CN115242544B - Network security situation awareness method and system based on improved Res2net - Google Patents

Network security situation awareness method and system based on improved Res2net Download PDF

Info

Publication number
CN115242544B
CN115242544B CN202210935115.4A CN202210935115A CN115242544B CN 115242544 B CN115242544 B CN 115242544B CN 202210935115 A CN202210935115 A CN 202210935115A CN 115242544 B CN115242544 B CN 115242544B
Authority
CN
China
Prior art keywords
data
res2net
global
feature map
layer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210935115.4A
Other languages
Chinese (zh)
Other versions
CN115242544A (en
Inventor
赵冬梅
宿梦月
吴亚星
孙明伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hebei Normal University
Original Assignee
Hebei Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hebei Normal University filed Critical Hebei Normal University
Priority to CN202210935115.4A priority Critical patent/CN115242544B/en
Publication of CN115242544A publication Critical patent/CN115242544A/en
Application granted granted Critical
Publication of CN115242544B publication Critical patent/CN115242544B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Biophysics (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computational Linguistics (AREA)
  • Health & Medical Sciences (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Molecular Biology (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a network security situation awareness method and a system based on an improved Res2net, wherein the method comprises the following steps: acquiring network traffic data and preprocessing the network traffic data; introducing a first global-local feature extraction module between a first hierarchy and a second hierarchy of a Res2net model, and introducing a second global-local feature extraction module between the second hierarchy and a third hierarchy of the Res2net model to obtain an improved Res2net model; and inputting the preprocessed network traffic data into the improved Res2net model for feature classification, and analyzing the network security situation according to classification results. The network traffic data can be extracted in depth space-time characteristics by improving the Res2net model, and the accuracy of network security situation awareness can be improved.

Description

Network security situation awareness method and system based on improved Res2net
Technical Field
The invention relates to the technical field of network security situation awareness, in particular to a network security situation awareness method and system based on improved Res2 net.
Background
With the vigorous development of 5G technology and Internet and the continuous concussion of the present international situation, various network security threat problems are endless. Aiming at the characteristics of huge network data volume, various data formats, multiple feature dimensions and complex feature nonlinear relations, the network security situation awareness technology correspondingly provides higher requirements. In early research, students mostly adopt a traditional network security situation awareness method, and analyze network situation by using a mathematical model, probability statistics and other methods, but the traditional method has the defects of low running speed and poor classification robustness when facing high-quantity and high-dimension data. Therefore, the invention provides a network security situation awareness method and system based on improved Res2 net.
Disclosure of Invention
The invention aims to provide a network security situation awareness method and system based on an improved Res2net, which can be used for extracting deep space-time characteristics of network traffic data based on an improved Res2net model and improving accuracy of network security situation awareness.
In order to achieve the above object, the present invention provides the following solutions:
a network security situation awareness method based on an improved Res2net comprises the following steps:
acquiring network traffic data and preprocessing the network traffic data;
introducing a first global-local feature extraction module between a first hierarchy and a second hierarchy of a Res2net model, and introducing a second global-local feature extraction module between the second hierarchy and a third hierarchy of the Res2net model to obtain an improved Res2net model; the first global-local feature extraction module and the second global-local feature extraction module are both used for extracting depth space-time features in the network traffic data;
training the improved Res2net model by using the preprocessed network traffic data to obtain a trained model, and sensing network security situation of the network traffic data to be detected by using the trained model.
A network security posture awareness system based on an improved Res2net, comprising:
the data processing module is used for acquiring network flow data and preprocessing the network flow data;
the model construction module is used for introducing a first global-local feature extraction module between a first layering and a second layering of the Res2net model, and introducing a second global-local feature extraction module between the second layering and a third layering of the Res2net model to obtain an improved Res2net model; the first global-local feature extraction module and the second global-local feature extraction module are both used for extracting depth space-time features in the network traffic data;
the network security situation awareness module is used for training the improved Res2net model by utilizing the preprocessed network traffic data to obtain a trained model, and performing network security situation awareness on the network traffic data to be detected by utilizing the trained model.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the invention relates to a network security situation awareness method and a system based on an improved Res2net, wherein the method comprises the following steps: acquiring network traffic data and preprocessing the network traffic data; introducing a first global-local feature extraction module between a first hierarchy and a second hierarchy of a Res2net model, and introducing a second global-local feature extraction module between the second hierarchy and a third hierarchy of the Res2net model to obtain an improved Res2net model; and inputting the preprocessed network flow data into the improved Res2net model to obtain a network security situation sensing result. The network security situation awareness accuracy can be improved by improving the Res2net model to conduct deep space-time feature extraction on network flow data.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a network security situation awareness method based on an improved Res2net according to embodiment 1 of the present invention;
FIG. 2 is a diagram showing the structure of an improved Res2net model provided in embodiment 1 of the present invention;
FIG. 3 is a block diagram of a global-local feature extraction module provided in embodiment 1 of the present invention;
fig. 4 is a block diagram of a residual module provided in embodiment 1 of the present invention;
FIG. 5 is a training flowchart of the improved Res2net model provided in embodiment 1 of the present invention;
fig. 6 is a block diagram of a network security situation awareness system based on an improved Res2net according to embodiment 2 of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention aims to provide a network security situation awareness method and system based on an improved Res2net, which are used for excavating characteristic association information of time and space dimensions by constructing an improved Res2net model from the aspects of time and space, extracting classification characteristics with higher hierarchy, stronger expressive performance and class representativeness, and further improving accuracy and robustness of network security situation awareness.
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.
Example 1
As shown in fig. 1, the present embodiment provides a network security situation awareness method based on improved Res2net, including:
s1: acquiring network traffic data and preprocessing the network traffic data; in this embodiment, the UNSW-NB15 data set is processed, and the processing operation includes: blank value deletion and filling of data, data normalization, and single-hot encoding and data slicing operation of character type features.
Specifically, step S1 specifically includes:
s11: cleaning the network flow data, and removing data lines with blank value occupation ratio higher than a preset value; for example, three columns of data including ct_ flw _http_mthd, is_ftp_logic and ct_ftp_cmd have more blank values, and the classification effect is affected. The nonsensical columns in the dataset srcip, sport, dstip, dsport, etc. are deleted.
S12: carrying out standardization processing on numerical data in the cleaned data;
s13: performing single-heat encoding operation on character data in the standardized data;
s14: slicing the data subjected to the single-heat coding to obtain a plurality of data sheets; each of the data slices includes N feature variables.
The step S14 specifically includes:
and setting a sliding window super parameter T, wherein the parameter T can be set to be 4, and can also take any value.
Moving a window by a distance of a preset step length (which can be set to 1 or any other value) by utilizing a sliding window, and dividing the data subjected to the single-heat coding into a plurality of data pieces (the data pieces have the size of T multiplied by N); for example:
Figure BDA0003783184290000041
wherein X represents preprocessed network flow data; x is X t Representing a t-th data slice; t=1, 2,; n=1, 2,..n.
Taking the parameter T as 4, the step length as 1 and the feature variable number N as 199 as an example, a data slice with the size of 4×199 is obtained.
Performing dimension adjustment on each data sheet to obtain adjusted data sheets; specifically, each sliced data slice is converted into a tensor size (1×t×n), and the data format of the adjusted data slice is suitable for the improved Res2net model, that is, the adjusted data slice is the tensor of data required by the improved Res2net model (deep learning framework).
S2: and introducing a first global-local feature extraction module GLM1 between a first layered Layer1 and a second layered Layer2 of the Res2net model, and introducing a second global-local feature extraction module GLM2 between the second layered Layer2 and a third layered Layer3 of the Res2net model to obtain the improved Res2net model. As shown in fig. 2, when the network security situation awareness model is constructed, a Res2Net model is taken as a basic model, and the focus is to introduce two global-local feature extraction modules on the basis of the traditional Res2Net model structure. Wherein each hierarchy of the Res2net model contains a fixed number of residual modules, the residual module structure is shown in fig. 3. Four layers are included in the Res2net model, and the proposed global-local feature extraction module is a module connected in series between the first layer and the second layer, and a module connected in series between the second layer and the third layer.
The first global-local feature extraction module GLM1 and the second global-local feature extraction module GLM2 are both configured to extract deep spatiotemporal features in the network traffic data. Specifically, as shown in fig. 4, the first global-local feature extraction module GLM1 includes a global branch unit, a local branch unit, a feature merging operation layer, and a first convolution layer Conv1; the second global-local feature extraction module GLM2 has the same structure as the first global-local feature extraction module GLM 1;
the global branch unit comprises a second convolution layer Conv2, a longitudinal pooling layer, a transverse pooling layer and a Hadamard product operation layer;
the input end of the second convolution Layer Conv2 is connected with the output end of the first layered Layer1 or the second layered Layer2, and the output end of the second convolution Layer Conv2 is connected with the input end of the longitudinal pooling Layer and the input end of the transverse pooling Layer; the output end of the longitudinal pooling layer and the output end of the transverse pooling layer are connected with the Hadamard product operation layer;
the local branch unit comprises a third convolution layer Conv3 and a fourth convolution layer Conv4 which are connected in series;
the input end of the third convolution Layer Conv3 is connected with the output end of the first layered Layer1 or the second layered Layer2, and the output end of the fourth convolution Layer Conv4 and the output end of the Hadamard product operation Layer are both connected with the feature combination operation Layer; and the output end of the characteristic merging operation Layer is connected with the input end of the second layered Layer2 or the input end of the third layered Layer 3.
In constructing the improved Res2net model, a convolution layer + normalization layer + activation function layer is also provided before the model. The convolution kernel size is 1×1, the number of output channels is 16, and the implementation is because the input feature map channels are expanded to 16 channels, so that the Res2net network model is better matched.
S3: training the improved Res2net model by using the preprocessed network traffic data to obtain a trained model, and sensing network security situation of the network traffic data to be detected by using the trained model.
In step S3, performing network security situation awareness on the network traffic data to be tested by using the trained model specifically includes:
(1) Inputting the network traffic data to be tested into the first layered Layer1 of the trained model for processing to obtain a first feature map;
(2) And inputting the first feature map to the first global-local feature extraction module GLM1 for feature extraction to obtain a second feature map.
As shown in fig. 4, the inputting the first feature map to the first global-local feature extraction module GLM1 to perform feature extraction to obtain a second feature map specifically includes:
inputting the first feature map to the second convolution layer Conv2 for dimension reduction;
performing longitudinal banding pooling (global extraction of feature variable information contained in each column of the feature map) and transverse banding pooling (global extraction of time feature information contained in each row of the feature map) on the feature map subjected to the first dimension reduction treatment through the longitudinal pooling layer and the transverse pooling layer to obtain a first branch feature map and a second branch feature map;
carrying out Hadamard product operation on the first branch characteristic diagram and the second branch characteristic diagram through the Hadamard product operation layer to obtain a characteristic diagram of global branch output;
performing dimension reduction processing on the first feature map through the third convolution layer Conv3, and performing local feature extraction on the feature map subjected to the second dimension reduction processing through the fourth convolution layer Conv4 to obtain a feature map of local branch output;
and carrying out feature combination on the feature map of the global branch output and the feature map of the local branch output through the feature combination operation layer, and then carrying out dimension reduction processing through the first convolution layer Conv1 to obtain the second feature map.
(3) Inputting the second feature map to the second layered Layer2 for processing, and then inputting the second feature map to the second global-local feature extraction module GLM2 for feature extraction to obtain a third feature map;
(4) And sequentially inputting the third characteristic map to a full-connection Layer (FCLayer) and a Softmax Layer for characteristic classification after sequentially passing through the third layered Layer3 and a fourth layered Layer4 of the Res2net model, and analyzing the network security situation according to a classification result.
In step S3, as shown in fig. 5, when training the improved Res2net model (neural network model in fig. 5) by using the preprocessed network traffic data, the preprocessed network traffic data is divided into a training set and a test set; the training set is input into an improved Res2net model for training, parameters such as an optimizer, a loss function, a learning rate and a Batchsize are set, in this embodiment, the optimizer is set to Adam, the loss function is a cross entropy loss function, the learning rate is set to 0.0001, the Batchsize is set to 512, the setting of the parameters can be adjusted according to requirements, no limitation is made here, and then the parameters of the improved Res2net model are trained. After training is completed, the test set is input into a model with the completed training, and analysis and evaluation of network security situation are carried out.
In this embodiment, the constructed global-local feature extraction module can effectively extract data time and space dimension feature information, can deeply mine data feature space information, and can effectively reserve time feature information of data. And the time feature extraction process of LSTM can be replaced by using a pure convolution network, so that the accuracy and the robustness of the model are effectively improved.
Example 2
As shown in fig. 6, the present embodiment provides a network security posture sensing system based on improved Res2net, including:
the data processing module M1 is used for acquiring network flow data and preprocessing the network flow data;
the data processing module M1 specifically includes:
the cleaning submodule M11 is used for cleaning the network flow data and removing data rows with the blank value occupancy rate higher than a preset value;
the standardized processing submodule M12 is used for carrying out standardized processing on numerical value data in the cleaned data;
the coding submodule M13 is used for performing single-heat coding operation on character data in the standardized data;
the slicing submodule M14 is used for slicing the data subjected to the single-heat coding to obtain a plurality of data slices; each of the data slices includes N feature variables.
The slicing submodule M14 specifically includes:
the super parameter setting unit is used for setting a sliding window super parameter T;
the splitting unit is used for moving the window by utilizing the sliding window at a distance of a preset step length and splitting the data subjected to the single-heat coding into a plurality of data pieces;
the dimension adjustment unit is used for carrying out dimension adjustment on each data sheet to obtain adjusted data sheets; the adjusted data slice is the data tensor required by the improved Res2net model.
The model building module M2 is used for introducing a first global-local feature extraction module GLM1 between a first layered Layer1 and a second layered Layer2 of the Res2net model, and introducing a second global-local feature extraction module GLM2 between the second layered Layer2 and a third layered Layer3 of the Res2net model, so as to obtain an improved Res2net model;
the network security situation awareness module M3 is configured to train the improved Res2net model by using the preprocessed network traffic data, obtain a trained model, and perform network security situation awareness on the network traffic data to be detected by using the trained model.
The network security situation awareness module M3 specifically includes:
the first feature map acquisition sub-module is used for inputting the network traffic data to be tested into the first layered Layer1 of the trained model for processing to obtain a first feature map;
the second feature map obtaining sub-module is used for inputting the first feature map to the first global-local feature extraction module GLM1 for feature extraction to obtain a second feature map;
the third feature map obtaining sub-module is used for inputting the second feature map to the second layered Layer2 for processing and then inputting the second feature map to the first global-local feature extraction module GLM2 for feature extraction to obtain a third feature map;
and the network security situation awareness submodule is used for sequentially inputting the third characteristic diagram to the full-connection Layer and the Softmax Layer for feature classification after sequentially passing through the third layered Layer3 and the fourth layered Layer4 of the Res2net model, and analyzing the network security situation according to a classification result.
For the system disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
The principles and embodiments of the present invention have been described herein with reference to specific examples, the description of which is intended only to assist in understanding the methods of the present invention and the core ideas thereof; also, it is within the scope of the present invention to be modified by those of ordinary skill in the art in light of the present teachings. In view of the foregoing, this description should not be construed as limiting the invention.

Claims (6)

1. A network security situation awareness method based on an improved Res2net, comprising:
acquiring network traffic data and preprocessing the network traffic data;
introducing a first global-local feature extraction module between a first hierarchy and a second hierarchy of a Res2net model, and introducing a second global-local feature extraction module between the second hierarchy and a third hierarchy of the Res2net model to obtain an improved Res2net model; the first global-local feature extraction module and the second global-local feature extraction module are both used for extracting depth space-time features in the network traffic data;
training the improved Res2net model by using the preprocessed network traffic data to obtain a trained model, and sensing network security situation of the network traffic data to be tested by using the trained model;
preprocessing the network traffic data, specifically including:
cleaning the network flow data, and removing data lines with blank value occupation ratio higher than a preset value;
carrying out standardization processing on numerical data in the cleaned data;
performing single-heat encoding operation on character data in the standardized data;
slicing the data subjected to the single-heat coding to obtain a plurality of data sheets; each data slice comprises N characteristic variables;
slicing the data subjected to the single-heat encoding to obtain a plurality of data pieces, wherein the slicing comprises the following steps:
setting a sliding window super parameter T;
moving a window by utilizing a sliding window at a distance of a preset step length, and dividing the data subjected to the single-heat coding into a plurality of data pieces;
performing dimension adjustment on each data sheet to obtain adjusted data sheets; the adjusted data slice is the data tensor required by the improved Res2net model.
2. The method of claim 1, wherein the first global-local feature extraction module comprises a global branching unit, a local branching unit, a feature merge operation layer, and a first convolution layer; the second global-local feature extraction module has the same structure as the first global-local feature extraction module;
the global branch unit comprises a second convolution layer, a longitudinal pooling layer, a transverse pooling layer and a Hadamard product operation layer;
the input end of the second convolution layer is connected with the output end of the first layering or the second layering, and the output end of the second convolution layer is connected with the input end of the longitudinal pooling layer and the input end of the transverse pooling layer; the output end of the longitudinal pooling layer and the output end of the transverse pooling layer are connected with the Hadamard product operation layer;
the local branch unit comprises a third convolution layer and a fourth convolution layer which are connected in series;
the input end of the third convolution layer is connected with the output end of the first layering or the second layering, and the output end of the fourth convolution layer and the output end of the Hadamard product operation layer are both connected with the characteristic merging operation layer; and the output end of the characteristic merging operation layer is connected with the input end of the second layer or the input end of the third layer.
3. The method according to claim 2, wherein the network security situation awareness for the network traffic data to be tested by using the trained model specifically includes:
inputting the network traffic data to be tested into the first layering of the trained model for processing to obtain a first feature map;
inputting the first feature map to the first global-local feature extraction module for feature extraction to obtain a second feature map;
inputting the second feature map to the second hierarchical layer for processing, and then inputting the second feature map to the second global-local feature extraction module for feature extraction to obtain a third feature map;
and sequentially inputting the third feature map to a full-connection layer and a Softmax layer after sequentially passing through the third layering and a fourth layering of the Res2net model to perform feature classification, and analyzing the network security situation according to classification results.
4. A method according to claim 3, wherein the inputting the first feature map into the first global-local feature extraction module performs feature extraction to obtain a second feature map, specifically includes:
inputting the first feature map to the second convolution layer for dimension reduction;
performing longitudinal strip pooling and transverse strip pooling on the feature map subjected to the first dimension reduction treatment through the longitudinal pooling layer and the transverse pooling layer to obtain a first branch feature map and a second branch feature map;
carrying out Hadamard product operation on the first branch characteristic diagram and the second branch characteristic diagram through the Hadamard product operation layer to obtain a characteristic diagram of global branch output;
performing dimension reduction processing on the first feature map through the third convolution layer, and performing local feature extraction on the feature map subjected to the second dimension reduction processing through the fourth convolution layer to obtain a feature map of local branch output;
and carrying out feature combination on the feature map of the global branch output and the feature map of the local branch output through the feature combination operation layer, and then carrying out dimension reduction processing through the first convolution layer to obtain the second feature map.
5. A network security posture awareness system based on an improved Res2net, comprising:
the data processing module is used for acquiring network flow data and preprocessing the network flow data;
the data processing module specifically comprises:
the cleaning submodule is used for cleaning the network flow data and removing data lines with the blank value occupancy rate higher than a preset value;
the standardized processing submodule is used for carrying out standardized processing on numerical data in the cleaned data;
the coding sub-module is used for performing single-heat coding operation on character type data in the standardized data;
the slicing submodule is used for slicing the data subjected to the single-heat coding to obtain a plurality of data slices; each data slice comprises N characteristic variables;
the slicing submodule specifically comprises:
the super parameter setting unit is used for setting a sliding window super parameter T;
the splitting unit is used for moving the window by utilizing the sliding window at a distance of a preset step length and splitting the data subjected to the single-heat coding into a plurality of data pieces;
the dimension adjustment unit is used for carrying out dimension adjustment on each data sheet to obtain adjusted data sheets; the adjusted data sheet is the data tensor required by the improved Res2net model;
the model construction module is used for introducing a first global-local feature extraction module between a first layering and a second layering of the Res2net model, and introducing a second global-local feature extraction module between the second layering and a third layering of the Res2net model to obtain an improved Res2net model; the first global-local feature extraction module and the second global-local feature extraction module are both used for extracting depth space-time features in the network traffic data;
the network security situation awareness module is used for training the improved Res2net model by utilizing the preprocessed network traffic data to obtain a trained model, and performing network security situation awareness on the network traffic data to be detected by utilizing the trained model.
6. The system of claim 5, wherein the network security posture awareness module specifically comprises:
the first feature map acquisition sub-module is used for inputting the network traffic data to be tested into the first layering of the trained model for processing to obtain a first feature map;
the second feature map acquisition sub-module is used for inputting the first feature map to the first global-local feature extraction module for feature extraction to obtain a second feature map;
the third feature map obtaining sub-module is used for inputting the second feature map into the second hierarchical layer for processing and then inputting the second feature map into the second global-local feature extraction module for feature extraction to obtain a third feature map;
and the network security situation awareness submodule is used for sequentially inputting the third characteristic diagram to the full-connection layer and the Softmax layer after sequentially passing through the third layering and the fourth layering of the Res2net model to conduct characteristic classification, and analyzing the network security situation according to classification results.
CN202210935115.4A 2022-08-05 2022-08-05 Network security situation awareness method and system based on improved Res2net Active CN115242544B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210935115.4A CN115242544B (en) 2022-08-05 2022-08-05 Network security situation awareness method and system based on improved Res2net

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210935115.4A CN115242544B (en) 2022-08-05 2022-08-05 Network security situation awareness method and system based on improved Res2net

Publications (2)

Publication Number Publication Date
CN115242544A CN115242544A (en) 2022-10-25
CN115242544B true CN115242544B (en) 2023-05-30

Family

ID=83678868

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210935115.4A Active CN115242544B (en) 2022-08-05 2022-08-05 Network security situation awareness method and system based on improved Res2net

Country Status (1)

Country Link
CN (1) CN115242544B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116318907B (en) * 2023-02-28 2023-12-08 上海熙宥信息科技有限公司 Method and system for analyzing computer network situation based on big data and neural network

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106953862B (en) * 2017-03-23 2020-09-25 全球能源互联网研究院有限公司 Sensing method and device for network security situation and sensing model training method and device
CN112287931B (en) * 2020-12-30 2021-03-19 浙江万里学院 Scene text detection method and system
CN112949821B (en) * 2021-01-28 2024-02-02 河北师范大学 Network security situation awareness method based on dual-attention mechanism
CN114547608A (en) * 2022-01-28 2022-05-27 大连大学 Network security situation assessment method based on noise reduction self-coding kernel density estimation
CN114821069B (en) * 2022-05-27 2024-04-26 昆明理工大学 Construction semantic segmentation method for remote sensing image of double-branch network fused with rich-scale features

Also Published As

Publication number Publication date
CN115242544A (en) 2022-10-25

Similar Documents

Publication Publication Date Title
CN110533103B (en) Lightweight small object target detection method and system
CN115242544B (en) Network security situation awareness method and system based on improved Res2net
CN103903261B (en) Spectrum image processing method based on partition compressed sensing
CN105608454A (en) Text structure part detection neural network based text detection method and system
CN112767423B (en) Remote sensing image building segmentation method based on improved SegNet
CN112597985A (en) Crowd counting method based on multi-scale feature fusion
CN111401149B (en) Lightweight video behavior identification method based on long-short-term time domain modeling algorithm
CN109615604A (en) Accessory appearance flaw detection method based on image reconstruction convolutional neural networks
CN107169492A (en) Polarization SAR object detection method based on FCN CRF master-slave networks
CN113850284B (en) Multi-operation detection method based on multi-scale feature fusion and multi-branch prediction
CN117056863B (en) Big data processing method based on multi-mode data fusion
CN111738044A (en) Campus violence assessment method based on deep learning behavior recognition
CN113658200A (en) Edge perception image semantic segmentation method based on self-adaptive feature fusion
CN113192076A (en) MRI brain tumor image segmentation method combining classification prediction and multi-scale feature extraction
CN115100549A (en) Transmission line hardware detection method based on improved YOLOv5
CN109918648A (en) A kind of rumour depth detection method based on the scoring of dynamic sliding window feature
CN116309485A (en) Pavement crack detection method for improving UNet network structure
CN115249331A (en) Mine ecological safety identification method based on convolutional neural network model
CN114170581B (en) Anchor-Free traffic sign detection method based on depth supervision
CN117911677A (en) Tunnel lining crack intelligent identification method based on small target identification algorithm
CN116704444A (en) Video abnormal event detection method based on cascade attention U-Net
CN116721078A (en) Strip steel surface defect detection method and device based on deep learning
CN110599460A (en) Underground pipe network detection and evaluation cloud system based on hybrid convolutional neural network
CN116665451A (en) Real-time positioning command processing system based on traffic information of congested road section
CN105469601A (en) A road traffic space data compression method based on LZW coding

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant