CN113709120B - Network node security system for intelligent finance - Google Patents
Network node security system for intelligent finance Download PDFInfo
- Publication number
- CN113709120B CN113709120B CN202110925947.3A CN202110925947A CN113709120B CN 113709120 B CN113709120 B CN 113709120B CN 202110925947 A CN202110925947 A CN 202110925947A CN 113709120 B CN113709120 B CN 113709120B
- Authority
- CN
- China
- Prior art keywords
- node
- target
- network node
- verification
- security verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The invention relates to a network node security system for intelligent finance, comprising: the intelligent financial computing device is respectively in communication connection with each network node and the database; the intelligent financial computing device includes: the system comprises a node analysis module, an interaction diagram construction module and a node verification module, wherein the modules are in communication connection. The node analysis module acquires the associated network node according to the information interaction data of the target network node. The interaction diagram construction module generates a first security verification interaction diagram and a plurality of second security verification interaction diagrams according to the security verification node of the target network node and the security verification node of each associated network node respectively. The node verification module obtains a node security verification value of the target network node according to the first security verification interaction diagram and the second security verification interaction diagram, and verifies the security of the target network node according to the node security verification value.
Description
Technical Field
The invention relates to the fields of big data and intelligent finance, in particular to a network node security system for intelligent finance.
Background
In recent years, development of information technology has advanced, and the development and application of artificial intelligence technologies such as cloud computing, big data, mobile internet, blockchain, internet of things, deep learning, data mining, and machine learning have led to the gradual progress of human society from electronic, informatization, networking, and digitalization to a higher-stage intelligent age. With the advanced integration of information technology, particularly intelligent information technology, with modern financial industry, intelligent finance has been developed.
The intelligent financial network architecture requires that each network node and server within the network be in a safe and reliable operational state when requesting and replying to messages. Therefore, how to verify the security of the network node and the server to ensure the access security of the device and the safe and reliable operation of the information service become intelligent financial technical problems.
Disclosure of Invention
In view of the above, the present invention provides a network node security system for intelligent finance, which includes: the intelligent financial computing device is respectively in communication connection with each network node and the database; the intelligent financial computing device includes: the system comprises a node analysis module, an interaction diagram construction module and a node verification module, wherein the modules are in communication connection;
The node analysis module randomly selects a network node from the intelligent financial network as a target network node, acquires information interaction data of the target network node, and then identifies an associated network node based on the information interaction data;
the node analysis module acquires node inflow data and node outflow data of each network node in the intelligent financial network, and extracts data characteristics of the node inflow data and the node outflow data of each network node to obtain node inflow characteristic vectors and node outflow characteristic vectors of each network node;
the node analysis module takes network nodes except the target network node in the intelligent financial network as candidate network nodes, calculates the Euclidean distance between the node inflow characteristic vector of the target network node and the node inflow characteristic vector of each candidate network node respectively and takes the Euclidean distance as a first identification value of the candidate network node, and then calculates the Euclidean distance between the node outflow characteristic vector of the target network node and the node outflow characteristic vector of each candidate network node respectively and takes the Euclidean distance as a second identification value of the candidate network node;
the node analysis module adds the first authentication value and the second authentication value of each candidate network node to obtain a node authentication value of each candidate network node, and obtains the first second preset number of candidate network nodes with the maximum node authentication value as security verification nodes of the target network node;
The interaction diagram construction module takes a security verification node of the target network node as a first security verification node, and then generates a first security verification interaction diagram according to the target network node and all the first security verification nodes; acquiring all security verification nodes of each associated network node, taking the security verification nodes of the associated network node as second security verification nodes, and generating a plurality of second security verification interaction diagrams according to each associated network node and the second security verification nodes of each associated network node;
the node verification module obtains a node security verification value of the target network node according to the first security verification interaction diagram and the second security verification interaction diagram, and verifies the security of the target network node according to the node security verification value of the target network node.
Further, the node verification module obtaining the node security verification value of the target network node according to the first security verification interaction diagram and the second security verification interaction diagram includes:
the node verification module obtains the structural similarity ratio of each associated network node and the target network node according to each second security verification interaction diagram and each first security verification interaction diagram, sorts all the associated network nodes from small to large according to the corresponding structural similarity ratio to obtain an associated network node sequence, and then takes the first preset number of associated network nodes in the associated network node sequence as abnormal associated network nodes;
The node verification module takes the second security verification interaction graph of the abnormal associated network node as a third security verification interaction graph, and respectively extracts the graph structural characteristics of each third security verification interaction graph to obtain a plurality of abnormal graph structural characteristics;
the node verification module extracts the graph structural features of the first security verification interaction graph to obtain target graph structural features, and acquires the overlapping area of each third security verification interaction graph and the first security verification interaction graph based on each abnormal graph structural feature and the target graph structural features;
the node verification module obtains a node security verification value of the target network node based on the overlapping area of each third security verification interaction graph and the first security verification interaction graph.
Further, the node verification module obtaining the node security verification value of the target network node based on the overlapping area of the third security verification interaction graph and the first security verification interaction graph includes:
the node verification module traverses all the abnormal associated network nodes, and takes the traversed abnormal associated network nodes as target abnormal associated network nodes;
the node verification module extracts an attribute feature vector and an interaction feature vector of the target network node and the target abnormal associated network node respectively, and takes the Euclidean distance between the attribute feature vector of the target network node and the attribute feature vector of the target abnormal associated network node as a first sub-weight of the target abnormal associated network node; the attribute feature vector characterizes the attribute feature of the network node;
The node verification module takes Euclidean distance between the interaction feature vector of the target network node and the interaction feature vector of the target abnormal associated network node as a second sub-weight of the target abnormal associated network node; the interaction feature vector characterizes interaction features of the network node;
the node verification module adds the first sub weight and the second sub weight of the target abnormal associated network node to obtain the node weight of the target abnormal associated network node, and repeats the steps until all the abnormal associated network nodes are traversed to obtain the node weight of each abnormal associated network node;
the node verification module obtains the node anomaly degree of each abnormal associated network node according to the proportion occupied by the overlapping area of each third security verification interaction diagram and the first security verification interaction diagram in the first security verification interaction diagram, and then carries out weighted summation on the node anomaly degree of all abnormal associated network nodes according to the node weight of all abnormal associated network nodes to obtain the node security verification value of the target network node.
Further, the node verification module obtaining the structural similarity ratio of each associated network node to the target network node includes:
the node verification module traverses all the associated network nodes, takes the traversed associated network node as a target associated network node, acquires a second security verification interaction diagram of the target associated network node, and takes the second security verification interaction diagram as a target second security verification interaction diagram;
The node verification module acquires node similarity between the target associated network node and the target network node, and acquires structural similarity sum of the target associated network node and the target network node based on the target second security verification interaction diagram and the first security verification interaction diagram;
the node verification module obtains the ratio of the node similarity between the target associated network node and the target network node to the structural similarity sum of the target associated network node and the target network node, and takes the ratio as the structural similarity ratio between the target associated network node and the target network node;
repeating the steps until all the associated network nodes are traversed, so that the structural similarity ratio of each associated network node and the target network node is obtained.
Further, the node verification module obtains structural similarity between the target associated network node and the target network node according to the second security verification interaction diagram and the first security verification interaction diagram, and the node verification module comprises:
the node verification module traverses all first security verification nodes in the first security verification interaction graph, takes the traversed first security verification node as a target first security verification node, and takes a second security verification node which is the same as the node identifier of the target first security verification node in the second security verification interaction graph as a target second security verification node;
The node verification module extracts an attribute feature vector and an interaction feature vector of a target first security verification node, and extracts an attribute feature vector and an interaction feature vector of a target second security verification node;
the node verification module calculates cosine similarity of the attribute feature vector of the target first security verification node and the attribute feature vector of the target second security verification node to obtain first similarity of the target first security verification node and the target second security verification node;
the node verification module calculates cosine similarity of the interaction feature vector of the target first security verification node and the interaction feature vector of the target second security verification node to obtain second similarity of the target first security verification node and the target second security verification node;
the node verification module obtains the node similarity of the target first security verification node and the target second security verification node based on the first similarity and the second similarity of the target first security verification node and the target second security verification node;
repeating the steps until all the first security verification nodes in the first security verification interaction graph are traversed, so that the node similarity of each first security verification node and the corresponding second security verification node is obtained;
And the node verification module adds the node similarity of all the first security verification nodes and the corresponding second security verification nodes to obtain the structural similarity sum of the target associated network node and the target network node.
Further, the interaction graph construction module generating the first security verification interaction graph based on all the first security verification nodes includes:
the interactive graph construction module traverses all the first security verification nodes, takes the traversed first security verification nodes as first-stage target verification nodes, and takes the data inflow and data outflow of the target network nodes as the abscissa and ordinate of the target network nodes to obtain coordinate points of the target network nodes;
the interactive graph construction module respectively takes the data inflow and the data outflow of the first-stage target verification node as the abscissa of the first-stage target verification node to obtain a coordinate point of the first-stage target verification node, calculates the Euclidean distance between the coordinate point of the target network node and the coordinate point of the first-stage target verification node to obtain the data flow difference between the target network node and the first-stage target verification node, and connects the target network node and the first-stage target verification node to obtain a first-stage network node chain of the first-stage target verification node when the data flow difference is smaller than a difference threshold;
The interaction diagram construction module calculates the difference value of the data inflow quantity of the target network node and the data inflow quantity of the first-stage target verification node to obtain the data inflow difference value of the target network node and the first-stage target verification node, and calculates the difference value of the data outflow quantity of the target network node and the data outflow quantity of the first-stage target verification node to obtain the data outflow difference value of the target network node and the first-stage target verification node;
the interaction diagram construction module determines the expansion direction of a first-stage network node chain of the first-stage target verification node based on the ratio of the data inflow difference of the target network node and the first-stage target verification node and the data outflow difference of the target network node and the first-stage target verification node;
repeating the steps until all the first security verification nodes are traversed, so that the expansion direction of the first-stage network node chain of each first security verification node is obtained.
Further, the interaction graph construction module generating the first security verification interaction graph based on all the first security verification nodes includes:
the interaction diagram construction module expands the first-stage network node chains based on the expansion direction of each first-stage network node chain so as to expand each first-stage network node chain into a second-stage network node chain;
The interactive graph construction module acquires the expansion direction of each second-level network node chain, and expands the second-level network node chain based on the expansion direction of each second-level network node chain so as to expand each second-level network node chain into a third-level network node chain;
the interactive graph construction module acquires the expansion direction of each third-level network node chain, and expands the third-level network node chain based on the expansion direction of each third-level network node chain so as to expand each third-level network node chain into a fourth-level network node chain;
repeating the steps to expand each first-stage network node chain for N-1 times to obtain a plurality of N-stage network node chains, and carrying out mapping processing on all the N-stage network node chains by the interaction diagram construction module to obtain a first security verification interaction diagram.
Further, the interaction graph construction module performing a first network node chain expansion based on the expansion direction of the first network node chain to obtain a second network node chain includes:
the interactive graph construction module traverses all first-level network node chains, and takes the traversed first-level network node chains as first-level target network node chains; acquiring the expansion direction of a first-stage target network node chain, and taking a first security verification node closest to the line of the expansion direction of the first-stage target network node chain as a second-stage target verification node;
The interactive graph construction module respectively takes the data inflow and the data outflow of the second-stage target verification node as the abscissa of the second-stage target verification node to obtain a coordinate point of the second-stage target verification node, and calculates the Euclidean distance between the coordinate point of the first-stage target verification node corresponding to the first-stage target network node chain and the coordinate point of the second-stage target verification node to obtain the data flow difference between the first-stage target network node and the second-stage target verification node; when the data traffic difference is smaller than the difference threshold, connecting the first-stage target network node with the second-stage target verification node to obtain a second-stage network node chain of the second-stage target verification node;
the interaction diagram construction module calculates the difference value of the data inflow quantity of the first-stage target network node and the data inflow quantity of the second-stage target verification node to obtain the data inflow quantity of the first-stage target network node and the second-stage target verification node, and calculates the difference value of the data outflow quantity of the first-stage target network node and the data outflow quantity of the second-stage target verification node to obtain the data outflow quantity of the first-stage target network node and the second-stage target verification node;
The interaction diagram construction module determines the expansion direction of a second-level network node chain of the second-level target verification node based on the ratio of the data inflow difference of the first-level target network node and the second-level target verification node to the data outflow difference of the first-level target network node and the second-level target verification node;
repeating the steps until all the first-stage network node chains are traversed, expanding each first-stage network node chain into a second-stage network node chain, and acquiring the expanding direction of each second-stage network node chain.
The invention has the following beneficial effects: according to the invention, the node security verification value of the target network node is obtained through the data interaction behavior of the target network node and the associated network node, and whether the target network node is safe or not is judged according to the node security verification value, so that the information security of the terminal user accessing the intelligent financial network is ensured, and the economic loss caused by the invasion of the intelligent financial network to the user is avoided.
Drawings
Fig. 1 is a block diagram of a network node security system for smart finance according to an exemplary embodiment.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments.
Referring to fig. 1, in one embodiment, a network node security system for smart finance may include: the intelligent financial computing device is respectively in communication connection with each network node and the database; the intelligent financial computing device includes: the system comprises a node analysis module, an interaction diagram construction module and a node verification module, wherein the modules are in communication connection;
the node analysis module randomly selects a network node from the intelligent financial network as a target network node, acquires information interaction data of the target network node, and then identifies an associated network node based on the information interaction data;
the node analysis module acquires node inflow data and node outflow data of each network node in the intelligent financial network, and extracts data characteristics of the node inflow data and the node outflow data of each network node to obtain node inflow characteristic vectors and node outflow characteristic vectors of each network node;
the node analysis module takes network nodes except the target network node in the intelligent financial network as candidate network nodes, calculates the Euclidean distance between the node inflow characteristic vector of the target network node and the node inflow characteristic vector of each candidate network node respectively and takes the Euclidean distance as a first identification value of the candidate network node, and then calculates the Euclidean distance between the node outflow characteristic vector of the target network node and the node outflow characteristic vector of each candidate network node respectively and takes the Euclidean distance as a second identification value of the candidate network node;
The node analysis module adds the first authentication value and the second authentication value of each candidate network node to obtain a node authentication value of each candidate network node, and obtains the first second preset number of candidate network nodes with the maximum node authentication value as security verification nodes of the target network node;
the interaction diagram construction module takes a security verification node of the target network node as a first security verification node, and then generates a first security verification interaction diagram according to the target network node and all the first security verification nodes; acquiring all security verification nodes of each associated network node, taking the security verification nodes of the associated network node as second security verification nodes, and generating a plurality of second security verification interaction diagrams according to each associated network node and the second security verification nodes of each associated network node;
the node verification module obtains a node security verification value of the target network node according to the first security verification interaction diagram and the second security verification interaction diagram, and verifies the security of the target network node according to the node security verification value of the target network node.
The following is a detailed description of the method and principles of operation of the present invention for ease of understanding.
Specifically, in one embodiment, a method flow performed by a network node security system for smart finance may include:
s1, a node analysis module randomly selects a network node from an intelligent financial network as a target network node, acquires information interaction data of the target network node, and then identifies an associated network node based on the information interaction data.
The associated network node is a network node with information interaction behavior with the target network node, and the information interaction data records interaction information of the target network node and the associated network node.
S2, the node analysis module acquires all security verification nodes of the target network node, the interaction diagram construction module takes the security verification nodes of the target network node as first security verification nodes, and a first security verification interaction diagram is generated according to the target network node and all the first security verification nodes.
Specifically, the node analysis module obtaining all security verification nodes of the target network node includes:
the node analysis module acquires node inflow data and node outflow data of each network node in the intelligent financial network, and extracts data characteristics of the node inflow data and the node outflow data of each network node to obtain node inflow characteristic vectors and node outflow characteristic vectors of each network node;
The node analysis module takes network nodes except the target network node in the intelligent financial network as candidate network nodes, calculates the Euclidean distance between the node inflow characteristic vector of the target network node and the node inflow characteristic vector of each candidate network node respectively and takes the Euclidean distance as a first identification value of the candidate network node, and then calculates the Euclidean distance between the node outflow characteristic vector of the target network node and the node outflow characteristic vector of each candidate network node respectively and takes the Euclidean distance as a second identification value of the candidate network node;
the node analysis module adds the first authentication value and the second authentication value of each candidate network node to obtain a node authentication value of each candidate network node, and obtains the first second preset number of candidate network nodes with the maximum node authentication value as security verification nodes of the target network node.
The second preset number is the number of security verification nodes, and is preset according to actual conditions.
In one embodiment, the interaction graph construction module generating the first security verification interaction graph based on all of the first security verification nodes comprises:
the interactive graph construction module traverses all the first security verification nodes, takes the traversed first security verification nodes as first-stage target verification nodes, and takes the data inflow and data outflow of the target network nodes as the abscissa and ordinate of the target network nodes to obtain coordinate points of the target network nodes;
The interactive graph construction module respectively takes the data inflow and the data outflow of the first-stage target verification node as the abscissa of the first-stage target verification node to obtain the coordinate point of the first-stage target verification node, calculates the Euclidean distance between the coordinate point of the target network node and the coordinate point of the first-stage target verification node to obtain the data flow difference between the target network node and the first-stage target verification node, and connects the target network node and the first-stage target verification node to obtain the first-stage network node chain of the first-stage target verification node when the data flow difference is smaller than the difference threshold. The difference threshold is preset according to actual conditions.
The interactive graph construction module calculates the difference value of the data inflow quantity of the target network node and the data inflow quantity of the first-stage target verification node to obtain the data inflow quantity of the target network node and the first-stage target verification node, calculates the difference value of the data outflow quantity of the target network node and the data outflow quantity of the first-stage target verification node to obtain the data outflow quantity of the target network node and the first-stage target verification node, and determines the expansion direction of the first-stage network node chain of the first-stage target verification node based on the ratio of the data inflow quantity of the target network node and the first-stage target verification node and the data outflow quantity of the target network node and the first-stage target verification node;
Repeating the steps until all the first security verification nodes are traversed, so that the expansion direction of the first-stage network node chain of each first security verification node is obtained.
In one embodiment, the interaction graph construction module performs a first network node chain expansion based on an expansion direction of each first level network node chain to expand each first level network node chain into a second level network node chain;
the interactive graph construction module acquires the expansion direction of each second-level network node chain, and expands the second-level network node chain based on the expansion direction of each second-level network node chain so as to expand each second-level network node chain into a third-level network node chain;
the interactive graph construction module acquires the expansion direction of each third-level network node chain, and expands the third-level network node chain based on the expansion direction of each third-level network node chain so as to expand each third-level network node chain into a fourth-level network node chain;
repeating the steps to expand each first-stage network node chain for N-1 times to obtain a plurality of N-stage network node chains, and mapping all the N-stage network node chains to obtain a first security verification interaction diagram. N is the iteration number and is preset according to the accuracy.
In one embodiment, the interaction graph construction module performing a first expansion of the first level network node chain based on an expansion direction of the first level network node chain to obtain a second level network node chain includes:
the interactive graph construction module traverses all first-level network node chains, and takes the traversed first-level network node chains as first-level target network node chains; acquiring the expansion direction of a first-stage target network node chain, and taking a first security verification node closest to the line of the expansion direction of the first-stage target network node chain as a second-stage target verification node;
the interactive graph construction module respectively takes the data inflow and the data outflow of the second-stage target verification node as the abscissa of the second-stage target verification node to obtain a coordinate point of the second-stage target verification node, and calculates the Euclidean distance between the coordinate point of the first-stage target verification node corresponding to the first-stage target network node chain and the coordinate point of the second-stage target verification node to obtain the data flow difference between the first-stage target network node and the second-stage target verification node; when the data traffic difference is smaller than the difference threshold, connecting the first-stage target network node with the second-stage target verification node to obtain a second-stage network node chain of the second-stage target verification node;
The interaction diagram construction module calculates the difference value of the data inflow quantity of the first-stage target network node and the data inflow quantity of the second-stage target verification node to obtain the data inflow quantity of the first-stage target network node and the second-stage target verification node, and calculates the difference value of the data outflow quantity of the first-stage target network node and the data outflow quantity of the second-stage target verification node to obtain the data outflow quantity of the first-stage target network node and the second-stage target verification node;
the interaction diagram construction module determines the expansion direction of a second-level network node chain of the second-level target verification node based on the ratio of the data inflow difference of the first-level target network node and the second-level target verification node to the data outflow difference of the first-level target network node and the second-level target verification node;
repeating the steps until all the first-stage network node chains are traversed, expanding each first-stage network node chain into a second-stage network node chain, and acquiring the expanding direction of each second-stage network node chain.
S3, the node analysis module acquires all security verification nodes of each associated network node, the interaction graph construction module takes the security verification nodes of the associated network nodes as second security verification nodes, and then a plurality of second security verification interaction graphs are generated according to each associated network node and the second security verification nodes of each associated network node.
The security authentication node of the associated network node is obtained in the same way as the security node of the target network node.
The second security verification interaction graph is generated according to the associated network node and the second security verification node of the associated network node in the same way as the first security verification interaction graph is generated according to the target network node and the first security verification node of the target network node.
S4, the node verification module obtains the structural similarity ratio of each associated network node and the target network node according to each second security verification interaction diagram and each first security verification interaction diagram, sorts all the associated network nodes according to the corresponding structural similarity ratio from small to large to obtain an associated network node sequence, and then takes the first preset number of associated network nodes in the associated network node sequence as abnormal associated network nodes.
The first preset number is the number of abnormal associated network nodes, the abnormal associated network nodes are preset according to actual conditions, specifically, the abnormal associated network nodes are marked from front to back according to the arrangement sequence of the associated network nodes in the associated network node sequence, the number of the abnormal associated network nodes is counted, and when the number of the abnormal associated network nodes is equal to the first preset number, the abnormal associated network nodes are stopped to be marked.
Specifically, the node verification module obtaining the structural similarity ratio of each associated network node to the target network node includes:
the node verification module traverses all the associated network nodes, takes the traversed associated network node as a target associated network node, acquires a second security verification interaction diagram of the target associated network node, and takes the second security verification interaction diagram as a target second security verification interaction diagram;
the node verification module acquires node similarity between the target associated network node and the target network node, and acquires structural similarity sum of the target associated network node and the target network node based on the target second security verification interaction diagram and the first security verification interaction diagram;
the node verification module obtains the ratio of the node similarity between the target associated network node and the target network node to the structural similarity sum of the target associated network node and the target network node, and takes the ratio as the structural similarity ratio between the target associated network node and the target network node;
repeating the steps until all the associated network nodes are traversed, so that the structural similarity ratio of each associated network node and the target network node is obtained.
Further, the node verification module obtains structural similarity between the target associated network node and the target network node according to the second security verification interaction diagram and the first security verification interaction diagram, and the node verification module comprises:
The node verification module traverses all first security verification nodes in the first security verification interaction graph, takes the traversed first security verification node as a target first security verification node, and takes a second security verification node which is the same as the node identifier of the target first security verification node in the second security verification interaction graph as a target second security verification node;
the node verification module extracts the attribute feature vector and the interaction feature vector of the target first security verification node respectively, and extracts the attribute feature vector and the interaction feature vector of the target second security verification node respectively;
the node verification module calculates cosine similarity of the attribute feature vector of the target first security verification node and the attribute feature vector of the target second security verification node to obtain first similarity of the target first security verification node and the target second security verification node;
the node verification module calculates cosine similarity of the interaction feature vector of the target first security verification node and the interaction feature vector of the target second security verification node to obtain second similarity of the target first security verification node and the target second security verification node;
the node verification module obtains the node similarity of the target first security verification node and the target second security verification node based on the first similarity and the second similarity of the target first security verification node and the target second security verification node;
Repeating the steps until all the first security verification nodes in the first security verification interaction graph are traversed, so that the node similarity of each first security verification node and the corresponding second security verification node is obtained;
the node verification module adds the node similarity of all the first security verification nodes and the corresponding second security verification nodes to obtain the structural similarity sum of the target associated network node and the target network node.
S5, the node verification module takes the second security verification interaction graph of the abnormal association network node as a third security verification interaction graph, extracts the graph structural features of each third security verification interaction graph to obtain a plurality of abnormal graph structural features, extracts the graph structural features of the first security verification interaction graph to obtain target graph structural features, and obtains the overlapping area of each third security verification interaction graph and the first security verification interaction graph based on each abnormal graph structural feature and the target graph structural features.
And S6, the node verification module obtains node security verification values of the target network nodes based on the overlapped area of each third security verification interaction graph and the first security verification interaction graph, and verifies the security of the target network nodes based on the node security verification values of the target network nodes.
In one embodiment, the node verification module obtaining the node security verification value of the target network node based on the overlapping region of the third security verification interaction graph and the first security verification interaction graph includes:
the node verification module traverses all the abnormal associated network nodes, and takes the traversed abnormal associated network nodes as target abnormal associated network nodes;
the node verification module extracts an attribute feature vector and an interaction feature vector of the target network node and the target abnormal associated network node respectively, and takes the Euclidean distance between the attribute feature vector of the target network node and the attribute feature vector of the target abnormal associated network node as a first sub-weight of the target abnormal associated network node; the attribute feature vector characterizes the attribute feature of the network node;
the node verification module takes Euclidean distance between the interaction feature vector of the target network node and the interaction feature vector of the target abnormal associated network node as a second sub-weight of the target abnormal associated network node; the interaction feature vector characterizes interaction features of the network node;
the node verification module adds the first sub weight and the second sub weight of the target abnormal associated network node to obtain the node weight of the target abnormal associated network node, and repeats the steps until all the abnormal associated network nodes are traversed to obtain the node weight of each abnormal associated network node;
The node verification module obtains the proportion of the overlapping area of each third security verification interaction graph and the first security verification interaction graph in the first security verification interaction graph to obtain the node anomaly degree of each abnormal associated network node, and then carries out weighted summation on the node anomaly degree of all abnormal associated network nodes according to the node weight of all abnormal associated network nodes to obtain the node security verification value of the target network node.
