CN118199941A - Network visualization method - Google Patents
Network visualization method Download PDFInfo
- Publication number
- CN118199941A CN118199941A CN202410241700.3A CN202410241700A CN118199941A CN 118199941 A CN118199941 A CN 118199941A CN 202410241700 A CN202410241700 A CN 202410241700A CN 118199941 A CN118199941 A CN 118199941A
- Authority
- CN
- China
- Prior art keywords
- network traffic
- sequence
- network
- time sequence
- local time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007794 visualization technique Methods 0.000 title claims abstract description 34
- 239000013598 vector Substances 0.000 claims abstract description 104
- 238000000605 extraction Methods 0.000 claims abstract description 36
- 230000002159 abnormal effect Effects 0.000 claims abstract description 25
- 238000012544 monitoring process Methods 0.000 claims description 28
- 238000013527 convolutional neural network Methods 0.000 claims description 24
- 238000010586 diagram Methods 0.000 claims description 21
- 238000000034 method Methods 0.000 claims description 19
- 238000009826 distribution Methods 0.000 claims description 17
- 238000012800 visualization Methods 0.000 claims description 14
- 230000006870 function Effects 0.000 claims description 13
- 238000013135 deep learning Methods 0.000 claims description 12
- 238000007781 pre-processing Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 238000012937 correction Methods 0.000 claims description 7
- 230000005856 abnormality Effects 0.000 claims description 6
- 230000011218 segmentation Effects 0.000 claims description 6
- 238000001514 detection method Methods 0.000 description 12
- 238000003860 storage Methods 0.000 description 11
- 230000000007 visual effect Effects 0.000 description 10
- 239000011159 matrix material Substances 0.000 description 8
- 238000004458 analytical method Methods 0.000 description 7
- 230000008859 change Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 238000011176 pooling Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 4
- 238000013136 deep learning model Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 239000000284 extract Substances 0.000 description 4
- 238000006243 chemical reaction Methods 0.000 description 3
- 239000000306 component Substances 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000007477 logistic regression Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000036961 partial effect Effects 0.000 description 2
- 230000001902 propagating effect Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000002547 anomalous effect Effects 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 238000009499 grossing Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000000306 recurrent effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000002829 reductive effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000003313 weakening effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
- H04L43/045—Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Mining & Analysis (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network visualization method, and belongs to the technical field of network security. Firstly, acquiring a time sequence of network flow values acquired by a network flow monitor, then, extracting flow local time sequence characteristics of the time sequence of the network flow values to obtain a sequence of network flow local time sequence characteristic vectors, then, inputting the sequence of the network flow local time sequence characteristic vectors into an essential characteristic extraction network to obtain a network flow time sequence essential semantic characteristic vector, then, determining whether the network flow is abnormal or not based on the network flow time sequence essential semantic characteristic vector, and finally, visually displaying whether the network flow is abnormal or not. In this way, the security and stability of the network can be ensured.
Description
Technical Field
The present application relates to the field of network security, and more particularly, to a network visualization method.
Background
With the popularization of networks and the rise of informatization levels, network security issues are becoming increasingly important. Network traffic is an important indicator of network operation, reflecting the usage and performance of the network. Network traffic anomaly problems refer to the phenomenon that network traffic suddenly increases or decreases, which may lead to network congestion, service interruption, or security threat. In particular, network traffic anomalies may suggest problems with unauthorized access, malicious attacks, or system failures.
In order to discover and handle the problem of network traffic anomalies in time, effective monitoring, analysis and visual display of network traffic are required. However, because the network traffic has the characteristics of high dimension, nonlinearity, dynamic change and the like, the traditional statistical-based method is difficult to effectively extract the time sequence mode characteristics of the network traffic, thereby influencing the accuracy and the efficiency of anomaly detection. Thus, an optimized solution is desired.
Disclosure of Invention
In view of this, the present application provides a network visualization method, which can utilize a visualization method and an image processing technology based on deep learning to perform image conversion and analysis on network traffic data, so as to extract the flow essential semantic feature distribution in the network traffic data, and based on this, implement intelligent anomaly detection and visual display.
According to an aspect of the present application, there is provided a network visualization method, including:
Acquiring a time sequence of network traffic values acquired by a network traffic monitor;
Extracting the flow local time sequence characteristics of the time sequence of the network flow values to obtain a sequence of network flow local time sequence characteristic vectors;
inputting the sequence of the local time sequence feature vectors of the network traffic into an essential feature extraction network to obtain a time sequence essential semantic feature vector of the network traffic;
Determining whether the network traffic is abnormal or not based on the network traffic time sequence essential semantic feature vector; and
And visually displaying whether the network traffic has abnormality or not.
In the above network visualization method, extracting the local time sequence feature of the time sequence of the network flow value to obtain the sequence of the local time sequence feature vector of the network flow comprises:
performing data preprocessing on the time sequence of the network traffic value to obtain a sequence of local time sequences of the network traffic;
Inputting the local time sequence of each network traffic in the sequence of the local time sequences of network traffic into a network traffic gray scale image converter to obtain a sequence of local time sequence gray scale images of the network traffic;
Performing characteristic distribution correction on the sequence of the network traffic local time sequence gray level diagram to obtain a corrected sequence of the network traffic local time sequence gray level diagram; and
And performing time sequence pattern feature extraction on the corrected sequence of the local time sequence gray level diagram of the network traffic by using a deep learning network model to obtain the sequence of the local time sequence feature vector of the network traffic.
In the above network visualization method, the data preprocessing is performed on the time sequence of the network traffic value to obtain a sequence of local time sequences of the network traffic, including:
and performing sequence segmentation on the time sequence of the network traffic values based on a preset time scale to obtain a sequence of the local time sequence of the network traffic.
In the network visualization method, the deep learning network model is a network traffic time sequence pattern feature extractor based on a convolutional neural network model.
In the above network visualization method, the performing, by using a deep learning network model, a time sequence pattern feature extraction on the corrected sequence of the local time sequence gray scale map of the network traffic to obtain a sequence of local time sequence feature vectors of the network traffic, includes:
and passing the corrected sequence of the local time sequence gray scale map of the network flow through the characteristic extractor of the time sequence pattern of the network flow based on the convolutional neural network model to obtain the sequence of the local time sequence characteristic vector of the network flow.
In the above network visualization method, inputting the sequence of the local time sequence feature vectors of the network traffic into an essential feature extraction network to obtain the time sequence essential semantic feature vectors of the network traffic, including:
Processing the sequence of the local time sequence feature vectors of the network traffic by using the following essential feature extraction formula to obtain the time sequence essential semantic feature vectors of the network traffic; the essential characteristic extraction formula is as follows:
Wherein, Is the/>, in the sequence of the local time sequence feature vectors of the network trafficLocal time sequence feature vector of individual network traffic,/>Is the/>, in the sequence of the local time sequence feature vectors of the network trafficThe local timing feature vector of each network traffic,Representing the 1-norm of the feature vector,/>For the length of the sequence of network traffic local timing feature vectors-1,/>For the representation of the sequence of local timing feature vectors of the network traffic,/>Representing characteristic difference coefficient,/>Representing natural exponential function operations,/>Representing the total number of characteristic difference coefficients,/>And (5) timing sequence essential semantic feature vectors for the network traffic.
In the above network visualization method, determining whether the network traffic is abnormal based on the network traffic time sequence essential semantic feature vector includes:
And the network traffic time sequence essential semantic feature vector passes through a classifier-based monitor to obtain a monitoring result, wherein the monitoring result is used for indicating whether the network traffic is abnormal or not.
In the above network visualization method, the network traffic time sequence essential semantic feature vector is passed through a classifier-based monitor to obtain a monitoring result, where the monitoring result is used to indicate whether there is an abnormality in the network traffic, and the method includes:
performing full-connection coding on the network traffic time sequence essential semantic feature vector by using a full-connection layer of the classifier-based monitor to obtain a coding classification feature vector; and
Inputting the coding classification feature vector into a Softmax classification function of the classifier-based monitor to obtain the monitoring result.
In the above network visualization method, the visualizing the presence or absence of the abnormality in the network traffic includes:
and displaying the monitoring result and the sequence of the local time sequence gray scale map of the network traffic.
In the application, firstly, a time sequence of network flow values acquired by a network flow monitor is acquired, then, flow local time sequence characteristics of the time sequence of the network flow values are extracted to obtain a sequence of network flow local time sequence characteristic vectors, then, the sequence of the network flow local time sequence characteristic vectors is input into an essential characteristic extraction network to obtain a network flow time sequence essential semantic characteristic vector, then, whether the network flow is abnormal or not is determined based on the network flow time sequence essential semantic characteristic vector, and finally, whether the network flow is abnormal or not is visually displayed. In this way, the security and stability of the network can be ensured.
Other features and aspects of the present application will become apparent from the following detailed description of the application with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features and aspects of the application and together with the description, serve to explain the principles of the application.
Fig. 1 shows a flow chart of a network visualization method according to an embodiment of the application.
Fig. 2 shows an architecture diagram of a network visualization method according to an embodiment of the application.
Fig. 3 shows a flow chart of substep S120 of a network visualization method according to an embodiment of the application.
Fig. 4 shows a block diagram of a network visualization system according to an embodiment of the application.
Fig. 5 shows an application scenario diagram of a network visualization method according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are also within the scope of the application.
As used in the specification and in the claims, the terms "a," "an," "the," and/or "the" are not specific to a singular, but may include a plurality, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that the steps and elements are explicitly identified, and they do not constitute an exclusive list, as other steps or elements may be included in a method or apparatus.
Various exemplary embodiments, features and aspects of the application will be described in detail below with reference to the drawings. In the drawings, like reference numbers indicate identical or functionally similar elements. Although various aspects of the embodiments are illustrated in the accompanying drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
In addition, numerous specific details are set forth in the following description in order to provide a better illustration of the application. It will be understood by those skilled in the art that the present application may be practiced without some of these specific details. In some instances, well known methods, procedures, components, and circuits have not been described in detail so as not to obscure the present application.
Aiming at the technical problems, the technical conception of the application is that the visualization method and the image processing technology based on deep learning are utilized to carry out image conversion and analysis on the network traffic data, thereby extracting the flow essential semantic feature distribution in the network traffic data and realizing intelligent anomaly detection and visual display based on the flow essential semantic feature distribution. Therefore, a network manager can intuitively know the condition of network traffic, is convenient for decision making and management, and ensures the safety and stability of the network.
Based on this, fig. 1 shows a flowchart of a network visualization method according to an embodiment of the present application. Fig. 2 shows an architecture diagram of a network visualization method according to an embodiment of the application. As shown in fig. 1 and 2, the network visualization method according to an embodiment of the present application includes the steps of: s110, acquiring a time sequence of network flow values acquired by a network flow monitor; s120, extracting the flow local time sequence characteristics of the time sequence of the network flow values to obtain a sequence of network flow local time sequence characteristic vectors; s130, inputting the sequence of the local time sequence feature vectors of the network traffic into an essential feature extraction network to obtain a time sequence essential semantic feature vector of the network traffic; s140, determining whether the network traffic is abnormal or not based on the network traffic time sequence essential semantic feature vector; and S150, visually displaying whether the network traffic is abnormal or not.
It should be appreciated that in step S110, raw network traffic data is collected from a network traffic monitor, which is here a tool for collecting and analyzing network traffic data, forming a time series, which may be deployed at different locations in the network, such as on routers, switches or dedicated servers. The network traffic monitor may perform various functions including: capturing each data packet flowing over the network and storing it for further analysis; analyzing network traffic to identify patterns, trends, and anomalies can help network administrators detect security threats, troubleshoot network problems, and optimize network performance. Network traffic monitors come in a variety of types, each with its own unique features and functions. The following are some common types of network traffic monitors: host-based traffic monitor: installed on a single host or server and monitoring network traffic on that host; network-based traffic monitor: deployed in a network and monitoring all traffic on the network; cloud-based traffic monitor: is provided as a cloud service and monitors network traffic connected to the cloud. In step S120, local timing characteristics, such as trends, periodicity, volatility, etc., are extracted from the original network traffic time sequence to form a sequence of network traffic local timing characteristic vectors. In step S130, a network (such as a convolutional neural network or a recurrent neural network) for extracting semantic features of higher level from the local time series features is used to form a network traffic time series intrinsic semantic feature vector. In step S140, based on the extracted essential semantic features, a classifier or anomaly detection algorithm may be used to determine if there is an anomaly in the network traffic. In step S150, the anomaly detection result is visually presented, for example, to highlight the abnormal traffic or to provide a traffic profile, so as to intuitively understand the network traffic anomaly.
Specifically, in the technical scheme of the present application, first, a time sequence of network traffic values acquired by a network traffic monitor is acquired. Wherein the network traffic monitor is a tool or device for monitoring network traffic, and can collect and record network traffic data in real time. Network traffic refers to the amount of data transmitted in a network, typically measured in units of bits/second or packets/second. The time series of network traffic values refers to a sequence in which network traffic values collected at different points in time are arranged in time series. By recording the time-varying condition of the network traffic value, the subsequent model can be helped to know the use condition, performance condition and possible abnormal condition of the network. It should be noted that the time series data helps to reveal the periodicity, trending and bursty changes of the network traffic, providing a basis for further analysis and processing.
And then, performing sequence segmentation on the time sequence of the network traffic values based on a preset time scale to obtain a sequence of local time sequences of the network traffic. Here, the continuous time series data is divided into partial time series with a certain time span by means of a sequence slicing, so as to obtain a sequence of the partial time series of the network traffic. By the method, local characteristics and specific behavior patterns of the network flow data in the short-time serial port can be revealed, and the method is helpful for deeply understanding the dynamic change rule of the network flow.
Then, the local time series of each network traffic in the sequence of local time series of network traffic is input to a network traffic gray scale image converter to obtain a sequence of local time series gray scale images of the network traffic. The local time sequence conversion mapping of each network flow to each local time sequence gray scale map of the network flow can provide an intuitive visual representation mode. Specifically, mapping the time series data to the gray scale image space can convert complex numerical value changes into visual image pixel changes, so that change modes, trends and abnormal conditions in the time series data are converted into characteristics such as textures, shapes and the like in the gray scale image, and dynamic mode characteristics of network traffic are reflected.
In an embodiment of the present application, a process of inputting a local time sequence of network traffic into a network traffic gray scale image converter to obtain a local time sequence gray scale map of network traffic includes: the ethernet header is first deleted and a flag field SYN, ACK, FIN that may be generated during the connection establishment or connection completion process. Because the physical link information in the ethernet header has no specific meaning to the application identification or traffic classification task, at the same time, a flag field SYN, ACK, FIN is generated during connection establishment or connection completion, and is used for hostname resolution, which is generated during connection establishment access and is irrelevant to traffic analysis. Next, since the header sizes of the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) are different, the header length of TCP is generally 20 bytes, and UDP is 8 bytes, and 0 is added to the end of the UDP segment header to make the length of the UDP segment header equal to that of the TCP segment header in order to make the transmission layer segment length uniform. Finally, deleting some other irrelevant contents through flow cleaning, for example, some data packets have no application layer, so that the final result folder is empty; as another example, some fields for domain name resolution, these unrelated contents can be deleted. It should be appreciated that one byte is equal to 8 bits, and that these 8 bits can just be mapped to unsigned values of 0-255. For example, the binary number 10000101 can be converted into a decimal number 133, one byte representing one pixel, the corresponding unsigned integer 0 representing black, and 255 representing white. For example, a 784-byte file may be converted into a 28×28 grayscale image in a one-byte, one-pixel manner.
And then, the sequence of the local time sequence gray level diagram of the network traffic is passed through a characteristic extractor of the time sequence pattern of the network traffic based on a convolutional neural network model to obtain a sequence of local time sequence characteristic vectors of the network traffic. The convolutional neural network model is provided with a plurality of convolutional layers, and can extract hidden modes and change rules in each local gray level graph of network flow, so that time sequence change characteristics of flow data in each local time span are captured.
Accordingly, as shown in fig. 3, in step S120, extracting the traffic local time sequence feature of the time sequence of the network traffic values to obtain a sequence of network traffic local time sequence feature vectors includes: s121, carrying out data preprocessing on the time sequence of the network flow value to obtain a sequence of a local time sequence of the network flow; s122, inputting the local time sequence of each network traffic in the sequence of the local time sequences of the network traffic into a network traffic gray scale image converter to obtain a sequence of local time sequence gray scale images of the network traffic; s123, performing characteristic distribution correction on the sequence of the network traffic local time sequence gray scale map to obtain a corrected sequence of the network traffic local time sequence gray scale map; and S124, performing time sequence pattern feature extraction on the corrected sequence of the local time sequence gray scale map of the network traffic by using a deep learning network model to obtain a sequence of local time sequence feature vectors of the network traffic.
It should be understood that step S121 performs preprocessing, such as smoothing, normalization or sliding window segmentation, on the original network traffic time sequence to extract a local time sequence; step S122 converts each local time series into a gray scale image, wherein the pixel values represent flow values, thereby forming a network flow local time sequence gray scale map; step S123 corrects the difference of the feature distribution in the gray scale map to enhance the robustness of the subsequent feature extraction; step S124 extracts timing pattern features from the corrected gray scale image sequence using a deep learning network (e.g., convolutional neural network), which can capture local dynamic changes in traffic.
In step S121, the data preprocessing is performed on the time sequence of the network traffic value to obtain a sequence of local time sequences of the network traffic, including: and performing sequence segmentation on the time sequence of the network traffic values based on a preset time scale to obtain a sequence of the local time sequence of the network traffic. It should be noted that the sequence slicing is used to split the time sequence into smaller local time sequences when the time sequence of the network flow values is subjected to data preprocessing in step S121. This has several benefits: local time series can better capture local dynamic changes in traffic, such as trends, periodicity, and self-similarity; the data dimension input to the subsequent feature extraction step can be reduced by dividing the time sequence, so that the calculation efficiency is improved; the influence of the local time sequence on noise and abnormal values is small, so that the robustness of feature extraction is enhanced; deep learning models typically require a fixed length of input, while sequence slicing can convert a variable length time series to a fixed length local time series. The predetermined time scale is used to determine the length of the local time series, which should be selected according to the characteristics of the flow data and the expected duration of the type of anomaly to be detected.
In step S124, the deep learning network model is a convolutional neural network model-based network traffic timing pattern feature extractor. Specifically, performing time sequence pattern feature extraction on the corrected sequence of the local time sequence gray scale map of the network traffic by using a deep learning network model to obtain a sequence of local time sequence feature vectors of the network traffic, including: and passing the corrected sequence of the local time sequence gray scale map of the network flow through the characteristic extractor of the time sequence pattern of the network flow based on the convolutional neural network model to obtain the sequence of the local time sequence characteristic vector of the network flow.
It is worth mentioning that Convolutional Neural Networks (CNNs) are a deep learning model that is specifically used to process data with a grid-like structure, such as images and time series. The core component of a convolutional neural network is a convolutional layer that slides over input data using a sliding window called a kernel or filter, which multiplies the input data elements one by one, and then sums the results to produce a feature map. The pooling layer is used to reduce the spatial dimensions of the feature map, and the pooling operation (e.g., maximum pooling or average pooling) combines adjacent elements in the feature map into a single value, thereby reducing resolution. After the convolutional and pooling layers, convolutional neural networks typically have one or more fully-connected layers that transform the extracted features into fixed-length vectors, which can be used for classification or regression tasks. In the network traffic timing pattern feature extraction, a convolutional neural network-based model may: extracting local features: the convolution layer of the convolutional neural network can extract local time sequence characteristics such as trend, periodicity and self-similarity in the flow gray image sequence; learning the hierarchical features: the multi-layer structure of the convolutional neural network allows it to learn the hierarchical features of the traffic patterns, from low-level local features to high-level global features; robustness: convolutional neural networks are robust to noise and outliers, which is important for network traffic analysis, as traffic data typically contains noise and anomalies; scalability: convolutional neural networks can process input sequences of different lengths and resolutions, making them suitable for use with various network traffic datasets. In a word, the model based on the convolutional neural network is very suitable for extracting time sequence mode features from the network flow gray level image sequence, so that accurate anomaly detection is realized.
In view of the possible presence of duplicate and redundant data in the time series of network traffic values collected by the network traffic monitor, such redundant data may be retained or even amplified during the above-described feature extraction process, which may affect the accuracy of anomaly detection. Therefore, in order to reduce the influence of the redundant information on the flow analysis and the anomaly detection, in the technical scheme of the application, the sequence of the local time sequence feature vector of the network flow is further input into the essential feature extraction network to capture the time sequence expression of the overall network flow change feature, so as to obtain the time sequence essential semantic feature vector of the network flow. In particular, the essential feature extraction network may automatically select and emphasize features that have a greater degree of contribution to the task of identifying abnormal network traffic, while weakening or ignoring those redundant features. Meanwhile, the essential feature extraction network can help to realize the reduction and compression of the data while further extracting and learning the time sequence feature distribution of the network traffic data, thereby reducing the dimension and complexity of the data and simultaneously retaining the important information in the data.
Accordingly, in step S130, inputting the sequence of the local timing feature vectors of the network traffic into the intrinsic feature extraction network to obtain a timing intrinsic semantic feature vector of the network traffic, including: processing the sequence of the local time sequence feature vectors of the network traffic by using the following essential feature extraction formula to obtain the time sequence essential semantic feature vectors of the network traffic; the essential characteristic extraction formula is as follows:
Wherein, Is the/>, in the sequence of the local time sequence feature vectors of the network trafficLocal time sequence feature vector of individual network traffic,/>Is the/>, in the sequence of the local time sequence feature vectors of the network trafficThe local timing feature vector of each network traffic,Representing the 1-norm of the feature vector,/>For the length of the sequence of network traffic local timing feature vectors-1,/>For the representation of the sequence of local timing feature vectors of the network traffic,/>Representing characteristic difference coefficient,/>Representing natural exponential function operations,/>Representing the total number of characteristic difference coefficients,/>And (5) timing sequence essential semantic feature vectors for the network traffic.
Here, the 1-norm of the feature vector is the sum of the absolute values of its respective elements. The 1-norm is a measure of the sparsity of vectors, sparse vectors having many zero elements, while dense vectors having many non-zero elements, vectors with smaller 1-norms being considered more sparse. The 1-norm has many applications in machine learning and signal processing, including: sparse representation: the 1-norm minimization problem can be used to find a lean solution where many elements of the solution vector are zero, which is useful in applications such as compressed sensing and feature selection. Robust regression: 1-norm regularization can be used to train regression models that are robust to outliers. This is useful when dealing with noisy or anomalous data. Feature selection: 1-norm regularization can be used to select features with high information content and discrimination, which is useful in high-dimensional data analysis and classification tasks.
It is worth mentioning that the Essential Feature Extraction Network (EFEN) is a deep learning model for extracting essential features from data. Essential features are invariant and meaningful features in the data that are critical to understanding and analyzing the data. The intrinsic feature extraction network uses a Convolutional Neural Network (CNN) or other deep learning model as a feature extractor. The essential feature extraction network is capable of extracting essential features from the data that are critical to understanding and analyzing the data.
Furthermore, the network traffic time sequence essential semantic feature vector passes through a classifier-based monitor to obtain a monitoring result, wherein the monitoring result is used for indicating whether the network traffic is abnormal or not; and displaying the monitoring result and the sequence of the local time sequence gray scale graph of the network traffic. The classifier learns boundaries between different categories (namely 'network traffic is abnormal' and 'network traffic is not abnormal') in the training process, so that the network traffic time sequence essential semantic feature vector can be effectively classified into the different categories. In this way, it is determined whether the detected network traffic data meets the normal mode, thereby identifying potentially abnormal traffic. In the practical application scene of the application, the sequence of the monitoring result and the local time sequence gray level diagram of the network traffic can prompt relevant technicians to take corresponding measures when the network traffic is abnormal so as to ensure the safety of the network.
Accordingly, in step S140, determining whether there is an anomaly in the network traffic based on the network traffic timing intrinsic semantic feature vector includes: and the network traffic time sequence essential semantic feature vector passes through a classifier-based monitor to obtain a monitoring result, wherein the monitoring result is used for indicating whether the network traffic is abnormal or not.
Specifically, the network traffic time sequence essential semantic feature vector is passed through a classifier-based monitor to obtain a monitoring result, wherein the monitoring result is used for indicating whether the network traffic is abnormal or not, and the monitoring result comprises the following steps: performing full-connection coding on the network traffic time sequence essential semantic feature vector by using a full-connection layer of the classifier-based monitor to obtain a coding classification feature vector; and inputting the coding classification feature vector into a Softmax classification function of the classifier-based monitor to obtain the monitoring result.
It should be appreciated that the role of the classifier is to learn the classification rules and classifier using a given class, known training data, and then classify (or predict) the unknown data. Logistic regression (logistics), SVM, etc. are commonly used to solve the classification problem, and for multi-classification problems (multi-class classification), logistic regression or SVM can be used as well, but multiple bi-classifications are required to compose multiple classifications, but this is error-prone and inefficient, and the commonly used multi-classification method is the Softmax classification function.
Further, in step S150, visually displaying whether the network traffic has an abnormality, including: and displaying the monitoring result and the sequence of the local time sequence gray scale map of the network traffic. In one example, the visual display of network traffic anomaly detection may take a variety of forms, depending on the particular method and tool used. The following are available visual display modes: time sequence diagram: the time series diagram shows the change of network traffic over time, which can help identify anomalies such as traffic surges or drops, traffic pattern changes, or outliers; heat map: the heatmap shows the distribution of different features or events in the network traffic, which can help identify patterns and trends, such as abnormal activity for a particular IP address or port; scatter plot: the scatter plot shows the relationship between two different features in the network traffic, which can help identify correlations or outliers, such as the relationship between traffic size and duration; histogram: the histogram shows a distribution of different values in the network traffic, which can help identify patterns and outliers, such as a distribution of a particular traffic type; radar chart: the radar chart shows a combination of features in the network traffic, which may help identify anomalies such as changes in traffic patterns or feature distribution. The visual display is critical to network traffic anomaly detection because it enables a network administrator to quickly and easily identify anomalies, such as traffic surges, pattern changes, or outliers, can help the network administrator learn about the nature of the anomalies, such as anomalies due to specific IP addresses, ports, or traffic types, and can help the network administrator take corrective action to resolve the anomalies, such as blocking malicious IP addresses, or adjusting firewall rules. In general, the visual display is an important component of network traffic anomaly detection because it enables network administrators to easily identify, understand, and resolve anomalies.
In the technical scheme of the application, each network traffic local time sequence gray map in the sequence of the network traffic local time sequence gray maps respectively expresses local time domain gray features of the network traffic values under the local time domain determined from the global time domain through sequence segmentation, so that if the distribution integrity of the sequence of the network traffic local time sequence gray maps can be improved, the feature extraction effect of the sequence of the network traffic local time sequence gray maps through a network traffic time sequence pattern feature extractor based on a convolutional neural network model is improved, and the expression effect of the network traffic time sequence essential semantic feature vector obtained by the network is improved by extracting the sequence input essential feature of the network traffic local time sequence feature vector.
Based on this, the applicant of the present application firstly converts each feature matrix in the sequence of the network traffic local time-series gray-scale map into a square matrix by linear transformation, and then corrects the sequence of the network traffic local time-series gray-scale map based on optimization of adjacent feature matrices in units of feature matrices.
Accordingly, in one example, in step S123, performing feature distribution correction on the sequence of network traffic local time series gray scale maps to obtain a corrected sequence of network traffic local time series gray scale maps, including: performing characteristic distribution correction on the sequence of the network traffic local time sequence gray scale map by using the following correction formula to obtain the corrected sequence of the network traffic local time sequence gray scale map; wherein, the correction formula is:
Wherein, And/>The first/>, respectively, of the sequence of local time-sequential gray-scale patterns of network trafficAnd/>A feature matrix, and/>And/>Feature matrix/>, respectivelyAnd/>Global mean value of/>Multiplication of characteristic diagrams,/>Representing a transpose operation,/>Representing multiplication by location,/>Is the/>, in the sequence of corrected network traffic local timing gray mapsAnd (3) feature matrices.
Here, each feature value of the feature matrix of the sequence of the network traffic local time sequence gray scale map is subjected to robust aggregation and sub-sampling proposal by taking the center of the feature matrix of the sequence of the network traffic local time sequence gray scale map along the channel distribution as a seed point of scene transmission in the channel dimension, so that directional constraint is transmitted by a distribution boundary frame of an adjacent feature matrix on the basis of participation of each feature value of the feature matrix of the sequence of the network traffic local time sequence gray scale map, the integrity of feature representation of the sequence of the network traffic local time sequence gray scale map is improved on the basis of context correlation of the whole edge channel dimension from bottom to top, and the feature extraction effect of the network traffic time sequence pattern feature extractor based on a convolutional neural network model is improved, the expression effect of the network traffic time sequence essential semantic feature vector is improved, and the accuracy of classification results obtained by a classifier is improved.
In summary, according to the network visualization method provided by the embodiment of the application, the security and stability of the network can be ensured.
Fig. 4 shows a block diagram of a network visualization system 100 according to an embodiment of the application. As shown in fig. 4, a network visualization system 100 according to an embodiment of the present application includes: a data acquisition module 110 for acquiring a time series of network traffic values acquired by the network traffic monitor; a local time sequence feature extraction module 120, configured to extract a flow local time sequence feature of the time sequence of network flow values to obtain a sequence of network flow local time sequence feature vectors; the essential feature extraction module 130 is configured to input the sequence of the local time sequence feature vectors of the network traffic into an essential feature extraction network to obtain a time sequence essential semantic feature vector of the network traffic; the anomaly detection module 140 is configured to determine whether the network traffic is abnormal based on the network traffic time sequence essential semantic feature vector; and a visual display module 150, configured to visually display whether the network traffic has an abnormality.
Here, it will be understood by those skilled in the art that the specific functions and operations of the respective units and modules in the above-described network visualization system 100 have been described in detail in the above description of the network visualization method with reference to fig. 1 to 3, and thus, repetitive descriptions thereof will be omitted.
As described above, the network visualization system 100 according to the embodiment of the present application may be implemented in various wireless terminals, such as a server having a network visualization algorithm, and the like. In one possible implementation, the network visualization system 100 according to an embodiment of the present application may be integrated into the wireless terminal as one software module and/or hardware module. For example, the network visualization system 100 may be a software module in the operating system of the wireless terminal, or may be an application developed for the wireless terminal; of course, the network visualization system 100 may also be one of many hardware modules of the wireless terminal.
Alternatively, in another example, the network visualization system 100 and the wireless terminal may be separate devices, and the network visualization system 100 may connect to the wireless terminal through a wired and/or wireless network and transmit the interactive information in a agreed data format.
Fig. 5 shows an application scenario diagram of a network visualization method according to an embodiment of the present application. As shown in fig. 5, in this application scenario, first, a time series of network traffic values acquired by a network traffic monitor (for example, D illustrated in fig. 5) is acquired, and then, the time series of network traffic values are input to a server (for example, S illustrated in fig. 5) in which a network visualization algorithm is deployed, wherein the server can process the time series of network traffic values using the network visualization algorithm to obtain a monitoring result for indicating whether there is an anomaly in network traffic.
In an exemplary embodiment, a non-transitory computer readable storage medium is also provided, such as a memory including computer program instructions executable by a processing component of an apparatus to perform the above-described method.
The present application may be a system, method, and/or computer program product. The computer program product may include a computer readable storage medium having computer readable program instructions embodied thereon for causing a processor to implement aspects of the present application.
The computer readable storage medium may be a tangible device that can hold and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: portable computer disks, hard disks, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), static Random Access Memory (SRAM), portable compact disk read-only memory (CD-ROM), digital Versatile Disks (DVD), memory sticks, floppy disks, mechanical coding devices, punch cards or in-groove structures such as punch cards or grooves having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media, as used herein, are not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (e.g., optical pulses through fiber optic cables), or electrical signals transmitted through wires.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The foregoing description of embodiments of the application has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various embodiments described. The terminology used herein was chosen in order to best explain the principles of the embodiments, the practical application, or the improvement of technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (9)
1. A method of network visualization, comprising:
Acquiring a time sequence of network traffic values acquired by a network traffic monitor;
Extracting the flow local time sequence characteristics of the time sequence of the network flow values to obtain a sequence of network flow local time sequence characteristic vectors;
inputting the sequence of the local time sequence feature vectors of the network traffic into an essential feature extraction network to obtain a time sequence essential semantic feature vector of the network traffic;
Determining whether the network traffic is abnormal or not based on the network traffic time sequence essential semantic feature vector; and
And visually displaying whether the network traffic has abnormality or not.
2. The network visualization method of claim 1, wherein extracting traffic local timing features of the time series of network traffic values to obtain a sequence of network traffic local timing feature vectors comprises:
performing data preprocessing on the time sequence of the network traffic value to obtain a sequence of local time sequences of the network traffic;
Inputting the local time sequence of each network traffic in the sequence of the local time sequences of network traffic into a network traffic gray scale image converter to obtain a sequence of local time sequence gray scale images of the network traffic;
Performing characteristic distribution correction on the sequence of the network traffic local time sequence gray level diagram to obtain a corrected sequence of the network traffic local time sequence gray level diagram; and
And performing time sequence pattern feature extraction on the corrected sequence of the local time sequence gray level diagram of the network traffic by using a deep learning network model to obtain the sequence of the local time sequence feature vector of the network traffic.
3. The network visualization method of claim 2, wherein the data preprocessing of the time series of network traffic values to obtain a sequence of local time series of network traffic comprises:
and performing sequence segmentation on the time sequence of the network traffic values based on a preset time scale to obtain a sequence of the local time sequence of the network traffic.
4. The network visualization method of claim 3, wherein the deep learning network model is a convolutional neural network model-based network traffic timing pattern feature extractor.
5. The network visualization method of claim 4, wherein performing timing pattern feature extraction on the sequence of corrected network traffic local timing gray maps using a deep learning network model to obtain the sequence of network traffic local timing feature vectors comprises:
and passing the corrected sequence of the local time sequence gray scale map of the network flow through the characteristic extractor of the time sequence pattern of the network flow based on the convolutional neural network model to obtain the sequence of the local time sequence characteristic vector of the network flow.
6. The network visualization method of claim 5, wherein inputting the sequence of network traffic local time series feature vectors into a feature extraction network to obtain a network traffic time series feature vector comprises:
Processing the sequence of the local time sequence feature vectors of the network traffic by using the following essential feature extraction formula to obtain the time sequence essential semantic feature vectors of the network traffic; the essential characteristic extraction formula is as follows:
Wherein, Is the/>, in the sequence of the local time sequence feature vectors of the network trafficLocal time sequence feature vector of individual network traffic,/>Is the/>, in the sequence of the local time sequence feature vectors of the network trafficThe local timing feature vector of each network traffic,Representing the 1-norm of the feature vector,/>For the length of the sequence of network traffic local timing feature vectors-1,/>For the representation of the sequence of local timing feature vectors of the network traffic,/>Representing characteristic difference coefficient,/>Representing natural exponential function operations,/>Representing the total number of characteristic difference coefficients,/>And (5) timing sequence essential semantic feature vectors for the network traffic.
7. The network visualization method of claim 6, wherein determining whether there is an anomaly in network traffic based on the network traffic timing intrinsic semantic feature vector comprises:
And the network traffic time sequence essential semantic feature vector passes through a classifier-based monitor to obtain a monitoring result, wherein the monitoring result is used for indicating whether the network traffic is abnormal or not.
8. The network visualization method of claim 7, wherein passing the network traffic timing essence semantic feature vector through a classifier-based monitor to obtain a monitoring result, the monitoring result being used to represent whether there is an anomaly in network traffic, comprising:
performing full-connection coding on the network traffic time sequence essential semantic feature vector by using a full-connection layer of the classifier-based monitor to obtain a coding classification feature vector; and
Inputting the coding classification feature vector into a Softmax classification function of the classifier-based monitor to obtain the monitoring result.
9. The network visualization method of claim 8, wherein visually displaying whether the network traffic has an anomaly comprises:
and displaying the monitoring result and the sequence of the local time sequence gray scale map of the network traffic.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410241700.3A CN118199941B (en) | 2024-03-04 | 2024-03-04 | Network visualization method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410241700.3A CN118199941B (en) | 2024-03-04 | 2024-03-04 | Network visualization method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN118199941A true CN118199941A (en) | 2024-06-14 |
| CN118199941B CN118199941B (en) | 2024-09-06 |
Family
ID=91392067
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410241700.3A Active CN118199941B (en) | 2024-03-04 | 2024-03-04 | Network visualization method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118199941B (en) |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100223276A1 (en) * | 2007-03-27 | 2010-09-02 | Faleh Jassem Al-Shameri | Automated Generation of Metadata for Mining Image and Text Data |
| CN107180244A (en) * | 2016-03-10 | 2017-09-19 | 北京君正集成电路股份有限公司 | A kind of image detecting method and device based on cascade classifier |
| CN109639481A (en) * | 2018-12-11 | 2019-04-16 | 深圳先进技术研究院 | A kind of net flow assorted method, system and electronic equipment based on deep learning |
| CN109993176A (en) * | 2017-12-29 | 2019-07-09 | 中国移动通信集团安徽有限公司 | Image local feature describes method, apparatus, equipment and medium |
| CN111783442A (en) * | 2019-12-19 | 2020-10-16 | 国网江西省电力有限公司电力科学研究院 | Intrusion detection method, device, server and storage medium |
| CN113064968A (en) * | 2021-04-06 | 2021-07-02 | 齐鲁工业大学 | Social media emotion analysis method and system based on tensor fusion network |
| CN113806746A (en) * | 2021-09-24 | 2021-12-17 | 沈阳理工大学 | Malicious code detection method based on improved CNN network |
| CN115018767A (en) * | 2022-05-03 | 2022-09-06 | 复旦大学 | Cross-modal endoscope image conversion and lesion segmentation method based on eigen expression learning |
| CN116471210A (en) * | 2023-06-20 | 2023-07-21 | 北京中科朗易科技有限责任公司 | Node penetration monitoring method, system, equipment and readable storage medium |
| US11810366B1 (en) * | 2022-09-22 | 2023-11-07 | Zhejiang Lab | Joint modeling method and apparatus for enhancing local features of pedestrians |
| CN117040917A (en) * | 2023-09-21 | 2023-11-10 | 深圳汉光电子技术有限公司 | Intelligent switch with monitoring and early warning functions |
| CN117113262A (en) * | 2023-10-23 | 2023-11-24 | 北京中科网芯科技有限公司 | Network traffic identification method and system |
| CN117155706A (en) * | 2023-10-30 | 2023-12-01 | 北京中科网芯科技有限公司 | Network abnormal behavior detection method and system |
| CN117156442A (en) * | 2023-10-31 | 2023-12-01 | 深圳市中科鼎创科技股份有限公司 | Cloud data security protection method and system based on 5G network |
| CN117421723A (en) * | 2023-10-07 | 2024-01-19 | 武汉卓讯互动信息科技有限公司 | Micro-service system based on Server Mesh |
| CN117478403A (en) * | 2023-11-10 | 2024-01-30 | 国网河南省电力公司信息通信分公司 | Whole scene network security threat association analysis method and system |
-
2024
- 2024-03-04 CN CN202410241700.3A patent/CN118199941B/en active Active
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100223276A1 (en) * | 2007-03-27 | 2010-09-02 | Faleh Jassem Al-Shameri | Automated Generation of Metadata for Mining Image and Text Data |
| CN107180244A (en) * | 2016-03-10 | 2017-09-19 | 北京君正集成电路股份有限公司 | A kind of image detecting method and device based on cascade classifier |
| CN109993176A (en) * | 2017-12-29 | 2019-07-09 | 中国移动通信集团安徽有限公司 | Image local feature describes method, apparatus, equipment and medium |
| CN109639481A (en) * | 2018-12-11 | 2019-04-16 | 深圳先进技术研究院 | A kind of net flow assorted method, system and electronic equipment based on deep learning |
| CN111783442A (en) * | 2019-12-19 | 2020-10-16 | 国网江西省电力有限公司电力科学研究院 | Intrusion detection method, device, server and storage medium |
| CN113064968A (en) * | 2021-04-06 | 2021-07-02 | 齐鲁工业大学 | Social media emotion analysis method and system based on tensor fusion network |
| CN113806746A (en) * | 2021-09-24 | 2021-12-17 | 沈阳理工大学 | Malicious code detection method based on improved CNN network |
| CN115018767A (en) * | 2022-05-03 | 2022-09-06 | 复旦大学 | Cross-modal endoscope image conversion and lesion segmentation method based on eigen expression learning |
| US11810366B1 (en) * | 2022-09-22 | 2023-11-07 | Zhejiang Lab | Joint modeling method and apparatus for enhancing local features of pedestrians |
| CN116471210A (en) * | 2023-06-20 | 2023-07-21 | 北京中科朗易科技有限责任公司 | Node penetration monitoring method, system, equipment and readable storage medium |
| CN117040917A (en) * | 2023-09-21 | 2023-11-10 | 深圳汉光电子技术有限公司 | Intelligent switch with monitoring and early warning functions |
| CN117421723A (en) * | 2023-10-07 | 2024-01-19 | 武汉卓讯互动信息科技有限公司 | Micro-service system based on Server Mesh |
| CN117113262A (en) * | 2023-10-23 | 2023-11-24 | 北京中科网芯科技有限公司 | Network traffic identification method and system |
| CN117155706A (en) * | 2023-10-30 | 2023-12-01 | 北京中科网芯科技有限公司 | Network abnormal behavior detection method and system |
| CN117156442A (en) * | 2023-10-31 | 2023-12-01 | 深圳市中科鼎创科技股份有限公司 | Cloud data security protection method and system based on 5G network |
| CN117478403A (en) * | 2023-11-10 | 2024-01-30 | 国网河南省电力公司信息通信分公司 | Whole scene network security threat association analysis method and system |
Non-Patent Citations (1)
| Title |
|---|
| 连鸿飞;张浩;郭文忠;: "一种数据增强与混合神经网络的异常流量检测", 小型微型计算机系统, no. 04, 9 April 2020 (2020-04-09) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN118199941B (en) | 2024-09-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108985361B (en) | Malicious traffic detection implementation method and device based on deep learning | |
| CN110853033B (en) | Video detection method and device based on inter-frame similarity | |
| CN108682007B (en) | JPEG image resampling automatic detection method based on depth random forest | |
| CN113328985B (en) | Passive Internet of things equipment identification method, system, medium and equipment | |
| CN112468487B (en) | Method and device for realizing model training and method and device for realizing node detection | |
| CN115861210B (en) | Transformer substation equipment abnormality detection method and system based on twin network | |
| CN112235305A (en) | Malicious traffic detection method based on convolutional neural network | |
| CN116232696A (en) | Encryption traffic classification method based on deep neural network | |
| CN115273123A (en) | Bill identification method, device and equipment and computer storage medium | |
| JP2007243459A (en) | Traffic state extracting apparatus and method, and computer program | |
| Gupta et al. | Fast single image haze removal method for inhomogeneous environment using variable scattering coefficient | |
| CN118199941B (en) | Network visualization method | |
| Langampol et al. | Smart switching bilateral filter with estimated noise characterization for mixed noise removal | |
| CN110912933B (en) | Equipment identification method based on passive measurement | |
| CN117040824A (en) | Network threat detection method and system | |
| CN112333155B (en) | Abnormal flow detection method and system, electronic equipment and storage medium | |
| CN112817587B (en) | Mobile application behavior identification method based on attention mechanism | |
| CN114884704A (en) | Network traffic abnormal behavior detection method and system based on involution and voting | |
| Qin et al. | Hybrid NSS features for no‐reference image quality assessment | |
| Progonov | Information-Theoretic Estimations of Cover Distortion by Adaptive Message Embedding | |
| Liyanage et al. | Making sense of occluded scenes using light field pre-processing and deep-learning | |
| CN115804066A (en) | Communication monitoring method and communication monitoring system | |
| Fabris-Rotelli et al. | Use of fractals to measure anisotropy in point patterns extracted with the DPT of an image | |
| CN114745170B (en) | Internet of things abnormality real-time detection method, device, terminal and readable storage medium | |
| CN114070581B (en) | Method and device for detecting hidden channel of domain name system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |