CN113722707A - Database abnormal access detection method, system and equipment based on distance measurement - Google Patents
Database abnormal access detection method, system and equipment based on distance measurement Download PDFInfo
- Publication number
- CN113722707A CN113722707A CN202111289946.0A CN202111289946A CN113722707A CN 113722707 A CN113722707 A CN 113722707A CN 202111289946 A CN202111289946 A CN 202111289946A CN 113722707 A CN113722707 A CN 113722707A
- Authority
- CN
- China
- Prior art keywords
- access
- database
- abnormal
- model
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
- G06F18/2413—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on distances to training or reference patterns
- G06F18/24147—Distances to closest patterns, e.g. nearest neighbour classification
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Hardware Design (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a distance measurement-based database abnormal access detection method, a distance measurement-based database abnormal access detection system and distance measurement-based database abnormal access detection equipment, wherein a distance-based KNN algorithm is used for training a low-dimensional user access vector to obtain an abnormal detection model, and an abnormal access responder is constructed; the abnormal access responder prepares response strategies to abnormal operations of the database in advance, thereby realizing the response to the abnormal operations of the user predicted by the abnormal detection model and recording the related information of the abnormal operations of the user, thereby realizing the active defense effect to the abnormal operations. Based on the characteristics, the method realizes the effects of real-time monitoring and active defense on the abnormal operation database of the user.
Description
Technical Field
The invention belongs to the processing of DCS transmission data, mainly relates to the field of database abnormal access detection, and particularly relates to a method, a system and equipment for detecting database abnormal access based on distance measurement.
Background
In the upper computer part of a Distributed Control System (DCS), each upper computer subsystem often performs operations such as access, search and the like on a database. In addition, database management personnel also frequently modify and maintain the database. Malicious access and operation to the database are generally divided into external malicious access and internal malicious access. And a better defense strategy is usually provided for external malicious access of the database, and malicious access or misoperation of internal personnel with authority is usually difficult to prevent. In the electrical digital data processing, malicious access or misoperation of internal personnel is generally realized by adopting a database auditing tool in the prior art, and the database auditing tool records all database access and operation records including operation IP, users, operation statements, time, operation results and the like in the background; the system security officer then detects the operation behavior of the internal user by analyzing the database access and operation records. Because the database auditing tool is a post-investigation means and has no way to prevent the abnormal operation of the ongoing database in real time, the method cannot play the roles of active defense and real-time defense.
Disclosure of Invention
The invention provides a distance measurement-based database abnormal access detection method, system and device, aiming at the problem that a database auditing tool in the prior art has no way to prevent abnormal database operation of an internal user in real time, the invention constructs a low-dimensional user access vector through an LDA algorithm, inputs the user access vector into a distance-based KNN model for training to obtain an abnormal detection model, and the abnormal detection model is used for detecting whether all operations of the user on the database are normal or not and simultaneously constructs an abnormal access response strategy, thereby performing real-time monitoring and active defense effect on the abnormal access of the internal user.
The invention is realized by the following technical scheme:
a database abnormal access detection method based on distance measurement comprises the following steps:
extracting database access information;
the extracted database access information enters a model training stage to obtain a low-dimensional user access vector in a data dimension reduction mode;
training a low-dimensional user access vector by using a distance-based algorithm to obtain an anomaly detection model;
and the training result obtained in the model training stage is used as an anomaly detection model in the model testing stage, the low-dimensional user access vector is obtained in the model testing stage in a data dimension reduction mode, and the user access vector subjected to dimension reduction is input into the anomaly detection model to obtain a detection result, so that the real-time monitoring and active defense for the database anomaly access are realized.
Preferably, the data dimensionality reduction is realized by adopting an LDA algorithm in the model training stage and the model testing stage, a low-dimensional user access vector is constructed, and the detection of the abnormal access of the database is realized by adopting a KNN model as an abnormal detection model.
Further, the distance measurement of the KNN model adopts an euclidean distance, and a specific expression is as follows:
where x represents a sample point and y represents the classification of the sample point correspondence.
Further, the KNN model can be used for adjusting the K value through the calculation result to divide normal access and abnormal access to different degrees.
Further, the specific steps of the model training phase include the following:
performing data preprocessing operation on the extracted database history log to obtain text data;
extracting user operation characteristics from the text data, and constructing an initial database user access characteristic portrait based on the user attribute characteristics and the user operation characteristics, wherein the initial database user access characteristic portrait is a high-dimensional matrix;
performing dimensionality reduction operation on a high-dimensional matrix of an initial database user access characteristic image through an LDA algorithm to obtain a low-dimensional user access vector;
and taking the low-dimensional user access vector as the input of the KNN model, calculating the parameters to be trained in the KNN model, and continuously adjusting the given K value to obtain the optimal classification result, namely the model training result.
Furthermore, the data preprocessing operation is to remove the system log to obtain the text data.
Further, the specific steps of the model testing stage comprise the following steps:
carrying out data preprocessing on user data in a model training stage, and extracting effective access data statements;
constructing a database user access characteristic portrait on the basis of the user attribute characteristics and the user operation characteristics for the effective access data sentences to obtain a high-dimensional database user access characteristic portrait;
performing dimensionality reduction operation on the high-dimensional database user access characteristic image through an LDA algorithm to obtain a low-dimensional user access vector;
taking a low-dimensional user access vector as the input of a KNN model, calculating the KNN model to obtain a parameter to be trained in the model, continuously adjusting a given K value to obtain an optimal detection result, and distinguishing a normal access detection result from an abnormal access detection result;
and inputting the abnormal access detection result into an abnormal access responder, outputting different abnormal access levels, and executing different operations on the access.
Furthermore, the data preprocessing is to delete the invalid statements of the database access and extract the valid access statements of the core.
A distance measurement based database abnormal access detection system comprises
The acquisition module is used for extracting database access information;
the first processing module is used for obtaining a low-dimensional user access vector in a data dimension reduction mode when the extracted database access information enters a model training stage;
the second processing module is used for training the low-dimensional user access vector by using a distance-based algorithm to obtain an anomaly detection model;
and the third processing module is used for taking a training result obtained in the model training stage as an abnormal detection model in the model testing stage, obtaining a low-dimensional user access vector in a data dimension reduction mode in the model testing stage, inputting the user access vector subjected to dimension reduction into the abnormal detection model to obtain a detection result, and realizing real-time monitoring and active defense on abnormal access of the database.
A distance-metric-based database abnormal access detection apparatus comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the distance-metric-based database abnormal access detection method as described above when executing the computer program.
Compared with the prior art, the invention has the following beneficial technical effects:
the invention provides a database abnormal access detection method based on distance measurement, which is characterized in that a distance-based KNN algorithm is used for training a low-dimensional user access vector to obtain an abnormal detection model and constructing an abnormal access responder, the method constructs the abnormal detection model through the distance-based KNN algorithm, can detect whether the database operation behavior of a user is normal in real time, and effectively solves the problem that whether the ongoing database operation is normal or not can not be detected in real time by using a database auditing tool; the abnormal access responder prepares response strategies to abnormal operations of the database in advance, thereby realizing the response to the abnormal operations of the user predicted by the abnormal detection model and recording the related information of the abnormal operations of the user, thereby realizing the active defense effect to the abnormal operations. Based on the characteristics, the method realizes the effects of real-time monitoring and active defense on the abnormal operation database of the user.
Drawings
FIG. 1 is a flow chart illustrating the steps of a method for detecting abnormal database access based on distance measurement according to the present invention;
FIG. 2 is a schematic diagram of a distance metric-based database abnormal access detection system according to the present invention.
Detailed Description
The present invention will now be described in further detail with reference to specific examples, which are intended to be illustrative, but not limiting, of the invention.
The invention provides a database abnormal access detection method based on distance measurement, which comprises the following steps as shown in figure 1:
extracting database access information;
the extracted database access information enters a model training stage to obtain a low-dimensional user access vector in a data dimension reduction mode;
training a low-dimensional user access vector by using a distance-based algorithm to obtain an anomaly detection model;
and the training result obtained in the model training stage is used as an anomaly detection model in the model testing stage, the low-dimensional user access vector is obtained in the model testing stage in a data dimension reduction mode, and the user access vector subjected to dimension reduction is input into the anomaly detection model to obtain a detection result, so that the real-time monitoring and active defense for the database anomaly access are realized.
In the model training stage and the model testing stage, data dimensionality reduction is realized by adopting an LDA algorithm, a low-dimensional user access vector is constructed, and detection of abnormal access of the database is realized by adopting a KNN model as an abnormal detection model. In the model training stage and the model testing stage, the database user access characteristic images obtained based on the user attribute characteristics and the user operation characteristics are high-dimensional matrixes.
And the user access vectors obtained by the LDA algorithm in the model training stage and the model testing stage are low-dimensional vectors.
Referring to fig. 1, the specific steps of the model training phase in the present invention include the following:
performing data preprocessing operation on the extracted database history log to obtain text data;
extracting user operation characteristics from the text data, and constructing an initial database user access characteristic portrait based on the user attribute characteristics and the user operation characteristics, wherein the initial database user access characteristic portrait is a high-dimensional matrix;
performing dimensionality reduction operation on a high-dimensional matrix of an initial database user access characteristic image through an LDA algorithm to obtain a low-dimensional user access vector;
and taking the low-dimensional user access vector as the input of the KNN model, calculating the parameters to be trained in the KNN model, and continuously adjusting the given K value to obtain the optimal classification result of the model.
The data preprocessing operation is to remove the system log to obtain text data.
Referring to fig. 1, the specific steps of the model testing phase of the present invention include the following:
carrying out data preprocessing on user data in a model training stage, and extracting effective access data statements;
constructing a database user access characteristic portrait on the basis of the user attribute characteristics and the user operation characteristics for the effective access data sentences to obtain a high-dimensional database user access characteristic portrait;
performing dimensionality reduction operation on the high-dimensional database user access characteristic image through an LDA algorithm to obtain a low-dimensional user access vector;
taking a low-dimensional user access vector as the input of a KNN model, calculating the KNN model to obtain a parameter to be trained in the model, continuously adjusting a given K value to obtain an optimal detection result, and distinguishing a normal access detection result from an abnormal access detection result;
and inputting the abnormal access detection result into an abnormal access responder, outputting different abnormal access levels, and executing different operations on the access.
The data preprocessing is to delete the invalid statements accessed by the database and extract the valid access statements of the core.
In the distance measurement-based database abnormal access detection method, the LDA algorithm is adopted to realize data dimension reduction in both the model training stage and the model testing stage, and the specific mode of the LDA algorithm is as follows:
set data set D = { (x)1,y1),(x2,y2),...,(xm,ym) In which arbitrary samples xiAre all n-dimensional vectors; y isiAs a class of sample, yi∈{0,1};
Definition of Nj(j =0, 1) represents the number of j-th class samples, Xj(j =0, 1) is the set of class j samples, and μj(j =0, 1) is the mean vector of the j-th class samples, defining Σj(j =0, 1) is the covariance matrix of the jth class sample.
Therefore, ujThe expression of (a) is:
Σjthe expression of (a) is:
the LDA algorithm is to project the same kind of data onto a straight line because the projection points of the same kind of data are as close as possible, and the distances between the class centers of the different kinds of data are as large as possible.
If the projection straight line is set as the vector w, then for any oneA sample xiIts projection on the straight line w is wTxi,wTRepresenting the transposition of the vector w, setting the distribution of the central points of the two classes as mu0,μ1(ii) a The projection on the straight line w is wTμ0And wTμ1。
Since the LDA algorithm needs to make the distance between the class centers of the different classes of data as large as possible, i.e. to maximize(ii) a Meanwhile, the projection points of the same type of data are as close as possible, that is, the covariance w of the projection points of the same type of sample is requiredTΣ0w and wTΣ1w is as small as possible, i.e. w is minimizedTΣ0w+wTΣ1w。
In summary, the optimization goals are:
j (W) represents an objective function; when J (W) obtains the maximum value, the obtained result is the user access characteristic matrix after LDA dimension reduction.
The KNN model is a distance-based machine learning method, and the principle of the KNN model can be understood as a majority decision method, namely K samples which are closest to the characteristics of the prediction samples in the training set are the category with the largest category number in the data set, the K sample data which are closest to the prediction samples in the KNN model are normal access data, and the K samples which are far away from the characteristics of the prediction samples are abnormal database access.
The distance measurement of the KNN model adopts the Euclidean distance, and the specific expression is as follows:
where x represents a sample point and y represents the classification of the sample point correspondence.
After defining the distance and the K value, any new sample is classified as the class with the highest class among the K samples closest to the sample.
Taking two-dimensional point matrix classification problems as an example; when the sample is S = (x)1,y1),(x2,y2),...,(xN,yN) (ii) a Wherein xi is a point on the two-dimensional plane, and yi is a classification corresponding to the point on the two-dimensional plane of the sample xi. For a new sample x, the formula for the class y corresponding to the sample point is as follows:
wherein, cjRepresenting a category of the sample; n is a radical ofk(x) Represents the set of k samples nearest to sample x, f being an indicator function for yi; the mathematical expression of the indicator function is as follows:
examples
When a user performs an operation of deleting the whole data table from the database, "delete from table _ name"; the low-dimensional user access vector is input into the trained anomaly detection model, which outputs a predicted result — assuming "abnormal operation". And inputting the prediction result into an abnormal access responder, and outputting a deletion rejection instruction by the abnormal access responder, and simultaneously rejecting the deletion operation of the user on the data table.
The following are embodiments of the apparatus of the present invention that may be used to perform embodiments of the method of the present invention.
As shown in fig. 2, an embodiment of the present invention provides a distance-metric-based database abnormal access detection system, which is used to implement the distance-metric-based database abnormal access detection method described above, where the database abnormal access detection system includes:
the acquisition module is used for extracting database access information;
the first processing module is used for obtaining a low-dimensional user access vector in a data dimension reduction mode when the extracted database access information enters a model training stage;
the second processing module is used for training the low-dimensional user access vector by using a distance-based algorithm to obtain an anomaly detection model;
and the third processing module is used for taking a training result obtained in the model training stage as an abnormal detection model in the model testing stage, obtaining a low-dimensional user access vector in a data dimension reduction mode in the model testing stage, inputting the user access vector subjected to dimension reduction into the abnormal detection model to obtain a detection result, and realizing real-time monitoring and active defense on abnormal access of the database.
The first processing module, the second processing module and the third processing module respectively comprise an abnormality detection module and a human-computer interaction module;
the anomaly detection module is used for carrying out data access detection on the database information;
and the human-computer interaction module is used for displaying the abnormal access detection data.
In still another embodiment of the present invention, a distance-metric-based database abnormal access detection apparatus is provided, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the distance-metric-based database abnormal access detection apparatus implements the distance-metric-based database abnormal access detection method described above.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.
Claims (10)
1. A database abnormal access detection method based on distance measurement is characterized in that: the method comprises the following steps:
extracting database access information;
the extracted database access information enters a model training stage to obtain a low-dimensional user access vector in a data dimension reduction mode;
training a low-dimensional user access vector by using a distance-based algorithm to obtain an anomaly detection model;
and the training result obtained in the model training stage is used as an anomaly detection model in the model testing stage, the low-dimensional user access vector is obtained in the model testing stage in a data dimension reduction mode, and the user access vector subjected to dimension reduction is input into the anomaly detection model to obtain a detection result, so that the real-time monitoring and active defense for the database anomaly access are realized.
2. The method for detecting abnormal database access based on distance measurement as claimed in claim 1, wherein: in the model training stage and the model testing stage, data dimensionality reduction is realized by adopting an LDA algorithm, a low-dimensional user access vector is constructed, and detection of abnormal access of the database is realized by adopting a KNN model as an abnormal detection model.
3. The method for detecting abnormal database access based on distance measurement as claimed in claim 2, wherein: the distance measurement of the KNN model adopts Euclidean distance, and the specific expression is as follows:
where x represents a sample point and y represents the classification of the sample point correspondence.
4. The method for detecting abnormal database access based on distance measurement as claimed in claim 2, wherein: and the KNN model can be used for adjusting the K value through the calculation result to divide normal access and abnormal access to different degrees.
5. The method for detecting abnormal database access based on distance measurement as claimed in claim 2, wherein: the specific steps of the model training phase include the following:
performing data preprocessing operation on the extracted database history log to obtain text data;
extracting user operation characteristics from the text data, and constructing an initial database user access characteristic portrait based on the user attribute characteristics and the user operation characteristics, wherein the initial database user access characteristic portrait is a high-dimensional matrix;
performing dimensionality reduction operation on a high-dimensional matrix of an initial database user access characteristic image through an LDA algorithm to obtain a low-dimensional user access vector;
and taking the low-dimensional user access vector as the input of the KNN model, calculating the parameters to be trained in the KNN model, and continuously adjusting the given K value to obtain the optimal classification result, namely the model training result.
6. The method for detecting abnormal database access based on distance measurement as claimed in claim 5, wherein: the data preprocessing operation is to remove the system log to obtain text data.
7. The method for detecting abnormal database access based on distance measurement as claimed in claim 2, wherein: the specific steps of the model testing stage comprise the following steps:
carrying out data preprocessing on user data in a model training stage, and extracting effective access data statements;
constructing a database user access characteristic portrait on the basis of the user attribute characteristics and the user operation characteristics for the effective access data sentences to obtain a high-dimensional database user access characteristic portrait;
performing dimensionality reduction operation on the high-dimensional database user access characteristic image through an LDA algorithm to obtain a low-dimensional user access vector;
taking a low-dimensional user access vector as the input of a KNN model, calculating the KNN model to obtain a parameter to be trained in the model, continuously adjusting a given K value to obtain an optimal detection result, and distinguishing a normal access detection result from an abnormal access detection result;
and inputting the abnormal access detection result into an abnormal access responder, outputting different abnormal access levels, and executing different operations on the access.
8. The method according to claim 7, wherein the distance metric-based database abnormal access detection method comprises: the data preprocessing is to delete the invalid statements accessed by the database and extract the valid access statements of the core.
9. A distance metric based database abnormal access detection system, comprising:
the acquisition module is used for extracting database access information;
the first processing module is used for obtaining a low-dimensional user access vector in a data dimension reduction mode when the extracted database access information enters a model training stage;
the second processing module is used for training the low-dimensional user access vector by using a distance-based algorithm to obtain an anomaly detection model;
and the third processing module is used for taking a training result obtained in the model training stage as an abnormal detection model in the model testing stage, obtaining a low-dimensional user access vector in a data dimension reduction mode in the model testing stage, inputting the user access vector subjected to dimension reduction into the abnormal detection model to obtain a detection result, and realizing real-time monitoring and active defense on abnormal access of the database.
10. A distance-metric-based database abnormal access detection apparatus comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor, when executing the computer program, implements the steps of the distance-metric-based database abnormal access detection method according to any one of claims 1 to 8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111289946.0A CN113722707A (en) | 2021-11-02 | 2021-11-02 | Database abnormal access detection method, system and equipment based on distance measurement |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111289946.0A CN113722707A (en) | 2021-11-02 | 2021-11-02 | Database abnormal access detection method, system and equipment based on distance measurement |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113722707A true CN113722707A (en) | 2021-11-30 |
Family
ID=78686485
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111289946.0A Pending CN113722707A (en) | 2021-11-02 | 2021-11-02 | Database abnormal access detection method, system and equipment based on distance measurement |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113722707A (en) |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170061322A1 (en) * | 2015-08-31 | 2017-03-02 | International Business Machines Corporation | Automatic generation of training data for anomaly detection using other user's data samples |
CN106778259A (en) * | 2016-12-28 | 2017-05-31 | 北京明朝万达科技股份有限公司 | A kind of abnormal behaviour based on big data machine learning finds method and system |
CN108632279A (en) * | 2018-05-08 | 2018-10-09 | 北京理工大学 | A kind of multilayer method for detecting abnormality based on network flow |
CN108667828A (en) * | 2018-04-25 | 2018-10-16 | 咪咕文化科技有限公司 | Risk control method and device and storage medium |
CN110457896A (en) * | 2019-07-02 | 2019-11-15 | 北京人人云图信息技术有限公司 | The detection method and detection device of online access |
CN110929799A (en) * | 2019-11-29 | 2020-03-27 | 上海盛付通电子支付服务有限公司 | Method, electronic device, and computer-readable medium for detecting abnormal user |
CN111680856A (en) * | 2020-01-14 | 2020-09-18 | 国家电网有限公司 | User behavior safety early warning method and system for power monitoring system |
CN111833175A (en) * | 2020-06-03 | 2020-10-27 | 百维金科(上海)信息科技有限公司 | Internet financial platform application fraud behavior detection method based on KNN algorithm |
CN113537337A (en) * | 2021-07-13 | 2021-10-22 | 中国工商银行股份有限公司 | Training method, abnormality detection method, apparatus, device, and storage medium |
-
2021
- 2021-11-02 CN CN202111289946.0A patent/CN113722707A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170061322A1 (en) * | 2015-08-31 | 2017-03-02 | International Business Machines Corporation | Automatic generation of training data for anomaly detection using other user's data samples |
CN106778259A (en) * | 2016-12-28 | 2017-05-31 | 北京明朝万达科技股份有限公司 | A kind of abnormal behaviour based on big data machine learning finds method and system |
CN108667828A (en) * | 2018-04-25 | 2018-10-16 | 咪咕文化科技有限公司 | Risk control method and device and storage medium |
CN108632279A (en) * | 2018-05-08 | 2018-10-09 | 北京理工大学 | A kind of multilayer method for detecting abnormality based on network flow |
CN110457896A (en) * | 2019-07-02 | 2019-11-15 | 北京人人云图信息技术有限公司 | The detection method and detection device of online access |
CN110929799A (en) * | 2019-11-29 | 2020-03-27 | 上海盛付通电子支付服务有限公司 | Method, electronic device, and computer-readable medium for detecting abnormal user |
CN111680856A (en) * | 2020-01-14 | 2020-09-18 | 国家电网有限公司 | User behavior safety early warning method and system for power monitoring system |
CN111833175A (en) * | 2020-06-03 | 2020-10-27 | 百维金科(上海)信息科技有限公司 | Internet financial platform application fraud behavior detection method based on KNN algorithm |
CN113537337A (en) * | 2021-07-13 | 2021-10-22 | 中国工商银行股份有限公司 | Training method, abnormality detection method, apparatus, device, and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Weller-Fahy et al. | A survey of distance and similarity measures used within network intrusion anomaly detection | |
Liu et al. | Plant leaf classification based on deep learning | |
Liu et al. | A novel kernel SVM algorithm with game theory for network intrusion detection | |
Wang et al. | Surrogate-assisted particle swarm optimization for evolving variable-length transferable blocks for image classification | |
CN111339297A (en) | Network asset anomaly detection method, system, medium, and device | |
Tayal et al. | Rankrc: Large-scale nonlinear rare class ranking | |
CN110602120B (en) | Network-oriented intrusion data detection method | |
CN111444724A (en) | Medical question-answer quality testing method and device, computer equipment and storage medium | |
Sugianela et al. | Pearson correlation attribute evaluation-based feature selection for intrusion detection system | |
WO2019200739A1 (en) | Data fraud identification method, apparatus, computer device, and storage medium | |
CN114155397B (en) | Small sample image classification method and system | |
Xiao et al. | Latent imitator: Generating natural individual discriminatory instances for black-box fairness testing | |
Wu et al. | Construction of an intelligent processing platform for equestrian event information based on data fusion and data mining | |
CN112583847B (en) | Method for network security event complex analysis for medium and small enterprises | |
Saravanan et al. | Prediction of insufficient accuracy for human activity recognition using convolutional neural network in compared with support vector machine | |
Mishra et al. | LLM-Guided Counterfactual Data Generation for Fairer AI | |
CN110740111B (en) | Data leakage prevention method and device and computer readable storage medium | |
CN113722707A (en) | Database abnormal access detection method, system and equipment based on distance measurement | |
Elezaj et al. | Data-driven machine learning approach for predicting missing values in large data sets: A comparison study | |
Lv et al. | Determination of the number of principal directions in a biologically plausible PCA model | |
Tong | Research on multiple classification detection for network traffic anomaly based on deep learning | |
Shakir et al. | Enhancing The Performance of Intrusion Detection Using CNN And Reduction Techniques | |
CN112308099B (en) | Sample feature importance determining method, classification model training method and device | |
CN114090869A (en) | Target object processing method and device, electronic equipment and storage medium | |
Wang et al. | A hybird image retrieval system with user's relevance feedback using neurocomputing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211130 |