According to the invention, the node security verification value of the target network node is obtained through the data interaction behavior of the target network node and the associated network node, and whether the target network node is safe or not is judged according to the node security verification value, so that the information security of the terminal user accessing the intelligent financial network is ensured, and the economic loss caused by the invasion of the intelligent financial network to the user is avoided.
The foregoing embodiments are merely illustrative of the technical concept and features of the present invention, and are intended to enable those skilled in the art to understand the present invention and to implement the same according to the present invention, not to limit the scope of the present invention. All changes and modifications that come within the meaning and range of equivalency of the invention are to be embraced within their scope.
Claims (6)
1. A network node security system for intelligent finance, comprising: the intelligent financial computing device is respectively in communication connection with each network node and the database; the intelligent financial computing device includes: the system comprises a node analysis module, an interaction diagram construction module and a node verification module, wherein the modules are in communication connection;
the node analysis module randomly selects a network node from the intelligent financial network as a target network node, acquires information interaction data of the target network node, and then identifies an associated network node based on the information interaction data;
the node analysis module acquires node inflow data and node outflow data of each network node in the intelligent financial network, and extracts data characteristics of the node inflow data and the node outflow data of each network node to obtain node inflow characteristic vectors and node outflow characteristic vectors of each network node;
the node analysis module takes network nodes except the target network node in the intelligent financial network as candidate network nodes, calculates the Euclidean distance between the node inflow characteristic vector of the target network node and the node inflow characteristic vector of each candidate network node respectively and takes the Euclidean distance as a first identification value of the candidate network node, and then calculates the Euclidean distance between the node outflow characteristic vector of the target network node and the node outflow characteristic vector of each candidate network node respectively and takes the Euclidean distance as a second identification value of the candidate network node;
The node analysis module adds the first authentication value and the second authentication value of each candidate network node to obtain a node authentication value of each candidate network node, and obtains the first second preset number of candidate network nodes with the maximum node authentication value as security verification nodes of the target network node;
the interaction diagram construction module takes a security verification node of the target network node as a first security verification node, and then generates a first security verification interaction diagram according to the target network node and all the first security verification nodes; acquiring all security verification nodes of each associated network node, taking the security verification nodes of the associated network node as second security verification nodes, and generating a plurality of second security verification interaction diagrams according to each associated network node and the second security verification nodes of each associated network node;
the node verification module obtains a node security verification value of the target network node according to the first security verification interaction diagram and the second security verification interaction diagram, and verifies the security of the target network node according to the node security verification value of the target network node;
the node verification module obtaining the node security verification value of the target network node according to the first security verification interaction diagram and the second security verification interaction diagram comprises:
The node verification module obtains the structural similarity ratio of each associated network node and the target network node according to each second security verification interaction diagram and each first security verification interaction diagram, sorts all the associated network nodes from small to large according to the corresponding structural similarity ratio to obtain an associated network node sequence, and then takes the first preset number of associated network nodes in the associated network node sequence as abnormal associated network nodes; the node verification module takes the second security verification interaction graph of the abnormal associated network node as a third security verification interaction graph, and respectively extracts the graph structural characteristics of each third security verification interaction graph to obtain a plurality of abnormal graph structural characteristics; the node verification module extracts the graph structural features of the first security verification interaction graph to obtain target graph structural features, and acquires the overlapping area of each third security verification interaction graph and the first security verification interaction graph based on each abnormal graph structural feature and the target graph structural features; the node verification module obtains a node security verification value of the target network node based on the overlapping area of each third security verification interaction graph and the first security verification interaction graph;
the node verification module obtaining the node security verification value of the target network node based on the overlapping area of the third security verification interaction diagram and the first security verification interaction diagram comprises:
The node verification module traverses all the abnormal associated network nodes, and takes the traversed abnormal associated network nodes as target abnormal associated network nodes; the node verification module extracts an attribute feature vector and an interaction feature vector of the target network node and the target abnormal associated network node respectively, and takes the Euclidean distance between the attribute feature vector of the target network node and the attribute feature vector of the target abnormal associated network node as a first sub-weight of the target abnormal associated network node; the attribute feature vector characterizes the attribute feature of the network node; the node verification module takes Euclidean distance between the interaction feature vector of the target network node and the interaction feature vector of the target abnormal associated network node as a second sub-weight of the target abnormal associated network node; the interaction feature vector characterizes interaction features of the network node; the node verification module adds the first sub weight and the second sub weight of the target abnormal associated network node to obtain the node weight of the target abnormal associated network node, and repeats the steps until all the abnormal associated network nodes are traversed to obtain the node weight of each abnormal associated network node; the node verification module obtains the node anomaly degree of each abnormal associated network node according to the proportion occupied by the overlapping area of each third security verification interaction diagram and the first security verification interaction diagram in the first security verification interaction diagram, and then carries out weighted summation on the node anomaly degree of all abnormal associated network nodes according to the node weight of all abnormal associated network nodes to obtain the node security verification value of the target network node.
2. The system of claim 1, wherein the node verification module obtaining a structural similarity ratio of each associated network node to the target network node comprises:
the node verification module traverses all the associated network nodes, takes the traversed associated network node as a target associated network node, acquires a second security verification interaction diagram of the target associated network node, and takes the second security verification interaction diagram as a target second security verification interaction diagram;
the node verification module acquires node similarity between the target associated network node and the target network node, and acquires structural similarity sum of the target associated network node and the target network node based on the target second security verification interaction diagram and the first security verification interaction diagram;
the node verification module obtains the ratio of the node similarity between the target associated network node and the target network node to the structural similarity sum of the target associated network node and the target network node, and takes the ratio as the structural similarity ratio between the target associated network node and the target network node;
repeating the steps until all the associated network nodes are traversed, so that the structural similarity ratio of each associated network node and the target network node is obtained.
3. The system of claim 2, wherein the node verification module obtains structural similarity of the target associated network node and the target network node from the second security verification interaction map and the first security verification interaction map and comprises:
the node verification module traverses all first security verification nodes in the first security verification interaction graph, takes the traversed first security verification node as a target first security verification node, and takes a second security verification node which is the same as the node identifier of the target first security verification node in the second security verification interaction graph as a target second security verification node;
the node verification module extracts an attribute feature vector and an interaction feature vector of a target first security verification node, and extracts an attribute feature vector and an interaction feature vector of a target second security verification node;
the node verification module calculates cosine similarity of the attribute feature vector of the target first security verification node and the attribute feature vector of the target second security verification node to obtain first similarity of the target first security verification node and the target second security verification node;
the node verification module calculates cosine similarity of the interaction feature vector of the target first security verification node and the interaction feature vector of the target second security verification node to obtain second similarity of the target first security verification node and the target second security verification node;
The node verification module obtains the node similarity of the target first security verification node and the target second security verification node based on the first similarity and the second similarity of the target first security verification node and the target second security verification node;
repeating the steps until all the first security verification nodes in the first security verification interaction graph are traversed, so that the node similarity of each first security verification node and the corresponding second security verification node is obtained;
and the node verification module adds the node similarity of all the first security verification nodes and the corresponding second security verification nodes to obtain the structural similarity sum of the target associated network node and the target network node.
4. The system of claim 3, wherein the interaction map construction module generating the first security verification interaction map based on all of the first security verification nodes comprises:
the interactive graph construction module traverses all the first security verification nodes, takes the traversed first security verification nodes as first-stage target verification nodes, and takes the data inflow and data outflow of the target network nodes as the abscissa and ordinate of the target network nodes to obtain coordinate points of the target network nodes;
The interactive graph construction module respectively takes the data inflow and the data outflow of the first-stage target verification node as the abscissa of the first-stage target verification node to obtain a coordinate point of the first-stage target verification node, calculates the Euclidean distance between the coordinate point of the target network node and the coordinate point of the first-stage target verification node to obtain the data flow difference between the target network node and the first-stage target verification node, and connects the target network node and the first-stage target verification node to obtain a first-stage network node chain of the first-stage target verification node when the data flow difference is smaller than a difference threshold;
the interaction diagram construction module calculates the difference value of the data inflow quantity of the target network node and the data inflow quantity of the first-stage target verification node to obtain the data inflow difference value of the target network node and the first-stage target verification node, and calculates the difference value of the data outflow quantity of the target network node and the data outflow quantity of the first-stage target verification node to obtain the data outflow difference value of the target network node and the first-stage target verification node;
the interaction diagram construction module determines the expansion direction of a first-stage network node chain of the first-stage target verification node based on the ratio of the data inflow difference of the target network node and the first-stage target verification node and the data outflow difference of the target network node and the first-stage target verification node;
Repeating the steps until all the first security verification nodes are traversed, so that the expansion direction of the first-stage network node chain of each first security verification node is obtained.
5. The system of claim 4, wherein the interaction map construction module generating the first security verification interaction map based on all of the first security verification nodes comprises:
the interaction diagram construction module expands the first-stage network node chains based on the expansion direction of each first-stage network node chain so as to expand each first-stage network node chain into a second-stage network node chain;
the interactive graph construction module acquires the expansion direction of each second-level network node chain, and expands the second-level network node chain based on the expansion direction of each second-level network node chain so as to expand each second-level network node chain into a third-level network node chain;
the interactive graph construction module acquires the expansion direction of each third-level network node chain, and expands the third-level network node chain based on the expansion direction of each third-level network node chain so as to expand each third-level network node chain into a fourth-level network node chain;
repeating the steps to expand each first-stage network node chain for N-1 times to obtain a plurality of N-stage network node chains, and carrying out mapping processing on all the N-stage network node chains by the interaction diagram construction module to obtain a first security verification interaction diagram.
6. The system of claim 5, wherein the interaction map construction module performing a first expansion of the first level network node chain based on the expansion direction of the first level network node chain to obtain the second level network node chain comprises:
the interactive graph construction module traverses all first-level network node chains, and takes the traversed first-level network node chains as first-level target network node chains; acquiring the expansion direction of a first-stage target network node chain, and taking a first security verification node closest to the line of the expansion direction of the first-stage target network node chain as a second-stage target verification node;
the interactive graph construction module respectively takes the data inflow and the data outflow of the second-stage target verification node as the abscissa of the second-stage target verification node to obtain a coordinate point of the second-stage target verification node, and calculates the Euclidean distance between the coordinate point of the first-stage target verification node corresponding to the first-stage target network node chain and the coordinate point of the second-stage target verification node to obtain the data flow difference between the first-stage target network node and the second-stage target verification node; when the data traffic difference is smaller than the difference threshold, connecting the first-stage target network node with the second-stage target verification node to obtain a second-stage network node chain of the second-stage target verification node;
The interaction diagram construction module calculates the difference value of the data inflow quantity of the first-stage target network node and the data inflow quantity of the second-stage target verification node to obtain the data inflow quantity of the first-stage target network node and the second-stage target verification node, and calculates the difference value of the data outflow quantity of the first-stage target network node and the data outflow quantity of the second-stage target verification node to obtain the data outflow quantity of the first-stage target network node and the second-stage target verification node;
the interaction diagram construction module determines the expansion direction of a second-level network node chain of the second-level target verification node based on the ratio of the data inflow difference of the first-level target network node and the second-level target verification node to the data outflow difference of the first-level target network node and the second-level target verification node;
repeating the steps until all the first-stage network node chains are traversed, expanding each first-stage network node chain into a second-stage network node chain, and acquiring the expanding direction of each second-stage network node chain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110925947.3A CN113709120B (en) | 2021-08-12 | 2021-08-12 | Network node security system for intelligent finance |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110925947.3A CN113709120B (en) | 2021-08-12 | 2021-08-12 | Network node security system for intelligent finance |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113709120A CN113709120A (en) | 2021-11-26 |
| CN113709120B true CN113709120B (en) | 2023-06-23 |
Family
ID=78652493
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110925947.3A Active CN113709120B (en) | 2021-08-12 | 2021-08-12 | Network node security system for intelligent finance |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113709120B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113139654A (en) * | 2021-03-18 | 2021-07-20 | 北京三快在线科技有限公司 | Method and device for training neural network model |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107707417B (en) * | 2017-11-29 | 2020-08-07 | 桂林电子科技大学 | Wireless sensor network abnormal node detection and positioning method based on subgraph processing |
| JP6795533B2 (en) * | 2018-02-27 | 2020-12-02 | 日本電信電話株式会社 | Traffic anomaly detection device, traffic anomaly detection method, and traffic anomaly detection program |
| CN112165496B (en) * | 2020-10-13 | 2021-11-02 | 清华大学 | Network security anomaly detection algorithm and detection system based on cluster map neural network |
-
2021
- 2021-08-12 CN CN202110925947.3A patent/CN113709120B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113139654A (en) * | 2021-03-18 | 2021-07-20 | 北京三快在线科技有限公司 | Method and device for training neural network model |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113709120A (en) | 2021-11-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110177108B (en) | Abnormal behavior detection method, device and verification system | |
| Pham et al. | Phishing-aware: A neuro-fuzzy approach for anti-phishing on fog networks | |
| CN112231570B (en) | Recommendation system support attack detection method, device, equipment and storage medium | |
| US20190340615A1 (en) | Cognitive methodology for sequence of events patterns in fraud detection using event sequence vector clustering | |
| CN115577858B (en) | Block chain-based carbon emission prediction method and device and electronic equipment | |
| CN111932386A (en) | User account determining method and device, information pushing method and device, and electronic equipment | |
| US20190340614A1 (en) | Cognitive methodology for sequence of events patterns in fraud detection using petri-net models | |
| Bateni et al. | Using Artificial Immune System and Fuzzy Logic for Alert Correlation. | |
| Abawajy et al. | Hybrid consensus pruning of ensemble classifiers for big data malware detection | |
| Rafique et al. | Application of evolutionary algorithms in detecting SMS spam at access layer | |
| CN110119621B (en) | Attack defense method, system and defense device for abnormal system call | |
| CN105721467A (en) | Social network Sybil group detection method | |
| CN116962093B (en) | Information transmission security monitoring method and system based on cloud computing | |
| CN113709120B (en) | Network node security system for intelligent finance | |
| Iman et al. | Data Reduction for Optimizing Feature Selection in Modeling Intrusion Detection System. | |
| Ravipati et al. | A survey on different machine learning algorithms and weak classifiers based on KDD and NSL-KDD datasets | |
| CN116737850A (en) | Graph neural network model training method for APT entity relation prediction | |
| Sobolewski et al. | SCR: simulated concept recurrence–a non‐supervised tool for dealing with shifting concept | |
| Ball et al. | Anomaly detection using autoencoders with network analysis features | |
| Ying et al. | PFrauDetector: a parallelized graph mining approach for efficient fraudulent phone call detection | |
| CN112597699B (en) | Social network rumor source identification method integrated with objective weighting method | |
| CN114417319A (en) | Service acquisition decision method and system based on block chain security authentication | |
| CN111241277A (en) | Sparse graph-based user identity identification method and device | |
| CN112288528A (en) | Malicious community discovery method and device, computer equipment and readable storage medium | |
| Podolak et al. | Application of hierarchical classifier to minimal synchronizing word problem |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Building 7, Electronic Information Industry Entrepreneurship Center, Lingyuan Road, Chenggong District, Kunming, Yunnan 650501 Applicant after: Li Rong Address before: 611730 entrepreneurship Park, Jingrong Town, Pidu District, Chengdu, Sichuan Applicant before: Li Rong |
|
| CB02 | Change of applicant information | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20230526 Address after: Room 12-21, Building 3, No. 68 Jinkai Avenue, North New Area, Yubei District, Chongqing, 401121 Applicant after: Chongqing Buke Technology Co.,Ltd. Address before: Building 7, Electronic Information Industry Entrepreneurship Center, Lingyuan Road, Chenggong District, Kunming, Yunnan 650501 Applicant before: Li Rong |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |