CN114401145A - Network flow detection system and method - Google Patents
Network flow detection system and method Download PDFInfo
- Publication number
- CN114401145A CN114401145A CN202210067320.3A CN202210067320A CN114401145A CN 114401145 A CN114401145 A CN 114401145A CN 202210067320 A CN202210067320 A CN 202210067320A CN 114401145 A CN114401145 A CN 114401145A
- Authority
- CN
- China
- Prior art keywords
- flow
- node
- network traffic
- network
- traffic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 37
- 238000000034 method Methods 0.000 title claims description 15
- 230000002159 abnormal effect Effects 0.000 claims abstract description 30
- 238000012544 monitoring process Methods 0.000 claims abstract description 14
- 230000006870 function Effects 0.000 claims description 40
- 238000012549 training Methods 0.000 claims description 21
- 238000012360 testing method Methods 0.000 claims description 18
- 239000011159 matrix material Substances 0.000 claims description 16
- 238000013527 convolutional neural network Methods 0.000 claims description 14
- 230000004913 activation Effects 0.000 claims description 10
- 238000012800 visualization Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 3
- 238000013528 artificial neural network Methods 0.000 claims description 2
- 230000002547 anomalous effect Effects 0.000 claims 1
- 230000003213 activating effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000001537 neural effect Effects 0.000 description 1
- 210000000056 organ Anatomy 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/048—Activation functions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/147—Network analysis or design for predicting network behaviour
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
The invention relates to a network flow detection system and a network flow detection method, which belong to the technical field of network security, a cloud computing server can achieve high-efficiency, high-speed and low-cost network flow abnormity detection according to node network flow detected by a node flow monitoring unit, and reduces the error of a network flow predicted value by adopting a mahalanobis distance-based loss function, thereby improving the accuracy of abnormal network flow.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network flow detection system and a network flow detection method.
Background
With the popularization of networks, network attacks are increasing, and the network attacks bring serious network security threats to enterprises, individuals, department organs and the like. Therefore, network anomaly detection is becoming increasingly important. And the network anomaly detection system needs strong timeliness, and the network anomaly is found earlier, so that the network attack can be blocked earlier, and the loss caused by the network attack can be well reduced or even avoided. Therefore, it is very necessary to research efficient and accurate network traffic anomaly detection.
Disclosure of Invention
The invention aims to provide a network flow detection system and a network flow detection method, which are used for improving the detection rate and accuracy of abnormal network flow.
In order to achieve the purpose, the invention provides the following scheme:
a network traffic detection system, the system comprising: the system comprises a node flow monitoring unit, a router and a cloud computing server;
the node flow monitoring unit is connected with the cloud computing server through the router;
the node flow monitoring unit is used for detecting node network flow and transmitting the detected node network flow to the cloud computing server through the router;
the cloud computing server is used for constructing a network flow prediction model, predicting node network flow by using the network flow prediction model, and determining whether the node network flow is abnormal according to the predicted node network flow and the detected node network flow.
Optionally, the cloud computing server includes:
the historical flow collection module is used for acquiring the network flow of the node at each acquisition moment in a period of time;
the traffic matrix forming module is used for taking the node network traffic and the time attribute at each acquisition moment as an element and forming a historical network traffic matrix by all the elements in a period of time;
the prediction model building module is used for building a network flow prediction model by taking a rectification linear unit as an activation function and taking a mahalanobis distance-based loss function as a loss function;
the traffic prediction module is used for inputting the historical network traffic matrix into the network traffic prediction model to obtain a node network traffic prediction value of a prediction time point;
the abnormity judging module is used for judging whether the network flow of the node is abnormal or not, and the specific rule is as follows: and if the difference value between the predicted value of the node network flow at the predicted time point and the measured value of the node network flow is greater than the abnormal threshold value, determining that the node network flow at the predicted time point is abnormal.
Optionally, the system further includes: a memory;
the memory is used for storing the node network traffic detected by the node traffic monitoring unit and transmitting the node network traffic to the cloud computing server through the router.
Optionally, the system further includes: a processor and a visualization module;
the processor is used for receiving the predicted node network traffic, the detected node network traffic and the abnormal detection result sent by the cloud computing server, and performing charting processing on the predicted node network traffic and the detected node network traffic sent by the cloud computing server to obtain a traffic comparison graph;
the visualization module is used for displaying a flow comparison graph and an abnormal detection result.
A method of network traffic detection, the method comprising:
acquiring the network flow of a node at each acquisition moment in a period of time;
taking the node network flow and the time attribute of each acquisition moment as an element, and forming a historical network flow matrix by all the elements in a period of time;
constructing a network flow prediction model by taking a rectification linear unit as an activation function and taking a mahalanobis distance-based loss function as a loss function;
inputting the historical network traffic matrix into the network traffic prediction model to obtain a node network traffic prediction value of a prediction time point;
and if the difference value between the predicted value of the node network flow at the predicted time point and the measured value of the node network flow is greater than the abnormal threshold value, determining that the node network flow at the predicted time point is abnormal.
Optionally, the constructing a network traffic prediction model by using the rectification linear unit as an activation function and using a mahalanobis distance-based loss function as a loss function specifically includes:
collecting node network flows of a plurality of historical time periods to form a flow sample pool; each traffic sample in the traffic sample pool comprises node network traffic and a time attribute of the node network traffic;
dividing a flow sample pool into a flow training set and a flow testing set;
constructing a convolution neural network which takes a rectification linear unit as an activation function and takes a loss function based on the mahalanobis distance as a loss function;
training a convolutional neural network by using the flow training set to obtain a trained convolutional neural network;
testing the trained convolutional neural network by using the flow test set, and judging whether the test result meets the test requirement;
if the judgment result shows that the network traffic prediction model is established, outputting the trained convolutional neural network as a network traffic prediction model;
if the judgment result shows no, returning to the step of dividing the flow sample pool into a flow training set and a flow testing set.
Optionally, the mahalanobis distance-based loss function is
Wherein L ismFor the loss function, M is the index of the training examples, M is 1,2, … M, M is the number of training examples, λ is the extra phase, C is the number of training examplesmIs the Mahalanobis distance, SmAre sparse terms.
Optionally, if a difference between the predicted value of the node network traffic at the predicted time point and the measured value of the node network traffic is greater than an abnormal threshold, it is determined that the node network traffic at the predicted time point is abnormal, and then the method further includes:
adding the measured value of the node network flow to a flow sample pool to obtain an updated flow sample pool;
and retraining the network traffic prediction model by using the updated traffic sample pool, and replacing the existing network traffic prediction model by using the retrained network traffic prediction model.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the invention discloses a network flow detection system and a method, a cloud computing server can achieve high-efficiency, high-speed and low-cost network flow abnormity detection according to node network flow detected by a node flow monitoring unit, and reduces the error of a network flow predicted value by adopting a mahalanobis distance-based loss function, thereby improving the accuracy of abnormal network flow.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a schematic structural diagram of a network traffic detection system provided in the present invention;
fig. 2 is a flowchart of a network traffic detection method provided in the present invention.
Detailed Description
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention aims to provide a network flow detection system and a network flow detection method, which are used for improving the detection rate and accuracy of abnormal network flow.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
The invention provides a network flow detection system, as shown in fig. 1, the system includes: the system comprises a node traffic monitoring unit, a router and a cloud computing server.
The node flow monitoring unit is connected with the cloud computing server through the router. The node flow monitoring unit is used for detecting node network flow and transmitting the detected node network flow to the cloud computing server through the router. The cloud computing server is used for constructing a network flow prediction model, predicting node network flow by using the network flow prediction model, and determining whether the node network flow is abnormal according to the predicted node network flow and the detected node network flow.
The cloud computing server is used for achieving efficient, high-speed and low-cost network flow abnormity detection. The cloud computing server comprises a plurality of parallel computing units and a load balancing unit, wherein the load balancing unit is connected with the parallel computing units.
In one example, the cloud computing server includes:
the historical flow collection module is used for acquiring the network flow of the node at each acquisition moment in a period of time;
the traffic matrix forming module is used for taking the node network traffic and the time attribute at each acquisition moment as an element and forming a historical network traffic matrix by all the elements in a period of time;
the prediction model building module is used for building a network flow prediction model by taking a rectification linear unit as an activation function and taking a mahalanobis distance-based loss function as a loss function;
the traffic prediction module is used for inputting the historical network traffic matrix into the network traffic prediction model to obtain a node network traffic prediction value of a prediction time point;
the abnormity judging module is used for judging whether the network flow of the node is abnormal or not, and the specific rule is as follows: and if the difference value between the predicted value of the node network flow at the predicted time point and the measured value of the node network flow is greater than the abnormal threshold value, determining that the node network flow at the predicted time point is abnormal.
In one example, the system further comprises: a memory. The memory is used for storing the node network traffic detected by the node traffic monitoring unit and transmitting the node network traffic to the cloud computing server through the router.
In one example, the system further comprises: a processor and a visualization module. The processor is used for receiving the predicted node network traffic, the detected node network traffic and the abnormal detection result sent by the cloud computing server, and performing charting processing on the predicted node network traffic and the detected node network traffic sent by the cloud computing server to obtain a traffic comparison graph. The visualization module is used for displaying a flow comparison graph and an abnormal detection result.
The present invention also provides a network traffic detection method, as shown in fig. 2, the method includes:
And 102, taking the node network traffic and the time attribute at each acquisition moment as an element, and forming a historical network traffic matrix by all the elements in a period of time.
And 103, constructing a network flow prediction model by taking the rectification linear unit as an activation function and taking the mahalanobis distance-based loss function as a loss function.
In one example, the specific construction process is as follows:
collecting node network flows of a plurality of historical time periods to form a flow sample pool; each traffic sample in the traffic sample pool comprises node network traffic and a time attribute of the node network traffic;
dividing a flow sample pool into a flow training set and a flow testing set;
constructing convolution neural with linear unit of rectification as activating function and mahalanobis distance-based loss function as loss functionPassing through a network; the mahalanobis distance-based loss function isWherein L ismFor the loss function, M is the index of the training examples, M is 1,2, … M, M is the number of training examples, λ is the extra phase, C is the number of training examplesmIs the Mahalanobis distance, SmIs a sparse term;
training a convolutional neural network by using the flow training set to obtain a trained convolutional neural network;
testing the trained convolutional neural network by using the flow test set, and judging whether the test result meets the test requirement;
if the judgment result shows that the network traffic prediction model is established, outputting the trained convolutional neural network as a network traffic prediction model;
if the judgment result shows no, returning to the step of dividing the flow sample pool into a flow training set and a flow testing set.
After the network traffic prediction model is constructed, the network traffic prediction model is also updated periodically, and the updating process is as follows:
adding the measured value of the node network flow to a flow sample pool to obtain an updated flow sample pool;
and retraining the network traffic prediction model by using the updated traffic sample pool, and replacing the existing network traffic prediction model by using the retrained network traffic prediction model.
The timeliness of the flow anomaly detection convolutional neural network model can be kept by updating the network flow prediction model at regular time.
And 104, inputting the historical network traffic matrix into the network traffic prediction model to obtain a node network traffic prediction value of a prediction time point.
And 105, if the difference value between the predicted node network flow value and the measured node network flow value at the predicted time point is greater than the abnormal threshold, determining that the node network flow at the predicted time point is abnormal.
The invention pursues the space-time characteristics of the traffic matrix for estimation by using a convolutional neural network architecture, wherein the mahalanobis distance-based loss function considers the sparse characteristic of the network traffic and reduces the error of the predicted value of the network traffic.
The principle and embodiments of the present invention are explained herein by using specific examples, and the above descriptions of the examples are only used to help understand the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.
Claims (8)
1. A network traffic detection system, the system comprising: the system comprises a node flow monitoring unit, a router and a cloud computing server;
the node flow monitoring unit is connected with the cloud computing server through the router;
the node flow monitoring unit is used for detecting node network flow and transmitting the detected node network flow to the cloud computing server through the router;
the cloud computing server is used for constructing a network flow prediction model, predicting node network flow by using the network flow prediction model, and determining whether the node network flow is abnormal according to the predicted node network flow and the detected node network flow.
2. The network traffic detection system of claim 1, wherein the cloud computing server comprises:
the historical flow collection module is used for acquiring the network flow of the node at each acquisition moment in a period of time;
the traffic matrix forming module is used for taking the node network traffic and the time attribute at each acquisition moment as an element and forming a historical network traffic matrix by all the elements in a period of time;
the prediction model building module is used for building a network flow prediction model by taking a rectification linear unit as an activation function and taking a mahalanobis distance-based loss function as a loss function;
the traffic prediction module is used for inputting the historical network traffic matrix into the network traffic prediction model to obtain a node network traffic prediction value of a prediction time point;
the abnormity judging module is used for judging whether the network flow of the node is abnormal or not, and the specific rule is as follows: and if the difference value between the predicted value of the node network flow at the predicted time point and the measured value of the node network flow is greater than the abnormal threshold value, determining that the node network flow at the predicted time point is abnormal.
3. The network traffic detection system of claim 1, wherein the system further comprises: a memory;
the memory is used for storing the node network traffic detected by the node traffic monitoring unit and transmitting the node network traffic to the cloud computing server through the router.
4. The network traffic detection system of claim 1, wherein the system further comprises: a processor and a visualization module;
the processor is used for receiving the predicted node network traffic, the detected node network traffic and the abnormal detection result sent by the cloud computing server, and performing charting processing on the predicted node network traffic and the detected node network traffic sent by the cloud computing server to obtain a traffic comparison graph;
the visualization module is used for displaying a flow comparison graph and an abnormal detection result.
5. A method for network traffic detection, the method comprising:
acquiring the network flow of a node at each acquisition moment in a period of time;
taking the node network flow and the time attribute of each acquisition moment as an element, and forming a historical network flow matrix by all the elements in a period of time;
constructing a network flow prediction model by taking a rectification linear unit as an activation function and taking a mahalanobis distance-based loss function as a loss function;
inputting the historical network traffic matrix into the network traffic prediction model to obtain a node network traffic prediction value of a prediction time point;
and if the difference value between the predicted value of the node network flow at the predicted time point and the measured value of the node network flow is greater than the abnormal threshold value, determining that the node network flow at the predicted time point is abnormal.
6. The method according to claim 5, wherein the constructing a network traffic prediction model with a rectification linear unit as an activation function and a mahalanobis distance-based loss function as a loss function specifically includes:
collecting node network flows of a plurality of historical time periods to form a flow sample pool; each traffic sample in the traffic sample pool comprises node network traffic and a time attribute of the node network traffic;
dividing a flow sample pool into a flow training set and a flow testing set;
constructing a convolution neural network which takes a rectification linear unit as an activation function and takes a loss function based on the mahalanobis distance as a loss function;
training a convolutional neural network by using the flow training set to obtain a trained convolutional neural network;
testing the trained convolutional neural network by using the flow test set, and judging whether the test result meets the test requirement;
if the judgment result shows that the network traffic prediction model is established, outputting the trained convolutional neural network as a network traffic prediction model;
if the judgment result shows no, returning to the step of dividing the flow sample pool into a flow training set and a flow testing set.
7. The method of claim 6, wherein the mahalanobis distance based loss function is
Wherein L ismFor the loss function, M is the index of the training examples, M is 1,2, … M, M is the number of training examples, λ is the extra phase, C is the number of training examplesmIs the Mahalanobis distance, SmAre sparse terms.
8. The method according to claim 6, wherein if a difference between a predicted value of the node network traffic and an actual measured value of the node network traffic at the predicted time point is greater than an anomaly threshold, determining that the node network traffic at the predicted time point is anomalous, and then further comprising:
adding the measured value of the node network flow to a flow sample pool to obtain an updated flow sample pool;
and retraining the network traffic prediction model by using the updated traffic sample pool, and replacing the existing network traffic prediction model by using the retrained network traffic prediction model.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210067320.3A CN114401145A (en) | 2022-01-20 | 2022-01-20 | Network flow detection system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210067320.3A CN114401145A (en) | 2022-01-20 | 2022-01-20 | Network flow detection system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114401145A true CN114401145A (en) | 2022-04-26 |
Family
ID=81232986
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210067320.3A Pending CN114401145A (en) | 2022-01-20 | 2022-01-20 | Network flow detection system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114401145A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116527329A (en) * | 2023-04-12 | 2023-08-01 | 广东工贸职业技术学院 | Intrusion detection method and system based on machine learning |
CN116614418A (en) * | 2023-07-19 | 2023-08-18 | 中国电信股份有限公司江西分公司 | Cloud computing platform-based server protection method |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107276999A (en) * | 2017-06-08 | 2017-10-20 | 西安电子科技大学 | A kind of event detecting method in wireless sensor network |
CN108494635A (en) * | 2018-05-21 | 2018-09-04 | 成都云视游科技有限公司 | A kind of network flow detection system based on cloud computing |
CA3061682A1 (en) * | 2017-05-18 | 2018-11-22 | Technische Universitat Wien | Method and system to identify irregularities in the distribution of electronic files within provider networks |
CN109035488A (en) * | 2018-08-07 | 2018-12-18 | 哈尔滨工业大学(威海) | Aero-engine time series method for detecting abnormality based on CNN feature extraction |
CN111130945A (en) * | 2019-12-30 | 2020-05-08 | 江苏万佳科技开发股份有限公司 | Data monitoring cloud platform and use method |
CN111800414A (en) * | 2020-07-03 | 2020-10-20 | 西北工业大学 | Convolutional neural network-based traffic anomaly detection method and system |
CN112039906A (en) * | 2020-09-03 | 2020-12-04 | 华侨大学 | Cloud computing-oriented network flow anomaly detection system and method |
US20210192346A1 (en) * | 2019-05-07 | 2021-06-24 | LedgerDomain, LLC | Establishing a Trained Machine Learning Classifier in a Blockchain Network |
-
2022
- 2022-01-20 CN CN202210067320.3A patent/CN114401145A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA3061682A1 (en) * | 2017-05-18 | 2018-11-22 | Technische Universitat Wien | Method and system to identify irregularities in the distribution of electronic files within provider networks |
CN107276999A (en) * | 2017-06-08 | 2017-10-20 | 西安电子科技大学 | A kind of event detecting method in wireless sensor network |
CN108494635A (en) * | 2018-05-21 | 2018-09-04 | 成都云视游科技有限公司 | A kind of network flow detection system based on cloud computing |
CN109035488A (en) * | 2018-08-07 | 2018-12-18 | 哈尔滨工业大学(威海) | Aero-engine time series method for detecting abnormality based on CNN feature extraction |
US20210192346A1 (en) * | 2019-05-07 | 2021-06-24 | LedgerDomain, LLC | Establishing a Trained Machine Learning Classifier in a Blockchain Network |
CN111130945A (en) * | 2019-12-30 | 2020-05-08 | 江苏万佳科技开发股份有限公司 | Data monitoring cloud platform and use method |
CN111800414A (en) * | 2020-07-03 | 2020-10-20 | 西北工业大学 | Convolutional neural network-based traffic anomaly detection method and system |
CN112039906A (en) * | 2020-09-03 | 2020-12-04 | 华侨大学 | Cloud computing-oriented network flow anomaly detection system and method |
Non-Patent Citations (1)
Title |
---|
刘华新等: "基于卷积神经网络的风电机组齿轮箱状态监测方法", 《可再生能源》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116527329A (en) * | 2023-04-12 | 2023-08-01 | 广东工贸职业技术学院 | Intrusion detection method and system based on machine learning |
CN116527329B (en) * | 2023-04-12 | 2023-11-17 | 广东工贸职业技术学院 | Intrusion detection method and system based on machine learning |
CN116614418A (en) * | 2023-07-19 | 2023-08-18 | 中国电信股份有限公司江西分公司 | Cloud computing platform-based server protection method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111694879B (en) | Multielement time sequence abnormal mode prediction method and data acquisition monitoring device | |
US9921943B2 (en) | Predicting anomalies and incidents in a computer application | |
CN108038044B (en) | Anomaly detection method for continuous monitored object | |
CN112987675B (en) | Method, device, computer equipment and medium for anomaly detection | |
CN114401145A (en) | Network flow detection system and method | |
CN105376260B (en) | A kind of exception flow of network monitoring system based on density peaks cluster | |
CN110895526A (en) | Method for correcting data abnormity in atmosphere monitoring system | |
CN107493277B (en) | Large data platform online anomaly detection method based on maximum information coefficient | |
CN107707431A (en) | The data safety monitoring method and system of a kind of facing cloud platform | |
CN101686235A (en) | Device and method for analyzing abnormal network flow | |
CN111913859A (en) | Abnormal behavior detection method and device | |
CN110011879B (en) | Sensor network safety real-time online monitoring system based on parallel filtering | |
CN111541559A (en) | Fault positioning method based on causal rule | |
CN110493221A (en) | A kind of network anomaly detection method based on the profile that clusters | |
Wang et al. | An accurate false data detection in smart grid based on residual recurrent neural network and adaptive threshold | |
CN107682354B (en) | Network virus detection method, device and equipment | |
CN115561546A (en) | Abnormity detection and alarm system for power system | |
CN114357670A (en) | Power distribution network power consumption data abnormity early warning method based on BLS and self-encoder | |
WO2024088025A1 (en) | Automated 5gc network element management method and apparatus based on multi-dimensional data | |
CN117573477A (en) | Abnormal data monitoring method, device, equipment, medium and program product | |
CN110401955B (en) | Method and system for detecting malicious nodes in mobile network | |
CN109768995B (en) | Network flow abnormity detection method based on cyclic prediction and learning | |
CN117009903A (en) | Data anomaly detection method, device, equipment and storage medium | |
Tan et al. | Using hidden markov models to evaluate the real-time risks of network | |
Łęczycki et al. | Extended sensor reliability evaluation method in multi-sensor control systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220426 |
|
RJ01 | Rejection of invention patent application after publication |