CN113709120A - Network node safety system for intelligent finance - Google Patents
Network node safety system for intelligent finance Download PDFInfo
- Publication number
- CN113709120A CN113709120A CN202110925947.3A CN202110925947A CN113709120A CN 113709120 A CN113709120 A CN 113709120A CN 202110925947 A CN202110925947 A CN 202110925947A CN 113709120 A CN113709120 A CN 113709120A
- Authority
- CN
- China
- Prior art keywords
- node
- target
- network node
- verification
- security verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a network node security system for intelligent finance, which comprises: the intelligent financial computing equipment is in communication connection with each network node and the database respectively; the intelligent financial computing device includes: the system comprises a node analysis module, an interactive graph construction module and a node verification module, wherein communication connection is formed among the modules. And the node analysis module acquires the associated network node according to the information interaction data of the target network node. And the interaction graph building module generates a first security verification interaction graph and a plurality of second security verification interaction graphs respectively according to the security verification nodes of the target network nodes and the security verification nodes of each associated network node. And the node verification module obtains a node security verification value of the target network node according to the first security verification interaction graph and the second security verification interaction graph, and verifies the security of the target network node according to the node security verification value.
Description
Technical Field
The invention relates to the field of big data and intelligent finance, in particular to a network node safety system for intelligent finance.
Background
In recent years, the development of information technology has advanced greatly, and the aging and application of artificial intelligence technologies such as cloud computing, big data, mobile internet, block chain, internet of things, deep learning, data mining, machine learning and the like gradually make the human society step to a higher-stage intelligent era from electronization, informatization, networking and digitization. With the deep integration of emerging information technologies, particularly intelligent information technologies, with the modern financial industry, intelligent finance is produced at the same time.
The intelligent financial network system needs each network node and server in the network to be in a safe and reliable operation state when requesting and responding to the message. Therefore, how to verify the security of the network node and the server to ensure the access security of the device and the safe and reliable operation of the information service becomes an intelligent financial technical problem.
Disclosure of Invention
In view of the above, the present invention provides a network node security system for intelligent finance, which includes: the intelligent financial computing equipment is in communication connection with each network node and the database respectively; the intelligent financial computing device includes: the system comprises a node analysis module, an interactive graph construction module and a node verification module, wherein communication connection is formed among the modules;
the node analysis module randomly selects a network node from the intelligent financial network as a target network node, acquires information interaction data of the target network node, and identifies a related network node based on the information interaction data;
the node analysis module acquires node inflow data and node outflow data of each network node in the intelligent financial network, and extracts data characteristics of the node inflow data and the node outflow data of each network node to obtain a node inflow characteristic vector and a node outflow characteristic vector of each network node;
the node analysis module takes network nodes except the target network node in the intelligent financial network as candidate network nodes, respectively calculates Euclidean distances between a node inflow characteristic vector of the target network node and a node inflow characteristic vector of each candidate network node and takes the Euclidean distances as first identification values of the candidate network nodes, and respectively calculates Euclidean distances between a node outflow characteristic vector of the target network node and a node outflow characteristic vector of each candidate network node and takes the Euclidean distances as second identification values of the candidate network nodes;
the node analysis module adds the first identification value and the second identification value of each candidate network node to obtain a node identification value of each candidate network node, and obtains a second preset number of candidate network nodes with the maximum node identification value as security verification nodes of the target network node;
the interactive graph construction module takes the security verification node of the target network node as a first security verification node, and then generates a first security verification interactive graph according to the target network node and all the first security verification nodes; acquiring all security verification nodes of each associated network node, taking the security verification nodes of the associated network nodes as second security verification nodes, and then generating a plurality of second security verification interaction graphs according to each associated network node and the second security verification nodes of each associated network node;
and the node verification module obtains a node security verification value of the target network node according to the first security verification interaction graph and the second security verification interaction graph, and verifies the security of the target network node according to the node security verification value of the target network node.
Further, the obtaining, by the node verification module, the node security verification value of the target network node according to the first security verification interaction graph and the second security verification interaction graph includes:
the node verification module acquires the structural similarity ratio of each associated network node to a target network node according to each second security verification interactive graph and each first security verification interactive graph, sequences all the associated network nodes from small to large according to the corresponding structural similarity ratio to obtain an associated network node sequence, and then takes the first preset number of associated network nodes in the associated network node sequence as abnormal associated network nodes;
the node verification module takes the second security verification interactive graph of the abnormal association network node as a third security verification interactive graph and respectively extracts graph structure characteristics of each third security verification interactive graph to obtain a plurality of abnormal graph structure characteristics;
the node verification module extracts the graph structure characteristics of the first safety verification interactive graph to obtain target graph structure characteristics, and obtains the overlapping area of each third safety verification interactive graph and the first safety verification interactive graph based on each abnormal graph structure characteristic and the target graph structure characteristic;
and the node verification module obtains the node security verification value of the target network node based on the overlapping area of each third security verification interaction graph and the first security verification interaction graph.
Further, the obtaining, by the node verification module, the node security verification value of the target network node based on the overlapping area of the third security verification interaction graph and the first security verification interaction graph includes:
the node verification module traverses all abnormal associated network nodes and takes the traversed abnormal associated network nodes as target abnormal associated network nodes;
the node verification module respectively extracts attribute feature vectors and interaction feature vectors of the target network node and the target abnormity associated network node, and uses Euclidean distance between the attribute feature vector of the target network node and the attribute feature vector of the target abnormity associated network node as a first sub-weight of the target abnormity associated network node; the attribute feature vector represents the attribute features of the network nodes;
the node verification module takes the Euclidean distance between the interactive characteristic vector of the target network node and the interactive characteristic vector of the target abnormity associated network node as a second sub-weight of the target abnormity associated network node; the interactive feature vector represents interactive features of the network node;
the node verification module adds the first sub-weight and the second sub-weight of the target abnormal associated network node to obtain a node weight of the target abnormal associated network node, and repeats the steps until all abnormal associated network nodes are traversed to obtain the node weight of each abnormal associated network node;
the node verification module obtains the proportion of the overlapping area of each third security verification interactive graph and the first security verification interactive graph in the first security verification interactive graph to obtain the node abnormality degree of each abnormal associated network node, and then carries out weighted summation on the node abnormality degrees of all the abnormal associated network nodes according to the node weight values of all the abnormal associated network nodes to obtain the node security verification value of the target network node.
Further, the obtaining of the structural similarity ratio of each associated network node to the target network node by the node verification module includes:
the node verification module traverses all the associated network nodes, takes the traversed associated network nodes as target associated network nodes, acquires a second security verification interactive graph of the target associated network nodes, and takes the second security verification interactive graph as a target second security verification interactive graph;
the node verification module acquires the node similarity between the target associated network node and the target network node, and acquires the structural similarity sum of the target associated network node and the target network node based on the target second security verification interaction graph and the first security verification interaction graph;
the node verification module acquires the node similarity of the target associated network node and the target network node and the ratio of the structural similarity sum of the target associated network node and the target network node, and takes the ratio as the structural similarity ratio of the target associated network node and the target network node;
and repeating the steps until all the associated network nodes are traversed so as to obtain the structural similarity ratio of each associated network node to the target network node.
Further, the node verification module obtains structural similarities of the target associated network node and the target network node according to the second security verification interaction graph and the first security verification interaction graph and includes:
the node verification module traverses all first security verification nodes in the first security verification interactive graph, takes the traversed first security verification nodes as target first security verification nodes, and then takes second security verification nodes which are the same as node identifiers of the target first security verification nodes in the second security verification interactive graph as target second security verification nodes;
the node verification module extracts an attribute feature vector and an interaction feature vector of a target first security verification node and extracts an attribute feature vector and an interaction feature vector of a target second security verification node;
the node verification module calculates cosine similarity of the attribute eigenvector of the target first security verification node and the attribute eigenvector of the target second security verification node to obtain first similarity of the target first security verification node and the target second security verification node;
the node verification module calculates cosine similarity of the interactive feature vector of the target first security verification node and the interactive feature vector of the target second security verification node to obtain second similarity of the target first security verification node and the target second security verification node;
the node verification module obtains the node similarity of the target first security verification node and the target second security verification node based on the first similarity and the second similarity of the target first security verification node and the target second security verification node;
repeating the steps until all the first security verification nodes in the first security verification interactive graph are traversed so as to obtain the node similarity of each first security verification node and the corresponding second security verification node;
and the node verification module adds the node similarity of all the first security verification nodes and the corresponding second security verification nodes to obtain the structural similarity sum of the target associated network node and the target network node.
Further, the interaction graph building module generating the first security verification interaction graph based on all the first security verification nodes comprises:
the interactive graph building module traverses all the first security verification nodes, takes the traversed first security verification nodes as first-level target verification nodes, and respectively takes the data inflow and the data outflow of the target network nodes as the horizontal and vertical coordinates of the target network nodes to obtain coordinate points of the target network nodes;
the interactive graph building module respectively takes the data inflow and the data outflow of a first-stage target verification node as the horizontal and vertical coordinates of the first-stage target verification node to obtain a coordinate point of the first-stage target verification node, calculates the Euclidean distance between the coordinate point of a target network node and the coordinate point of the first-stage target verification node to obtain the data traffic differential between the target network node and the first-stage target verification node, and connects the target network node and the first-stage target verification node when the data traffic differential is smaller than a differential threshold value to obtain a first-stage network node chain of the first-stage target verification node;
the interactive graph building module calculates the difference value between the data inflow of the target network node and the data inflow of the first-stage target verification node to obtain the data inflow differential quantity between the target network node and the first-stage target verification node, and calculates the difference value between the data outflow of the target network node and the data outflow of the first-stage target verification node to obtain the data outflow differential quantity between the target network node and the first-stage target verification node;
the interactive graph construction module determines the expansion direction of a first-stage network node chain of a first-stage target verification node based on the ratio of the data inflow differential quantity of the target network node and the first-stage target verification node to the data outflow differential quantity of the target network node and the first-stage target verification node;
and repeating the steps until all the first security verification nodes are traversed, so as to obtain the expansion direction of the first-level network node chain of each first security verification node.
Further, the interaction graph building module generating the first security verification interaction graph based on all the first security verification nodes comprises:
the interactive graph building module conducts first network node chain expansion based on the expansion direction of each first-stage network node chain so as to expand each first-stage network node chain into a second-stage network node chain;
the interactive map building module acquires the expansion direction of each second-level network node chain, and performs second-time network node chain expansion based on the expansion direction of each second-level network node chain to expand each second-level network node chain into a third-level network node chain;
the interactive map building module obtains the expansion direction of each third-level network node chain, and performs third-level network node chain expansion based on the expansion direction of each third-level network node chain so as to expand each third-level network node chain into a fourth-level network node chain;
repeating the steps to perform N-1 times of network node chain expansion on each first-level network node chain to obtain a plurality of Nth-level network node chains, and performing mapping processing on all the Nth-level network node chains by using the interactive map construction module to obtain a first security verification interactive map.
Further, the interactive map building module performs first network node chain expansion based on the expansion direction of the first network node chain to obtain a second network node chain, and the method includes:
the interactive graph building module traverses all the first-stage network node chains and takes the traversed first-stage network node chains as first-stage target network node chains; acquiring the expansion direction of a first-stage target network node chain, and taking a first security verification node closest to the expansion direction of the first-stage target network node chain along the line as a second-stage target verification node;
the interactive graph construction module respectively takes the data inflow and the data outflow of the second-level target verification node as the horizontal and vertical coordinates of the second-level target verification node to obtain a coordinate point of the second-level target verification node, and calculates the Euclidean distance between the coordinate point of the first-level target verification node corresponding to the first-level target network node chain and the coordinate point of the second-level target verification node to obtain the data flow difference between the first-level target network node and the second-level target verification node; connecting the first-level target network node with the second-level target verification node when the data traffic difference is smaller than the difference threshold value to obtain a second-level network node chain of the second-level target verification node;
the interactive graph building module calculates the difference value of the data inflow of the first-level target network node and the data inflow of the second-level target verification node to obtain the data inflow difference value of the first-level target network node and the second-level target verification node, and calculates the difference value of the data outflow of the first-level target network node and the data outflow of the second-level target verification node to obtain the data outflow difference value of the first-level target network node and the second-level target verification node;
the interactive graph construction module determines the expansion direction of a second-level network node chain of a second-level target verification node based on the ratio of the data inflow differential quantity of the first-level target network node and the second-level target verification node to the data outflow differential quantity of the first-level target network node and the second-level target verification node;
and repeating the steps until all the first-stage network node chains are traversed, expanding each first-stage network node chain into a second-stage network node chain, and acquiring the expansion direction of each second-stage network node chain.
The invention has the following beneficial effects: according to the method and the device, the node security verification value of the target network node is obtained through the data interaction behavior of the target network node and the related network node, and whether the target network node is safe or not is judged according to the node security verification value, so that the information security of a terminal user accessing the intelligent financial network is ensured, and the economic loss of the user caused by the invasion of the intelligent financial network is avoided.
Drawings
Fig. 1 is a block diagram illustrating a network node security system for intelligent finance according to an exemplary embodiment.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1, in one embodiment, a network node security system for intelligent finance may include: the intelligent financial computing equipment is in communication connection with each network node and the database respectively; the intelligent financial computing device includes: the system comprises a node analysis module, an interactive graph construction module and a node verification module, wherein communication connection is formed among the modules;
the node analysis module randomly selects a network node from the intelligent financial network as a target network node, acquires information interaction data of the target network node, and identifies a related network node based on the information interaction data;
the node analysis module acquires node inflow data and node outflow data of each network node in the intelligent financial network, and extracts data characteristics of the node inflow data and the node outflow data of each network node to obtain a node inflow characteristic vector and a node outflow characteristic vector of each network node;
the node analysis module takes network nodes except the target network node in the intelligent financial network as candidate network nodes, respectively calculates Euclidean distances between a node inflow characteristic vector of the target network node and a node inflow characteristic vector of each candidate network node and takes the Euclidean distances as first identification values of the candidate network nodes, and respectively calculates Euclidean distances between a node outflow characteristic vector of the target network node and a node outflow characteristic vector of each candidate network node and takes the Euclidean distances as second identification values of the candidate network nodes;
the node analysis module adds the first identification value and the second identification value of each candidate network node to obtain a node identification value of each candidate network node, and obtains a second preset number of candidate network nodes with the maximum node identification value as security verification nodes of the target network node;
the interactive graph construction module takes the security verification node of the target network node as a first security verification node, and then generates a first security verification interactive graph according to the target network node and all the first security verification nodes; acquiring all security verification nodes of each associated network node, taking the security verification nodes of the associated network nodes as second security verification nodes, and then generating a plurality of second security verification interaction graphs according to each associated network node and the second security verification nodes of each associated network node;
and the node verification module obtains a node security verification value of the target network node according to the first security verification interaction graph and the second security verification interaction graph, and verifies the security of the target network node according to the node security verification value of the target network node.
For the purposes of promoting an understanding, the principles and operation of the present invention are described in detail below.
Specifically, in one embodiment, the method executed by the network node security system for intelligent finance may include:
s1, the node analysis module randomly selects a network node from the intelligent financial network as a target network node, acquires information interaction data of the target network node, and then identifies an associated network node based on the information interaction data.
The associated network node is a network node having an information interaction behavior with the target network node, and the information interaction data records interaction information of the target network node and the associated network node.
S2, the node analysis module obtains all the security verification nodes of the target network node, the interaction graph construction module takes the security verification nodes of the target network node as first security verification nodes, and generates a first security verification interaction graph according to the target network node and all the first security verification nodes.
Specifically, the acquiring, by the node analysis module, all security verification nodes of the target network node includes:
the node analysis module acquires node inflow data and node outflow data of each network node in the intelligent financial network, and extracts data characteristics of the node inflow data and the node outflow data of each network node to obtain a node inflow characteristic vector and a node outflow characteristic vector of each network node;
the node analysis module takes network nodes except the target network node in the intelligent financial network as candidate network nodes, respectively calculates Euclidean distances between a node inflow characteristic vector of the target network node and a node inflow characteristic vector of each candidate network node and takes the Euclidean distances as first identification values of the candidate network nodes, and respectively calculates Euclidean distances between a node outflow characteristic vector of the target network node and a node outflow characteristic vector of each candidate network node and takes the Euclidean distances as second identification values of the candidate network nodes;
the node analysis module adds the first authentication value and the second authentication value of each candidate network node to obtain a node authentication value of each candidate network node, and obtains a second preset number of candidate network nodes with the maximum node authentication value as security verification nodes of the target network node.
The second preset number is the number of the safety verification nodes and is preset according to actual conditions.
In one embodiment, the interaction graph building module generating the first security verification interaction graph based on all the first security verification nodes comprises:
the interactive graph building module traverses all the first security verification nodes, takes the traversed first security verification nodes as first-level target verification nodes, and respectively takes the data inflow and the data outflow of the target network nodes as the horizontal and vertical coordinates of the target network nodes to obtain coordinate points of the target network nodes;
the interactive graph building module respectively takes the data inflow and the data outflow of the first-stage target verification node as the horizontal and vertical coordinates of the first-stage target verification node to obtain a coordinate point of the first-stage target verification node, calculates the Euclidean distance between the coordinate point of the target network node and the coordinate point of the first-stage target verification node to obtain the data traffic differential between the target network node and the first-stage target verification node, and connects the target network node and the first-stage target verification node to obtain a first-stage network node chain of the first-stage target verification node when the data traffic differential is smaller than a differential threshold value. The delta threshold is preset according to actual conditions.
The method comprises the steps that an interactive graph building module calculates the difference value between the data inflow of a target network node and the data inflow of a first-stage target verification node to obtain the data inflow differential quantity of the target network node and the first-stage target verification node, calculates the difference value between the data outflow of the target network node and the data outflow of the first-stage target verification node to obtain the data outflow differential quantity of the target network node and the first-stage target verification node, and determines the expansion direction of a first-stage network node chain of the first-stage target verification node based on the ratio of the data inflow differential quantity of the target network node and the first-stage target verification node to the data outflow differential quantity of the target network node and the first-stage target verification node;
and repeating the steps until all the first security verification nodes are traversed, so as to obtain the expansion direction of the first-level network node chain of each first security verification node.
In one embodiment, the interactive map construction module performs first network node chain expansion based on the expansion direction of each first-stage network node chain to expand each first-stage network node chain into a second-stage network node chain;
the interactive map building module acquires the expansion direction of each second-level network node chain, and performs second-time network node chain expansion based on the expansion direction of each second-level network node chain to expand each second-level network node chain into a third-level network node chain;
the interactive map building module obtains the expansion direction of each third-level network node chain, and performs third-level network node chain expansion based on the expansion direction of each third-level network node chain so as to expand each third-level network node chain into a fourth-level network node chain;
repeating the steps to perform N-1 times of network node chain expansion on each first-level network node chain to obtain a plurality of Nth-level network node chains, and mapping all the Nth-level network node chains to obtain a first security verification interaction graph. And N is iteration times which are preset according to the accuracy.
In one embodiment, the obtaining of the second-level network node chain by the interactive map construction module performing the first network node chain expansion based on the expansion direction of the first-level network node chain includes:
the interactive graph building module traverses all the first-stage network node chains and takes the traversed first-stage network node chains as first-stage target network node chains; acquiring the expansion direction of a first-stage target network node chain, and taking a first security verification node closest to the expansion direction of the first-stage target network node chain along the line as a second-stage target verification node;
the interactive graph construction module respectively takes the data inflow and the data outflow of the second-level target verification node as the horizontal and vertical coordinates of the second-level target verification node to obtain a coordinate point of the second-level target verification node, and calculates the Euclidean distance between the coordinate point of the first-level target verification node corresponding to the first-level target network node chain and the coordinate point of the second-level target verification node to obtain the data flow difference between the first-level target network node and the second-level target verification node; connecting the first-level target network node with the second-level target verification node when the data traffic difference is smaller than the difference threshold value to obtain a second-level network node chain of the second-level target verification node;
the interactive graph building module calculates the difference value of the data inflow of the first-level target network node and the data inflow of the second-level target verification node to obtain the data inflow difference value of the first-level target network node and the second-level target verification node, and calculates the difference value of the data outflow of the first-level target network node and the data outflow of the second-level target verification node to obtain the data outflow difference value of the first-level target network node and the second-level target verification node;
the interactive graph construction module determines the expansion direction of a second-level network node chain of a second-level target verification node based on the ratio of the data inflow differential quantity of the first-level target network node and the second-level target verification node to the data outflow differential quantity of the first-level target network node and the second-level target verification node;
and repeating the steps until all the first-stage network node chains are traversed, expanding each first-stage network node chain into a second-stage network node chain, and acquiring the expansion direction of each second-stage network node chain.
S3, the node analysis module obtains all the security verification nodes of each associated network node, the interaction graph construction module takes the security verification nodes of the associated network nodes as second security verification nodes, and then a plurality of second security verification interaction graphs are generated according to each associated network node and the second security verification nodes of each associated network node.
The manner of obtaining the security verification node of the associated network node is the same as the manner of obtaining the security node of the target network node.
The manner in which the second security verification interaction graph is generated from the associated network node and the second security verification node of the associated network node is the same as the manner in which the first security verification interaction graph is generated from the target network node and the first security verification node of the target network node.
S4, the node verification module obtains the structure similarity ratio of each associated network node to the target network node according to each second security verification interaction graph and the first security verification interaction graph, all the associated network nodes are sequenced from small to large according to the corresponding structure similarity ratio to obtain an associated network node sequence, and then the first preset number of associated network nodes in the associated network node sequence are used as abnormal associated network nodes.
The first preset number is the number of the abnormal associated network nodes, and is preset according to actual conditions, specifically, the abnormal associated network nodes are marked from front to back according to the arrangement sequence of the associated network nodes in the associated network node sequence, the number of the abnormal associated network nodes is counted, and the marking of the abnormal associated network nodes is stopped when the number of the abnormal associated network nodes is equal to the first preset number.
Specifically, the obtaining, by the node verification module, the structural similarity ratio of each associated network node to the target network node includes:
the node verification module traverses all the associated network nodes, takes the traversed associated network nodes as target associated network nodes, acquires a second security verification interactive graph of the target associated network nodes, and takes the second security verification interactive graph as a target second security verification interactive graph;
the node verification module acquires the node similarity between the target associated network node and the target network node, and acquires the structural similarity sum of the target associated network node and the target network node based on the target second security verification interaction graph and the first security verification interaction graph;
the node verification module acquires the node similarity of the target associated network node and the target network node and the ratio of the structural similarity sum of the target associated network node and the target network node, and takes the ratio as the structural similarity ratio of the target associated network node and the target network node;
and repeating the steps until all the associated network nodes are traversed so as to obtain the structural similarity ratio of each associated network node to the target network node.
Further, the node verification module obtains structural similarities of the target associated network node and the target network node according to the second security verification interaction graph and the first security verification interaction graph and includes:
the node verification module traverses all first security verification nodes in the first security verification interactive graph, takes the traversed first security verification nodes as target first security verification nodes, and then takes second security verification nodes which are the same as node identifiers of the target first security verification nodes in the second security verification interactive graph as target second security verification nodes;
the node verification module respectively extracts the attribute feature vector and the interaction feature vector of a target first security verification node, and respectively extracts the attribute feature vector and the interaction feature vector of a target second security verification node;
the node verification module calculates cosine similarity of the attribute eigenvector of the target first security verification node and the attribute eigenvector of the target second security verification node to obtain first similarity of the target first security verification node and the target second security verification node;
the node verification module calculates cosine similarity of the interactive feature vector of the target first security verification node and the interactive feature vector of the target second security verification node to obtain second similarity of the target first security verification node and the target second security verification node;
the node verification module obtains the node similarity of the target first security verification node and the target second security verification node based on the first similarity and the second similarity of the target first security verification node and the target second security verification node;
repeating the steps until all the first security verification nodes in the first security verification interactive graph are traversed so as to obtain the node similarity of each first security verification node and the corresponding second security verification node;
and the node verification module adds the node similarity of all the first security verification nodes and the corresponding second security verification nodes to obtain the structural similarity sum of the target associated network node and the target network node.
S5, the node verification module takes the second security verification interactive graph of the abnormal association network node as a third security verification interactive graph, extracts graph structure characteristics of each third security verification interactive graph respectively to obtain a plurality of abnormal graph structure characteristics, extracts graph structure characteristics of the first security verification interactive graph to obtain target graph structure characteristics, and obtains an overlapping area of each third security verification interactive graph and the first security verification interactive graph based on each abnormal graph structure characteristic and the target graph structure characteristics.
And S6, the node verification module obtains the node security verification value of the target network node based on the overlapping area of each third security verification interaction graph and the first security verification interaction graph, and verifies the security of the target network node based on the node security verification value of the target network node.
In one embodiment, the obtaining, by the node verification module, the node security verification value of the target network node based on the overlapping area of the third security verification interaction graph and the first security verification interaction graph includes:
the node verification module traverses all abnormal associated network nodes and takes the traversed abnormal associated network nodes as target abnormal associated network nodes;
the node verification module respectively extracts attribute feature vectors and interaction feature vectors of the target network node and the target abnormity associated network node, and uses Euclidean distance between the attribute feature vector of the target network node and the attribute feature vector of the target abnormity associated network node as a first sub-weight of the target abnormity associated network node; the attribute feature vector represents the attribute features of the network nodes;
the node verification module takes the Euclidean distance between the interactive characteristic vector of the target network node and the interactive characteristic vector of the target abnormity associated network node as a second sub-weight of the target abnormity associated network node; the interactive feature vector represents interactive features of the network node;
the node verification module adds the first sub-weight and the second sub-weight of the target abnormal associated network node to obtain a node weight of the target abnormal associated network node, and repeats the steps until all abnormal associated network nodes are traversed to obtain the node weight of each abnormal associated network node;
the node verification module obtains the proportion of the overlapping area of each third security verification interactive graph and the first security verification interactive graph in the first security verification interactive graph to obtain the node abnormality degree of each abnormal associated network node, and then carries out weighted summation on the node abnormality degrees of all the abnormal associated network nodes according to the node weight values of all the abnormal associated network nodes to obtain the node security verification value of the target network node.
According to the method and the device, the node security verification value of the target network node is obtained through the data interaction behavior of the target network node and the related network node, and whether the target network node is safe or not is judged according to the node security verification value, so that the information security of a terminal user accessing the intelligent financial network is ensured, and the economic loss of the user caused by the invasion of the intelligent financial network is avoided.
The above embodiments are merely illustrative of the technical ideas and features of the present invention, and are intended to enable those skilled in the art to understand the contents of the present invention and implement the present invention, and not to limit the scope of the present invention. All equivalent changes or modifications made according to the spirit of the present invention should be covered within the protection scope of the present invention.
Claims (8)
1. A network node security system for intelligent finance, comprising: the intelligent financial computing equipment is in communication connection with each network node and the database respectively; the intelligent financial computing device includes: the system comprises a node analysis module, an interactive graph construction module and a node verification module, wherein communication connection is formed among the modules;
the node analysis module randomly selects a network node from the intelligent financial network as a target network node, acquires information interaction data of the target network node, and identifies a related network node based on the information interaction data;
the node analysis module acquires node inflow data and node outflow data of each network node in the intelligent financial network, and extracts data characteristics of the node inflow data and the node outflow data of each network node to obtain a node inflow characteristic vector and a node outflow characteristic vector of each network node;
the node analysis module takes network nodes except the target network node in the intelligent financial network as candidate network nodes, respectively calculates Euclidean distances between a node inflow characteristic vector of the target network node and a node inflow characteristic vector of each candidate network node and takes the Euclidean distances as first identification values of the candidate network nodes, and respectively calculates Euclidean distances between a node outflow characteristic vector of the target network node and a node outflow characteristic vector of each candidate network node and takes the Euclidean distances as second identification values of the candidate network nodes;
the node analysis module adds the first identification value and the second identification value of each candidate network node to obtain a node identification value of each candidate network node, and obtains a second preset number of candidate network nodes with the maximum node identification value as security verification nodes of the target network node;
the interactive graph construction module takes the security verification node of the target network node as a first security verification node, and then generates a first security verification interactive graph according to the target network node and all the first security verification nodes; acquiring all security verification nodes of each associated network node, taking the security verification nodes of the associated network nodes as second security verification nodes, and then generating a plurality of second security verification interaction graphs according to each associated network node and the second security verification nodes of each associated network node;
and the node verification module obtains a node security verification value of the target network node according to the first security verification interaction graph and the second security verification interaction graph, and verifies the security of the target network node according to the node security verification value of the target network node.
2. The system of claim 1, wherein the node verification module obtaining the node security verification value of the target network node according to the first security verification interaction graph and the second security verification interaction graph comprises:
the node verification module acquires the structural similarity ratio of each associated network node to a target network node according to each second security verification interactive graph and each first security verification interactive graph, sequences all the associated network nodes from small to large according to the corresponding structural similarity ratio to obtain an associated network node sequence, and then takes the first preset number of associated network nodes in the associated network node sequence as abnormal associated network nodes;
the node verification module takes the second security verification interactive graph of the abnormal association network node as a third security verification interactive graph and respectively extracts graph structure characteristics of each third security verification interactive graph to obtain a plurality of abnormal graph structure characteristics;
the node verification module extracts the graph structure characteristics of the first safety verification interactive graph to obtain target graph structure characteristics, and obtains the overlapping area of each third safety verification interactive graph and the first safety verification interactive graph based on each abnormal graph structure characteristic and the target graph structure characteristic;
and the node verification module obtains the node security verification value of the target network node based on the overlapping area of each third security verification interaction graph and the first security verification interaction graph.
3. The system of any one of claims 1 to 2, wherein the node verification module obtaining the node security verification value of the target network node based on an overlapping area of the third security verification interaction graph and the first security verification interaction graph comprises:
the node verification module traverses all abnormal associated network nodes and takes the traversed abnormal associated network nodes as target abnormal associated network nodes;
the node verification module respectively extracts attribute feature vectors and interaction feature vectors of the target network node and the target abnormity associated network node, and uses Euclidean distance between the attribute feature vector of the target network node and the attribute feature vector of the target abnormity associated network node as a first sub-weight of the target abnormity associated network node; the attribute feature vector represents the attribute features of the network nodes;
the node verification module takes the Euclidean distance between the interactive characteristic vector of the target network node and the interactive characteristic vector of the target abnormity associated network node as a second sub-weight of the target abnormity associated network node; the interactive feature vector represents interactive features of the network node;
the node verification module adds the first sub-weight and the second sub-weight of the target abnormal associated network node to obtain a node weight of the target abnormal associated network node, and repeats the steps until all abnormal associated network nodes are traversed to obtain the node weight of each abnormal associated network node;
the node verification module obtains the proportion of the overlapping area of each third security verification interactive graph and the first security verification interactive graph in the first security verification interactive graph to obtain the node abnormality degree of each abnormal associated network node, and then carries out weighted summation on the node abnormality degrees of all the abnormal associated network nodes according to the node weight values of all the abnormal associated network nodes to obtain the node security verification value of the target network node.
4. The system of claim 3, wherein the node verification module obtaining the structural similarity ratio of each associated network node to the target network node comprises:
the node verification module traverses all the associated network nodes, takes the traversed associated network nodes as target associated network nodes, acquires a second security verification interactive graph of the target associated network nodes, and takes the second security verification interactive graph as a target second security verification interactive graph;
the node verification module acquires the node similarity between the target associated network node and the target network node, and acquires the structural similarity sum of the target associated network node and the target network node based on the target second security verification interaction graph and the first security verification interaction graph;
the node verification module acquires the node similarity of the target associated network node and the target network node and the ratio of the structural similarity sum of the target associated network node and the target network node, and takes the ratio as the structural similarity ratio of the target associated network node and the target network node;
and repeating the steps until all the associated network nodes are traversed so as to obtain the structural similarity ratio of each associated network node to the target network node.
5. The system of claim 4, wherein the node verification module obtains structural similarities and sums of the target associated network node and the target network node from the second security verification interaction graph and the first security verification interaction graph comprises:
the node verification module traverses all first security verification nodes in the first security verification interactive graph, takes the traversed first security verification nodes as target first security verification nodes, and then takes second security verification nodes which are the same as node identifiers of the target first security verification nodes in the second security verification interactive graph as target second security verification nodes;
the node verification module extracts an attribute feature vector and an interaction feature vector of a target first security verification node and extracts an attribute feature vector and an interaction feature vector of a target second security verification node;
the node verification module calculates cosine similarity of the attribute eigenvector of the target first security verification node and the attribute eigenvector of the target second security verification node to obtain first similarity of the target first security verification node and the target second security verification node;
the node verification module calculates cosine similarity of the interactive feature vector of the target first security verification node and the interactive feature vector of the target second security verification node to obtain second similarity of the target first security verification node and the target second security verification node;
the node verification module obtains the node similarity of the target first security verification node and the target second security verification node based on the first similarity and the second similarity of the target first security verification node and the target second security verification node;
repeating the steps until all the first security verification nodes in the first security verification interactive graph are traversed so as to obtain the node similarity of each first security verification node and the corresponding second security verification node;
and the node verification module adds the node similarity of all the first security verification nodes and the corresponding second security verification nodes to obtain the structural similarity sum of the target associated network node and the target network node.
6. The system of claim 5, wherein the interaction graph building module generating the first security verification interaction graph based on all of the first security verification nodes comprises:
the interactive graph building module traverses all the first security verification nodes, takes the traversed first security verification nodes as first-level target verification nodes, and respectively takes the data inflow and the data outflow of the target network nodes as the horizontal and vertical coordinates of the target network nodes to obtain coordinate points of the target network nodes;
the interactive graph building module respectively takes the data inflow and the data outflow of a first-stage target verification node as the horizontal and vertical coordinates of the first-stage target verification node to obtain a coordinate point of the first-stage target verification node, calculates the Euclidean distance between the coordinate point of a target network node and the coordinate point of the first-stage target verification node to obtain the data traffic differential between the target network node and the first-stage target verification node, and connects the target network node and the first-stage target verification node when the data traffic differential is smaller than a differential threshold value to obtain a first-stage network node chain of the first-stage target verification node;
the interactive graph building module calculates the difference value between the data inflow of the target network node and the data inflow of the first-stage target verification node to obtain the data inflow differential quantity between the target network node and the first-stage target verification node, and calculates the difference value between the data outflow of the target network node and the data outflow of the first-stage target verification node to obtain the data outflow differential quantity between the target network node and the first-stage target verification node;
the interactive graph construction module determines the expansion direction of a first-stage network node chain of a first-stage target verification node based on the ratio of the data inflow differential quantity of the target network node and the first-stage target verification node to the data outflow differential quantity of the target network node and the first-stage target verification node;
and repeating the steps until all the first security verification nodes are traversed, so as to obtain the expansion direction of the first-level network node chain of each first security verification node.
7. The system of claim 6, wherein the interaction graph building module generating the first security verification interaction graph based on all of the first security verification nodes comprises:
the interactive graph building module conducts first network node chain expansion based on the expansion direction of each first-stage network node chain so as to expand each first-stage network node chain into a second-stage network node chain;
the interactive map building module acquires the expansion direction of each second-level network node chain, and performs second-time network node chain expansion based on the expansion direction of each second-level network node chain to expand each second-level network node chain into a third-level network node chain;
the interactive map building module obtains the expansion direction of each third-level network node chain, and performs third-level network node chain expansion based on the expansion direction of each third-level network node chain so as to expand each third-level network node chain into a fourth-level network node chain;
repeating the steps to perform N-1 times of network node chain expansion on each first-level network node chain to obtain a plurality of Nth-level network node chains, and performing mapping processing on all the Nth-level network node chains by using the interactive map construction module to obtain a first security verification interactive map.
8. The system according to any one of claims 1 to 7, wherein the obtaining of the second-level network node chain by the interactive map construction module performing the first network node chain expansion based on the expansion direction of the first-level network node chain includes:
the interactive graph building module traverses all the first-stage network node chains and takes the traversed first-stage network node chains as first-stage target network node chains; acquiring the expansion direction of a first-stage target network node chain, and taking a first security verification node closest to the expansion direction of the first-stage target network node chain along the line as a second-stage target verification node;
the interactive graph construction module respectively takes the data inflow and the data outflow of the second-level target verification node as the horizontal and vertical coordinates of the second-level target verification node to obtain a coordinate point of the second-level target verification node, and calculates the Euclidean distance between the coordinate point of the first-level target verification node corresponding to the first-level target network node chain and the coordinate point of the second-level target verification node to obtain the data flow difference between the first-level target network node and the second-level target verification node; connecting the first-level target network node with the second-level target verification node when the data traffic difference is smaller than the difference threshold value to obtain a second-level network node chain of the second-level target verification node;
the interactive graph building module calculates the difference value of the data inflow of the first-level target network node and the data inflow of the second-level target verification node to obtain the data inflow difference value of the first-level target network node and the second-level target verification node, and calculates the difference value of the data outflow of the first-level target network node and the data outflow of the second-level target verification node to obtain the data outflow difference value of the first-level target network node and the second-level target verification node;
the interactive graph construction module determines the expansion direction of a second-level network node chain of a second-level target verification node based on the ratio of the data inflow differential quantity of the first-level target network node and the second-level target verification node to the data outflow differential quantity of the first-level target network node and the second-level target verification node;
and repeating the steps until all the first-stage network node chains are traversed, expanding each first-stage network node chain into a second-stage network node chain, and acquiring the expansion direction of each second-stage network node chain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110925947.3A CN113709120B (en) | 2021-08-12 | 2021-08-12 | Network node security system for intelligent finance |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110925947.3A CN113709120B (en) | 2021-08-12 | 2021-08-12 | Network node security system for intelligent finance |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113709120A true CN113709120A (en) | 2021-11-26 |
| CN113709120B CN113709120B (en) | 2023-06-23 |
Family
ID=78652493
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110925947.3A Active CN113709120B (en) | 2021-08-12 | 2021-08-12 | Network node security system for intelligent finance |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113709120B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107707417A (en) * | 2017-11-29 | 2018-02-16 | 桂林电子科技大学 | Wireless sensor network detection of anomaly node and localization method based on subgraph processing |
| CN112165496A (en) * | 2020-10-13 | 2021-01-01 | 清华大学 | Network security anomaly detection algorithm and detection system based on cluster map neural network |
| US20210042359A1 (en) * | 2018-02-27 | 2021-02-11 | Nippon Telegraph And Telephone Corporation | Traffic anomaly sensing device, traffic anomaly sensing method, and traffic anomaly sensing program |
| CN113139654A (en) * | 2021-03-18 | 2021-07-20 | 北京三快在线科技有限公司 | Method and device for training neural network model |
-
2021
- 2021-08-12 CN CN202110925947.3A patent/CN113709120B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107707417A (en) * | 2017-11-29 | 2018-02-16 | 桂林电子科技大学 | Wireless sensor network detection of anomaly node and localization method based on subgraph processing |
| US20210042359A1 (en) * | 2018-02-27 | 2021-02-11 | Nippon Telegraph And Telephone Corporation | Traffic anomaly sensing device, traffic anomaly sensing method, and traffic anomaly sensing program |
| CN112165496A (en) * | 2020-10-13 | 2021-01-01 | 清华大学 | Network security anomaly detection algorithm and detection system based on cluster map neural network |
| CN113139654A (en) * | 2021-03-18 | 2021-07-20 | 北京三快在线科技有限公司 | Method and device for training neural network model |
Non-Patent Citations (2)
| Title |
|---|
| G.VICTOR DANIEL等: "Robust Graph based Deep Anomaly Detection on", 《IEEE》 * |
| 李忠等: "面向图的异常检测研究综述", 《软件学报》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113709120B (en) | 2023-06-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111932386B (en) | User account determining method and device, information pushing method and device, and electronic equipment | |
| CN103870751A (en) | Method and system for intrusion detection | |
| Pinceti et al. | Load redistribution attack detection using machine learning: A data-driven approach | |
| CN110704694A (en) | Organization hierarchy dividing method based on network representation learning and application thereof | |
| CN112153221B (en) | Communication behavior identification method based on social network diagram calculation | |
| LaRock et al. | Hypa: Efficient detection of path anomalies in time series data on networks | |
| CN110022293A (en) | A kind of electric network information physics emerging system methods of risk assessment | |
| CN113872816B (en) | Equipment management system for industrial Internet | |
| CN110119621B (en) | Attack defense method, system and defense device for abnormal system call | |
| Štěpánek et al. | Analysis of asymptotic time complexity of an assumption-free alternative to the log-rank test | |
| Do Xuan et al. | Optimization of network traffic anomaly detection using machine learning. | |
| CN112887323B (en) | Network protocol association and identification method for industrial internet boundary security | |
| CN105721467A (en) | Social network Sybil group detection method | |
| CN113709120A (en) | Network node safety system for intelligent finance | |
| Sun et al. | Sensitive task assignments in crowdsourcing markets with colluding workers | |
| CN112035490A (en) | Electric vehicle information monitoring method, device and system based on cloud platform | |
| CN108090132B (en) | Community overlapping division method integrating average division distance and structural relationship of labels | |
| CN116563690A (en) | Unmanned aerial vehicle sensor type unbalanced data anomaly detection method and detection system | |
| Liyanage et al. | Clustered Approach for Clone Detection in social media | |
| CN112766320B (en) | Classification model training method and computer equipment | |
| CN115085948A (en) | Network security situation assessment method based on improved D-S evidence theory | |
| CN113746809A (en) | Network node security verification method based on big data and smart city | |
| CN111694969A (en) | User identity identification method and device | |
| Zhao et al. | Method of choosing optimal features used to intrusion detection system in coal mine disaster warning internet of things based on immunity algorithm | |
| Mao et al. | Decentralized Learning Robust to Data Poisoning Attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Building 7, Electronic Information Industry Entrepreneurship Center, Lingyuan Road, Chenggong District, Kunming, Yunnan 650501 Applicant after: Li Rong Address before: 611730 entrepreneurship Park, Jingrong Town, Pidu District, Chengdu, Sichuan Applicant before: Li Rong |
|
| CB02 | Change of applicant information | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20230526 Address after: Room 12-21, Building 3, No. 68 Jinkai Avenue, North New Area, Yubei District, Chongqing, 401121 Applicant after: Chongqing Buke Technology Co.,Ltd. Address before: Building 7, Electronic Information Industry Entrepreneurship Center, Lingyuan Road, Chenggong District, Kunming, Yunnan 650501 Applicant before: Li Rong |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |