CN114884688B - Federal anomaly detection method across multi-attribute networks - Google Patents
Federal anomaly detection method across multi-attribute networks Download PDFInfo
- Publication number
- CN114884688B CN114884688B CN202210310593.6A CN202210310593A CN114884688B CN 114884688 B CN114884688 B CN 114884688B CN 202210310593 A CN202210310593 A CN 202210310593A CN 114884688 B CN114884688 B CN 114884688B
- Authority
- CN
- China
- Prior art keywords
- network
- abnormal
- nodes
- node
- attribute
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/147—Network analysis or design for predicting network behaviour
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0823—Errors, e.g. transmission errors
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention discloses a federal anomaly detection method crossing a multi-attribute network, which comprises the following steps: constructing a public network and a plurality of private networks, and calculating abnormal attribute values of nodes; setting an abnormal threshold and an alignment threshold, initializing a result set to be an empty set, and inputting an edge set and an abnormal attribute set of a public network and a private network, wherein the iteration number is 0; downloading a public network to a local area by each private network, and respectively pre-aligning with the public network to obtain an alignment probability matrix set; obtaining the last iteration result, aligning each private network with the last iteration result, detecting the maximum abnormal subgraph of each private network, and aligning the maximum abnormal subgraph of each private network with the public network to obtain U j * Uploading to the cloud; merging the uploading results of all private networks at the cloud, aligning with the public network to obtain all aligned abnormal subgraphs, and summarizing into a set U m+1 ;U m+1 Distributing each private network; u (U) m =U m+1 When the abnormal subgraph is aligned, returning the aligned abnormal subgraph; otherwise, repeating the process until the stopping condition is met.
Description
Technical Field
The invention belongs to the field of anomaly detection of complex networks, and particularly relates to a federal anomaly detection method crossing a multi-attribute network.
Background
Abnormal subgraph detection has been widely used in various applications such as network attack detection in computer networks, malicious activity detection in social networks, and congestion detection in traffic networks. Although there is an increasing need for federal anomaly detection across multi-attribute networks, the number of methods available to address this problem is limited. Currently, federal anomaly detection faces two major challenges: firstly, isolated data in most industries is limited to sharing with other industries due to data privacy and security, and secondly, most centralized methods are trained based on data integration.
In recent years, without considering data privacy, many methods for multi-network anomaly detection have been proposed, which focus on detecting anomalies having the same anomaly characteristics on multi-attribute networks in a specific area, and on improving the overall anomaly detection accuracy. However, federal anomaly detection over multi-private attribute networks has been rarely studied.
Disclosure of Invention
The invention mainly aims to mine relevant anomalies among a plurality of private attribute networks on the premise of protecting privacy, guide formulation of corresponding policies and mine potential anomaly information at the same time, and provides a federal anomaly detection method for a multi-attribute network. The fixed network segments and attack modes of the fixed network segments can be obtained according to the real records. Therefore, the attacked website can avoid the risk of being attacked with high probability by only intercepting the IP of the network segment. In addition, IP that will launch an attack in the future can also be inferred by correlation between anomalies.
The aim of the invention is achieved by the following technical scheme.
The invention relates to a federal anomaly detection method crossing a multi-attribute network, which comprises the following steps:
step one, constructing a public network and a plurality of private networks according to requirements, and calculating abnormal attribute values of nodes;
constructing a plurality of attribute networks G according to requirements * ={G i I e {0,1,. }, N }, where G i =(V i ,P i ,E i ) Represents the ith network, V i 、P i 、E i Respectively represent G i Node set, edge set, exception attribute set, N is the number of attribute networks, G 0 Is a public network, and the rest of the networks are private networks; the multi-network can be formed by dividing data from the same source according to time, and can also be formed by directly adopting data from a plurality of different sources;
the calculation of the abnormal attribute value of the node adopts an empirical p value, so that the abnormal attribute value of the node is mapped in the range of [0,1], and the specific method is as follows:
if the node attribute is counted by time, the attribute value of the node v in the time t is recorded as an observed value c t The attribute value of the node before the time t is taken as a contrast value c l Calculating the p value of the node v at time t according to the following formula;
if not based on time statistics, the attribute value of v is taken as an observed value c v The attribute value of other nodes of the network is taken as a contrast value c d Calculating a p value according to the following formula;
wherein n is the number of nodes of the network to which the node belongs;
step two, an abnormal threshold value alpha and an alignment threshold value sigma are set, and a result set U is initialized m For the empty set, the iteration times m=0, inputting an edge set and an abnormal attribute set of a public network and all private networks;
marking the node with the abnormal attribute value less than or equal to alpha as an abnormal node;
pairs of nodes (v) with alignment probability greater than sigma i ,v j ),v i And v j Are all denoted as alignment nodes, where v i And v j The nodes v of the ith network and the jth network are respectively derived from different networks;
U m finally public for all private networksInitializing a set of aligned abnormal subgraphs on a network into an empty set;
step three, each private network downloads a public network to a local area and performs prealignment with the public network respectively to obtain an alignment probability matrix set H;
step four, obtaining the last iteration result, each private network G j First locally aligned with it, then each private network maximum anomaly subgraph S is detected i * Maximum anomaly subgraph S of each private network i * Alignment with public network to obtain U i * And U is combined with i * Uploading to the cloud;
in order to obtain the anomaly score of each private network anomaly subgraph, a non-parametric graph scan statistic F is introduced as a scoring function in the form of:
in the method, in the process of the invention,is a statistical function, S i * Is G i Alpha is the anomaly threshold value of the node, N α (S i * ) Is S i * The number of abnormal nodes, N (S) i * ) Is S i * The number of all nodes in the network; furthermore, to guarantee maximum abnormality, +.>Two attributes are satisfied: />With N α (S i * ) Monotonically increasing; />With N (S) i * )-N α (S i * ) Monotonically decreasing; thus use the Higher Criticum statistic as +.>
Fifthly, merging the results uploaded by each private network at the cloud end, aligning with the public network U, and obtaining all aligned abnormal subgraphs U * Summarizing into a set U m+1 ;
In order to obtain the alignment score of the alignment anomaly subgraph corresponding to each network, a statistic Q is introduced as a scoring function, and the form is as follows:
where σ is the alignment threshold, N σ (S i * U) is S i * With the number of aligned nodes in U, N (S i * ) Is S i * N (U) is the number of all nodes in U; the alignment probability of the node is from the pre-alignment matrix junction set h= (H) ij ),H ij Is G i And G j Ji Gailv matrix of pairs (i +.j);
step six, aligning the cloud end with the result U m+1 Distributing to each private network;
step seven, when U m =U m+1 At the time, the aligned abnormal subgraph S is returned i * And U * The method comprises the steps of carrying out a first treatment on the surface of the Otherwise, the iteration times m=m+1, and repeating the steps four to six until the stopping condition of the step seven is met.
The process of obtaining the alignment probability matrix set H in the third step: the method is realized by referring to a multi-network alignment method CrossMNA, a local private network, a downloaded public network edge set and a known anchor link are input, the training ratio is set to be 1.0, the training times are 400, and a pair Ji Maolian matrix H between networks is obtained ij Summarizing to obtain H; wherein H is ij Is G i And G j The pair Ji Gailv matrix of nodes between the nodes has the dimension of |V i |×|V j I, each value H in the matrix ij (v i ,v j ) Represented by node v i And node v j The alignment probability for the anchor node is in the range of [0,1]A larger value indicates a higher alignment probability and a 1 indicates that the two nodes are known anchor nodes.
Compared with the prior art, the method provided by the invention is an algorithm suitable for multi-scene federal anomaly detection under the premise of protecting privacy and not carrying out direct data exchange. The technical scheme of the invention has the following beneficial effects that a few specific scenes are briefly described:
(1) In a computer attack network, IP and websites are taken as nodes, access behaviors are taken as edges, and access frequency is taken as an abnormal attribute. Dividing the network into a plurality of networks according to time, and if all the networks have abnormal properties, the method can mine out abnormal IP groups with similar attack behaviors (figure 3); if the network in a certain time period has no abnormal attribute, the method can also search the abnormality of the network by aligning the abnormal subgraphs of other networks to the network so as to predict the effect of attacking the IP in the time period.
(2) In a network of multiple traffic types (fig. 4), the method of the invention can detect the similar location distribution and location types of traffic jams occurring in the same time period, which has reference significance for traffic control.
(3) In a multi-network comprising a criminal network, a communication network and a social network, the method of the invention can detect hidden criminal/group partner information.
The practice shows that the method is a related anomaly detection algorithm suitable for various scenes, has wide application range and strong expansibility, can be suitable for different scenes, and can be used for mining related anomaly information/potential anomaly information.
Drawings
FIG. 1 is a flow chart of a federal anomaly detection method across a multi-attribute network of the present invention;
FIG. 2 is a schematic diagram of the idea of a federal anomaly detection method across a multi-attribute network;
FIG. 3 is a schematic diagram of the application of the method of the present invention to a certain related anomaly IP group found in a plurality of computer attack networks;
FIG. 4 is a schematic diagram of the anomalies found in a network about a car/sharing a single car/subway network applying the method of the present invention to the same time period; (correlation anomaly detection was performed once in all three time periods of 8:00/12:00/18:00, respectively).
Detailed Description
The invention is further described below with reference to the accompanying drawings.
The invention relates to a federal anomaly detection method across multiple attribute networks, which mainly aims at establishing an anomaly detection model based on data sets distributed on multiple attribute networks, wherein the networks consist of multiple private attribute networks and a public attribute network. In each private attribute network, the detected outlier sub-graph is aligned with the outlier sub-graph in the public attribute network. In the private attribute network, important public abnormal subgraphs are selected for abnormal subgraph alignment, and meanwhile data leakage is prevented.
The federal anomaly detection method across multiple attribute networks locally defines a certain event as an attribute network with mutually communicated nodes in each private attribute network, carries out maximum anomaly subgraph detection, and respectively aligns with anomalies on a public attribute network so as to mine the commonality of anomalies among the events. As shown in fig. 1, the specific implementation process is as follows:
step one, constructing a public network and a plurality of private networks according to requirements, and calculating abnormal attribute values of nodes.
Constructing a plurality of attribute networks G according to requirements * ={G i I e {0,1,. }, N }, where G i =(V i ,P i ,E i ) Represents the ith network, V i 、P i 、E i Respectively represent G i Node set, edge set, exception attribute set, N is the number of attribute networks, G 0 Is a public network and the remaining networks are private networks. Multiple networks may be formed by dividing data from the same source in time, or byDirectly from a plurality of data from different sources.
The calculation of the abnormal attribute value of the node generally adopts an empirical p value, so that the abnormal attribute value of the node can be mapped in the range of 0 and 1, namely, the abnormal attribute value of the node is between 0 and 1, the smaller the abnormal value is, the more abnormal the node is, the 1 is, the node is a normal node, and the abnormal attribute values of all nodes of the network are recorded as 1 for the network lacking the attribute. The specific method comprises the following steps:
if the node attribute is counted by time, the attribute value of the node v in the time t is recorded as an observed value c t The attribute value of the node before the time t is taken as a contrast value c l The p value of node v at time t is calculated according to the following equation.
If not based on time statistics, the attribute value of v is taken as an observed value c v The attribute value of other nodes of the network is taken as a contrast value c d The p value is calculated according to the following equation.
Wherein n is the number of nodes of the network to which the node belongs.
Step two, an abnormality threshold alpha (generally 0.15) and an alignment threshold sigma (generally 0.6) are set, and a result set U is initialized m For the empty set, the iteration number m=0, the edge set and the abnormal attribute set of one public network and all private networks are input.
And (3) marking the node with the abnormal attribute value less than or equal to alpha as an abnormal node.
Pairs of nodes (v) with alignment probability greater than sigma i ,v j ),v i And v j Are all denoted as alignment nodes, where v i And v j The nodes v of the i-th network and the j-th network respectively originate from different networks.
U m For all private networksInitializing a set of alignment abnormal subgraphs finally on a public network into an empty set;
and thirdly, downloading the public network to the local by each private network, and respectively pre-aligning with the public network to obtain an alignment probability matrix set H.
The invention is realized by referring to a multi-network alignment method CrossMNA, inputting the edge sets of a local private network and a downloaded public network and known anchor links (nodes with the same numbers are regarded as anchor nodes), setting the training ratio to be 1.0, and training the training times to be 400 to obtain a matrix H of a pair Ji Maolian between networks ij H is summarized in FIG. 2. Other network alignment algorithms may be employed to perform this step.
H ij Is G i And G j The pair Ji Gailv matrix of nodes between the nodes has the dimension of |V i |×|V j |,|V i |、|V j I are G respectively i 、G j Is the number of nodes; each value H in the matrix ij (v i ,v j ) Represented by node v i And node v j The alignment probability for the anchor node is in the range of [0,1]A larger value indicates a higher alignment probability and a 1 indicates that the two nodes are known anchor nodes.
Step four, obtaining the last iteration result from the cloud, and each private network G j First locally aligned with it, then each private network maximum anomaly subgraph S is detected i * (the maximum outlier sub-graph is a connected set of nodes, i.e., G i A connected subgraph including most abnormal nodes and least normal nodes), each private network maximum abnormal subgraph S i * Alignment with public network to obtain U i * And U is combined with i * Uploading to the cloud.
In order to obtain the anomaly score of each private network anomaly subgraph, a non-parametric graph scan statistic F is introduced as a scoring function in the form of:
in the method, in the process of the invention,is a statistical function; s is S i * Is G i A subset of connected vertices (i.e., connected subgraphs); alpha is the anomaly threshold value of the node, and is generally 0.15; n (N) α (S i * ) Is S i * The number of the abnormal nodes (the abnormal attribute value is less than or equal to alpha), N (S) i * ) Is S i * All the nodes in the network. Furthermore, to guarantee maximum abnormality, +.>Two attributes need to be satisfied: />With N α (S i * ) Monotonically increasing; />With N (S) i * )-N α (S i * ) Monotonically decreasing; thus use the Higher Criticum (HC) statistic (Donoho and Jin 2004) as +.>
Fifthly, merging the results uploaded by each private network at the cloud end, aligning with the public network U, and obtaining all aligned abnormal subgraphs U * Summarizing into a set U m+1 。
In order to obtain the alignment score of the alignment anomaly subgraph corresponding to each network, a statistic Q is introduced as a scoring function, and the form is as follows:
where σ is the alignment threshold, typically 0.8; n (N) σ (S i * U) is S i * With the number of aligned nodes in U, N (S i * ) Is S i * N (U) is the number of all nodes in U. The alignment probability of the node is from the pre-alignment matrix junction set h= (H) ij ),H ij Is G i And G j Ji Gailv matrix, and i+.j, see fig. 2.
Step six, aligning the cloud end with the result U m+1 Distributed to the individual private networks.
Step seven, when U m =U m+1 At the time, the aligned abnormal subgraph S is returned i * And U * 。
Otherwise, the iteration times m=m+1, and repeating the steps four to six until the stopping condition of the step seven is met.
Final result (S) * ,U * ) The relevant anomaly result that maximizes the objective function. The objective function is defined as follows:
although the function and operation of the present invention has been described above with reference to the accompanying drawings, the present invention is not limited to the above-described specific functions and operations, but the above-described specific embodiments are merely illustrative, not restrictive, and many forms can be made by those having ordinary skill in the art without departing from the spirit of the present invention and the scope of the appended claims, which are included in the protection of the present invention.
Claims (2)
1. The federal anomaly detection method across the multi-attribute network is characterized by comprising the following steps:
step one, constructing a public network and a plurality of private networks according to requirements, and calculating abnormal attribute values of nodes;
constructing a plurality ofAttribute network G * ={G i I e {0,1,. }, N }, where G i =(V i ,P i ,E i ) Represents the ith network, V i 、P i 、E i Respectively represent G i Node set, edge set, exception attribute set, N is the number of attribute networks, G 0 Is a public network, and the rest of the networks are private networks; the multi-network can be formed by dividing data from the same source according to time, and can also be formed by directly adopting data from a plurality of different sources;
the calculation of the abnormal attribute value of the node adopts an empirical p value, so that the abnormal attribute value of the node is mapped in the range of [0,1], and the specific method is as follows:
if the node attribute is counted by time, the attribute value of the node v in the time t is recorded as an observed value c t The attribute value of the node before the time t is taken as a contrast value c l Calculating the p value of the node v at time t according to the following formula;
if not based on time statistics, the attribute value of v is taken as an observed value c v The attribute value of other nodes of the network is taken as a contrast value c d Calculating a p value according to the following formula;
wherein n is the number of nodes of the network to which the node belongs;
step two, an abnormal threshold value alpha and an alignment threshold value sigma are set, and a result set U is initialized m For the empty set, the iteration times m=0, inputting an edge set and an abnormal attribute set of a public network and all private networks;
marking the node with the abnormal attribute value less than or equal to alpha as an abnormal node;
pairs of nodes (v) with alignment probability greater than sigma i ,v j ),v i And v j Are all denoted as alignment nodes, where v i And v j The nodes v of the ith network and the jth network are respectively derived from different networks;
U m initializing an empty set for a set of aligned abnormal subgraphs of all private networks on a public network finally;
step three, each private network downloads a public network to a local area and performs prealignment with the public network respectively to obtain an alignment probability matrix set H;
step four, obtaining the last iteration result, each private network G j First locally aligned with it, then each private network maximum anomaly subgraph S is detected i * Maximum anomaly subgraph S of each private network i * Alignment with public network to obtain U i * And U is combined with i * Uploading to the cloud;
in order to obtain the anomaly score of each private network anomaly subgraph, a non-parametric graph scan statistic F is introduced as a scoring function in the form of:
in the method, in the process of the invention,is a statistical function, S i * Is G i Alpha is the anomaly threshold value of the node, N α (S i * ) Is S i * The number of abnormal nodes, N (S) i * ) Is S i * The number of all nodes in the network; furthermore, to guarantee maximum abnormality, +.>Two attributes are satisfied: />With N α (S i * ) Monotonically increasing; />With N (S) i * )-N α (S i * ) Monotonically decreasing; thus use the Higher Criticum statistic as +.>
Fifthly, merging the results uploaded by each private network at the cloud end, aligning with the public network U, and obtaining all aligned abnormal subgraphs U * Summarizing into a set U m+1 ;
In order to obtain the alignment score of the alignment anomaly subgraph corresponding to each network, a statistic Q is introduced as a scoring function, and the form is as follows:
where σ is the alignment threshold, N σ (S i * U) is S i * With the number of aligned nodes in U, N (S i * ) Is S i * N (U) is the number of all nodes in U; the alignment probability of the node is from the pre-alignment matrix junction set h= (H) ij ),H ij Is G i And G j Ji Gailv matrix of pairs (i +.j);
step six, aligning the cloud end with the result U m+1 Distributing to each private network;
step seven, when U m =U m+1 At the time, the aligned abnormal subgraph S is returned i * And U * The method comprises the steps of carrying out a first treatment on the surface of the Otherwise, the iteration times m=m+1, and repeating the steps four to six until the stopping condition of the step seven is met.
2. The method for federal anomaly detection across a multi-attribute network according to claim 1, wherein the step three is characterized by the process of obtaining the alignment probability matrix set H: the method is realized by referring to a multi-network alignment method CrossMNA, a local private network, a downloaded public network edge set and a known anchor link are input, the training ratio is set to be 1.0, the training times are 400, and a pair Ji Maolian matrix H between networks is obtained ij Summarizing to obtain H; wherein H is ij Is G i And G j The pair Ji Gailv matrix of nodes between the nodes has the dimension of |V i |×|V j I, each value H in the matrix ij (v i ,v j ) Represented by node v i And node v j The alignment probability for the anchor node is in the range of [0,1]A larger value indicates a higher alignment probability and a 1 indicates that the two nodes are known anchor nodes.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210310593.6A CN114884688B (en) | 2022-03-28 | 2022-03-28 | Federal anomaly detection method across multi-attribute networks |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210310593.6A CN114884688B (en) | 2022-03-28 | 2022-03-28 | Federal anomaly detection method across multi-attribute networks |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114884688A CN114884688A (en) | 2022-08-09 |
CN114884688B true CN114884688B (en) | 2023-07-04 |
Family
ID=82668096
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210310593.6A Active CN114884688B (en) | 2022-03-28 | 2022-03-28 | Federal anomaly detection method across multi-attribute networks |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114884688B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104303153A (en) * | 2012-03-22 | 2015-01-21 | 洛斯阿拉莫斯国家安全股份有限公司 | Path scanning for the detection of anomalous subgraphs, anomaly/change detection and network situational awareness |
CN110795807A (en) * | 2019-10-28 | 2020-02-14 | 天津大学 | Complex network-based element abnormal structure detection model construction method |
CN112203282A (en) * | 2020-08-28 | 2021-01-08 | 中国科学院信息工程研究所 | 5G Internet of things intrusion detection method and system based on federal transfer learning |
CN112288094A (en) * | 2020-10-09 | 2021-01-29 | 武汉大学 | Federal network representation learning method and system |
CN113469234A (en) * | 2021-06-24 | 2021-10-01 | 成都卓拙科技有限公司 | Network flow abnormity detection method based on model-free federal meta-learning |
CN113656802A (en) * | 2021-07-19 | 2021-11-16 | 同盾科技有限公司 | Knowledge federation undirected graph-based federated loop detection method, system, device and medium |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10341253B2 (en) * | 2016-09-19 | 2019-07-02 | Accenture Global Solutions Limited | Automatic consolidation of network resources |
EP3333770A1 (en) * | 2016-12-09 | 2018-06-13 | Fujitsu Limited | Matching graph entities in graph data |
CN110569897A (en) * | 2019-08-30 | 2019-12-13 | 天津大学 | Community detection method in scale-free attribute network based on generative model |
CN111737647A (en) * | 2020-05-19 | 2020-10-02 | 北京明略软件系统有限公司 | Method and device for detecting abnormal connected subgraph |
CN112738015B (en) * | 2020-10-28 | 2023-05-02 | 北京工业大学 | Multi-step attack detection method based on interpretable convolutional neural network CNN and graph detection |
CN112650968B (en) * | 2020-11-18 | 2022-07-12 | 天津大学 | Abnormal subgraph detection method based on abnormal alignment model for multiple networks |
CN112422571A (en) * | 2020-11-19 | 2021-02-26 | 天津大学 | Method for carrying out exception alignment across multiple attribute networks |
CN112417303A (en) * | 2020-12-09 | 2021-02-26 | 天津大学 | Evolution algorithm for detecting multiple abnormal subgraphs from dynamic attribute graph |
CN112836713A (en) * | 2021-03-12 | 2021-05-25 | 南京大学 | Image anchor-frame-free detection-based mesoscale convection system identification and tracking method |
CN113468382B (en) * | 2021-07-01 | 2024-04-02 | 同盾控股有限公司 | Knowledge federation-based multiparty loop detection method, device and related equipment |
-
2022
- 2022-03-28 CN CN202210310593.6A patent/CN114884688B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104303153A (en) * | 2012-03-22 | 2015-01-21 | 洛斯阿拉莫斯国家安全股份有限公司 | Path scanning for the detection of anomalous subgraphs, anomaly/change detection and network situational awareness |
CN110795807A (en) * | 2019-10-28 | 2020-02-14 | 天津大学 | Complex network-based element abnormal structure detection model construction method |
CN112203282A (en) * | 2020-08-28 | 2021-01-08 | 中国科学院信息工程研究所 | 5G Internet of things intrusion detection method and system based on federal transfer learning |
CN112288094A (en) * | 2020-10-09 | 2021-01-29 | 武汉大学 | Federal network representation learning method and system |
CN113469234A (en) * | 2021-06-24 | 2021-10-01 | 成都卓拙科技有限公司 | Network flow abnormity detection method based on model-free federal meta-learning |
CN113656802A (en) * | 2021-07-19 | 2021-11-16 | 同盾科技有限公司 | Knowledge federation undirected graph-based federated loop detection method, system, device and medium |
Non-Patent Citations (3)
Title |
---|
"Anomaly-Structured Maximization to Query in Attributed Networks";NanNan Wu等;《https://arxiv.org/abs/2108.07405》;全文 * |
"基于联邦学习的网络异常检测";赵英等;《北京化工大学学报(自然科学版)》;全文 * |
武南南等."基于GSA与DE优化混合核ELM的网络异常检测模型".《计算机工程》.2021,全文. * |
Also Published As
Publication number | Publication date |
---|---|
CN114884688A (en) | 2022-08-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Chen et al. | Differentially private transit data publication: a case study on the montreal transportation system | |
Olszewski | Fraud detection using self-organizing map visualizing the user profiles | |
CN109800573B (en) | Social network protection method based on degree anonymity and link disturbance | |
Liu et al. | Backdoor attacks and defenses in feature-partitioned collaborative learning | |
CN112422571A (en) | Method for carrying out exception alignment across multiple attribute networks | |
Li et al. | Retracted: Design of multimedia blockchain privacy protection system based on distributed trusted communication | |
Yin et al. | GANs based density distribution privacy-preservation on mobility data | |
Zhao et al. | Federatedreverse: A detection and defense method against backdoor attacks in federated learning | |
CN114401136B (en) | Rapid anomaly detection method for multiple attribute networks | |
CN111475838B (en) | Deep neural network-based graph data anonymizing method, device and storage medium | |
Jiang et al. | Federated dynamic graph neural networks with secure aggregation for video-based distributed surveillance | |
Qian et al. | Social network de-anonymization: More adversarial knowledge, more users re-identified? | |
Ding et al. | AnoGLA: An efficient scheme to improve network anomaly detection | |
CN112560059B (en) | Vertical federal model stealing defense method based on neural pathway feature extraction | |
CN114884688B (en) | Federal anomaly detection method across multi-attribute networks | |
Zheng et al. | Wmdefense: Using watermark to defense byzantine attacks in federated learning | |
CN117272195A (en) | Block chain abnormal node detection method and system based on graph convolution attention network | |
Concone et al. | A novel recruitment policy to defend against sybils in vehicular crowdsourcing | |
CN115883213A (en) | APT detection method and system based on continuous time dynamic heterogeneous graph neural network | |
Srilatha et al. | DDoSNet: A Deep Learning Model for detecting Network Attacks in Cloud Computing | |
Tang et al. | A novel LDoS attack detection method based on reconstruction anomaly | |
WO2022146802A1 (en) | Systems and methods for detecting malicious network traffic using multi-domain machine learning | |
Shen et al. | Coordinated attacks against federated learning: A multi-agent reinforcement learning approach | |
Shah | Understanding and study of intrusion detection systems for various networks and domains | |
Chinnici et al. | The network topology of connecting things: defence of IoT graph in the smart city |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |