CN116599859A - Network security situation prediction method and device and electronic equipment - Google Patents
Network security situation prediction method and device and electronic equipment Download PDFInfo
- Publication number
- CN116599859A CN116599859A CN202310739273.7A CN202310739273A CN116599859A CN 116599859 A CN116599859 A CN 116599859A CN 202310739273 A CN202310739273 A CN 202310739273A CN 116599859 A CN116599859 A CN 116599859A
- Authority
- CN
- China
- Prior art keywords
- data
- dimension
- target
- preset
- model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 78
- 238000012549 training Methods 0.000 claims abstract description 84
- 238000013145 classification model Methods 0.000 claims abstract description 52
- 230000009467 reduction Effects 0.000 claims abstract description 21
- 238000012545 processing Methods 0.000 claims description 66
- 238000005259 measurement Methods 0.000 claims description 44
- 238000012360 testing method Methods 0.000 claims description 21
- 230000002159 abnormal effect Effects 0.000 claims description 16
- 230000006870 function Effects 0.000 claims description 16
- 238000007781 pre-processing Methods 0.000 claims description 14
- 238000009499 grossing Methods 0.000 claims description 8
- 238000010606 normalization Methods 0.000 claims description 8
- 238000005516 engineering process Methods 0.000 abstract description 8
- 230000004044 response Effects 0.000 abstract description 6
- 238000013473 artificial intelligence Methods 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 13
- 238000003860 storage Methods 0.000 description 12
- 238000012706 support-vector machine Methods 0.000 description 12
- 238000004364 calculation method Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 11
- 238000004422 calculation algorithm Methods 0.000 description 10
- 238000004590 computer program Methods 0.000 description 10
- 230000000694 effects Effects 0.000 description 7
- 238000011161 development Methods 0.000 description 4
- 239000002096 quantum dot Substances 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000012098 association analyses Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000003066 decision tree Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000007667 floating Methods 0.000 description 1
- 230000005283 ground state Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000002759 z-score normalization Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/147—Network analysis or design for predicting network behaviour
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a method, a device and electronic equipment for predicting network security situation, wherein the method is applied to the field of artificial intelligence, and comprises the following steps: acquiring flow information and network operation information of target equipment in operation to obtain target information; and predicting the network security situation of the target information by adopting a target prediction model to obtain a prediction result corresponding to the target information, wherein the target prediction model is a model obtained by performing dimension reduction on data in a preset data set through quantum amplitude coding and training a preset classification model by adopting the dimension reduced data. According to the application, the problem that the model predicts the network security situation slowly due to higher dimensionality of data in the data set when the model for predicting the network security situation is trained by the data set in the related technology is solved, and the response speed of the model is reduced.
Description
Technical Field
The application relates to the field of artificial intelligence, in particular to a network security situation prediction method and device and electronic equipment.
Background
With the development of digital economy, the development, sharing and interconnection degree of networks are higher and higher, the network access traffic is explosively increased, and malicious attack and theft behaviors based on the networks are also increasingly promoted. In order to avoid economic loss caused by the attack of the enterprise network, in the aspect of security control, besides the application of technical modes such as access control, intrusion detection, identity recognition and the like, operation and maintenance personnel and management personnel are required to timely sense abnormal events occurring in the network and the overall security situation of the enterprise network. The process of sensing network security situations generally includes: acquiring data information affecting the network security situation; fusing, mining and analyzing the data information influencing the network security situation to obtain processed data; and predicting the processed data to obtain the future trend of the network security situation.
At present, a prediction algorithm is generally adopted to predict the network security situation, but the processing efficiency of the prediction algorithm for processing the multidimensional feature of the massive data information is greatly low due to more data information influencing the network security situation, so that a great amount of time is required for training the prediction algorithm. In order to reduce the complexity of the algorithm, the prior art can also process the data information influencing the network security situation by using means of classification, combination, association analysis and the like, and extract relatively important data information from the data information so as to train a prediction algorithm by adopting the relatively important data information. However, the method can lose part of information in the data information affecting the network security situation, and affect the follow-up evaluation of the network security situation by the prediction algorithm and the accuracy of predicting the network security situation. Furthermore, with the increasing amount of data in the large data age and the increasing coupling and complexity between data information, traditional data processing techniques have been difficult to be able to predict data preparation in network security situations.
Aiming at the problems that the model predicts the network security situation slowly and the response speed of the model is reduced due to the fact that the dimension of data in the data set is higher when the data set is adopted to train the model for predicting the network security situation in the related technology, no effective solution is proposed at present.
Disclosure of Invention
The application mainly aims to provide a method, a device and electronic equipment for predicting network security situation, which are used for solving the problems that when a model for predicting the network security situation is trained by adopting data sets in related technologies, the model predicts the network security situation at a slower speed due to higher dimensionality of data in the data sets, and the response speed of the model is reduced.
In order to achieve the above object, according to an aspect of the present application, there is provided a network security posture prediction method, including: acquiring flow information and network operation information of target equipment in operation to obtain target information; and predicting the network security situation of the target information by adopting a target prediction model to obtain a prediction result corresponding to the target information, wherein the target prediction model is a model obtained by performing dimension reduction on data in a preset data set through quantum amplitude coding and training a preset classification model by adopting the dimension reduced data.
Further, the target prediction model is obtained by the following steps: preprocessing the data in the preset data set to obtain processed data; performing quantum amplitude coding on the processed data by using n quantum bits to obtain the dimension-reduced data, wherein the dimension of the dimension-reduced data is lower than that of the processed data, and n is a positive integer; training the preset classification model by adopting the dimension reduced data to obtain the target prediction model.
Further, performing quantum amplitude encoding on the processed data by using n quantum bits, and obtaining the dimension reduced data includes: encoding the processed data into the amplitudes of the n quantum bits to obtain a target quantum circuit; and measuring the target quantum circuit to obtain measurement results of the n quantum bits, and determining the dimension-reduced data according to the measurement results.
Further, determining the dimension reduced data according to the measurement result includes: performing multiple measurements on the target quantum circuit to obtain multiple measurement results of the n quantum bits; and determining the dimension-reduced data according to the occurrence times of the first preset character in each measurement result.
Further, before encoding the processed data into the amplitudes of the n qubits, the method further comprises, prior to obtaining a target quantum wire: judging whether the dimension of the processed data is a preset dimension or not; if the dimension of the processed data is not the preset dimension, filling the processed data by adopting a second preset character; and if the dimension of the processed data is the preset dimension, performing quantum amplitude encoding on the processed data by using the n quantum bits.
Further, preprocessing the data in the preset data set to obtain processed data, where the processing includes: processing the abnormal data in the preset data set to obtain first data, wherein the abnormal data at least comprises the following data: null data, incomplete data; smoothing the discrete data in the first data to obtain second data; and carrying out standardization and normalization processing on the second data to obtain the processed data.
Further, before training the preset classification model by adopting the dimension reduced data to obtain the target prediction model, the method further includes: processing the dimension reduced data by adopting a kernel function to obtain a target data set; dividing the target data set according to a preset proportion to obtain a training set and a testing set.
Further, training the preset classification model by using the dimension reduced data, and obtaining the target prediction model includes: training the preset classification model by adopting the training set to obtain a first model; and optimizing the first model by adopting the test set to obtain the target prediction model.
In order to achieve the above object, according to another aspect of the present application, there is provided a network security posture prediction apparatus, including: the acquisition unit is used for acquiring flow information and network operation information when the target equipment operates to obtain target information; the prediction unit is used for predicting the network security situation of the target information by adopting a target prediction model to obtain a prediction result corresponding to the target information, wherein the target prediction model is a model obtained by performing dimension reduction on data in a preset data set through quantum amplitude coding and training a preset classification model by adopting the dimension reduced data.
Further, the prediction unit includes: the first processing subunit is used for preprocessing the data in the preset data set to obtain processed data; the second processing subunit is used for carrying out quantum amplitude coding on the processed data by using n quantum bits to obtain the dimension-reduced data, wherein the dimension of the dimension-reduced data is lower than that of the processed data, and n is a positive integer; the first calculation subunit is used for training the preset classification model by adopting the dimension-reduced data to obtain the target prediction model.
Further, the second processing subunit includes: the first processing module is used for encoding the processed data into the amplitudes of the n quantum bits to obtain a target quantum circuit; and the calculation module is used for measuring the target quantum circuit to obtain measurement results of the n quantum bits, and determining the dimension-reduced data according to the measurement results.
Further, the computing module includes: the calculation sub-module is used for carrying out multiple measurements on the target quantum circuit to obtain multiple measurement results of the n quantum bits; and the determining submodule is used for determining the dimension-reduced data according to the occurrence times of the first preset character in each measuring result.
Further, the second processing subunit further includes: the judging module is used for judging whether the dimension of the processed data is a preset dimension before the processed data is encoded into the amplitudes of the n quantum bits to obtain a target quantum circuit; the second processing module is used for filling the processed data by adopting a second preset character if the dimension of the processed data is not the preset dimension; and the third processing module is used for carrying out quantum amplitude coding on the processed data by using the n quantum bits if the dimension of the processed data is the preset dimension.
Further, the first processing subunit includes: the fourth processing module is configured to process the abnormal data in the preset data set to obtain first data, where the abnormal data at least includes the following data: null data, incomplete data; a fifth processing module, configured to perform smoothing processing on discrete data in the first data to obtain second data; and the sixth processing module is used for carrying out standardization and normalization processing on the second data to obtain the processed data.
Further, the prediction unit further includes: the third processing subunit is used for processing the dimensionality reduced data by adopting a kernel function before training the preset classification model by adopting the dimensionality reduced data to obtain the target prediction model to obtain a target data set; the dividing subunit is used for dividing the target data set according to a preset proportion to obtain a training set and a testing set.
Further, the prediction unit includes: the second calculation subunit is used for training the preset classification model by adopting the training set to obtain a first model; and the fourth processing subunit is used for optimizing the first model by adopting the test set to obtain the target prediction model.
To achieve the above object, according to one aspect of the present application, there is provided an electronic device including one or more processors and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method for predicting a network security posture according to any one of the above.
According to the application, the following steps are adopted: acquiring flow information and network operation information of target equipment in operation to obtain target information; the network security situation of the target information is predicted by adopting a target prediction model to obtain a prediction result corresponding to the target information, wherein the target prediction model is a model obtained by carrying out dimension reduction on data in a preset data set through quantum amplitude coding and training a preset classification model by adopting the dimension reduced data, and the problems that the model prediction network security situation is slower and the response speed of the model is reduced due to higher dimension of the data in the data set when the model for predicting the network security situation is trained by adopting the data set in the related technology are solved. The method has the advantages that the dimension of mass data is reduced through quantum amplitude coding, the dimension of data information used for training a model is reduced, the model training speed is accelerated, meanwhile, the prediction speed of the trained model is accelerated, the effect of improving the prediction speed of the network security situation is achieved, and further the effect of responding to the network security situation more rapidly is achieved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application. In the drawings:
fig. 1 is a flowchart of a method for predicting a network security situation according to a first embodiment of the present application;
FIG. 2 is a schematic diagram I of an alternative network security posture prediction method according to the first embodiment of the present application;
fig. 3 is a schematic diagram two of an alternative network security situation prediction method according to the first embodiment of the present application;
fig. 4 is a schematic diagram of a predicting device for network security situation according to a second embodiment of the present application;
fig. 5 is a schematic diagram of an electronic device for predicting a network security situation according to a fifth embodiment of the present application.
Detailed Description
It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments.
It should be noted that, the user information (including, but not limited to, user equipment information, user personal information, network information of the user, etc.) and the data (including, but not limited to, data for analysis, stored data, displayed data, transmitted data, received data, processed data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data need to comply with the related laws and regulations and standards of the related country and region, and are provided with corresponding operation entries for the user to select authorization or rejection.
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe the embodiments of the application herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
The present application will be described with reference to preferred implementation steps, and fig. 1 is a flowchart of a method for predicting a network security situation according to a first embodiment of the present application, as shown in fig. 1, where the method includes the following steps:
step S101, obtaining flow information and network operation information of the target equipment in operation to obtain target information.
In the first embodiment, in order to predict the network security situation of the target device, it is necessary to obtain, in real time, flow information and network operation information when the target device is running, so as to obtain target information representing the network operation situation of the target device.
Specifically, the target information may be information such as a TCP connection basic feature in the network connection of the target device, a content feature of the TCP connection, a time-based network traffic statistical feature, and a device-based network traffic statistical feature. The basic characteristics of the TCP connection may include basic attributes of the network connection, such as continuous time, protocol type, and number of bytes transferred; the TCP connection content characteristics may basically include information such as the number of times of accessing the system sensitive file and the system directory of the target device, the number of times of login attempt failure, the number of times of file creation operation, the number of times of using shell command, and the like; counting information related to the current connection in the past two seconds based on the network traffic of the time, for example, information such as the number of connections having the same connection device as the current connection, the number of connections having the same service as the current connection, and the like in the past two seconds; the device-based network traffic may count statistics of devices having the same connection as the current connection in 100 connection records, for example, the number of connections having the same connection as the current connection and the same service, the percentage of connections having the same connection as the current connection and the same service, and the like.
Step S102, predicting the network security situation of the target information by using a target prediction model to obtain a prediction result corresponding to the target information, wherein the target prediction model is a model obtained by performing dimension reduction on data in a preset data set through quantum amplitude coding and training a preset classification model by using the dimension reduced data.
In the first embodiment, in order to predict the network security situation of the target device, it is necessary to reduce the dimension of mass data through quantum amplitude encoding, and training a preset classification model by using the dimension reduced data to obtain a target prediction model for predicting the network security situation.
Specifically, the network security situation refers to a future security development trend of the network. Network security situation awareness refers to acquiring, understanding, displaying and predicting future security development trend of the network according to security elements capable of causing the change of the network security situation in a large-scale network environment. As shown in fig. 2, network security posture awareness can be divided into three parts, posture factor awareness, posture understanding, and posture prediction. Firstly, situation element sensing refers to collecting and extracting operation data of a current network or a current network of a system through various means, for example, data such as security logs, vulnerability databases, malicious code databases and the like of websites. And then, situation understanding is to extract part of data from the data acquired in the last step and perform preprocessing work on some corresponding data, correlate information related to the network security situation, and mark quantitative or qualitative labels to prepare data for the next step of situation prediction. Finally, situation prediction refers to analyzing the current and historical network security situations by adopting a prediction algorithm (such as a Bayesian network, a support vector machine, a deep learning algorithm and the like), and predicting the threat possibly faced by the target equipment, thereby helping staff or an operating system to realize the purpose of active defense.
In summary, according to the method for predicting the network security situation provided by the first embodiment of the present application, the target information is obtained by obtaining the flow information and the network operation information when the target device operates; the network security situation of the target information is predicted by adopting a target prediction model to obtain a prediction result corresponding to the target information, wherein the target prediction model is a model obtained by carrying out dimension reduction on data in a preset data set through quantum amplitude coding and training a preset classification model by adopting the dimension reduced data, and the problems that the speed of predicting the network security situation by the model is slower and the response speed of the model is reduced due to higher dimension of the data in the data set when the model for predicting the network security situation is trained by adopting the data set in the related technology are solved. The method has the advantages that the dimension of mass data is reduced through quantum amplitude coding, the dimension of data information used for training a model is reduced, the model training speed is accelerated, meanwhile, the prediction speed of the trained model is accelerated, the effect of improving the prediction speed of the network security situation is achieved, and further the effect of responding to the network security situation more rapidly is achieved.
Optionally, in the method for predicting a network security situation provided in the first embodiment of the present application, the target prediction model is obtained by: preprocessing data in a preset data set to obtain processed data; carrying out quantum amplitude coding on the processed data by using n quantum bits to obtain dimension-reduced data, wherein the dimension of the dimension-reduced data is lower than that of the processed data, and n is a positive integer; training a preset classification model by adopting the dimension-reduced data to obtain a target prediction model.
In the first embodiment, in order to accelerate the training speed of the model, the data used for training the model may be preprocessed to obtain processed data, the processed data is subjected to quantum amplitude encoding through n quantum bits, so as to reduce the dimension of the processed data, obtain dimension-reduced data, and then the dimension-reduced data is used for training the preset classification model to obtain the target prediction model.
Specifically, the data used for training the model may be data in a preset data set (for example, KDD CUP99 data set, etc.), or may be historical network operation conditions of the target device. Quantum amplitude encoding can encode n-dimensional data using only log2 (n) quantum bits to complete the dimensionality reduction of the n-dimensional data. For example, amplitude encoding is performed on a 4-dimensional floating point data x= (1.0,0.0, -5.5, -0.0), and the data x is normalized and normalized to obtain Re-use of 2 qubits to x norm Amplitude encoding to obtain x norm The corresponding quantum amplitude is +.>The preset classification model may be a model or algorithm for two classifications, such as a support vector machine, a decision tree algorithm, etc.
The processed data is subjected to quantum amplitude coding through n quantum bits, high-dimensional data can be converted into low-dimensional data, and the data subjected to dimension reduction is adopted to train a preset classification model, so that the data operation complexity during model training is greatly reduced, the time spent on model training is reduced, and meanwhile, the prediction speed of a trained prediction model is improved.
Optionally, in the method for predicting a network security situation provided in the first embodiment of the present application, performing quantum amplitude encoding on the processed data using n quantum bits, where obtaining the data after dimension reduction includes: encoding the processed data into the amplitudes of n quantum bits to obtain a target quantum circuit; and measuring the target quantum circuit to obtain measurement results of n quantum bits, and determining the dimension-reduced data according to the measurement results.
Specifically, quantum amplitude encoding refers to encoding n-dimensional data into the amplitude of a quantum state, and normalized n-dimensional data (i.e., processed data) can be compressed into the log2 (n) dimension. Normalized n-dimensional data x may be obtained from a log2 (n) quantum bit quantum state amplitude |ψ x >The representation is:
wherein X is i Is the i element of x, |i>Is the i-th calculation ground state. After the quantum state amplitude corresponding to the n-dimensional data is determined, the target quantum circuit corresponding to the n quantum bits can be determined according to the quantum state amplitude. After the target quantum circuit is obtained, the target quantum circuit can be measured to obtain the measurement results of n quantum bits, and the reduced-dimension data corresponding to the n-dimension data is determined according to the measurement results.
The processed data are subjected to quantum amplitude coding through n quantum bits, the data can be subjected to conversion of an omnidirectional quantity space based on quantum states, potential association between the characteristics of original data and mined data is fully utilized, and then the trained model can better complete prediction and evaluation of network security situations, and the prediction accuracy of the trained prediction model is improved.
Optionally, in the method for predicting a network security situation provided in the first embodiment of the present application, determining the reduced-dimension data according to the measurement result includes: performing multiple measurements on the target quantum circuit to obtain multiple measurement results of n quantum bits; and determining the reduced-dimension data according to the occurrence times of the first preset character in each measurement result.
In the first embodiment, in order to reduce the dimension of the processed data by n qubits, the processed data may be encoded into the amplitudes of the n qubits to obtain a target quantum circuit, and then the target quantum circuit is measured multiple times to obtain the probability of the measurement result of the n qubits (i.e., the probability of each qubit being 1 or 0), and the dimension-reduced data is obtained according to the probability of the measurement result.
Specifically, after n-dimensional data is encoded into the target quantum circuit, the target quantum circuit has a total of log (2 n) quantum bits. Because the quantum bits have the principles of superposition, entanglement and the like, 0 or 1 can be obtained by measuring the quantum bits for multiple times with different probabilities, the log (2 n) quantum bits can be measured for preset times (for example, 100, 1000 and the like), the probability of each quantum bit result being 1 is counted, and the probability is used as the reduced-dimension data corresponding to the n-dimension data.
Through carrying out multiple measurements on the target quantum circuit, the measurement result of the quantum bit can be converted into continuous data (namely probability) from discrete data (namely 0 or 1 state), the training of the preset classification model according to the continuous data is facilitated, the complexity of n-dimensional data is reduced, and the effect of improving the training efficiency of the prediction model is achieved.
Optionally, in the method for predicting a network security situation according to the first embodiment of the present application, before encoding the processed data into the amplitudes of n qubits to obtain the target quantum circuit, the method further includes: judging whether the dimension of the processed data is a preset dimension or not; if the dimension of the processed data is not the preset dimension, filling the processed data by adopting a second preset character; and if the dimension of the processed data is a preset dimension, performing quantum amplitude encoding on the processed data by using n quantum bits.
In the first embodiment, in order to encode the processed data into the amplitudes of the n qubits, before the quantum amplitude encoding, it may be checked whether the processed data meets the encoding requirement, that is, whether the dimension of the processed data is a preset dimension. The preset dimension refers to the dimension of the n-th power of 2, for example, the dimensions of 2, 4, 8, 16, etc. If the dimension of the processed data is not the preset dimension, a second preset character (e.g., 0) may be used to fill the processed data until the dimension of the processed data is equal to the preset dimension; if the dimension of the processed data meets the preset dimension, the quantum amplitude encoding can be continued.
By filling the data with the dimension which is not the preset dimension in the processed data, the processed data is ensured to be successfully subjected to quantum amplitude coding, the dimension reduction of the processed data is facilitated, and the calculation efficiency of the data is improved.
Optionally, in the method for predicting a network security situation provided in the first embodiment of the present application, preprocessing data in a preset data set to obtain processed data includes: processing abnormal data in a preset data set to obtain first data, wherein the abnormal data at least comprises the following data: null data, incomplete data; smoothing discrete data in the first data to obtain second data; and carrying out standardization and normalization processing on the second data to obtain processed data.
Specifically, when processing abnormal data in the preset data set, null data in the preset data set and incomplete data in the preset data set (for example, data with null values in 4-dimensional data in 5-dimensional data) may be deleted, and third preset characters (for example, characters of 0,1 and the like) may be used for filling the incomplete data (for example, data with null values in 1-dimensional data in 5-dimensional data) to obtain the first data. When smoothing discrete data in the first data, the discrete data may be converted into continuous data (i.e., second data) according to the probability of each tag of the variable, for example, for data X representing a protocol type, the protocol type of the data X is type 1 (i.e., discrete data), and the probability of X being type 1 is 0.5, then 0.5 (i.e., continuous data) may be used instead of type 1 to obtain new data. When the second data is normalized, min-Max normalization can be adopted to enable the value range of the second data to be scaled to be within the range of 0 and 1, and then z-score normalization is adopted to convert the mean value of the second data into 0 and the variance of the second data into 1.
The data in the preset data set is preprocessed to obtain processed data, quantum amplitude coding is facilitated by the processed data, the dimensionality of the data in the preset data set is reduced, the complexity of the data is further reduced, and the training speed of the model is improved.
Optionally, in the method for predicting a network security situation provided in the first embodiment of the present application, before training a preset classification model by using the dimension-reduced data to obtain a target prediction model, the method further includes: processing the dimension reduced data by adopting a kernel function to obtain a target data set; dividing the target data set according to a preset proportion to obtain a training set and a testing set.
In the first embodiment, if the support vector machine is used as a preset classification model and the support vector machine is trained, in order to solve the nonlinear problem (that is, the relationship between the data and the predicted value of the data is not linear, and is in a curve or parabolic relationship, etc., so that the predicted result of the model is inaccurate) and to facilitate calculation in the training process of the support vector machine, the kernel function may be used to process the data after the dimension reduction to obtain the target data set. And dividing the target data set into a training set and a testing set so as to train and optimize the support vector machine. Specifically, the kernel function may select a gaussian kernel function as shown in formula (1):
Wherein x is i Represents the ith data, x j Representing the j-th data, σ is a preset parameter in the gaussian kernel. When the training set and the test set are divided, the reduced-dimension data can be divided according to a preset proportion (for example, the proportion of 8:2). The kernel function is used for processing the data after dimension reduction, so that the problem of nonlinearity in the training process of the support vector machine is solved to a certain extent, and the accuracy of a model obtained through training is improved.
It should be noted that if other classification models are used as the preset classification model, the reduced-dimension data can be adjusted accordingly according to the actual situation to obtain the target data set, and then the target data set is divided according to the preset proportion to obtain the training set and the testing set. Specifically, the dimension of the dimension reduced data is adjusted to obtain a target data set, so that other classification models can be successfully trained by adopting the target data set.
Optionally, in the method for predicting a network security situation provided in the first embodiment of the present application, training a preset classification model by using the dimension-reduced data, and obtaining the target prediction model includes: training a preset classification model by adopting a training set to obtain a first model; and optimizing the first model by adopting the test set to obtain a target prediction model.
In the first embodiment, if the support vector machine is used as the preset classification model, the training set may be used to train the support vector machine to obtain the first model, and the training set may also be used to train the support vector machine with the lagrangian multiplier introduced therein to obtain the first model, where the support vector machine with the lagrangian multiplier introduced therein is shown in formula (2):
wherein a is i Not less than 0 and mu i 0 is Lagrangian multiplier; zeta type toy i 0 is a relaxation variable; c (C)>0 is a preset parameter; w and b are parameters representing hyperplane; x represents the data after dimension reduction, and y represents the label of the data.
Specifically, the support vector machine may be trained using data in the training set, and the best σ value (i.e., the σ value in the above formula (1)) and the C value (i.e., the C value in the above formula (2)) are determined in the training set using a grid search, and a model corresponding to the best C value and the best σ value is used as the first model. After the first model is obtained, the first model can be optimized by adopting data in the test set, the F1 value of the first model on the test set is taken as a target, the C value and the sigma value corresponding to the maximum F1 value are obtained, and the model corresponding to the maximum F1 value is determined as a target prediction model. And then, predicting and judging newly generated network operation data of the target equipment by using the target prediction model, and predicting the network security risk for related personnel. In addition, network operation data of the target equipment can be collected periodically and added into a training set of the target prediction model, so that iterative optimization is carried out on the target prediction model.
In addition, if other classification models are used as preset classification models, training the other classification models by using a training set to obtain a first model, and then optimizing the first model by using a testing set to obtain a target prediction model.
By training and optimizing the preset classification model by using the training set and the testing set, a target prediction model for predicting the network security situation of the target device can be obtained, the prediction speed of predicting the network security situation of the target device is improved, and the accuracy of predicting the network security situation of the target device is improved.
Alternatively, in the first embodiment, the flow of dimension reduction for the data in the preset data set according to the present embodiment may be as shown in fig. 3. Firstly, preprocessing data in a preset data set, acquiring processed data and judging whether the dimension of the processed data is a preset dimension or not. If the dimension of the processed data is not the preset dimension, the character 0 is used for filling. And then the processed data are encoded into n quantum bits to obtain a target quantum circuit. And secondly, measuring the quantum states of n quantum bits in the target quantum circuit for a plurality of times. Finally, the probability of the measurement results of the n quantum bits is taken as the data after dimension reduction.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.
Example two
The second embodiment of the present application also provides a device for predicting a network security situation, which needs to be described that the device for predicting a network security situation in the second embodiment of the present application may be used to execute the method for predicting a network security situation provided in the first embodiment of the present application. The following describes a network security situation prediction device provided in the second embodiment of the present application.
Fig. 4 is a schematic diagram of a network security situation prediction apparatus according to a second embodiment of the present application. As shown in fig. 4, the apparatus includes: an acquisition unit 401 and a prediction unit 402.
Specifically, the obtaining unit 401 is configured to obtain flow information and network operation information when the target device is operated, so as to obtain target information.
The prediction unit 402 is configured to predict a network security situation of the target information by using a target prediction model to obtain a prediction result corresponding to the target information, where the target prediction model is a model obtained by performing dimension reduction on data in a preset data set through quantum amplitude coding, and training a preset classification model by using the dimension reduced data.
According to the prediction device for the network security situation provided by the second embodiment of the application, the flow information and the network operation information of the target equipment in operation are acquired through the acquisition unit 401, so that the target information is obtained; the prediction unit 402 predicts the network security situation of the target information by using a target prediction model to obtain a prediction result corresponding to the target information, wherein the target prediction model is a model obtained by performing dimension reduction on data in a preset data set through quantum amplitude coding and training a preset classification model by using the dimension reduced data, and the problem that the speed of predicting the network security situation by using the model is slower and the response speed of the model is reduced due to higher dimension of the data in the data set when the model for predicting the network security situation is trained by using the data set in the related technology is solved. The method has the advantages that the dimension of mass data is reduced through quantum amplitude coding, the dimension of data information used for training a model is reduced, the model training speed is accelerated, meanwhile, the prediction speed of the trained model is accelerated, the effect of improving the prediction speed of the network security situation is achieved, and further the effect of responding to the network security situation more rapidly is achieved.
Optionally, in the network security situation prediction apparatus provided in the second embodiment of the present application, the prediction unit 402 includes: the first processing subunit is used for preprocessing the data in the preset data set to obtain the processed data; the second processing subunit is used for carrying out quantum amplitude coding on the processed data by using n quantum bits to obtain dimension-reduced data, wherein the dimension of the dimension-reduced data is lower than that of the processed data, and n is a positive integer; the first calculation subunit is used for training the preset classification model by adopting the dimension-reduced data to obtain a target prediction model.
Optionally, in the network security situation prediction apparatus provided in the second embodiment of the present application, the second processing subunit includes: the first processing module is used for encoding the processed data into the amplitudes of n quantum bits to obtain a target quantum circuit; the calculation module is used for measuring the target quantum circuit to obtain the measurement results of n quantum bits, and determining the dimension-reduced data according to the measurement results.
Optionally, in the predicting device for a network security situation provided in the second embodiment of the present application, the calculating module includes: the calculation sub-module is used for measuring the target quantum circuit for a plurality of times to obtain a plurality of measurement results of n quantum bits; and the determining submodule is used for determining the reduced-dimension data according to the occurrence times of the first preset character in each measuring result.
Optionally, in the network security situation prediction apparatus provided in the second embodiment of the present application, the second processing subunit further includes: the judging module is used for judging whether the dimension of the processed data is a preset dimension before the processed data is encoded into the amplitudes of n quantum bits to obtain a target quantum circuit; the second processing module is used for filling the processed data by adopting a second preset character if the dimension of the processed data is not the preset dimension; and the third processing module is used for carrying out quantum amplitude coding on the processed data by using n quantum bits if the dimension of the processed data is a preset dimension.
Optionally, in the network security situation prediction apparatus provided in the second embodiment of the present application, the first processing subunit includes: the fourth processing module is configured to process abnormal data in a preset data set to obtain first data, where the abnormal data at least includes the following data: null data, incomplete data; the fifth processing module is used for carrying out smoothing processing on discrete data in the first data to obtain second data; and the sixth processing module is used for carrying out standardization and normalization processing on the second data to obtain processed data.
Optionally, in the network security situation prediction apparatus provided in the second embodiment of the present application, the prediction unit 402 further includes: the third processing subunit is used for processing the dimensionality reduced data by adopting a kernel function before training the preset classification model by adopting the dimensionality reduced data to obtain a target prediction model, so as to obtain a target data set; the dividing subunit is used for dividing the target data set according to a preset proportion to obtain a training set and a testing set.
Optionally, in the network security situation prediction apparatus provided in the second embodiment of the present application, the prediction unit 402 includes: the second calculation subunit is used for training the preset classification model by adopting a training set to obtain a first model; and the fourth processing subunit is used for optimizing the first model by adopting the test set to obtain a target prediction model.
The prediction device for the network security situation includes a processor and a memory, where the above-mentioned obtaining unit 401 and the prediction unit 402 are stored as program units, and the processor executes the above-mentioned program units stored in the memory to implement corresponding functions.
The processor includes a kernel, and the kernel fetches the corresponding program unit from the memory. The kernel can be provided with one or more than one, and the accuracy of the prediction result of the network security situation is improved by adjusting the kernel parameters.
The memory may include volatile memory, random Access Memory (RAM), and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), among other forms in computer readable media, the memory including at least one memory chip.
The third embodiment of the invention provides a computer readable storage medium, on which a program is stored, which when executed by a processor, implements a method for predicting a network security situation.
The fourth embodiment of the invention provides a processor, which is used for running a program, wherein the program runs to execute a prediction method of a network security situation.
As shown in fig. 5, a fifth embodiment of the present invention provides an electronic device, where the device includes a processor, a memory, and a program stored in the memory and executable on the processor, and the processor implements the following steps when executing the program: acquiring flow information and network operation information of target equipment in operation to obtain target information; and predicting the network security situation of the target information by adopting a target prediction model to obtain a prediction result corresponding to the target information, wherein the target prediction model is a model obtained by performing dimension reduction on data in a preset data set through quantum amplitude coding and training a preset classification model by adopting the dimension reduced data.
The processor also realizes the following steps when executing the program: the target prediction model is obtained by the following steps: preprocessing data in a preset data set to obtain processed data; carrying out quantum amplitude coding on the processed data by using n quantum bits to obtain dimension-reduced data, wherein the dimension of the dimension-reduced data is lower than that of the processed data, and n is a positive integer; training a preset classification model by adopting the dimension-reduced data to obtain a target prediction model.
The processor also realizes the following steps when executing the program: performing quantum amplitude encoding on the processed data by using n quantum bits, wherein the obtaining of the dimension reduced data comprises the following steps: encoding the processed data into the amplitudes of n quantum bits to obtain a target quantum circuit; and measuring the target quantum circuit to obtain measurement results of n quantum bits, and determining the dimension-reduced data according to the measurement results.
The processor also realizes the following steps when executing the program: determining the dimension reduced data according to the measurement result comprises the following steps: performing multiple measurements on the target quantum circuit to obtain multiple measurement results of n quantum bits; and determining the reduced-dimension data according to the occurrence times of the first preset character in each measurement result.
The processor also realizes the following steps when executing the program: before encoding the processed data into the amplitudes of the n qubits to obtain the target quantum circuit, the method further includes: judging whether the dimension of the processed data is a preset dimension or not; if the dimension of the processed data is not the preset dimension, filling the processed data by adopting a second preset character; and if the dimension of the processed data is a preset dimension, performing quantum amplitude encoding on the processed data by using n quantum bits.
The processor also realizes the following steps when executing the program: preprocessing data in a preset data set to obtain processed data, wherein the processed data comprises: processing abnormal data in a preset data set to obtain first data, wherein the abnormal data at least comprises the following data: null data, incomplete data; smoothing discrete data in the first data to obtain second data; and carrying out standardization and normalization processing on the second data to obtain processed data.
The processor also realizes the following steps when executing the program: before training the preset classification model by adopting the dimension-reduced data to obtain the target prediction model, the method further comprises the following steps: processing the dimension reduced data by adopting a kernel function to obtain a target data set; dividing the target data set according to a preset proportion to obtain a training set and a testing set.
The processor also realizes the following steps when executing the program: training a preset classification model by adopting the dimension-reduced data, wherein the obtaining of the target prediction model comprises the following steps: training a preset classification model by adopting a training set to obtain a first model; and optimizing the first model by adopting the test set to obtain a target prediction model.
The device herein may be a server, PC, PAD, cell phone, etc.
The application also provides a computer program product adapted to perform, when executed on a data processing device, a program initialized with the method steps of: acquiring flow information and network operation information of target equipment in operation to obtain target information; and predicting the network security situation of the target information by adopting a target prediction model to obtain a prediction result corresponding to the target information, wherein the target prediction model is a model obtained by performing dimension reduction on data in a preset data set through quantum amplitude coding and training a preset classification model by adopting the dimension reduced data.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: the target prediction model is obtained by the following steps: preprocessing data in a preset data set to obtain processed data; carrying out quantum amplitude coding on the processed data by using n quantum bits to obtain dimension-reduced data, wherein the dimension of the dimension-reduced data is lower than that of the processed data, and n is a positive integer; training a preset classification model by adopting the dimension-reduced data to obtain a target prediction model.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: performing quantum amplitude encoding on the processed data by using n quantum bits, wherein the obtaining of the dimension reduced data comprises the following steps: encoding the processed data into the amplitudes of n quantum bits to obtain a target quantum circuit; and measuring the target quantum circuit to obtain measurement results of n quantum bits, and determining the dimension-reduced data according to the measurement results.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: determining the dimension reduced data according to the measurement result comprises the following steps: performing multiple measurements on the target quantum circuit to obtain multiple measurement results of n quantum bits; and determining the reduced-dimension data according to the occurrence times of the first preset character in each measurement result.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: before encoding the processed data into the amplitudes of the n qubits to obtain the target quantum circuit, the method further includes: judging whether the dimension of the processed data is a preset dimension or not; if the dimension of the processed data is not the preset dimension, filling the processed data by adopting a second preset character; and if the dimension of the processed data is a preset dimension, performing quantum amplitude encoding on the processed data by using n quantum bits.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: preprocessing data in a preset data set to obtain processed data, wherein the processed data comprises: processing abnormal data in a preset data set to obtain first data, wherein the abnormal data at least comprises the following data: null data, incomplete data; smoothing discrete data in the first data to obtain second data; and carrying out standardization and normalization processing on the second data to obtain processed data.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: before training the preset classification model by adopting the dimension-reduced data to obtain the target prediction model, the method further comprises the following steps: processing the dimension reduced data by adopting a kernel function to obtain a target data set; dividing the target data set according to a preset proportion to obtain a training set and a testing set.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: training a preset classification model by adopting the dimension-reduced data, wherein the obtaining of the target prediction model comprises the following steps: training a preset classification model by adopting a training set to obtain a first model; and optimizing the first model by adopting the test set to obtain a target prediction model.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.
Claims (10)
1. The method for predicting the network security situation is characterized by comprising the following steps:
acquiring flow information and network operation information of target equipment in operation to obtain target information;
and predicting the network security situation of the target information by adopting a target prediction model to obtain a prediction result corresponding to the target information, wherein the target prediction model is a model obtained by performing dimension reduction on data in a preset data set through quantum amplitude coding and training a preset classification model by adopting the dimension reduced data.
2. The method of claim 1, wherein the target prediction model is derived from:
preprocessing the data in the preset data set to obtain processed data;
performing quantum amplitude coding on the processed data by using n quantum bits to obtain the dimension-reduced data, wherein the dimension of the dimension-reduced data is lower than that of the processed data, and n is a positive integer;
training the preset classification model by adopting the dimension reduced data to obtain the target prediction model.
3. The method of claim 2, wherein quantum amplitude encoding the processed data using n quantum bits to obtain the dimension reduced data comprises:
encoding the processed data into the amplitudes of the n quantum bits to obtain a target quantum circuit;
and measuring the target quantum circuit to obtain measurement results of the n quantum bits, and determining the dimension-reduced data according to the measurement results.
4. A method according to claim 3, wherein determining the dimension reduced data from the measurement results comprises:
Performing multiple measurements on the target quantum circuit to obtain multiple measurement results of the n quantum bits;
and determining the dimension-reduced data according to the occurrence times of the first preset character in each measurement result.
5. A method according to claim 3, wherein prior to encoding the processed data into the amplitudes of the n qubits, resulting in a target quantum wire, the method further comprises:
judging whether the dimension of the processed data is a preset dimension or not;
if the dimension of the processed data is not the preset dimension, filling the processed data by adopting a second preset character;
and if the dimension of the processed data is the preset dimension, performing quantum amplitude encoding on the processed data by using the n quantum bits.
6. The method of claim 2, wherein preprocessing the data in the predetermined set of data to obtain processed data comprises:
processing the abnormal data in the preset data set to obtain first data, wherein the abnormal data at least comprises the following data: null data, incomplete data;
Smoothing the discrete data in the first data to obtain second data;
and carrying out standardization and normalization processing on the second data to obtain the processed data.
7. The method of claim 2, wherein prior to training the pre-set classification model using the reduced-dimension data to obtain the target prediction model, the method further comprises:
processing the dimension reduced data by adopting a kernel function to obtain a target data set;
dividing the target data set according to a preset proportion to obtain a training set and a testing set.
8. The method of claim 7, wherein training the pre-set classification model using the dimension-reduced data to obtain the target prediction model comprises:
training the preset classification model by adopting the training set to obtain a first model;
and optimizing the first model by adopting the test set to obtain the target prediction model.
9. A network security posture prediction apparatus, comprising:
the acquisition unit is used for acquiring flow information and network operation information when the target equipment operates to obtain target information;
The prediction unit is used for predicting the network security situation of the target information by adopting a target prediction model to obtain a prediction result corresponding to the target information, wherein the target prediction model is a model obtained by performing dimension reduction on data in a preset data set through quantum amplitude coding and training a preset classification model by adopting the dimension reduced data.
10. An electronic device comprising one or more processors and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of predicting a network security posture of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310739273.7A CN116599859A (en) | 2023-06-20 | 2023-06-20 | Network security situation prediction method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310739273.7A CN116599859A (en) | 2023-06-20 | 2023-06-20 | Network security situation prediction method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116599859A true CN116599859A (en) | 2023-08-15 |
Family
ID=87595787
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310739273.7A Pending CN116599859A (en) | 2023-06-20 | 2023-06-20 | Network security situation prediction method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116599859A (en) |
-
2023
- 2023-06-20 CN CN202310739273.7A patent/CN116599859A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111178456A (en) | Abnormal index detection method and device, computer equipment and storage medium | |
| CN113822421B (en) | Neural network-based anomaly locating method, system, equipment and storage medium | |
| CN116862243B (en) | Enterprise risk analysis prediction method, system and medium based on neural network | |
| CN117495109B (en) | Power stealing user identification system based on neural network | |
| CN116861331A (en) | Expert model decision-fused data identification method and system | |
| CN115296933A (en) | Industrial production data risk level assessment method and system | |
| CN117422181B (en) | Fuzzy label-based method and system for early warning loss of issuing clients | |
| Acharya et al. | Efficacy of CNN-bidirectional LSTM hybrid model for network-based anomaly detection | |
| You et al. | sBiLSAN: Stacked bidirectional self-attention lstm network for anomaly detection and diagnosis from system logs | |
| Naidu et al. | Analysis of Hadoop log file in an environment for dynamic detection of threats using machine learning | |
| CN117251817A (en) | Radar fault detection method, device, equipment and storage medium | |
| CN109871711B (en) | Ocean big data sharing and distributing risk control model and method | |
| CN116843395A (en) | Alarm classification method, device, equipment and storage medium of service system | |
| CN116599859A (en) | Network security situation prediction method and device and electronic equipment | |
| CN113076217B (en) | Disk fault prediction method based on domestic platform | |
| CN115567224A (en) | Method for detecting abnormal transaction of block chain and related product | |
| Othman et al. | Impact of dimensionality reduction on the accuracy of data classification | |
| CN118353724B (en) | Encryption malicious traffic detection method and system based on multi-feature selection stacking | |
| CN116863481B (en) | Service session risk processing method based on deep learning | |
| CN118631589B (en) | Network traffic supervision abnormality identification early warning method and system | |
| Alquaifil et al. | Big data (BD)-based approach to network security (NS) and intelligence | |
| CN118214584A (en) | Industrial control network security risk prediction method and device | |
| CN118474682A (en) | Service short message monitoring method and system based on big data | |
| Li et al. | Power terminal anomaly monitoring technology based on autoencoder and multi-layer perceptron | |
| CN118820812A (en) | Intelligent audit model construction method, device and medium based on big data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |