Network data exception detection method and system based on high-order association mining

A network data and anomaly detection technology, which is applied in transmission systems, instruments, character and pattern recognition, etc., can solve the problems of high system hardware performance requirements, large amount of data calculation, waste of marked network data, etc., and achieve optimal relevance , improve accuracy and improve reliability

Active Publication Date: 2019-05-28
TSINGHUA UNIV
View PDF8 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In the existing technology, there are mainly three detection methods for abnormal network data: supervised learning detection, semi-supervised learning detection and unsupervised learning detection. First, because supervised learning detection requires sufficient labeled network data for training, and In the industrial environment, the marked network data with labels is less, resulting in lower accuracy of supervised learning detection; secondly, although the unsupervised learning method does not require labeled data, it cannot make full use of the marked network data, not only the amount of data calculation is relatively large Large, resulting in high system hardware performance requirements, and also caused a waste of marked network data; finally, although the semi-supervised learning method can use both marked network data and unmarked network data, it must have all types of abnormal network data Unmarked abnormal network data cannot be detected, resulting in poor overall recognition performance of abnormal network data detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network data exception detection method and system based on high-order association mining
  • Network data exception detection method and system based on high-order association mining
  • Network data exception detection method and system based on high-order association mining

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0025] combine Figure 1 to Figure 3 Embodiment 1 of the present application will be described.

[0026] like figure 1 As shown, the present embodiment provides a network data anomaly detection method based on high-order association mining, the method comprising:

[0027] Step 1, generate a discrete forest according to the obtained network data set, and calculate the discrete value of the network data in the network data set, wherein the network data can be one of normal network data, abnormal network data and unlabeled network data;

[0028] Specifically, in an industrial network, the acquired network data set

[0029] O={O 1 ,...,O n1 ,...,O n2 ,...,O n}, which includes normal network data {O 1 , O 2 ,...,O n1}, abnormal network data {O n1+1 , O n1+2 ,...,O n2} and unlabeled web data {O n2+1 , O n2+2 ,...,O n}, where n1, n2 and n are integers greater than or equal to 1. According to the discrete nature of network data, a discrete forest model is introduced to...

Embodiment 2

[0078] like Figure 4 As shown, the present embodiment provides a network data anomaly detection system 30 based on high-order association mining, which includes: a discrete value calculation unit 31, a similar value calculation unit 32, a weight calculation unit 33, and a label matrix calculation unit 34 And the type determination unit 35; the discrete value calculation unit 31 is used to generate a discrete forest according to the acquired network data set, and calculate the discrete value of the network data in the network data set, wherein the network data can be normal network data, abnormal network data and one of unlabeled web data;

[0079] Specifically, in an industrial network, the acquired network data set O={O 1 ,...,O n1 ,...,O n2 ,...,O n}, which includes normal network data {O 1 , O 2 ,...,O n1}, abnormal network data {O n1+1 , O n1+2 ,...,O n2} and unlabeled web data {O n2+1 , O n2+2 ,...,O n}, where n1, n2 and n are integers greater than or equal ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network data exception detection method and system based on high-order association mining, and the method comprises the steps: 1, generating a discrete forest according to anobtained network data set, and calculating a discrete value of network data in the network data set; 2, generating a clustering center point according to a clustering algorithm and the abnormal network data, and calculating a similarity value between the network data and the clustering center point; 3, calculating the weight of the network data in the network data set according to the discrete value and the similarity value; 4, calculating a label matrix of unmarked network data in the network data set according to the weight of the network data and the hypergraph model; And step 5, determining the security type of the unlabeled network data according to the label matrix. Through the technical scheme provided by the invention, effective identification of a large amount of unmarked networkdata in an industrial network environment is realized, and the identification accuracy of the unmarked network data and the utilization rate of the marked network data are improved.

Description

technical field [0001] This application relates to the technical field of industrial network data detection, in particular, to a network data anomaly detection method based on high-order association mining and a network data anomaly detection system based on high-order association mining. Background technique [0002] With the rapid development of network technology, network attack incidents also occur frequently. In the face of increasing network data, how to efficiently and quickly detect abnormal data in network data and mark normal data and abnormal data has become more and more important. important. Due to the characteristics of industrial networks, there is a large amount of unlabeled network data in industrial networks, which is not conducive to the safe operation of industrial networks. Due to the many types of protocols that network data in industrial networks follow, in order to efficiently detect potential threats to network data, weigh the relationship between d...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62
Inventor 高跃王楠赵曦滨万海
Owner TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap