CN113807977A - Method, system, device and medium for detecting Touchi attack based on dynamic knowledge graph - Google Patents

Method, system, device and medium for detecting Touchi attack based on dynamic knowledge graph Download PDF

Info

Publication number
CN113807977A
CN113807977A CN202111028476.2A CN202111028476A CN113807977A CN 113807977 A CN113807977 A CN 113807977A CN 202111028476 A CN202111028476 A CN 202111028476A CN 113807977 A CN113807977 A CN 113807977A
Authority
CN
China
Prior art keywords
user
relationship
users
dynamic
change
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111028476.2A
Other languages
Chinese (zh)
Other versions
CN113807977B (en
Inventor
万珊珊
刘颖
吕橙
邱冬炜
蒙翠青
孙雷
陈卓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Civil Engineering and Architecture
Original Assignee
Beijing University of Civil Engineering and Architecture
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Civil Engineering and Architecture filed Critical Beijing University of Civil Engineering and Architecture
Priority to CN202111028476.2A priority Critical patent/CN113807977B/en
Publication of CN113807977A publication Critical patent/CN113807977A/en
Application granted granted Critical
Publication of CN113807977B publication Critical patent/CN113807977B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/01Social networking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/36Creation of semantic tools, e.g. ontology or thesauri
    • G06F16/367Ontology
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/25Fusion techniques

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Evolutionary Computation (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Health & Medical Sciences (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Animal Behavior & Ethology (AREA)
  • Computational Linguistics (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention provides a dynamic knowledge graph-based trusting attack detection method, which comprises the following steps: collecting user information; calculating personal preference and social style of the user; establishing a user relationship dynamic knowledge graph in combination with the change of the user relationship along with the dynamic change factors; according to the fact that the user relationship of the real user changes along with the dynamic change factors, the user relationship of the trustee attack user does not change along with the dynamic change factors after the propagation capacity is elapsed, and the user clustering method is utilized to carry out user clustering on the user relationship dynamic knowledge graph so as to detect the trustee attack user. According to the method for detecting the attack support based on the dynamic knowledge graph, the user is simulated as the social sensor, the user relation dynamic knowledge graph is established by combining the change of the user relation along with the dynamic change factors, the dynamic change of the user relation in social activities is accurately described, the user relation changing along with the dynamic change factors at a plurality of moments is collected to analyze and detect the attack support user, and the attack support user can be detected more accurately.

Description

基于动态知识图谱的托攻击检测方法、系统、设备及介质Method, system, device and medium for spoofing attack detection based on dynamic knowledge graph

技术领域technical field

本发明涉及托攻击检测技术领域,尤其涉及一种基于动态知识图谱的托攻击检测方法、系统、设备及计算机可读存储介质。The present invention relates to the technical field of spoofing attack detection, in particular to a spoofing attack detection method, system, device and computer-readable storage medium based on a dynamic knowledge graph.

背景技术Background technique

随着互联网技术的不断发展,特别是新闻、商品和娱乐资源的爆炸式增长,人们在转向互联网搜索自己所需要的项目的时候也面临严重的信息过载问题。为了给人们快速准确地提供信息,推荐系统被广泛地应用到各个领域。由于推荐系统自身的开放性等特点,给了托攻击用户向系统中注入虚假评分和虚假社会关系的机会。其中,托攻击用户通过与其他用户建立大量虚假关系而改变真实的用户社交关系,进而影响真实用户的选择,并且受到攻击的用户也会将虚假关系产生的影响通过社交网络进行扩散。With the continuous development of Internet technology, especially the explosive growth of news, commodities and entertainment resources, people also face serious information overload problems when they turn to the Internet to search for the items they need. In order to provide people with information quickly and accurately, recommender systems are widely used in various fields. Due to the openness and other characteristics of the recommender system itself, it gives users the opportunity to inject false ratings and false social relations into the system. Among them, the attacked user changes the real user social relationship by establishing a large number of false relationships with other users, thereby affecting the real user's choice, and the attacked user will also spread the influence of the false relationship through the social network.

现有的托攻击检测方法可以分为有监督、无监督和半监督检测方法。有监督的检测方法主要通过训练分类器对托攻击进行检测,如从用户注册信息、用户发布内容等信息中抽取特征构建分类器,监督型的检测方法需要大量样本,人工标注样本代价较大;无监督的检测方法主要利用社交网络的拓扑关系识别网络中的异常点,如利用文本和URL相似度对帖子进行聚类的检测方法等,无监督的检测方法假阳率高,鲁棒性也稍逊;而结合两者的半监督检测方法大多从用户间的相似度、用户评分值等角度出发,很少考虑用户之间的动态关系。Existing methods for detection of spoofing attacks can be divided into supervised, unsupervised and semi-supervised detection methods. The supervised detection method mainly detects the spoofing attack by training the classifier, such as extracting features from the user registration information, user published content and other information to construct the classifier. The supervised detection method requires a large number of samples, and the cost of manually labeling the samples is relatively high; Unsupervised detection methods mainly use the topological relationship of social networks to identify outliers in the network, such as detection methods that use text and URL similarity to cluster posts, etc. Unsupervised detection methods have high false positive rates and poor robustness. However, semi-supervised detection methods that combine the two mostly start from the perspectives of similarity between users, user rating values, etc., and rarely consider the dynamic relationship between users.

无论是有监督、无监督,还是半监督的检测方法都很少考虑到利用用户之间的动态社交关系来检测托攻击用户,因为真实用户之间的社交关系是会随着动态变化因素而发生变化的,动态变化因素可以例如是时间的流走或突发事件的发生,真实用户之间可能会就某一突发事件的发生而产生活跃的联系,繁衍传播能力会发生改变,而托攻击用户只是在刚注入时会对真实用户产生影响,随着其传播能力的消逝,无论动态变化因素如何变化,托攻击用户不会与真实用户进行交互,也不会再对真实用户的行为有任何影响,利用这一点可以对现有的托攻击检测方法进行有效完善,以提高托攻击的准确性。Whether supervised, unsupervised, or semi-supervised detection methods rarely take into account the use of dynamic social relations between users to detect users who attack users, because the social relations between real users will occur with dynamic factors. Changes, dynamic change factors can be, for example, the flow of time or the occurrence of emergencies, real users may have active connections with the occurrence of an emergencies, the ability to reproduce and spread will change, and attacks The user only affects the real user when it is first injected. With the disappearance of its spreading ability, no matter how the dynamic factors change, the attacking user will not interact with the real user, and will no longer have any effect on the behavior of the real user. By using this point, we can effectively improve the existing methods for detecting tossing attacks, so as to improve the accuracy of tossing-up attacks.

发明内容SUMMARY OF THE INVENTION

本发明提供一种基于动态知识图谱的托攻击检测方法、系统、设备及计算机可读存储介质,将用户模拟为社会传感器,结合用户关系随动态变化因素的变化建立用户关系动态知识图谱,更加准确地描述用户关系在社会活动中的动态变化,不过分依赖用户历史评分等信息,也不只是基于某一时刻下用户的关系来检测托攻击用户,而是集合随动态变化因素在若干时刻下变化的用户关系来分析检测托攻击用户,托攻击用户的虚假社交关系由此被放大,能够更精准地被检测得到。The present invention provides a method, system, device and computer-readable storage medium for spoofing attack detection based on a dynamic knowledge graph, which simulates users as social sensors, and establishes a dynamic knowledge graph of user relationships in combination with changes in user relationships with dynamic change factors, which is more accurate Describe the dynamic changes of user relationships in social activities, without relying too much on information such as user historical scores, and not only based on the relationship of users at a certain moment to detect attacking users, but the set changes at certain moments with dynamic factors The user relationship of the user can be analyzed and detected, and the false social relationship of the attacking user can be amplified and detected more accurately.

本发明提供一种基于动态知识图谱的托攻击检测方法,包括:The present invention provides a method for detecting spoofing attacks based on a dynamic knowledge graph, comprising:

采集用户信息;collect user information;

根据所述用户信息,结合用户关系随动态变化因素的变化,建立用户关系动态知识图谱;According to the user information, combined with the change of the user relationship with the dynamic change factor, a dynamic knowledge map of the user relationship is established;

根据真实用户的用户关系随动态变化因素产生变化,托攻击用户的用户关系在传播能力消逝后随动态变化因素不产生变化,利用图团体聚类方法对所述用户关系动态知识图谱进行用户聚类,以检测出托攻击用户。According to the fact that the user relationship of the real user changes with the dynamic change factor, the user relationship of the attacking user does not change with the dynamic change factor after the dissemination ability disappears, and the graph community clustering method is used to perform user clustering on the dynamic knowledge graph of the user relationship. , to detect users who are under attack.

根据本发明提供的一种基于动态知识图谱的托攻击检测方法,所述根据所述用户信息,结合用户关系随动态变化因素的变化,建立用户关系动态知识图谱,包括:According to a method for detecting spoofing attacks based on a dynamic knowledge graph provided by the present invention, the establishment of a dynamic knowledge graph of user relationships according to the user information and in combination with changes in user relationships with dynamic change factors, includes:

根据所述用户信息,计算得到用户之间的关系紧密度和用户的社交风格,并建立若干时刻对应的用户关系静态知识图谱;According to the user information, the closeness of the relationship between users and the social style of the user are calculated, and a static knowledge map of user relationships corresponding to several moments is established;

根据所述用户信息,结合用户关系随动态变化因素的变化,计算若干时刻下的用户间关系权值和用户关系变化值,融合若干所述用户关系静态知识图谱以及对应时刻下的用户间关系权值和用户关系变化值,得到用户关系动态知识图谱。According to the user information, combined with the changes of the user relationship with the dynamic change factors, calculate the relationship weight between users and the change value of the user relationship at several moments, and fuse several static knowledge graphs of the user relationship and the relationship weight between users at the corresponding moment. The value and the change value of the user relationship are obtained, and the dynamic knowledge map of the user relationship is obtained.

根据本发明提供的一种基于动态知识图谱的托攻击检测方法,所述采集用户信息,包括:According to a method for detecting fraudulent attacks based on a dynamic knowledge graph provided by the present invention, the collection of user information includes:

采集用户集合R,其中,Collect user set R, where,

R={R1,R2,…,Ri,…,Rn},i∈[1,n],R={R 1 , R 2 ,...,R i ,...,R n }, i∈[1,n],

Figure BDA0003244386910000031
Figure BDA0003244386910000031

R表示用户群体的集合,集合R中包括n个用户群体,表示为R1,R2,…,Ri,…,Rn,Ri表示n个用户群体中的第i个用户群体的用户集合,集合Ri中包括m个用户,表示为

Figure BDA0003244386910000032
R represents a set of user groups, and the set R includes n user groups, denoted as R 1 , R 2 , ..., R i , ... , R n , and R i represents the users of the ith user group among the n user groups The set, including m users in the set R i , is expressed as
Figure BDA0003244386910000032

采集用户档案集合UP,其中,Collect a set of user profiles UP, where,

UP={z1,z2,z3,…zi…zn},i∈[1,n],UP={z 1 , z 2 , z 3 , ... z i ... z n }, i∈[1,n],

Figure BDA0003244386910000033
Figure BDA0003244386910000033

Figure BDA0003244386910000034
Figure BDA0003244386910000034

Ia=w1×he+w2×we+w3×se+w4×ag+w5×pr,Ia=w 1 ×he+w 2 ×we+w 3 ×se+w 4 ×ag+w 5 ×pr,

Figure BDA0003244386910000035
Figure BDA0003244386910000035

Sa=w6×ac+w7×fe+w8×in+w9×ad,Sa=w 6 ×ac+w 7 ×fe+w 8 ×in+w 9 ×ad,

Figure BDA0003244386910000041
Figure BDA0003244386910000041

UP表示用户群体的档案的集合,集合UP中包括n个用户群体的档案,表示为z1,z2,z3,…zi…zn,zi表示n个用户群体中第i个用户群体的用户的档案集合,集合zi中包括m个用户的档案,表示为

Figure BDA0003244386910000042
表示m个用户中的第j个用户的档案,<Ia|Sa>表示<用户个体属性|用户社会属性>,在用户个体属性Ia中:he表示身高属性、we表示体重属性、se表示性别属性、ag表示年龄属性、pr表示职业属性,在用户社会属性Sa中:ac表示活跃度属性、fe表示反馈性属性、in表示影响力属性、以及ad表示适应性属性,wi表示权重比例;UP represents a set of profiles of user groups, and the set UP includes profiles of n user groups, denoted as z 1 , z 2 , z 3 , ... z i ... z n , and z i represents the i-th user in n user groups The set of files of users in the group, the set zi includes the files of m users, which is expressed as
Figure BDA0003244386910000042
Represents the profile of the jth user among m users, <Ia|Sa> represents <user individual attribute|user social attribute>, in the user individual attribute Ia: he represents the height attribute, we represents the weight attribute, and se represents the gender attribute , ag means age attribute, pr means occupation attribute, in user social attribute Sa: ac means activity attribute, fe means feedback attribute, in means influence attribute, and ad means adaptability attribute, w i means weight ratio;

采集用户访问集合UH,其中,Collect user access set UH, where,

UH={u1,u2,u3,…ui,…,un},i∈[1,n],UH={u 1 ,u 2 ,u 3 ,…u i ,…,u n }, i∈[1,n],

Figure BDA0003244386910000043
Figure BDA0003244386910000043

Figure BDA0003244386910000044
Figure BDA0003244386910000044

UH表示用户群体的访问记录的集合,集合UH包括n个用户群体的访问记录,表示为u1,u2,u3,…ui,…,un,ui表示n个用户群体中第i个用户群体的访问记录的集合,集合ui包括m个用户的访问记录,表示为

Figure BDA0003244386910000045
表示在第i个用户群体中的第j个用户的访问记录,{Item|number,action,…}表示用户对项目的访问记录,{User|number,action…}表示用户对用户的访问记录。UH represents the set of access records of user groups, and the set UH includes the access records of n user groups, denoted as u 1 , u 2 , u 3 , ... u i , ..., u n , where u i represents the nth user group among the n user groups The set of access records of i user groups, the set ui includes the access records of m users, which is expressed as
Figure BDA0003244386910000045
Indicates the access record of the jth user in the ith user group, {Item|number, action,...} represents the user's access record to the item, {User|number, action...} represents the user's access record to the user.

根据本发明提供的一种基于动态知识图谱的托攻击检测方法,所述根据所述用户信息,计算得到用户之间的关系紧密度和用户的社交风格,并建立若干时刻对应的用户关系静态知识图谱,包括:According to a method for detecting fraudulent attacks based on a dynamic knowledge graph provided by the present invention, the closeness of the relationship between users and the social style of the user are calculated according to the user information, and the static knowledge of user relationships corresponding to several moments is established. Atlas, including:

通过用户访问集合UH提取用户的直接交互信息,所述直接交互信息包括用户的追随者数量IC、跟随的用户数量NO、用户访问的项目数量NI、用户访问同一领域项目数量SN、用户的评论数量NC、用户评论的时间TC、以及其他用户对目标用户的评分RO;The direct interaction information of the user is extracted through the user access set UH, the direct interaction information includes the number of followers IC of the user, the number of followers NO, the number of items NI accessed by the user, the number of items SN accessed by the user in the same field, and the number of comments of the user. NC, the time TC of the user's comment, and the rating RO of the target user by other users;

根据所述用户信息,通过式1计算用户之间的关系紧密度,式1为:According to the user information, the closeness of the relationship between users is calculated by formula 1, where formula 1 is:

Figure BDA0003244386910000051
Figure BDA0003244386910000051

Figure BDA0003244386910000052
Figure BDA0003244386910000052

其中FN表示用户

Figure BDA0003244386910000053
与第N层级的用户
Figure BDA0003244386910000054
的关系紧密度,层级为以目标用户为中心向外围扩散有关系用户的层数。Ia表示目标用户的个体属性数据,
Figure BDA0003244386910000055
表示其他用户的个体属性数据,
Figure BDA0003244386910000056
为Ia与
Figure BDA0003244386910000057
的点积,用于表示目标用户和其他用户在个体属性数据上的相关程度,Sa表示目标用户的社会属性数据,
Figure BDA0003244386910000058
表示其他用户的社会属性数据,
Figure BDA0003244386910000059
为Sa与
Figure BDA00032443869100000510
的点积,用于表示目标用户和其他用户在社会属性数据上的相关程度,Cl表示目标用户和其他用户在个体属性数据上的相关程度和社会属性数据上的相关程度的和;where F N represents the user
Figure BDA0003244386910000053
with Nth tier users
Figure BDA0003244386910000054
The level of relationship is the number of layers of related users that spread from the center to the periphery of the target user. Ia represents the individual attribute data of the target user,
Figure BDA0003244386910000055
Represents individual attribute data of other users,
Figure BDA0003244386910000056
for Ia with
Figure BDA0003244386910000057
The dot product of is used to represent the degree of correlation between the target user and other users on individual attribute data, Sa represents the social attribute data of the target user,
Figure BDA0003244386910000058
Represents social attribute data of other users,
Figure BDA0003244386910000059
for Sa and
Figure BDA00032443869100000510
The dot product of , is used to represent the degree of correlation between the target user and other users on social attribute data, and C1 represents the sum of the degree of correlation between the target user and other users on individual attribute data and the degree of correlation on social attribute data;

根据所述用户信息,通过式2计算用户的社交风格,式2为:According to the user information, the user's social style is calculated by Equation 2, where Equation 2 is:

Figure BDA00032443869100000511
Figure BDA00032443869100000511

Figure BDA00032443869100000512
CO=exp{ad+Ia+NO′},
Figure BDA00032443869100000512
CO=exp{ad+Ia+NO'},

ST=exp{ac+pr+Ia+Sa+SN′+TC′+RO′},ST=exp{ac+pr+Ia+Sa+SN′+TC′+RO′},

DI=exp{fe+Sa+NI′+NC′},DI=exp{fe+Sa+NI′+NC′},

其中

Figure BDA00032443869100000513
表示第i个用户群体中第j个用户的社交风格,在社交风格中:CO表示趋同性、ST表示稳定性、DI表示方向性,γ为评级参数,wi表示权重比例,exp表示对参数进行指数函数计算,IC′、NO′、NI′、SN′、NC′、TC′、和RO′分别表示对应的直接交互信息进行归一化处理后的数值;in
Figure BDA00032443869100000513
Represents the social style of the jth user in the ith user group. In the social style: CO represents convergence, ST represents stability, DI represents directionality, γ represents the rating parameter, w i represents the weight ratio, and exp represents the pair parameter Perform exponential function calculation, IC', NO', NI', SN', NC', TC', and RO' respectively represent the normalized value of the corresponding direct interaction information;

根据用户之间的关系紧密度和用户的社交风格,建立若干时刻对应的用户关系静态知识图谱。According to the closeness of the relationship between users and the user's social style, a static knowledge graph of user relationships corresponding to several moments is established.

根据本发明提供的一种基于动态知识图谱的托攻击检测方法,所述根据所述用户信息,结合用户关系随动态变化因素的变化,计算若干时刻下的用户间关系权值和用户关系变化值,融合若干所述用户关系静态知识图谱以及对应时刻下的用户间关系权值和用户关系变化值,得到用户关系动态知识图谱,包括:According to a method for detecting spoofing attacks based on a dynamic knowledge graph provided by the present invention, the relationship weights between users and the change values of user relationships at several moments are calculated according to the user information and in combination with the changes of the user relationship with the dynamic change factors. , and fuse several static knowledge graphs of user relationships and the relationship weights between users and the change values of user relationships at corresponding moments to obtain a dynamic knowledge graph of user relationships, including:

根据用户的社交风格,结合时间间隔函数TIv,通过式3-7计算若干时刻下的用户关系权值

Figure BDA0003244386910000061
其中,According to the user's social style, combined with the time interval function TI v , the user relationship weights at several moments are calculated by Equation 3-7
Figure BDA0003244386910000061
in,

时间间隔函数TIv为:The time interval function TI v is:

TIv=(Ts+(j-1)×d,Ts+j×d),TI v =(T s +(j-1)×d, T s +j×d),

Figure BDA0003244386910000062
Figure BDA0003244386910000062

Ts+(j-1)×d表示检测用户关系权值的开始时间,Ts+j×d表示检测用户关系权值的结束时间,TIv表示检测用户关系权值的时刻,d表示间隔宽度,e表示在TIv时刻下的突发事件数量,Δn表示在TIv时刻下的评论数量变化,Δr表示在TIv时刻下的用户关系变化,K为计算参数;T s +(j-1)×d represents the start time of detecting user relationship weights, T s +j×d represents the end time of detecting user relationship weights, TI v represents the moment of detecting user relationship weights, and d represents the interval Width, e represents the number of emergencies at time TI v , Δn represents the change in the number of comments at time TI v , Δr represents the change in user relationship at time TI v , and K is a calculation parameter;

式3为:

Figure BDA0003244386910000063
Formula 3 is:
Figure BDA0003244386910000063

式4为:

Figure BDA0003244386910000064
Formula 4 is:
Figure BDA0003244386910000064

式5为:Formula 5 is:

Figure BDA0003244386910000065
Figure BDA0003244386910000065

式6为:

Figure BDA0003244386910000066
Formula 6 is:
Figure BDA0003244386910000066

式7为:Formula 7 is:

Figure BDA0003244386910000071
Figure BDA0003244386910000071

其中,

Figure BDA0003244386910000072
表示在TIv时刻下的用户关系权值,
Figure BDA0003244386910000073
表示在TIv时刻下用户的社交风格、REC表示在TIv时刻下用户的关联度、CDL表示在TIv时刻下用户的可信度、SIM表示在TIv时刻下用户的相似度、以及IFL表示在TIv时刻下用户的影响力;in,
Figure BDA0003244386910000072
represents the user relationship weight at time TI v ,
Figure BDA0003244386910000073
represents the user's social style at TI v time, REC represents the user's relevance at TI v time, CDL represents the user's reliability at TI v time, SIM represents the user's similarity at TI v time, and IFL Indicates the influence of the user at the moment of TI v ;

根据用户关系权值,通过式8计算若干时刻下的用户关系变化值,式8为:According to the user relationship weight, the user relationship change value at several moments is calculated by Equation 8. Equation 8 is:

Figure BDA0003244386910000074
Figure BDA0003244386910000074

其中,

Figure BDA0003244386910000075
表示在TIv时刻下用户关系变化值,
Figure BDA0003244386910000076
表示在TIv-1时刻下的用户关系权值,
Figure BDA0003244386910000077
表示在TIv时刻下的用户关系权值,
Figure BDA0003244386910000078
表示对参数
Figure BDA0003244386910000079
进行指数函数计算,
Figure BDA00032443869100000710
表示对参数
Figure BDA00032443869100000711
进行指数函数计算;in,
Figure BDA0003244386910000075
represents the change value of the user relationship at time TI v ,
Figure BDA0003244386910000076
represents the user relationship weight at TI v-1 time,
Figure BDA0003244386910000077
represents the user relationship weight at time TI v ,
Figure BDA0003244386910000078
Indicates the pair of parameters
Figure BDA0003244386910000079
Perform exponential function calculations,
Figure BDA00032443869100000710
Indicates the pair of parameters
Figure BDA00032443869100000711
Perform exponential function calculations;

融合若干所述用户关系静态知识图谱以及对应时刻下的用户间关系权值和用户关系变化值,建立得到用户关系动态知识图谱。A dynamic knowledge map of user relationships is established by integrating several of the static knowledge maps of user relationships and the relationship weights between users and the change values of user relationships at corresponding moments.

根据本发明提供的一种基于动态知识图谱的托攻击检测方法,还包括:以关系图网络的形式实时展现用户关系动态知识图谱。According to the method for detecting spoofing attacks based on a dynamic knowledge graph provided by the present invention, the method further includes: displaying the dynamic knowledge graph of user relationships in real time in the form of a relational graph network.

根据本发明提供的一种基于动态知识图谱的托攻击检测方法,所述根据真实用户的用户关系随动态变化因素产生变化,托攻击用户的用户关系在传播能力消逝后随动态变化因素不产生变化,利用图团体聚类方法对所述用户关系动态知识图谱进行用户聚类,以检测出托攻击用户,该步骤包括:According to a method for detecting a trusted attack based on a dynamic knowledge graph provided by the present invention, the user relationship according to the real user changes with the dynamic change factor, and the user relationship of the trusted attack user does not change with the dynamic change factor after the dissemination of the propagation ability. , using the graph community clustering method to perform user clustering on the user relationship dynamic knowledge graph to detect the users who attack users, and the step includes:

根据真实用户的用户关系随动态变化因素产生变化,托攻击用户的用户关系在传播能力消逝后随动态变化因素不产生变化,利用式9计算用户关系动态知识图谱的用户模块性,式9为:According to the change of the user relationship of the real user with the dynamic change factor, the user relationship of the attacking user does not change with the dynamic change factor after the dissemination ability disappears. The user modularity of the dynamic knowledge graph of the user relationship is calculated by using Equation 9. Equation 9 is:

Figure BDA0003244386910000081
Figure BDA0003244386910000081

其中M表示用户关系动态知识图谱的用户模块性,L表示用户关系动态知识图谱中图所包含的边的数量,即用户关系,H表示用户数量,

Figure BDA0003244386910000082
表示用户
Figure BDA0003244386910000083
的度,
Figure BDA0003244386910000084
表示用户
Figure BDA0003244386910000085
的度,
Figure BDA0003244386910000086
的值为用户关系动态知识图谱中图的邻接矩阵中的值,
Figure BDA0003244386910000087
表示用户
Figure BDA0003244386910000088
的聚类,
Figure BDA0003244386910000089
表示用户
Figure BDA00032443869100000810
的聚类,δ为克罗内克函数,即
Figure BDA00032443869100000811
若用户
Figure BDA00032443869100000812
和用户
Figure BDA00032443869100000813
均随动态变化因素产生变化,即属于同一聚类,则
Figure BDA00032443869100000814
为1,若用户
Figure BDA00032443869100000815
和用户
Figure BDA00032443869100000816
中的一个随动态变化因素不产生变化,即不属于同一聚类,则
Figure BDA00032443869100000817
为0,若用户
Figure BDA00032443869100000818
和用户
Figure BDA00032443869100000819
均随动态变化因素不产生变化,即属于同一聚类,则
Figure BDA00032443869100000820
为1;Among them, M represents the user modularity of the user relationship dynamic knowledge graph, L represents the number of edges contained in the graph in the user relationship dynamic knowledge graph, that is, the user relationship, H represents the number of users,
Figure BDA0003244386910000082
represents the user
Figure BDA0003244386910000083
degree,
Figure BDA0003244386910000084
represents the user
Figure BDA0003244386910000085
degree,
Figure BDA0003244386910000086
The value of is the value in the adjacency matrix of the graph in the user relationship dynamic knowledge graph,
Figure BDA0003244386910000087
represents the user
Figure BDA0003244386910000088
clustering,
Figure BDA0003244386910000089
represents the user
Figure BDA00032443869100000810
The clustering of , δ is the Kronecker function, that is
Figure BDA00032443869100000811
If the user
Figure BDA00032443869100000812
and users
Figure BDA00032443869100000813
All change with dynamic factors, that is, belong to the same cluster, then
Figure BDA00032443869100000814
is 1, if the user
Figure BDA00032443869100000815
and users
Figure BDA00032443869100000816
One of them does not change with the dynamic change factor, that is, it does not belong to the same cluster, then
Figure BDA00032443869100000817
is 0, if the user
Figure BDA00032443869100000818
and users
Figure BDA00032443869100000819
All of them do not change with dynamic changing factors, that is, they belong to the same cluster, then
Figure BDA00032443869100000820
is 1;

对所述用户关系动态知识图谱进行多次模块性计算,直至对所有用户进行聚类,以得到真实用户集合和托攻击用户集合。Perform multiple modular calculations on the user relationship dynamic knowledge graph until all users are clustered, so as to obtain a set of real users and a set of attacked users.

本发明还提供一种基于动态知识图谱的托攻击检测系统,包括:The present invention also provides a spoofing attack detection system based on a dynamic knowledge graph, comprising:

用户信息采集模块,用于采集用户信息;User information collection module, used to collect user information;

用户关系动态知识图谱建立模块,用于根据所述用户信息,结合用户关系随动态变化因素的变化,建立用户关系动态知识图谱;A user relationship dynamic knowledge graph establishment module is used to establish a user relationship dynamic knowledge graph according to the user information and in combination with the changes of the user relationship with the dynamic change factors;

托攻击检测模块,用于根据真实用户的用户关系随动态变化因素产生变化,托攻击用户的用户关系在传播能力消逝后随动态变化因素不产生变化,利用图团体聚类方法对所述用户关系动态知识图谱进行用户聚类,以检测出托攻击用户。The trust attack detection module is used to change the user relationship of the real user with the dynamic change factor, and the user relationship of the trust attack user does not change with the dynamic change factor after the propagation ability disappears, and uses the graph community clustering method to analyze the user relationship. The dynamic knowledge graph performs user clustering to detect users who are under attack.

本发明还提供一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现如上述任一种所述基于动态知识图谱的托攻击检测方法的步骤。The present invention also provides an electronic device, including a memory, a processor, and a computer program stored in the memory and running on the processor, when the processor executes the program, the dynamic knowledge-based dynamic knowledge-based method described in any of the above-mentioned processes is implemented when the processor executes the program. Steps of the Graph's toll attack detection method.

本发明还提供一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现如上述任一种所述基于动态知识图谱的托攻击检测方法的步骤。The present invention also provides a non-transitory computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of any of the above-mentioned methods for detecting spoofing attacks based on dynamic knowledge graphs.

本发明还提供一种计算机程序产品,包括计算机程序,所述计算机程序被处理器执行时实现如上述任一种所述基于动态知识图谱的托攻击检测方法的步骤。The present invention also provides a computer program product, including a computer program, which, when executed by a processor, implements the steps of any of the above-mentioned methods for detecting spoofing attacks based on a dynamic knowledge graph.

本发明提供的基于动态知识图谱的托攻击检测方法、系统、设备及计算机可读存储介质,考虑到动态变化因素对真实用户的社交关系的影响,将用户模拟为社会传感器,结合用户关系随动态变化因素的变化建立用户关系动态知识图谱,更加准确地描述用户关系在社会活动中的动态变化,不过分依赖用户历史评分等信息,也不只是基于某一时刻下用户的关系来检测托攻击用户,而是集合随动态变化因素在若干时刻下变化的用户关系来分析检测托攻击用户,托攻击用户的虚假社交关系由此被放大,能够更精准地被检测得到。The method, system, device and computer-readable storage medium for spoofing attack detection based on dynamic knowledge graph provided by the present invention take into account the influence of dynamic change factors on the social relationship of real users, simulate users as social sensors, and combine user relationships with dynamic The change of changing factors establishes a dynamic knowledge map of user relationships, which more accurately describes the dynamic changes of user relationships in social activities, without relying too much on information such as user historical scores, and not only based on the relationship between users at a certain moment. , but collects the user relationship that changes with dynamic factors at several moments to analyze and detect the user who is under attack. The fake social relationship of the under attack user is amplified and can be detected more accurately.

附图说明Description of drawings

为了更清楚地说明本发明或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the present invention or the technical solutions in the prior art more clearly, the following will briefly introduce the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are the For some embodiments of the invention, for those of ordinary skill in the art, other drawings can also be obtained according to these drawings without any creative effort.

图1是本发明提供的基于动态知识图谱的托攻击检测方法的流程示意图;Fig. 1 is the schematic flow chart of the method for detecting spoofing attack based on dynamic knowledge graph provided by the present invention;

图2是社会传感器的传播性示意图;Figure 2 is a schematic diagram of the dissemination of social sensors;

图3是托攻击用户、真实用户、和僵尸用户的行为折线图,纵轴I表示用户影响力,横轴t表示时间,A折线代表托攻击用户的行为表征,B折线是真实用户的行为表征,C折线为僵尸用户的行为表征,D表示动态变化因素。Fig. 3 is a line graph of the behaviors of users who attack users, real users, and zombie users. The vertical axis I represents the user's influence, the horizontal axis t represents time, the line A represents the behavioral representation of the attacking user, and the line B represents the behavioral representation of the real user. , C is the behavioral representation of zombie users, and D is the dynamic change factor.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚,下面将结合本发明中的附图,对本发明中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the objectives, technical solutions and advantages of the present invention clearer, the technical solutions in the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are part of the embodiments of the present invention. , not all examples. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

下面结合图1-图3描述本发明的基于动态知识图谱的托攻击检测方法。The following describes the method for detecting spoofing attacks based on the dynamic knowledge graph of the present invention with reference to FIG. 1 to FIG. 3 .

本发明的基于动态知识图谱的托攻击检测方法,如图1所示,包括步骤:The method for detecting an attack based on a dynamic knowledge graph of the present invention, as shown in Figure 1, includes the steps:

S1:采集用户信息。S1: Collect user information.

具体地,S1包括:Specifically, S1 includes:

S11:采集用户集合R,其中,S11: Collect the user set R, where,

R={R1,R2,…,Ri,…,Rn},i∈[1,n],R={R 1 ,R 2 ,…,R i ,…,R n }, i∈[1,n],

Figure BDA0003244386910000101
Figure BDA0003244386910000101

R表示用户群体的集合,集合R中包括n个用户群体,表示为R1,R2,…,Ri,…,Rn,Ri表示n个用户群体中的第i个用户群体的用户集合,集合Ri中包括m个用户,表示为

Figure BDA0003244386910000102
R represents the set of user groups, and the set R includes n user groups, denoted as R 1 , R 2 ,…,R i ,…,R n , and R i indicates the users of the ith user group among the n user groups The set, including m users in the set R i , is expressed as
Figure BDA0003244386910000102

S12:采集用户档案集合UP,其中,S12: Collect the user profile set UP, wherein,

UP={z1,z2,z3,…zi…zn},i∈[1,n],UP={z 1 , z 2 , z 3 ,...z i ...z n }, i∈[1,n],

Figure BDA0003244386910000111
Figure BDA0003244386910000111

Figure BDA0003244386910000112
Figure BDA0003244386910000112

Ia=w1×he+w2×we+w3×se+w4×ag+w5×pr,Ia=w 1 ×he+w 2 ×we+w 3 ×se+w 4 ×ag+w 5 ×pr,

Figure BDA0003244386910000113
Figure BDA0003244386910000113

Sa=w6×ac+w7×fe+w8×in+w9×ad,Sa=w 6 ×ac+w 7 ×fe+w 8 ×in+w 9 ×ad,

Figure BDA0003244386910000114
Figure BDA0003244386910000114

UP表示用户群体的档案的集合,集合UP中包括n个用户群体的档案,表示为z1,z2,z3,…zi…zn,zi表示n个用户群体中第i个用户群体的用户的档案集合,集合zi中包括m个用户的档案,表示为

Figure BDA0003244386910000115
表示m个用户中的第j个用户的档案,<Ia|Sa>表示<用户个体属性|用户社会属性>,属性是一对多关系和多对一关系的主要来源,在用户个体属性Ia中:he表示身高属性、we表示体重属性、se表示性别属性、ag表示年龄属性、pr表示职业属性,在用户社会属性Sa中:ac表示活跃度属性、fe表示反馈性属性、in表示影响力属性、以及ad表示适应性属性,优选对用户个体属性和用户社会属性的各种属性参数进行归一化处理,归一化处理后的数值区域为[0,5],有利于保持参数统一性,wi表示权重比例,权重比例可以根据实际托攻击检测所应用的领域特点或专家经验来调整。UP represents a collection of profiles of user groups. The set UP includes profiles of n user groups, which are denoted as z 1 , z 2 , z 3 , …z i …z n , and z i represents the i-th user in n user groups The set of files of users in the group, the set zi includes the files of m users, which is expressed as
Figure BDA0003244386910000115
Represents the profile of the jth user among m users, <Ia|Sa> represents <user individual attribute|user social attribute>, attribute is the main source of one-to-many relationship and many-to-one relationship, in user individual attribute Ia : he means height attribute, we means weight attribute, se means gender attribute, ag means age attribute, pr means occupation attribute, in user social attribute Sa: ac means activity attribute, fe means feedback attribute, in means influence attribute , and ad represent adaptive attributes. It is preferable to normalize various attribute parameters of the user's individual attributes and user's social attributes. The normalized value range is [0, 5], which is conducive to maintaining the uniformity of parameters. w i represents the weight ratio, and the weight ratio can be adjusted according to the domain characteristics or expert experience used in the actual attack detection.

S13:采集用户访问集合UH,其中,S13: Collect user access set UH, wherein,

UH={u1,u2,u3,…ui,…,un},i∈[1,n],UH={u 1 ,u 2 ,u 3 ,…u i ,…,u n }, i∈[1,n],

Figure BDA0003244386910000121
Figure BDA0003244386910000121

Figure BDA0003244386910000122
Figure BDA0003244386910000122

UH表示用户群体的访问记录的集合,集合UH包括n个用户群体的访问记录,表示为u1,u2,u3,…ui,…,un,ui表示n个用户群体中第i个用户群体的访问记录的集合,集合ui包括m个用户的访问记录,表示为

Figure BDA0003244386910000123
表示在第i个用户群体中的第j个用户的访问记录,{Item|number,action,…}表示用户对项目的访问记录,{User|number,action…}表示用户对用户的访问记录。UH represents the set of access records of user groups, and the set UH includes access records of n user groups, denoted as u 1 , u 2 , u 3 ,…u i ,…,u n , where u i represents the nth user group among the n user groups The set of access records of i user groups, the set ui includes the access records of m users, which is expressed as
Figure BDA0003244386910000123
Indicates the access record of the jth user in the ith user group, {Item|number, action,...} represents the user's access record to the item, {User|number, action...} represents the user's access record to the user.

采集得越多、越全面的用户信息,有利于提高后续托攻击检测的准确性。The more and more comprehensive user information is collected, the more accurate the subsequent attack detection is.

S2:根据所述用户信息,结合用户关系随动态变化因素的变化,建立用户关系动态知识图谱。S2: According to the user information, and in combination with the change of the user relationship with the dynamic change factor, a dynamic knowledge graph of the user relationship is established.

具体地,动态变化因素可以是时间因素、突发事件因素等。Specifically, the dynamic change factor may be a time factor, an unexpected event factor, and the like.

S2包括:S2 includes:

S21:根据所述用户信息,计算得到用户之间的关系紧密度和用户的社交风格,并建立若干时刻对应的用户关系静态知识图谱。S21: Calculate the closeness of the relationship between users and the social style of the user according to the user information, and establish a static knowledge map of user relationships corresponding to several moments.

更具体地,S21包括:More specifically, S21 includes:

S211:通过用户访问集合UH提取用户的直接交互信息DEI,所述直接交互信息DEI包括用户的追随者数量IC、跟随的用户数量NO、用户访问的项目数量NI、用户访问同一领域项目数量SN、用户的评论数量NC、用户评论的时间TC、以及其他用户对目标用户的评分RO。S211: Extract the user's direct interaction information DEI through the user access set UH, where the direct interaction information DEI includes the number of followers IC of the user, the number of followers NO, the number of items NI accessed by the user, the number of items SN in the same field accessed by the user, The number of comments NC by the user, the time TC of the user's comment, and the ratings RO of the target user by other users.

S212:根据所述用户信息,通过式1计算用户之间的关系紧密度,式1为:S212: According to the user information, calculate the closeness of the relationship between users by formula 1, where formula 1 is:

Figure BDA0003244386910000131
Figure BDA0003244386910000131

Figure BDA0003244386910000132
Figure BDA0003244386910000132

其中FN表示目标用户

Figure BDA0003244386910000133
与第N层级的用户
Figure BDA0003244386910000134
的关系紧密度,层级表示以目标用户为中心向外围扩散有关系用户的层数,像图2示出的,F1-F3为以目标用户为中心的三个层级,Ia表示目标用户的个体属性数据,
Figure BDA0003244386910000135
表示其他用户的个体属性数据,
Figure BDA0003244386910000136
为Ia与
Figure BDA0003244386910000137
的点积,用于表示目标用户和其他用户在个体属性数据上的相关程度,Sa表示目标用户的社会属性数据,
Figure BDA0003244386910000138
表示其他用户的社会属性数据,
Figure BDA0003244386910000139
为Sa与
Figure BDA00032443869100001310
的点积,用于表示目标用户和其他用户在社会属性数据上的相关程度,Cl表示目标用户和其他用户在个体属性数据上的相关程度和社会属性数据上的相关程度的和。FN的值越大,代表目标用户与该第N层级的用户的关系紧密度越高,随层级向外扩展,FN的值会逐渐趋近于零。where F N represents the target user
Figure BDA0003244386910000133
with Nth tier users
Figure BDA0003244386910000134
The degree of relationship closeness, the level represents the number of layers of related users that spread from the target user as the center to the periphery. As shown in Figure 2, F1-F3 are the three levels centered on the target user, and Ia represents the individual attributes of the target user. data,
Figure BDA0003244386910000135
Represents individual attribute data of other users,
Figure BDA0003244386910000136
for Ia with
Figure BDA0003244386910000137
The dot product of is used to represent the degree of correlation between the target user and other users on individual attribute data, Sa represents the social attribute data of the target user,
Figure BDA0003244386910000138
Represents social attribute data of other users,
Figure BDA0003244386910000139
for Sa and
Figure BDA00032443869100001310
The dot product of is used to represent the degree of correlation between the target user and other users on social attribute data, and C1 represents the sum of the degree of correlation between the target user and other users on individual attribute data and the degree of correlation on social attribute data. The larger the value of F N , the higher the relationship between the target user and the user at the Nth level. As the level expands outward, the value of F N will gradually approach zero.

优选地,若FN∈[0,0.3],直接建立若干时刻对应的用户关系静态知识图谱。Preferably, if F N ∈ [0, 0.3], a static knowledge graph of user relationships corresponding to several moments is directly established.

S213:根据所述用户信息,通过式2计算用户的社交风格,式2为:S213: According to the user information, calculate the user's social style by formula 2, where formula 2 is:

Figure BDA00032443869100001311
Figure BDA00032443869100001311

Figure BDA00032443869100001312
Figure BDA00032443869100001312

CO=exp{ad+Ia+NO′},CO=exp{ad+Ia+NO'},

ST=exp{ac+pr+Ia+Sa+SN′+TC′+RO′},ST=exp{ac+pr+Ia+Sa+SN′+TC′+RO′},

DI=exp{fe+Sa+NI′+NC′},DI=exp{fe+Sa+NI′+NC′},

其中

Figure BDA0003244386910000141
表示第i个用户群体中第j个用户的社交风格,在社交风格中:CO表示趋同性、ST表示稳定性、DI表示方向性,γ为评级参数,对用户偏好进行统一量级评估,值域为[0,5],wi表示权重比例,exp表示对参数进行指数函数计算,以更好地进行对比计算,IC′、NO′、NI′、SN′、NC′、TC′、和RO′分别表示对应的直接交互信息进行归一化处理后的数值。in
Figure BDA0003244386910000141
Represents the social style of the jth user in the ith user group. In the social style: CO represents convergence, ST represents stability, DI represents directionality, γ is a rating parameter, and a uniform magnitude evaluation is performed on user preferences. The domain is [0, 5], wi represents the weight ratio, exp represents the exponential function calculation of the parameters for better comparison calculation, IC', NO', NI', SN', NC', TC', and RO' represents the normalized value of the corresponding direct interaction information, respectively.

趋同性是用户参考其他用户偏好的现象,比如用户喜欢关注一些博主进行选购;稳定性是指真实用户的社交关系不会轻易发生改变,在发生突发事件时,用户关系会产生微小变化,但是亲密度很高的两个用户不会突然关系断裂,关系网络较为稳定;方向性是用户与其他用户之间的输出与反馈,如用户对于网站浏览只是查看不做反馈为单向性,进行评论等反馈为双向性。Convergence is a phenomenon in which users refer to other users’ preferences. For example, users like to follow some bloggers to make purchases; stability means that the social relations of real users will not change easily. In the event of emergencies, user relations will change slightly , but two users with high intimacy will not suddenly break the relationship, and the relationship network is relatively stable; the directionality is the output and feedback between the user and other users, such as the user only viewing the website without feedback, it is unidirectional. Feedback such as commenting is bidirectional.

S214:根据用户之间的关系紧密度和用户的社交风格,建立若干时刻对应的用户关系静态知识图谱。某一时刻下的用户关系静态知识图谱包含该时刻下用户的属性信息(包括用户个体属性和用户社会属性)、社交风格以及用户关系的描述。S214: According to the closeness of the relationship between users and the social style of the user, establish a static knowledge graph of user relationships corresponding to several moments. The static knowledge graph of user relationships at a certain moment includes attribute information (including user individual attributes and user social attributes), social style, and user relationship descriptions of users at that moment.

S22:根据所述用户信息,结合用户关系随动态变化因素的变化,计算若干时刻下的用户间关系权值和用户关系变化值,融合若干所述用户关系静态知识图谱以及对应时刻下的用户间关系权值和用户关系变化值,得到用户关系动态知识图谱。S22: According to the user information, combined with the change of the user relationship with the dynamic change factor, calculate the relationship weight between users and the change value of the user relationship at several moments, and fuse several static knowledge graphs of the user relationship and the user relationship at the corresponding moment. The relationship weight and the change value of the user relationship are used to obtain the dynamic knowledge graph of the user relationship.

具体地,S22包括:Specifically, S22 includes:

S221:根据用户的社交风格,结合时间间隔函数TIv,通过式3-7计算若干时刻下的用户关系权值MWTIv,其中,S221: According to the user's social style, combined with the time interval function TI v , calculate the user relationship weight MW TIv at several moments by formula 3-7, wherein,

时间间隔函数TIv优选为:The time interval function TI v is preferably:

TIv=(Ts+(j-1)×d,Ts+j×d),TI v =(T s +(j-1)×d,T s +j×d),

Figure BDA0003244386910000151
Figure BDA0003244386910000151

Ts+(j-1)×d表示检测用户关系权值的开始时间,Ts+j×d表示检测用户关系权值的结束时间,d表示间隔宽度,e表示在TIv时刻下的突发事件数量,Δn表示在TIv时刻下的评论数量变化,Δr表示在TIv时刻下的用户关系变化,K为计算参数;T s +(j-1)×d represents the start time of detecting the user relationship weight, T s +j×d represents the end time of detecting the user relationship weight, d represents the interval width, and e represents the sudden change at the time TI v . is the number of events, Δn represents the change in the number of comments at the time TI v , Δr represents the change in the user relationship at the time TI v , and K is the calculation parameter;

式3为:

Figure BDA0003244386910000152
Formula 3 is:
Figure BDA0003244386910000152

式4为:

Figure BDA0003244386910000153
Formula 4 is:
Figure BDA0003244386910000153

式5为:Formula 5 is:

Figure BDA0003244386910000154
Figure BDA0003244386910000154

式6为:

Figure BDA0003244386910000155
Formula 6 is:
Figure BDA0003244386910000155

式7为:Formula 7 is:

Figure BDA0003244386910000156
Figure BDA0003244386910000156

其中,

Figure BDA0003244386910000157
表示在TIv时刻下多因素权值的比重,即用户关系权值,v为任意时间序列号,
Figure BDA0003244386910000158
的大小与
Figure BDA0003244386910000159
因素有关,
Figure BDA00032443869100001510
表示在TIv时刻下内用户的社交风格、REC表示在TIv时刻下用户的关联度、CDL表示在TIv时刻下用户的可信度、SIM表示在TIv时刻下用户的相似度、以及IFL表示在TIv时刻下用户的影响力。其中加上标的参数表示不同用户的参数,即进行不同用户之间的参数计算,例如
Figure BDA00032443869100001511
表示不同用户之间在社交风格中的稳定性上的差值,当参数差值大于1时,说明用户不属于同一量级,对数值进行求取方式实现调整,对于REC、CDL、SIM、IFL进行归一化,设定值域为[0,5]。in,
Figure BDA0003244386910000157
Represents the proportion of multi-factor weights at TI v time, that is, the user relationship weights, v is an arbitrary time series number,
Figure BDA0003244386910000158
size with
Figure BDA0003244386910000159
factors,
Figure BDA00032443869100001510
represents the social style of the user at time TI v , REC represents the relevance of the user at time TI v , CDL represents the credibility of the user at time TI v , SIM represents the similarity of the user at time TI v , and IFL represents the user's influence at TI v time. The marked parameters represent the parameters of different users, that is, the parameter calculation between different users is performed, for example
Figure BDA00032443869100001511
Represents the difference in the stability of social styles between different users. When the parameter difference is greater than 1, it means that the users do not belong to the same order of magnitude. For normalization, the set value range is [0, 5].

关联度是用户之间关系的密切程度,比如相互之间留言、评论、互相关注;可信度是用户影响力的一种体现形式,用户对于被跟随者信任度极高,其行为、言论等都会对跟随者产生很大的影响能力;相似度是用户之间偏好等行为的相似程度,据研究,好朋友之间的相似度比较高,其偏好类似,在突发事件发生时所做出的反应相似;影响力是用户的影响能力,突发事件出现时,由于负面新闻等因素,影响力产生巨大变化,因此,需要检测每一时刻用户的关联度、可信度、相似度、以及影响力,进一步地,可以根据检测需要,调整检测频率,提高检测精度。Relevance is the closeness of the relationship between users, such as leaving messages, comments, and following each other; credibility is a form of user influence. will have a great influence on followers; similarity is the degree of similarity between users' preferences and other behaviors. According to research, good friends have high similarity, and their preferences are similar. Influence is the user’s ability to influence. When an emergency occurs, the influence will change greatly due to factors such as negative news. Therefore, it is necessary to detect the user’s relevance, credibility, similarity, and Influence, further, the detection frequency can be adjusted according to the detection needs, and the detection accuracy can be improved.

S222:根据用户关系权值,通过式8计算若干时刻下的用户关系变化值,式8为:S222: According to the weight of the user relationship, calculate the change value of the user relationship at a number of moments through Equation 8, where Equation 8 is:

Figure BDA0003244386910000161
Figure BDA0003244386910000161

其中,

Figure BDA0003244386910000162
表示在TIv时刻下用户关系变化值,
Figure BDA0003244386910000163
表示在TIv-1时刻下的用户关系权值,
Figure BDA0003244386910000164
表示在TIv时刻下的用户关系权值,
Figure BDA0003244386910000165
表示对参数
Figure BDA0003244386910000166
进行指数函数计算,
Figure BDA0003244386910000167
表示对参数
Figure BDA0003244386910000168
进行指数函数计算,
Figure BDA0003244386910000169
的值越大,表示在TIv时刻下的用户关系变化越大,用户越活跃,对事件的反应越强烈,相反,
Figure BDA00032443869100001610
的值越接近于0,表示在TIv时刻下的用户关系长时间保持不变,托攻击用户在影响力消逝后的长时间内不会再对任何动态影响因素产生反应,其URC接近于0保持不变,无法参加社交活动,可将其归为可疑候选组。in,
Figure BDA0003244386910000162
represents the change value of the user relationship at time TI v ,
Figure BDA0003244386910000163
represents the user relationship weight at TI v-1 time,
Figure BDA0003244386910000164
represents the user relationship weight at time TI v ,
Figure BDA0003244386910000165
Indicates the pair of parameters
Figure BDA0003244386910000166
Perform exponential function calculations,
Figure BDA0003244386910000167
Indicates the pair of parameters
Figure BDA0003244386910000168
Perform exponential function calculations,
Figure BDA0003244386910000169
The larger the value of , the greater the change in the user relationship at the moment TI v , the more active the user, the stronger the reaction to the event, on the contrary,
Figure BDA00032443869100001610
The closer the value is to 0, it means that the user relationship at the time TI v remains unchanged for a long time, and the attacking user will no longer respond to any dynamic influencing factors for a long time after the influence disappears, and its URC is close to 0 Remaining the same, unable to participate in social activities, can be classified as a suspect candidate group.

优选不断重复计算用户之间相互关联的函数,保证所得数据的准确性。It is preferable to repeatedly calculate the interrelated functions between users to ensure the accuracy of the obtained data.

S223:融合若干所述用户关系静态知识图谱以及对应时刻下的用户间关系权值和用户关系变化值,建立得到用户关系动态知识图谱。S223: Integrate a plurality of the static knowledge graphs of user relationships and the relationship weights between users and the change values of user relationships at corresponding moments to establish and obtain a dynamic knowledge graph of user relationships.

步骤S2将用户模拟成社会传感器,图2示出社会传感器的传播性,最里层的用户先受到动态变化因素(例如,突发事件影响)的影响,偏好行为改变,首先与F1层级的相关用户发生用户关系变化,之后F1层级的用户向对应的F2层级用户产生信息反馈,但是F2层级的用户受到的影响力显然比F1层级的用户的变化弱很多,以此类推,对F3层级用户产生的变化微乎其微。这就是社会传感器对自身所处环境的影响力,及其繁衍传播能力。由于社会传感器实时反馈能力的存在,虽然影响力会变弱,但是其关系变化较为复杂,在遇到突发事件时会立刻产生相应变化。Step S2 simulates users as social sensors. Figure 2 shows the dissemination of social sensors. The innermost users are first affected by dynamic changing factors (for example, the impact of emergencies), and their preference behavior changes, which is first related to the F1 level. The user relationship changes, and then the users at the F1 level give feedback to the corresponding users at the F2 level, but the influence of the users at the F2 level is obviously much weaker than that of the users at the F1 level, and so on. changes are minimal. This is the influence of social sensors on their own environment and their ability to reproduce and spread. Due to the existence of real-time feedback capabilities of social sensors, although the influence will become weaker, the changes in their relationship are more complicated, and corresponding changes will occur immediately when encountering emergencies.

托攻击用户在注入时,会对真实用户产生一定的影响能力,在短时间内繁衍传播能力比较强烈。但是托攻击用户不具备社会传感器的性质,在传播力消逝后,行为曲线几乎归于零状态。在现实社交过程当中,有一部分用户的社交关系很简单,对于突发事件的反应较弱,行为曲线变化较小,可以称之为“僵尸用户”。图3示出三类用户的行为折线图,纵轴I表示用户影响力,横轴t表示时间,A折线代表托攻击用户的行为表征,B折线是真实用户的行为表征,C折线为僵尸用户的行为表征,D表示动态变化因素(例如突发事件的发生)。在托攻击用户注入和突发事件发生时,真实用户反应很强烈,进行活跃社交活动,而僵尸用户的反应较为平缓,虽然平缓,但也是有反应的,而托攻击用户在影响力消逝后,对于突发事件无法做出相应反应,行为曲线趋近于零,与横轴重叠,可以归类为无反应。When the attacked user is injected, it will have a certain influence on the real user, and the ability to reproduce and spread in a short period of time is relatively strong. However, the user does not have the nature of social sensors, and after the transmission power disappears, the behavior curve almost returns to a zero state. In the real social process, some users have simple social relationships, weak responses to emergencies, and small changes in behavior curves, which can be called "zombie users". Figure 3 shows the behavioral line graph of three types of users, the vertical axis I represents the user's influence, the horizontal axis t represents time, the A polyline represents the behavioral representation of the attacking user, the B polyline is the behavioral representation of the real user, and the C polyline is the zombie user. The behavioral representation of , D represents dynamic changing factors (such as the occurrence of emergencies). When the attacking user injection and emergencies occur, the real users react very strongly and engage in active social activities, while the zombie user's response is relatively gentle. Although it is gentle, it is also responsive. Inability to respond to emergencies, the behavioral curve approaches zero, overlaps the horizontal axis, and can be classified as unresponsive.

社交网络中的托攻击用户与其他用户的关系是虚假建立的,为了目标商品的销售量,对建立虚假关系的用户产生影响,达到攻击目的,但是在较短时间内,这种影响会减弱甚至消失。在发生突发事件时,虚假用户不会发生相应变化,与真实用户的虚假关系权值始终处于设定值,不会发生改变。而真实用户被影响之后,在一定时间会恢复自我的判断能力,从而产生抵抗性。托攻击者的影响能力消逝之后,在不注入新的关系时,不会再次产生传播能力,并且自身也不会受到其他社会传感器的影响。The relationship between the user and other users in the social network is falsely established. For the sales volume of the target product, it will affect the users who establish the false relationship and achieve the purpose of the attack, but in a short period of time, this influence will be weakened or even disappear. In the event of an emergency, the fake user will not change accordingly, and the weight of the fake relationship with the real user is always at the set value and will not change. After real users are affected, they will recover their self-judgment ability in a certain period of time, resulting in resistance. After the attacker's ability to influence wears off, without injecting new relationships, the ability to spread will not regenerate, and it will not be affected by other social sensors.

本发明考虑到随时间推移和突发事件发生时,真实用户的用户关系会发生动态变化,繁衍传播能力也发生改变,以构建用户关系动态知识图谱,用户关系动态知识图谱也能够通过托攻击用户由于虚假社交关系而传播能力消逝的特点、以及托攻击用户无法参加社交活动的特点,生成可疑候选组,但可疑候选组有可能包含“僵尸用户”,为了进一步提高托攻击检测的准确性,需要对用户关系动态知识图谱进行用户聚类。The present invention takes into account that with the passage of time and the occurrence of emergencies, the user relationship of real users will change dynamically, and the reproduction and dissemination ability will also change, so as to build a user relationship dynamic knowledge map, which can also be used to attack users by trusting Due to the characteristics of the disappearance of communication ability due to false social relations, and the characteristics that users cannot participate in social activities, suspicious candidate groups are generated, but the suspicious candidate groups may contain "zombie users". In order to further improve the accuracy of attack detection, it is necessary to Perform user clustering on the dynamic knowledge graph of user relationships.

优选地,本实施例以关系图网络的形式实时展现用户关系动态知识图谱。Preferably, in this embodiment, the dynamic knowledge graph of user relationships is displayed in real time in the form of a relationship graph network.

S3:根据真实用户的用户关系随动态变化因素产生变化,托攻击用户的用户关系在传播能力消逝后随动态变化因素不产生变化,利用图团体聚类方法对所述用户关系动态知识图谱进行用户聚类,以检测出托攻击用户。S3: According to the fact that the user relationship of the real user changes with the dynamic change factor, the user relationship of the attacking user does not change with the dynamic change factor after the dissemination ability disappears, and the user relationship dynamic knowledge graph is analyzed by using the graph community clustering method. Clustering to detect users who are under attack.

具体地,S3通过图团体检测方法对所述用户关系动态知识图谱进行用户聚类,步骤S3包括:Specifically, S3 performs user clustering on the user relationship dynamic knowledge graph through a graph community detection method, and step S3 includes:

S31:根据真实用户的用户关系随动态变化因素产生变化,托攻击用户的用户关系在传播能力消逝后随动态变化因素不产生变化,利用式9计算用户关系动态知识图谱的用户模块性,式9为:S31: According to the fact that the user relationship of the real user changes with the dynamic change factor, the user relationship of the attacking user does not change with the dynamic change factor after the dissemination ability disappears, and the user modularity of the dynamic knowledge graph of the user relationship is calculated by using Equation 9, Equation 9 for:

Figure BDA0003244386910000181
Figure BDA0003244386910000181

其中M表示用户关系动态知识图谱的用户模块性,L表示用户关系动态知识图谱中图所包含的边的数量,即用户关系,H表示用户数量,

Figure BDA0003244386910000191
表示用户
Figure BDA0003244386910000192
的度,
Figure BDA0003244386910000193
表示用户
Figure BDA0003244386910000194
的度,
Figure BDA0003244386910000195
的值为用户关系动态知识图谱中图的邻接矩阵中的值,
Figure BDA0003244386910000196
表示用户
Figure BDA0003244386910000197
的聚类,
Figure BDA0003244386910000198
表示用户
Figure BDA0003244386910000199
的聚类,δ为克罗内克函数,即
Figure BDA00032443869100001910
若用户
Figure BDA00032443869100001911
和用户
Figure BDA00032443869100001912
均随动态变化因素产生变化,即属于同一聚类,则
Figure BDA00032443869100001913
为1,若用户
Figure BDA00032443869100001914
和用户
Figure BDA00032443869100001915
中的一个随动态变化因素不产生变化,即不属于同一聚类,则
Figure BDA00032443869100001916
为0,若用户
Figure BDA00032443869100001917
和用户
Figure BDA00032443869100001918
均随动态变化因素不产生变化,即属于同一聚类,则
Figure BDA00032443869100001919
为1。Among them, M represents the user modularity of the user relationship dynamic knowledge graph, L represents the number of edges contained in the graph in the user relationship dynamic knowledge graph, that is, the user relationship, H represents the number of users,
Figure BDA0003244386910000191
represents the user
Figure BDA0003244386910000192
degree,
Figure BDA0003244386910000193
represents the user
Figure BDA0003244386910000194
degree,
Figure BDA0003244386910000195
The value of is the value in the adjacency matrix of the graph in the user relationship dynamic knowledge graph,
Figure BDA0003244386910000196
represents the user
Figure BDA0003244386910000197
clustering,
Figure BDA0003244386910000198
represents the user
Figure BDA0003244386910000199
The clustering of , δ is the Kronecker function, that is
Figure BDA00032443869100001910
If the user
Figure BDA00032443869100001911
and users
Figure BDA00032443869100001912
All change with dynamic factors, that is, belong to the same cluster, then
Figure BDA00032443869100001913
is 1, if the user
Figure BDA00032443869100001914
and users
Figure BDA00032443869100001915
One of them does not change with the dynamic change factor, that is, it does not belong to the same cluster, then
Figure BDA00032443869100001916
is 0, if the user
Figure BDA00032443869100001917
and users
Figure BDA00032443869100001918
All of them do not change with dynamic changing factors, that is, they belong to the same cluster, then
Figure BDA00032443869100001919
is 1.

具体来说,

Figure BDA00032443869100001920
表示用户
Figure BDA00032443869100001921
Figure BDA00032443869100001922
的度,那么
Figure BDA00032443869100001923
表示当该网络是随机分配的时候用户
Figure BDA00032443869100001924
Figure BDA00032443869100001925
之间的预期边数,当
Figure BDA00032443869100001926
都比较大时,连接用户
Figure BDA00032443869100001927
Figure BDA00032443869100001928
的边出现的概率就越大,
Figure BDA00032443869100001929
Figure BDA00032443869100001930
表示网络的真实结构和随机组合时的预期结构之间的差,当
Figure BDA00032443869100001931
Figure BDA00032443869100001932
很小时,其返回的值越高,这表明用户
Figure BDA00032443869100001933
Figure BDA00032443869100001934
之间存在连接,归为一个聚类。Specifically,
Figure BDA00032443869100001920
represents the user
Figure BDA00032443869100001921
and
Figure BDA00032443869100001922
degree, then
Figure BDA00032443869100001923
Indicates that users are assigned when the network is randomly assigned
Figure BDA00032443869100001924
and
Figure BDA00032443869100001925
The expected number of edges between, when
Figure BDA00032443869100001926
are relatively large, connecting users
Figure BDA00032443869100001927
and
Figure BDA00032443869100001928
The greater the probability of the edge appearing,
Figure BDA00032443869100001929
Figure BDA00032443869100001930
represents the difference between the true structure of the network and the expected structure when randomly combined, when
Figure BDA00032443869100001931
and
Figure BDA00032443869100001932
very small, the higher the value returned, which indicates that the user
Figure BDA00032443869100001933
and
Figure BDA00032443869100001934
There is a connection between them and they are classified as a cluster.

计算出用户关系动态知识图谱中所有用户的聚类,将属于同一聚类的用户进行融合,形成新聚类,再计算由于形成新聚类而造成的模块性变化值,选择模块性变化值最大的两个聚类再次进行融合,再计算由于形成新聚类而造成的模块性变化值,再融合,直至所有用户都被聚类完毕,最后会得到“孤岛用户集合”,即为托攻击用户集合。因为托攻击用户是虚假社交关系,其与真实用户之间没有关联,也不会与真实用户有社交关系,因此无法与真实用户聚类一起,即被剩余下来。Calculate the clusters of all users in the user relationship dynamic knowledge graph, fuse users belonging to the same cluster to form a new cluster, and then calculate the modular change value caused by the formation of the new cluster, and select the largest modular change value The two clusters are fused again, and then the modular change value caused by the formation of a new cluster is calculated, and then fused until all users have been clustered, and finally the "island user set" will be obtained, which is the attacking user. gather. Because the attacked user is a fake social relationship, it has no relationship with the real user, and will not have a social relationship with the real user, so it cannot be clustered with the real user, that is, it is left.

另外,为了节省事件和降低技术难度,也可以只对用户关系动态知识图谱得到的可疑候选组中的用户进行聚类,以分出托攻击用户。In addition, in order to save events and reduce technical difficulty, it is also possible to cluster only the users in the suspicious candidate group obtained from the dynamic knowledge graph of user relationships, so as to separate out the users under attack.

S32:对所述用户关系动态知识图谱进行多次模块性计算,直至对所有用户进行聚类,以得到真实用户集合和托攻击用户集合。S32: Perform multiple modular calculations on the user relationship dynamic knowledge graph until all users are clustered to obtain a set of real users and a set of attacking users.

本发明的基于动态知识图谱的托攻击检测方法,考虑到动态变化因素对真实用户的社交关系的影响,将用户模拟为社会传感器,结合用户关系随动态变化因素的变化建立用户关系动态知识图谱,更加准确地描述用户关系在社会活动中的动态变化,不只是基于某一时刻下用户的关系来检测托攻击用户,也不过分依赖用户历史评分等数据标签,而是集合随动态变化因素在若干时刻下变化的用户关系来分析检测托攻击用户,托攻击用户的虚假社交关系由此被放大,能够更精准高效地被检测得到。The method for detecting spoofing attacks based on dynamic knowledge graphs of the present invention takes into account the influence of dynamic change factors on the social relations of real users, simulates users as social sensors, and establishes a dynamic knowledge graph of user relations based on the changes of user relations with dynamic change factors. To more accurately describe the dynamic changes of user relationships in social activities, it is not only based on the relationship between users at a certain moment to detect users who are attacking users, but also does not rely too much on data labels such as user historical scores. The ever-changing user relationship is used to analyze and detect the attacking users, so that the false social relations of the attacking users are amplified and can be detected more accurately and efficiently.

更多地,本发明融合用户关系静态知识图谱和对应时刻下的用户间关系权值以及用户关系变化值,使得建立所得的用户关系动态知识图谱随动态变化因素不断变化,更加具有实时性,信息利用更全面。More, the present invention integrates the static knowledge graph of user relationship with the weight of the relationship between users and the change value of the user relationship at the corresponding moment, so that the established dynamic knowledge graph of user relationship changes continuously with dynamic change factors, and is more real-time and informative. more comprehensive use.

进一步地,将本发明的基于动态知识图谱的托攻击检测方法应用到推荐系统时,当检测得到托攻击用户集合时,即可将托攻击用户进行筛出,以保护系统的正确使用。Further, when the method for detecting fraudulent attacks based on the dynamic knowledge graph of the present invention is applied to a recommender system, when a set of users who are attacking users is detected, the users who are attacking users can be screened out to protect the correct use of the system.

进一步地,本发明中利用的用户关系动态知识图谱属于白盒,能够增加应用本发明的基于动态知识图谱的托攻击检测方法的系统的可解释性,也利于系统的优化设计,同时便于保护系统,使得人们的生活更加高效快捷。Further, the dynamic knowledge graph of user relationship used in the present invention belongs to a white box, which can increase the interpretability of the system applying the method for detecting fraudulent attacks based on the dynamic knowledge graph of the present invention, which is also conducive to the optimal design of the system, and is convenient for protecting the system. , making people's lives more efficient and faster.

下面对本发明提供的基于动态知识图谱的托攻击检测装置进行描述,下文描述的基于动态知识图谱的托攻击检测装置与上文描述的基于动态知识图谱的托攻击检测方法可相互对应参照。The device for detecting fraudulent attacks based on dynamic knowledge graphs provided by the present invention is described below. The device for detecting fraudulent attacks based on dynamic knowledge graphs described below and the methods for detecting fraudulent attacks based on dynamic knowledge graphs described above may refer to each other correspondingly.

本发明还提供一种基于动态知识图谱的托攻击检测系统,包括:The present invention also provides a spoofing attack detection system based on a dynamic knowledge graph, comprising:

用户信息采集模块,用于采集用户信息;User information collection module, used to collect user information;

用户关系动态知识图谱建立模块,用于根据所述用户信息,结合用户关系随动态变化因素的变化,建立用户关系动态知识图谱;A user relationship dynamic knowledge graph establishment module is used to establish a user relationship dynamic knowledge graph according to the user information and in combination with the changes of the user relationship with the dynamic change factors;

托攻击检测模块,用于根据真实用户的用户关系随动态变化因素产生变化,托攻击用户的用户关系在传播能力消逝后随动态变化因素不产生变化,利用图团体聚类方法对所述用户关系动态知识图谱进行用户聚类,以检测出托攻击用户。The trust attack detection module is used to change the user relationship of the real user with the dynamic change factor, and the user relationship of the trust attack user does not change with the dynamic change factor after the propagation ability disappears, and uses the graph community clustering method to analyze the user relationship. The dynamic knowledge graph performs user clustering to detect users who are under attack.

本发明还提供一种电子设备,其可以包括:处理器(processor)、通信接口(Communications Interface)、存储器(memory)和通信总线,其中,处理器,通信接口,存储器通过通信总线完成相互间的通信。处理器可以调用存储器中的逻辑指令,以执行基于动态知识图谱的托攻击检测方法,该方法包括:The present invention also provides an electronic device, which may include: a processor, a communications interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory communicate with each other through the communication bus. communication. The processor can call the logic instructions in the memory to execute the method for detecting spoofing attacks based on the dynamic knowledge graph, and the method includes:

采集用户信息;collect user information;

根据所述用户信息,结合用户关系随动态变化因素的变化,建立用户关系动态知识图谱;According to the user information, combined with the change of the user relationship with the dynamic change factor, a dynamic knowledge map of the user relationship is established;

根据真实用户的用户关系随动态变化因素产生变化,托攻击用户的用户关系在传播能力消逝后随动态变化因素不产生变化,利用图团体聚类方法对所述用户关系动态知识图谱进行用户聚类,以检测出托攻击用户。According to the fact that the user relationship of the real user changes with the dynamic change factor, the user relationship of the attacking user does not change with the dynamic change factor after the dissemination ability disappears, and the graph community clustering method is used to perform user clustering on the dynamic knowledge graph of the user relationship. , to detect users who are under attack.

此外,上述的存储器中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。In addition, the above-mentioned logic instructions in the memory can be implemented in the form of software functional units and can be stored in a computer-readable storage medium when sold or used as an independent product. Based on this understanding, the technical solution of the present invention can be embodied in the form of a software product in essence, or the part that contributes to the prior art or the part of the technical solution. The computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes .

另一方面,本发明还提供一种计算机程序产品,所述计算机程序产品包括计算机程序,计算机程序可存储在非暂态计算机可读存储介质上,所述计算机程序被处理器执行时,计算机能够执行上述各方法所提供的基于动态知识图谱的托攻击检测方法,该方法包括:In another aspect, the present invention also provides a computer program product, the computer program product includes a computer program, the computer program can be stored on a non-transitory computer-readable storage medium, and when the computer program is executed by a processor, the computer can Execute the method for detecting spoofing attacks based on the dynamic knowledge graph provided by the above methods, and the method includes:

采集用户信息;collect user information;

根据所述用户信息,结合用户关系随动态变化因素的变化,建立用户关系动态知识图谱;According to the user information, combined with the change of the user relationship with the dynamic change factor, a dynamic knowledge map of the user relationship is established;

根据真实用户的用户关系随动态变化因素产生变化,托攻击用户的用户关系在传播能力消逝后随动态变化因素不产生变化,利用图团体聚类方法对所述用户关系动态知识图谱进行用户聚类,以检测出托攻击用户。According to the fact that the user relationship of the real user changes with the dynamic change factor, the user relationship of the attacking user does not change with the dynamic change factor after the dissemination ability disappears, and the graph community clustering method is used to perform user clustering on the dynamic knowledge graph of the user relationship. , to detect users who are under attack.

又一方面,本发明还提供一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现以执行上述各方法提供的基于动态知识图谱的托攻击检测方法,该方法包括:In yet another aspect, the present invention also provides a non-transitory computer-readable storage medium on which a computer program is stored, and the computer program is implemented by a processor to perform the dynamic knowledge graph-based spoofing attack detection provided by the above methods when the computer program is executed. method, which includes:

采集用户信息;collect user information;

根据所述用户信息,结合用户关系随动态变化因素的变化,建立用户关系动态知识图谱;According to the user information, combined with the change of the user relationship with the dynamic change factor, a dynamic knowledge map of the user relationship is established;

根据真实用户的用户关系随动态变化因素产生变化,托攻击用户的用户关系在传播能力消逝后随动态变化因素不产生变化,利用图团体聚类方法对所述用户关系动态知识图谱进行用户聚类,以检测出托攻击用户。According to the fact that the user relationship of the real user changes with the dynamic change factor, the user relationship of the attacking user does not change with the dynamic change factor after the dissemination ability disappears, and the graph community clustering method is used to perform user clustering on the dynamic knowledge graph of the user relationship. , to detect users who are under attack.

以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下,即可以理解并实施。The device embodiments described above are only illustrative, wherein the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in One place, or it can be distributed over multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment. Those of ordinary skill in the art can understand and implement it without creative effort.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on this understanding, the above-mentioned technical solutions can be embodied in the form of software products in essence or the parts that make contributions to the prior art, and the computer software products can be stored in computer-readable storage media, such as ROM/RAM, magnetic A disc, an optical disc, etc., includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the methods described in various embodiments or some parts of the embodiments.

最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, but not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that it can still be The technical solutions described in the foregoing embodiments are modified, or some technical features thereof are equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1.一种基于动态知识图谱的托攻击检测方法,其特征在于,包括:1. a method for detecting an attack based on dynamic knowledge graph, is characterized in that, comprises: 采集用户信息;collect user information; 根据所述用户信息,结合用户关系随动态变化因素的变化,建立用户关系动态知识图谱;According to the user information, combined with the change of the user relationship with the dynamic change factor, a dynamic knowledge map of the user relationship is established; 根据真实用户的用户关系随动态变化因素产生变化,托攻击用户的用户关系在传播能力消逝后随动态变化因素不产生变化,利用图团体聚类方法对所述用户关系动态知识图谱进行用户聚类,以检测出托攻击用户。According to the fact that the user relationship of the real user changes with the dynamic change factor, the user relationship of the attacking user does not change with the dynamic change factor after the dissemination ability disappears, and the graph community clustering method is used to perform user clustering on the dynamic knowledge graph of the user relationship. , to detect users who are under attack. 2.根据权利要求1所述的基于动态知识图谱的托攻击检测方法,其特征在于,所述根据所述用户信息,结合用户关系随动态变化因素的变化,建立用户关系动态知识图谱,包括:2. the method for detecting the attack based on dynamic knowledge graph according to claim 1, is characterized in that, described according to described user information, in conjunction with the change of user relationship with dynamic change factor, establish user relationship dynamic knowledge graph, comprising: 根据所述用户信息,计算得到用户之间的关系紧密度和用户的社交风格,并建立若干时刻对应的用户关系静态知识图谱;According to the user information, the closeness of the relationship between users and the social style of the user are calculated, and a static knowledge map of user relationships corresponding to several moments is established; 根据所述用户信息,结合用户关系随动态变化因素的变化,计算若干时刻下的用户间关系权值和用户关系变化值,融合若干所述用户关系静态知识图谱以及对应时刻下的用户间关系权值和用户关系变化值,得到用户关系动态知识图谱。According to the user information, combined with the changes of the user relationship with the dynamic change factors, calculate the relationship weight between users and the change value of the user relationship at several moments, and fuse several static knowledge graphs of the user relationship and the relationship weight between users at the corresponding moment. The value and the change value of the user relationship are obtained, and the dynamic knowledge map of the user relationship is obtained. 3.根据权利要求2所述的基于动态知识图谱的托攻击检测方法,其特征在于,所述采集用户信息,包括:3. The method for detecting an attack based on a dynamic knowledge graph according to claim 2, wherein the collection of user information comprises: 采集用户集合R,其中,Collect user set R, where, R=(R1,R2,…,Ri,…,Rn},i∈[1,n],R=(R 1 , R 2 ,...,R i ,...,R n }, i∈[1,n],
Figure FDA0003244386900000011
Figure FDA0003244386900000011
 R表示用户群体的集合,集合R中包括n个用户群体,表示为R1,R2,…,Ri,…,Rn,Ri表示n个用户群体中的第i个用户群体的用户集合,集合Ri中包括m个用户,表示为
Figure FDA0003244386900000021
R represents a set of user groups, and the set R includes n user groups, denoted as R 1 , R 2 , ..., R i , ... , R n , and R i represents the users of the ith user group among the n user groups The set, including m users in the set R i , is expressed as
Figure FDA0003244386900000021
 采集用户档案集合UP,其中,Collect a set of user profiles UP, where, UP=(z1,z2,z3,…zi…zn},i∈[1,n],UP=(z 1 , z 2 , z 3 , ... z i ... z n }, i∈[1,n],
Figure FDA0003244386900000022
Figure FDA0003244386900000022
Figure FDA0003244386900000023
Figure FDA0003244386900000023
 Ia=w1×he+w2×we+w3×se+w4×ag+w5×pr,Ia=w 1 ×he+w 2 ×we+w 3 ×se+w 4 ×ag+w 5 ×pr,
Figure FDA0003244386900000024
Figure FDA0003244386900000024
 Sa=w6×ac+w7×fe+w8×in+w9×ad,Sa=w 6 ×ac+w 7 ×fe+w 8 ×in+w 9 ×ad,
Figure FDA0003244386900000025
Figure FDA0003244386900000025
 UP表示用户群体的档案的集合,集合UP中包括n个用户群体的档案,表示为z1,z2,z3,…zi…zn,zi表示n个用户群体中第i个用户群体的用户的档案集合,集合zi中包括m个用户的档案,表示为
Figure FDA0003244386900000026
表示m个用户中的第j个用户的档案,<Ia|Sa>表示<用户个体属性|用户社会属性>,在用户个体属性Ia中:he表示身高属性、we表示体重属性、se表示性别属性、ag表示年龄属性、pr表示职业属性,在用户社会属性Sa中:ac表示活跃度属性、fe表示反馈性属性、in表示影响力属性、以及ad表示适应性属性,wi表示权重比例;UP represents a set of profiles of user groups, and the set UP includes profiles of n user groups, denoted as z 1 , z 2 , z 3 , ... z i ... z n , and z i represents the i-th user in n user groups The set of files of users in the group, the set zi includes the files of m users, which is expressed as
Figure FDA0003244386900000026
Indicates the profile of the jth user among m users, <Ia|Sa> indicates <user individual attribute|user social attribute>, in the user individual attribute Ia: he indicates the height attribute, we indicates the weight attribute, and se indicates the gender attribute , ag means age attribute, pr means occupation attribute, in user social attribute Sa: ac means activity attribute, fe means feedback attribute, in means influence attribute, and ad means adaptability attribute, w i means weight ratio; 采集用户访问集合UH,其中,Collect user access set UH, where, UH={u1,u2,u3,…ui,…,un},i∈[1,n],UH={u 1 , u 2 , u 3 ,...u i ,...,u n }, i∈[1,n],
Figure FDA0003244386900000027
Figure FDA0003244386900000027
Figure FDA0003244386900000028
Figure FDA0003244386900000028
 UH表示用户群体的访问记录的集合,集合UH包括n个用户群体的访问记录,表示为u1,u2,u3,…ui,…,un,ui表示n个用户群体中第i个用户群体的访问记录的集合,集合ui包括m个用户的访问记录,表示为
Figure FDA0003244386900000031
Figure FDA0003244386900000032
表示在第i个用户群体中的第j个用户的访问记录,{Item|number,action,…}表示用户对项目的访问记录,{User|number,action…}表示用户对用户的访问记录。UH represents the set of access records of user groups, and the set UH includes the access records of n user groups, denoted as u 1 , u 2 , u 3 , ... u i , ..., u n , where u i represents the nth user group among the n user groups The set of access records of i user groups, the set ui includes the access records of m users, which is expressed as
Figure FDA0003244386900000031
Figure FDA0003244386900000032
represents the access record of the jth user in the ith user group, {Item|number, action, ...} represents the user's access record to the item, {User|number, action...} represents the user's access record to the user. 4.根据权利要求3所述的基于动态知识图谱的托攻击检测方法,其特征在于,所述根据所述用户信息,计算得到用户之间的关系紧密度和用户的社交风格,并建立若干时刻对应的用户关系静态知识图谱,包括:4. the method for detecting attack based on dynamic knowledge graph according to claim 3, is characterized in that, described according to described user information, calculates the relationship tightness between users and user's social style, and establishes several moments The corresponding static knowledge graph of user relationships, including: 通过用户访问集合UH提取用户的直接交互信息,所述直接交互信息包括用户的追随者数量IC、跟随的用户数量NO、用户访问的项目数量NI、用户访问同一领域项目数量SN、用户的评论数量NC、用户评论的时间TC、以及其他用户对目标用户的评分RO;The direct interaction information of the user is extracted through the user access set UH, the direct interaction information includes the number of followers IC of the user, the number of followers NO, the number of items NI accessed by the user, the number of items SN accessed by the user in the same field, and the number of comments of the user. NC, the time TC of the user's comment, and the rating RO of the target user by other users; 根据所述用户信息,通过式1计算用户之间的关系紧密度,式1为:According to the user information, the closeness of the relationship between users is calculated by formula 1, where formula 1 is:
Figure FDA0003244386900000033
Figure FDA0003244386900000033
Figure FDA0003244386900000034
Figure FDA0003244386900000034
 其中FN表示用户
Figure FDA0003244386900000035
与第N层级的用户
Figure FDA0003244386900000036
的关系紧密度,Ia表示目标用户的个体属性数据,
Figure FDA0003244386900000037
表示其他用户的个体属性数据,
Figure FDA0003244386900000038
为Ia与
Figure FDA0003244386900000039
的点积,用于表示目标用户和其他用户在个体属性数据上的相关程度,Sa表示目标用户的社会属性数据,
Figure FDA00032443869000000310
表示其他用户的社会属性数据,
Figure FDA00032443869000000311
为Sa与
Figure FDA00032443869000000312
的点积,用于表示目标用户和其他用户在社会属性数据上的相关程度,Cl表示目标用户和其他用户在个体属性数据上的相关程度和社会属性数据上的相关程度的和;where F N represents the user
Figure FDA0003244386900000035
with Nth tier users
Figure FDA0003244386900000036
The relationship tightness of , Ia represents the individual attribute data of the target user,
Figure FDA0003244386900000037
Represents individual attribute data of other users,
Figure FDA0003244386900000038
for Ia with
Figure FDA0003244386900000039
The dot product of is used to represent the degree of correlation between the target user and other users on individual attribute data, Sa represents the social attribute data of the target user,
Figure FDA00032443869000000310
Represents social attribute data of other users,
Figure FDA00032443869000000311
for Sa and
Figure FDA00032443869000000312
The dot product of , is used to represent the degree of correlation between the target user and other users on social attribute data, and C1 represents the sum of the degree of correlation between the target user and other users on individual attribute data and the degree of correlation on social attribute data; 根据所述用户信息,通过式2计算用户的社交风格,式2为:According to the user information, the user's social style is calculated by Equation 2, where Equation 2 is:
Figure FDA0003244386900000041
Figure FDA0003244386900000041
 j∈[1,m],i∈[1,n],
Figure FDA0003244386900000042
CO=exp{ad+Ia+NO′},j∈[1,m], i∈[1,n],
Figure FDA0003244386900000042
CO=exp{ad+Ia+NO'}, ST=exp{ac+pr+Ia+Sa+SN′+TC′+RO′},ST=exp{ac+pr+Ia+Sa+SN′+TC′+RO′}, DI=exp{fe+Sa+NI′+NC′},DI=exp{fe+Sa+NI′+NC′}, 其中
Figure FDA0003244386900000043
表示第i个用户群体中第j个用户的社交风格,在社交风格中:CO表示趋同性、ST表示稳定性、DI表示方向性,γ为评级参数,wi表示权重比例,exp表示对参数进行指数函数计算,IC′、NO′、NI′、SN′、NC′、TC′、和RO′分别表示对应的直接交互信息进行归一化处理后的数值;in
Figure FDA0003244386900000043
Represents the social style of the jth user in the ith user group. In the social style: CO represents convergence, ST represents stability, DI represents directionality, γ represents the rating parameter, w i represents the weight ratio, and exp represents the pair parameter Perform exponential function calculation, IC', NO', NI', SN', NC', TC', and RO' respectively represent the normalized value of the corresponding direct interaction information; 根据用户之间的关系紧密度和用户的社交风格,建立若干时刻对应的用户关系静态知识图谱。According to the closeness of the relationship between users and the user's social style, a static knowledge graph of user relationships corresponding to several moments is established. 5.根据权利要求4所述的基于动态知识图谱的托攻击检测方法,其特征在于,所述根据所述用户信息,结合用户关系随动态变化因素的变化,计算若干时刻下的用户间关系权值和用户关系变化值,融合若干所述用户关系静态知识图谱以及对应时刻下的用户间关系权值和用户关系变化值,得到用户关系动态知识图谱,包括:5. The method for detecting spoofing attacks based on a dynamic knowledge graph according to claim 4, characterized in that, according to the user information, in combination with the change of the user relationship with the dynamic change factor, the relationship weight between users under several moments is calculated. value and the change value of user relationship, fuse several static knowledge maps of user relationship and the relationship weight between users and user relationship change value at the corresponding moment to obtain the dynamic knowledge map of user relationship, including: 根据用户的社交风格,结合时间间隔函数TIv,通过式3-7计算若干时刻下的用户关系权值
Figure FDA0003244386900000045
其中,According to the user's social style, combined with the time interval function TI v , the user relationship weights at several moments are calculated by Equation 3-7
Figure FDA0003244386900000045
in, 时间间隔函数TIv为:The time interval function TI v is: TIv=(Ts+(j-1)×d,Ts+j×d),TI v =(T s +(j-1)×d, T s +j×d),
Figure FDA0003244386900000044
Figure FDA0003244386900000044
 Ts+(j-1)×d表示检测用户关系权值的开始时间,Ts+j×d表示检测用户关系权值的结束时间,TIv表示检测用户关系权值的时刻,d表示间隔宽度,e表示在TIv时刻下的突发事件数量,Δn表示在TIv时刻下的评论数量变化,Δr表示在TIv时刻下的用户关系变化,K为计算参数;T s +(j-1)×d represents the start time of detecting user relationship weights, T s +j×d represents the end time of detecting user relationship weights, TI v represents the moment of detecting user relationship weights, and d represents the interval Width, e represents the number of emergencies at time TI v , Δn represents the change in the number of comments at time TI v , Δr represents the change in user relationship at time TI v , and K is a calculation parameter; 式3为:
Figure FDA0003244386900000051
Formula 3 is:
Figure FDA0003244386900000051
 式4为:
Figure FDA0003244386900000052
Formula 4 is:
Figure FDA0003244386900000052
 式5为:Formula 5 is:
Figure FDA0003244386900000053
Figure FDA0003244386900000053
 式6为:
Figure FDA0003244386900000054
Formula 6 is:
Figure FDA0003244386900000054
 式7为:Formula 7 is:
Figure FDA0003244386900000055
Figure FDA0003244386900000055
 其中,
Figure FDA0003244386900000056
表示在TIv时刻下的用户关系权值,
Figure FDA0003244386900000057
表示在TIv时刻下用户的社交风格、REC表示在TIv时刻下用户的关联度、CDL表示在TIv时刻下用户的可信度、SIM表示在TIv时刻下用户的相似度、以及IFL表示在TIv时刻下用户的影响力;in,
Figure FDA0003244386900000056
represents the user relationship weight at time TI v ,
Figure FDA0003244386900000057
represents the user's social style at TI v time, REC represents the user's relevance at TI v time, CDL represents the user's reliability at TI v time, SIM represents the user's similarity at TI v time, and IFL Indicates the influence of the user at the moment of TI v ; 根据用户关系权值,通过式8计算若干时刻下的用户关系变化值,式8为:According to the user relationship weight, the user relationship change value at several moments is calculated by Equation 8. Equation 8 is:
Figure FDA0003244386900000058
Figure FDA0003244386900000058
 其中,
Figure FDA0003244386900000059
表示在TIv时刻下用户关系变化值,
Figure FDA00032443869000000510
表示在TIv-1时刻下的用户关系权值,
Figure FDA00032443869000000511
表示在TIv时刻下的用户关系权值,
Figure FDA0003244386900000061
表示对参数
Figure FDA0003244386900000062
进行指数函数计算,
Figure FDA0003244386900000063
表示对参数
Figure FDA0003244386900000064
进行指数函数计算;in,
Figure FDA0003244386900000059
represents the change value of the user relationship at time TI v ,
Figure FDA00032443869000000510
represents the user relationship weight at TI v-1 time,
Figure FDA00032443869000000511
represents the user relationship weight at time TI v ,
Figure FDA0003244386900000061
Indicates the pair of parameters
Figure FDA0003244386900000062
Perform exponential function calculations,
Figure FDA0003244386900000063
Indicates the pair of parameters
Figure FDA0003244386900000064
Perform exponential function calculations; 融合若干所述用户关系静态知识图谱以及对应时刻下的用户间关系权值和用户关系变化值,建立得到用户关系动态知识图谱。A dynamic knowledge map of user relationships is established by integrating several of the static knowledge maps of user relationships and the relationship weights between users and the change values of user relationships at corresponding moments. 6.根据权利要求1-5任一项所述的基于动态知识图谱的托攻击检测方法,其特征在于,还包括:以关系图网络的形式实时展现用户关系动态知识图谱。6 . The method for detecting fraudulent attacks based on a dynamic knowledge graph according to claim 1 , further comprising: displaying the dynamic knowledge graph of user relationships in real time in the form of a relational graph network. 7 . 7.根据权利要求6所述的基于动态知识图谱的托攻击检测方法,其特征在于,所述根据真实用户的用户关系随动态变化因素产生变化,托攻击用户的用户关系在传播能力消逝后随动态变化因素不产生变化,利用图团体聚类方法对所述用户关系动态知识图谱进行用户聚类,以检测出托攻击用户,包括:7. the method for detecting an attack based on dynamic knowledge graph according to claim 6, it is characterized in that, the user relationship according to the real user produces a change with the dynamic change factor, and the user relationship of the attack user is followed after the propagation ability disappears. If the dynamic change factors do not change, use the graph community clustering method to perform user clustering on the user relationship dynamic knowledge graph, so as to detect the users who attack users, including: 根据真实用户的用户关系随动态变化因素产生变化,托攻击用户的用户关系在传播能力消逝后随动态变化因素不产生变化,利用式9计算用户关系动态知识图谱的用户模块性,式9为:According to the change of the user relationship of the real user with the dynamic change factor, the user relationship of the attacking user does not change with the dynamic change factor after the dissemination ability disappears. The user modularity of the dynamic knowledge graph of the user relationship is calculated by using Equation 9. Equation 9 is:
Figure FDA0003244386900000065
Figure FDA0003244386900000065
 其中M表示用户关系动态知识图谱的用户模块性,L表示用户关系动态知识图谱中图所包含的边的数量,即用户关系,H表示用户数量,
Figure FDA0003244386900000066
表示用户
Figure FDA0003244386900000067
的度,
Figure FDA0003244386900000068
表示用户
Figure FDA0003244386900000069
的度,
Figure FDA00032443869000000610
的值为用户关系动态知识图谱中图的邻接矩阵中的值,
Figure FDA00032443869000000611
表示用户
Figure FDA00032443869000000612
的聚类,
Figure FDA00032443869000000613
表示用户
Figure FDA00032443869000000614
的聚类,δ为克罗内克函数,即
Figure FDA00032443869000000615
若用户
Figure FDA00032443869000000616
和用户
Figure FDA00032443869000000617
均随动态变化因素产生变化,即属于同一聚类,则
Figure FDA00032443869000000618
为1,若用户
Figure FDA00032443869000000619
和用户
Figure FDA00032443869000000620
中的一个随动态变化因素不产生变化,即不属于同一聚类,则
Figure FDA00032443869000000621
为0,若用户
Figure FDA0003244386900000071
和用户
Figure FDA0003244386900000072
均随动态变化因素不产生变化,即属于同一聚类,则
Figure FDA0003244386900000073
为1;Among them, M represents the user modularity of the user relationship dynamic knowledge graph, L represents the number of edges contained in the graph in the user relationship dynamic knowledge graph, that is, the user relationship, H represents the number of users,
Figure FDA0003244386900000066
represents the user
Figure FDA0003244386900000067
degree,
Figure FDA0003244386900000068
represents the user
Figure FDA0003244386900000069
degree,
Figure FDA00032443869000000610
The value of is the value in the adjacency matrix of the graph in the user relationship dynamic knowledge graph,
Figure FDA00032443869000000611
represents the user
Figure FDA00032443869000000612
clustering,
Figure FDA00032443869000000613
represents the user
Figure FDA00032443869000000614
The clustering of , δ is the Kronecker function, that is
Figure FDA00032443869000000615
If the user
Figure FDA00032443869000000616
and users
Figure FDA00032443869000000617
All change with dynamic factors, that is, belong to the same cluster, then
Figure FDA00032443869000000618
is 1, if the user
Figure FDA00032443869000000619
and users
Figure FDA00032443869000000620
One of them does not change with the dynamic change factor, that is, it does not belong to the same cluster, then
Figure FDA00032443869000000621
is 0, if the user
Figure FDA0003244386900000071
and users
Figure FDA0003244386900000072
All of them do not change with dynamic changing factors, that is, they belong to the same cluster, then
Figure FDA0003244386900000073
is 1; 对所述用户关系动态知识图谱进行多次模块性计算,直至对所有用户进行聚类,以得到真实用户集合和托攻击用户集合。Perform multiple modular calculations on the user relationship dynamic knowledge graph until all users are clustered, so as to obtain a set of real users and a set of attacked users. 8.一种基于动态知识图谱的托攻击检测系统,其特征在于,包括:8. A system for detecting attacks based on dynamic knowledge graph, characterized in that, comprising: 用户信息采集模块,用于采集用户信息;User information collection module, used to collect user information; 用户关系动态知识图谱建立模块,用于根据所述用户信息,结合用户关系随动态变化因素的变化,建立用户关系动态知识图谱;A user relationship dynamic knowledge graph establishment module is used to establish a user relationship dynamic knowledge graph according to the user information and in combination with the changes of the user relationship with the dynamic change factors; 托攻击检测模块,用于根据真实用户的用户关系随动态变化因素产生变化,托攻击用户的用户关系在传播能力消逝后随动态变化因素不产生变化,利用图团体聚类方法对所述用户关系动态知识图谱进行用户聚类,以检测出托攻击用户。The trust attack detection module is used to change the user relationship of the real user with the dynamic change factor, and the user relationship of the trust attack user does not change with the dynamic change factor after the propagation ability disappears, and uses the graph community clustering method to analyze the user relationship. The dynamic knowledge graph performs user clustering to detect users who are under attack. 9.一种电子设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述程序时实现如权利要求1至7任一项所述基于动态知识图谱的托攻击检测方法的步骤。9. An electronic device, comprising a memory, a processor and a computer program stored on the memory and running on the processor, wherein the processor implements the program as claimed in claim 1 when executing the program Steps of any one of the steps of the method for detecting spoofing attacks based on the dynamic knowledge graph described in any one of 7. 10.一种非暂态计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1至7任一项所述基于动态知识图谱的托攻击检测方法的步骤。10. A non-transitory computer-readable storage medium on which a computer program is stored, characterized in that, when the computer program is executed by a processor, the dynamic knowledge graph based dynamic knowledge graph according to any one of claims 1 to 7 is implemented. The steps of the tow attack detection method.
CN202111028476.2A 2021-09-02 2021-09-02 Method, system, equipment and medium for detecting support attack based on dynamic knowledge graph Active CN113807977B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111028476.2A CN113807977B (en) 2021-09-02 2021-09-02 Method, system, equipment and medium for detecting support attack based on dynamic knowledge graph

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111028476.2A CN113807977B (en) 2021-09-02 2021-09-02 Method, system, equipment and medium for detecting support attack based on dynamic knowledge graph

Publications (2)

Publication Number Publication Date
CN113807977A true CN113807977A (en) 2021-12-17
CN113807977B CN113807977B (en) 2023-05-05

Family

ID=78894624

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111028476.2A Active CN113807977B (en) 2021-09-02 2021-09-02 Method, system, equipment and medium for detecting support attack based on dynamic knowledge graph

Country Status (1)

Country Link
CN (1) CN113807977B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105677900A (en) * 2016-02-04 2016-06-15 南京理工大学 Malicious user detection method and device
CN107330461A (en) * 2017-06-27 2017-11-07 安徽师范大学 Collaborative filtering recommending method based on emotion with trust
CN110390039A (en) * 2019-07-25 2019-10-29 广州汇智通信技术有限公司 Social networks analysis method, device and the equipment of knowledge based map
US20190384907A1 (en) * 2016-03-08 2019-12-19 Palo Alto Networks, Inc. Cookies watermarking in malware analysis
CN111143547A (en) * 2019-12-30 2020-05-12 山东大学 Big data display method based on knowledge graph
CN112231570A (en) * 2020-10-26 2021-01-15 腾讯科技(深圳)有限公司 Recommendation system trust attack detection method, device, equipment and storage medium
CN112417314A (en) * 2020-11-26 2021-02-26 清华大学 Social network suicidal ideation detection method and system
CN113095084A (en) * 2021-03-16 2021-07-09 重庆邮电大学 Semantic service matching method and device in Internet of things and storage medium
CN113221003A (en) * 2021-05-20 2021-08-06 北京建筑大学 Mixed filtering recommendation method and system based on dual theory

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105677900A (en) * 2016-02-04 2016-06-15 南京理工大学 Malicious user detection method and device
US20190384907A1 (en) * 2016-03-08 2019-12-19 Palo Alto Networks, Inc. Cookies watermarking in malware analysis
CN107330461A (en) * 2017-06-27 2017-11-07 安徽师范大学 Collaborative filtering recommending method based on emotion with trust
CN110390039A (en) * 2019-07-25 2019-10-29 广州汇智通信技术有限公司 Social networks analysis method, device and the equipment of knowledge based map
CN111143547A (en) * 2019-12-30 2020-05-12 山东大学 Big data display method based on knowledge graph
CN112231570A (en) * 2020-10-26 2021-01-15 腾讯科技(深圳)有限公司 Recommendation system trust attack detection method, device, equipment and storage medium
CN112417314A (en) * 2020-11-26 2021-02-26 清华大学 Social network suicidal ideation detection method and system
CN113095084A (en) * 2021-03-16 2021-07-09 重庆邮电大学 Semantic service matching method and device in Internet of things and storage medium
CN113221003A (en) * 2021-05-20 2021-08-06 北京建筑大学 Mixed filtering recommendation method and system based on dual theory

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
JYOTI SHOKEEN 等: "A study on features of social recommender systems", 《ARTIFICIAL INTELLIGENCE REVIEW》 *
WAN SHANSHAN 等: "A security detection approach based on autonomy-oriented user sensor in social recommendation network", 《INTERNATIONAL JOURNAL OF DISTRIBUTED SENSOR NETWORKS》 *
WAN SHANSHAN 等: "NetLogo Based Model for VANET Behaviors Dynamic Research", 《2013 THIRD INTERNATIONAL CONFERENCE ON INTELLIGENT SYSTEM DESIGN AND ENGINEERING APPLICATIONS》 *
白杨: "面向社会化推荐系统的托攻击检测方法研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
陈曦: "面向大规模知识图谱的弹性语义推理方法研究及应用", 《中国博士学位论文全文数据库 信息科技辑》 *

Also Published As

Publication number Publication date
CN113807977B (en) 2023-05-05

Similar Documents

Publication Publication Date Title
KR101767454B1 (en) Method and apparatus of fraud detection for analyzing behavior pattern
Peng et al. Network intrusion detection based on deep learning
Gupta et al. Towards detecting fake user accounts in facebook
CN110351307A (en) Abnormal user detection method and system based on integrated study
CN112231570B (en) Recommendation system support attack detection method, device, equipment and storage medium
CN113094707B (en) Lateral movement attack detection method and system based on heterogeneous graph network
CN110457601B (en) Social account identification method and device, storage medium and electronic device
Ramalingaiah et al. Twitter bot detection using supervised machine learning
CN111835622B (en) Information interception method, device, computer equipment and storage medium
CN109218321A (en) A kind of network inbreak detection method and system
CN112669187B (en) Identity recognition method, device, electronic equipment and related products
CN118536093B (en) Data security tracing method, system and device based on artificial intelligence
CN110300127A (en) A kind of network inbreak detection method based on deep learning, device and equipment
CN112257546B (en) Event early warning method and device, electronic equipment and storage medium
Wu et al. Detecting marionette microblog users for improved information credibility
CN113518075B (en) Phishing warning method, device, electronic equipment and storage medium
CN112837061B (en) Data processing method and related device
US20160127290A1 (en) Method and system for detecting spam bot and computer readable storage medium
CN117407800A (en) A social media robot detection method and system based on random forest and XGBoost model
CN107908673B (en) The real relationship match method, apparatus and readable storage medium storing program for executing of social platform user
Sun et al. Detection and classification of network events in LAN using CNN
Gangula et al. Enhanced detection of social bots on online platforms using semi-supervised K-means clustering
Suriakala et al. Privacy protected system for vulnerable users and cloning profile detection using data mining approaches
CN111478922B (en) Method, device and equipment for detecting communication of hidden channel
CN113254580A (en) Special group searching method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20211217

Assignee: Zhejiang Wanhong Internet of things Technology Co.,Ltd.

Assignor: Beijing University of Civil Engineering and Architecture

Contract record no.: X2025980011858

Denomination of invention: Detection method, system, equipment, and medium for tray attacks based on dynamic knowledge graph

Granted publication date: 20230505

License type: Common License

Record date: 20250626