CN113095433A - Method for training intrusion detection network structure model - Google Patents
Method for training intrusion detection network structure model Download PDFInfo
- Publication number
- CN113095433A CN113095433A CN202110461233.1A CN202110461233A CN113095433A CN 113095433 A CN113095433 A CN 113095433A CN 202110461233 A CN202110461233 A CN 202110461233A CN 113095433 A CN113095433 A CN 113095433A
- Authority
- CN
- China
- Prior art keywords
- training
- network structure
- data set
- network
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
Abstract
The application relates to a training method of an intrusion detection network structure model, which comprises the following steps: acquiring an original data set; preprocessing an original data set to obtain a training data set; grouping the training data sets according to a preset time length, splicing the data in each group into a two-dimensional array sample, and obtaining a first preset number of two-dimensional array samples; training a pre-constructed network structure model by using a first preset number of two-dimensional array samples; the network structure is a convolutional neural network added with BAM; outputting a training result; the training result is an intrusion detection network model. Therefore, the neural network and the attention mechanism are combined and introduced into the industrial control system, data in the industrial control system are subjected to characteristic reordering to reinforce the effect of the attention mechanism neural network, and the data are input into the network for training after being subjected to space-time splicing, so that detection of deceptive attacks can be realized, the calculation efficiency and performance can be improved, and the detection speed is further improved.
Description
Technical Field
The application relates to the technical field of industrial control data processing, in particular to a training method of an intrusion detection network structure model.
Background
With the rapid development of economic society, the integration development of industrialization and informatization is deepened continuously, an industrial control system is gradually opened from closed, and various safety problems and risks are more and more prominent. Intrusion detection, as a method for effectively discovering malicious intrusion behaviors, is an important position in industrial control systems.
In the related art, there are various existing algorithms for intrusion detection, such as a deep neural network algorithm, a radial basis function neural network algorithm, a random forest algorithm, and the like. However, these algorithms detect data at a certain time point, and are difficult to detect fraudulent attacks, such as deviation attacks and geometric attacks. In addition, to ensure timeliness of industrial control network data, the intrusion detection algorithm needs to be run on the edge side of the industrial control network, and to make up for the deficiency of the computing capability of the edge side, the speed of the intrusion detection algorithm needs to be further increased, and the computation amount of the algorithm needs to be simplified.
Disclosure of Invention
In view of the above, the present application aims to overcome the deficiencies of the prior art and provide a method for training an intrusion detection network structure model.
In order to achieve the purpose, the following technical scheme is adopted in the application:
the application provides a training method of an intrusion detection network structure model, which comprises the following steps:
acquiring an original data set;
performing characteristic sorting on the original data set to obtain a training data set;
grouping the training data sets according to a preset time length, splicing the data in each group into a two-dimensional array sample, and obtaining a first preset number of two-dimensional array samples;
training a pre-constructed network structure by using the first preset number of two-dimensional array samples; the network structure is a convolutional neural network added with BAM;
outputting a training result; and the training result is an intrusion detection network structure model.
Optionally, the method further includes:
and adding a second preset number of BAMs to the convolution layer of the AlezNet5 network to obtain the pre-constructed network structure.
Optionally, after the adding the second preset number of BAMs to the convolutional layer of the AlezNet5 network, the method includes:
adding the second predetermined number of BAMs after the first layer of convolutional layers.
Optionally, the second preset number is 1.
Optionally, the training of the pre-constructed network structure by using the first preset number of two-dimensional array samples includes:
inputting the first preset number of two-dimensional array samples into a pre-constructed network structure for iterative training so as to adjust parameters of the network structure model;
and updating the network structure according to the parameters to obtain the training result.
Optionally, the performing feature sorting on the original data set to obtain a training data set includes:
and sequencing all the features of the original data set based on a feature selection method to obtain a training data set.
Optionally, the ranking the features of the original data set based on the feature selection method to obtain a training data set includes:
based on a Lasso feature selection method, scoring each feature of the original data set to obtain a score value of each feature;
and sequencing and adjusting all the characteristics in the original data set from high to low according to the score values to obtain the training data set.
The technical scheme provided by the application can comprise the following beneficial effects:
in the scheme of the application, a network structure is constructed in advance, the network structure is a convolutional neural network added with BAM, and after an original data set is obtained, feature sorting is carried out on the original data set, so that the relevance of adjacent features of the processed data set is reduced, and the effect of an attention mechanism in the network is strengthened. After the training data set is obtained, grouping the training data set according to a preset time length, splicing data in each group into a two-dimensional array sample, and finally obtaining the two-dimensional array samples with the first preset number so as to avoid that the trained intrusion detection network structure model is insensitive to deceptive attacks. And then, training the pre-constructed network by using a first preset number of two-dimensional array samples to obtain a training result, namely obtaining an intrusion detection network structure model through training. Therefore, the neural network and the attention mechanism are combined and introduced into the industrial control system, the data features in the industrial control system are sequenced, then subjected to space-time splicing and input into the network structure model for training, detection of deceptive attacks can be achieved, and the calculation efficiency can be improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a method for training an intrusion detection network structure model according to an embodiment of the present application.
Fig. 2 is a graph of experimental results regarding the amount of BAMs provided in another embodiment of the present application.
Fig. 3 is a graph of experimental results regarding BAM location provided by another embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail below. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the examples given herein without making any creative effort, shall fall within the protection scope of the present application.
In the industrial control system, a large number of devices are involved, and the devices correspond to the characteristics of data, so that the industrial control data is high-dimensional characteristic data. The industrial control network is integrated into the Internet to bring convenience and bring complicated and various malicious intrusions, the essence of intrusion detection is data classification, and various types of attacks cause the industrial control data to be multi-label data. By combining the characteristics of the industrial control data, the convolutional neural network can be applied to the industrial control data. In order to obtain an applicable intrusion detection network structure model, the application provides a training method of the intrusion detection network structure model.
Fig. 1 is a flowchart of a method for training an intrusion detection network structure model according to an embodiment of the present application. The embodiment provides a method for training an intrusion detection network structure model, as shown in the figure, the method at least includes the following implementation steps:
and 11, acquiring an original data set.
In practice, the published industrial control data set can be used as the raw data set. Such as the singapore waterworks dataset or the mississippi dataset, etc.
And step 12, performing feature sorting on the original data set to obtain a training data set.
And step 13, grouping the training data sets according to a preset time length, splicing the data in each group into a two-dimensional array sample, and obtaining a first preset number of two-dimensional array samples.
Because the industrial control data set is composed of the one-dimensional arrays of the multiple time points, in order to avoid that the trained intrusion detection network structure model is insensitive to fraudulent attacks, the data in the industrial control data set after the characteristic sorting needs to be subjected to space-time splicing, that is, the data in the training data set is grouped according to the preset time length, and the data in each group is spliced into a two-dimensional array sample, for example, the preset time length can be 16 time points, so that the data of the 16 time points can be spliced into a two-dimensional array sample. Therefore, the two-dimensional array sample can be continuous information with a change trend, the problem that the training result is insensitive to single data can be solved, the change trend can be formed when the single data is slightly changed, and then the change trend can be detected, so that detection of the deceptive attack can be realized.
The preset time length may be set according to actual requirements, and is not limited herein.
In this embodiment, a network structure is pre-constructed, the network structure is a convolutional neural network added with BAM, and after an original data set is obtained, feature ordering is performed on the original data set, so that the relevance of adjacent features of the processed data set is reduced, and the effect of an attention mechanism in the network is strengthened. After the training data set is obtained, grouping the training data set according to a preset time length, splicing data in each group into a two-dimensional array sample, and finally obtaining the two-dimensional array samples with the first preset number so as to avoid that the trained intrusion detection network structure model is insensitive to deceptive attacks. And then, training the pre-constructed network by using a first preset number of two-dimensional array samples to obtain a training result, namely obtaining an intrusion detection network structure model through training. Therefore, the neural network and the attention mechanism are combined and introduced into the industrial control system, the data features in the industrial control system are sequenced, then subjected to space-time splicing and input into the network structure model for training, detection of deceptive attacks can be achieved, and the calculation efficiency can be improved.
In some embodiments, when performing feature sorting on the original data set to obtain the training data set, the method may specifically include: and sequencing all the features of the original data set based on a feature selection method to obtain a training data set.
Feature selection is an important component of high-dimensional data processing, and is widely applied to machine learning, image processing and the like. The main purpose of feature selection is to determine an optimal subset of features to reduce feature dimensions and optimize the performance of machine learning algorithms. The reason behind feature selection is that classifiers trained on a simplified feature space are more robust and repeatable than classifiers constructed on the original large feature space. Features that do not provide useful information are referred to as incoherent features, and features that do not provide more information than the currently selected features are referred to as redundant features.
The difference between the industrial control data set and the picture data set is that there is a relationship between adjacent features of the picture data, and adjacent columns of industrial control data are not necessarily related. Irrelevant features are deleted when the optimal feature subset is constructed through feature selection, the redundancy rate in industrial control data is high, if the irrelevant features are all deleted, details in a data set are ignored, and later-stage misjudgment can be caused. Therefore, the training result can be further improved by ranking the scored features by using feature selection.
When the features of the original data set are ranked based on the feature selection method to obtain a training data set, each feature of the original data set can be scored based on the Lasso feature selection method to obtain a scoring value of each feature; and (4) carrying out sequencing adjustment on all the features in the original data set according to the score value from high to low, thereby obtaining a training data set. Features selected by Lasso and having a feature score not equal to 0 are not necessarily irrelevant, so that the features are sorted according to the absolute value of the feature score, so that adjacent features can be irrelevant, and the action of an attention mechanism network is strengthened.
And the scores of the features are calculated through the Lasso, and then the features are sorted according to the absolute value of the scores, so that the detailed information of the data is reserved, and the relevance between the adjacent features is weakened.
In some embodiments, after the space-time stitching processing in step 13, the obtained industrial control data is similar to picture data, adjacent pixel points of the picture data are necessarily related, each feature of the industrial control data represents a device, and the features are not necessarily related, so that the industrial control data is simpler than the picture data, and a complex convolutional network structure is not required, so that an AlexNet5 network can be used to design a simple 5-layer convolutional layer. And because the industrial control data is simpler than the picture data, in order to enable the simple network to reach the same index of the complex network, a BAM (bottleneck attention module) can be added into the convolutional neural network. Thus, the method for training the intrusion detection network structure model may further include: adding a second preset number of BAMs to the convolutional layers of the AlexNet5 network to obtain a pre-constructed network structure.
To determine the better value of BAM and the better location of BAM addition in the convolutional layer, the following experiment can be performed using the singapore waterworks dataset as the raw dataset:
different numbers of BAM modules are added into the 5-layer convolutional network, a singapore water plant data set is adopted as an original data set, and after 30 times of iteration, the accuracy on the training set is shown in fig. 2, wherein 201 is the 5-layer convolutional network without BAM added, 202 is the AlexNet5 network with one BAM added, 203 is the AlexNet5 network with 2 BAMs added, 204 is the AlexNet5 network with 5 BAMs added, and 205 is the resnet18 network. Experiment results show that the convergence rates of the AlexNet5 network added with different numbers of BAM modules are different from the convergence rates of the AlexNet5 network and the resnet18 network without the BAM modules. The effect of adding different BAM modules is similar, since the industrial control data is simpler, the second predetermined number may be 1 in order to increase the operation speed.
Similarly, when testing the added location of BAM, the addition can be performed after each layer of the AlexNet5 network, and after 30 iterations, the accuracy on the training set is as shown in fig. 3, where 301 is no addition, 302 is addition after the first layer convolutional layer, 303 is addition after the second layer convolutional layer, 304 is addition after the third layer convolutional layer, 305 is addition after the fourth layer convolutional layer, 306 is addition after the fifth layer convolutional layer, and 307 is ResNet 18. Experimental results show that the features extracted by the first convolution layer are the most obvious, and the attention mechanism is put after the first convolution layer to achieve better effect.
Thus, in building the network structure model, the network structure model can be defined as an AlexNet5 network, with a BAM added behind the first layer of convolutional layers.
In some embodiments, when training the pre-constructed network structure by using the first preset number of two-dimensional array samples, the training specifically may include: inputting a first preset number of two-dimensional array samples into a pre-constructed network structure for iterative training so as to adjust parameters of the network structure; and updating the network structure according to the parameters to obtain a training result.
In order to further verify that the network structure trained by the training method of the intrusion detection network structure model has higher convergence rate and higher accuracy, the following comparative experiment is carried out:
the experiment is carried out by adopting 4 existing data sets of industrial control data, wherein the 4 data sets are a CICICIDS 2017, a CICICIDOS 2019, a Missississippi data set and a Singapore water plant data set respectively. The newly-added waterworks data sets in the data sets are classified data sets, and the other three data sets are multi-classified data sets. Wherein, the number of the strips is CICDDOS 201780000, CICDDOS 2019143380, MIXIXIPI 96979 and SINGAPORE 172800. The data are firstly spliced in space and time, each column represents a characteristic, each line of data represents each characteristic data collected at a certain time point, and each 16 lines of data can be spliced into a sample. If one abnormal data label appears in the 16 data, the sample label is abnormal, if multiple abnormal labels appear in the 16 data, the data is discarded, and if the 16 data are all normal, the sample label is normal.
First, experimental verification was performed using the CICIDS2017 dataset:
three groups of experiments are carried out by using CICIDS2017, the same pretreatment method is kept for each group of experiments, and two different network structures, namely an AlexNet5 network and an AlexNet5 network added with an attention mechanism, are adopted. In the first set of experiments, raw data of CICIDS2017 was directly input into the AlexNet5 network and the BAM-added AlexNet5 network, respectively. In the second set of experiments, the raw data of CICIDS2017 is input into the two networks after being subjected to characteristic sorting by Lasso. In the third set of experiments, the raw data of CICIDS2017 are input into the two networks after being subjected to feature sorting by Recursive Feature Elimination (RFE). Experimental results show that the convergence speed of the original data in the CICICIDS 2017 data set in the attention mechanism network is higher, and the convergence speeds of the two networks are basically consistent after preprocessing. Therefore, the AlexNet5 network with the BAM added on the CICIDS2017 data set can accelerate the convergence speed.
Similarly, two sets of experiments are performed by using CICIDS2017, each set of experiments keeps the same network structure, and three different data preprocessing methods are adopted. The first set of experiments were performed using three different pre-processing methods, including raw data direct input, Lasso processing, and RFE processing, respectively, and input into the AlexNet5 network. The second set of experiments were performed using the three different pre-processing methods described above for input into a BAM-added AlexNet5 network. Test results show that the characteristic sorting of the data can accelerate the convergence speed of the CICIDS2017 data set.
Secondly, a CICIDOS2019 data set is used for experimental verification:
three groups of experiments are carried out by using CICICIDOS 2019, the same pretreatment method is kept for each group of experiments, and two different network structures, namely an AlexNet5 network and an AlexNet5 network added with BAM, are adopted. In the first set of experiments, raw data from CICICIDOS 2019 was input directly into the AlexNet5 network and the BAM-added AlexNet5 network, respectively. In the second set of experiments, the raw data of CICICIDOS 2019 is input into the two networks after being subjected to characteristic sorting by Lasso. In the third group of experiments, the original data of CICICIDOS 2019 is input into the two networks after being subjected to feature sorting by RFE. The experimental result shows that the convergence rates of the two network structures in the CICICIDOS 2019 data set are consistent.
Similarly, CICICIDOS 2019 is used for carrying out two groups of experiments, each group of experiments keeps the same network structure, and three different data preprocessing methods are adopted. The first set of experiments were input into the AlexNet5 network using three different preprocessing methods, including raw data direct input, Lasso and RFE feature sorting, respectively. The second set of experiments were performed using the three different pre-processing methods described above for input into a BAM-added AlexNet5 network. The test result shows that the characteristic sequence has no influence on the convergence speed of the CICIDOS2019 data set on the network structure.
Thirdly, experimental verification is carried out by using a mississippi data set:
three groups of experiments are carried out by utilizing a Missississippi data set, the same pretreatment method is kept for each group of experiments, and two different network structures, namely an AlexNet5 network and an AlexNet5 network added with BAM, are adopted. In the first set of experiments, the mississippi data sets were input directly into the AlexNet5 network and BAM-added AlexNet5 network, respectively. In the second set of experiments, the mississippi data sets were input into both networks after characteristic sorting by Lasso. In the third set of experiments, the mississippi dataset was RFE processed and then input into both networks. The experimental result shows that the network convergence speed of the AlexNet5 network added with BAM is higher.
Similarly, two sets of experiments were performed using the mississippi data set, each set of experiments maintaining the same network structure, using three different data preprocessing methods. The first set of experiments were performed using three different pre-processing methods, including raw data direct input, Lasso processing, and RFE processing, respectively, and input into the AlexNet5 network. The second set of experiments were performed using the three different pre-processing methods described above, respectively, and input into a BAN-added AlexNet5 network. Experimental results show that RFE-processed data converged faster among AlexNet5 networks, while raw data and Lasso-processed data converged faster among BAM-added AlexNet5 networks. And when the iteration is carried out for 30 times, the AlexNet5 network added with the BAM has higher accuracy than the AlexNet5 network.
And finally, carrying out experimental verification by using a Singapore water plant data set:
three groups of experiments are carried out by utilizing a Singapore water plant data set, the same pretreatment method is kept for each group of experiments, and two different network structures, namely an AlexNet5 network and an AlexNet5 network added with an attention mechanism, are adopted. In a first set of experiments, the singapore waterworks dataset was directly input into the AlexNet5 network and the BAM-added AlexNet5 network, respectively. In the second set of experiments, the Singapore water plant data sets were preprocessed with Lasso and then input into both networks. In the third group of experiments, the data sets of the water works in Singapore are input into the two networks after being subjected to RFE processing. The experimental result shows that the network convergence speed of the AlexNet5 network added with BAM is higher.
Similarly, two sets of experiments were performed using the singapore waterworks dataset, each set of experiments maintaining the same network structure, using three different data preprocessing methods. The first set of experiments were performed using three different pre-processing methods, including raw data direct input, Lasso processing, and RFE processing, respectively, and input into the AlexNet5 network. The second set of experiments were performed using the three different pre-processing methods described above for input into a BAM-added AlexNet5 network. Test results show that in the two networks, the convergence rate of the original data and the data processed by the Lasso is higher. And when the iteration is carried out for 30 times, the AlexNet5 network added with the BAM has higher accuracy than the AlexNet5 network.
In summary, the intrusion detection network structure obtained by the training method of the intrusion detection network structure model has higher accuracy and faster convergence rate.
It is understood that the same or similar parts in the above embodiments may be mutually referred to, and the same or similar parts in other embodiments may be referred to for the content which is not described in detail in some embodiments.
It should be noted that, in the description of the present application, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. Further, in the description of the present application, the meaning of "a plurality" means at least two unless otherwise specified.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and the scope of the preferred embodiments of the present application includes other implementations in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present application.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present application may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.
Claims (7)
1. A method for training an intrusion detection network structure model is characterized by comprising the following steps:
acquiring an original data set;
performing characteristic sorting on the original data set to obtain a training data set;
grouping the training data sets according to a preset time length, splicing the data in each group into a two-dimensional array sample, and obtaining a first preset number of two-dimensional array samples;
training a pre-constructed network structure by using the first preset number of two-dimensional array samples; the network structure is a convolutional neural network added with BAM;
outputting a training result; and the training result is an intrusion detection network structure model.
2. The method for training the intrusion detection network structure model according to claim 1, further comprising:
and adding a second preset number of BAMs to the convolution layer of the AlezNet5 network to obtain the pre-constructed network structure.
3. The method for training the intrusion detection network structure model according to claim 2, wherein the step of adding the second preset number of BAMs to the convolutional layer of the AlezNet5 network comprises:
adding the second predetermined number of BAMs after the first layer of convolutional layers.
4. The method for training the intrusion detection network structure model according to any one of claims 2 to 3, wherein the second predetermined number is 1.
5. The method for training the intrusion detection network structure model according to claim 1, wherein the training the pre-constructed network structure with the first preset number of two-dimensional array samples comprises:
inputting the first preset number of two-dimensional array samples into a pre-constructed network structure for iterative training so as to adjust parameters of the network structure model;
and updating the network structure according to the parameters to obtain the training result.
6. The method of claim 1, wherein the step of performing feature sorting on the original data set to obtain a training data set comprises:
and sequencing all the features of the original data set based on a feature selection method to obtain a training data set.
7. The method of claim 6, wherein the step of ranking the features of the original data set based on the feature selection method to obtain a training data set comprises:
based on a Lasso feature selection method, scoring each feature of the original data set to obtain a score value of each feature;
and sequencing and adjusting all the characteristics in the original data set from high to low according to the score values to obtain the training data set.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110461233.1A CN113095433B (en) | 2021-04-27 | 2021-04-27 | Training method for intrusion detection network structure model |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110461233.1A CN113095433B (en) | 2021-04-27 | 2021-04-27 | Training method for intrusion detection network structure model |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113095433A true CN113095433A (en) | 2021-07-09 |
| CN113095433B CN113095433B (en) | 2023-06-23 |
Family
ID=76680307
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110461233.1A Active CN113095433B (en) | 2021-04-27 | 2021-04-27 | Training method for intrusion detection network structure model |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113095433B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113420291A (en) * | 2021-07-19 | 2021-09-21 | 宜宾电子科技大学研究院 | Intrusion detection feature selection method based on weight integration |
| CN117332352A (en) * | 2023-10-12 | 2024-01-02 | 国网青海省电力公司海北供电公司 | Lightning arrester signal defect identification method based on BAM-AlexNet |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040117478A1 (en) * | 2000-09-13 | 2004-06-17 | Triulzi Arrigo G.B. | Monitoring network activity |
| IL219361A (en) * | 2012-04-23 | 2017-09-28 | Verint Systems Ltd | Systems and methods for combined physical and cyber data security |
| US20190230113A1 (en) * | 2016-02-22 | 2019-07-25 | The Regents Of The University Of California | Information leakage-aware computer aided cyber-physical manufacturing |
| CN110162700A (en) * | 2019-04-23 | 2019-08-23 | 腾讯科技(深圳)有限公司 | The training method of information recommendation and model, device, equipment and storage medium |
| CN110196946A (en) * | 2019-05-29 | 2019-09-03 | 华南理工大学 | A kind of personalized recommendation method based on deep learning |
| CN110912867A (en) * | 2019-09-29 | 2020-03-24 | 惠州蓄能发电有限公司 | Intrusion detection method, device, equipment and storage medium for industrial control system |
| CN111553381A (en) * | 2020-03-23 | 2020-08-18 | 北京邮电大学 | Network intrusion detection method and device based on multiple network models and electronic equipment |
| CN111585997A (en) * | 2020-04-27 | 2020-08-25 | 国家计算机网络与信息安全管理中心 | Network flow abnormity detection method based on small amount of labeled data |
| WO2020176472A1 (en) * | 2019-02-27 | 2020-09-03 | Veo Robotics, Inc. | Safety-rated multi-cell workspace mapping and monitoring |
| CN111651693A (en) * | 2020-06-29 | 2020-09-11 | 腾讯科技(深圳)有限公司 | Data display method, data sorting method, device, equipment and medium |
| CN111741002A (en) * | 2020-06-23 | 2020-10-02 | 广东工业大学 | Method and device for training network intrusion detection model |
| CN111901340A (en) * | 2020-07-28 | 2020-11-06 | 四川大学 | Intrusion detection system and method for energy Internet |
| CN112115253A (en) * | 2020-08-17 | 2020-12-22 | 北京计算机技术及应用研究所 | Depth text ordering method based on multi-view attention mechanism |
| CN112351033A (en) * | 2020-11-06 | 2021-02-09 | 北京石油化工学院 | Deep learning intrusion detection method based on double-population genetic algorithm in industrial control network |
-
2021
- 2021-04-27 CN CN202110461233.1A patent/CN113095433B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040117478A1 (en) * | 2000-09-13 | 2004-06-17 | Triulzi Arrigo G.B. | Monitoring network activity |
| IL219361A (en) * | 2012-04-23 | 2017-09-28 | Verint Systems Ltd | Systems and methods for combined physical and cyber data security |
| US20190230113A1 (en) * | 2016-02-22 | 2019-07-25 | The Regents Of The University Of California | Information leakage-aware computer aided cyber-physical manufacturing |
| WO2020176472A1 (en) * | 2019-02-27 | 2020-09-03 | Veo Robotics, Inc. | Safety-rated multi-cell workspace mapping and monitoring |
| CN110162700A (en) * | 2019-04-23 | 2019-08-23 | 腾讯科技(深圳)有限公司 | The training method of information recommendation and model, device, equipment and storage medium |
| CN110196946A (en) * | 2019-05-29 | 2019-09-03 | 华南理工大学 | A kind of personalized recommendation method based on deep learning |
| CN110912867A (en) * | 2019-09-29 | 2020-03-24 | 惠州蓄能发电有限公司 | Intrusion detection method, device, equipment and storage medium for industrial control system |
| CN111553381A (en) * | 2020-03-23 | 2020-08-18 | 北京邮电大学 | Network intrusion detection method and device based on multiple network models and electronic equipment |
| CN111585997A (en) * | 2020-04-27 | 2020-08-25 | 国家计算机网络与信息安全管理中心 | Network flow abnormity detection method based on small amount of labeled data |
| CN111741002A (en) * | 2020-06-23 | 2020-10-02 | 广东工业大学 | Method and device for training network intrusion detection model |
| CN111651693A (en) * | 2020-06-29 | 2020-09-11 | 腾讯科技(深圳)有限公司 | Data display method, data sorting method, device, equipment and medium |
| CN111901340A (en) * | 2020-07-28 | 2020-11-06 | 四川大学 | Intrusion detection system and method for energy Internet |
| CN112115253A (en) * | 2020-08-17 | 2020-12-22 | 北京计算机技术及应用研究所 | Depth text ordering method based on multi-view attention mechanism |
| CN112351033A (en) * | 2020-11-06 | 2021-02-09 | 北京石油化工学院 | Deep learning intrusion detection method based on double-population genetic algorithm in industrial control network |
Non-Patent Citations (5)
| Title |
|---|
| JONGCHAN PARK等: "BAM: Bottleneck Attention Module", ARXIV, pages 1 - 14 * |
| 任楚岚等: "基于AlexNet的注意力机制网络研究", 网络安全技术与应用, no. 1, pages 16 - 18 * |
| 刘月峰等: "融合CNN与BiLSTM的网络入侵检测方法", 计算机工程, vol. 45, no. 12, pages 127 - 133 * |
| 张小妮: "基于深度学习的工控系统异常检测算法研究", 中国优秀硕士学位论文全文数据库 信息科技辑, no. 12, pages 139 - 190 * |
| 赵磊: "基于深度学习的多模特数据特征提取与选择方法研究", 中国优秀硕士学位论文全文数据库 信息科技辑, no. 12, pages 138 - 333 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113420291A (en) * | 2021-07-19 | 2021-09-21 | 宜宾电子科技大学研究院 | Intrusion detection feature selection method based on weight integration |
| CN113420291B (en) * | 2021-07-19 | 2022-06-14 | 宜宾电子科技大学研究院 | Intrusion detection feature selection method based on weight integration |
| CN117332352A (en) * | 2023-10-12 | 2024-01-02 | 国网青海省电力公司海北供电公司 | Lightning arrester signal defect identification method based on BAM-AlexNet |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113095433B (en) | 2023-06-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Farzad et al. | Unsupervised log message anomaly detection | |
| CN111385602B (en) | Video auditing method, medium and computer equipment based on multi-level and multi-model | |
| CN113095433A (en) | Method for training intrusion detection network structure model | |
| Boididou et al. | Learning to detect misleading content on twitter | |
| CN110602120B (en) | Network-oriented intrusion data detection method | |
| CN115563610B (en) | Training method, recognition method and device for intrusion detection model | |
| CN113641993A (en) | Data security processing method based on cloud computing and data security server | |
| CN107748898A (en) | File classifying method, device, computing device and computer-readable storage medium | |
| Shim et al. | Active cluster annotation for wafer map pattern classification in semiconductor manufacturing | |
| Ebrahimian et al. | Efficient Detection of Shilling’s Attacks in Collaborative Filtering Recommendation Systems Using Deep Learning Models | |
| KR102039244B1 (en) | Data clustering method using firefly algorithm and the system thereof | |
| CN116305103A (en) | Neural network model backdoor detection method based on confidence coefficient difference | |
| CN116340869A (en) | Distributed CatB body detection method and equipment based on red fox optimization algorithm | |
| CN114722400A (en) | Side channel vulnerability detection method, system, medium, equipment and terminal | |
| Yang et al. | Malware detection based on visualization of recombined API instruction sequence | |
| CN113468396A (en) | Webpage classification method, device and equipment based on meta tags | |
| López et al. | Addressing covariate shift for genetic fuzzy systems classifiers: a case of study with FARC-HD for imbalanced datasets | |
| Shao et al. | Low-latency Dimensional Expansion and Anomaly Detection empowered Secure IoT Network | |
| WO2017095421A1 (en) | Automatic selection of neighbor lists to be incrementally updated | |
| US20230106057A1 (en) | Positivity validation and explainability for causal inference via asymmetrically pruned decision trees | |
| CN115277177B (en) | Police cloud security data fusion method, system, device and storage medium | |
| CN114510715B (en) | Method and device for testing functional safety of model, storage medium and equipment | |
| Hu et al. | F2GNN: An Adaptive Filter with Feature Segmentation for Graph-Based Fraud Detection | |
| Kou et al. | MalDMTP: A Multi-tier Pooling Method for Malware Detection based on Graph Classification | |
| Liu et al. | SSK-Yolo: Global Feature-Driven Small Object Detection Network for Images |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |