CN115883147A - Attacker portrait drawing method based on graph neural network - Google Patents
Attacker portrait drawing method based on graph neural network Download PDFInfo
- Publication number
- CN115883147A CN115883147A CN202211471609.8A CN202211471609A CN115883147A CN 115883147 A CN115883147 A CN 115883147A CN 202211471609 A CN202211471609 A CN 202211471609A CN 115883147 A CN115883147 A CN 115883147A
- Authority
- CN
- China
- Prior art keywords
- attack
- information
- graph
- attacker
- neural network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013528 artificial neural network Methods 0.000 title claims abstract description 43
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000007621 cluster analysis Methods 0.000 claims abstract description 16
- 239000011159 matrix material Substances 0.000 claims abstract description 10
- 238000012545 processing Methods 0.000 claims abstract description 9
- 230000006870 function Effects 0.000 claims description 15
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000012549 training Methods 0.000 claims description 6
- 239000013598 vector Substances 0.000 claims description 6
- 238000013145 classification model Methods 0.000 claims description 4
- 238000013507 mapping Methods 0.000 claims description 4
- 238000002474 experimental method Methods 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 claims description 3
- 238000005295 random walk Methods 0.000 claims description 3
- 239000011541 reaction mixture Substances 0.000 claims description 3
- 238000005070 sampling Methods 0.000 claims description 3
- 238000000605 extraction Methods 0.000 abstract description 2
- 238000004458 analytical method Methods 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000007613 environmental effect Effects 0.000 description 2
- 238000010606 normalization Methods 0.000 description 2
- 238000007637 random forest analysis Methods 0.000 description 2
- 230000011218 segmentation Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Devices For Executing Special Programs (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an attacker portrait drawing method based on a graph neural network, and relates to the technical field of information security. Acquiring attack information, and performing canonicalization processing on an attack event to enable information from different manufacturers and equipment to have the same dimension and format; initially constructing an attack event characteristic graph, determining nodes and a characteristic set of the nodes, generating edges according to the connection condition of the nodes, and storing edge information in the form of an adjacent matrix; the graph neural network represents learning, and the optimal high-level characteristics of the nodes are obtained through the network representation learning; and (5) carrying out cluster analysis on the attack event characteristic graph to obtain an image set of the attacker. The method is based on the graph neural network and the cluster analysis, realizes the feature extraction and the associated reasoning of the attack information, realizes the portrayal of the attacker under complex conditions by the graph neural network and the cluster analysis method, meets the requirement on the accurate portrayal of the attacker, and has wide application prospect.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an attacker portrait method based on a graph neural network.
Background
In recent years, the problem of network security is prominent, and attack means are diversified, and become more hidden, more intelligent and more difficult to discover. In this context, network security tracing has important significance. Some researches are carried out on portraying attackers based on a simple clustering model, namely clustering analysis is carried out through methods such as K-means according to extracted security logs and collected other data, but the method ignores hidden features among attack information and is difficult to accurately portray attackers. In addition, the method performs semantic identification and tracing based on a Transformer, however, the method needs a large amount of data for training, has weak association reasoning capability for attack information, and is easy to forge information such as IP addresses in a complex network environment, so that an accurate result cannot be finally obtained. Meanwhile, the existing method only uses partial attributes in the attack information, so that accurate tracing by thoroughly utilizing the attack information is difficult, and the application scene is limited.
In order to solve the problems that the attacker portrait is fuzzy and the attack information is difficult to carry out associative reasoning, it is particularly necessary to develop an attacker portrait method based on a graph neural network.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide the attacker portrait method based on the graph neural network, which is used for carrying out cluster analysis on attack information based on the graph neural network, meets the requirement on accurate portrait of the attacker and is easy to popularize and use.
In order to realize the purpose, the invention is realized by the following technical scheme: an attacker portrait method based on a graph neural network comprises the following steps:
s1, acquiring attack information;
s2, conducting canonicalization processing on the attack event to enable information from different manufacturers and equipment to have the same dimension and format;
s3, initially constructing an attack event characteristic graph, determining nodes and a characteristic set X of the nodes, generating edges according to the connection condition of the nodes, and storing edge information in the form of an adjacent matrix A;
s4, representing and learning by a neural network of the graph, and obtaining the optimal advanced features of the nodes through network representation and learning;
and S5, carrying out cluster analysis on the characteristic graph of the attack event to obtain an image set of the attacker.
Preferably, the step S1 specifically includes: alarm logs generated by open-source network security laboratories and manufacturers are collected, in order to guarantee real environmental conditions, subsets of data sets such as KDD99, IDS2017, digg, reddit and UNSW-NB15 are mixed for experiments, corresponding attack sources are labeled manually, and corresponding operation sets are mapped.
Preferably, the specific method of step S2 is:
s2.1: storing attack information from different manufacturers and equipment in the same format;
s2.2: defining characteristic dimensions, attack intentions and attack severity of attack modes through a national standard 'network attack definition and description standard', and determining detailed information such as superior-subordinate relationships of each attack mode, summaries of the attack modes and the like;
s2.3: performing canonicalization definition on the IP of the attacker, the IP of the victim, the characteristic information of the attacker and the characteristic information of the victim according to third party information and a knowledge base;
s2.4: adjusting the dimension of each attack information to make the attack information from different resources have the same dimension, and the step further comprises: the sample data set is all provided to an extreme random Tree (Extra Tree) based classification model to determine the importance of each feature attribute.
Preferably, the specific method of step S3 is:
s3.1: constructing a node connection unit according to the preprocessed information, and adding edge connection to nodes in the node set;
s3.2: and constructing an initial characteristic matrix X according to the characteristics of each node, and constructing an adjacent matrix A according to the relation between each node to obtain the attack network G = (V, E, X, A).
Preferably, the specific method of step S4 is:
s4.1: based on Node2vec network embedding method, learning network structure and Node adjacent information and other high-level characteristics;
s4.2: learning a graph neural network mapping function using a graph neural network based on the learned high-level features such that node v i Can aggregate its own features x i And feature x of the neighbor node i Generating a node v i Captures the dependencies of the data within the graph.
Preferably, the step S4.1 specifically includes:
s4.1.1: controlling a random walk strategy through the hyper-parameters p and q, and sampling to acquire information of an attack network;
s4.1.2: and (4) learning the network characteristics of each node through the Skip-Gram model by the network graph generated in the step S3.
Preferably, the step S4.2 specifically includes:
s4.2.1: according to the step S4.1, high-level characteristic information of network nodes and adjacent information is learned, firstly, a graph convolution neural network self-Encoder Encoder is constructed, and an input high-level characteristic information vector f is projected to an encoding space z by using the Encoder, namely z = Encoder (f);
s4.2.2: according to the encoder with attention mechanism, weighted average is carried out on the nodes, and the calculation formula is as follows:
in the formula (1), W ij Is the attention weight, u, between node i and node j i Is the set of all the neighboring nodes of i,
respectively information of the i node on k and k +1 layers, wherein sigma is a sigmoid function;
s4.2.3: calculating inner products among z nodes in the coding space; the penalty function of the graph self-encoder is represented as:
loss=-log(σ(z i ))-R·E v~P(v) log(σ(z i )) (2)
in the formula (2), v to P (v) represent negative sample numbers;
s4.2.4: minimizing the loss function, reasoning and capturing the dependency relationship of the data in the graph.
Preferably, the graph convolution neural network self-Encoder in the step s4.2.1 is specifically: the graph self-Encoder Encoder is realized by a graph convolution neural network, and the calculation method is as follows:
preferably, the step S5 of performing cluster analysis based on the feature vectors obtained by the neural network of the graph to portray the attacker includes:
s5.1: assume cluster center is x j Probability s that node i belongs to u class iu Expressed as:
in the formula (4), the reaction mixture is,
for the i node and cluster center as x j The distance of (a);
s5.2: to maximize the distance between each of the different classes, a target distribution t is defined i :
S5.3: loss function l of clustering model s Comprises the following steps:
s5.4 by minimizing l s Training the model according to the result of trainingAnd dividing the attack events with similar characteristics into a cluster to obtain the image of the attacker.
The invention has the beneficial effects that: the method is based on the graph neural network and the cluster analysis, can realize the feature extraction and the associated reasoning of the attack information, realizes the portrayal of the attacker under the complex condition by the graph neural network and the cluster analysis, meets the requirement of accurate portrayal of the attacker, and has wide application prospect.
Drawings
The invention is described in detail below with reference to the drawings and the detailed description;
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a flow chart of the algorithm of the present invention;
FIG. 3 is an exemplary diagram of attack mode of the public Standard "network attack definition and description Specification Standard" according to the present invention;
FIG. 4 is a schematic diagram of the definition of attack mode of the network attack definition and description Specification Standard according to the present invention.
Detailed Description
In order to make the technical means, the creation characteristics, the achievement purposes and the effects of the invention easy to understand, the invention is further described with the specific embodiments.
Referring to fig. 1 to 4, the following technical solutions are adopted in the present embodiment: an attacker portrait method based on a graph neural network comprises the following steps:
s1, acquiring attack information, specifically: alarm logs generated by open-source network security laboratories and manufacturers are collected, in order to guarantee real environmental conditions, subsets of data sets such as KDD99, IDS2017, digg, reddit and UNSW-NB15 are mixed for experiments, corresponding attack sources are labeled manually, and corresponding operation sets are mapped.
S2, conducting canonicalization processing on the attack event to enable information from different manufacturers and equipment to have the same dimension and format, and the specific method is as follows:
s2.1: storing attack information from different manufacturers and equipment in the same format;
s2.2: defining characteristic dimensions, attack intentions and attack severity of attack modes through a national standard 'network attack definition and description standard', and determining detailed information such as the superior-inferior relation, the summary and the like of each attack mode;
s2.3: carrying out paradigm definition on the IP of an attacker, the IP of a victim, the characteristic information of the attacker and the characteristic information of the victim according to third party information and a knowledge base;
s2.4: adjusting the dimension of each attack information to make the attack information from different resources have the same dimension, and the step further comprises: the sample data set is all provided to an extreme random Tree (Extra Tree) based classification model to determine the importance of each feature attribute.
S3, initially constructing an attack event characteristic graph, determining nodes and a characteristic set X of the nodes, generating edges according to the connection condition of the nodes, and storing edge information in the form of an adjacent matrix A; taking each attack event in the data set as a node of an attack network, and if the attack event occurs, establishing an edge between nodes corresponding to two users; acquiring initial characteristics of nodes and edges, and constructing an attack network G = (V, E, X, A), wherein the specific method comprises the following steps:
s3.1: constructing a node connection unit according to the preprocessed information, and adding edge connection to nodes in the node set;
s3.2: and constructing an initial characteristic matrix X according to the characteristics of each node, and constructing an adjacency matrix A according to the relation between each node to obtain the attack network G = (V, E, X, A).
And S4, representing and learning by a graph neural network, and obtaining the optimal high-level characteristics and the graph-level characteristic representation of the nodes through the network representation and learning. For an input feature graph G = (V, E, X, A), firstly, learning and obtaining the optimal high-level feature of a Node through a Node2vec algorithm, wherein the specific method comprises the following steps:
s4.1: based on Node2vec network embedding method, the method learns the structure of the network and the high-level characteristics such as the adjacent information of the nodes, and comprises the following steps:
s4.1.1: controlling a random walk strategy through the hyper-parameters p and q, and sampling to obtain information of an attack network;
s4.1.2: and learning the network characteristics of each node through the Skip-Gram model by the network graph generated in the step S3.
S4.2: learning a graph neural network mapping function using a graph neural network based on the learned high-level features such that node v i Can aggregate its own features x i And feature x of the neighbor node i Generating a node v i Captures the dependencies of the data within the graph. The method specifically comprises the following steps:
s4.2.1: according to the step S4.1, high-level feature information of network nodes and adjacent information is learned, firstly, a graph convolution neural network self-Encoder Encoder is constructed, and an input high-level feature information vector f is projected to an encoding space z by using the Encoder, namely z = Encoder (f); the self-Encoder Encoder of the graph convolution neural network is realized by the graph convolution neural network, and the calculation method is as follows:
s4.2.2: according to the encoder with attention mechanism, weighted average is carried out on the nodes, and the calculation formula is as follows:
in the formula (1), W ij Is the attention weight, u, between node i and node j i Is the set of all the neighboring nodes of i,
respectively information of the inode at k and k +1 layers, wherein sigma is a sigmoid function;
s4.2.3: calculating inner products among z nodes in the coding space; the loss function of the graph self-encoder is expressed as:
loss=-log(σ(z i ))-R·E v~P(v) log(σ(z i )) (2)
in the formula (2), v to P (v) represent negative sample numbers;
s4.2.4: minimizing the loss function, reasoning and capturing the dependency relationship of the data in the graph.
And S5, carrying out cluster analysis on the characteristic graph of the attack event to obtain an image set of the attacker. Performing cluster analysis based on the feature vectors obtained by the graph neural network to portray attackers, wherein the cluster analysis comprises the following steps:
s5.1: assume cluster center is x j Then the probability s that the node i belongs to the u class iu Expressed as:
in the formula (4), the reaction mixture is,
for the i node and cluster center as x j The distance of (a);
s5.2: to maximize the distance between each of the different classes, a target distribution t is defined i :
S5.3: loss function l of clustering model s Comprises the following steps:
s5.4 by minimizing l s And training the model, and dividing the attack events with similar characteristics into a cluster according to the training result to obtain the portrait of the attacker.
It should be noted that, in the step S2, the attack event is subjected to normalization processing and standardization processing according to the public standard of "network attack definition and description specification standard", so that attack information from different manufacturers and devices has the same dimension and format. Meanwhile, the IP of the attacker, the IP of the victim, the characteristic information of the attacker and the characteristic information of the victim are defined in a normal mode according to third party information and a knowledge base. So that attack information from different sources has the same format and dimension. It is easy to understand that the information data structures of different manufacturers and equipment have great difference, and can be uniformly analyzed and associated reasoning by big data only through paradigm processing.
The paradigm processing is carried out according to public standard of network attack definition and description specification standard, namely that an attack event is defined as a security event specification architecture taking an attack mode as a core, and the security event specification architecture covers a target characteristic dimension and an attack intention dimension. Attack severity, etc. Referring to fig. 3 and 4, for example, an attack event mainly includes: attack mode name, target type, target product, attack severity, protocol involved, operation time, operation account name, failure reason. The normalization process is to convert the larger data value into the smaller data value, fill in the empty values, and eliminate the abnormal values. The dimension adjustment refers to adjusting the dimension of each attack information, and selecting attributes useful for attack information analysis for information cluster analysis and association reasoning.
After the data are normalized and standardized, a word bank is manually arranged, word segmentation is carried out by using an LTP (low-temperature programming) language technology platform word segmentation device, noise is removed, and one-hot coding is carried out. Establishing a sample set D based on the processed data x (x =1.. T), putting the tree into an extreme random tree classification model, generating an extreme random forest, and determining the importance degree of each characteristic attribute according to the extreme random forest.
The specific embodiment is based on a graph neural network and a cluster analysis method, attack information data are collected firstly, a data set is subjected to canonicalization processing through network attack definition and description standard, then a characteristic graph is constructed, and representation learning is carried out based on the graph neural network. The graph neural network represents that learning is carried out, firstly, high-level features are extracted through Node2vec network embedding, then, the internal dependency relationship of a feature graph is captured through a graph convolution neural network, and finally, the portrait of an attacker is completed through cluster analysis. The method solves the problems that the picture of the attacker is fuzzy and the attack information is difficult to be associated and inferred, meets the requirement on accurate picture of the attacker, and has wide market application prospect.
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (10)
1. An attacker portrait method based on a graph neural network is characterized by comprising the following steps:
s1, acquiring attack information;
s2, performing canonicalization processing on the attack event to enable information from different manufacturers and equipment to have the same dimensionality and format;
s3, initially constructing an attack event characteristic graph, determining nodes and a characteristic set X of the nodes, generating edges according to the connection condition of the nodes, and storing edge information in the form of an adjacent matrix A;
s4, representing and learning by a neural network of the graph, and obtaining the optimal advanced features of the nodes through network representation and learning;
and S5, carrying out cluster analysis on the characteristic graph of the attack event to obtain an image set of the attacker.
2. The method for representing an attacker as claimed in claim 1, wherein the step S1 is specifically as follows: collecting alarm logs generated by open-source network security laboratories and manufacturers, mixing subsets of data sets of KDD99, IDS2017, digg, reddit and UNSW-NB15 for experiments, manually marking corresponding attack sources and mapping corresponding operation sets.
3. The method for representing an attacker according to claim 1, wherein the specific method of step S2 is:
s2.1: storing attack information from different manufacturers and equipment in the same format;
s2.2: defining characteristic dimensions, attack intentions and attack severity of attack modes through a national standard 'network attack definition and description standard', determining the superior-inferior relation of each attack mode and summary detailed information of the attack modes;
s2.3: carrying out paradigm definition on the IP of an attacker, the IP of a victim, the characteristic information of the attacker and the characteristic information of the victim according to third party information and a knowledge base;
s2.4: and adjusting the dimensionality of each attack information to ensure that the attack information from different resources has the same dimensionality.
4. The method for representing attackers based on graph neural network as claimed in claim 3, wherein the step S2.4 further comprises: the sample data set is all provided to an extreme random Tree (Extra Tree) based classification model to determine the importance of each feature attribute.
5. The method for representing an attacker according to claim 1, wherein the specific method of step S3 is:
s3.1: constructing a node connection unit according to the preprocessed information, and adding edge connection to nodes in the node set;
s3.2: and constructing an initial characteristic matrix X according to the characteristics of each node, and constructing an adjacency matrix A according to the relation between each node to obtain the attack network G = (V, E, X, A).
6. The method for representing an attacker as claimed in claim 1, wherein the specific method of step S4 is:
s4.1: learning the structure of the network and the adjacent information advanced characteristics of the nodes based on a Node2vec network embedding method;
s4.2: learning a graph neural network mapping function using a graph neural network based on the learned high-level features such that node v i Can aggregate its own features x i And feature x of the neighbor node i Generating a node v i Captures the dependencies of the data within the graph.
7. The method for representing an attacker as claimed in claim 6, wherein the step S4.1 specifically comprises:
s4.1.1: controlling a random walk strategy through the hyper-parameters p and q, and sampling to acquire information of an attack network;
s4.1.2: and learning the network characteristics of each node through the Skip-Gram model by the network graph generated in the step S3.
8. The method for representing an attacker as claimed in claim 6, wherein the step S4.2 specifically comprises:
s4.2.1: according to the step S4.1, high-level feature information of network nodes and adjacent information is learned, firstly, a graph convolution neural network self-Encoder Encoder is constructed, and an input high-level feature information vector f is projected to an encoding space z by using the Encoder, namely z = Encoder (f);
s4.2.2: according to the encoder with attention mechanism, weighted average is carried out on the nodes, and the calculation formula is as follows:
in the formula (1), W ij Is the attention weight, u, between node i and node j i Is the set of all the neighboring nodes of i,
respectively information of the i node on k and k +1 layers, wherein sigma is a sigmoid function;
s4.2.3: calculating inner products among z nodes in the coding space; the penalty function of the graph self-encoder is represented as:
loss=-log(σ(z i ))-R·E v~P(v) log(σ(z i )) (2)
in the formula (2), v to P (v) represent negative sample numbers;
s4.2.4: minimizing the loss function, reasoning and capturing the dependency relationship of the data in the graph.
9. The attacker portrait method based on graph neural network as claimed in claim 8, wherein the graph convolution neural network self-Encoder encor in step s4.2.1 specifically comprises: the graph self-Encoder is realized by a graph convolution neural network, and the calculation method is as follows:
10. the method for portraying attackers based on the neural network of the graph as claimed in claim 1, wherein the step S5 of performing cluster analysis based on the feature vectors obtained by the neural network of the graph to portray attackers comprises:
s5.1: assume cluster center is x j Then the probability s that the node i belongs to the u class iu Expressed as:
in the formula (4), the reaction mixture is,
for the i node and cluster center as x j The distance of (a);
s5.2: to maximize the distance between each of the different classes, a target distribution t is defined i :
S5.3: loss function l of clustering model s Comprises the following steps:
s5.4 by minimizing l s And training the model, and dividing the attack events with similar characteristics into a cluster according to the training result to obtain the portrait of the attacker.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211471609.8A CN115883147B (en) | 2022-11-22 | 2022-11-22 | Attacker portrait method based on graphic neural network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211471609.8A CN115883147B (en) | 2022-11-22 | 2022-11-22 | Attacker portrait method based on graphic neural network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115883147A true CN115883147A (en) | 2023-03-31 |
| CN115883147B CN115883147B (en) | 2023-10-13 |
Family
ID=85760640
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211471609.8A Active CN115883147B (en) | 2022-11-22 | 2022-11-22 | Attacker portrait method based on graphic neural network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115883147B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020206876A1 (en) * | 2019-04-08 | 2020-10-15 | 清华大学 | Method and device for constructing graph convolutional neural network for learning disentangled representation |
| CN112541022A (en) * | 2020-12-18 | 2021-03-23 | 网易(杭州)网络有限公司 | Abnormal object detection method, abnormal object detection device, storage medium and electronic equipment |
| CN112749323A (en) * | 2019-10-31 | 2021-05-04 | 北京沃东天骏信息技术有限公司 | Method and device for constructing user portrait |
| CN114547415A (en) * | 2022-02-23 | 2022-05-27 | 中原工学院 | Attack simulation method based on network threat information in industrial Internet of things |
| CN114579761A (en) * | 2022-03-02 | 2022-06-03 | 上海交通大学 | Information security knowledge entity relation connection prediction method, system and medium |
| CN114610967A (en) * | 2022-03-09 | 2022-06-10 | 东北大学 | Data augmentation method applied to user portrait field |
| CN114841296A (en) * | 2022-07-04 | 2022-08-02 | 北京六方云信息技术有限公司 | Device clustering method, terminal device and storage medium |
| CN115293919A (en) * | 2022-07-22 | 2022-11-04 | 浙江大学 | Graph neural network prediction method and system oriented to social network distribution generalization |
-
2022
- 2022-11-22 CN CN202211471609.8A patent/CN115883147B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020206876A1 (en) * | 2019-04-08 | 2020-10-15 | 清华大学 | Method and device for constructing graph convolutional neural network for learning disentangled representation |
| CN112749323A (en) * | 2019-10-31 | 2021-05-04 | 北京沃东天骏信息技术有限公司 | Method and device for constructing user portrait |
| CN112541022A (en) * | 2020-12-18 | 2021-03-23 | 网易(杭州)网络有限公司 | Abnormal object detection method, abnormal object detection device, storage medium and electronic equipment |
| CN114547415A (en) * | 2022-02-23 | 2022-05-27 | 中原工学院 | Attack simulation method based on network threat information in industrial Internet of things |
| CN114579761A (en) * | 2022-03-02 | 2022-06-03 | 上海交通大学 | Information security knowledge entity relation connection prediction method, system and medium |
| CN114610967A (en) * | 2022-03-09 | 2022-06-10 | 东北大学 | Data augmentation method applied to user portrait field |
| CN114841296A (en) * | 2022-07-04 | 2022-08-02 | 北京六方云信息技术有限公司 | Device clustering method, terminal device and storage medium |
| CN115293919A (en) * | 2022-07-22 | 2022-11-04 | 浙江大学 | Graph neural network prediction method and system oriented to social network distribution generalization |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115883147B (en) | 2023-10-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110084281B (en) | Image generation method, neural network compression method, related device and equipment | |
| US20240163684A1 (en) | Method and System for Constructing and Analyzing Knowledge Graph of Wireless Communication Network Protocol, and Device and Medium | |
| CN111797326A (en) | False news detection method and system fusing multi-scale visual information | |
| Idrissi et al. | An unsupervised generative adversarial network based-host intrusion detection system for internet of things devices | |
| CN114462520A (en) | Network intrusion detection method based on traffic classification | |
| CN114398557B (en) | Information recommendation method and device based on double images, electronic equipment and storage medium | |
| WO2023061082A1 (en) | Image security processing method and apparatus, electronic device, and storage medium | |
| CN112258254A (en) | Internet advertisement risk monitoring method and system based on big data architecture | |
| CN116342332A (en) | Auxiliary judging method, device, equipment and storage medium based on Internet | |
| CN117036843A (en) | Target detection model training method, target detection method and device | |
| CN115310589A (en) | Group identification method and system based on depth map self-supervision learning | |
| CN114584522A (en) | Identification method, system, medium and terminal of Internet of things equipment | |
| WO2024061141A1 (en) | Method for remote-sensing sample transfer under common knowledge constraints | |
| CN113569814A (en) | Unsupervised pedestrian re-identification method based on feature consistency | |
| CN117118693A (en) | Abnormal flow detection method, device, computer equipment and storage medium | |
| CN115883147A (en) | Attacker portrait drawing method based on graph neural network | |
| Remani et al. | Crime data optimization using neutrosophic logic based game theory | |
| CN116541792A (en) | Method for carrying out group partner identification based on graph neural network node classification | |
| CN116089644A (en) | Event detection method integrating multi-mode features | |
| CN114265954B (en) | Graph representation learning method based on position and structure information | |
| CN111768214A (en) | Product attribute prediction method, system, device and storage medium | |
| CN114896594A (en) | Malicious code detection device and method based on image feature multi-attention learning | |
| Wang et al. | A dynamic feature weighting method for mangrove pests image classification with heavy-tailed distributions | |
| Li et al. | Unsupervised steganalysis over social networks based on multi-reference sub-image sets | |
| Deng et al. | Representation separation adversarial networks for cross-modal retrieval |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A method of attacker profiling based on graph neural networks Granted publication date: 20231013 Pledgee: Zhejiang Hangzhou Yuhang Rural Commercial Bank Co.,Ltd. Science and Technology City Branch Pledgor: Zhejiang Yu'an Information Technology Co.,Ltd. Registration number: Y2024980010210 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |