CN115277185A - Operation and maintenance system anomaly detection method based on graph neural network - Google Patents
Operation and maintenance system anomaly detection method based on graph neural network Download PDFInfo
- Publication number
- CN115277185A CN115277185A CN202210885831.6A CN202210885831A CN115277185A CN 115277185 A CN115277185 A CN 115277185A CN 202210885831 A CN202210885831 A CN 202210885831A CN 115277185 A CN115277185 A CN 115277185A
- Authority
- CN
- China
- Prior art keywords
- node
- maintenance system
- graph
- neural network
- denotes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012423 maintenance Methods 0.000 title claims abstract description 55
- 238000001514 detection method Methods 0.000 title claims abstract description 16
- 238000013528 artificial neural network Methods 0.000 title claims abstract description 15
- 238000012544 monitoring process Methods 0.000 claims abstract description 20
- 238000003062 neural network model Methods 0.000 claims abstract description 18
- 206010000117 Abnormal behaviour Diseases 0.000 claims abstract description 7
- 230000002159 abnormal effect Effects 0.000 claims abstract description 7
- 238000010586 diagram Methods 0.000 claims abstract description 5
- 239000011159 matrix material Substances 0.000 claims description 18
- 238000000034 method Methods 0.000 claims description 14
- 230000005856 abnormality Effects 0.000 claims 1
- 238000004364 calculation method Methods 0.000 claims 1
- 230000004927 fusion Effects 0.000 abstract description 3
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 230000004931 aggregating effect Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3452—Performance evaluation by statistical analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
- G06F11/3476—Data logging
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/16—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Physics & Mathematics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Quality & Reliability (AREA)
- Software Systems (AREA)
- Evolutionary Computation (AREA)
- Probability & Statistics with Applications (AREA)
- Mathematical Physics (AREA)
- Artificial Intelligence (AREA)
- Mathematical Analysis (AREA)
- Evolutionary Biology (AREA)
- Algebra (AREA)
- Pure & Applied Mathematics (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Mathematical Optimization (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an operation and maintenance system anomaly detection method based on a graph neural network, which comprises the following steps: extracting monitoring characteristics of each device in the operation and maintenance system, and establishing an undirected graph of the operation and maintenance system based on the monitoring characteristics; extracting the running state characteristics of each device in the operation and maintenance system as the node attributes of the corresponding nodes; constructing an attribute relation graph of the operation and maintenance system according to the undirected graph and the node attributes; inputting the generated attribute relation diagram of the operation and maintenance system into a graph neural network model, and training through the graph neural network model; and acquiring an attribute relation graph of the operation and maintenance system to be classified, inputting the trained graph neural network model, and identifying abnormal behaviors of the operation and maintenance system. The invention has the beneficial effects that: the invention introduces the graph neural network, when judging whether a certain device is abnormal, not only the current device but also the characteristics of the associated devices are considered, and the characteristics of the current device and the associated devices are subjected to fusion analysis through an algorithm, so that more comprehensive detection accuracy is achieved.
Description
Technical Field
The invention relates to the technical field of network security, in particular to an operation and maintenance system anomaly detection method based on a graph neural network.
Background
In an IT analysis system, whether a certain device is abnormal or not can be generally judged according to the historical conditions of various operation indexes. For example, the flow rate suddenly becomes larger, smaller, and the like. There are also a number of artificial intelligence algorithms introduced into the anomaly analysis process. However, the current method can analyze the devices in isolation, and does not consider that when one device runs abnormally, the connected device can also be abnormal.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provides an operation and maintenance system abnormity detection method based on a graph neural network.
The object of the present invention is achieved by the following technical means. An operation and maintenance system anomaly detection method based on a graph neural network comprises the following steps:
(1) Extracting the monitoring characteristics of each device in the operation and maintenance system, establishing an undirected graph of the operation and maintenance system based on the monitoring characteristics, wherein each node in the undirected graph represents one device;
(2) Extracting the running state characteristics of each device in the operation and maintenance system as the node attributes of the corresponding nodes;
(3) Constructing an attribute relation graph of the operation and maintenance system according to the undirected graph and the node attributes;
(4) Inputting the generated attribute relational graph of the operation and maintenance system into a graph neural network model, training through the graph neural network model, and obtaining an abnormal behavior detection classification result of the operation and maintenance system through the trained graph neural network model;
(5) And acquiring an attribute relation diagram of the operation and maintenance system to be classified, inputting the trained neural network model, and identifying abnormal behaviors of the operation and maintenance system.
Furthermore, in the step (1), the monitoring features of each device in the operation and maintenance system are extracted, and the specific method is as follows: extracting index data of each device, wherein the index data comprises disk space, disk occupancy rate, CPU occupancy rate, memory occupancy rate, firewall opening state, port use condition, starting items and database use condition; and recording the index data according to a time period to obtain monitoring characteristics.
Furthermore, in the step (2), the operation state features of each device in the operation and maintenance system are extracted, and the specific method is as follows: extracting operation state data of each device, wherein the operation state data comprises network traffic data, query rate per second QPS and network traffic data off-peak value of each device, and the network traffic data comprises received network traffic data volume, sent network traffic data volume, received network data packet total volume, sent network data packet total volume, discarded network data packet number and error network data packet number; and recording the running state data according to a time period to obtain running state characteristics.
Further, in step (3), an attribute relationship graph G, G = (V, E, X) of the operation and maintenance system is constructed according to the undirected graph and the node attributes, where V represents each device node set in the operation and maintenance system, and V = { V = }mH, m =1,2, …, n, where m denotes a node, n denotes the number of nodes, vmA device representing a node m; e denotes a set of undirected edges constructed based on monitoring characteristics of the device, E = { E = { E =ij},i,j=1,2,…,n,eijDenotes a non-directional edge of node i and node j, if viAnd vjIs associated with, then eij=1, otherwise 0,viDevice with node i, vjDisplay sectionA device with point j; x represents a set of node attributes, X = { X =m},m=1,2,…,n,xmRepresenting the operating state characteristics of node m.
Furthermore, the method for constructing the relationship graph specifically comprises the following steps of:
(1) Calculating viConstructing a similarity matrix S according to the similarity of the nodes and other nodes;
wherein s isijRepresents the similarity of node i and node j, s11=s22…=snn=1;
(2) Obtaining an adjacent matrix A according to the similarity matrix S;
wherein a isijRepresenting the similarity of node i and node j in the adjacency matrix, a11=a22…=ann=1;
(3) Calculating the network flow data deviation peak value U of each node in the running state characteristicsm;
Um=f_m*ep_mM =1,2, …, n, where m denotes a node, n denotes the number of nodes, f _ m denotes the kurtosis of the network traffic data of the node m, and p _ m denotes the skewness of the network traffic data of the node m;
(4) Calculating the average value U of the partial peak values of the network traffic data of all the nodesavg;
When the content is less than or equal to 1 (U)avg/Ui)/(Uavg/Uj)<1.05 or 1. Ltoreq. Uavg/Uj)/(Uavg/Ui) Less than or equal to 1.05, or sij>When lambda is determined, if the adjacent matrix A is modified, i is not equal to j, let aij=aji=1, otherwise aij=aji=0; when i = j, a11=a22…=ann=1;
Wherein, UiRepresents the network traffic data off-peak value, U, of node ijRepresents the network flow data of the node j is biased to the peak value, lambda is a threshold value, ajiRepresenting the similarity of a node j and a node i in the adjacency matrix;
(5) When a isij=ajiIf =1, then v is representediAnd vjHaving associations, modifying sets of undirected edges E, Eij=1。
The invention has the beneficial effects that: the invention introduces the graph neural network, when judging whether a certain device is abnormal, not only the current device but also the characteristics of the associated devices are considered, and the characteristics of the current device and the associated devices are subjected to fusion analysis through an algorithm, so that more comprehensive detection accuracy is achieved.
Drawings
FIG. 1 is a schematic flow chart of the present invention.
Detailed Description
The invention will be described in detail below with reference to the following drawings:
as shown in fig. 1, an operation and maintenance system anomaly detection method based on a graph neural network includes the following steps:
(1) Extracting the monitoring characteristics of each device in the operation and maintenance system, establishing an undirected graph of the operation and maintenance system based on the monitoring characteristics, wherein each node in the undirected graph represents one device;
the method for extracting the monitoring characteristics of each device in the operation and maintenance system comprises the following steps: extracting index data of each device, wherein the index data comprises disk space, disk occupancy rate, CPU occupancy rate, memory occupancy rate, firewall opening state, port use condition, starting items and database use condition; since these data fluctuate with the service demand within one day, the index data need to be recorded in a time period to obtain monitoring characteristics.
In this embodiment, we only use several indexes, specifically, the monitoring feature vector of the device v can be expressed as: (Diskv _ t, diskv, CPUv, ROMv, wv, portv, sv);
wherein, diskv _ t represents the disk space of the device, diskxu represents the disk occupancy of the device v, CPUv represents the CPU occupancy of the device v, ROMv represents the memory occupancy of the device v, wv represents whether the device v opens the firewall (1 represents open, 0 represents not), portv represents the number of ports opened by the device v, and Sv represents the number of startup items of the device v.
(2) Extracting the running state characteristics of each device in the operation and maintenance system as the node attributes of the corresponding nodes, wherein the specific method comprises the following steps:
extracting operation state data of each device, wherein the operation state data comprises network traffic data, query rate per second QPS and network traffic data off-peak value of each device, and the network traffic data comprises received network traffic data volume, sent network traffic data volume, received network data packet total volume, sent network data packet total volume, discarded network data packet number and error network data packet number; since these data fluctuate with the service demand within one day, the operation state data needs to be recorded in a period of one hour to obtain the operation state characteristics.
In this embodiment, we only use several indexes, specifically, the running state feature vector of the device v may be represented as: (R _ v, S _ v, rp _ v, sp _ v, L _ v, wr _ v, QPS _ v, U _ v)
Wherein, R _ v represents the network traffic data volume received by the device, S _ v represents the network traffic data volume sent by the device v, rp _ v represents the total amount of network packets sent by the device v, sp _ v represents the total amount of network packets received, L _ v represents the total amount of packets discarded by the device v, wr _ v represents the total amount of packets with errors by the device v, QPS _ v represents the average value of the query rate per second of the device v within one hour, and U _ v represents the network traffic data off-peak value in the device v.
U_v=Um=f_m*ep_mM =1,2, …, n, where m denotes a node, n denotes the number of nodes, f _ m denotes the kurtosis of the network traffic data of node m, and p _ m denotes the skewness of the network traffic data of node m.
(3) Constructing an attribute relation graph G of the operation and maintenance system according to the undirected graph and the node attributes;
g = (V, E, X), wherein V represents in the operation and maintenance systemRespective device node sets, V = { V = { [ V ]mH, m =1,2, …, n, where m denotes a node, n denotes the number of nodes, vmA device representing a node m; e denotes a set of undirected edges constructed based on monitoring characteristics of the device, E = { E = {ij},i,j=1,2,…,n,eijDenotes a non-directional edge of node i and node j, if viAnd vjIs associated with, then eij=1, otherwise 0,viDevice with node i, vjA device representing a node j; x represents a set of node attributes, X = { X =m},m=1,2,…,n,xmRepresenting the operating state characteristics of the node m;
the method specifically comprises the following steps:
(3.1) regarding the monitoring characteristic and the running state characteristic of each device in the operation and maintenance system as a node viV is calculated by adopting Heat Kernel algorithmiThe similarity with the rest of the nodes can be defined as the similarity between the nodes. Calculating the similarity of each node with other nodes, and constructing a similarity matrix S;
wherein s isijRepresents the similarity of the node i and the node j, s11=s22…=snn=1;
(3.2) obtaining an adjacent matrix A according to the similarity matrix S;
wherein a isijRepresenting the similarity of node i and node j in the adjacency matrix, a11=a22…=ann=1;
(3.3) calculating the network flow data off-peak value U of each node in the running state characteristicsm;
Um=f_m*ep_mM =1,2, …, n, where m denotes nodes and n denotes nodesThe number of points, f _ m represents the kurtosis of the network traffic data of the node m, and p _ m represents the skewness of the network traffic data of the node m;
(3.4) calculating the average value U of the network traffic data off-peak values of all the nodesavg;
When the ratio of 1 to (U) is less than or equal toavg/Ui)/(Uavg/Uj)<1.05 or 1 ≦ (U)avg/Uj)/(Uavg/Ui) Less than or equal to 1.05, or sij>When lambda is determined, if the adjacent matrix A is modified, i is not equal to j, let aij=aji=1, otherwise aij=aji=0; i = j, a11=a22…=ann=1;
Wherein, UiRepresents the network traffic data off-peak value, U, of node ijRepresents the network traffic data off-peak value of the node j, ajiRepresenting the similarity of a node j and a node i in the adjacency matrix; lambda is a threshold value, which can be manually specified in advance, or can be obtained by training a small batch of samples.
(3.5) when aij=ajiIf =1, then v is representediAnd vjHaving associations, modifying sets of undirected edges E, Eij=1, i.e. updating the undirected edge set E. The core of the invention is the determination of E, the characteristics of the current equipment and the associated equipment are subjected to fusion analysis through an algorithm, the information of the nodes can be fully integrated, and new node representation is obtained by aggregating the characteristics of the nodes and the characteristics of the associated nodes.
(4) Inputting the generated attribute relation graph G of the operation and maintenance system into a graph neural network model, training through the graph neural network model, and obtaining abnormal behavior detection classification results of the operation and maintenance system through the trained graph neural network model; in some embodiments of the present invention, the used graph neural network model may be an existing neural network model such as a graph convolution neural network (GCN), graphSage, and a graph attention network (GAT), or may be another emerging graph neural network model suitable for the present invention. The input of the model can be expressed as [ label, node number, equipment monitoring characteristic, running state characteristic ], and the trained model is output and stored.
(5) And acquiring an attribute relation diagram of the operation and maintenance system to be classified (unknown equipment), inputting the trained neural network model of the diagram, and identifying abnormal behaviors of the operation and maintenance system, namely judging abnormal states of all the equipment of the operation and maintenance system.
It should be understood that equivalent substitutions and changes to the technical solution and the inventive concept of the present invention should be made by those skilled in the art to the protection scope of the appended claims.
Claims (5)
1. An operation and maintenance system anomaly detection method based on a graph neural network is characterized by comprising the following steps: the method comprises the following steps:
(1) Extracting monitoring characteristics of each device in the operation and maintenance system, and establishing an undirected graph of the operation and maintenance system based on the monitoring characteristics, wherein each node in the undirected graph represents one device;
(2) Extracting the running state characteristics of each device in the operation and maintenance system to be used as the node attributes of the corresponding nodes;
(3) Constructing an attribute relation graph of the operation and maintenance system according to the undirected graph and the node attributes;
(4) Inputting the generated attribute relational graph of the operation and maintenance system into a graph neural network model, training through the graph neural network model, and obtaining an abnormal behavior detection classification result of the operation and maintenance system through the trained graph neural network model;
(5) And acquiring an attribute relation diagram of the operation and maintenance system to be classified, inputting the trained neural network model, and identifying abnormal behaviors of the operation and maintenance system.
2. The abnormal detection method for the operation and maintenance system based on the graph neural network as claimed in claim 1, wherein the abnormal detection method comprises the following steps: in the step (1), the monitoring characteristics of each device in the operation and maintenance system are extracted, and the specific method comprises the following steps: extracting index data of each device, wherein the index data comprises disk space, disk occupancy rate, CPU occupancy rate, memory occupancy rate, firewall opening state, port use condition, starting items and database use condition; and recording the index data according to a time period to obtain monitoring characteristics.
3. The method for detecting the abnormity of the operation and maintenance system based on the graph neural network as claimed in claim 2, wherein: in the step (2), the operation state features of each device in the operation and maintenance system are extracted, and the specific method is as follows: extracting operation state data of each device, wherein the operation state data comprises network traffic data, query rate per second QPS and network traffic data off-peak value of each device, and the network traffic data comprises received network traffic data volume, sent network traffic data volume, received network data packet total volume, sent network data packet total volume, discarded network data packet number and error network data packet number; and recording the running state data according to a time period to obtain running state characteristics.
4. The method for detecting the abnormity of the operation and maintenance system based on the graph neural network as claimed in claim 3, wherein: in the step (3), an attribute relation graph G, G = (V, E, X) of the operation and maintenance system is constructed according to the undirected graph and the node attributes, where V represents each device node set in the operation and maintenance system, and V = { V = }mH, m =1,2, …, n, where m denotes a node, n denotes the number of nodes, vmA device representing a node m; e denotes a set of undirected edges constructed based on monitoring characteristics of the device, E = { E = {ij},i,j=1,2,…,n,eijDenotes a non-directional edge of node i and node j, if viAnd vjHas a relation of eij=1, otherwise 0,viDevice with node i, vjA device representing a node j; x represents a node attribute set, X = { X =m},m=1,2,…,n,xmRepresenting the operating state characteristics of node m.
5. The operation and maintenance system abnormality detection method based on the graph neural network according to claim 4, characterized in that: the method comprises the following steps:
(5.1) calculation of viConstructing a similarity matrix S according to the similarity of the nodes and other nodes;
wherein d isijRepresents the similarity of the node i and the node j, s11=s22…=snn=1;
(5.2) obtaining an adjacent matrix A according to the similarity matrix S;
wherein s isijRepresenting the similarity of node i and node j in the adjacency matrix, a11=a22…=ann=1;
(5.3) calculating the network flow data deviation peak value U of each node in the running state characteristicsm;
Um=f_m*ep_mM =1,2, …, n, where m denotes a node, n denotes the number of nodes, f _ m denotes the kurtosis of the network traffic data of the node m, and p _ m denotes the skewness of the network traffic data of the node m;
(5.4) calculating the average value U of the network traffic data off-peak values of all the nodesavg;
When the content is less than or equal to 1 (U)avg/Ui)/(Uavg/Uj)<1.05 or 1 ≦ (U)avg/Uj)/(Uavg/Ui) Less than or equal to 1.05, or sij>When lambda is determined, if the adjacent matrix A is modified, i is not equal to j, let aij=aji=1, otherwise aij=aji=0; when i = j, a11=a22…=ann=1;
Wherein, UiRepresents the network traffic data off-peak value, U, of node ijRepresents the network flow data of the node j is biased to the peak value, lambda is a threshold value, ajiRepresenting the similarity of a node j and a node i in the adjacency matrix;
(5.5) when aij=ajiIf =1, then v is representediAnd vjHaving associations, modifying undirected edge setsAnd E, Eij=1。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210885831.6A CN115277185B (en) | 2022-07-26 | 2022-07-26 | Operation and maintenance system anomaly detection method based on graph neural network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210885831.6A CN115277185B (en) | 2022-07-26 | 2022-07-26 | Operation and maintenance system anomaly detection method based on graph neural network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115277185A true CN115277185A (en) | 2022-11-01 |
CN115277185B CN115277185B (en) | 2024-02-20 |
Family
ID=83768329
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210885831.6A Active CN115277185B (en) | 2022-07-26 | 2022-07-26 | Operation and maintenance system anomaly detection method based on graph neural network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115277185B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113821793A (en) * | 2021-08-27 | 2021-12-21 | 北京工业大学 | Multi-stage attack scene construction method and system based on graph convolution neural network |
CN113935034A (en) * | 2021-09-14 | 2022-01-14 | 北京邮电大学 | Malicious code family classification method and device based on graph neural network and storage medium |
CN114389966A (en) * | 2022-03-24 | 2022-04-22 | 合肥综合性国家科学中心人工智能研究院(安徽省人工智能实验室) | Network traffic identification method and system based on graph neural network and stream space-time correlation |
CN114513367A (en) * | 2021-12-10 | 2022-05-17 | 西安电子科技大学 | Cellular network anomaly detection method based on graph neural network |
-
2022
- 2022-07-26 CN CN202210885831.6A patent/CN115277185B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113821793A (en) * | 2021-08-27 | 2021-12-21 | 北京工业大学 | Multi-stage attack scene construction method and system based on graph convolution neural network |
CN113935034A (en) * | 2021-09-14 | 2022-01-14 | 北京邮电大学 | Malicious code family classification method and device based on graph neural network and storage medium |
CN114513367A (en) * | 2021-12-10 | 2022-05-17 | 西安电子科技大学 | Cellular network anomaly detection method based on graph neural network |
CN114389966A (en) * | 2022-03-24 | 2022-04-22 | 合肥综合性国家科学中心人工智能研究院(安徽省人工智能实验室) | Network traffic identification method and system based on graph neural network and stream space-time correlation |
Also Published As
Publication number | Publication date |
---|---|
CN115277185B (en) | 2024-02-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110691100B (en) | Hierarchical network attack identification and unknown attack detection method based on deep learning | |
US8868985B2 (en) | Supervised fault learning using rule-generated samples for machine condition monitoring | |
CN110830450A (en) | Abnormal flow monitoring method, device and equipment based on statistics and storage medium | |
CN112910859B (en) | Internet of things equipment monitoring and early warning method based on C5.0 decision tree and time sequence analysis | |
CN113378990B (en) | Flow data anomaly detection method based on deep learning | |
CN114114039B (en) | Method and device for evaluating consistency of single battery cells of battery system | |
CN112134862B (en) | Coarse-fine granularity hybrid network anomaly detection method and device based on machine learning | |
CN115858794B (en) | Abnormal log data identification method for network operation safety monitoring | |
CN115684939A (en) | Battery charging abnormal state monitoring method and system based on machine learning | |
CN110544047A (en) | Bad data identification method | |
CN113259379A (en) | Abnormal alarm identification method, device, server and storage medium based on incremental learning | |
CN117411703A (en) | Modbus protocol-oriented industrial control network abnormal flow detection method | |
CN110022313B (en) | Polymorphic worm feature extraction and polymorphic worm identification method based on machine learning | |
CN107977672A (en) | SF6 equipment secondary failure diagnostic methods based on mass data concurrent operation | |
CN111428963B (en) | Data processing method and device | |
CN113010394A (en) | Machine room fault detection method for data center | |
CN117216713A (en) | Fault delimiting method, device, electronic equipment and storage medium | |
CN117118693A (en) | Abnormal flow detection method, device, computer equipment and storage medium | |
CN115514581B (en) | Data analysis method and equipment for industrial internet data security platform | |
CN115277185A (en) | Operation and maintenance system anomaly detection method based on graph neural network | |
CN115907954A (en) | Account identification method and device, computer equipment and storage medium | |
Mogensen et al. | Invariant ancestry search | |
Woodard et al. | Online model-based clustering for crisis identification in distributed computing | |
CN114154548A (en) | Sales data sequence classification method and device, computer equipment and storage medium | |
CN112099477B (en) | Fault tracing method in lithium ion battery production process |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |