to be difficult to sense, obtained security information is scattered and disordered, and a manager needs to spend a large amount of time and energy to analyze potential security threats, so that the time and the labor are consumed, and the result is more and more successful; many existing network security systems have limitations on data collection, and some network security systems are limited to collect, analyze and process security data of one or more aspects in a network, and are difficult to comprehensively describe and reflect the security conditions of the network. In the face of these new challenges and threats, existing traditional network security defense means, policies and methods (such as intrusion detection systems, firewalls, anti-viruses, access control, etc.) have not kept up with the actual security requirements of today's network systems.
The security situation awareness was first applied in the aviation and military fields, and was gradually popularized to the network security field later. Network security posture assessment is an important means to understand the current network security situation. In 1988, Endsley summarized it into three layers, namely "extraction of Situation elements, Situation understanding and Situation prediction", on the basis of the concept of Situation Awareness (Situation aware), wherein the core of "Situation understanding" is "Situation assessment". In 1999, Bass applies the mature theory and technology of air traffic supervision ATC Situation Awareness to network security Situation Awareness, and provides the concept of electronic space Situation Awareness (Cyberspace Awareness) for the first time, which lays a foundation for the research of network security Situation technology. Network security situation awareness means that environmental factors are known and understood in a certain space-time range, and future security development trends are predicted. The concept of network security posture assessment was later presented on the basis of the model of Endsley. The network security situation evaluation can integrate and analyze situation elements and data information extracted from a network, perform modeling evaluation on the current network security situation, obtain situation values according to an evaluation model, dynamically reflect the current operation state of a network system and the severity of the threat in the whole, predict and early warn the development trend of the network system, and provide decision support for network security management. The network security situation assessment is used as a new technology of next generation network security and an important component of a novel network security defense system, and has important research significance and application value.
The network security situation assessment is that after original security data and events on a network are collected and preprocessed, based on an established network security situation index system, on the basis of certain priori knowledge, a series of mathematical models and algorithms are used for processing, and then a quantitative or qualitative network security situation assessment result is obtained in the form of a security situation value so as to reflect the current network security situation. At present, network attacks increasingly present the characteristics of diversification, complication and randomness, and the network security situation is also a complex and constantly changing nonlinear process, so that the evaluation of the network security situation by adopting the artificial intelligence technologies such as machine learning and deep learning is a necessary development trend. How to construct a network security situation assessment model with high accuracy and scientific and objective is a key point of network security situation assessment research. Many artificial intelligence-based evaluation methods have been proposed, but they can be roughly classified into three types, namely mathematical model-based, knowledge-based reasoning and pattern-based recognition, according to the underlying theory.
Based on a mathematical model: the evaluation is mainly carried out by constructing an evaluation function, and the most important is the construction of the function. The most common method is an analytic hierarchy process, such as documents [ Cumminghui, sealed civilians, Liubiao and the like ] an improved hierarchical network security situation assessment model simulation [ J ] computer simulation, 2019, 36(11):284 289+369 ] proposes a network security situation assessment model which adopts an alarm verification algorithm and a fuzzy inference algorithm to improve the hierarchical analytic process, the assessment model can effectively eliminate the influence of false alarm information and intuitively reflect the security situation of the network, but the data source of the method is single; the literature [ [5] WANG H, CHEN Z, FENG X, et al.research on Network Security establishment Assessment and quantitative Method Based on analytical Hierarchy Process [ J ]. Wireless Personal Communications,2018,102(2),1401 and 1420 ] proposes an Assessment Method combining an AHP Analytic Hierarchy Process and a hierarchical model of Situation Assessment, thereby simplifying Situation Assessment problems, and the model can reflect the overall Security state of the Network and better provide decision service for high layers. However, the method based on the mathematical model has no objective unified standard so far, and is easily influenced by subjective human factors, thereby causing inaccuracy of the evaluation result.
Based on knowledge reasoning: the method mainly establishes a model according to certain criteria and empirical knowledge, and applies a logical reasoning theory to evaluate, wherein the most representative is an evidence theory and a graph model. An evidence theory-based method, such as a document [ Yang Hongyu, Wang rock, Luwei force ] an unsupervised generative inference-based network security threat situation assessment method [ J ] Qing Hua university academic newspaper (Natural science edition), 2020, 60(06): 474-; a Network Security Situation assessment Model Based on the D-S Evidence Theory is researched in the literature [ ZHAO Z, ZHAN TT, WANG H, et al.Quantitative Evaluation Model of Network Security establishment Based on D-S Evaluation Theory [ C ]. 20196 th International Conference on dependent Systems and Theory Applications, DSA,2019: 1884-. A method based on a graph model, such as a document [ Lexin, paragraph , a network security situation assessment method [ J/OL ] based on an improved hidden Markov model, computer science 2020(05):1-5[2020-06-22] ] proposes a situation assessment method for improving a hidden Markov model by adopting a crowd search algorithm, which can more accurately assess the network security condition, but unrelated and false-positive data exist in situation elements and further research on an observation sequence is needed; a network Security Situation Assessment Method which takes a Markov Game Model as a core and combines four-level data fusion is provided in the document [ LI X, LU Y, NIE W. However, when a large amount of data conflicts are encountered, the method based on knowledge reasoning has large calculation amount and complexity, independence among all evaluation indexes is difficult to guarantee, and sometimes expert experience is also relied on, which may result in low evaluation accuracy.
Based on pattern recognition: the method is mainly based on machine learning theory for evaluation, and is a method researched by the invention, and the main specific methods include rough set, neural network, Support Vector Machine (SVM) and the like. For example, a Situation Assessment model for Optimizing a CS-BP Neural Network by using a D-S Evidence Theory is provided in documents of [10] QIANG J, WANG F, DANG XL, Network Security Based on D-S evaluation Theory optimization CS-BP Neural Network establishment Assessment [ C ],2018IEEE International Conference on Cyber Security and Cloud Computing (CSCloud), Shanghai,2018: 153-; an SVM parameter network Security condition evaluation Model Based on GSA optimization is proposed in the literature [ CHEN YX, YIN XC, SUN A. network Security establishment Assessment Model Based on GSA-SVM [ C ]. Proceedings of2018International Conference on Computer,2018,2:161 and 167 ], and the optimal parameters are searched in an SVM by GSA so as to minimize the error between the generated data and the actual network Security condition evaluation data. However, when the method based on pattern recognition meets large-scale complex data, the learning efficiency becomes low, the optimal parameters are difficult to determine, and the adaptive capacity becomes poor.
At present, a network security situation assessment method is not standardized, and the problems that the accuracy needs to be improved and the like exist. Aiming at the problems of low accuracy and slow convergence in the evaluation method, the invention provides a network security situation evaluation method for optimizing a Support Vector Machine (SVM) by introducing a Whale Optimization Algorithm (WOA) into a self-adaptive weight combined with a simulated annealing algorithm (SA), and the network security situation evaluation method is compared with other network security situation evaluation methods for optimizing the SVM by an intelligent algorithm.
Disclosure of Invention
Aiming at the technical problems that the existing network security situation assessment method is low in accuracy and slow in convergence, and local extremum is easy to fall into when WOA solves the problems of large data volume and complexity, and the convergence speed is slow, the invention provides a network security situation assessment method based on an improved WOA-SVM.
In order to achieve the purpose, the technical scheme of the invention is realized as follows: a network security situation assessment method based on an improved WOA-SVM comprises the following steps:
the method comprises the following steps: forming a sample set by taking the existing network safety data as sample data, carrying out normalization pretreatment on the sample data in the sample set, and dividing the sample data into a training set and a test set;
step two: initializing the population scale of a WOA algorithm, the upper and lower limits and the initial position of a whale position, and initializing the annealing temperature, the cooling rate and the jump probability of an SA algorithm; initializing the iteration time t as 1 and the maximum iteration time maxgen;
step three: iterative optimization: selecting spiral predation or random hunting according to the random probability p, updating the current whale position in the WOA algorithm by using a self-adaptive weight method, comparing the current whale position with the original whale position, and updating the current optimal whale position and the global optimal position;
step four: judging whether to accept a new whale position according to the sudden jump probability of the SA algorithm, updating the optimal whale position and the global optimal position, and storing;
step five: judging whether the iteration termination condition is met, if so, entering the step six, otherwise, returning to the step two;
step six: and assigning the obtained value of the global optimal position to an optimal punishment parameter and a kernel function parameter of the SVM, analyzing the optimal parameter by utilizing regression fitting, performing SVM network training by combining a training set, inputting sample data in a test set into the trained SVM to obtain an evaluation value, and converting the evaluation value into a network security level.
The sample data takes the number of hosts infected with viruses, the total number of tampered websites, the total number of implanted gate websites, the number of counterfeit pages of domestic websites and the number of newly-added information security vulnerabilities as evaluation indexes, and converts five security levels of high risk, danger, medium risk, light risk and security into digital levels, wherein the digital levels are evaluation values obtained by an SVM:
level of security High risk Danger of Middle danger Light danger Secure
Evaluation value [0,1) [1,2) [2,3) [3~4) [4~5]
The sample data is normalized and preprocessed as follows:
Figure BDA0002893592720000041
wherein x, y ∈ Rn,xminFor minimum data, x, in a sample setmaxFor the maximum data in the sample set, sample data is normalized to [ -1,1 [ ]]And (4) the following steps.
The method for updating the whale position in the WOA algorithm by using the self-adaptive weight method in the third step comprises the following steps:
M(t+1)=k(t)*M*(t)-A·D,
M(t+1)=k(t)*D′·eblcos(2πl)+M*(t),
M(t+1)=k(t)*Mrand-A|CMrand(t)-M(t)|,
wherein the adaptive weight coefficient
Figure BDA0002893592720000042
M*(t) is the position vector of the optimal solution at the t-th iteration; m (t) is the position vector of whale at the t iteration, and M (t +1) is the position vector of whale at the t +1 iteration; d is the iteration distance between the optimal solution position and the current solution during the t-th iteration; a and C are coefficient vectors, D' ═ M*(t) -M (t) l represents the position distance between the ith whale individual and the current optimal solution; b is a constant for defining the shape of the logarithmic spiral, l ∈ [ -1,1]A random number within; mrandIs a randomly selected position vector from the current population.
The coefficient vectors a and C are respectively:
A=2a·r1-a,C=2r2
wherein a is a constant that linearly decreases from 2 to 0 in an iterative process, and
Figure BDA0002893592720000051
r1and r2Is [0, 1]]Random vector of (2).
The method for selecting spiral predation or random hunting according to the random probability p in the third step is as follows:
when the iteration time t is less than or equal to maxgen, updating the parameters a-1 + t ((-1)/maxgen) and r1=rand()、r2Rand (), A, C, constant b 1, l (a)2-1) × rand +1, random probability p ═ rand (), and adaptive weight coefficients
Figure BDA0002893592720000052
Iterative optimization: when the random probability p is less than 0.5, if the coefficient vector | A | is more than or equal to 1, randomly selecting the whale colony individual position M from the current colonyrandCalculating whale positions of searched prey: m (t +1) ═ k (t) × Mrand-A|CMrand(t) -m (t) |; if | A | < 1, updating the spatial position of the current whale population individuals by a contraction enclosure mechanism: m (t +1) ═ k (t) × M*(t) -A.D; when the random probability p is more than or equal to 0.5, the spatial position of the current whale colony individual is updated in a spiral mode: m (t +1) ═ k (t) · D' · eblcos(2πl)+M*(t); updating the whale optimal position, the global optimal position and the fitness values of the updated whale position and the current global optimal position;
and taking the average Mean Square Error (MSE) as an optimized objective function value, namely an adaptability value.
The kick probability PiComprises the following steps:
Figure BDA0002893592720000053
and df ═ fitness (i) -fitnesszbest;
wherein, fitness (i) is the current whale fitness value, and fitnesszbest is the global optimal whale fitness value; df is the difference between the current whale fitness value and the globally optimal whale fitness value; t istIs the current temperature;
selecting a searcher in the neighborhood of the global optimal fitness value in the fourth step, calculating a difference value df, and replacing the original position with a new whale position if the difference value df is less than 0; if the difference df is greater than or equal to 0, the probability exp (-df/T)t) Judging whether the position of the inferior solution is accepted or not; then the optimal whale position gbe is updatedst and a global optimum position zbest.
The current temperature TtThe initialization is as follows:
Figure BDA0002893592720000061
current temperature TtThe rate of change of (c) is: t ist+1=μTt
Wherein, the fitnesszbest is the overall optimal whale fitness value, alpha and mu are control parameters, t is the iteration times, t is more than or equal to 0, mu is more than or equal to 0 and less than or equal to 1, and alpha belongs to [0.2,0.5 ].
The termination condition is whether the maximum iteration time maxgen is met or the error precision requirement is met: mean square error MSE < 0.01.
Compared with the prior art, the invention has the following beneficial effects:
1) a network security situation assessment method for optimizing a Support Vector Machine (SVM) (WOA-SVM) based on a Whale Optimization Algorithm (WOA) based on adaptive weighting and Simulated annealing Algorithm (SA) is provided, and the security situation value is generated by training of an improved SVM model to assess the security situation of the current network.
2) The adaptive weight is introduced into the WOA in combination with a simulated annealing algorithm (SA) to overcome the problems of local optimization and slow convergence of the WOA, so that the global optimizing capability of the WOA is improved.
3) And finding the optimal punishment parameter c and the kernel function parameter g of the SVM by using the improved WOA, so that the accuracy of the SVM-based evaluation model is improved.
4) Compared with the method for improving the WOA-SVM by the WOA-SVM and other algorithms, the result shows that the method for improving the network security situation of the WOA-SVM by combining the self-adaptive weight with the simulated annealing algorithm has the advantages of smaller error, higher accuracy and better convergence, and can be used for more effectively evaluating the security situation of the current network.
According to the method, the SVM is embedded into the fitness function calculation of the improved WOA, the optimal parameter of the SVM is found by using the global optimization characteristic of the WOA, the whale position updating coefficient is adjusted by using the self-adaptive weight, the random search factor is increased by using the simulated annealing algorithm, and the phenomenon that the SVM falls into a local extreme value is avoided, so that the global optimization capability is improved. The experimental result shows that the method can more accurately evaluate the security situation of the network and has better convergence compared with other improved SVM evaluation algorithms.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of the present invention.
FIG. 2 is a graph illustrating the data normalization of the present invention.
Fig. 3 is a comparison of the evaluation results of the present invention and several different algorithms.
Fig. 4 is a graph showing the variation of the optimal fitness value of the present invention and each optimization algorithm.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without any inventive step, are within the scope of the present invention.
As shown in fig. 1, a method for evaluating a network security situation based on an improved WOA-SVM, that is, a method for evaluating a network security situation based on an adaptive weight combined with a simulated annealing algorithm to improve a WOA-SVM, includes the following steps:
the method comprises the following steps: and forming a sample set by taking the existing network safety data as sample data, carrying out normalization pretreatment on the sample data in the sample set, and dividing the sample data into a training set and a test set.
The method takes network safety data published in the third stage 2016 to the seventeenth stage 2020 from network safety information and dynamic Weeking published by the national Internet emergency center as experimental data, and selects 270 data sets as a training set and 10 data sets as a test set. The experimental data mainly take the number of hosts infected with viruses, the total number of tampered websites, the total number of implanted gate websites, the number of counterfeit pages of domestic websites and the number of newly-added information security holes as evaluation indexes. The five aspects can relatively comprehensively reflect the modern network security condition and can be used as an index for evaluating the basic situation of the network security every week. For convenience of experiment, the invention converts five safety levels of high risk, danger, medium risk, light risk and safety into digital levels as shown in table 1.
TABLE 1 network Security situation value conversion Table
Level of security High risk Danger of Middle danger Light danger Secure
Situation value [0,1) [1,2) [2,3) [3~4) [4~5]
The adoption of data normalization processing helps to improve the accuracy of situation assessment, so the invention performs normalization preprocessing on sample data according to the formula (17):
Figure BDA0002893592720000071
wherein x, y ∈ Rn,xminFor minimum value data, x, in the sample set, i.e. training set and test setmaxFor maximum data in a sample set, the above formula can normalize the data to [ -1,1 [ ]]The results after pretreatment are shown in FIG. 2.
Step two: initializing the population scale of a WOA algorithm, the upper and lower limits and the initial position of a whale position, and initializing the annealing temperature, the cooling rate and the jump probability of an SA algorithm; the initialization iteration time t is 1, and the maximum iteration time maxgen.
In the invention, the population size of the WOA algorithm is initialized to be 100, the upper limit and the lower limit of the position of whale are xub ═ 100,100 and xlb ═ 0.01 and 0.01 respectively, and the initial position is xRange ═ repmat ((xub-xlb), [ sizepop,1 ]); xLower ═ repmat (xlb, [ sizepop,1 ]); pop (sizepop, dim) xRange + xLower. The annealing Temperature for initializing the SA algorithm is Temperature 0-8; the cooling rate is T ═ fitnesszbest/log (0.2); the kick probability is Tfit ═ zeros (sizepop, 1). The maxgen is initialized to 100 and the error precision is the mean square error MSE < 0.01.
Step three: selecting spiral predation or random searching prey according to the value of the random probability factor p, updating the whale position in the WOA algorithm by using a self-adaptive weight method, updating the optimal position and the global optimal position of the whale, and calculating the fitness value of the updated optimal position of the whale and the current global optimal position.
The whale optimization algorithm WOA is a novel meta-heuristic intelligent optimization algorithm proposed by two scholars of Mirjalii and Lewis in 2016, and an optimal solution is mainly found by simulating a spiral bubble net search strategy of whales with heads. The algorithm has the advantages of few adjustment parameters, simplicity in operation, easiness in understanding and the like, but the problems of local extremum falling, low convergence speed and the like are easily caused when the problems of relatively large data volume and relatively complex data volume are solved. Whale optimization algorithm of global search strategy [ J ] small-sized microcomputer system, 2020,41(09):1820 @ 1825 ] using adaptive weight and optimal neighborhood perturbation to guide updating position, the invention is to improve whale optimization algorithm using adaptive weight in combination with simulated annealing algorithm, and the WOA algorithm mainly comprises the following optimizing steps: surround prey, spiral predation, search prey, specifically be:
(1) surrounding prey
When the whale at the head is in the best position, other whales approach to the position, and the position update of the whale in the iterative optimization process is represented by the following formulas (1) and (2):
D=|CM*(t)-M(t)| (1)
M(t+1)=M*(t)-A·D (2)
wherein M is*(t) is the position vector of the optimal solution in the t-th iteration, and when a more optimal solution appears in the iteration process, M*(t) will be updated accordingly; m (t) is the position vector of the solution (or whale) at the t iteration, M (t +1) is the position vector of the solution at the t +1 iteration; d is the iteration distance between the optimal solution position and the current solution during the t-th iteration; coefficient vectors a and C are determined by equations (3) and (4):
A=2a·r1-a (3)
C=2r2 (4)
where a is a constant that drops linearly from 2 to 0 in an iterative process, which can be expressed as
Figure BDA0002893592720000091
maxgen is the maximum number of iterations;r1and r2Is [0, 1]]Random vector of (2).
(2) Spiral predator
As whale (seeker) gets closer to the prey (optimal solution), the variable a will decrease with it, while the coefficient vector a will also decrease linearly with a according to equation (3). When the coefficient vector a ∈ [ -1, 1], the next position of a new whale (seeker) can be any position between the current whale position and the optimal whale (optimal solution) position, and the whale (seeker) will launch an attack on the prey (optimal solution) in a spiral-like manner, updating the positions according to equation (5), and gradually approaching the prey position.
M(t+1)=D′·eblcos(2πl)+M*(t) (5)
Wherein, D' ═ M*(t) -M (t) represents the location distance between the ith searcher and the current optimal solution; b is a constant defining the shape of the logarithmic spiral, l e-1, 1]The random number in (c).
The whale head moves in a spiral manner, and the search range is continuously reduced, so that assuming that the selection is switched between a shrink wrap mechanism and a spiral model with a probability of 50%, the whale position is updated according to the formulas (6) and (7):
M(t+1)=M*(t)-A·D (6)
M(t+1)=D′·eblcos(2πl)+M*(t) (7)
wherein, D' ═ M*(t) -M (t) l represents the location distance between the ith searcher and the current best solution.
(3) Searching prey
The whale standing still searches for prey randomly, so that the global searching capability of the algorithm can be improved, and the random searching prey whale position updating formula is shown as (8):
M(t+1)=Mrand-A|CMrand(t)-M(t)| (8)
wherein M israndIs a randomly selected position vector from the current population (representing a random whale).
When facing relatively complex problems or relatively large data environments, the WOA algorithm has the limitations of being prone to local optimization and slow in convergence speed. The invention utilizes the self-adaptive weight to adjust the whale position updating coefficient, and adopts the simulated annealing algorithm (SA) to increase random search factors to obtain an improved whale optimization algorithm, thereby avoiding trapping a local extreme value and improving the global optimization capability.
The inertial weight coefficients may not only have an impact on the local search capability of the algorithm, but also on the global search capability of the algorithm, for example: the relatively large weight coefficient is beneficial to jumping out of a local optimal trap of the algorithm, so that the global search capability of the algorithm is improved, and the relatively small weight coefficient is beneficial to accurately searching a local search space, so that the local search capability of the algorithm and the convergence of the algorithm can be improved. The whale position is updated by utilizing the characteristic of the self-adaptive weight method, and the calculation formula is shown as (9):
Figure BDA0002893592720000101
where t is the number of iterations, and the maximum number of iterations maxgen is 100. k (t) represents an adaptive weight coefficient.
Substituting the adaptive weight coefficient k (t) into the formulas (6), (7) and (8), the position updating formulas of the improved WOA algorithm are shown as (9), (10) and (11).
M(t+1)=k(t)*M*(t)-A·D (10)
M(t+1)=k(t)*D′·eblcos(2πl)+M*(t) (11)
M(t+1)=k(t)*Mrand-A|CMrand(t)-M(t)| (12)
The Simulated annealing algorithm (SA) is a global optimization algorithm extended from a local search algorithm, so that the introduction of the SA into the WOA can enhance the global optimization capability during the search thereof, thereby effectively preventing the WOA from trapping in the locally optimal trap.
In the WOA iterative optimization process, WOA is used to find individual best and global best, but if the best bit of the populationIf the optimal fitness value is in a local extreme value, the obtained optimal fitness value tends to a local minimum value, so that the global search performance of the algorithm is reduced. Therefore, in order to avoid falling into local extreme values, the principle of SA is introduced, namely the sudden jump probability is adopted, and the probability P is adoptediAccepting the pernicious solution to help the WOA jump out of local optimality. Probability PiDetermined by equations (13) and (14):
Figure BDA0002893592720000102
df=fitness(i)-fitnesszbest (14)
in the above formula, fitness (i) is the current whale fitness value, and fitnesszbest is the global optimal whale fitness value. df is the difference of fitness between the two, and the judgment is carried out according to the positive and negative of the difference, if df is a negative number, the new whale position is superior to the original population optimal position, so that the new position replaces the original population optimal position, namely the current whale position is the global optimal whale position; if df is positive, it indicates that the new whale position is inferior to the original population optimal position, so a temperature T corresponding to the current temperature is generatedtCorresponding probability exp (-df/T)t) And judging whether to accept the new solution. Wherein the current temperature TtSuch as equations (15) and (16):
Figure BDA0002893592720000111
Tt+1=μTt (16)
wherein, the fitnesszbest is the global optimal whale fitness value, alpha belongs to [0.2,0.5], l is a cooling coefficient, and t is the iteration number. Alpha and mu are control parameters, t is more than or equal to 0, and mu is more than or equal to 0 and less than or equal to 1.
Calculating a fitness value: calculating the extreme value positions of the individuals and the groups and the corresponding optimal fitness value, and randomly generating the position of a whale and the corresponding fitness value: pop (sizepop, dim) xRange + xLower; fit (i) ═ fobj (pop (i): input _ train, output _ train, input _ test, output _ test), where fobj () is the fitness function; and then substituting the obtained new position into a fitness function fobj () according to the positions obtained by the improved whale optimization algorithm and the simulated annealing algorithm to obtain a fitness value, and then comparing the fitness value with the original fitness value to update the optimal fitness value and the corresponding position of the individual and the population.
The invention takes the average Mean Square Error (MSE) of an evaluation value and a real value obtained by an improved WOA-SVM evaluation model as a fitness function: the fitness function fobj () is as follows:
Function fitness=fobj(cv,input_train,output_train,input_test,output_test)
% cv is the transverse vector of length 2, i.e. the values of parameters c and v in the SVM
cmd=['-s3-t2','-c',num2ster(cv(1)),'-g',num2ster(cv(2))]
model ═ svmtrain (output _ train ', input _ train', cmd); % SVM model training [ -, fitness [ - ]]Swmpredict (output _ test ', input _ test', model); the% SVM model evaluation and its accuracy, fitness ═ fitness (2); % is the mean square error MSE as the value of the objective function for the optimization and
Figure BDA0002893592720000112
wherein x istAnd
Figure BDA0002893592720000113
respectively representing a true value and a situation assessment value, and n represents the number of data samples in the test set.
When the iteration time t is less than or equal to maxgen, the parameters a and r are updated1、r2A, C, b, l, p and the value of the adaptive weight coefficient k (t). Wherein r is1=rand(),r2=rand()b=1,l=(a2-1)*rand+1,a2=-1+t*(-1)/maxgen,p=rand(),
Figure BDA0002893592720000114
Iterative optimization: when the random probability p is less than 0.5, if | A | ≧ 1, randomly selecting from the current populationWhale population individual position MrandThe whale position of the searched prey is calculated according to the formula (12). If | A | < 1, the spatial position of the current whale group individual is updated according to the formula (10) by a shrink wrap mechanism. And when the random probability p is more than or equal to 0.5, spirally updating the spatial position of the current whale colony individual according to a formula (11), and finally updating the optimal whale position and the global optimal position as well as the fitness value of the updated optimal whale position and the current global optimal position. The random probability p is generated randomly, p ═ rand ().
Step four: and judging whether to accept a new whale position according to the sudden jump probability of the SA algorithm, updating the optimal whale position and the global optimal position, and storing.
Introduction of the SA algorithm: selecting a searcher in the neighborhood of the global optimal fitness value, calculating a difference value df according to a formula (14), and if the difference value df is less than 0, replacing the original position with a new whale position; if the difference df is greater than or equal to 0, the probability exp (-df/T)t) And judging whether the position of the inferior solution is accepted or not, and then updating and storing the whale optimal position gbest and the global optimal position zbest. The optimal whale position gbest and the global optimal position zbest are the positions of the optimal individual and the optimal population found by combining the adaptive weight improved whale optimization algorithm with the simulated annealing algorithm, and the position obtained in the step three is the position obtained by the adaptive weight improved whale optimization algorithm, which cannot be called as the true optimal position but is only the current optimal position.
And (5) cooling, namely controlling the temperature according to a formula (16).
Step five: and judging whether the iteration termination condition is met, if so, entering the step six, and otherwise, returning to the step two.
And judging whether a loop termination condition is met, namely whether the maximum iteration number is met or the error precision requirement is met, if so, obtaining the optimal individual zbest, assigning the optimal individual zbest to the optimal punishment parameter bestc and the kernel function parameter bestg of the SVM, otherwise, skipping to the step 3, and repeatedly executing the iterative optimization searching process again.
The values of the optimal penalty parameter bestc and the kernel function parameter bestg are represented by bestc ═ zbest (1); bestg ═ zbest (2).
Step six: and assigning the obtained value of the global optimal position to an optimal punishment parameter and a kernel function parameter of the SVM, analyzing the optimal parameter by utilizing regression fitting, combining a training set to carry out SVM network training, inputting sample data in a test set into the trained SVM to obtain an evaluation value, and converting the evaluation value into a network security level.
The optimal population position M obtained by the improved WOA algorithm*(t) respectively assigning the optimal penalty parameter bestc and the kernel function parameter bestg to the SVM. And substituting the obtained parameters into an SVM model, and carrying out SVM network training by using the optimal parameters of regression fitting analysis to obtain an evaluation value and converting the evaluation value into a corresponding network security level. The regression fitting analysis is the characteristic of the SVM model, is not a separately written regression fitting analysis function, and is realized by embedding the SVM into the fitness function calculation of the improved WOA, then searching the optimal parameters c and g of the SVM by using the global optimization characteristic of the WOA, and using the training model of the SVM in the design of the fitness function, thereby using the characteristic of the regression fitting analysis of the SVM.
The SVM is a new machine learning method proposed in 1995 by Corinna cortex and Vapnik, and is a generalized linear classifier for binary classification of data in a supervised learning manner. Compared with the traditional neural network, the SVM has the advantages of universality, robustness, effectiveness, computational simplicity, theoretical support and the like. However, when the SVM is used for pattern recognition or regression prediction, there is no unified standard for selecting the optimal penalty parameter c and the kernel function parameter g, and currently, a more common optimal parameter selection method includes: by experience, experimental comparison, large-scale search, and the like. In order to improve the accuracy of situation assessment, the invention adopts an improved whale optimization algorithm to search for the optimal parameter combination when selecting the optimal parameters c and g.
Regression fitting analysis is the specific attribute of the SVM model, training samples are input into a support vector machine with a preset regression function for training, and important parameters in the regression function are determined through continuous fitting to obtain an evaluation model. The training set is used for training the support vector machine, the optimal parameters of the SVM are searched, and finally an evaluation model of the support vector machine with good evaluation effect is obtained; the test set is used for substituting the obtained evaluation model for testing and verifying the effectiveness of the evaluation method.
FIG. 3 shows a comparison graph of experimental results of network security situation evaluation based on four algorithms of whale optimization algorithm WOA, adaptive weight improved WOA, simulated annealing algorithm (SA) improved WOA and adaptive weight combined simulated annealing algorithm optimized WOA. As can be seen from FIG. 3, the situation assessment polyline obtained by optimizing the SVM based on the WOA algorithm is the most fluctuating of the four algorithms and is also the most unstable. The situation evaluation value broken lines obtained by the self-adaptive weight improved WOA optimized SVM and the SA improved WOA optimized SVM are similar, and the situation evaluation value broken lines are not similar to the situation evaluation value broken lines, namely the fluctuation situation or the difference value of the situation evaluation value broken lines is similar to the difference value of the true value, so that the algorithm is stable on the whole and is closer to the true value broken lines compared with the algorithm of the non-improved WOA optimized SVM. The situation evaluation value broken line obtained by combining the self-adaptive weight with the SA improved WOA optimized SVM algorithm is more stable on the whole than the situation evaluation value broken lines obtained by the three algorithms, is more consistent with the true value broken line, and has smaller error.
Table 2 shows the situation values of the various algorithms for improving the WOA-SVM for network security situation evaluation and the absolute error between the situation values and the actual situation values. As can be seen from Table 2, compared with situation evaluation values obtained by other optimization algorithms on sample data points in ten test sets and absolute errors between the situation evaluation values and true values, the error of the improved WOA-SVM algorithm based on the combination of the adaptive weight and the simulated annealing algorithm is smaller and is closer to the true values, so that the accuracy of network security situation evaluation based on the improved WOA-SVM algorithm based on the combination of the adaptive weight and the simulated annealing algorithm is higher.
TABLE 2 comparison of estimated absolute errors for several different algorithms
Figure BDA0002893592720000141
And measuring the difference between the actual value and the situation evaluation value by using three performance indexes of Mean Square Error (MSE), Mean Absolute Percentage Error (MAPE) and Mean Absolute Error (MAE).
MSE index:
Figure BDA0002893592720000142
MAPE index:
Figure BDA0002893592720000143
MAE index:
Figure BDA0002893592720000144
in the above formula, xtAnd
Figure BDA0002893592720000145
respectively representing the true value and the situation assessment value, and n represents the number of test data.
Table 3 shows the calculation results of the mean square error, the average absolute percentage error, and the average absolute error between the situation value and the true value obtained by evaluating the network security situation of the WOA-SVM before and after the improvement. From table 3, it can be macroscopically seen that three index values of MSE, MAPE and MAE between the situation value and the true value obtained by the network security situation evaluation algorithm of the WOA-SVM improved based on the adaptive weight combination simulated annealing algorithm are the minimum compared with the index values obtained by the whale algorithm improved by other algorithms, and this also proves that the network security situation evaluation algorithm of the WOA-SVM improved based on the combination optimization algorithm has higher accuracy and effectiveness from the macro angle.
TABLE 3 precision judging and comparing Table
Figure BDA0002893592720000151
Convergence is a key issue as to whether the algorithm can be implemented. Fig. 4 shows the variation of the optimal individual fitness value in the iterative optimization process of each optimization algorithm. As can be seen from fig. 4, the individual fitness value searched for at the beginning of the WOA-SVM algorithm is relatively large and starts to fall into the local optimum at the 9 th iteration, and the fitness value converges to 0.991601. The optimal fitness value of the adaptive weight-improved WOA-SVM algorithm at the beginning of iteration is relatively large, and the fact that the optimal fitness value falls into local optimization is that the fitness value converges to 0.990664 at the 3 rd iteration. The SA-modified WOA-SVM algorithm initially has a relatively small individual fitness value relative to the fitness value of the adaptive weight-modified WOA-SVM algorithm, but also falls into local optima starting at iteration 3, and at iteration 8, a slight fluctuation is generated, and finally the fitness value of the algorithm converges to 0.990770, which is not much different from the convergence value of the adaptive weight-modified WOA-SVM algorithm. The adaptive weight combining SA improved WOA-SVM algorithm of the invention is the smallest relative to the initial individual optimal fitness value of the three optimization algorithms, changes are generated in the 15 th time, the 19 th time, the 58 th time and the 65 th time, and finally the optimal fitness value of the algorithm is converged to 0.990142.
As the invention takes the mean square error MSE of the safety situation estimated value and the true value as the fitness function, the smaller the individual fitness value is, the higher the description accuracy is. Although the WOA-SVM algorithm converges to the local optimal fitness value at the 9 th iteration, the adaptive weight-improved WOA-SVM algorithm and the SA-improved WOA-SVM algorithm converge to the local optimal fitness value at the 3 rd iteration, it is apparent that the fitness values thereof are not the smallest. In conclusion, the adaptive weight is combined with the simulated annealing algorithm (SA) to improve the WOA-SVM algorithm, so that the individual fitness value smaller than that of other algorithms can be achieved more quickly, and the method has higher accuracy and superiority.
The time complexity of the algorithm is an important index for judging the quality of the algorithm. The whale optimization algorithm designed in the invention has the population size of sizepop, the maximum iteration number of maxgen and the dimension of the problem of dim, so the time complexity of WOA is O (sizepop. maxgen. dim). The use of adaptive weight-optimized WOA-SVM, SA-optimized WOA-SVM and the inventive adaptive weight-combined SA-optimized WOA-SVM are all done within the WOA iteration loop without additional increase of loop times, so their time complexity is O (sizepop maxgen) all. Therefore, the time complexity of the WOA-SVM algorithm before and after the improvement is the same and belongs to the same level. The spatial complexity of an algorithm is a measure of how much memory is temporarily occupied by an algorithm when executed. In the present invention, the scale sizepop and problem dimension dim of the whale optimization algorithm determine its spatial complexity, and since the scale and dimension of all optimization algorithms do not change, all optimization algorithms have the same spatial complexity O (sizepop × dim).
In order to improve the accuracy of network security situation assessment, the invention provides a network security situation assessment method for improving a whale optimization algorithm optimization support vector machine by combining self-adaptive weight with a simulated annealing algorithm, and solves the problems that a punishment parameter c and a kernel function parameter g of an SVM are difficult to select, WOA is easy to fall into a local extreme value and is slow in convergence and the like. According to the method, the self-adaptive weight and the simulated annealing algorithm are introduced into the WOA, the local optimizing capability of the WOA is enhanced by using the self-adaptive weight algorithm, the global optimizing and converging capability of the WOA is improved by using the simulated annealing algorithm, so that the selection of SVM parameters is more accurate, the evaluation result is more fit for the actual situation, and the current network security condition can be more accurately reflected. The comparison experiment result shows that the evaluation result of the improved WOA-SVM algorithm based on the combination of the adaptive weight and the simulated annealing algorithm is more accurate, and the improved WOA-SVM algorithm has better stability and convergence.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (6)

1. A network security situation assessment method based on an improved WOA-SVM is characterized by comprising the following steps:
the method comprises the following steps: forming a sample set by taking the existing network safety data as sample data, carrying out normalization pretreatment on the sample data in the sample set, and dividing the sample data into a training set and a test set;
step two: initializing the population scale of a WOA algorithm, the upper and lower limits and the initial position of a whale position, and initializing the annealing temperature, the cooling rate and the jump probability of an SA algorithm; initializing the iteration time t as 1 and the maximum iteration time maxgen;
step three: iterative optimization: selecting spiral predation or random hunting according to the random probability p, updating the current whale position in the WOA algorithm by using a self-adaptive weight method, comparing the current whale position with the original whale position, and updating the current optimal whale position and the global optimal position;
step four: judging whether to accept a new whale position according to the sudden jump probability of the SA algorithm, updating the optimal whale position and the global optimal position, and storing;
step five: judging whether the iteration termination condition is met, if so, entering the step six, otherwise, returning to the step two;
step six: assigning the obtained value of the global optimal position to an optimal punishment parameter and a kernel function parameter of the SVM, analyzing the optimal parameter by utilizing regression fitting, carrying out SVM network training by combining a training set, inputting sample data in a test set into the trained SVM to obtain an evaluation value, and then converting the evaluation value into a network security level;
the method for updating the whale position in the WOA algorithm by using the self-adaptive weight method in the third step comprises the following steps:
M(t+1)=k(t)*M*(t)-A·D,
M(t+1)=k(t)*D′·eblcos(2πl)+M*(t),
M(t+1)=k(t)*Mrand-A|CMrand(t)-M(t)|,
wherein the adaptive weight coefficient
Figure FDA0003297075070000011
M*(t) is the position vector of the optimal solution at the t-th iteration; m (t) is the position vector of whale at the t iteration, and M (t +1) is the position vector of whale at the t +1 iteration; d is the iteration distance between the optimal solution position and the current solution during the t-th iteration; a and C are coefficient vectors, D' ═ M*(t) -M (t) l represents the ith individual of whaleThe position distance between the current optimal solution and the current optimal solution; b is a constant for defining the shape of the logarithmic spiral, l ∈ [ -1,1]A random number within; mrandIs a randomly selected position vector from the current population;
the method for selecting spiral predation or random hunting according to the random probability p in the third step is as follows:
when the iteration time t is less than or equal to maxgen, updating the parameters
Figure FDA0003297075070000012
r1=rand()、r2Rand (), A, C, constant b 1, l (a)2-1) × rand +1, random probability p ═ rand (), and adaptive weight coefficients
Figure FDA0003297075070000021
maxgen is the maximum number of iterations;
iterative optimization: when the random probability p is less than 0.5, if the coefficient vector | A | is more than or equal to 1, randomly selecting the whale colony individual position M from the current colonyrandCalculating whale positions of searched prey: m (t +1) ═ k (t) × Mrand-A|CMrand(t) -m (t) |; if | A | < 1, updating the spatial position of the current whale population individuals by a contraction enclosure mechanism: m (t +1) ═ k (t) × M*(t) -A.D; when the random probability p is more than or equal to 0.5, the spatial position of the current whale colony individual is updated in a spiral mode: m (t +1) ═ k (t) · D' · eblcos(2πl)+M*(t); updating the whale optimal position, the global optimal position and the fitness values of the updated whale position and the current global optimal position;
and taking the average Mean Square Error (MSE) as an optimized objective function value, namely an adaptability value.
2. The improved WOA-SVM based network security situation assessment method according to claim 1, wherein the sample data takes the number of virus-infected hosts, the total number of tampered websites, the total number of implanted backdoor websites, the number of counterfeit pages of domestic websites and the number of newly-added information security holes as evaluation indexes, and converts five security levels of high risk, medium risk, light risk and security into digital levels, wherein the digital levels are the assessment values obtained by the SVM:
level of security High risk Danger of Middle danger Light danger Secure Evaluation value [0,1) [1,2) [2,3) [3~4) [4~5]
The sample data is normalized and preprocessed as follows:
Figure FDA0003297075070000022
wherein x, y ∈ Rn,xminFor minimum data, x, in a sample setmaxFor the maximum data in the sample set, sample data is normalized to [ -1,1 [ ]]And (4) the following steps.
3. The improved WOA-SVM based network security posture assessment method of claim 1, wherein the coefficient vectors A and C are respectively:
A=2a·r1-a,C=2r2
wherein a is a constant that linearly decreases from 2 to 0 in an iterative process, and
Figure FDA0003297075070000023
r1and r2Is [0, 1]]Random vector of (2).
4. The improved WOA-SVM based network security situation assessment method according to claim 1, wherein the snap-through probability P isiComprises the following steps:
Figure FDA0003297075070000031
and df ═ fitness (i) -fitnesszbest;
wherein, fitness (i) is the current whale fitness value, and fitnesszbest is the global optimal whale fitness value; df is the difference between the current whale fitness value and the globally optimal whale fitness value; t istIs the current temperature;
selecting a searcher in the neighborhood of the global optimal fitness value in the fourth step, calculating a difference value df, and replacing the original position with a new whale position if the difference value df is less than 0; if the difference df is greater than or equal to 0, the probability exp (-df/T)t) Judging whether the position of the inferior solution is accepted or not; the whale optimal position gbest and the global optimal position zbest are then updated.
5. The improved WOA-SVM based network security posture assessment method of claim 4, wherein the current temperature TtThe initialization is as follows:
Figure FDA0003297075070000032
current temperature TtThe rate of change of (c) is: t ist+1=μTt
Wherein, the fitnesszbest is the overall optimal whale fitness value, alpha and mu are control parameters, t is the iteration times, t is more than or equal to 0, mu is more than or equal to 0 and less than or equal to 1, and alpha belongs to [0.2,0.5 ].
6. The improved WOA-SVM based network security posture assessment method according to claim 1 or 5, wherein the termination condition is whether a maximum number of iterations maxgen is met or an error accuracy requirement is met: mean square error MSE < 0.01.
CN202110034429.2A 2021-01-12 2021-01-12 Network security situation assessment method based on improved WOA-SVM Active CN112766343B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110034429.2A CN112766343B (en) 2021-01-12 2021-01-12 Network security situation assessment method based on improved WOA-SVM

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110034429.2A CN112766343B (en) 2021-01-12 2021-01-12 Network security situation assessment method based on improved WOA-SVM

Publications (2)

Publication Number Publication Date
CN112766343A CN112766343A (en) 2021-05-07
CN112766343B true CN112766343B (en) 2022-03-11

Family

ID=75701449

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110034429.2A Active CN112766343B (en) 2021-01-12 2021-01-12 Network security situation assessment method based on improved WOA-SVM

Country Status (1)

Country Link
CN (1) CN112766343B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113392587B (en) * 2021-06-16 2023-09-05 中国地质调查局西安地质调查中心(西北地质科技创新中心) Parallel support vector machine classification method for large-area landslide risk evaluation
CN113591240B (en) * 2021-07-27 2023-09-05 重庆大学 Modeling method for thermal error model of tooth grinding machine based on bidirectional LSTM network
CN115102736B (en) * 2022-06-15 2024-04-26 天津市国瑞数码安全系统股份有限公司 Method and system for evaluating network security based on pattern recognition
CN115412301B (en) * 2022-08-02 2024-03-22 云南电网有限责任公司信息中心 Predictive analysis method and system for network security
CN115689389B (en) * 2022-11-21 2023-07-14 黑龙江省水利科学研究院 Cold region river and lake health evaluation method and device based on whale algorithm and projection pursuit
CN116292245A (en) * 2023-02-27 2023-06-23 安徽云磬科技产业发展有限公司 Piston pump voiceprint fault detection method
CN117169191A (en) * 2023-08-31 2023-12-05 中国自然资源航空物探遥感中心 Soil lead pollution degree monitoring system based on spectral magnetism
CN117575028A (en) * 2023-11-13 2024-02-20 无锡商业职业技术学院 Network security analysis method and system based on Markov chain

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109345005A (en) * 2018-09-12 2019-02-15 中国电力科学研究院有限公司 A kind of integrated energy system multidimensional optimization method based on improvement whale algorithm
CN109886588A (en) * 2019-02-28 2019-06-14 长安大学 A method of flexible job shop scheduling is solved based on whale algorithm is improved
CN109902873A (en) * 2019-02-28 2019-06-18 长安大学 A method of the cloud manufacturing resource allocation based on modified whale algorithm
CN111222676A (en) * 2019-10-22 2020-06-02 上海勘测设计研究院有限公司 Cascade power generation and ecological balance optimization scheduling method, device, equipment and medium
CN111262858A (en) * 2020-01-16 2020-06-09 郑州轻工业大学 Network security situation prediction method based on SA _ SOA _ BP neural network
CN111507045A (en) * 2020-04-01 2020-08-07 武汉理工大学 Structural damage identification method based on adaptive weight whale optimization algorithm
CN112036611A (en) * 2020-08-12 2020-12-04 国网山东省电力公司经济技术研究院 Power grid optimization planning method considering risks
CN112036296A (en) * 2020-08-28 2020-12-04 合肥工业大学 Motor bearing fault diagnosis method based on generalized S transformation and WOA-SVM

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109345005A (en) * 2018-09-12 2019-02-15 中国电力科学研究院有限公司 A kind of integrated energy system multidimensional optimization method based on improvement whale algorithm
CN109886588A (en) * 2019-02-28 2019-06-14 长安大学 A method of flexible job shop scheduling is solved based on whale algorithm is improved
CN109902873A (en) * 2019-02-28 2019-06-18 长安大学 A method of the cloud manufacturing resource allocation based on modified whale algorithm
CN111222676A (en) * 2019-10-22 2020-06-02 上海勘测设计研究院有限公司 Cascade power generation and ecological balance optimization scheduling method, device, equipment and medium
CN111262858A (en) * 2020-01-16 2020-06-09 郑州轻工业大学 Network security situation prediction method based on SA _ SOA _ BP neural network
CN111507045A (en) * 2020-04-01 2020-08-07 武汉理工大学 Structural damage identification method based on adaptive weight whale optimization algorithm
CN112036611A (en) * 2020-08-12 2020-12-04 国网山东省电力公司经济技术研究院 Power grid optimization planning method considering risks
CN112036296A (en) * 2020-08-28 2020-12-04 合肥工业大学 Motor bearing fault diagnosis method based on generalized S transformation and WOA-SVM

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
一种全局搜索策略的鲸鱼优化算法;刘磊等;《小型微型计算机系统》;20200930;第1820-1825页 *
基于自适应权重和模拟退火的鲸鱼优化算法;褚鼎力等;《电子学报》;20190531;第992-999页 *
改进WOA算法优化SVM的网络入侵检测;徐慧等;《实验室研究与探索》;20190831;第128-133页 *

Also Published As

Publication number Publication date
CN112766343A (en) 2021-05-07

Similar Documents

Publication Publication Date Title
CN112766343B (en) Network security situation assessment method based on improved WOA-SVM
Jiang et al. Network intrusion detection based on PSO-XGBoost model
Zhou et al. Deep learning approach for cyberattack detection
Srivastava et al. An ensemble model for intrusion detection in the internet of softwarized things
CN114519190B (en) Multi-target network security dynamic evaluation method based on Bayesian network attack graph
AlShahrani Classification of cyber-attack using Adaboost regression classifier and securing the network
Bodström et al. State of the art literature review on network anomaly detection with deep learning
Chen et al. FEW-NNN: A fuzzy entropy weighted natural nearest neighbor method for flow-based network traffic attack detection
Zheng et al. An Efficient Hybrid Clustering-PSO Algorithm for Anomaly Intrusion Detection.
Cao et al. Network intrusion detection technology based on convolutional neural network and BiGRU
Wang et al. A novel intrusion detector based on deep learning hybrid methods
Dong et al. Db-kmeans: an intrusion detection algorithm based on dbscan and k-means
Suman et al. Building an effective intrusion detection system using unsupervised feature selection in multi-objective optimization framework
Yang et al. An unsupervised learning‐based network threat situation assessment model for internet of things
Wang et al. EFS‐DNN: An Ensemble Feature Selection‐Based Deep Learning Approach to Network Intrusion Detection System
CN116996272A (en) Network security situation prediction method based on improved sparrow search algorithm
Yang et al. A Modified Gray Wolf Optimizer‐Based Negative Selection Algorithm for Network Anomaly Detection
Ravipati et al. A survey on different machine learning algorithms and weak classifiers based on KDD and NSL-KDD datasets
CN116861467B (en) Context feature-based database abnormal query access control method
Hu et al. A network security situation prediction method based on attention-CNN-BiGRU
Ji et al. A network intrusion detection approach based on asymmetric convolutional autoencoder
CN117155701A (en) Network flow intrusion detection method
Barik et al. Adversarial attack detection framework based on optimized weighted conditional stepwise adversarial network
Zhao et al. IoT intrusion detection model based on gated recurrent unit and residual network
Aswanandini et al. Hyper-heuristic firefly algorithm based convolutional neural networks for big data cyber security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant