CN113742720B - Network security situation perception method based on multistage linkage mode - Google Patents

Network security situation perception method based on multistage linkage mode Download PDF

Info

Publication number
CN113742720B
CN113742720B CN202110995822.8A CN202110995822A CN113742720B CN 113742720 B CN113742720 B CN 113742720B CN 202110995822 A CN202110995822 A CN 202110995822A CN 113742720 B CN113742720 B CN 113742720B
Authority
CN
China
Prior art keywords
safety
behavior
baseline
abnormal information
method based
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110995822.8A
Other languages
Chinese (zh)
Other versions
CN113742720A (en
Inventor
左天才
高英
曾体健
谢志奇
宋尔进
李林
杜泽新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Wujiang Hydropower Development Co Ltd
Original Assignee
Guizhou Wujiang Hydropower Development Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Wujiang Hydropower Development Co Ltd filed Critical Guizhou Wujiang Hydropower Development Co Ltd
Priority to CN202110995822.8A priority Critical patent/CN113742720B/en
Publication of CN113742720A publication Critical patent/CN113742720A/en
Application granted granted Critical
Publication of CN113742720B publication Critical patent/CN113742720B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Artificial Intelligence (AREA)
  • Computing Systems (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a network security situation perception method based on a multistage linkage mode, which comprises the following steps: collecting flow and safety logs of a region I and a region II of a power plant; preprocessing the acquired data and extracting key characteristic elements; establishing a baseline flow and log model through baseline learning based on the extracted key characteristic elements, and analyzing and detecting abnormal information in the baseline flow and log model in real time by using a safety detection model; and when abnormal information is detected, performing safety tracing analysis on the abnormal information by using safety expert knowledge to obtain a safety problem. The invention can analyze and early warn the potential safety hazard in real time in advance, thereby protecting the unsafe network problem in time.

Description

Network security situation perception method based on multistage linkage mode
Technical Field
The invention relates to the technical field of network security situation awareness, in particular to a network security situation awareness method based on a multi-level linkage mode.
Background
The electric power group comprises a plurality of power plants, the network security environment is complex, the types of network security equipment are various, the types of logs are more, a platform and a situation perception platform for collecting and analyzing unified information are lacked, and overall supervision and analysis are carried out on the global security problems.
Communication capacity between a power plant and a group is limited, full flow cannot be sent to a regional level, safety modeling analysis is carried out by using a large computing cluster on the side of the group, and a large amount of safety data cannot be utilized due to the fact that the power plant side lacks the large computing cluster and the safety modeling capacity.
Network security detection ability needs to be updated in real time, so how can the detection ability of real-time update transfer to each power plant and form unified management, how the security expert of regional level is effectual guides and solves the safety problem of the appearance of power plant, and the problem of urgently waiting to solve is analyzed and early-warned the potential safety hazard that exists.
Disclosure of Invention
This section is for the purpose of summarizing some aspects of embodiments of the invention and to briefly introduce some preferred embodiments. In this section, as well as in the abstract and the title of the invention of this application, simplifications or omissions may be made to avoid obscuring the purpose of the section, the abstract and the title, and such simplifications or omissions are not intended to limit the scope of the invention.
The present invention has been made in view of the above-mentioned conventional problems.
Therefore, the technical problem solved by the invention is as follows: the prior art can not analyze and early warn potential safety hazards in real time, so that the network safety protection is not timely.
In order to solve the technical problems, the invention provides the following technical scheme: collecting flow and safety logs of a power plant area I and a power plant area II; preprocessing the acquired data and extracting key characteristic elements; establishing a baseline flow and log model through baseline learning based on the extracted key characteristic elements, and analyzing and detecting abnormal information in the baseline flow and log model in real time by using a safety detection model; and when abnormal information is detected, performing security traceability analysis on the abnormal information by using security expert knowledge to obtain a security problem.
As a preferred scheme of the network security situation awareness method based on the multi-level linkage mode, the method comprises the following steps: and acquiring flow and safety logs of the I area and the II area of the power plant by using plant station level situation awareness equipment.
As a preferred scheme of the network security situation awareness method based on the multi-level linkage mode, the method comprises the following steps: preprocessing the acquired data and extracting key characteristic elements, wherein the preprocessing comprises the steps of data cleaning, data integration, data transformation and data reduction of the acquired data; and extracting the key characteristic elements by using a principal component analysis strategy.
As a preferred scheme of the network security situation awareness method based on the multi-level linkage mode, the method comprises the following steps: constructing the baseline traffic and log model through baseline learning includes a session set: f. of 1 The communication time length of the communication starting time of the size of the uplink packet and the size of the downlink packet of the number of the uplink packets and the number of the downlink packets of a destination port destination IP address source IP address transmission protocol is set to be { the communication starting time of the size of the uplink packet and the size of the downlink packet }; protocol behavior aggregation: f. of 2 And (2) a communication time length protocol instruction parameter of communication starting time of size of downlink packet of size of uplink packet of number of downlink packets of destination IP address source IP address transmission protocol of destination port.
As a preferred scheme of the network security situation awareness method based on the multi-level linkage mode, the method comprises the following steps: further comprising, constructing the baseline traffic and log model based on the session set and protocol behavior set:
Figure RE-GDA0003340928400000021
where E (Y | X = X) represents a behavior matching degree output value, Y represents an aggregate behavior, X represents an input behavior, τ 1 Denotes the number of times of extraction,. Tau 2 Representing the probability of behavior.
As a preferred scheme of the network security situation awareness method based on the multi-level linkage mode, the method comprises the following steps: judging whether abnormal flow or behavior exists according to the behavior matching degree output value, wherein the abnormal flow or behavior exists when E (Y | X = X) < 0.83 and is more than or equal to 0; when 0.83 ≦ E (Y | X = X) ≦ 1, the flow or behavior is normal.
As a preferred scheme of the network security situation awareness method based on the multi-level linkage mode, the method comprises the following steps: the safety detection model is utilized to carry out real-time analysis and detection on abnormal information in the baseline flow and log model, and an abnormal information feature library is established according to historical information; adopting a deep learning network to construct the safety detection model, and performing data training to obtain a perfect safety detection model; and matching the abnormal information with the abnormal information feature library, and analyzing and detecting to obtain the final security vulnerability.
As a preferred scheme of the network security situation awareness method based on the multi-level linkage mode, the method comprises the following steps: the exception information includes exception traffic and logs.
As a preferred scheme of the network security situation awareness method based on the multi-level linkage mode, the method comprises the following steps: the inclusion of the security detection model may include,
Figure RE-GDA0003340928400000031
wherein [ a, b]Denotes a detection interval, x k Represents the flow value, x, when the subinterval is k value k-1 Denotes the flow value, Δ x, at a subinterval of k-1 k =x k -x k-1 Denotes the length of the subinterval k and N denotes the number of iterations.
The invention has the beneficial effects that: the invention can analyze and early warn the potential safety hazard in real time in advance, thereby protecting the unsafe network problem in time.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise. Wherein:
fig. 1 is a schematic basic flow chart of a network security situation awareness method based on a multi-level linkage manner according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an area-level security situation awareness platform of a network security situation awareness method based on a multi-level linkage manner according to an embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, specific embodiments accompanied with figures are described in detail below, and it is apparent that the described embodiments are a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, shall fall within the protection scope of the present invention.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced otherwise than as specifically described herein, and it will be appreciated by those skilled in the art that the present invention may be practiced without departing from the spirit and scope of the present invention and that the present invention is not limited by the specific embodiments disclosed below.
Furthermore, reference herein to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one implementation of the invention. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
The present invention will be described in detail with reference to the drawings, wherein the cross-sectional views illustrating the structure of the device are not enlarged partially in general scale for convenience of illustration, and the drawings are only exemplary and should not be construed as limiting the scope of the present invention. In addition, the three-dimensional dimensions of length, width and depth should be included in the actual fabrication.
Meanwhile, in the description of the present invention, it should be noted that the terms "upper, lower, inner and outer" and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of describing the present invention and simplifying the description, but do not indicate or imply that the referred device or element must have a specific orientation, be constructed in a specific orientation and operate, and thus, cannot be construed as limiting the present invention. Furthermore, the terms first, second, or third are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
The terms "mounted, connected and connected" in the present invention are to be understood broadly, unless otherwise explicitly specified or limited, for example: can be fixedly connected, detachably connected or integrally connected; they may be mechanically, electrically, or directly connected, or indirectly connected through intervening media, or may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Example 1
Referring to fig. 1 to 2, an embodiment of the present invention provides a network security situation awareness method based on a multi-level linkage manner, including:
s1: collecting flow and safety logs of a region I and a region II of a power plant; it should be noted that:
and acquiring the flow and the safety logs of the I area and the II area of the power plant by utilizing plant-level situation awareness equipment.
S2: preprocessing the acquired data and extracting key characteristic elements; it should be noted that:
preprocessing the acquired data and extracting key feature elements comprises the following steps:
carrying out data cleaning, data integration, data transformation and data reduction on the acquired data;
extracting key characteristic elements by using a principal component analysis strategy; the principal component analysis strategy extracts the characteristic elements by using the following codes:
Figure RE-GDA0003340928400000041
Figure RE-GDA0003340928400000051
s3: establishing a baseline flow and log model through baseline learning based on the extracted key characteristic elements, and performing real-time analysis and detection on abnormal information in the baseline flow and log model by using a safety detection model; it should be noted that:
the method for constructing the baseline traffic and log model through baseline learning comprises the following steps:
session aggregation:
f 1 the communication time length of the communication starting time of the size of the uplink packet and the size of the downlink packet of the number of the uplink packets and the number of the downlink packets of a destination port destination IP address source IP address transmission protocol is set to be { the communication starting time of the size of the uplink packet and the size of the downlink packet };
protocol behavior aggregation:
f 2 protocol instruction parameter of communication time length of communication starting time of size downlink packet size of uplink packet of number of downlink packets of destination IP address source IP address transmission protocol of { destination port }.
Establishing a baseline traffic and log model based on the session set and the protocol behavior set:
Figure RE-GDA0003340928400000061
where E (Y | X = X) represents a behavior matching degree output value, Y represents an aggregate behavior, X represents an input behavior, τ 1 Denotes the number of extractions, τ 2 Representing the probability of behavior.
Judging whether abnormal flow or behavior exists according to the behavior matching degree output value, wherein the judging step comprises the following steps:
when 0 ≦ E (Y | X = X) < 0.83, there is an abnormal flow or behavior;
when 0.83 ≦ E (Y | X = X) ≦ 1, the flow or behavior is normal.
The real-time analysis and detection of abnormal information in the baseline flow and log model by using the safety detection model comprises the following steps:
establishing an abnormal information feature library according to the historical information;
a safety detection model is constructed by adopting a deep learning network, and data training is carried out to obtain a perfect safety detection model;
wherein, the safety detection model comprises a safety detection model,
Figure RE-GDA0003340928400000062
wherein [ a, b ]]Denotes a detection interval, x k Denotes the flow value, x, at a subinterval of k k-1 Denotes the flow value, Δ x, at a subinterval of k-1 k =x k -x k-1 Denotes the length of the subinterval k and N denotes the number of iterations.
Matching the abnormal information with an abnormal information feature library, and analyzing and detecting to obtain a final security vulnerability;
the abnormal information comprises abnormal flow and logs.
S4: when abnormal information is detected, performing security traceability analysis on the abnormal information by using security expert knowledge to obtain a security problem; it should be noted that:
as shown in fig. 2, the regional situation awareness platform cooperates with a third-party security vendor through its security expert capability to continuously construct its security core security capability, which includes: a vulnerability library, an information library, a virus killing library, an intrusion detection library, an association rule analysis library, a model library based on behavior analysis, safety information and the like, and the core detection capabilities are issued to a plant-level situation perception platform; when security loopholes occur or abnormal flow possibly exists, the regional security experts can be directly connected to the plant station level situation awareness platform in a remote mode to conduct security source tracing and evidence obtaining.
Example 2
The embodiment is different from the first embodiment in that a verification test of a network security situation awareness method based on a multi-level linkage mode is provided, and in order to verify and explain the technical effects adopted in the method, the embodiment adopts a traditional technical scheme and the method of the invention to carry out a comparison test, and compares the test results by means of scientific demonstration to verify the real effect of the method.
The traditional technical scheme is as follows: the existing potential safety hazards cannot be analyzed and early warned in real time, so that the network safety protection is not timely. Compared with the traditional method, the method has higher real-time performance and analysis accuracy. In this embodiment, the detection of the problem of the security vulnerability of the simulation network and the accuracy and speed of analysis are measured and compared in real time by using the conventional network security situation awareness method and the conventional network security situation awareness method.
And (3) testing environment: the host operating system: windows, solaris, aix, linux, sco, sgi; a database system: mssql, oracle, mysql, informix, sybase; the application system comprises the following steps: various applications provided by the target, such as www applications composed of asp, cgi, jsp, php, and the like; a network device: a firewall, a security detection system, and a network device; the safety events are issued every 1 hour according to the sequence of 10, 12, 15, 12 and 21 by using an automatic testing device, and simulation tests of the two methods are realized by using MATLB software programming, and simulation data are obtained according to experimental results. 1000 sets of data were tested for each method and the results of the two methods are shown in the table below.
Table 1: the experimental results are shown in a comparison table.
Experimental sample Conventional methods The method of the invention
Time delay 1.2min 0.4ms
Rate of accuracy 85% 98%
From the above table it can be seen that the process of the invention has good properties.
It should be noted that the above-mentioned embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, which should be covered by the claims of the present invention.

Claims (5)

1. A network security situation awareness method based on a multi-level linkage mode is characterized by comprising the following steps:
collecting flow and safety logs of a region I and a region II of a power plant;
preprocessing the acquired data and extracting key characteristic elements;
establishing a baseline flow and log model through baseline learning based on the extracted key characteristic elements, and analyzing and detecting abnormal information in the baseline flow and log model in real time by using a safety detection model;
constructing the baseline traffic and log model through baseline learning includes,
session aggregation:
Figure 955755DEST_PATH_IMAGE001
= { destination port, destination IP address, source IP address, transport protocol, number of uplink packets, number of downlink packets, size of uplink packets, size of downlink packets, communication start time, communication duration };
protocol behavior aggregation:
Figure 691630DEST_PATH_IMAGE002
= { destination port, destination IP address, source IP address, transport protocol, number of uplink packets, number of downlink packets, size of uplink packets, size of downlink packets, communication start time, communication duration, protocol instruction parameter };
constructing the baseline traffic and log model based on the session set and the protocol behavior set:
Figure DEST_PATH_IMAGE003
wherein the content of the first and second substances,
Figure 828213DEST_PATH_IMAGE004
an output value representing the degree of matching of the behavior,
Figure 965934DEST_PATH_IMAGE005
the behavior of the set is represented by,
Figure 693718DEST_PATH_IMAGE006
the behavior of the input is represented by,
Figure 916889DEST_PATH_IMAGE007
the number of times of the extraction is indicated,
Figure 122742DEST_PATH_IMAGE008
representing a probability of a behavior;
judging whether abnormal flow or behavior exists according to the behavior matching degree output value, including,
when in use
Figure 380548DEST_PATH_IMAGE009
When there is abnormal traffic or behavior;
when in use
Figure 270445DEST_PATH_IMAGE010
When the traffic or behavior is normal; and when abnormal information is detected, performing safety tracing analysis on the abnormal information by using safety expert knowledge to obtain a safety problem.
2. The network security situation awareness method based on the multi-level linkage mode according to claim 1, wherein: and acquiring flow and safety logs of the I area and the II area of the power plant by using plant station level situation awareness equipment.
3. The network security situation awareness method based on the multi-level linkage mode according to claim 1 or 2, wherein: preprocessing the collected data and extracting key feature elements includes,
carrying out data cleaning, data integration, data transformation and data reduction on the acquired data;
and extracting the key characteristic elements by using a principal component analysis strategy.
4. The network security situation awareness method based on the multi-level linkage mode according to claim 1, wherein: the real-time analysis and detection of abnormal information in the baseline traffic and log model using the security detection model includes,
establishing an abnormal information feature library according to the historical information;
adopting a deep learning network to construct the safety detection model, and carrying out data training to obtain a perfect safety detection model;
and matching the abnormal information with the abnormal information feature library, and analyzing and detecting to obtain the final security vulnerability.
5. The network security situation awareness method based on the multi-level linkage mode according to claim 4, wherein: the exception information includes exception traffic and logs.
CN202110995822.8A 2021-08-27 2021-08-27 Network security situation perception method based on multistage linkage mode Active CN113742720B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110995822.8A CN113742720B (en) 2021-08-27 2021-08-27 Network security situation perception method based on multistage linkage mode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110995822.8A CN113742720B (en) 2021-08-27 2021-08-27 Network security situation perception method based on multistage linkage mode

Publications (2)

Publication Number Publication Date
CN113742720A CN113742720A (en) 2021-12-03
CN113742720B true CN113742720B (en) 2022-11-25

Family

ID=78733451

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110995822.8A Active CN113742720B (en) 2021-08-27 2021-08-27 Network security situation perception method based on multistage linkage mode

Country Status (1)

Country Link
CN (1) CN113742720B (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111245793A (en) * 2019-12-31 2020-06-05 西安交大捷普网络科技有限公司 Method and device for analyzing abnormity of network data
CN112612669A (en) * 2020-11-25 2021-04-06 中国大唐集团科学技术研究院有限公司 Infrastructure monitoring and early warning method and system based on situation awareness
CN112651006B (en) * 2020-12-07 2023-08-25 中国电力科学研究院有限公司 Power grid security situation sensing system
CN112653678B (en) * 2020-12-14 2023-01-24 国家电网有限公司信息通信分公司 Network security situation perception analysis method and device

Also Published As

Publication number Publication date
CN113742720A (en) 2021-12-03

Similar Documents

Publication Publication Date Title
CN102340485B (en) Network security situation awareness system and method based on information correlation
CN105471882A (en) Behavior characteristics-based network attack detection method and device
CN110188737B (en) Thermal runaway early warning method based on lithium battery safety valve opening acoustic signal detection
CN112087445A (en) Electric power Internet of things security vulnerability assessment method fusing business security
Srivastav et al. Novel intrusion detection system integrating layered framework with neural network
CN113645182B (en) Denial of service attack random forest detection method based on secondary feature screening
CN105354198A (en) Data processing method and apparatus
CN111898647A (en) Clustering analysis-based low-voltage distribution equipment false alarm identification method
CN116366374B (en) Security assessment method, system and medium for power grid network management based on big data
CN110019519A (en) Data processing method, device, storage medium and electronic device
CN112202718B (en) XGboost algorithm-based operating system identification method, storage medium and device
CN110677430A (en) User risk degree evaluation method and system based on log data of network security equipment
CN108183897A (en) A kind of information physical emerging system safety risk estimating method
CN109634820A (en) A kind of fault early warning method, relevant device and the system of the collaboration of cloud mobile terminal
CN110826852A (en) Risk assessment method and system for forced isolation drug rehabilitation personnel
CN116862081A (en) Operation and maintenance method and system for pollution treatment equipment
CN111586608A (en) Intelligent health service system of power supply vehicle and data transmission method thereof
CN113742720B (en) Network security situation perception method based on multistage linkage mode
CN110956316A (en) Personnel level prediction model based on random forest
CN114330120A (en) 24-hour PM prediction based on deep neural network2.5Method of concentration
CN110022313A (en) Polymorphic worm feature extraction and polymorphic worm discrimination method based on machine learning
CN117526561A (en) Digital twinning-based transformer substation equipment abnormality monitoring and early warning method and system
CN113750538A (en) Big data-based hand-game security platform construction method and system
CN114697230B (en) Zero trust-based energy station safety monitoring system and method
CN113794281B (en) Safety monitoring system for power network based on data analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant