Disclosure of Invention
In view of the above, the present invention provides a network node security system for intelligent finance, which includes: the intelligent financial computing device is respectively in communication connection with each network node and the database; the intelligent financial computing device includes: the system comprises a node analysis module, an interaction diagram construction module and a node verification module, wherein the modules are in communication connection;
The node analysis module randomly selects a network node from the intelligent financial network as a target network node, acquires information interaction data of the target network node, and then identifies an associated network node based on the information interaction data;
the node analysis module acquires node inflow data and node outflow data of each network node in the intelligent financial network, and extracts data characteristics of the node inflow data and the node outflow data of each network node to obtain node inflow characteristic vectors and node outflow characteristic vectors of each network node;
the node analysis module takes network nodes except the target network node in the intelligent financial network as candidate network nodes, calculates the Euclidean distance between the node inflow characteristic vector of the target network node and the node inflow characteristic vector of each candidate network node respectively and takes the Euclidean distance as a first identification value of the candidate network node, and then calculates the Euclidean distance between the node outflow characteristic vector of the target network node and the node outflow characteristic vector of each candidate network node respectively and takes the Euclidean distance as a second identification value of the candidate network node;
the node analysis module adds the first authentication value and the second authentication value of each candidate network node to obtain a node authentication value of each candidate network node, and obtains the first second preset number of candidate network nodes with the maximum node authentication value as security verification nodes of the target network node;
The interaction diagram construction module takes a security verification node of the target network node as a first security verification node, and then generates a first security verification interaction diagram according to the target network node and all the first security verification nodes; acquiring all security verification nodes of each associated network node, taking the security verification nodes of the associated network node as second security verification nodes, and generating a plurality of second security verification interaction diagrams according to each associated network node and the second security verification nodes of each associated network node;
the node verification module obtains a node security verification value of the target network node according to the first security verification interaction diagram and the second security verification interaction diagram, and verifies the security of the target network node according to the node security verification value of the target network node.
Further, the node verification module obtaining the node security verification value of the target network node according to the first security verification interaction diagram and the second security verification interaction diagram includes:
the node verification module obtains the structural similarity ratio of each associated network node and the target network node according to each second security verification interaction diagram and each first security verification interaction diagram, sorts all the associated network nodes from small to large according to the corresponding structural similarity ratio to obtain an associated network node sequence, and then takes the first preset number of associated network nodes in the associated network node sequence as abnormal associated network nodes;
The node verification module takes the second security verification interaction graph of the abnormal associated network node as a third security verification interaction graph, and respectively extracts the graph structural characteristics of each third security verification interaction graph to obtain a plurality of abnormal graph structural characteristics;
the node verification module extracts the graph structural features of the first security verification interaction graph to obtain target graph structural features, and acquires the overlapping area of each third security verification interaction graph and the first security verification interaction graph based on each abnormal graph structural feature and the target graph structural features;
the node verification module obtains a node security verification value of the target network node based on the overlapping area of each third security verification interaction graph and the first security verification interaction graph.
Further, the node verification module obtaining the node security verification value of the target network node based on the overlapping area of the third security verification interaction graph and the first security verification interaction graph includes:
the node verification module traverses all the abnormal associated network nodes, and takes the traversed abnormal associated network nodes as target abnormal associated network nodes;
the node verification module extracts an attribute feature vector and an interaction feature vector of the target network node and the target abnormal associated network node respectively, and takes the Euclidean distance between the attribute feature vector of the target network node and the attribute feature vector of the target abnormal associated network node as a first sub-weight of the target abnormal associated network node; the attribute feature vector characterizes the attribute feature of the network node;
The node verification module takes Euclidean distance between the interaction feature vector of the target network node and the interaction feature vector of the target abnormal associated network node as a second sub-weight of the target abnormal associated network node; the interaction feature vector characterizes interaction features of the network node;
the node verification module adds the first sub weight and the second sub weight of the target abnormal associated network node to obtain the node weight of the target abnormal associated network node, and repeats the steps until all the abnormal associated network nodes are traversed to obtain the node weight of each abnormal associated network node;
the node verification module obtains the node anomaly degree of each abnormal associated network node according to the proportion occupied by the overlapping area of each third security verification interaction diagram and the first security verification interaction diagram in the first security verification interaction diagram, and then carries out weighted summation on the node anomaly degree of all abnormal associated network nodes according to the node weight of all abnormal associated network nodes to obtain the node security verification value of the target network node.
Further, the node verification module obtaining the structural similarity ratio of each associated network node to the target network node includes:
the node verification module traverses all the associated network nodes, takes the traversed associated network node as a target associated network node, acquires a second security verification interaction diagram of the target associated network node, and takes the second security verification interaction diagram as a target second security verification interaction diagram;
The node verification module acquires node similarity between the target associated network node and the target network node, and acquires structural similarity sum of the target associated network node and the target network node based on the target second security verification interaction diagram and the first security verification interaction diagram;
the node verification module obtains the ratio of the node similarity between the target associated network node and the target network node to the structural similarity sum of the target associated network node and the target network node, and takes the ratio as the structural similarity ratio between the target associated network node and the target network node;
repeating the steps until all the associated network nodes are traversed, so that the structural similarity ratio of each associated network node and the target network node is obtained.
Further, the node verification module obtains structural similarity between the target associated network node and the target network node according to the second security verification interaction diagram and the first security verification interaction diagram, and the node verification module comprises:
the node verification module traverses all first security verification nodes in the first security verification interaction graph, takes the traversed first security verification node as a target first security verification node, and takes a second security verification node which is the same as the node identifier of the target first security verification node in the second security verification interaction graph as a target second security verification node;
The node verification module extracts an attribute feature vector and an interaction feature vector of a target first security verification node, and extracts an attribute feature vector and an interaction feature vector of a target second security verification node;
the node verification module calculates cosine similarity of the attribute feature vector of the target first security verification node and the attribute feature vector of the target second security verification node to obtain first similarity of the target first security verification node and the target second security verification node;
the node verification module calculates cosine similarity of the interaction feature vector of the target first security verification node and the interaction feature vector of the target second security verification node to obtain second similarity of the target first security verification node and the target second security verification node;
the node verification module obtains the node similarity of the target first security verification node and the target second security verification node based on the first similarity and the second similarity of the target first security verification node and the target second security verification node;
repeating the steps until all the first security verification nodes in the first security verification interaction graph are traversed, so that the node similarity of each first security verification node and the corresponding second security verification node is obtained;
And the node verification module adds the node similarity of all the first security verification nodes and the corresponding second security verification nodes to obtain the structural similarity sum of the target associated network node and the target network node.
Further, the interaction graph construction module generating the first security verification interaction graph based on all the first security verification nodes includes:
the interactive graph construction module traverses all the first security verification nodes, takes the traversed first security verification nodes as first-stage target verification nodes, and takes the data inflow and data outflow of the target network nodes as the abscissa and ordinate of the target network nodes to obtain coordinate points of the target network nodes;
the interactive graph construction module respectively takes the data inflow and the data outflow of the first-stage target verification node as the abscissa of the first-stage target verification node to obtain a coordinate point of the first-stage target verification node, calculates the Euclidean distance between the coordinate point of the target network node and the coordinate point of the first-stage target verification node to obtain the data flow difference between the target network node and the first-stage target verification node, and connects the target network node and the first-stage target verification node to obtain a first-stage network node chain of the first-stage target verification node when the data flow difference is smaller than a difference threshold;
The interaction diagram construction module calculates the difference value of the data inflow quantity of the target network node and the data inflow quantity of the first-stage target verification node to obtain the data inflow difference value of the target network node and the first-stage target verification node, and calculates the difference value of the data outflow quantity of the target network node and the data outflow quantity of the first-stage target verification node to obtain the data outflow difference value of the target network node and the first-stage target verification node;
the interaction diagram construction module determines the expansion direction of a first-stage network node chain of the first-stage target verification node based on the ratio of the data inflow difference of the target network node and the first-stage target verification node and the data outflow difference of the target network node and the first-stage target verification node;
repeating the steps until all the first security verification nodes are traversed, so that the expansion direction of the first-stage network node chain of each first security verification node is obtained.
Further, the interaction graph construction module generating the first security verification interaction graph based on all the first security verification nodes includes:
the interaction diagram construction module expands the first-stage network node chains based on the expansion direction of each first-stage network node chain so as to expand each first-stage network node chain into a second-stage network node chain;
The interactive graph construction module acquires the expansion direction of each second-level network node chain, and expands the second-level network node chain based on the expansion direction of each second-level network node chain so as to expand each second-level network node chain into a third-level network node chain;
the interactive graph construction module acquires the expansion direction of each third-level network node chain, and expands the third-level network node chain based on the expansion direction of each third-level network node chain so as to expand each third-level network node chain into a fourth-level network node chain;
repeating the steps to expand each first-stage network node chain for N-1 times to obtain a plurality of N-stage network node chains, and carrying out mapping processing on all the N-stage network node chains by the interaction diagram construction module to obtain a first security verification interaction diagram.
Further, the interaction graph construction module performing a first network node chain expansion based on the expansion direction of the first network node chain to obtain a second network node chain includes:
the interactive graph construction module traverses all first-level network node chains, and takes the traversed first-level network node chains as first-level target network node chains; acquiring the expansion direction of a first-stage target network node chain, and taking a first security verification node closest to the line of the expansion direction of the first-stage target network node chain as a second-stage target verification node;
The interactive graph construction module respectively takes the data inflow and the data outflow of the second-stage target verification node as the abscissa of the second-stage target verification node to obtain a coordinate point of the second-stage target verification node, and calculates the Euclidean distance between the coordinate point of the first-stage target verification node corresponding to the first-stage target network node chain and the coordinate point of the second-stage target verification node to obtain the data flow difference between the first-stage target network node and the second-stage target verification node; when the data traffic difference is smaller than the difference threshold, connecting the first-stage target network node with the second-stage target verification node to obtain a second-stage network node chain of the second-stage target verification node;
the interaction diagram construction module calculates the difference value of the data inflow quantity of the first-stage target network node and the data inflow quantity of the second-stage target verification node to obtain the data inflow quantity of the first-stage target network node and the second-stage target verification node, and calculates the difference value of the data outflow quantity of the first-stage target network node and the data outflow quantity of the second-stage target verification node to obtain the data outflow quantity of the first-stage target network node and the second-stage target verification node;
The interaction diagram construction module determines the expansion direction of a second-level network node chain of the second-level target verification node based on the ratio of the data inflow difference of the first-level target network node and the second-level target verification node to the data outflow difference of the first-level target network node and the second-level target verification node;
repeating the steps until all the first-stage network node chains are traversed, expanding each first-stage network node chain into a second-stage network node chain, and acquiring the expanding direction of each second-stage network node chain.
The invention has the following beneficial effects: according to the invention, the node security verification value of the target network node is obtained through the data interaction behavior of the target network node and the associated network node, and whether the target network node is safe or not is judged according to the node security verification value, so that the information security of the terminal user accessing the intelligent financial network is ensured, and the economic loss caused by the invasion of the intelligent financial network to the user is avoided.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments.
Referring to fig. 1, in one embodiment, a network node security system for smart finance may include: the intelligent financial computing device is respectively in communication connection with each network node and the database; the intelligent financial computing device includes: the system comprises a node analysis module, an interaction diagram construction module and a node verification module, wherein the modules are in communication connection;
the node analysis module randomly selects a network node from the intelligent financial network as a target network node, acquires information interaction data of the target network node, and then identifies an associated network node based on the information interaction data;
the node analysis module acquires node inflow data and node outflow data of each network node in the intelligent financial network, and extracts data characteristics of the node inflow data and the node outflow data of each network node to obtain node inflow characteristic vectors and node outflow characteristic vectors of each network node;
the node analysis module takes network nodes except the target network node in the intelligent financial network as candidate network nodes, calculates the Euclidean distance between the node inflow characteristic vector of the target network node and the node inflow characteristic vector of each candidate network node respectively and takes the Euclidean distance as a first identification value of the candidate network node, and then calculates the Euclidean distance between the node outflow characteristic vector of the target network node and the node outflow characteristic vector of each candidate network node respectively and takes the Euclidean distance as a second identification value of the candidate network node;
The node analysis module adds the first authentication value and the second authentication value of each candidate network node to obtain a node authentication value of each candidate network node, and obtains the first second preset number of candidate network nodes with the maximum node authentication value as security verification nodes of the target network node;
the interaction diagram construction module takes a security verification node of the target network node as a first security verification node, and then generates a first security verification interaction diagram according to the target network node and all the first security verification nodes; acquiring all security verification nodes of each associated network node, taking the security verification nodes of the associated network node as second security verification nodes, and generating a plurality of second security verification interaction diagrams according to each associated network node and the second security verification nodes of each associated network node;
the node verification module obtains a node security verification value of the target network node according to the first security verification interaction diagram and the second security verification interaction diagram, and verifies the security of the target network node according to the node security verification value of the target network node.
The following is a detailed description of the method and principles of operation of the present invention for ease of understanding.
Specifically, in one embodiment, a method flow performed by a network node security system for smart finance may include:
s1, a node analysis module randomly selects a network node from an intelligent financial network as a target network node, acquires information interaction data of the target network node, and then identifies an associated network node based on the information interaction data.
The associated network node is a network node with information interaction behavior with the target network node, and the information interaction data records interaction information of the target network node and the associated network node.
S2, the node analysis module acquires all security verification nodes of the target network node, the interaction diagram construction module takes the security verification nodes of the target network node as first security verification nodes, and a first security verification interaction diagram is generated according to the target network node and all the first security verification nodes.
Specifically, the node analysis module obtaining all security verification nodes of the target network node includes:
the node analysis module acquires node inflow data and node outflow data of each network node in the intelligent financial network, and extracts data characteristics of the node inflow data and the node outflow data of each network node to obtain node inflow characteristic vectors and node outflow characteristic vectors of each network node;
The node analysis module takes network nodes except the target network node in the intelligent financial network as candidate network nodes, calculates the Euclidean distance between the node inflow characteristic vector of the target network node and the node inflow characteristic vector of each candidate network node respectively and takes the Euclidean distance as a first identification value of the candidate network node, and then calculates the Euclidean distance between the node outflow characteristic vector of the target network node and the node outflow characteristic vector of each candidate network node respectively and takes the Euclidean distance as a second identification value of the candidate network node;
the node analysis module adds the first authentication value and the second authentication value of each candidate network node to obtain a node authentication value of each candidate network node, and obtains the first second preset number of candidate network nodes with the maximum node authentication value as security verification nodes of the target network node.
The second preset number is the number of security verification nodes, and is preset according to actual conditions.
In one embodiment, the interaction graph construction module generating the first security verification interaction graph based on all of the first security verification nodes comprises:
the interactive graph construction module traverses all the first security verification nodes, takes the traversed first security verification nodes as first-stage target verification nodes, and takes the data inflow and data outflow of the target network nodes as the abscissa and ordinate of the target network nodes to obtain coordinate points of the target network nodes;
The interactive graph construction module respectively takes the data inflow and the data outflow of the first-stage target verification node as the abscissa of the first-stage target verification node to obtain the coordinate point of the first-stage target verification node, calculates the Euclidean distance between the coordinate point of the target network node and the coordinate point of the first-stage target verification node to obtain the data flow difference between the target network node and the first-stage target verification node, and connects the target network node and the first-stage target verification node to obtain the first-stage network node chain of the first-stage target verification node when the data flow difference is smaller than the difference threshold. The difference threshold is preset according to actual conditions.
The interactive graph construction module calculates the difference value of the data inflow quantity of the target network node and the data inflow quantity of the first-stage target verification node to obtain the data inflow quantity of the target network node and the first-stage target verification node, calculates the difference value of the data outflow quantity of the target network node and the data outflow quantity of the first-stage target verification node to obtain the data outflow quantity of the target network node and the first-stage target verification node, and determines the expansion direction of the first-stage network node chain of the first-stage target verification node based on the ratio of the data inflow quantity of the target network node and the first-stage target verification node and the data outflow quantity of the target network node and the first-stage target verification node;
Repeating the steps until all the first security verification nodes are traversed, so that the expansion direction of the first-stage network node chain of each first security verification node is obtained.
In one embodiment, the interaction graph construction module performs a first network node chain expansion based on an expansion direction of each first level network node chain to expand each first level network node chain into a second level network node chain;
the interactive graph construction module acquires the expansion direction of each second-level network node chain, and expands the second-level network node chain based on the expansion direction of each second-level network node chain so as to expand each second-level network node chain into a third-level network node chain;
the interactive graph construction module acquires the expansion direction of each third-level network node chain, and expands the third-level network node chain based on the expansion direction of each third-level network node chain so as to expand each third-level network node chain into a fourth-level network node chain;
repeating the steps to expand each first-stage network node chain for N-1 times to obtain a plurality of N-stage network node chains, and mapping all the N-stage network node chains to obtain a first security verification interaction diagram. N is the iteration number and is preset according to the accuracy.
In one embodiment, the interaction graph construction module performing a first expansion of the first level network node chain based on an expansion direction of the first level network node chain to obtain a second level network node chain includes:
the interactive graph construction module traverses all first-level network node chains, and takes the traversed first-level network node chains as first-level target network node chains; acquiring the expansion direction of a first-stage target network node chain, and taking a first security verification node closest to the line of the expansion direction of the first-stage target network node chain as a second-stage target verification node;
the interactive graph construction module respectively takes the data inflow and the data outflow of the second-stage target verification node as the abscissa of the second-stage target verification node to obtain a coordinate point of the second-stage target verification node, and calculates the Euclidean distance between the coordinate point of the first-stage target verification node corresponding to the first-stage target network node chain and the coordinate point of the second-stage target verification node to obtain the data flow difference between the first-stage target network node and the second-stage target verification node; when the data traffic difference is smaller than the difference threshold, connecting the first-stage target network node with the second-stage target verification node to obtain a second-stage network node chain of the second-stage target verification node;
The interaction diagram construction module calculates the difference value of the data inflow quantity of the first-stage target network node and the data inflow quantity of the second-stage target verification node to obtain the data inflow quantity of the first-stage target network node and the second-stage target verification node, and calculates the difference value of the data outflow quantity of the first-stage target network node and the data outflow quantity of the second-stage target verification node to obtain the data outflow quantity of the first-stage target network node and the second-stage target verification node;
the interaction diagram construction module determines the expansion direction of a second-level network node chain of the second-level target verification node based on the ratio of the data inflow difference of the first-level target network node and the second-level target verification node to the data outflow difference of the first-level target network node and the second-level target verification node;
repeating the steps until all the first-stage network node chains are traversed, expanding each first-stage network node chain into a second-stage network node chain, and acquiring the expanding direction of each second-stage network node chain.
S3, the node analysis module acquires all security verification nodes of each associated network node, the interaction graph construction module takes the security verification nodes of the associated network nodes as second security verification nodes, and then a plurality of second security verification interaction graphs are generated according to each associated network node and the second security verification nodes of each associated network node.
The security authentication node of the associated network node is obtained in the same way as the security node of the target network node.
The second security verification interaction graph is generated according to the associated network node and the second security verification node of the associated network node in the same way as the first security verification interaction graph is generated according to the target network node and the first security verification node of the target network node.
S4, the node verification module obtains the structural similarity ratio of each associated network node and the target network node according to each second security verification interaction diagram and each first security verification interaction diagram, sorts all the associated network nodes according to the corresponding structural similarity ratio from small to large to obtain an associated network node sequence, and then takes the first preset number of associated network nodes in the associated network node sequence as abnormal associated network nodes.
The first preset number is the number of abnormal associated network nodes, the abnormal associated network nodes are preset according to actual conditions, specifically, the abnormal associated network nodes are marked from front to back according to the arrangement sequence of the associated network nodes in the associated network node sequence, the number of the abnormal associated network nodes is counted, and when the number of the abnormal associated network nodes is equal to the first preset number, the abnormal associated network nodes are stopped to be marked.
Specifically, the node verification module obtaining the structural similarity ratio of each associated network node to the target network node includes:
the node verification module traverses all the associated network nodes, takes the traversed associated network node as a target associated network node, acquires a second security verification interaction diagram of the target associated network node, and takes the second security verification interaction diagram as a target second security verification interaction diagram;
the node verification module acquires node similarity between the target associated network node and the target network node, and acquires structural similarity sum of the target associated network node and the target network node based on the target second security verification interaction diagram and the first security verification interaction diagram;
the node verification module obtains the ratio of the node similarity between the target associated network node and the target network node to the structural similarity sum of the target associated network node and the target network node, and takes the ratio as the structural similarity ratio between the target associated network node and the target network node;
repeating the steps until all the associated network nodes are traversed, so that the structural similarity ratio of each associated network node and the target network node is obtained.
Further, the node verification module obtains structural similarity between the target associated network node and the target network node according to the second security verification interaction diagram and the first security verification interaction diagram, and the node verification module comprises:
The node verification module traverses all first security verification nodes in the first security verification interaction graph, takes the traversed first security verification node as a target first security verification node, and takes a second security verification node which is the same as the node identifier of the target first security verification node in the second security verification interaction graph as a target second security verification node;
the node verification module extracts the attribute feature vector and the interaction feature vector of the target first security verification node respectively, and extracts the attribute feature vector and the interaction feature vector of the target second security verification node respectively;
the node verification module calculates cosine similarity of the attribute feature vector of the target first security verification node and the attribute feature vector of the target second security verification node to obtain first similarity of the target first security verification node and the target second security verification node;
the node verification module calculates cosine similarity of the interaction feature vector of the target first security verification node and the interaction feature vector of the target second security verification node to obtain second similarity of the target first security verification node and the target second security verification node;
the node verification module obtains the node similarity of the target first security verification node and the target second security verification node based on the first similarity and the second similarity of the target first security verification node and the target second security verification node;
Repeating the steps until all the first security verification nodes in the first security verification interaction graph are traversed, so that the node similarity of each first security verification node and the corresponding second security verification node is obtained;
the node verification module adds the node similarity of all the first security verification nodes and the corresponding second security verification nodes to obtain the structural similarity sum of the target associated network node and the target network node.
S5, the node verification module takes the second security verification interaction graph of the abnormal association network node as a third security verification interaction graph, extracts the graph structural features of each third security verification interaction graph to obtain a plurality of abnormal graph structural features, extracts the graph structural features of the first security verification interaction graph to obtain target graph structural features, and obtains the overlapping area of each third security verification interaction graph and the first security verification interaction graph based on each abnormal graph structural feature and the target graph structural features.
And S6, the node verification module obtains node security verification values of the target network nodes based on the overlapped area of each third security verification interaction graph and the first security verification interaction graph, and verifies the security of the target network nodes based on the node security verification values of the target network nodes.
In one embodiment, the node verification module obtaining the node security verification value of the target network node based on the overlapping region of the third security verification interaction graph and the first security verification interaction graph includes:
the node verification module traverses all the abnormal associated network nodes, and takes the traversed abnormal associated network nodes as target abnormal associated network nodes;
the node verification module extracts an attribute feature vector and an interaction feature vector of the target network node and the target abnormal associated network node respectively, and takes the Euclidean distance between the attribute feature vector of the target network node and the attribute feature vector of the target abnormal associated network node as a first sub-weight of the target abnormal associated network node; the attribute feature vector characterizes the attribute feature of the network node;
the node verification module takes Euclidean distance between the interaction feature vector of the target network node and the interaction feature vector of the target abnormal associated network node as a second sub-weight of the target abnormal associated network node; the interaction feature vector characterizes interaction features of the network node;
the node verification module adds the first sub weight and the second sub weight of the target abnormal associated network node to obtain the node weight of the target abnormal associated network node, and repeats the steps until all the abnormal associated network nodes are traversed to obtain the node weight of each abnormal associated network node;
The node verification module obtains the proportion of the overlapping area of each third security verification interaction graph and the first security verification interaction graph in the first security verification interaction graph to obtain the node anomaly degree of each abnormal associated network node, and then carries out weighted summation on the node anomaly degree of all abnormal associated network nodes according to the node weight of all abnormal associated network nodes to obtain the node security verification value of the target network node.
According to the invention, the node security verification value of the target network node is obtained through the data interaction behavior of the target network node and the associated network node, and whether the target network node is safe or not is judged according to the node security verification value, so that the information security of the terminal user accessing the intelligent financial network is ensured, and the economic loss caused by the invasion of the intelligent financial network to the user is avoided.
The foregoing embodiments are merely illustrative of the technical concept and features of the present invention, and are intended to enable those skilled in the art to understand the present invention and to implement the same according to the present invention, not to limit the scope of the present invention. All changes and modifications that come within the meaning and range of equivalency of the invention are to be embraced within their scope.