CN118074955A - Subway communication safety detection method and system based on artificial intelligence - Google Patents
Subway communication safety detection method and system based on artificial intelligence Download PDFInfo
- Publication number
- CN118074955A CN118074955A CN202410043130.7A CN202410043130A CN118074955A CN 118074955 A CN118074955 A CN 118074955A CN 202410043130 A CN202410043130 A CN 202410043130A CN 118074955 A CN118074955 A CN 118074955A
- Authority
- CN
- China
- Prior art keywords
- data
- model
- communication
- analysis
- behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006854 communication Effects 0.000 title claims abstract description 139
- 238000004891 communication Methods 0.000 title claims abstract description 138
- 238000001514 detection method Methods 0.000 title claims abstract description 91
- 238000013473 artificial intelligence Methods 0.000 title claims abstract description 35
- 230000006399 behavior Effects 0.000 claims abstract description 99
- 238000004458 analytical method Methods 0.000 claims abstract description 85
- 238000010801 machine learning Methods 0.000 claims abstract description 56
- 230000002159 abnormal effect Effects 0.000 claims abstract description 50
- 238000012549 training Methods 0.000 claims abstract description 47
- 230000003542 behavioural effect Effects 0.000 claims abstract description 25
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 22
- 238000000605 extraction Methods 0.000 claims abstract description 16
- 238000007781 pre-processing Methods 0.000 claims abstract description 14
- 238000013145 classification model Methods 0.000 claims abstract description 8
- 238000013135 deep learning Methods 0.000 claims abstract description 8
- 238000012544 monitoring process Methods 0.000 claims description 42
- 238000000034 method Methods 0.000 claims description 39
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 26
- 230000005856 abnormality Effects 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 12
- 238000004140 cleaning Methods 0.000 claims description 11
- 238000011156 evaluation Methods 0.000 claims description 9
- 230000004044 response Effects 0.000 claims description 9
- 238000007405 data analysis Methods 0.000 claims description 6
- 230000000694 effects Effects 0.000 claims description 6
- 238000005457 optimization Methods 0.000 claims description 6
- 238000012360 testing method Methods 0.000 claims description 6
- 238000001914 filtration Methods 0.000 claims description 5
- 238000012806 monitoring device Methods 0.000 claims description 5
- 230000016571 aggressive behavior Effects 0.000 claims description 4
- 230000007246 mechanism Effects 0.000 claims description 4
- 230000001960 triggered effect Effects 0.000 claims description 4
- 238000013500 data storage Methods 0.000 claims description 3
- 238000012217 deletion Methods 0.000 claims description 3
- 230000037430 deletion Effects 0.000 claims description 3
- 238000005065 mining Methods 0.000 claims description 3
- 238000002360 preparation method Methods 0.000 claims description 3
- 230000009466 transformation Effects 0.000 claims description 3
- 239000013598 vector Substances 0.000 claims description 3
- 230000008901 benefit Effects 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 8
- 230000009471 action Effects 0.000 description 3
- 238000013450 outlier detection Methods 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000009499 grossing Methods 0.000 description 2
- 238000010606 normalization Methods 0.000 description 2
- 238000012706 support-vector machine Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 238000003066 decision tree Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000007637 random forest analysis Methods 0.000 description 1
- 238000001228 spectrum Methods 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an artificial intelligence-based subway communication safety detection method and system, which belong to the technical field of communication detection, and the artificial intelligence-based subway communication safety detection method comprises the following steps: data acquisition, data preprocessing and feature extraction; further comprising modeling: establishing a classification model according to a known normal communication mode and an abnormal communication mode by using a machine learning or deep learning algorithm; model training: training the established model by using the marked data set, so that normal and abnormal communication behaviors can be accurately identified; detection and analysis: inputting communication data acquired in real time into a trained model, classifying and judging each data packet, and judging whether the data packet is abnormal communication behavior or not; the invention has the advantage of detecting novel attacks by at least one of behavioral analysis and detection based on machine learning.
Description
Technical Field
The invention belongs to the technical field of communication detection, and particularly relates to an artificial intelligence-based subway communication safety detection method and system.
Background
Subway systems are an important component of urban infrastructure, and the normal operation of the communication network is critical to the normal operation of the subway system. By means of safety detection, possible loopholes, abnormal behaviors and attacks can be found and repaired in time, and stability and reliability of the subway communication network are protected. Subway communication networks, which are a public place, are easily targeted by hackers and malicious attackers. They may attempt to intrude into the system, steal sensitive information, destroy services, and even destroy the entire subway system. Through safety detection, the threats can be found and dealt with in time, and the safety of the subway system is improved.
The problems of the prior art are: the existing subway communication safety detection method based on artificial intelligence has the problems that the data dependence is strong, and a large amount of reliable data is needed to build a model and analyze. If the data quality is not high or the data quantity is insufficient, the accuracy and reliability of the system may be affected. For common security problems, the data volume is enough, so the security detection is accurate, but for novel security problems, the system may not be able to recognize and prevent unknown threats such as novel malicious attacks, zero-day vulnerabilities and the like in time. Because existing security detection methods are based primarily on existing data and models, there may be limitations to the way attacks are not contacted.
Disclosure of Invention
Aiming at the problems existing in the prior art, the invention provides an artificial intelligence-based subway communication security detection method and system, which have the advantage of detecting novel attacks and solve the problems in the prior art.
The invention is realized in such a way that the subway communication safety detection method based on artificial intelligence comprises the following steps:
And (3) data acquisition: acquiring related data packets and communication information by monitoring a communication network in a subway system;
Data preprocessing: the collected data is subjected to cleaning, denoising and formatting treatment so as to be used for subsequent analysis;
feature extraction: extracting representative features from the preprocessed data;
And (3) establishing a model: establishing a classification model according to a known normal communication mode and an abnormal communication mode by using a machine learning or deep learning algorithm;
model training: training the established model by using the marked data set, so that normal and abnormal communication behaviors can be accurately identified;
Detection and analysis: inputting communication data acquired in real time into a trained model, classifying and judging each data packet, and judging whether the data packet is abnormal communication behavior or not;
Wherein the modeling, model training, and detection and analysis are performed by at least one of behavioral analysis, machine learning based detection.
As a preferred embodiment of the present invention, the method for detecting subway communication security based on artificial intelligence further includes:
Abnormal sample collection: collecting and recording the communication data packet identified as abnormal as feedback data;
Sample marking: marking the collected abnormal samples to indicate the abnormal samples to be abnormal behaviors;
Model updating: using marked abnormal samples, and retraining the model by combining the original training data so as to enable the model to better identify similar abnormal behaviors;
and (3) periodically iterating: the above process is repeated periodically, more abnormal samples are accumulated continuously, and the model is updated and optimized based on the samples to accommodate the newly emerging security problem.
As a preferred embodiment of the present invention, the method for detecting subway communication security based on artificial intelligence further includes:
alarming and protecting: when abnormal communication behavior is detected, an alarm mechanism is triggered, related personnel are timely notified to process, and corresponding safety protection measures are adopted.
Preferably, the method for acquiring the related data packet and the related communication information by monitoring the communication network in the subway system comprises the following steps:
determining a monitoring target: determining a communication network in a subway system to be monitored, wherein the communication network at least comprises one of network equipment, a server and terminal equipment;
deploying a monitoring device: according to the monitoring target, deploying monitoring equipment at a key position of the subway system;
setting monitoring parameters: configuring parameters of monitoring equipment, including a communication protocol to be monitored, port numbers and data packet filtering rules;
Collecting data: starting monitoring equipment to acquire communication network data in the subway system, wherein the monitoring equipment captures a data packet transmitted through a network and records related communication information;
Data storage and analysis: the collected data packets and communication information are stored in a suitable database or log file, and the data is analyzed using data analysis tools and/or network traffic analysis software to extract valuable information and patterns.
As a preferred aspect of the present invention, the data preprocessing includes the steps of:
data cleaning: processing errors, deletions or abnormal values in the data to ensure the quality and accuracy of the data;
Denoising data: noise or irrelevant information in the data is eliminated, so that the quality and usability of the data are improved;
Formatting data: the data is converted into a format suitable for subsequent analysis for statistical, machine learning, or other analysis tasks.
Preferably, the behavior analysis comprises the following steps:
Establishing a baseline behavior model: constructing a baseline normal behavior model based on historical data, expert knowledge, or training data sets to compare subsequent behavior thereto;
behavioral analysis and detection: performing behavior analysis and detection on the real-time data by using a machine learning or rule engine;
Abnormality alert and response: according to the result of behavior analysis, an alarm is sent out in time when abnormal behaviors are found, and corresponding response measures are taken, including informing related personnel, preventing or limiting access and recording logs, so that potential safety risks and losses are reduced;
The behavior analysis and detection method specifically comprises the following steps:
And (3) data acquisition: collecting behavior data of a system or a user, including log records, network traffic and operation records;
feature extraction: extracting meaningful features from the acquired data, including at least time intervals, frequencies, and operation sequences;
Model training: training a machine learning model or defining a rule engine to distinguish normal behavior from abnormal behavior using the established baseline behavior model and the marked sample data;
behavioral analysis: and inputting the real-time data into a trained model or rule engine for behavior analysis, and identifying abnormal behaviors which are obviously different from the baseline behavior model.
As a preferred aspect of the present invention, the machine learning based detection comprises the steps of:
Data preparation: a data set is prepared for training and testing, including samples of normal behavior and known aggression.
Characteristic engineering: before machine learning, performing feature engineering, converting original data into feature vectors which can be used by a machine learning algorithm, and extracting meaningful features capable of distinguishing normal behaviors and attack behaviors through the processes of feature selection, feature extraction and feature transformation;
Model selection and training: selecting a proper machine learning algorithm and a model framework according to specific problems and data characteristics, training a selected model by using a marked data set, and adjusting model parameters to obtain better performance;
Model evaluation and optimization: the trained model is evaluated by using an independent test data set, evaluation indexes comprise accuracy, recall and precision, and model tuning and parameter optimization are carried out according to an evaluation result so as to improve detection performance and robustness;
Abnormality detection: the trained model is used for carrying out anomaly detection on the new sample, unknown attack behaviors can be identified as anomalies, and accordingly an alarm is sent out or corresponding measures are taken to deal with the security threat.
As a preferable method for detecting subway communication safety based on artificial intelligence, the method further comprises the following steps:
collecting and analyzing known security problems: the method comprises the steps of carrying out deep analysis on the security problems to obtain the behavior mode, attack means and targets of an attacker, wherein the attack events, the known vulnerabilities and the malicious software in the past;
Establishing a threat information database: according to the known security problem, a threat information database is established, relevant attack characteristics, attack modes and attack targets are recorded, and the database is used as a basis for predicting unknown attacks.
Mining potential attack patterns: attempting to mine potential attack patterns through analysis of a known security problem and threat intelligence database;
monitoring the network and system: collecting log data and network traffic data by monitoring network and system activity in real time, which data can be used for subsequent behavioral analysis and anomaly detection;
Behavioral analysis and machine learning: analyzing the collected data by using a behavior analysis and machine learning method, and identifying a behavior similar to a known attack mode;
abnormality detection and alarm: based on the results of behavior analysis and machine learning, abnormality detection is carried out, an alarm is sent out timely, when a system or a network presents behaviors which are inconsistent with the known attack modes, unknown attacks are predicted to exist, and corresponding response measures are adopted.
The subway communication safety detection system based on artificial intelligence comprises a central processing module, wherein the central processing module is in signal connection with a data acquisition module, a data preprocessing module, a feature extraction module, a model building module, a model training module and a detection and analysis module;
and a data acquisition module: acquiring related data packets and communication information by monitoring a communication network in a subway system;
And a data preprocessing module: the collected data is subjected to cleaning, denoising and formatting treatment so as to be used for subsequent analysis;
And the feature extraction module is used for: extracting representative features from the preprocessed data;
And (3) establishing a model module: establishing a classification model according to a known normal communication mode and an abnormal communication mode by using a machine learning or deep learning algorithm;
model training module: training the established model by using the marked data set, so that normal and abnormal communication behaviors can be accurately identified;
and a detection and analysis module: inputting communication data acquired in real time into a trained model, classifying and judging each data packet, and judging whether the data packet is abnormal communication behavior or not;
Wherein the modeling, model training, and detection and analysis are performed by at least one of behavioral analysis, machine learning based detection.
Compared with the prior art, the invention has the following beneficial effects:
In the invention, the detection based on machine learning utilizes a machine learning algorithm, the features and modes of the novel safety problem are learned through a training model, and unknown attack behaviors can be identified by using an unsupervised learning method such as clustering, outlier detection and the like. Behavior analysis identifies abnormal behavior that is significantly different from normal behavior by monitoring and analyzing the behavior patterns of the system or user. This requires the creation of an appropriate baseline behavioral model and the use of machine learning or rules engines for behavioral analysis and detection. This approach does not rely on existing attack samples, but rather detects potential security problems by monitoring abnormal behavior in the system or network.
Drawings
FIG. 1 is a block diagram I of a subway communication security detection method based on artificial intelligence according to an embodiment of the present invention;
FIG. 2 is a second flow chart of an artificial intelligence based subway communication security detection method according to an embodiment of the present invention;
FIG. 3 is a flow chart diagram III of an artificial intelligence based subway communication security detection method provided by an embodiment of the invention;
FIG. 4 is a block flow diagram of data acquisition provided by an embodiment of the present invention;
FIG. 5 is a block flow diagram of data preprocessing provided by an embodiment of the present invention;
FIG. 6 is a block flow diagram of behavior analysis provided by an embodiment of the present invention;
FIG. 7 is a block flow diagram of machine learning based detection provided by an embodiment of the present invention;
FIG. 8 is a flow chart diagram IV of an artificial intelligence based subway communication security detection method provided by an embodiment of the invention;
Fig. 9 is a system block diagram of an artificial intelligence based subway communication security detection system according to an embodiment of the present invention.
Detailed Description
For a further understanding of the invention, its features and advantages, reference is now made to the following examples, which are illustrated in the accompanying drawings.
The structure of the present invention will be described in detail with reference to the accompanying drawings.
Referring to fig. 1, the subway communication security detection method based on artificial intelligence provided by the embodiment of the invention comprises the following steps:
Step S1, data acquisition: acquiring related data packets and communication information by monitoring a communication network in a subway system;
Step S2, data preprocessing: the collected data is subjected to cleaning, denoising and formatting treatment so as to be used for subsequent analysis;
Step S3, feature extraction: representative features such as packet size, frequency, latency, etc. are extracted from the preprocessed data.
Step S4, establishing a model: establishing a classification model according to a known normal communication mode and an abnormal communication mode by using a machine learning or deep learning algorithm;
step S5, model training: training the established model by using the marked data set, so that normal and abnormal communication behaviors can be accurately identified;
Step S6, detection and analysis: inputting communication data acquired in real time into a trained model, classifying and judging each data packet, and judging whether the data packet is abnormal communication behavior or not;
Wherein the modeling, model training, and detection and analysis are performed by at least one of behavioral analysis, machine learning based detection.
The subway communication safety detection method based on artificial intelligence comprises the following steps of:
First, related data packets and communication information need to be acquired by monitoring a communication network in a subway system. The associated data packets and communications include:
1. Packet size: the size information of each data packet indicates the amount of data transmitted.
2. Packet frequency: the frequency with which data packets are transmitted in a communication network, i.e. the number of data packets transmitted or received per second.
3. Delay of data packet: the time delay that the data packet passes from the transmitting end to the receiving end.
4. Source IP address and destination IP address: source IP address and destination IP address of the packet during communication.
5. Source and destination ports: a source port and a destination port of a data packet in a communication process. The ports are used to identify specific applications or services.
6. Protocol type: the protocol type used for the data packet, such as TCP, UDP, etc.
7. Communication traffic pattern: packet traffic patterns in a communication network, i.e. communication patterns between different sources and targets.
8. Abnormal behavior: if there is an anomaly or abnormal behavior, such as a large number of repeated packets, an abnormal packet size, frequency or delay, etc.
These data packets and communications may be obtained through a network packet grasping tool, a network monitoring device, or a log recorder, etc. The data may be collected for subsequent analysis and security assessment to detect abnormal behavior, optimize network performance, or troubleshoot.
The collected data is then pre-processed, including cleaning, denoising, and formatting, for subsequent analysis.
Next, representative features such as packet size, frequency, delay, etc. are extracted from the preprocessed data. Then, a classification model is built based on the known normal communication mode and abnormal communication mode using machine learning or deep learning algorithms. The built model is trained using the marked data set so that it can accurately identify normal and abnormal communication behavior.
In practical application, the communication data acquired in real time are input into a trained model, and each data packet is classified and judged to judge whether the data packet is abnormal communication behavior or not. When abnormal communication behavior is detected, an alarm mechanism is triggered, related personnel are timely notified to process, and corresponding safety protection measures are adopted. By the method, the safety and reliability of subway communication can be effectively improved.
It should be noted that, based on machine learning, the machine learning algorithm is utilized to learn the features and modes of the novel security problem through training a model, and an unsupervised learning method, such as clustering, outlier detection, etc., can be used to identify unknown attack behaviors.
Behavior analysis identifies abnormal behavior that is significantly different from normal behavior by monitoring and analyzing the behavior patterns of the system or user. This requires the creation of an appropriate baseline behavioral model and the use of machine learning or rules engines for behavioral analysis and detection. This approach does not rely on existing attack samples, but rather detects potential security problems by monitoring abnormal behavior in the system or network.
Referring to fig. 2, the subway communication security detection method based on artificial intelligence further includes:
Step S7, collecting abnormal samples: collecting and recording the communication data packet identified as abnormal as feedback data;
Step S8, sample marking: marking the collected abnormal samples to indicate the abnormal samples to be abnormal behaviors;
step S9, updating a model: using marked abnormal samples, and retraining the model by combining the original training data so as to enable the model to better identify similar abnormal behaviors;
and (3) periodically iterating: the above process is repeated periodically, more abnormal samples are accumulated continuously, and the model is updated and optimized based on the samples to accommodate the newly emerging security problem.
The detected abnormal behavior is fed back to the model for updating, and the model can learn from actual conditions and improve the detection capability of the model so as to improve the safety of subway communication.
Referring to fig. 3, the subway communication safety detection method based on artificial intelligence further includes:
step S10, alarming and protecting: when abnormal communication behavior is detected, an alarm mechanism is triggered, related personnel are timely notified to process, and corresponding safety protection measures are adopted.
Referring to fig. 4, in step S1, the acquiring related data packets and communication information by monitoring the communication network in the subway system includes the following steps:
step S11, determining a monitoring target: determining a communication network in a subway system to be monitored, wherein the communication network at least comprises one of network equipment, a server and terminal equipment;
step S12, deploying a monitoring device: according to the monitoring target, monitoring equipment such as a data packet sniffer, a network traffic monitor or a security gateway is deployed at a key position of the subway system. These devices may be used to capture and record data packets and communications information in a communications network.
Step S13, setting monitoring parameters: parameters of the monitoring device are configured, including communication protocol to be monitored, port numbers and data packet filtering rules. This ensures that only data packets associated with the targeted communication are captured, reducing the amount of unnecessary data and noise.
Step S14, collecting data: and starting the monitoring equipment to acquire communication network data in the subway system, wherein the monitoring equipment captures data packets transmitted through the network and records related communication information such as a source IP address, a target IP address, a communication protocol, a time stamp and the like.
Step S15, data storage and analysis: the collected data packets and communication information are stored in a suitable database or log file, and the data is analyzed using data analysis tools and/or network traffic analysis software to extract valuable information and patterns.
Referring to fig. 5, in step S2, data preprocessing includes the steps of:
Step S21, data cleaning: processing errors, deletions or abnormal values in the data to ensure the quality and accuracy of the data;
Step S22, data denoising: noise or irrelevant information in the data is eliminated, so that the quality and usability of the data are improved;
step S23, data formatting: the data is converted into a format suitable for subsequent analysis for statistical, machine learning, or other analysis tasks.
The specific cleaning method comprises the following steps:
Duplicate data is removed: duplicate records in the data are detected and deleted, avoiding duplicate calculations and analysis.
Processing the missing values: missing values in the data are identified and processed, and the missing values may be filled in by deleting the missing values, interpolating the estimates, or using other suitable methods.
Processing outliers: the outliers in the data are identified and processed, and may be determined and processed by statistical methods, outlier detection algorithms, etc., such as deleting, replacing, or correcting outliers.
The specific denoising method comprises the following steps:
smoothing the data: smoothing techniques (e.g., moving average, weighted average) are used to smooth the time series data, reducing the effects of noise.
And (3) filtering: a digital filter (e.g., low pass filter, median filter) is applied to remove high or low frequency noise.
Fourier transform: the data is converted to the frequency domain and denoised by filtering out noise components in the spectrum.
The specific formatting method comprises the following steps:
Data type conversion: according to the meaning and analysis requirement of the data, the data is converted into corresponding data types such as a numerical type, a category type, a date and time type and the like.
Normalization/normalization: and scaling the data according to a certain standard or range to eliminate the influence caused by different scales or units and ensure the data comparability and the stability of the model.
Feature coding: the category type data is encoded and converted into numerical type data to facilitate processing by the machine learning algorithm.
Referring to fig. 6, the behavior analysis includes the steps of:
Establishing a baseline behavior model: constructing a baseline normal behavior model based on historical data, expert knowledge, or training data sets to compare subsequent behavior thereto; the baseline behavior model is established by taking into account the variations and differences in the normal behavior to ensure accuracy and adaptability of the model.
Behavioral analysis and detection: performing behavior analysis and detection on the real-time data by using a machine learning or rule engine;
Abnormality alert and response: according to the result of behavior analysis, an alarm is sent out in time when abnormal behaviors are found, and corresponding response measures are taken, including informing related personnel, preventing or limiting access and recording logs, so that potential safety risks and losses are reduced;
The behavior analysis and detection method specifically comprises the following steps:
And (3) data acquisition: collecting behavior data of a system or a user, including log records, network traffic and operation records;
feature extraction: extracting meaningful features from the acquired data, including at least time intervals, frequencies, and operation sequences;
Model training: training a machine learning model or defining a rule engine to distinguish normal behavior from abnormal behavior using the established baseline behavior model and the marked sample data;
Behavioral analysis: inputting the real-time data into a trained model or rule engine for behavior analysis, and identifying abnormal behaviors which are obviously different from a baseline behavior model;
behavior analysis is the identification of abnormal behavior that is significantly different from normal behavior by monitoring and analyzing the behavior patterns of the system or user. Through the steps, the behavior of the system or the user can be monitored and detected in real time, and abnormal behaviors which are obviously different from normal behaviors can be found in time, so that the safety and the capability of coping with potential threats are improved. The behavior analysis method is adjusted and optimized according to specific scenes and requirements so as to improve accuracy and effect.
Referring to fig. 7, the machine learning based detection includes the steps of:
Data preparation: a data set is prepared for training and testing, including samples of normal behavior and known aggression.
Characteristic engineering: before machine learning, performing feature engineering, converting original data into feature vectors which can be used by a machine learning algorithm, and extracting meaningful features capable of distinguishing normal behaviors and attack behaviors through the processes of feature selection, feature extraction and feature transformation;
model selection and training: and selecting a proper machine learning algorithm and model architecture according to specific problems and data characteristics. Common algorithms include Support Vector Machines (SVMs), decision trees, random forests, neural networks, and the like. Training the selected model by using the marked data set, and adjusting model parameters to obtain better performance;
Model evaluation and optimization: and evaluating the trained model by using an independent test data set, wherein evaluation indexes comprise accuracy, recall rate and precision rate, and performing model tuning and parameter optimization according to an evaluation result so as to improve detection performance and robustness.
Abnormality detection: the trained model is used for carrying out anomaly detection on the new sample, unknown attack behaviors can be identified as anomalies, and accordingly an alarm is sent out or corresponding measures are taken to deal with the security threat.
Machine learning based detection utilizes machine learning algorithms to learn the features and patterns of new safety issues by training models. It should be noted that in practical applications, with the continuous occurrence of new attacks, models need to be updated and iterated continuously to adapt to new security detection requirements.
Referring to fig. 8, the subway communication safety detection method based on artificial intelligence further comprises the following steps:
collecting and analyzing known security problems: the method comprises the steps of carrying out deep analysis on the security problems to obtain the behavior mode, attack means and targets of an attacker, wherein the attack events, the known vulnerabilities and the malicious software in the past;
Establishing a threat information database: according to the known security problem, a threat information database is established, relevant attack characteristics, attack modes and attack targets are recorded, and the database is used as a basis for predicting unknown attacks.
Mining potential attack patterns: by analyzing the known security problem and threat intelligence database, an attempt is made to mine potential attack patterns. For example, intrusion paths common to some type of attack, tools or techniques common to an attacker, etc. may be found.
Monitoring the network and system: collecting log data and network traffic data by monitoring network and system activity in real time, which data can be used for subsequent behavioral analysis and anomaly detection;
Behavioral analysis and machine learning: the collected data is analyzed by using a behavior analysis and machine learning method to identify a behavior similar to a known attack pattern. The model may be trained using machine learning algorithms to automatically identify unknown aggression.
Abnormality detection and alarm: based on the results of behavior analysis and machine learning, abnormality detection is carried out, an alarm is sent out timely, when a system or a network presents behaviors which are inconsistent with the known attack modes, unknown attacks are predicted to exist, and corresponding response measures are adopted.
With this arrangement, unknown attacks can be predicted from known security issues, which can help discover and address potential threats in advance. It should be noted that through this setup, it is necessary to continuously update the threat intelligence database, continuously optimize the behavioral analysis algorithm, and enhance real-time monitoring to improve the accuracy and effect of predicting unknown attacks.
Referring to fig. 9, the subway communication safety detection system based on artificial intelligence comprises a central processing module, wherein the central processing module is in signal connection with a data acquisition module, a data preprocessing module, a feature extraction module, a model building module, a model training module and a detection and analysis module;
and a data acquisition module: acquiring related data packets and communication information by monitoring a communication network in a subway system;
And a data preprocessing module: the collected data is subjected to cleaning, denoising and formatting treatment so as to be used for subsequent analysis;
And the feature extraction module is used for: extracting representative features from the preprocessed data;
And (3) establishing a model module: establishing a classification model according to a known normal communication mode and an abnormal communication mode by using a machine learning or deep learning algorithm;
model training module: training the established model by using the marked data set, so that normal and abnormal communication behaviors can be accurately identified;
and a detection and analysis module: inputting communication data acquired in real time into a trained model, classifying and judging each data packet, and judging whether the data packet is abnormal communication behavior or not;
Wherein the modeling, model training, and detection and analysis are performed by at least one of behavioral analysis, machine learning based detection.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (9)
1. The subway communication safety detection method based on artificial intelligence is characterized by comprising the following steps of:
And (3) data acquisition: acquiring related data packets and communication information by monitoring a communication network in a subway system;
Data preprocessing: the collected data is subjected to cleaning, denoising and formatting treatment so as to be used for subsequent analysis;
feature extraction: extracting representative features from the preprocessed data;
And (3) establishing a model: establishing a classification model according to a known normal communication mode and an abnormal communication mode by using a machine learning or deep learning algorithm;
model training: training the established model by using the marked data set, so that normal and abnormal communication behaviors can be accurately identified;
Detection and analysis: inputting communication data acquired in real time into a trained model, classifying and judging each data packet, and judging whether the data packet is abnormal communication behavior or not;
Wherein the modeling, model training, and detection and analysis are performed by at least one of behavioral analysis, machine learning based detection.
2. The method for detecting subway communication safety based on artificial intelligence according to claim 1, wherein: the subway communication safety detection method based on artificial intelligence further comprises the following steps:
Abnormal sample collection: collecting and recording the communication data packet identified as abnormal as feedback data;
Sample marking: marking the collected abnormal samples to indicate the abnormal samples to be abnormal behaviors;
Model updating: using marked abnormal samples, and retraining the model by combining the original training data so as to enable the model to better identify similar abnormal behaviors;
and (3) periodically iterating: the above process is repeated periodically, more abnormal samples are accumulated continuously, and the model is updated and optimized based on the samples to accommodate the newly emerging security problem.
3. The method for detecting subway communication safety based on artificial intelligence according to claim 1, wherein:
the subway communication safety detection method based on artificial intelligence further comprises the following steps:
alarming and protecting: when abnormal communication behavior is detected, an alarm mechanism is triggered, related personnel are timely notified to process, and corresponding safety protection measures are adopted.
4. The method for detecting subway communication safety based on artificial intelligence according to claim 1, wherein:
the method for acquiring the related data packets and communication information by monitoring the communication network in the subway system comprises the following steps:
determining a monitoring target: determining a communication network in a subway system to be monitored, wherein the communication network at least comprises one of network equipment, a server and terminal equipment;
deploying a monitoring device: according to the monitoring target, deploying monitoring equipment at a key position of the subway system;
setting monitoring parameters: configuring parameters of monitoring equipment, including a communication protocol to be monitored, port numbers and data packet filtering rules;
Collecting data: starting monitoring equipment to acquire communication network data in the subway system, wherein the monitoring equipment captures a data packet transmitted through a network and records related communication information;
Data storage and analysis: the collected data packets and communication information are stored in a suitable database or log file, and the data is analyzed using data analysis tools and/or network traffic analysis software to extract valuable information and patterns.
5. The method for detecting subway communication safety based on artificial intelligence according to claim 1, wherein:
the data preprocessing comprises the following steps:
data cleaning: processing errors, deletions or abnormal values in the data to ensure the quality and accuracy of the data;
Denoising data: noise or irrelevant information in the data is eliminated, so that the quality and usability of the data are improved;
Formatting data: the data is converted into a format suitable for subsequent analysis for statistical, machine learning, or other analysis tasks.
6. The method for detecting subway communication safety based on artificial intelligence according to claim 1, wherein:
the behavioral analysis includes the steps of:
Establishing a baseline behavior model: constructing a baseline normal behavior model based on historical data, expert knowledge, or training data sets to compare subsequent behavior thereto;
behavioral analysis and detection: performing behavior analysis and detection on the real-time data by using a machine learning or rule engine;
Abnormality alert and response: according to the result of behavior analysis, an alarm is sent out in time when abnormal behaviors are found, and corresponding response measures are taken, including informing related personnel, preventing or limiting access and recording logs, so that potential safety risks and losses are reduced;
The behavior analysis and detection method specifically comprises the following steps:
And (3) data acquisition: collecting behavior data of a system or a user, including log records, network traffic and operation records;
feature extraction: extracting meaningful features from the acquired data, including at least time intervals, frequencies, and operation sequences;
Model training: training a machine learning model or defining a rule engine to distinguish normal behavior from abnormal behavior using the established baseline behavior model and the marked sample data;
behavioral analysis: and inputting the real-time data into a trained model or rule engine for behavior analysis, and identifying abnormal behaviors which are obviously different from the baseline behavior model.
7. The method for detecting subway communication safety based on artificial intelligence according to claim 1, wherein:
The machine learning based detection includes the steps of:
Data preparation: preparing a dataset for training and testing, comprising samples of normal behavior and known aggression;
Characteristic engineering: before machine learning, performing feature engineering, converting original data into feature vectors which can be used by a machine learning algorithm, and extracting meaningful features capable of distinguishing normal behaviors and attack behaviors through the processes of feature selection, feature extraction and feature transformation;
Model selection and training: selecting a proper machine learning algorithm and a model framework according to specific problems and data characteristics, training a selected model by using a marked data set, and adjusting model parameters to obtain better performance;
Model evaluation and optimization: the trained model is evaluated by using an independent test data set, evaluation indexes comprise accuracy, recall and precision, and model tuning and parameter optimization are carried out according to an evaluation result so as to improve detection performance and robustness;
Abnormality detection: the trained model is used for carrying out anomaly detection on the new sample, unknown attack behaviors can be identified as anomalies, and accordingly an alarm is sent out or corresponding measures are taken to deal with the security threat.
8. The method for detecting subway communication safety based on artificial intelligence according to claim 1, wherein:
the subway communication safety detection method based on artificial intelligence further comprises the following steps:
collecting and analyzing known security problems: the method comprises the steps of carrying out deep analysis on the security problems to obtain the behavior mode, attack means and targets of an attacker, wherein the attack events, the known vulnerabilities and the malicious software in the past;
Establishing a threat information database: according to the known security problem, a threat information database is established, relevant attack characteristics, attack modes and attack targets are recorded, and the database is used as a basis for predicting unknown attacks;
mining potential attack patterns: attempting to mine potential attack patterns through analysis of a known security problem and threat intelligence database;
monitoring the network and system: collecting log data and network traffic data by monitoring network and system activity in real time, which data can be used for subsequent behavioral analysis and anomaly detection;
Behavioral analysis and machine learning: analyzing the collected data by using a behavior analysis and machine learning method, and identifying a behavior similar to a known attack mode;
abnormality detection and alarm: based on the results of behavior analysis and machine learning, abnormality detection is carried out, an alarm is sent out timely, when a system or a network presents behaviors which are inconsistent with the known attack modes, unknown attacks are predicted to exist, and corresponding response measures are adopted.
9. The subway communication safety detection system based on artificial intelligence comprises a central processing module and is characterized in that the central processing module is in signal connection with a data acquisition module, a data preprocessing module, a characteristic extraction module, a model building module, a model training module and a detection and analysis module;
and a data acquisition module: acquiring related data packets and communication information by monitoring a communication network in a subway system;
And a data preprocessing module: the collected data is subjected to cleaning, denoising and formatting treatment so as to be used for subsequent analysis;
And the feature extraction module is used for: extracting representative features from the preprocessed data;
And (3) establishing a model module: establishing a classification model according to a known normal communication mode and an abnormal communication mode by using a machine learning or deep learning algorithm;
model training module: training the established model by using the marked data set, so that normal and abnormal communication behaviors can be accurately identified;
and a detection and analysis module: inputting communication data acquired in real time into a trained model, classifying and judging each data packet, and judging whether the data packet is abnormal communication behavior or not;
Wherein the modeling, model training, and detection and analysis are performed by at least one of behavioral analysis, machine learning based detection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410043130.7A CN118074955A (en) | 2024-01-11 | 2024-01-11 | Subway communication safety detection method and system based on artificial intelligence |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410043130.7A CN118074955A (en) | 2024-01-11 | 2024-01-11 | Subway communication safety detection method and system based on artificial intelligence |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118074955A true CN118074955A (en) | 2024-05-24 |
Family
ID=91105008
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410043130.7A Pending CN118074955A (en) | 2024-01-11 | 2024-01-11 | Subway communication safety detection method and system based on artificial intelligence |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118074955A (en) |
-
2024
- 2024-01-11 CN CN202410043130.7A patent/CN118074955A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107528832B (en) | Baseline construction and unknown abnormal behavior detection method for system logs | |
| US8418247B2 (en) | Intrusion detection method and system | |
| CN107360118B (en) | Advanced persistent threat attack protection method and device | |
| CN105471882A (en) | Behavior characteristics-based network attack detection method and device | |
| KR20080066653A (en) | Method and apparatus for whole-network anomaly diagnosis and methods to detect and classify network anomalies using traffic feature distributions | |
| CN116781430B (en) | Network information security system and method for gas pipe network | |
| CN110460611B (en) | Machine learning-based full-flow attack detection technology | |
| CN114143037B (en) | Malicious encrypted channel detection method based on process behavior analysis | |
| EP2747365A1 (en) | Network security management | |
| CN112261033A (en) | Network security protection method based on enterprise intranet | |
| CN113242227A (en) | Network security situation perception method | |
| CN115396204A (en) | Industrial control network flow abnormity detection method and device based on sequence prediction | |
| US10805326B1 (en) | Systems and methods for threat visualization with signature composure, spatial scale and temporal expansion | |
| JP2004312083A (en) | Learning data generating apparatus, intrusion detection system, and its program | |
| CN117574361A (en) | Computer security management system and method based on artificial intelligence | |
| CN112291213A (en) | Abnormal flow analysis method and device based on intelligent terminal | |
| CN116614313A (en) | Network intrusion protection system and method based on data identification | |
| CN116614258A (en) | Network danger prediction model of security situation awareness system | |
| CN112261034A (en) | Network security protection system based on enterprise intranet | |
| CN118074955A (en) | Subway communication safety detection method and system based on artificial intelligence | |
| CN110958251A (en) | Method and device for detecting and backtracking lost host based on real-time stream processing | |
| CN110737890A (en) | internal threat detection system and method based on heterogeneous time sequence event embedding learning | |
| Liu et al. | An entropy-based method for attack detection in large scale network | |
| CN114006719B (en) | AI verification method, device and system based on situation awareness | |
| CN117834311B (en) | Malicious behavior identification system for network security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |