CN113254485A - Real-time data flow abnormity detection method and system - Google Patents

Real-time data flow abnormity detection method and system Download PDF

Info

Publication number
CN113254485A
CN113254485A CN202110702917.6A CN202110702917A CN113254485A CN 113254485 A CN113254485 A CN 113254485A CN 202110702917 A CN202110702917 A CN 202110702917A CN 113254485 A CN113254485 A CN 113254485A
Authority
CN
China
Prior art keywords
error
data
abnormal
real
detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110702917.6A
Other languages
Chinese (zh)
Inventor
张章学
叶松
唐敏
蓝友枢
许敦英
陈雨婕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Strait Information Corp
Original Assignee
Fujian Strait Information Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Strait Information Corp filed Critical Fujian Strait Information Corp
Priority to CN202110702917.6A priority Critical patent/CN113254485A/en
Publication of CN113254485A publication Critical patent/CN113254485A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • G06F16/24568Data stream processing; Continuous queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2462Approximate or statistical queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F30/00Computer-aided design [CAD]
    • G06F30/20Design optimisation, verification or simulation
    • G06F30/27Design optimisation, verification or simulation using machine learning, e.g. artificial intelligence, neural networks, support vector machines [SVM] or training a model
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/088Non-supervised learning, e.g. competitive learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2111/00Details relating to CAD techniques
    • G06F2111/08Probabilistic or stochastic CAD

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Evolutionary Computation (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Mathematical Physics (AREA)
  • Artificial Intelligence (AREA)
  • Probability & Statistics with Applications (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Fuzzy Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Medical Informatics (AREA)
  • Computer Hardware Design (AREA)
  • Geometry (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a real-time data flow abnormity detection method and a real-time data flow abnormity detection system. The method comprises the following steps: firstly, constructing a context relationship of a real-time data stream through an HTM network, and giving a preliminary evaluation result based on the abnormal condition of the analyzed data; secondly, giving error statistics to the preliminary evaluation result, and carrying out error probability model modeling on the related error statistics result; and finally, whether the data stream is normal or not is evaluated by combining the preliminary evaluation result and the error statistical result, and an abnormal probability detection model is constructed. The invention carries out real-time abnormal detection on the data flow based on the online sequence memory algorithm of the layered time memory, so as to solve the problems of non-automation and low abnormal data detection accuracy rate of the existing abnormal detection of the data flow.

Description

Real-time data flow abnormity detection method and system
Technical Field
The invention relates to a real-time data flow abnormity detection method and a real-time data flow abnormity detection system.
Background
The development of computer and internet technology has provided convenience to more and more users, while security concerns on the user's computer systems have become increasingly more of a concern. To solve such problems, more and more schemes related to an abnormal data flow attack detection method are proposed. Patent [1] trains an abnormality detection model in advance, and classifies service data according to a data interval corresponding to each node included in the abnormality detection model to determine a node corresponding to the data interval in which the service data falls, as a target node. And then, determining the position information of the target node in the tree structure corresponding to the anomaly detection model as the position information corresponding to the service data in the anomaly detection model. And finally, performing anomaly detection on the service data according to the corresponding position information of the service data in each anomaly detection model. In the patent [2], the data space in the window is divided into grid cells to obtain non-empty grid cells, and the anomaly detection of two levels of the non-empty grid cells and data points is realized through the upper and lower boundaries of local anomaly abnormal factors in the non-empty grid cells, that is, the non-empty grid cells containing the first n abnormal values are firstly identified, and then the first n abnormal data points are retrieved. And (3) establishing an abnormality detection model for the multivariate time series data through offline training, and performing abnormality detection on the online monitored data through the offline training abnormality detection model.
The development of machine learning provides more possibilities for the abnormal detection of data flow, and a patent [4] discloses a prediction model of train diagram neural network telemetering time series data; calculating the period of the telemetering time sequence data to be detected by utilizing the wavelet variance; obtaining predicted telemetering time sequence data; determining prediction period data; calculating a first mahalanobis distance between the telemetering data to be detected at the current moment and the prediction data of the telemetering data; calculating a second mahalanobis distance between the telemetering data to be measured at the previous moment and the prediction period data thereof; calculating the mean and variance of the second mahalanobis distance; amplifying the average value and the variance to set a threshold value; and judging whether the telemetering data to be detected at the current moment is abnormal or not according to the first Mahalanobis distance and the threshold value. Patent [5] constructs a markov-based anomaly detection model in which normal transitions between different modes are considered as conceptual drift, and only the mode transitions that are unlikely to occur are considered as occurring anomalies, based on clustering time-series stream data and dividing the data into the different modes. Patent [6] obtaining a time sequence data sequence and processing to obtain a training data set; constructing an LSTM-based unsupervised model and training to obtain a time sequence data anomaly detection model; and detecting the water treatment time sequence data sequence to be analyzed by adopting a time sequence data abnormity detection model and finishing abnormity detection of the time sequence data.
Traditional data flow anomaly detection is based on a batch data processing mode, is not suitable for systems needing quick response nowadays, and is difficult to adapt in a traditional scheme, so that once the characteristics of an anomalous data flow are changed, an anomaly detection system can be bypassed. Many schemes based on machine learning do not consider the inherent inherence of concept transfer of streaming data, namely, unpredictable change of potential data distribution in data streams along with time, so that the original classifier is inaccurate in classification or a decision system cannot make a correct decision, and therefore, the detection rate of abnormal data needs to be improved, and the defects of incapability of automation exist.
【1】 Wangxi, zhangzhenhua, a method and apparatus for anomaly detection [ P ]. beijing city: cn202110144471.x.
【2】 Zhejiang university, the gang Zhu and Australia bridge administration, a flow data anomaly detection method for skipping stationary regions [ P ]. Hangzhou city: CN202110137315.0.
【3】 Chenningjiang, chuxiao yan, Liu kang, large-scale multivariate time sequence data anomaly detection method under cloud environment [ P ]. Guangxi province: CN202110114470.0.
【4】 Pide, well-known, a telemetry timing data anomaly detection method and system based on a graphical neural network [ P ]. tokyo city: CN202011488702.0.
【5】 Time series flow data anomaly detection method based on Markov process [ P ] Jinan City: CN202110073422.1.
【6】 Li zhiyong, ding ling, li student and an LSTM-based water treatment time series data anomaly detection method [ P ]. hunan province: cn202110121981.5.
Disclosure of Invention
The invention aims to provide a real-time data flow abnormity detection method and a system, which are used for carrying out real-time abnormity detection on a data flow based on an online sequence memory algorithm of layered time memory so as to solve the problems that the existing data flow abnormity detection cannot be automated and the abnormal data detection accuracy rate is low.
In order to achieve the purpose, the technical scheme of the invention is as follows: a real-time data flow abnormity detection method comprises the following steps:
firstly, constructing a context relationship of a real-time data stream through an HTM network, and giving a preliminary evaluation result based on the abnormal condition of the analyzed data;
secondly, giving error statistics to the preliminary evaluation result, and carrying out error probability model modeling on the related error statistics result;
and finally, whether the data stream is normal or not is evaluated by combining the preliminary evaluation result and the error statistical result, and an abnormal probability detection model is constructed.
In an embodiment of the present invention, the HTM network includes an encoder, a sparse matrix space processor, and a sequence memory component, and the input is X-t0, which is sent to the encoder and then processed in the sparse matrix space processor to output a sparse binary vector a (X-t0) representing a current input data stream, and at the same time, a (X-t0) is output in the sequence memory component in the form of another sparse vector b (X-t0) by modeling a time pattern, so as to obtain preliminary evaluation results a (X-t0) and b (X-t 0).
In one embodiment of the invention, error statistics are given for the preliminary evaluation results, and error probability model modeling is performed on the related error statistics results by a prediction error evaluator.
In one embodiment of the invention, the prediction error estimator calculates the error value of the initial estimation result of the current data stream by using a (X-t0) and b (X-t0) as input quantities through an error probability model, and stores the error value as a part of the modeling of the error probability model and simultaneously outputs S-t 0.
In an embodiment of the present invention, whether the data stream is normal or not is evaluated by combining the preliminary evaluation result and the error statistical result, and the construction of the abnormal probability detection model is realized by an abnormal probability model construction module.
In an embodiment of the invention, the abnormal probability model construction module constructs an abnormal probability detection model based on S-t0 and combined with influence factors of the environment, gives type probability and related offset of abnormal data, and outputs a result L-t 0.
The invention also provides a real-time data flow abnormity detection system, which comprises:
the HTM network module is used for preliminarily detecting the abnormal data flow, adding a timestamp and giving a preliminary evaluation result;
the prediction error estimator is used for carrying out statistics on abnormal data marked by the HTM network, namely error statistics, establishing an error probability model of a front timestamp data stream and a rear timestamp data stream, and further screening credible data;
the abnormal probability model construction module is used for evaluating whether the data stream is normal or not by combining the primary evaluation result and the error statistical result to construct an abnormal probability detection model;
and the interface service module is used for realizing data transmission among different modules and interaction among different parties.
In an embodiment of the present invention, the HTM network module is composed of an encoder, a sparse matrix spatial processor, and a sequence memory component.
Compared with the prior art, the invention has the following beneficial effects: the online sequence memory algorithm based on the hierarchical time memory is used for carrying out real-time anomaly detection on the data stream so as to solve the problems that the existing anomaly detection of the data stream cannot be automated and the accuracy rate of the anomaly data detection is low, and the online sequence memory algorithm is introduced, so that the method has the following characteristics:
1. and (3) data real-time detection: before the data is applied, the detection system verifies whether the data is abnormal in real time, and the verified data can continue to flow to a later system.
2. Automatic model adjustment: the model for detecting the abnormal data can be automatically adjusted, and the detection system is dynamically updated without depending on a manual adjustment mode, so that the aim of high efficiency is fulfilled.
3. The data anomaly detection is sensitive: by detecting whether the data is abnormal in real time, the abnormal data can be quickly responded, so that the purposes of defending against invasion and protecting a target system are achieved.
4. Unsupervised learning mode: through an unsupervised learning mode, a system for detecting the abnormity does not depend on the prior data set, and is favorable for finding unusual abnormal behavior patterns.
Drawings
FIG. 1 is a diagram of a BS _ HTM structure according to the present invention.
Fig. 2 shows the core algorithm components of the HTM network of the present invention.
Detailed Description
The technical scheme of the invention is specifically explained below with reference to the accompanying drawings.
The invention discloses a real-time data flow abnormity detection method, which comprises the following steps:
firstly, constructing a context relationship of a real-time data stream through an HTM network, and giving a preliminary evaluation result based on the abnormal condition of the analyzed data;
secondly, giving error statistics to the preliminary evaluation result, and carrying out error probability model modeling on the related error statistics result;
and finally, whether the data stream is normal or not is evaluated by combining the preliminary evaluation result and the error statistical result, and an abnormal probability detection model is constructed.
The invention also provides a real-time data flow abnormity detection system, which comprises:
the HTM network module is used for preliminarily detecting the abnormal data flow, adding a timestamp and giving a preliminary evaluation result;
the prediction error estimator is used for carrying out statistics on abnormal data marked by the HTM network, namely error statistics, establishing an error probability model of a front timestamp data stream and a rear timestamp data stream, and further screening credible data;
the abnormal probability model construction module is used for evaluating whether the data stream is normal or not by combining the primary evaluation result and the error statistical result to construct an abnormal probability detection model;
and the interface service module is used for realizing data transmission among different modules and interaction among different parties.
The following is a specific implementation process of the present invention.
The invention provides an online sequence memory algorithm based on hierarchical time memory for real-time anomaly detection of data streams, which aims to solve the problems that the existing anomaly detection of the data streams cannot be automated and the accuracy rate of the anomaly data detection is low, and particularly provides a BS _ HTM (base station _ History) which is shown in a schematic structure of a system in figure 1.
The BS _ HTM comprises an HTM network, a prediction error estimator and an anomaly probability detection model. The HTM network consists of a layer of HTM neurons, the network accepts an input stream encoded as a sparse vector, which uses a combination of two independent sparse representations to model higher order sequences (sequences with long-term correlation); the prediction error estimator is used for solving the error of a predicted value according to the currently input sparse code and the sparse vector of the internal prediction of the sparse code by the HTM network, so that the input of the next abnormal probability is constructed; the anomaly probability detection model not only considers whether the current input stream is abnormal or not, but also considers the noise generated by the system and the immeasurable error. Thus, the anomaly probability is a probability metric that defines how abnormal the current state is based on the prediction history of the HTM model.
As shown in fig. 1, the BS _ HTM contains three core components: the system comprises an HTM network, a prediction error estimator and an anomaly probability estimation model. Each group of real-time data flow is filtered and screened by each component of the system, whether the data is abnormal or not is detected, the normal data flow can normally function, and the abnormal data flow is intercepted.
The HTM network is an effective means for marking time series data, constructs context relation of data flow through a plurality of algorithm components, and gives a preliminary evaluation result and inspires detection of the data flow in the next time period based on abnormal conditions of the analyzed data.
The prediction error estimator will examine the detection results given in the HTM network of the previous step, give error statistics, and model the relevant statistical results for the estimation of the next stage.
The abnormal probability detection model further detects a prediction result given in the HTM network and an error prediction inspection result, integrates the prediction result and the error prediction inspection result to evaluate whether the data flow is normal or not, and constructs a related abnormal model and a related weight.
It is noted that the relevant anomaly model is not a definite value, but a relevant probability model given after combining the results of various aspects. In the detection process of the real-time data stream, the probability is dynamically adjusted, so the relevant model also changes dynamically.
The specific process is as follows:
first, real-time data flow will flow to the HTM network, and fig. 2 shows the core algorithm components of the HTM network and the processing of the data flow through this. The current input X-t0 is sent to the encoder and after being processed in the sparse matrix spatial processor, the output a (X-t0) is a sparse binary vector representing the current input data stream. At the heart of the system is a sequence memory component that models temporal patterns in a (X-t0) and outputs predictions in the form of another sparse vector b (X-t 0).
The real-time data stream is processed in the HTM network to obtain two output quantities, a (X-t0) and b (X-t 0). The prediction error estimator takes these two quantities as input quantities, calculates the value of the current data flow anomaly detection result through the relevant error probability model and algorithm, and saves the value as part of modeling and outputs S-t 0.
The prediction error is only evaluated based on the real-time data stream, and the influence of the system and the incorporation of the invariants are not considered. Based on the above facts, we do not use the above output result S-t0 as a direct threshold for evaluating abnormal data, but incorporate other factors that may affect the result through a modeling method, construct an abnormal probability detection model, give type probability of abnormal data and associated offset, and output the result L-t 0.
The solution BS _ HTM of the present invention is compared to the solutions of several other patents. The method of the present invention has been made to have a better effect in the following respects with respect to the several problems of the present invention mentioned above, see table 1.
Watch (A)
Figure DEST_PATH_IMAGE001
Comparison of protocols
Figure DEST_PATH_IMAGE003
Firstly, in the aspect of real-time detection of abnormal data, the traditional detection scheme does not support a real-time function, and the scheme based on the BS _ HTM supports the detection of real-time streaming data, thereby well adapting to the requirements of the current abnormal detection.
In the aspect of automatic updating of the model, the scheme of the invention focuses on a more efficient self-updating and iteration method of the model, greatly lightens the inconvenience of manual adjustment, and provides a model for realizing efficient automatic real-time data flow abnormity detection.
In the aspect of an anomaly detection learning model, the invention provides an unsupervised self-learning mode, and the model is not updated by depending on a past huge data set, so that unusual abnormal data flow can be detected more efficiently.
In the aspect of expansion, the patent [1] is limited to past abnormal data sets and is not beneficial to detecting unusual abnormal data flows; the patent [2] [3] proposes a more specific scheme aiming at a specific scene, and the scheme is difficult to expand to other application fields; the patent [4] [5] [6] can not realize real-time detection, and the detected abnormal data flow has time lag and is not beneficial to the rapid defense of the system.
The above are preferred embodiments of the present invention, and all changes made according to the technical scheme of the present invention that produce functional effects do not exceed the scope of the technical scheme of the present invention belong to the protection scope of the present invention.

Claims (8)

1. A real-time data flow anomaly detection method is characterized by comprising the following steps:
firstly, constructing a context relationship of a real-time data stream through an HTM network, and giving a preliminary evaluation result based on the abnormal condition of the analyzed data;
secondly, giving error statistics to the preliminary evaluation result, and carrying out error probability model modeling on the related error statistics result;
and finally, whether the data stream is normal or not is evaluated by combining the preliminary evaluation result and the error statistical result, and an abnormal probability detection model is constructed.
2. The method as claimed in claim 1, wherein the HTM network comprises an encoder, a sparse matrix space processor, and a sequence memory module, and the input is X-t0, which is sent to the encoder, and then after being processed in the sparse matrix space processor, the HTM network outputs a sparse binary vector a (X-t0) representing the current input data stream, and a (X-t0) is output in the sequence memory module in the form of another sparse vector b (X-t0) by modeling the time mode, so as to obtain the preliminary evaluation results a (X-t0) and b (X-t 0).
3. The method of claim 2, wherein the error statistics are given for the preliminary evaluation results, and the error probability model modeling of the associated error statistics is performed by a prediction error evaluator.
4. The method as claimed in claim 3, wherein the prediction error estimator calculates the error value of the preliminary estimation result of the current data stream by using a (X-t0) and b (X-t0) as input quantities through an error probability model, and stores the error value as a part of the error probability model modeling and outputs S-t 0.
5. The method of claim 4, wherein the step of constructing the abnormal probability detection model is implemented by an abnormal probability model construction module in combination with the preliminary evaluation result and the error statistic result to evaluate whether the data stream is normal or not.
6. The method as claimed in claim 5, wherein the anomaly probability model constructing module constructs an anomaly probability detection model based on S-t0 and combined with environmental influence factors, gives type probability and associated offset of anomaly data, and outputs a result L-t 0.
7. A real-time data flow anomaly detection system, comprising:
the HTM network module is used for preliminarily detecting the abnormal data flow, adding a timestamp and giving a preliminary evaluation result;
the prediction error estimator is used for carrying out statistics on abnormal data marked by the HTM network, namely error statistics, establishing an error probability model of a front timestamp data stream and a rear timestamp data stream, and further screening credible data;
the abnormal probability model construction module is used for evaluating whether the data stream is normal or not by combining the primary evaluation result and the error statistical result to construct an abnormal probability detection model;
and the interface service module is used for realizing data transmission among different modules and interaction among different parties.
8. The system of claim 7, wherein the HTM network module comprises an encoder, a sparse matrix spatial processor, and a sequence memory component.
CN202110702917.6A 2021-06-24 2021-06-24 Real-time data flow abnormity detection method and system Pending CN113254485A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110702917.6A CN113254485A (en) 2021-06-24 2021-06-24 Real-time data flow abnormity detection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110702917.6A CN113254485A (en) 2021-06-24 2021-06-24 Real-time data flow abnormity detection method and system

Publications (1)

Publication Number Publication Date
CN113254485A true CN113254485A (en) 2021-08-13

Family

ID=77189463

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110702917.6A Pending CN113254485A (en) 2021-06-24 2021-06-24 Real-time data flow abnormity detection method and system

Country Status (1)

Country Link
CN (1) CN113254485A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114048601A (en) * 2021-11-11 2022-02-15 北京天融信网络安全技术有限公司 HTM algorithm-based anomaly detection method, device and equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102090239B1 (en) * 2019-10-04 2020-03-17 주식회사 모비젠 Method for detecting anomality quickly by using layer convergence statistics information and system thereof
CN111447217A (en) * 2020-03-25 2020-07-24 西南大学 Method and system for detecting flow data abnormity based on HTM under sparse coding
CN111884874A (en) * 2020-07-15 2020-11-03 中国舰船研究设计中心 Programmable data plane-based ship network real-time anomaly detection method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102090239B1 (en) * 2019-10-04 2020-03-17 주식회사 모비젠 Method for detecting anomality quickly by using layer convergence statistics information and system thereof
CN111447217A (en) * 2020-03-25 2020-07-24 西南大学 Method and system for detecting flow data abnormity based on HTM under sparse coding
CN111884874A (en) * 2020-07-15 2020-11-03 中国舰船研究设计中心 Programmable data plane-based ship network real-time anomaly detection method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114048601A (en) * 2021-11-11 2022-02-15 北京天融信网络安全技术有限公司 HTM algorithm-based anomaly detection method, device and equipment
CN114048601B (en) * 2021-11-11 2022-08-05 北京天融信网络安全技术有限公司 HTM algorithm-based anomaly detection method, device and equipment

Similar Documents

Publication Publication Date Title
Xie et al. Recover corrupted data in sensor networks: A matrix completion solution
Cheng et al. MS-LSTM: A multi-scale LSTM model for BGP anomaly detection
CN109308522B (en) GIS fault prediction method based on recurrent neural network
CN105279365B (en) For the method for the sample for learning abnormality detection
CN112987675B (en) Method, device, computer equipment and medium for anomaly detection
CN111107102A (en) Real-time network flow abnormity detection method based on big data
Du et al. GAN-based anomaly detection for multivariate time series using polluted training set
CN110430224B (en) Communication network abnormal behavior detection method based on random block model
CN108322445A (en) A kind of network inbreak detection method based on transfer learning and integrated study
CN112910859A (en) Internet of things equipment monitoring and early warning method based on C5.0 decision tree and time sequence analysis
CN113378899B (en) Abnormal account identification method, device, equipment and storage medium
CN111181930A (en) DDoS attack detection method, device, computer equipment and storage medium
CN110851422A (en) Data anomaly monitoring model construction method based on machine learning
CN117421684B (en) Abnormal data monitoring and analyzing method based on data mining and neural network
Shi et al. DANTD: A deep abnormal network traffic detection model for security of industrial internet of things using high-order features
CN113343587A (en) Flow abnormity detection method for electric power industrial control network
Liu et al. Multi-step attack scenarios mining based on neural network and Bayesian network attack graph
CN110224852A (en) Network security monitoring method and device based on HTM algorithm
CN117061322A (en) Internet of things flow pool management method and system
CN116170208A (en) Network intrusion real-time detection method based on semi-supervised ISODATA algorithm
CN114513367A (en) Cellular network anomaly detection method based on graph neural network
CN114124734B (en) Network traffic prediction method based on GCN-Transformer integration model
CN113765921B (en) Abnormal flow grading detection method for industrial Internet of things
CN113254485A (en) Real-time data flow abnormity detection method and system
CN116155581A (en) Network intrusion detection method and device based on graph neural network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination