CN116781430B - Network information security system and method for gas pipe network - Google Patents
Network information security system and method for gas pipe network Download PDFInfo
- Publication number
- CN116781430B CN116781430B CN202311070685.2A CN202311070685A CN116781430B CN 116781430 B CN116781430 B CN 116781430B CN 202311070685 A CN202311070685 A CN 202311070685A CN 116781430 B CN116781430 B CN 116781430B
- Authority
- CN
- China
- Prior art keywords
- time sequence
- network
- full
- network traffic
- feature vector
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000012098 association analyses Methods 0.000 claims abstract description 14
- 239000013598 vector Substances 0.000 claims description 250
- 238000005457 optimization Methods 0.000 claims description 21
- 238000009826 distribution Methods 0.000 claims description 19
- 238000000605 extraction Methods 0.000 claims description 15
- 238000003062 neural network model Methods 0.000 claims description 14
- 230000011218 segmentation Effects 0.000 claims description 14
- 238000010219 correlation analysis Methods 0.000 claims description 7
- 239000007789 gas Substances 0.000 description 69
- 230000006399 behavior Effects 0.000 description 54
- 230000002159 abnormal effect Effects 0.000 description 18
- 238000012544 monitoring process Methods 0.000 description 18
- 238000004458 analytical method Methods 0.000 description 14
- VNWKTOKETHGBQD-UHFFFAOYSA-N methane Chemical compound C VNWKTOKETHGBQD-UHFFFAOYSA-N 0.000 description 14
- 230000008859 change Effects 0.000 description 13
- 238000007726 management method Methods 0.000 description 10
- 206010000117 Abnormal behaviour Diseases 0.000 description 8
- 238000001514 detection method Methods 0.000 description 8
- 239000003345 natural gas Substances 0.000 description 7
- 230000004044 response Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000000737 periodic effect Effects 0.000 description 5
- 230000001105 regulatory effect Effects 0.000 description 5
- 230000002155 anti-virotic effect Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 4
- 230000005856 abnormality Effects 0.000 description 3
- 230000002547 anomalous effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 230000006835 compression Effects 0.000 description 3
- 238000007906 compression Methods 0.000 description 3
- 230000001934 delay Effects 0.000 description 3
- 230000001419 dependent effect Effects 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000005065 mining Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012550 audit Methods 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 2
- 230000010485 coping Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000001932 seasonal effect Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 229910000831 Steel Inorganic materials 0.000 description 1
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000001149 cognitive effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000011176 pooling Methods 0.000 description 1
- 238000011897 real-time detection Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 239000010959 steel Substances 0.000 description 1
- 238000012731 temporal analysis Methods 0.000 description 1
- 238000000700 time series analysis Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Abstract
The invention discloses a network information security system and a method thereof for a gas pipe network, wherein the network information security system is used for acquiring network flow values of a plurality of preset time points in a preset time period; performing time sequence collaborative association analysis on the network flow values of the plurality of preset time points to obtain full-time network flow association characteristics; and determining whether the network behavior is normal based on the full-time network traffic correlation feature. Therefore, the network behavior can be monitored abnormally, so that malicious files, malicious mails and malicious codes can be defended and blocked in real time in time, and the safety of a network environment is ensured.
Description
Technical Field
The invention relates to the technical field of intelligent information security, in particular to a network information security system and a network information security method for a gas pipe network.
Background
Along with the improvement of the digitization and networking degree of the gas pipe network, the network information security is very critical. There are a great deal of key assets and sensitive data in the gas pipe network system, including core facilities such as gas supply stations, gas distribution stations, etc., and the normal operation of these facilities is crucial to guaranteeing the safety and reliability of gas supply.
Currently, gas pipe network systems face various network security threats from inside and outside, such as the spread of malicious files, malicious mail, and malicious code, hacking, and information disclosure, among others. In order to protect the safety of the gas pipe network system, effective network information safety measures are required to be adopted.
However, existing network information security systems typically detect and defend based on static rules that are predefined and cannot accommodate changing network threats. For new malicious code or attack patterns, traditional rules may not be recognized and blocked, resulting in security vulnerabilities. Moreover, conventional network security systems often require manual intervention to update rules, analyze logs, and respond to security events, and this manner of relying on manual operations is inefficient and fails to meet the real-time requirements. Meanwhile, human factors are easy to introduce errors and delays, and the risk of the system is increased.
Accordingly, an optimized network information security system for a gas pipe network is desired.
Disclosure of Invention
The embodiment of the invention provides a network information security system and a method for a gas pipe network, wherein the network information security system is used for acquiring network flow values of a plurality of preset time points in a preset time period; performing time sequence collaborative association analysis on the network flow values of the plurality of preset time points to obtain full-time network flow association characteristics; and determining whether the network behavior is normal based on the full-time network traffic correlation feature. Therefore, the network behavior can be monitored abnormally, so that malicious files, malicious mails and malicious codes can be defended and blocked in real time in time, and the safety of a network environment is ensured.
The embodiment of the invention also provides a network information security method for the gas pipe network, which comprises the following steps: acquiring network flow values at a plurality of preset time points in a preset time period; performing time sequence collaborative association analysis on the network flow values of the plurality of preset time points to obtain full-time network flow association characteristics; and determining whether the network behavior is normal based on the full-time network traffic correlation feature.
In the above network information security method for a gas pipe network, performing time-sequence collaborative correlation analysis on the network flow values at the plurality of predetermined time points to obtain a full-time network flow correlation feature, including: arranging the network flow values of the plurality of preset time points according to the time dimension to obtain a network flow time sequence input vector; vector segmentation is carried out on the network traffic time sequence input vector to obtain a plurality of network traffic local time sequence input vectors; respectively extracting the characteristics of the plurality of network traffic local time sequence input vectors through a time sequence characteristic extractor based on a deep neural network model to obtain a plurality of network traffic local time sequence characteristic vectors; and performing time sequence association coding on the local time sequence feature vectors of the network traffic to obtain a full time sequence context network traffic feature vector as the full time sequence network traffic association feature.
In the network information security method for the gas pipe network, the time sequence feature extractor based on the deep neural network model is a time sequence feature extractor based on a one-dimensional convolution layer.
In the above network information security method for a gas pipe network, the performing time sequence association encoding on the plurality of local time sequence feature vectors of the network traffic to obtain a full time sequence context network traffic feature vector as the full time sequence network traffic association feature includes: the plurality of network traffic local time sequence feature vectors are passed through a time sequence context encoder based on a converter module to obtain the full time sequence context network traffic feature vector.
In the above network information security method for a gas pipe network, determining whether the network behavior is normal based on the full-time-sequence network traffic correlation feature includes: performing feature distribution optimization on the full-time sequence context network flow feature vector to obtain an optimized full-time sequence context network flow feature vector; and the optimized full-time sequence context network flow characteristic vector passes through a classifier to obtain a classification result, wherein the classification result is used for indicating whether the network behavior is normal or not.
In the above network information security method for a gas pipe network, performing feature distribution optimization on the full-time-sequence context network flow feature vector to obtain an optimized full-time-sequence context network flow feature vector, including: cascading the plurality of network traffic local time sequence feature vectors to obtain cascading feature vectors; and performing Hilbert space heuristic sequence tracking equalization on the cascade feature vector and the full-time sequence context network traffic feature vector to obtain the optimized full-time sequence context network traffic feature vector.
In the above network information security method for a gas pipe network, performing hilbert space heuristic sequence tracking equalization on the cascade feature vector and the full-time sequence context network traffic feature vector to obtain the optimized full-time sequence context network traffic feature vector, including: performing Hilbert space heuristic sequence tracking equalization on the cascade feature vector and the full-time sequence context network flow feature vector by using the following optimization formula to obtain the optimized full-time sequence context network flow feature vector; wherein, the optimization formula is:wherein (1)>Is the cascade feature vector,/->Is the full time sequence context network traffic feature vector,/for>Is the transpose of the full-time sequence context network traffic feature vector,/for the full-time sequence context network traffic feature vector>Representing feature vector +.>And->Is +.>Representing the cascade feature vector->And said full time sequence context network traffic feature vector +.>Mean value of union set of all eigenvalues of (2), and said cascade eigenvector +.>And said full time sequence context network traffic feature vector +.>Are all the vectors of the rows and,representing multiplication by location +.>Representing vector addition, ++ >Is the optimized full-time sequence context network traffic feature vector,is the set of eigenvalues for all positions in the concatenated eigenvector, < >>Is the set of eigenvalues for all locations in the full time sequence contextual network traffic eigenvector.
The embodiment of the invention also provides a network information security system for the gas pipe network, which comprises: the flow value acquisition module is used for acquiring network flow values of a plurality of preset time points in a preset time period; the collaborative correlation analysis module is used for carrying out time sequence collaborative correlation analysis on the network flow values of the plurality of preset time points so as to obtain full-time network flow correlation characteristics; and the network behavior determining module is used for determining whether the network behavior is normal or not based on the full-time sequence network traffic correlation characteristic.
In the above network information security system for a gas pipe network, the network behavior determining module is configured to: performing feature distribution optimization on the full-time sequence context network flow feature vector to obtain an optimized full-time sequence context network flow feature vector; the optimized full-time sequence context network flow characteristic vector passes through a classifier to obtain a classification result, and the classification result is used for indicating whether the network behavior is normal or not; in the above network information security system for a gas pipe network, performing feature distribution optimization on the full-time-sequence context network flow feature vector to obtain an optimized full-time-sequence context network flow feature vector, including: cascading the plurality of network traffic local time sequence feature vectors to obtain cascading feature vectors; performing Hilbert space heuristic sequence tracking equalization on the cascade feature vector and the full-time sequence context network traffic feature vector to obtain the optimized full-time sequence context network traffic feature vector; in the above network information security system for a gas pipe network, performing hilbert space heuristic sequence tracking equalization on the cascade feature vector and the full-time sequence context network traffic feature vector to obtain the optimized full-time sequence context network traffic feature vector, including: performing Hilbert space heuristic sequence tracking equalization on the cascade feature vector and the full-time sequence context network flow feature vector by using the following optimization formula to obtain the optimized full-time sequence context network flow feature vector; wherein, the optimization formula is: Wherein (1)>Is the cascade feature vector,/->Is the full time sequence context network traffic feature vector,/for>Is the transpose of the full-time sequence context network traffic feature vector,/for the full-time sequence context network traffic feature vector>Representing feature vector +.>And->Is used to determine the two norms of the cascade of vectors,representing the cascade feature vector->And said full time sequence context network traffic feature vector +.>Mean value of union set of all eigenvalues of (2), and said cascade eigenvector +.>And said full time sequence context network traffic feature vector +.>Are all row vectors, +.>Representing multiplication by location +.>Representing vector addition, ++>Is the optimized full time sequence context network traffic feature vector,/for>Is the set of eigenvalues for all positions in the concatenated eigenvector, < >>Is the set of eigenvalues for all locations in the full time sequence contextual network traffic eigenvector.
In the above network information security system for a gas pipe network, the collaborative association analysis module includes: the vector arrangement unit is used for arranging the network flow values of the plurality of preset time points according to the time dimension to obtain a network flow time sequence input vector; the vector segmentation unit is used for carrying out vector segmentation on the network traffic time sequence input vector so as to obtain a plurality of network traffic local time sequence input vectors; the time sequence feature extraction unit is used for respectively carrying out feature extraction on the plurality of network traffic local time sequence input vectors through a time sequence feature extractor based on a deep neural network model so as to obtain a plurality of network traffic local time sequence feature vectors; and the time sequence association coding unit is used for performing time sequence association coding on the plurality of network traffic local time sequence feature vectors to obtain a full-time sequence context network traffic feature vector as the full-time sequence network traffic association feature.
In the above network information security system for a gas pipe network, the time sequence feature extractor based on the deep neural network model is a time sequence feature extractor based on a one-dimensional convolution layer.
Compared with the prior art, the invention provides a network information security system and a network information security method for a gas pipe network, which can perform abnormal monitoring on network behaviors, so as to timely defend and block malicious files, malicious mails and malicious codes in real time, and ensure the security of a network environment.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
In the drawings: fig. 1 is a flowchart of a network information security method for a gas pipe network according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a system architecture of a network information security method for a gas pipe network according to an embodiment of the present invention.
Fig. 3 is a flowchart of the sub-steps of step 120 in a network information security method for a gas network according to an embodiment of the present application.
Fig. 4 is a block diagram of a network information security system for a gas pipe network according to an embodiment of the present application.
Fig. 5 is an application scenario diagram of a network information security method for a gas pipe network provided in an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings. The exemplary embodiments of the present application and their descriptions herein are for the purpose of explaining the present application, but are not to be construed as limiting the application.
Unless defined otherwise, all technical and scientific terms used in the embodiments of the application have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used in the present application is for the purpose of describing particular embodiments only and is not intended to limit the scope of the present application.
In describing embodiments of the present application, unless otherwise indicated and limited thereto, the term "connected" should be construed broadly, for example, it may be an electrical connection, or may be a communication between two elements, or may be a direct connection, or may be an indirect connection via an intermediate medium, and it will be understood by those skilled in the art that the specific meaning of the term may be interpreted according to circumstances.
It should be noted that, the term "first\second\third" related to the embodiment of the present application is merely to distinguish similar objects, and does not represent a specific order for the objects, it is to be understood that "first\second\third" may interchange a specific order or sequence where allowed. It is to be understood that the "first\second\third" distinguishing objects may be interchanged where appropriate such that embodiments of the application described herein may be practiced in sequences other than those illustrated or described herein.
It should be understood that a gas network refers to a piping system for transporting and distributing natural gas or other combustible gas, a critical infrastructure for transporting natural gas from a production site (e.g., an oil or gas field) to end users (e.g., home, industrial, and commercial users).
The gas pipe network is composed of the following components: 1. gas pipeline: gas pipelines are the main components of a gas pipeline network for transporting natural gas from a production site to various use sites. These pipes are typically made of high strength materials (e.g., steel) to withstand the high pressures and long distance transport requirements.
2. Compression station: compression stations are located at critical locations in the pipeline system for pressurizing the natural gas to maintain pressure within the pipeline during long distance transport. Compression stations typically include a compressor and associated equipment.
3. And (3) a voltage regulating station: the pressure regulating station is used for regulating the high-pressure natural gas delivered to the user to a proper low pressure so as to meet the user requirement. The pressure regulating station typically includes a pressure reducing valve and a pressure regulating device.
4. Branch line pipe: branch pipelines are pipelines branching from a main pipeline for delivering natural gas to a particular user or region.
5. Measurement and monitoring device: the gas network is also equipped with measuring and monitoring equipment for monitoring and recording the flow, pressure and other relevant parameters in the pipeline. These devices can assist operators in the management and maintenance of the piping system and provide real-time data for security and operational decisions.
The safety of the gas pipe network is important to guaranteeing the continuity of natural gas supply and the safety of users. Therefore, it is very important to optimize the network information security system for the gas pipe network to ensure the operation and data security of the pipe network. Anomaly monitoring of network behavior is of great necessity in network information security.
There are various threats in the network environment, such as malicious code, network attacks, and data leakage. By performing anomaly monitoring of network behavior, anomalous activity, including unusual data traffic, unauthorized access attempts, or anomalous user behavior, can be detected in time. This helps to discover and address potential threats early, reducing losses and risks.
Conventional network security systems typically detect and defend based on known rules and signatures. However, new types of malicious code and attack techniques continue to emerge, and these unknown threats cannot be covered by traditional rules. Through abnormal monitoring of network behavior, activities that do not conform to normal behavior patterns can be detected and further analyzed and identified for potential unknown threats.
The response time of network attacks and security events is very important. By monitoring network behavior anomalies in real time, security events can be quickly discovered and responded, and appropriate measures can be taken to block attacks, repair vulnerabilities, or isolate affected systems. This helps to reduce the loss caused by the attack and improves the security and usability of the system.
Conventional network security systems typically require reliance on manual intervention to update rules, analyze logs, and respond to security events. However, human factors tend to introduce errors and delays, increasing the risk of the system. Through the automatic network behavior abnormality monitoring system, dependence on manual operation can be reduced, and safety and response efficiency are improved.
Abnormal monitoring of network behavior can discover threats in time, prevent unknown threats, reduce response time and reduce risk of human factors. This is critical to protecting the security of the network environment, preventing and coping with network attacks and security events.
In the application, data security equipment is used to meet the third-level national level protection requirements. The security management area is provided with an industrial control situation sensing probe, industrial control security monitoring and auditing, industrial control intrusion detection, industrial operation and maintenance auditing, industrial control vulnerability scanning, log collection and analysis, database auditing and the like, so that unified collection, unified analysis and unified treatment of the whole network traffic are realized, and the policy is issued uniformly. Meanwhile, audit and tracing are carried out on the process of logging in the whole network asset by operation and maintenance management personnel, third party personnel and other identity personnel. Meanwhile, a firewall is deployed for access control, the WAF function and the anti-virus function are provided, the L2-7 layer protection is provided for the core asset, the external risk is effectively avoided, the malicious codes of malicious files and malicious mails are defended and blocked in real time, the real-time detection is carried out on the safety environment, and the safety of a data center is ensured.
The security management realizes complete visualization, a security management platform is deployed in a security management center area and is communicated with security devices through SSL (secure socket layer) encryption tunnels, functions of centralized management of security devices of the whole network, centralized monitoring of security events and alarms, security event audit and the like are realized, the combination of a security technical layer and a management layer is realized, information of logs, events, alarms and the like of various security devices is collected, a user can uniformly monitor the security information through a single management control console, meanwhile, the security information can be conveniently checked and analyzed, the security condition of an IT computing environment is comprehensively mastered, more accurate judgment is given to security threat, the working efficiency of security management staff is improved, the security management system and flow of enterprises are optimized, and islands of security defense are eliminated. The report can be quickly generated by utilizing the built-in report function to investigate or check whether the report meets the requirements. And comprehensively grasping the intranet risk situation through an attack principle, a response scheme and an evaluation report so as to predict the intranet risk situation.
And (3) deploying an antivirus software server, wherein all computers in the production network are required to be provided with antivirus software clients, and performing real-time antivirus, monitoring and updating of vulnerability patches.
In one embodiment of the present invention, fig. 1 is a flowchart of a network information security method for a gas pipe network according to an embodiment of the present invention. Fig. 2 is a schematic diagram of a system architecture of a network information security method for a gas pipe network according to an embodiment of the present invention. As shown in fig. 1 and 2, a network information security method for a gas pipe network according to an embodiment of the present invention includes: 110, acquiring network flow values of a plurality of preset time points in a preset time period; 120, performing time sequence collaborative association analysis on the network flow values of the plurality of preset time points to obtain full-time network flow association characteristics; and, 130, determining whether the network is behaving normally based on the full-time network traffic correlation characteristics.
In the step 110, accurate collection and recording of network traffic is ensured, including information such as source IP address, destination IP address, transport protocol, packet size, etc. The acquisition time period and point in time are reasonably selected to cover critical operating periods and network traffic during activity. The network traffic data of a plurality of time points in a preset time period is obtained, a basis is provided for subsequent analysis and processing, and the network traffic data can be used for detecting abnormal traffic and identifying potential attack behaviors and abnormal user behaviors.
In the step 120, time-series collaborative correlation analysis is performed on the network traffic data at a plurality of time points using appropriate data processing and analysis techniques, such as time-series analysis, correlation rule mining, machine learning, and the like. And selecting a proper feature extraction method and algorithm to obtain the associated features of the full-time network traffic. The correlation mode and abnormal behavior between network traffic can be found out through time sequence collaborative correlation analysis. The method is helpful for identifying potential network attacks, abnormal data transmission and unknown threats, and the extracted full-time network traffic associated features can be used as inputs of subsequent steps for abnormal detection and judgment of network behaviors.
In the step 130, an appropriate model or rule is established to determine whether the network is behaving normally using the full-time network traffic correlation feature. Classification and determination of network behavior may be performed using supervised learning, unsupervised learning, or rule-based methods. Model training and verification are carried out according to specific conditions, and proper thresholds or rules are set to identify abnormal behaviors. The network behavior is judged based on the full-time sequence network flow correlation characteristics, abnormal activities and potential security threats can be detected rapidly, and timely measures are taken to block attacks and protect the security of the system and data.
Through the combination of the three steps, a comprehensive network information security system can be constructed and used for monitoring and defending network threats in a gas pipe network. The system can improve the safety and response efficiency of the gas pipe network and reduce errors and delays caused by human factors.
Specifically, in the step 110, network flow values at a plurality of predetermined time points within a predetermined period of time are acquired. Aiming at the technical problems, the technical concept of the application is that after the network flow value is acquired, a data processing and analyzing algorithm is introduced into the rear end to analyze the time sequence change trend of the network flow, so as to monitor the abnormality of the network behavior, thereby defending and blocking malicious files, malicious mails and malicious codes in real time to ensure the safety of the network environment.
Specifically, in the technical scheme of the present application, first, network flow values at a plurality of predetermined time points in a predetermined period are acquired. By obtaining network flow values at a plurality of time points over a predetermined period of time, a baseline or normal behavior model may be established. Seasonal, periodic, and trending changes in network traffic may be captured using the network traffic values at these time points as references to normal behavior. Thus, subsequent network behavior anomaly detection can be compared with the reference to determine whether an anomaly exists.
By comparing network traffic values at a plurality of time points over a predetermined period of time, abnormal network behavior may be detected, which may include abnormal data traffic, abnormal transmission protocols, abnormal packet sizes, etc. By timely discovering and identifying these anomalous behavior, corresponding measures can be taken to deter potential attacks or threats.
The change in network traffic may reflect a potential threat or attack, and by obtaining network traffic values at multiple points in time over a predetermined period, unusual traffic patterns or abnormal traffic peaks may be found. These changes may be due to network attacks, malicious code propagation, or data leakage, among others. By analyzing these changes, potential threats can be identified and corresponding security measures taken.
The network flow values at a plurality of time points in the preset time period are obtained to provide real-time network state information, and abnormal behaviors can be found in time and corresponding response measures can be taken by monitoring the change of the network flow in real time. The method is beneficial to rapidly coping with network attack, reducing loss and improving the safety and usability of the gas pipe network.
The acquisition of network flow values at a plurality of preset time points within a preset time period is one of important steps for determining whether the network is normal or not, provides functions of reference establishment, anomaly detection, potential threat identification, real-time monitoring and the like, and is beneficial to improving the efficiency and response capability of the network information security system.
Specifically, in the step 120, a time-sequence collaborative association analysis is performed on the network traffic values at the plurality of predetermined time points to obtain a full-time network traffic association feature. Fig. 3 is a flowchart of the sub-steps of step 120 in the network information security method for a gas pipe network according to the embodiment of the present invention, as shown in fig. 3, performing time-sequence collaborative association analysis on network flow values at a plurality of predetermined time points to obtain a full-time network flow association feature, including: 121, arranging the network traffic values of the plurality of preset time points according to a time dimension to obtain a network traffic time sequence input vector; 122, vector segmentation is carried out on the network traffic time sequence input vector to obtain a plurality of network traffic local time sequence input vectors; 123, respectively performing feature extraction on the plurality of network traffic local time sequence input vectors through a time sequence feature extractor based on a deep neural network model to obtain a plurality of network traffic local time sequence feature vectors; and 124, performing time sequence association coding on the local time sequence feature vectors of the network traffic to obtain a full time sequence context network traffic feature vector as the full time sequence network traffic association feature.
Firstly, the network traffic values at a plurality of time points are arranged according to the time dimension, so that the time sequence change of the network traffic can be captured, the periodic, trending and seasonal characteristics of the network traffic can be found, and the basis of full-time network traffic analysis is provided. Then, by vector segmentation of the network traffic time sequence input vector, the network traffic data with full time sequence can be decomposed into a plurality of local time sequence data blocks, which is helpful for capturing local behaviors and events of the network traffic and improving the detection and recognition capability of abnormal behaviors. Then, by applying a timing feature extractor based on a deep neural network model, key timing features can be extracted from a plurality of network traffic local timing input vectors. These features may include frequency domain features, time domain features, periodic features, etc., which help capture important feature information of network traffic. Finally, by performing time sequence association coding on a plurality of local time sequence feature vectors of the network traffic, the local features can be associated with the full time sequence context, thereby being beneficial to capturing the global behavior mode and the context information of the network traffic and providing more comprehensive and accurate network behavior analysis.
In the step 121, in consideration of the fact that the network traffic value is continuously changed with time, and has a time-sequential dynamic change rule in a time dimension, in order to effectively capture the time-sequential change situation of the network traffic value, in the technical scheme of the present application, the network traffic values at the plurality of predetermined time points need to be further arranged according to the time dimension to obtain a network traffic time sequence input vector, so as to integrate the time-sequential distribution information of the network traffic value.
Specifically, first, network traffic data at a plurality of predetermined time points needs to be collected. The data can be obtained from network equipment or sensors of the gas pipe network, including information such as flow size, transmission protocol, data packet size and the like at each time point. The collected network traffic data is then sorted by time dimension. That is, data at an earlier time point is ranked in front, and data at a later time point is ranked in rear. Thus, the network flow data can be ensured to be arranged according to the time sequence. Then, after sorting according to the time dimension, the network traffic data is organized into a time sequence input vector. The network flow values at each point in time may be arranged in time order as one element of a vector. For example, if there are 5 points in time of network traffic data, the timing input vector may be expressed as [ traffic value 1, traffic value 2, traffic value 3, traffic value 4, traffic value 5].
By arranging in a time dimension, network flow values at a plurality of predetermined points in time can be organized into an ordered time series input vector. Thus, the time sequence change of the network traffic can be better captured, and a basis is provided for subsequent analysis and processing.
Further to the step 122, it is contemplated that the information of various network activities is included because the network traffic is typically a continuous time series. Also, the entire network traffic sequence may contain a lot of noise and redundant information, while different types of network behavior may also exist. Therefore, in the technical scheme of the application, in order to analyze and detect network behaviors more accurately, vector segmentation is further required to be performed on the network traffic time sequence input vector to obtain a plurality of network traffic local time sequence input vectors so as to perform independent feature extraction and analysis on each local. That is, by slicing the network traffic timing input vector, complex network traffic data can be converted into a series of local timing input vectors, each representing a network traffic timing change and fluctuation over a period of time. Thus, feature extraction and analysis can be more centralized and accurate, and the method is beneficial to finding and identifying specific types of network behaviors such as abnormal traffic, attack behaviors and the like.
Vector slicing is the process of dividing one network traffic timing input vector into multiple smaller local timing input vectors. The purpose of this is to break up the full-time sequence of network traffic data into multiple local data blocks for independent feature extraction and analysis for each local.
Specifically, first, the size of the dicing window is defined. The segmentation window is a window with a fixed length for segmenting the time sequence input vector of the network traffic, and the size of the window can be selected according to specific requirements and is usually determined according to application scenes and data characteristics. And then, carrying out sliding window operation on the network flow time sequence input vector according to the size of the splitting window, and sequentially sliding the splitting window to the tail of the vector from the starting position of the network flow time sequence input vector. The length of one window is slid at a time to form a local timing input vector. Then, through the slicing operation, the network traffic timing input vector is divided into a plurality of non-overlapping local timing input vectors, each of which represents data of one local time period of the network traffic. Finally, independent feature extraction and analysis are performed for each local timing input vector. A critical timing feature may be extracted from each local timing input vector using various methods and techniques, such as a feature extractor based on a deep neural network model.
Through vector segmentation, the network flow data in full time sequence can be decomposed into a plurality of local time sequence data blocks, so that feature extraction and analysis of each local part are more convenient and efficient, the capture of local behaviors and events of the network flow is facilitated, and the detection and recognition capability of abnormal behaviors is improved.
For the step 123, the deep neural network model-based timing feature extractor is a one-dimensional convolutional layer-based timing feature extractor. And then, the local time sequence input vectors of the network flow are respectively subjected to feature mining through a time sequence feature extractor based on a one-dimensional convolution layer, so that local time sequence dynamic associated feature information of the network flow value is respectively extracted, namely, time sequence change feature information of the network flow value on each segmentation local area is respectively extracted, and a plurality of local time sequence feature vectors of the network flow are obtained.
It should be appreciated that the one-dimensional convolution layer slides the convolution kernel in the time dimension, which effectively captures time-series patterns in the network traffic data, which patterns may include periodic variations, trends, periodic anomalies, etc., which patterns can be identified and key features extracted by learning the feature extractor. The one-dimensional convolution layer has the characteristics of local perceptibility and parameter sharing, and can efficiently extract local features. For each local timing input vector, the one-dimensional convolution layer may extract features on different time scales through a sliding window operation, thereby capturing timing information of the local features.
Through pooling operation, the extracted features can be subjected to dimension reduction and summarization, which is helpful for reducing the dimension of the features and retaining the most important information. Reducing the dimensionality can reduce the computational complexity and prevent over-fitting problems.
The time sequence feature extractor based on the one-dimensional convolution layer has good generalization capability, and the model can adapt to different network flow modes and changes by learning different convolution kernel weights in the training process. This enables the feature extractor to perform accurate feature extraction and analysis on the unseen data. The plurality of local time sequence input vectors are respectively input into the feature extractor, so that independent feature extraction and analysis of each local can be realized, network flow behaviors and events in different time periods can be better captured, and the capability of anomaly detection and recognition is improved.
The characteristic mining is carried out on the local time sequence input vectors of the network traffic through the time sequence characteristic extractor based on the one-dimensional convolution layer, so that the time sequence information can be fully utilized, key characteristics can be extracted, and the monitoring and protecting capability for the network information safety of the gas pipe network can be enhanced.
For the step 124, it includes: the plurality of network traffic local time sequence feature vectors are passed through a time sequence context encoder based on a converter module to obtain the full time sequence context network traffic feature vector.
Then, because the network flow value has the correlation characteristic based on the time sequence whole in the whole preset time period, in order to effectively capture the time sequence change condition and fluctuation condition of the network flow value in the preset time period and monitor the network behavior more accurately, in the technical scheme of the application, the plurality of local time sequence feature vectors of the network flow are further encoded in the time sequence context encoder based on the converter module so as to extract the time sequence local change feature of the network flow based on the context correlation feature information of the time sequence whole, thereby obtaining the full time sequence context network flow feature vector.
Specifically, in the step 130, determining whether the network behavior is normal based on the full-time network traffic correlation feature includes: performing feature distribution optimization on the full-time sequence context network flow feature vector to obtain an optimized full-time sequence context network flow feature vector; and the optimized full-time sequence context network flow characteristic vector is passed through a classifier to obtain a classification result, wherein the classification result is used for indicating whether the network behavior is normal or not.
The feature distribution optimization is carried out on the full-time sequence context network flow feature vector, so that key features can be further extracted and emphasized, redundant information is reduced, the expression capacity and the distinguishing degree of the features are improved, and the classifier can distinguish normal behaviors from abnormal behaviors more easily.
The optimized full-time sequence context network flow characteristic vector can better reflect the time sequence mode and key characteristics of network behavior. By using the classifier to classify the feature vectors, abnormal behaviors can be effectively detected, the classifier can learn the mode of normal behaviors and judge the network behaviors which are inconsistent with the normal behaviors as abnormal, so that the detection capability of the gas pipe network information security system on the abnormal behaviors is improved.
By classifying the network behavior as normal or abnormal, the network safety state of the gas pipe network can be monitored in real time. Once the classification result shows that the network is abnormal in behavior, the system can timely take corresponding safety measures, such as alarming, blocking network flow, investigating event reasons and the like, so as to protect the safety of the gas pipe network.
In one embodiment of the present application, performing feature distribution optimization on the full-time sequence context network traffic feature vector to obtain an optimized full-time sequence context network traffic feature vector, including: cascading the plurality of network traffic local time sequence feature vectors to obtain cascading feature vectors; and performing Hilbert space heuristic sequence tracking equalization on the cascade feature vector and the full-time sequence context network traffic feature vector to obtain the optimized full-time sequence context network traffic feature vector.
In particular, in the technical solution of the present application, when the plurality of network traffic local time sequence feature vectors pass through the time sequence context encoder based on the converter module to obtain the full time sequence context network traffic feature vector, the network traffic values expressed by the network traffic local time sequence feature vectors may be subjected to context-dependent encoding across local time domains, but in the case of performing the context-dependent encoding based on the local time domain whole, the expression of the local correlation features in the time domain expressed by the respective network traffic values may be blurred, so it is desirable to correct the full time sequence context network traffic feature vector based on the plurality of network traffic local time sequence feature vectors.
And, the applicant of the present application considers that both the plurality of network traffic local time sequence feature vectors and the full time sequence context network traffic feature vector are arranged in a sequence direction based on the local time domain, that is, follow a spatial distribution based on the sequence in the whole time domain space, thus, cascade feature vectors obtained by cascading the plurality of network traffic local time sequence feature vectors are, for example, written as And said full time context network traffic feature vector, e.g. denoted +.>Hilbert space heuristic sequence tracking equalization is performed, specifically expressed as: performing Hilbert space heuristic sequence tracking equalization on the cascade feature vector and the full-time sequence context network flow feature vector by using the following optimization formula to obtain the optimized full-time sequence context network flow feature vector; wherein, the optimization formula is:wherein (1)>Is the cascade feature vector,/->Is the full time sequence context network traffic feature vector,/for>Is the transpose of the full-time sequence context network traffic feature vector,/for the full-time sequence context network traffic feature vector>Representing feature vector +.>And->Is +.>Representing the cascade feature vector->And said full time sequence context network traffic feature vector +.>Mean value of union set of all eigenvalues of (2), and said cascade eigenvector +.>And said full time sequence context network traffic feature vector +.>Are all the vectors of the rows and,representing multiplication by location +.>Representing vector addition, ++>Is the optimized full-time sequence context network traffic feature vector,is the set of eigenvalues for all positions in the concatenated eigenvector, < > >Is the set of eigenvalues for all locations in the full time sequence contextual network traffic eigenvector.
Here, the complete inner product space characteristic of the hilbert space with inner product is utilized to pass through the cascade of feature vectorsAnd said full time sequence context network traffic feature vector +.>Is aggregated mean of sequence aggregation (collective average), exploring the cascade feature vector +.>And said full time sequence context network traffic feature vector +.>Sequence-based spatial distribution heuristics (heuristics) within feature space fused via context-dependent coding to +/for the full-time contextual network traffic feature vector>The local feature distribution of the sequence is converted into a sequence tracking instance (tracking instance) in a fusion space, so that tracking small-segment cognitive (tracking let-aware) distribution equalization of the feature space distribution of the sequence is realized, and thus, the equalization expression of the local association features of the full-time sequence context network flow feature vector to the time domain expressed by the local time sequence feature vector of each network flow is realized through the distribution equalization of the full-time sequence context network flow feature vector relative to the local time sequence feature vectors of the network flows, and the expression effect of the full-time sequence context network flow feature vector is enhanced. In this way, the time sequence fluctuation and the change trend of the network traffic can be based The network behavior anomaly monitoring is carried out, so that malicious files, malicious mails and malicious codes can be timely defended and blocked in real time, and the safety of a network environment is ensured.
And then, the full-time sequence context network flow characteristic vector passes through a classifier to obtain a classification result, wherein the classification result is used for indicating whether the network behavior is normal or not. That is, the network traffic is classified by the full-time associated feature information, so as to monitor the network behavior abnormality, and thus defend and block the malicious files, malicious mails and malicious codes in time, so as to ensure the security of the network environment.
In summary, the network information security method for the gas pipe network according to the embodiment of the invention is explained, after the network flow value is acquired, a data processing and analyzing algorithm is introduced into the rear end to analyze the time sequence change trend of the network flow, so that the abnormal monitoring of the network behavior is performed, and malicious files, malicious mails and malicious codes are timely defended and blocked in real time, so that the security of the network environment is ensured.
Fig. 4 is a block diagram of a network information security system for a gas pipe network according to an embodiment of the present invention. As shown in fig. 4, the network information security system for a gas pipe network includes: a flow value obtaining module 210, configured to obtain network flow values at a plurality of predetermined time points within a predetermined time period; the collaborative association analysis module 220 is configured to perform time-sequence collaborative association analysis on the network traffic values at the plurality of predetermined time points to obtain a full-time network traffic association feature; and a network behavior determining module 230, configured to determine whether the network behavior is normal based on the full-time network traffic correlation feature.
Specifically, in the network information security system for a gas pipe network, the collaborative association analysis module includes: the vector arrangement unit is used for arranging the network flow values of the plurality of preset time points according to the time dimension to obtain a network flow time sequence input vector; the vector segmentation unit is used for carrying out vector segmentation on the network traffic time sequence input vector so as to obtain a plurality of network traffic local time sequence input vectors; the time sequence feature extraction unit is used for respectively carrying out feature extraction on the plurality of network traffic local time sequence input vectors through a time sequence feature extractor based on a deep neural network model so as to obtain a plurality of network traffic local time sequence feature vectors; and the time sequence association coding unit is used for performing time sequence association coding on the plurality of network traffic local time sequence feature vectors to obtain a full time sequence context network traffic feature vector as the full time sequence network traffic association feature.
Specifically, in the network information security system for the gas pipe network, the time sequence feature extractor based on the deep neural network model is a time sequence feature extractor based on a one-dimensional convolution layer.
It will be appreciated by those skilled in the art that the specific operation of the steps in the above-described network information security system for a gas pipe network has been described in detail in the above description of the network information security method for a gas pipe network with reference to fig. 1 to 3, and thus, repetitive descriptions thereof will be omitted.
As described above, the network information security system 200 for a gas pipe network according to the embodiment of the present invention may be implemented in various terminal devices, for example, a server for network information security of a gas pipe network, and the like. In one example, the network information security system 200 for a gas network according to an embodiment of the present invention may be integrated into a terminal device as one software module and/or hardware module. For example, the network information security system 200 for a gas network may be a software module in the operating system of the terminal device, or may be an application developed for the terminal device; of course, the network information security system 200 for a gas network can also be one of a plurality of hardware modules of the terminal device.
Alternatively, in another example, the network information security system 200 for a gas pipe network and the terminal device may be separate devices, and the network information security system 200 for a gas pipe network may be connected to the terminal device through a wired and/or wireless network and transmit the interactive information in a agreed data format.
Fig. 5 is an application scenario diagram of a network information security method for a gas pipe network provided in an embodiment of the present invention. As shown in fig. 5, in the application scenario, first, network flow values (e.g., C as illustrated in fig. 5) at a plurality of predetermined time points within a predetermined period of time are acquired; the acquired network flow values are then input into a server (e.g., S as illustrated in fig. 5) deployed with a network information security algorithm for the gas pipe network, wherein the server is capable of processing the network flow values based on the network information security algorithm for the gas pipe network to determine whether the network is functioning properly.
The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the invention, and is not meant to limit the scope of the invention, but to limit the invention to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (5)
1. A network information security method for a gas pipe network, comprising:
acquiring network flow values at a plurality of preset time points in a preset time period;
performing time sequence collaborative association analysis on the network flow values of the plurality of preset time points to obtain full-time network flow association characteristics; and
determining whether the network behavior is normal or not based on the full-time network traffic correlation characteristics;
performing time sequence collaborative association analysis on the network flow values of the plurality of preset time points to obtain full-time network flow association characteristics, wherein the time sequence collaborative association analysis comprises the following steps:
arranging the network flow values of the plurality of preset time points according to the time dimension to obtain a network flow time sequence input vector;
vector segmentation is carried out on the network traffic time sequence input vector to obtain a plurality of network traffic local time sequence input vectors;
Respectively extracting the characteristics of the plurality of network traffic local time sequence input vectors through a time sequence characteristic extractor based on a deep neural network model to obtain a plurality of network traffic local time sequence characteristic vectors; and
performing time sequence association coding on the local time sequence feature vectors of the network traffic to obtain a full time sequence context network traffic feature vector as the full time sequence network traffic association feature
Wherein determining whether the network behavior is normal based on the full-time network traffic correlation feature comprises:
performing feature distribution optimization on the full-time sequence context network flow feature vector to obtain an optimized full-time sequence context network flow feature vector; and
the optimized full-time sequence context network flow characteristic vector is passed through a classifier to obtain a classification result, wherein the classification result is used for indicating whether the network behavior is normal or not;
performing feature distribution optimization on the full-time sequence context network traffic feature vector to obtain an optimized full-time sequence context network traffic feature vector, including:
cascading a plurality of network traffic local time sequence feature vectors to obtain cascading feature vectors; and
performing Hilbert space heuristic sequence tracking equalization on the cascade feature vector and the full-time sequence context network traffic feature vector to obtain the optimized full-time sequence context network traffic feature vector;
Performing hilbert space heuristic sequence tracking equalization on the cascade feature vector and the full-time sequence context network traffic feature vector to obtain the optimized full-time sequence context network traffic feature vector, wherein the method comprises the following steps of:
performing Hilbert space heuristic sequence tracking equalization on the cascade feature vector and the full-time sequence context network flow feature vector by using the following optimization formula to obtain the optimized full-time sequence context network flow feature vector;
wherein, the optimization formula is:
,
wherein,is the cascade feature vector,/->Is the full time sequence context network traffic feature vector,/for>Is the transpose of the full-time sequence context network traffic feature vector,/for the full-time sequence context network traffic feature vector>Representing feature vector +.>And->Is +.>Representing the cascade feature vector->And said full time sequence context network traffic feature vector +.>Mean value of union set of all eigenvalues of (2), and said cascade eigenvector +.>And said full time sequence context network traffic feature vector +.>Are all row vectors, +.>Representing multiplication by location +.>Representing vector addition, ++>Is the optimized full time sequence context network traffic feature vector,/for >Is the set of eigenvalues for all positions in the concatenated eigenvector, < >>Is the set of eigenvalues for all locations in the full time sequence contextual network traffic eigenvector.
2. The network information security method for a gas pipe network according to claim 1, wherein the time sequence feature extractor based on the deep neural network model is a time sequence feature extractor based on a one-dimensional convolution layer.
3. The network information security method for a gas pipe network according to claim 2, wherein performing time-sequence association encoding on the plurality of network traffic local time-sequence feature vectors to obtain a full-time-sequence context network traffic feature vector as the full-time-sequence network traffic association feature, comprises: the plurality of network traffic local time sequence feature vectors are passed through a time sequence context encoder based on a converter module to obtain the full time sequence context network traffic feature vector.
4. A network information security system for a gas network, comprising:
the flow value acquisition module is used for acquiring network flow values of a plurality of preset time points in a preset time period;
the collaborative correlation analysis module is used for carrying out time sequence collaborative correlation analysis on the network flow values of the plurality of preset time points so as to obtain full-time network flow correlation characteristics; and
The network behavior determining module is used for determining whether the network behavior is normal or not based on the full-time network traffic correlation characteristics;
wherein, the collaborative association analysis module comprises:
the vector arrangement unit is used for arranging the network flow values of the plurality of preset time points according to the time dimension to obtain a network flow time sequence input vector;
the vector segmentation unit is used for carrying out vector segmentation on the network traffic time sequence input vector so as to obtain a plurality of network traffic local time sequence input vectors;
the time sequence feature extraction unit is used for respectively carrying out feature extraction on the plurality of network traffic local time sequence input vectors through a time sequence feature extractor based on a deep neural network model so as to obtain a plurality of network traffic local time sequence feature vectors; and
the time sequence association coding unit is used for performing time sequence association coding on the plurality of network traffic local time sequence feature vectors to obtain a full-time sequence context network traffic feature vector as the full-time sequence network traffic association feature;
wherein, the network behavior determining module is used for:
performing feature distribution optimization on the full-time sequence context network flow feature vector to obtain an optimized full-time sequence context network flow feature vector; and
The optimized full-time sequence context network flow characteristic vector is passed through a classifier to obtain a classification result, wherein the classification result is used for indicating whether the network behavior is normal or not;
the feature distribution optimization is performed on the full-time sequence context network flow feature vector to obtain an optimized full-time sequence context network flow feature vector, which comprises the following steps:
cascading the plurality of network traffic local time sequence feature vectors to obtain cascading feature vectors; and
performing Hilbert space heuristic sequence tracking equalization on the cascade feature vector and the full-time sequence context network traffic feature vector to obtain the optimized full-time sequence context network traffic feature vector;
performing hilbert space heuristic sequence tracking equalization on the cascade feature vector and the full-time sequence context network traffic feature vector to obtain the optimized full-time sequence context network traffic feature vector, wherein the method comprises the following steps of:
performing Hilbert space heuristic sequence tracking equalization on the cascade feature vector and the full-time sequence context network flow feature vector by using the following optimization formula to obtain the optimized full-time sequence context network flow feature vector;
Wherein, the optimization formula is:
,
wherein,is the cascade feature vector,/->Is the full time sequence context network traffic feature vector,/for>Is the transpose of the full-time sequence context network traffic feature vector,/for the full-time sequence context network traffic feature vector>Representing feature vector +.>And->Is +.>Representing the cascade feature vector->And said full time sequence context network traffic feature vector +.>Mean value of union set of all eigenvalues of (2), and said cascade eigenvector +.>And said full time sequence context network traffic feature vector +.>Are all row vectors, +.>Representing multiplication by location +.>Representing vector addition, ++>Is the optimized full time sequence context network traffic feature vector,/for>Is the set of eigenvalues for all positions in the concatenated eigenvector, < >>Is the set of eigenvalues for all locations in the full time sequence contextual network traffic eigenvector.
5. The network information security system for a gas pipe network of claim 4, wherein the deep neural network model-based timing feature extractor is a one-dimensional convolutional layer-based timing feature extractor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311070685.2A CN116781430B (en) | 2023-08-24 | 2023-08-24 | Network information security system and method for gas pipe network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311070685.2A CN116781430B (en) | 2023-08-24 | 2023-08-24 | Network information security system and method for gas pipe network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116781430A CN116781430A (en) | 2023-09-19 |
| CN116781430B true CN116781430B (en) | 2023-12-01 |
Family
ID=88012028
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311070685.2A Active CN116781430B (en) | 2023-08-24 | 2023-08-24 | Network information security system and method for gas pipe network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116781430B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116996527B (en) * | 2023-09-25 | 2023-12-12 | 北京中科网芯科技有限公司 | Method for synchronizing data of converging current divider and storage medium |
| CN117254960A (en) * | 2023-09-25 | 2023-12-19 | 深圳市云钜天成信息技术有限公司 | Detection method for detecting API interface verification risk from flow data |
| CN117113262B (en) * | 2023-10-23 | 2024-02-02 | 北京中科网芯科技有限公司 | Network traffic identification method and system |
| CN117155706B (en) * | 2023-10-30 | 2024-02-13 | 北京中科网芯科技有限公司 | Network abnormal behavior detection method and system |
| CN117156442B (en) * | 2023-10-31 | 2024-03-12 | 深圳市中科鼎创科技股份有限公司 | Cloud data security protection method and system based on 5G network |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108270716A (en) * | 2016-12-30 | 2018-07-10 | 绵阳灵先创科技有限公司 | A kind of audit of information security method based on cloud computing |
| WO2021077642A1 (en) * | 2019-10-24 | 2021-04-29 | 中国科学院信息工程研究所 | Network space security threat detection method and system based on heterogeneous graph embedding |
| CN114352947A (en) * | 2021-12-08 | 2022-04-15 | 天翼物联科技有限公司 | Gas pipeline leakage detection method, system and device and storage medium |
| CN115842636A (en) * | 2021-08-20 | 2023-03-24 | 中国科学院计算机网络信息中心 | Network abnormal behavior monitoring method and device based on time sequence characteristics |
| CN116015837A (en) * | 2022-12-22 | 2023-04-25 | 南阳理工学院 | Intrusion detection method and system for computer network information security |
| CN116092701A (en) * | 2023-03-07 | 2023-05-09 | 南京康尔健医疗科技有限公司 | Control system and method based on health data analysis management platform |
| CN116340796A (en) * | 2023-05-22 | 2023-06-27 | 平安科技(深圳)有限公司 | Time sequence data analysis method, device, equipment and storage medium |
| CN116373732A (en) * | 2023-04-06 | 2023-07-04 | 重庆赛力斯新能源汽车设计院有限公司 | Control method and system for vehicle indicator lamp |
| CN116405299A (en) * | 2023-04-14 | 2023-07-07 | 杜菁 | Alarm based on network security |
| CN116625438A (en) * | 2023-07-25 | 2023-08-22 | 克拉玛依市燃气有限责任公司 | Gas pipe network safety on-line monitoring system and method thereof |
-
2023
- 2023-08-24 CN CN202311070685.2A patent/CN116781430B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108270716A (en) * | 2016-12-30 | 2018-07-10 | 绵阳灵先创科技有限公司 | A kind of audit of information security method based on cloud computing |
| WO2021077642A1 (en) * | 2019-10-24 | 2021-04-29 | 中国科学院信息工程研究所 | Network space security threat detection method and system based on heterogeneous graph embedding |
| CN115842636A (en) * | 2021-08-20 | 2023-03-24 | 中国科学院计算机网络信息中心 | Network abnormal behavior monitoring method and device based on time sequence characteristics |
| CN114352947A (en) * | 2021-12-08 | 2022-04-15 | 天翼物联科技有限公司 | Gas pipeline leakage detection method, system and device and storage medium |
| CN116015837A (en) * | 2022-12-22 | 2023-04-25 | 南阳理工学院 | Intrusion detection method and system for computer network information security |
| CN116092701A (en) * | 2023-03-07 | 2023-05-09 | 南京康尔健医疗科技有限公司 | Control system and method based on health data analysis management platform |
| CN116373732A (en) * | 2023-04-06 | 2023-07-04 | 重庆赛力斯新能源汽车设计院有限公司 | Control method and system for vehicle indicator lamp |
| CN116405299A (en) * | 2023-04-14 | 2023-07-07 | 杜菁 | Alarm based on network security |
| CN116340796A (en) * | 2023-05-22 | 2023-06-27 | 平安科技(深圳)有限公司 | Time sequence data analysis method, device, equipment and storage medium |
| CN116625438A (en) * | 2023-07-25 | 2023-08-22 | 克拉玛依市燃气有限责任公司 | Gas pipe network safety on-line monitoring system and method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116781430A (en) | 2023-09-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116781430B (en) | Network information security system and method for gas pipe network | |
| CN108566364B (en) | Intrusion detection method based on neural network | |
| Ektefa et al. | Intrusion detection using data mining techniques | |
| EP3786823A1 (en) | An endpoint agent extension of a machine learning cyber defense system for email | |
| Shirazi et al. | Evaluation of anomaly detection techniques for scada communication resilience | |
| AU2020102142A4 (en) | Technique for multilayer protection from quantifiable vulnerabilities in industrial cyber physical system | |
| Yu | A survey of anomaly intrusion detection techniques | |
| Repalle et al. | Intrusion detection system using ai and machine learning algorithm | |
| US9961047B2 (en) | Network security management | |
| KR101692982B1 (en) | Automatic access control system of detecting threat using log analysis and automatic feature learning | |
| US20220224724A1 (en) | Artificial intelligence based analyst as an evaluator | |
| CN115996146A (en) | Numerical control system security situation sensing and analyzing system, method, equipment and terminal | |
| Nadiammai et al. | A comprehensive analysis and study in intrusion detection system using data mining techniques | |
| Kim et al. | Cost-effective valuable data detection based on the reliability of artificial intelligence | |
| Maglaras et al. | Novel intrusion detection mechanism with low overhead for SCADA systems | |
| Zhao et al. | Research of intrusion detection system based on neural networks | |
| Rostamipour et al. | Network attack origin forensics with fuzzy logic | |
| Liu et al. | An entropy-based method for attack detection in large scale network | |
| CN116094817A (en) | Network security detection system and method | |
| Alqurashi et al. | On the performance of isolation forest and multi layer perceptron for anomaly detection in industrial control systems networks | |
| Yu et al. | Mining anomaly communication patterns for industrial control systems | |
| Alomiri et al. | Machine learning-based security mechanism to detect and prevent cyber-attack in IoT networks | |
| Zabri et al. | Analyzing network intrusion behavior of packet capture using association rules technique: an initial framework | |
| Qia et al. | A new attack detection in large scale network based on entropy | |
| CN117544420B (en) | Fusion system safety management method and system based on data analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |