CN115883147B - Attacker portrait method based on graphic neural network - Google Patents
Attacker portrait method based on graphic neural network Download PDFInfo
- Publication number
- CN115883147B CN115883147B CN202211471609.8A CN202211471609A CN115883147B CN 115883147 B CN115883147 B CN 115883147B CN 202211471609 A CN202211471609 A CN 202211471609A CN 115883147 B CN115883147 B CN 115883147B
- Authority
- CN
- China
- Prior art keywords
- attack
- information
- graph
- nodes
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013528 artificial neural network Methods 0.000 title claims abstract description 39
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000007621 cluster analysis Methods 0.000 claims abstract description 15
- 239000011159 matrix material Substances 0.000 claims abstract description 10
- 238000012545 processing Methods 0.000 claims abstract description 9
- 230000006870 function Effects 0.000 claims description 15
- 238000012549 training Methods 0.000 claims description 7
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000013145 classification model Methods 0.000 claims description 4
- 125000003275 alpha amino acid group Chemical group 0.000 claims description 3
- 150000001875 compounds Chemical class 0.000 claims description 3
- 238000002474 experimental method Methods 0.000 claims description 3
- 238000013507 mapping Methods 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 claims description 3
- 238000005295 random walk Methods 0.000 claims description 3
- 238000005070 sampling Methods 0.000 claims description 3
- 238000000605 extraction Methods 0.000 abstract description 2
- 238000010606 normalization Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000007613 environmental effect Effects 0.000 description 2
- 230000011218 segmentation Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013527 convolutional neural network Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000007637 random forest analysis Methods 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Computer And Data Communications (AREA)
- Devices For Executing Special Programs (AREA)
Abstract
The invention discloses an attacker portrait method based on a graphic neural network, which relates to the technical field of information security. Obtaining attack information, and performing normative processing on the attack event to enable information from different manufacturers and equipment to have the same dimension and format; the method comprises the steps of initially constructing an attack event feature graph, determining nodes and feature sets of the nodes, generating edges according to the connection condition of the nodes, and storing edge information in a form of an adjacent matrix; the graph neural network represents learning, and the optimal advanced features of the nodes are obtained through the network representation learning; and carrying out cluster analysis on the attack event feature map to obtain a portrait set of the attacker. The invention realizes the feature extraction and the associated reasoning of the attack information based on the graph neural network and the cluster analysis, realizes the representation of the attacker with complex condition by using the graph neural network and the cluster analysis method, meets the requirement on the accurate representation of the attacker, and has wide application prospect.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an attacker portrait method based on a graphic neural network.
Background
In recent years, network security problems are prominent, attack means are endless, and the network security problems become more concealed, more intelligent and more difficult to discover. In this context, network security tracing has important significance. There are studies on portraying an attacker based on a simple clustering model, namely, clustering analysis is performed by a method of K-means and the like according to the extracted security log and other collected data, but the method ignores hidden features among attack information, and is difficult to accurately portraye the attacker. In addition, the semantic identification tracing is performed based on the Transformer, however, the method needs a large amount of data for training, has weak correlation reasoning capability on attack information, is easy to forge information such as IP addresses in a complex network environment, and cannot finally obtain an accurate result. Meanwhile, the existing method only uses part of attributes in the attack information, so that accurate tracing is difficult to thoroughly utilize the attack information, and the application scene is limited.
In order to solve the problems that the representation of an attacker is fuzzy and the correlation reasoning is difficult to be carried out on attack information, the development of the representation method of the attacker based on the graph neural network is particularly necessary.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide an attacker portrait method based on a graphic neural network, which performs cluster analysis on attack information based on the graphic neural network, meets the requirement on the accurate portrait of an attacker and is easy to popularize and use.
In order to achieve the above object, the present invention is realized by the following technical scheme: an attacker portrayal method based on a graph neural network comprises the following steps:
s1, acquiring attack information;
s2, carrying out normative processing on the attack event to enable information from different manufacturers and equipment to have the same dimension and format;
s3, initially constructing an attack event feature graph, determining nodes and feature sets X of the nodes, generating edges according to the connection condition of the nodes, and storing edge information in the form of an adjacent matrix A;
s4, the graph neural network represents learning, and the optimal advanced characteristics of the nodes are obtained through the network representation learning;
s5, carrying out cluster analysis on the attack event feature map to obtain a portrait set of the attacker.
Preferably, the step S1 specifically includes: alarm logs generated by open-source network security laboratories and manufacturers are collected, in order to guarantee real environmental conditions, subsets of data sets such as KDD99, IDS2017, digg, reddit, UNSW-NB15 and the like are mixed for experiments, corresponding attack sources are marked manually, and corresponding operation sets are mapped.
Preferably, the specific method of the step S2 is as follows:
s2.1: storing attack information from different manufacturers and equipment in the same format;
s2.2: defining the characteristic dimension, attack intention and attack severity of attack modes through a national standard 'network attack definition and description specification standard', and determining detailed information such as the upper and lower relationship of each attack mode, the outline of the attack mode and the like;
s2.3: performing normative definition on IP of an attacker, IP of a victim, characteristic information of the attacker and characteristic information of the victim according to third party information and a knowledge base;
s2.4: adjusting the dimension of each attack information to enable the attack information from different resources to have the same dimension, wherein the steps further comprise: the sample data sets are all provided to an extreme random Tree (Extra Tree) based classification model to determine the importance of each feature attribute.
Preferably, the specific method of the step S3 is as follows:
s3.1: constructing a node connection unit according to the preprocessed information, and adding edge connection to the nodes in the node set;
s3.2: and constructing an initial feature matrix X according to the features of each node, and constructing an adjacent matrix A according to the relation between each node to obtain an attack network G= (V, E, X, A).
Preferably, the specific method of the step S4 is as follows:
s4.1: learning advanced features such as the structure of the network and the adjacent information of the nodes based on the Node2vec network embedding method;
s4.2: learning a graph neural network mapping function using the graph neural network based on the learned advanced features such that node v i Can aggregate own characteristics x i And feature x of neighbor node i To generate node v i Is capturing the dependency of the data inside the graph.
Preferably, the step S4.1 specifically includes:
s4.1.1: controlling a random walk strategy through the super parameter p and q, and sampling to acquire information of an attack network;
s4.1.2: the network characteristics of each node are learned through a Skip-Gram model by the network graph generated in the step S3.
Preferably, the step S4.2 specifically includes:
s4.2.1: according to the advanced characteristic information of the network node and the adjacent information learned in the step S4.1, firstly, a graph convolution neural network self-Encoder is constructed, and an Encoder is utilized to project an input advanced characteristic information vector f to a coding space z, namely z=encoder (f);
s4.2.2: according to the encoder with the attention mechanism, the nodes are weighted and averaged, and the calculation formula is as follows:
in the formula (1), W ij Is the attention weight between node i and node j, u i For all the set of neighbor nodes of i,information of i nodes in k layers and k+1 layers respectively, wherein sigma is a sigmoid function;
s4.2.3: calculating an inner product between z nodes of the coding space; the loss function of the self-encoder is represented as:
loss=-log(σ(z i ))-R·E v~P(v) log(σ(z i )) (2)
in the formula (2), v to P (v) represent negative sample numbers;
s4.2.4: minimizing the loss function, reasoning and capturing the dependencies of the data in the graph.
Preferably, the graph roll-up neural network self-Encoder in the step S4.2.1 specifically includes: the graph self-Encoder Encoder is realized by a graph convolution neural network, and the calculation method is as follows:
preferably, the step S5 performs cluster analysis based on the feature vector obtained by the graph neural network, and performs portrayal for an attacker, including:
s5.1: assuming that the cluster center is x j Probability s that node i belongs to the u category iu Expressed as:
in the formula (4), the amino acid sequence of the compound,for i node and cluster center x j Is a distance of (2);
s5.2: to maximize the distance between each of the different classes, a target distribution t is defined i :
S5.3: loss function of clustering model s The method comprises the following steps:
s5.4 by minimizing l s And training a model, and dividing attack events with similar characteristics into a cluster according to training results to obtain the portrait of the attacker.
The invention has the beneficial effects that: the method is based on the graph neural network and the cluster analysis, can realize feature extraction and associated reasoning of attack information, realizes the representation of the attacker in complex condition by using the graph neural network and the cluster analysis method, meets the requirement on the accurate representation of the attacker, and has wide application prospect.
Drawings
The invention is described in detail below with reference to the drawings and the detailed description;
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a flowchart of an algorithm of the present invention;
FIG. 3 is an exemplary diagram of an attack pattern of the public Standard network attack definition and description Specification Standard of the present invention;
fig. 4 is a schematic diagram of attack mode definition in the network attack definition and description specification standard of the present invention.
Detailed Description
The invention is further described in connection with the following detailed description, in order to make the technical means, the creation characteristics, the achievement of the purpose and the effect of the invention easy to understand.
Referring to fig. 1-4, the present embodiment adopts the following technical scheme: an attacker portrayal method based on a graph neural network comprises the following steps:
s1, acquiring attack information, wherein the attack information comprises the following specific steps: alarm logs generated by open-source network security laboratories and manufacturers are collected, in order to guarantee real environmental conditions, subsets of data sets such as KDD99, IDS2017, digg, reddit, UNSW-NB15 and the like are mixed for experiments, corresponding attack sources are marked manually, and corresponding operation sets are mapped.
S2, carrying out normative processing on the attack event to enable information from different manufacturers and equipment to have the same dimension and format, wherein the specific method is as follows:
s2.1: storing attack information from different manufacturers and equipment in the same format;
s2.2: defining the characteristic dimension, attack intention and attack severity of attack modes through a national standard 'network attack definition and description specification standard', and determining detailed information such as the upper and lower relationship of each attack mode, the outline of the attack mode and the like;
s2.3: performing normative definition on IP of an attacker, IP of a victim, characteristic information of the attacker and characteristic information of the victim according to third party information and a knowledge base;
s2.4: adjusting the dimension of each attack information to enable the attack information from different resources to have the same dimension, wherein the steps further comprise: the sample data sets are all provided to an extreme random Tree (Extra Tree) based classification model to determine the importance of each feature attribute.
S3, initially constructing an attack event feature graph, determining nodes and feature sets X of the nodes, generating edges according to the connection condition of the nodes, and storing edge information in the form of an adjacent matrix A; taking each attack event in the data set as one node of the attack network, and if the attack event occurs, establishing an edge between the nodes corresponding to the two users; the initial characteristics of the nodes and the edges are obtained, and an attack network G= (V, E, X, A) is constructed, wherein the specific method is as follows:
s3.1: constructing a node connection unit according to the preprocessed information, and adding edge connection to the nodes in the node set;
s3.2: and constructing an initial feature matrix X according to the features of each node, and constructing an adjacent matrix A according to the relation between each node to obtain an attack network G= (V, E, X, A).
S4, the graph neural network represents learning, and the optimal high-level characteristics and the graph-level characteristics of the nodes are obtained through the network representation learning. For the input feature graph g= (V, E, X, a), first, the Node2vec algorithm learns to obtain the optimal advanced feature of the Node, which specifically includes:
s4.1: the Node2vec network embedding method based advanced features such as structure of learning network and adjacent information of nodes, comprising:
s4.1.1: controlling a random walk strategy through the super parameter p and q, and sampling to acquire information of an attack network;
s4.1.2: the network characteristics of each node are learned through a Skip-Gram model by the network graph generated in the step S3.
S4.2: learning a graph neural network mapping function using the graph neural network based on the learned advanced features such that node v i Can aggregate own characteristics x i And feature x of neighbor node i To generate node v i Is capturing the dependency of the data inside the graph. The method comprises the following steps:
s4.2.1: according to the advanced characteristic information of the network node and the adjacent information learned in the step S4.1, firstly, a graph convolution neural network self-Encoder is constructed, and an Encoder is utilized to project an input advanced characteristic information vector f to a coding space z, namely z=encoder (f); the self-Encoder Encoder of the graph roll-up neural network is realized by the graph roll-up neural network, and the calculation method is as follows:
s4.2.2: according to the encoder with the attention mechanism, the nodes are weighted and averaged, and the calculation formula is as follows:
in the formula (1), W ij Is the attention weight between node i and node j, u i For all the set of neighbor nodes of i,information of i nodes in k layers and k+1 layers respectively, wherein sigma is a sigmoid function;
s4.2.3: calculating an inner product between z nodes of the coding space; the loss function of the self-encoder is represented as:
loss=-log(σ(z i ))-R·E v~P(v) log(σ(z i )) (2)
in the formula (2), v to P (v) represent negative sample numbers;
s4.2.4: minimizing the loss function, reasoning and capturing the dependencies of the data in the graph.
S5, carrying out cluster analysis on the attack event feature map to obtain a portrait set of the attacker. Performing cluster analysis on the feature vector based on the graph neural network to image an attacker, including:
s5.1: assuming that the cluster center is x j Probability s that node i belongs to the u category iu Expressed as:
in the formula (4), the amino acid sequence of the compound,for i node and cluster center x j Is a distance of (2);
s5.2: to maximize the distance between each of the different classes, a target distribution t is defined i :
S5.3: loss function of clustering model s The method comprises the following steps:
s5.4 by minimizing l s And training a model, and dividing attack events with similar characteristics into a cluster according to training results to obtain the portrait of the attacker.
It is noted that, in the step S2, the attack event is subjected to normalization processing and standardization processing according to the public standard of the network attack definition and description standardization standard, so that attack information from different vendors and devices has the same dimension and format. And meanwhile, carrying out normative definition on the IP of the attacker, the IP of the victim and the characteristic information of the attacker according to the third party information and the knowledge base. So that attack information of different sources has the same format and dimension. It is easy to understand that the information data structures of different manufacturers and equipment are huge in difference, and the information data structures can be uniformly analyzed and related reasoning by big data only through normative processing.
The normative processing according to the public standard of the network attack definition and description specification standard refers to defining an attack event as a security event specification framework taking an attack mode as a core, and the security event specification framework covers a target feature dimension and an attack intention dimension. Attack severity, etc. Referring to fig. 3 and 4, for example, an attack event mainly includes: attack pattern name, target type, target product, attack severity, related protocol, operation time, operation account name, failure cause. The normalization process is to convert larger data values into smaller data values, fill in null values, and reject outliers. The dimension adjustment means to adjust the dimension of each attack information, and select the attribute useful for the analysis of the attack information for the cluster analysis and the association reasoning of the information.
After the data normalization and standardization are completed, manually arranging word libraries, performing word segmentation by using an LTP language technical platform word segmentation device, removing noise and performing one-hot coding. Establishing a sample set D based on the processed data x (x=1..t.) it is put into an extreme random tree classification model, generating an extreme random forest from which the importance of each feature attribute is determined.
According to the specific implementation mode, based on a graph neural network and a cluster analysis method, attack information data are collected, a data set is subjected to normative processing through network attack definition and description standard, then a feature graph is constructed, and representation learning is performed based on the graph neural network. The graph neural network is used for representing and learning, advanced features are firstly embedded and extracted through a Node2vec network, then the internal dependency relationship of a feature graph is captured through the graph convolutional neural network, and finally the representation of an attacker is completed through cluster analysis. The method solves the problem that the image of the attacker is fuzzy and the attack information is difficult to be related and inferred, meets the requirement on the accurate image of the attacker, and has wide market application prospect.
The foregoing has shown and described the basic principles and main features of the present invention and the advantages of the present invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and that the above embodiments and descriptions are merely illustrative of the principles of the present invention, and various changes and modifications may be made without departing from the spirit and scope of the invention, which is defined in the appended claims. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (5)
1. An attacker portrayal method based on a graph neural network is characterized by comprising the following steps:
s1, acquiring attack information;
s2, carrying out normative processing on the attack event to enable information from different manufacturers and equipment to have the same dimension and format;
s3, initially constructing an attack event feature graph, determining nodes and feature sets X of the nodes, generating edges according to the connection condition of the nodes, and storing edge information in the form of an adjacent matrix A;
s4, the graph neural network represents learning, and the optimal advanced characteristics of the nodes are obtained through the network representation learning;
the specific method of the step S4 is as follows:
s4.1: learning the structure of the network and the adjacent information advanced features of the nodes based on a Node2vec network embedding method;
s4.2: learning a graph neural network mapping function using the graph neural network based on the learned advanced features such that node v i Can aggregate own characteristics x i And feature x of neighbor node i To generate node v i Is capturing the dependency of the data inside the graph.
The step S4.1 specifically comprises the following steps:
s4.1.1: controlling a random walk strategy through the super parameter p and q, and sampling to acquire information of an attack network;
s4.1.2: the network characteristics of each node are learned through a Skip-Gram model by the network graph generated in the step S3.
The step S4.2 specifically includes:
s4.2.1: according to the advanced characteristic information of the network node and the adjacent information learned in the step S4.1, firstly, a graph self-Encoder Encoder of a graph convolution neural network is constructed, and the graph self-Encoder is utilized to project an input advanced characteristic information vector f to a coding space z, namely z=encoder (f);
s4.2.2: according to the graph self-encoder with the attention mechanism, the nodes are weighted and averaged, and the calculation formula is as follows:
in the formula (1), W ij Is the attention weight between node i and node j, u i For all the set of neighbor nodes of i,information of i nodes in k layers and k+1 layers respectively, wherein sigma is a sigmoid function;
s4.2.3: calculating an inner product between z nodes of the coding space; the loss function of the self-encoder is represented as:
loss=-log(σ(z i ))-R·E v~P(V) log(σ(z i )) (2)
in the formula (2), v to P (v) represent negative sample numbers;
s4.2.4: minimizing the loss function, reasoning and capturing the dependencies of the data in the graph.
The graph roll-up neural network self-Encoder in the step S4.2.1 specifically includes: the graph self-Encoder Encoder is realized by a graph convolution neural network, and the calculation method is as follows:
step S5 carries out cluster analysis based on the feature vector obtained by the graph neural network, and portrays an attacker, comprising the following steps:
s5.1: assuming that the cluster center is x j Probability s that node i belongs to the u category iu Expressed as:
in the formula (4), the amino acid sequence of the compound,for i node and cluster center x j Is a distance of (2);
s5.2: to maximize the distance between each of the different classes, a target distribution t is defined i :
S5.3: clusteringLoss function of model s The method comprises the following steps:
s5.4 by minimizing l s And training a model, and dividing attack events with similar characteristics into a cluster according to training results to obtain the portrait of the attacker.
S5, carrying out cluster analysis on the attack event feature map to obtain a portrait set of the attacker.
2. The method of claim 1, wherein the step S1 is specifically: alarm logs generated by open-source network security laboratories and manufacturers are collected, a subset of the KDD99, IDS2017, digg, reddit, UNSW-NB15 data sets is mixed for experiments, and corresponding attack sources are marked manually and corresponding operation sets are mapped.
3. The method of claim 1, wherein the specific method of step S2 is as follows:
s2.1: storing attack information from different manufacturers and equipment in the same format;
s2.2: defining the characteristic dimension, attack intention and attack severity of attack modes through a national standard 'network attack definition and description specification standard', and determining the upper and lower relationship of each attack mode and the outline detailed information of the attack mode;
s2.3: performing normative definition on IP of an attacker, IP of a victim, characteristic information of the attacker and characteristic information of the victim according to third party information and a knowledge base;
s2.4: and adjusting the dimensionality of each attack information to enable the attack information from different resources to have the same dimensionality.
4. The method of claim 3, wherein the step S2.4 further comprises: the sample data sets are all provided to an extremely random tree based classification model to determine the importance of each feature attribute.
5. The method of claim 1, wherein the specific method of step S3 is as follows:
s3.1: constructing a node connection unit according to the preprocessed information, and adding edge connection to the nodes in the node set;
s3.2: and constructing an initial feature matrix X according to the features of each node, and constructing an adjacent matrix A according to the relation between each node to obtain an attack network G= (V, E, X, A).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211471609.8A CN115883147B (en) | 2022-11-22 | 2022-11-22 | Attacker portrait method based on graphic neural network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211471609.8A CN115883147B (en) | 2022-11-22 | 2022-11-22 | Attacker portrait method based on graphic neural network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115883147A CN115883147A (en) | 2023-03-31 |
| CN115883147B true CN115883147B (en) | 2023-10-13 |
Family
ID=85760640
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211471609.8A Active CN115883147B (en) | 2022-11-22 | 2022-11-22 | Attacker portrait method based on graphic neural network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115883147B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020206876A1 (en) * | 2019-04-08 | 2020-10-15 | 清华大学 | Method and device for constructing graph convolutional neural network for learning disentangled representation |
| CN112541022A (en) * | 2020-12-18 | 2021-03-23 | 网易(杭州)网络有限公司 | Abnormal object detection method, abnormal object detection device, storage medium and electronic equipment |
| CN112749323A (en) * | 2019-10-31 | 2021-05-04 | 北京沃东天骏信息技术有限公司 | Method and device for constructing user portrait |
| CN114547415A (en) * | 2022-02-23 | 2022-05-27 | 中原工学院 | Attack simulation method based on network threat information in industrial Internet of things |
| CN114579761A (en) * | 2022-03-02 | 2022-06-03 | 上海交通大学 | Information security knowledge entity relation connection prediction method, system and medium |
| CN114610967A (en) * | 2022-03-09 | 2022-06-10 | 东北大学 | Data augmentation method applied to user portrait field |
| CN114841296A (en) * | 2022-07-04 | 2022-08-02 | 北京六方云信息技术有限公司 | Device clustering method, terminal device and storage medium |
| CN115293919A (en) * | 2022-07-22 | 2022-11-04 | 浙江大学 | Graph neural network prediction method and system oriented to social network distribution generalization |
-
2022
- 2022-11-22 CN CN202211471609.8A patent/CN115883147B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020206876A1 (en) * | 2019-04-08 | 2020-10-15 | 清华大学 | Method and device for constructing graph convolutional neural network for learning disentangled representation |
| CN112749323A (en) * | 2019-10-31 | 2021-05-04 | 北京沃东天骏信息技术有限公司 | Method and device for constructing user portrait |
| CN112541022A (en) * | 2020-12-18 | 2021-03-23 | 网易(杭州)网络有限公司 | Abnormal object detection method, abnormal object detection device, storage medium and electronic equipment |
| CN114547415A (en) * | 2022-02-23 | 2022-05-27 | 中原工学院 | Attack simulation method based on network threat information in industrial Internet of things |
| CN114579761A (en) * | 2022-03-02 | 2022-06-03 | 上海交通大学 | Information security knowledge entity relation connection prediction method, system and medium |
| CN114610967A (en) * | 2022-03-09 | 2022-06-10 | 东北大学 | Data augmentation method applied to user portrait field |
| CN114841296A (en) * | 2022-07-04 | 2022-08-02 | 北京六方云信息技术有限公司 | Device clustering method, terminal device and storage medium |
| CN115293919A (en) * | 2022-07-22 | 2022-11-04 | 浙江大学 | Graph neural network prediction method and system oriented to social network distribution generalization |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115883147A (en) | 2023-03-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109543690A (en) | Method and apparatus for extracting information | |
| CN111881290A (en) | Distribution network multi-source grid entity fusion method based on weighted semantic similarity | |
| CN113449594B (en) | Multilayer network combined remote sensing image ground semantic segmentation and area calculation method | |
| CN114022432A (en) | Improved yolov 5-based insulator defect detection method | |
| WO2021051987A1 (en) | Method and apparatus for training neural network model | |
| CN113949582B (en) | Network asset identification method and device, electronic equipment and storage medium | |
| CN116341518A (en) | Data processing method and system for big data statistical analysis | |
| CN113778871A (en) | Mock testing method, device, equipment and storage medium | |
| WO2023207013A1 (en) | Graph embedding-based relational graph key personnel analysis method and system | |
| CN111523586B (en) | Noise-aware-based full-network supervision target detection method | |
| Nie et al. | Adap-EMD: Adaptive EMD for aircraft fine-grained classification in remote sensing | |
| WO2024061141A1 (en) | Method for remote-sensing sample transfer under common knowledge constraints | |
| CN115883147B (en) | Attacker portrait method based on graphic neural network | |
| CN114328942A (en) | Relationship extraction method, apparatus, device, storage medium and computer program product | |
| CN113569814A (en) | Unsupervised pedestrian re-identification method based on feature consistency | |
| CN116758379A (en) | Image processing method, device, equipment and storage medium | |
| CN110866609B (en) | Method, device, server and storage medium for acquiring interpretation information | |
| CN114265954B (en) | Graph representation learning method based on position and structure information | |
| CN114707829A (en) | Target person rescission risk prediction method based on structured data linear expansion | |
| CN113920424A (en) | Method and device for extracting visual objects of power transformation inspection robot | |
| Wang et al. | A dynamic feature weighting method for mangrove pests image classification with heavy-tailed distributions | |
| CN111523598A (en) | Image recognition method based on neural network and visual analysis | |
| CN117592006B (en) | Smart city data processing method, device, equipment and readable storage medium | |
| CN114708467B (en) | Bad scene identification method, system and equipment based on knowledge distillation | |
| CN117351300B (en) | Small sample training method and device for target detection model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A method of attacker profiling based on graph neural networks Granted publication date: 20231013 Pledgee: Zhejiang Hangzhou Yuhang Rural Commercial Bank Co.,Ltd. Science and Technology City Branch Pledgor: Zhejiang Yu'an Information Technology Co.,Ltd. Registration number: Y2024980010210 |