CN108900546A - The method and apparatus of time series Network anomaly detection based on LSTM - Google Patents
The method and apparatus of time series Network anomaly detection based on LSTM Download PDFInfo
- Publication number
- CN108900546A CN108900546A CN201810919681.XA CN201810919681A CN108900546A CN 108900546 A CN108900546 A CN 108900546A CN 201810919681 A CN201810919681 A CN 201810919681A CN 108900546 A CN108900546 A CN 108900546A
- Authority
- CN
- China
- Prior art keywords
- data
- detected
- network
- network flow
- time series
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 63
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000012549 training Methods 0.000 claims description 47
- 238000012360 testing method Methods 0.000 claims description 21
- 230000007787 long-term memory Effects 0.000 claims description 13
- 230000015654 memory Effects 0.000 claims description 11
- 238000007781 pre-processing Methods 0.000 claims description 10
- 230000005856 abnormality Effects 0.000 claims description 7
- 238000012545 processing Methods 0.000 claims description 7
- 238000013528 artificial neural network Methods 0.000 claims description 6
- 230000000306 recurrent effect Effects 0.000 claims description 5
- 238000006243 chemical reaction Methods 0.000 claims description 4
- 230000004907 flux Effects 0.000 claims description 3
- 238000011161 development Methods 0.000 abstract description 7
- 230000000694 effects Effects 0.000 abstract description 6
- 238000005516 engineering process Methods 0.000 abstract description 3
- 230000002159 abnormal effect Effects 0.000 description 10
- 230000006870 function Effects 0.000 description 9
- 238000004422 calculation algorithm Methods 0.000 description 7
- 230000008901 benefit Effects 0.000 description 6
- 238000010801 machine learning Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 230000002547 anomalous effect Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000034303 cell budding Effects 0.000 description 1
- 239000002131 composite material Substances 0.000 description 1
- 201000010099 disease Diseases 0.000 description 1
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000010191 image analysis Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000035800 maturation Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000007637 random forest analysis Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 230000006403 short-term memory Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/147—Network analysis or design for predicting network behaviour
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mathematical Physics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Algebra (AREA)
- Probability & Statistics with Applications (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of method and apparatus of time series Network anomaly detection based on LSTM, is related to field of information security technology, wherein method includes:Obtain the actual measured value of network flow to be detected;By in time series Network Traffic Forecast Model of the actual measured value input based on LSTM of network flow to be detected, the predicted value of network flow to be detected is obtained;The actual measured value of network flow to be detected is compared with the predicted value of network flow to be detected, obtains the anomaly data detection result of network flow to be detected.The method of time series Network anomaly detection provided by the present invention based on LSTM, it can be under large-scale network environment, one-dimensional time series data on flows exceptional value is detected and early warning is provided, promote Network anomaly detection efficiency, it is good to exception of network traffic recognition effect, development fitting intuitively can obviously distinguish exception information than more complete.
Description
Technical field
The present invention relates to field of information security technology, examine more particularly, to a kind of time series Network Abnormal based on LSTM
The method and apparatus of survey.
Background technique
As machine learning is in development in recent years, machine learning algorithm also has on multidimensional rejecting outliers is much answered
With, such as the table on multidimensional rejecting outliers such as Isolation Forest, random forest, density-based algorithms LOF
It is existing excellent, but on one-dimensional time series rejecting outliers, still in the budding stage, explores and lack compared with research all.
Manual type is to the detection of Network Abnormal value and is not suitable for, and manual type can only find to be clearly distinguishable from normal condition
Flow information, the Network Abnormal being not obvious can not be judged, and network flow data amount is huge relies solely on artificial inspection
The mode of survey is clearly unreasonable.
Detected for one-dimensional Network Abnormal value, instantly common methods be using probed into according to data attribute itself, the time
Sequence fit two ways.Rejecting outliers based on data attribute itself generally according to sequence criteria poor, sequence density, away from
From the judgements exception numerical value such as, offset, Fourier's attribute, zscore criterion score;Time series algorithm is fitted sequence development, thus
Obtain the excessive abnormal value information of deviation.
LSTM (Long Short-Term Memory, shot and long term memory network) is a kind of time recurrent neural network, is fitted
Together in being spaced and postponing relatively long critical event in processing and predicted time sequence, the analysis suitable for time series is quasi-
It closes.LSTM algorithm has a variety of applications in sciemtifec and technical sphere, is a kind of machine learning algorithm of maturation.In addition, being based on LSTM
System can learn interpreter language, control robot, image analysis, documentation summary, speech recognition image recognition, hand-written knowledge
Not, chat robots, predictive disease, clicking rate and stock, composite music etc. task are controlled, but in traditional network abnormality detection
On application be in the exploratory stage at initial stage.
Summary of the invention
In view of this, the method for the purpose of the present invention is to provide a kind of time series Network anomaly detection based on LSTM
Early warning is detected and provided to one-dimensional time series data on flows exceptional value, is mentioned under large-scale network environment with device
Network anomaly detection efficiency is risen, good to exception of network traffic recognition effect, development fitting intuitively can be distinguished obviously than more complete
Exception information.
In a first aspect, the method for the embodiment of the invention provides a kind of time series Network anomaly detection based on LSTM,
Including:
Obtain the actual measured value of network flow to be detected;
The actual measured value of network flow to be detected is inputted in the time series Network Traffic Forecast Model based on LSTM,
Obtain the predicted value of network flow to be detected;
The actual measured value of network flow to be detected is compared with the predicted value of network flow to be detected, is obtained to be checked
Survey the anomaly data detection result of network flow.
With reference to first aspect, the embodiment of the invention provides the first possible embodiments of first aspect, wherein side
Method further includes:
Acquisition time sequence network flow sample data;
Time series network flow sample data is pre-processed, training data sample and test data sample are obtained;
Training data sample input LSTM shot and long term memory network is trained, the time series net based on LSTM is obtained
Network flux prediction model.
With reference to first aspect, the embodiment of the invention provides second of possible embodiments of first aspect, wherein right
Time series network flow sample data is pre-processed, and training data sample and test data sample are obtained, including:
Dimension expansion is carried out to time series network flow data sample, obtains two-dimentional data set;
Two-dimentional data set is standardized, obtains falling into the data set in pre-set interval;
Using last column data in data set as prediction data, using other data in data set as training number
According to, and will include that the 2-D data of prediction data and training data is converted into three-dimensional data;
Three-dimensional data is divided into training data sample and test data sample.
With reference to first aspect, the embodiment of the invention provides the third possible embodiments of first aspect, wherein
Training data sample input LSTM shot and long term memory network is trained, it is pre- to obtain the time series network flow based on LSTM
It surveys after model, further includes:
By test data sample input the time series Network Traffic Forecast Model based on LSTM in, to based on LSTM when
Between the accuracy of sequence Network Traffic Forecast Model verified.
With reference to first aspect, the embodiment of the invention provides the 4th kind of possible embodiments of first aspect, wherein base
In the time series Network anomaly detection model of LSTM, including:The valve node of RNN Recognition with Recurrent Neural Network and each layer;Valve section
It puts and includes:Forget valve, input valve and output valve;
Forgeing valve is:ft=σ (Wf[ht-1,xt]+bf);
it=σ (Wi[ht-1,xt]+bi)
Inputting valve is:
After forgeing door and input gate processing, past memory and present memory content are merged, the value of generation is:
ot=σ (Wo[ht-1,xt]+bo)
Output valve is:ht=ot*tanh(Ct)
htFor the output result of the time series Network anomaly detection model based on LSTM;Wherein, W is weight, and b is inclined
It sets.
With reference to first aspect, the embodiment of the invention provides the 5th kind of possible embodiments of first aspect, wherein institute
The actual measured value of network flow to be detected is compared with the predicted value of network flow to be detected, obtains network flow to be detected
The anomaly data detection of amount is as a result, include:
Calculate the square value of the difference of the actual measured value of network flow to be detected and the predicted value of network flow to be detected;
Using the square value of difference as the anomaly data detection result of network flow to be detected.
Second aspect, the embodiment of the present invention provide a kind of device of time series Network anomaly detection based on LSTM, packet
It includes:
First data acquisition module, for obtaining the actual measured value of network flow to be detected;
Model prediction module, for the actual measured value of network flow to be detected to be inputted the time series net based on LSTM
In network flux prediction model, the predicted value of network flow to be detected is obtained;
Abnormality detection module, for by the predicted value of the actual measured value of network flow to be detected and network flow to be detected
It is compared, obtains the anomaly data detection result of network flow to be detected.
In conjunction with second aspect, the embodiment of the invention provides the first possible embodiments of second aspect, wherein also
Including:
Second data acquisition module is used for acquisition time sequence network flow sample data;
Preprocessing module obtains training data sample for pre-processing to time series network flow sample data
With test data sample;
Model training module obtains base for training data sample input LSTM shot and long term memory network to be trained
In the time series Network Traffic Forecast Model of LSTM.
In conjunction with second aspect, the embodiment of the invention provides second of possible embodiments of second aspect, wherein pre-
Processing module includes:
Dimension enlargement module obtains 2-D data for carrying out dimension expansion to time series network flow data sample
Collection;
Standardization module obtains falling into the number in pre-set interval for being standardized to two-dimentional data set
According to collection;
Data conversion module, for using last column data in data set as prediction data, by its in data set
Its data will include that the 2-D data of prediction data and training data is converted into three-dimensional data as training data;
Data division module, for three-dimensional data to be divided into training data sample and test data sample.
The third aspect, the embodiment of the present invention provide a kind of calculating of non-volatile program code that can be performed with processor
Machine readable medium, program code make processor execute method described in first aspect.
The embodiment of the present invention brings following beneficial effect:
In the method for the time series Network anomaly detection provided in an embodiment of the present invention based on LSTM, first obtain to
Detect the actual measured value of network flow;Then the actual measured value of network flow to be detected is inputted into the time sequence based on LSTM
In column Network Traffic Forecast Model, the predicted value of network flow to be detected is obtained;Finally by the practical survey of network flow to be detected
Magnitude is compared with the predicted value of network flow to be detected, obtains the anomaly data detection result of network flow to be detected.This
The method of time series Network anomaly detection based on LSTM provided by inventing, can be under large-scale network environment, to one
The time series data on flows exceptional value of dimension is detected and is provided early warning, Network anomaly detection efficiency is promoted, to network flow
Anomalous identification effect is good, and development fitting intuitively can obviously distinguish exception information than more complete.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification
It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention are in specification, claims
And specifically noted structure is achieved and obtained in attached drawing.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below
Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor
It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of stream of the method for time series Network anomaly detection based on LSTM that the embodiment of the present invention one provides
Cheng Tu;
Fig. 2 is in a kind of method for time series Network anomaly detection based on LSTM that the embodiment of the present invention one provides
Rejecting outliers analysis chart;
Fig. 3 is the method for another time series Network anomaly detection based on LSTM that the embodiment of the present invention one provides
Flow chart;
Fig. 4 is the method for another time series Network anomaly detection based on LSTM that the embodiment of the present invention one provides
Flow chart;
Fig. 5 is in a kind of method for time series Network anomaly detection based on LSTM that the embodiment of the present invention one provides
LSTM model schematic;
Fig. 6 is the method for another time series Network anomaly detection based on LSTM that the embodiment of the present invention one provides
Flow chart;
Fig. 7 is a kind of showing for device of the time series Network anomaly detection based on LSTM provided by Embodiment 2 of the present invention
It is intended to;
Fig. 8 is the device of another time series Network anomaly detection based on LSTM provided by Embodiment 2 of the present invention
Schematic diagram.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with attached drawing to the present invention
Technical solution be clearly and completely described, it is clear that described embodiments are some of the embodiments of the present invention, rather than
Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise
Under every other embodiment obtained, shall fall within the protection scope of the present invention.
It is existing to be detected for one-dimensional Network Abnormal value, instantly common methods be using probed into according to data attribute itself,
Time series is fitted two ways, and both modes usually will cause and obtain the excessive abnormal value information of deviation.Based on this, originally
Inventive embodiments provide a kind of method and apparatus of time series Network anomaly detection based on LSTM, in large-scale network environment
Under, early warning is detected and provided to one-dimensional time series data on flows exceptional value, Network anomaly detection efficiency is promoted, to net
Network Traffic Anomaly recognition effect is good, and development fitting intuitively can obviously distinguish exception information than more complete.
For convenient for understanding the present embodiment, first to a kind of time based on LSTM disclosed in the embodiment of the present invention
The method of sequence Network anomaly detection describes in detail.
Embodiment one:
The method of the embodiment of the invention provides a kind of time series Network anomaly detection based on LSTM is applied to service
Device, shown in Figure 1, this approach includes the following steps:
S101:Obtain the actual measured value of network flow to be detected.
When specific implementation, the server actual measured value that obtains network flow to be detected first.
S102:The actual measured value of network flow to be detected is inputted into the time series predicting network flow mould based on LSTM
In type, the predicted value of network flow to be detected is obtained.
The actual measured value of the network flow to be detected of above-mentioned acquisition is input in preparatory trained model, is obtained
The predicted value of network flow to be detected, the model are the time series Network anomaly detection model based on LSTM, are specifically included:
The valve node of RNN Recognition with Recurrent Neural Network and each layer;Valve node includes:Forget valve, input valve and output valve.
Forgeing valve is:ft=σ (Wf[ht-1,xt]+bf);
it=σ (Wi[ht-1,xt]+bi)
Inputting valve is:
After forgeing door and input gate processing, past memory and present memory content are merged, the value of generation is:
ot=σ (Wo[ht-1,xt]+bo)
Output valve is:ht=ot*tanh(Ct)
htFor the output result of the time series Network anomaly detection model based on LSTM;Wherein, W is weight, and b is inclined
It sets.
S103:The actual measured value of network flow to be detected is compared with the predicted value of network flow to be detected, is obtained
To the anomaly data detection result of network flow to be detected.
After the predicted value for obtaining network flow to be detected, by by the actual measured value of network flow to be detected with it is to be detected
The predicted value of network flow is compared, and obtains the anomaly data detection of network flow to be detected as a result, specifically, calculating to be checked
Survey the square value of the difference of the actual measured value of network flow and the predicted value of network flow to be detected;Using difference square value as to
Detect the anomaly data detection result of network flow.
After LSTM model training, predicted flow rate tendency can be fitted according to historical traffic data, when fitting result and reality
Border result differs bigger flow, it is believed that the departure degree of deviation from the norm flow rate mode is bigger.To keep error display obvious, define
Mse=(test-predict)2As rejecting outliers index, mse numerical value is bigger, it is believed that the Network Abnormal in this time can
It can be bigger.
For example, the case where Fig. 2 topmost changes over time for raw value;Centre be model LSTM predicted value at any time
Distribution;Bottom is rejecting outliers situation, obviously higher in the 45th day or so rejecting outliers index, it is believed that this day network
There may be abnormal problems for flow.
In addition, the above method further includes model training process between detecting to data, specially following step
Suddenly, shown in Figure 3:
S201:Acquisition time sequence network flow sample data.
When specific implementation, the network flow one-dimensional data being largely arranged successively in chronological order is collected first.
S202:Time series network flow sample data is pre-processed, training data sample and test data are obtained
Sample.
One-dimension Time Series need to be converted to the data format suitable for machine learning algorithm by pretreatment.Specific pre- place
Reason process is as follows, shown in Figure 4:
S301:Dimension expansion is carried out to time series network flow data sample, obtains two-dimentional data set.
Specifically, expanding dimension to initial data, setting sequence_length is to generate a two-dimentional data set.
Such as sequence_length=100, then new data set the first row content is 0-99 numerical value of original series, the second row
Data are the data of 1-100, and the data of third behavior 2-101 traverse initial data, novel one 100 column in the form of sliding window
New data set.
S302:Two-dimentional data set is standardized, obtains falling into the data set in pre-set interval.
Further data set is standardized, initial data subtracts mean value again divided by standard deviation, by by initial data
It proportionally scales, is allowed to fall into a specific section.
S303:Using last column data in data set as prediction data, using other data in data set as instruction
Practice data, and will include that the 2-D data of prediction data and training data is converted into three-dimensional data.
Training data x and prediction data y is divided, regard last column of data set in step S302 as prediction data y,
His data are as training data x.Data set based on step S301 sliding window schema extraction data divides, and is equivalent to each number
According to all predicting to obtain by fitting function by preceding 99 data.It and will include training data x and prediction data y by two-dimemsional number
Three dimensionality data (x, y, z) is converted to according to (x, y).
S304:Three-dimensional data is divided into training data sample and test data sample.
Further, above-mentioned three-dimensional data is divided into training data sample train and test data sample test, that is, trained
Collection, test set, training set are used for training machine learning model, and test set judges applied to model prediction accuracy rate.
S203:Training data sample input LSTM shot and long term memory network is trained, the time based on LSTM is obtained
Sequence Network Traffic Forecast Model.
According to LSTM shot and long term memory network time series advantage, using LSTM shot and long term memory network to time sequence
Column network flow is trained, and generates the time series Network Traffic Forecast Model based on LSTM.
The number of plies of LSTM shot and long term memory network is more, stronger to the learning ability of time series.But the number of plies does not surpass generally
3 layers are crossed, just than being difficult to converge when otherwise training.Meanwhile can finally add one layer of common neural network layer for export knot
The dimensionality reduction of fruit, it is shown in Figure 5.
In the embodiment of the present invention, the time series Network anomaly detection model based on LSTM includes:RNN Recognition with Recurrent Neural Network
And the valve node of each layer;Valve node includes:Forget valve, input valve and output valve.
Forgeing valve is:ft=σ (Wf[ht-1,xt]+bf);
it=σ (Wi[ht-1,xt]+bi)
Inputting valve is:
After forgeing door and input gate processing, past memory and present memory content are merged, the value of generation is:
ot=σ (Wo[ht-1,xt]+bo)
Output valve is:ht=ot*tanh(Ct)
htFor the output result of the time series Network anomaly detection model based on LSTM;Wherein, W is weight, and b is inclined
It sets.
It is trained by training data sample input LSTM shot and long term memory network, obtains the time series based on LSTM
It is further comprising the steps of after Network Traffic Forecast Model, it is shown in Figure 6:
S401:Test data sample is inputted in the time series Network Traffic Forecast Model based on LSTM, to being based on
The accuracy of the time series Network Traffic Forecast Model of LSTM is verified.
The method of time series Network anomaly detection provided in an embodiment of the present invention based on LSTM, can be in extensive net
Under network environment, early warning is detected and provided to one-dimensional time series data on flows exceptional value, promotes Network anomaly detection effect
Rate, good to exception of network traffic recognition effect, development fitting intuitively can obviously distinguish exception information than more complete.
The embodiment of the present invention also has the following advantages that:
The characteristics of large scale network data flow is that data persistently reach, and speed is fast, large-scale, therefore in large scale network
Network Abnormal is checked under environment and early warning is provided, and is great practical significance.LSTM shot and long term memory network, be suitable for processing and
Relatively long critical event is spaced and postponed in predicted time sequence, is excellent on rejecting outliers.Break through traditional net
Network abnormality detection handles extensive time data flow by the way of artificial experience detection, using machine learning algorithm, promotes net
Network abnormality detection efficiency.
Embodiment two:
The embodiment of the present invention provides a kind of device of time series Network anomaly detection based on LSTM, shown in Figure 7,
The device includes:First data acquisition module 51, model prediction module 52, abnormality detection module 53.
Wherein, the first data acquisition module 51, for obtaining the actual measured value of network flow to be detected;Model prediction mould
Block 52, for the actual measured value of network flow to be detected to be inputted the time series Network Traffic Forecast Model based on LSTM
In, obtain the predicted value of network flow to be detected;Abnormality detection module 53, for by the actual measured value of network flow to be detected
It is compared with the predicted value of network flow to be detected, obtains the anomaly data detection result of network flow to be detected.
In addition, further including:Second data acquisition module 61, preprocessing module 62, model training module 63, referring to Fig. 8 institute
Show.
Wherein, the second data acquisition module 61 is used for acquisition time sequence network flow sample data;Preprocessing module
62, for pre-processing to time series network flow sample data, obtain training data sample and test data sample;Mould
Type training module 63 is obtained for training data sample input LSTM shot and long term memory network to be trained based on LSTM's
Time series Network Traffic Forecast Model.
Above-mentioned preprocessing module 62 includes:Dimension enlargement module 621, standardization module 622, data conversion module
623 and data division module 624.
Wherein, dimension enlargement module 621 is obtained for carrying out dimension expansion to time series network flow data sample
Two-dimentional data set;Standardization module 622 obtains falling into pre-set interval for being standardized two-dimentional data set
Interior data set;Data conversion module 623, for using last column data in data set as prediction data, by data set
In other data as training data, and will include that the 2-D data of prediction data and training data is converted into three dimensions
According to;Data division module 624, for three-dimensional data to be divided into training data sample and test data sample.
In the device of time series Network anomaly detection based on LSTM provided by the embodiment of the present invention, modules with
Therefore the method technical characteristic having the same of the aforementioned time series Network anomaly detection based on LSTM equally may be implemented
Above-mentioned function.The specific work process of modules is referring to above method embodiment in the present apparatus, and details are not described herein.
The computer program of the method for time series Network anomaly detection based on LSTM provided by the embodiment of the present invention
Product, the computer readable storage medium including storing the executable non-volatile program code of processor, described program generation
The instruction that code includes can be used for executing previous methods method as described in the examples, and specific implementation can be found in embodiment of the method,
This is repeated no more.
It is apparent to those skilled in the art that for convenience and simplicity of description, the device of foregoing description
And the specific work process of electronic equipment, it can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
The flow chart and block diagram in the drawings show multiple embodiment method and computer program products according to the present invention
Architecture, function and operation in the cards.In this regard, each box in flowchart or block diagram can represent one
A part of module, section or code, a part of the module, section or code include it is one or more for realizing
The executable instruction of defined logic function.It should also be noted that in some implementations as replacements, function marked in the box
It can also can occur in a different order than that indicated in the drawings.For example, two continuous boxes can actually be substantially parallel
Ground executes, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that block diagram
And/or the combination of each box in flow chart and the box in block diagram and or flow chart, it can the function as defined in executing
Can or the dedicated hardware based system of movement realize, or can come using a combination of dedicated hardware and computer instructions real
It is existing.
In the description of the present invention, it should be noted that term " center ", "upper", "lower", "left", "right", "vertical",
The orientation or positional relationship of the instructions such as "horizontal", "inner", "outside" be based on the orientation or positional relationship shown in the drawings, merely to
Convenient for description the present invention and simplify description, rather than the device or element of indication or suggestion meaning must have a particular orientation,
It is constructed and operated in a specific orientation, therefore is not considered as limiting the invention.In addition, term " first ", " second ",
" third " is used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with
It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit,
Only a kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can
To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for
The mutual coupling, direct-coupling or communication connection of opinion can be through some communication interfaces, device or unit it is indirect
Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in the executable non-volatile computer-readable storage medium of a processor.Based on this understanding, of the invention
Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words
The form of product embodies, which is stored in a storage medium, including some instructions use so that
One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the present invention
State all or part of the steps of method.And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read-
Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can be with
Store the medium of program code.
Finally it should be noted that:Embodiment described above, only a specific embodiment of the invention, to illustrate the present invention
Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair
It is bright to be described in detail, those skilled in the art should understand that:Anyone skilled in the art
In the technical scope disclosed by the present invention, it can still modify to technical solution documented by previous embodiment or can be light
It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make
The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in protection of the invention
Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. a kind of method of the time series Network anomaly detection based on LSTM, which is characterized in that including:
Obtain the actual measured value of network flow to be detected;
By in time series Network Traffic Forecast Model of the actual measured value input based on LSTM of network flow to be detected, obtain
The predicted value of the network flow to be detected;
The actual measured value of the network flow to be detected is compared with the predicted value of the network flow to be detected, is obtained
The anomaly data detection result of the network flow to be detected.
2. the method according to claim 1, wherein the method also includes:
Acquisition time sequence network flow sample data;
The time series network flow sample data is pre-processed, training data sample and test data sample are obtained;
Training data sample input LSTM shot and long term memory network is trained, the time series net based on LSTM is obtained
Network flux prediction model.
3. according to the method described in claim 2, it is characterized in that, it is described to the time series network flow sample data into
Row pretreatment, obtains training data sample and test data sample, including:
Dimension expansion is carried out to the time series network flow data sample, obtains two-dimentional data set;
The two-dimentional data set is standardized, obtains falling into the data set in pre-set interval;
Using last column data in the data set as prediction data, using other data in the data set as training
Data, and will include that the 2-D data of the prediction data and the training data is converted into three-dimensional data;
The three-dimensional data is divided into the training data sample and the test data sample.
4. according to the method described in claim 2, it is characterized in that, the training data sample is inputted LSTM length described
Phase memory network is trained, and after obtaining the time series Network Traffic Forecast Model based on LSTM, further includes:
The test data sample is inputted in the time series Network Traffic Forecast Model based on LSTM, is based on to described
The accuracy of the time series Network Traffic Forecast Model of LSTM is verified.
5. the method according to claim 1, wherein the time series Network anomaly detection mould based on LSTM
Type, including:The valve node of RNN Recognition with Recurrent Neural Network and each layer;The valve node includes:Forget valve, input valve and
Output valve;
The forgetting valve is:ft=σ (Wf[ht-1,xt]+bf);
it=σ (Wi[ht-1,xt]+bi)
The input valve is:
After forgeing door and input gate processing, past memory and present memory content are merged, the value of generation is:
ot=σ (Wo[ht-1,xt]+bo)
The output valve is:ht=ot*tanh(Ct)
htFor the output result of the time series Network anomaly detection model based on LSTM;Wherein, W is weight, and b is biasing.
6. the method according to claim 1, wherein by the actual measured value of the network flow to be detected with
The predicted value of the network flow to be detected is compared, obtain the anomaly data detection of the network flow to be detected as a result,
Including:
Calculate square of the difference of the actual measured value of the network flow to be detected and the predicted value of the network flow to be detected
Value;
Using the square value of the difference as the anomaly data detection result of the network flow to be detected.
7. a kind of device of the time series Network anomaly detection based on LSTM, which is characterized in that including:
First data acquisition module, for obtaining the actual measured value of network flow to be detected;
Model prediction module, for the actual measured value of network flow to be detected to be inputted the time series network flow based on LSTM
It measures in prediction model, obtains the predicted value of the network flow to be detected;
Abnormality detection module, for by the pre- of the actual measured value of the network flow to be detected and the network flow to be detected
Measured value is compared, and obtains the anomaly data detection result of the network flow to be detected.
8. device according to claim 7, which is characterized in that further include:
Second data acquisition module is used for acquisition time sequence network flow sample data;
Preprocessing module obtains training data sample for pre-processing to the time series network flow sample data
With test data sample;
Model training module obtains base for training data sample input LSTM shot and long term memory network to be trained
In the time series Network Traffic Forecast Model of LSTM.
9. device according to claim 8, which is characterized in that the preprocessing module includes:
Dimension enlargement module obtains 2-D data for carrying out dimension expansion to the time series network flow data sample
Collection;
Standardization module obtains falling into the number in pre-set interval for being standardized to the two-dimentional data set
According to collection;
Data conversion module will be in the data set for using last column data in the data set as prediction data
Other data as training data, and will include that the 2-D data of the prediction data and the training data is converted into three
Dimension data;
Data division module, for the three-dimensional data to be divided into the training data sample and the test data sample.
10. a kind of computer-readable medium for the non-volatile program code that can be performed with processor, which is characterized in that described
Program code makes the processor execute the method as claimed in any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810919681.XA CN108900546A (en) | 2018-08-13 | 2018-08-13 | The method and apparatus of time series Network anomaly detection based on LSTM |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810919681.XA CN108900546A (en) | 2018-08-13 | 2018-08-13 | The method and apparatus of time series Network anomaly detection based on LSTM |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108900546A true CN108900546A (en) | 2018-11-27 |
Family
ID=64354307
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810919681.XA Pending CN108900546A (en) | 2018-08-13 | 2018-08-13 | The method and apparatus of time series Network anomaly detection based on LSTM |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108900546A (en) |
Cited By (44)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109740044A (en) * | 2018-12-24 | 2019-05-10 | 东华大学 | A kind of enterprise's unusual fluctuation method for early warning based on time series intelligent predicting |
| CN109739720A (en) * | 2018-12-04 | 2019-05-10 | 东软集团股份有限公司 | Method for detecting abnormality, device, storage medium and electronic equipment |
| CN109753049A (en) * | 2018-12-21 | 2019-05-14 | 国网江苏省电力有限公司南京供电分公司 | The exceptional instructions detection method of one provenance net load interaction industrial control system |
| CN109768995A (en) * | 2019-03-06 | 2019-05-17 | 国网甘肃省电力公司电力科学研究院 | A kind of network flow abnormal detecting method based on circular prediction and study |
| CN110008079A (en) * | 2018-12-25 | 2019-07-12 | 阿里巴巴集团控股有限公司 | Monitor control index method for detecting abnormality, model training method, device and equipment |
| CN110009429A (en) * | 2019-04-10 | 2019-07-12 | 金瓜子科技发展(北京)有限公司 | A kind of method, apparatus and computer equipment of predicted flow rate data |
| CN110040107A (en) * | 2019-03-18 | 2019-07-23 | 百度在线网络技术(北京)有限公司 | Vehicle intrusion detection and prediction model training method, device and storage medium |
| CN110231447A (en) * | 2019-06-10 | 2019-09-13 | 精锐视觉智能科技(深圳)有限公司 | The method, apparatus and terminal device of water quality abnormality detection |
| CN110287439A (en) * | 2019-06-27 | 2019-09-27 | 电子科技大学 | A network behavior anomaly detection method based on LSTM |
| CN110839184A (en) * | 2019-10-15 | 2020-02-25 | 北京邮电大学 | Method and device for adjusting bandwidth of mobile fronthaul optical network based on flow prediction |
| CN110874744A (en) * | 2019-11-18 | 2020-03-10 | 中国银联股份有限公司 | Data anomaly detection method and device |
| CN110895598A (en) * | 2019-10-23 | 2020-03-20 | 山东九州信泰信息科技股份有限公司 | Real-time anomaly detection parallelization method based on multi-source prediction |
| CN111027591A (en) * | 2019-11-13 | 2020-04-17 | 西安交通大学 | A node failure prediction method for large-scale cluster systems |
| CN111245667A (en) * | 2018-11-28 | 2020-06-05 | 中国移动通信集团浙江有限公司 | Network service identification method and device |
| CN111277444A (en) * | 2020-02-05 | 2020-06-12 | 苏州浪潮智能科技有限公司 | Method and device for early warning of switch failure |
| CN111431937A (en) * | 2020-04-23 | 2020-07-17 | 国网浙江省电力有限公司 | Method and system for detecting abnormal flow of industrial network |
| CN111669385A (en) * | 2020-05-29 | 2020-09-15 | 重庆理工大学 | A Malicious Traffic Monitoring System Integrating Deep Neural Networks and Hierarchical Attention Mechanisms |
| CN111669384A (en) * | 2020-05-29 | 2020-09-15 | 重庆理工大学 | A Malicious Traffic Detection Method Integrating Deep Neural Networks and Hierarchical Attention Mechanisms |
| CN111967011A (en) * | 2020-07-10 | 2020-11-20 | 电子科技大学 | Interpretable internal threat assessment method |
| CN112036075A (en) * | 2020-08-11 | 2020-12-04 | 中国环境监测总站 | Abnormal data judgment method based on environmental monitoring data association relation |
| CN112183576A (en) * | 2020-08-25 | 2021-01-05 | 北京邮电大学 | Time-LSTM classification method based on unbalanced data set |
| CN112287602A (en) * | 2020-10-28 | 2021-01-29 | 北京国信会视科技有限公司 | Motor car axle temperature fault early warning method based on machine learning and isolated forest |
| CN112333155A (en) * | 2020-10-16 | 2021-02-05 | 济南浪潮数据技术有限公司 | Abnormal flow detection method and system, electronic equipment and storage medium |
| CN112738098A (en) * | 2020-12-28 | 2021-04-30 | 北京天融信网络安全技术有限公司 | Anomaly detection method and device based on network behavior data |
| CN112770112A (en) * | 2021-01-28 | 2021-05-07 | 卓望数码技术(深圳)有限公司 | Traffic data anomaly detection method and device, electronic equipment and storage medium |
| CN112769752A (en) * | 2020-12-15 | 2021-05-07 | 浙江大学 | Network intrusion detection method based on machine learning integration model |
| CN113079168A (en) * | 2021-04-13 | 2021-07-06 | 网络通信与安全紫金山实验室 | Network anomaly detection method and device and storage medium |
| CN113162811A (en) * | 2021-06-01 | 2021-07-23 | 长扬科技(北京)有限公司 | Industrial control network flow abnormity detection method and device based on deep learning |
| CN113255775A (en) * | 2021-05-28 | 2021-08-13 | 神威超算(北京)科技有限公司 | Method and device for identifying abnormal data of power system and intelligent chip |
| CN113259207A (en) * | 2021-07-13 | 2021-08-13 | 中国人民解放军国防科技大学 | QRNN-based stateful network protocol fuzzy test case filtering method |
| CN113708987A (en) * | 2020-05-22 | 2021-11-26 | 浙江大学 | Network anomaly detection method and device |
| CN113852603A (en) * | 2021-08-13 | 2021-12-28 | 京东科技信息技术有限公司 | Method and device for detecting abnormality of network traffic, electronic equipment and readable medium |
| CN113886118A (en) * | 2021-09-16 | 2022-01-04 | 杭州安恒信息技术股份有限公司 | Abnormal resource processing method, device, system, electronic device and storage medium |
| CN114339858A (en) * | 2021-12-30 | 2022-04-12 | 天翼物联科技有限公司 | Terminal packet sending parameter adjusting method and device and related equipment |
| CN114430378A (en) * | 2020-10-15 | 2022-05-03 | 中国移动通信集团浙江有限公司 | Anomaly detection method, device, computing device and storage medium of chat robot |
| CN114679310A (en) * | 2022-03-22 | 2022-06-28 | 安徽赛福贝特信息技术有限公司 | Network information security detection method |
| CN114707413A (en) * | 2022-04-08 | 2022-07-05 | 广东利扬芯片测试股份有限公司 | Wafer test detection method based on long-short term memory network and sliding window |
| CN115150248A (en) * | 2021-03-16 | 2022-10-04 | 中国移动通信集团江苏有限公司 | Network flow abnormity detection method and device, electronic equipment and storage medium |
| CN115720200A (en) * | 2022-11-17 | 2023-02-28 | 温州大学 | Network flow visualization and analysis method and system |
| CN116074209A (en) * | 2023-02-20 | 2023-05-05 | 中移动信息技术有限公司 | Data prediction method, device, equipment and computer storage medium |
| CN116170200A (en) * | 2023-02-16 | 2023-05-26 | 国网上海市电力公司 | Time-series anomaly detection method, system, equipment and storage medium for power monitoring system |
| CN116471196A (en) * | 2023-06-19 | 2023-07-21 | 宏景科技股份有限公司 | Operation and maintenance monitoring network maintenance method, system and equipment |
| CN118191550A (en) * | 2024-05-15 | 2024-06-14 | 天津海瑞电子科技有限公司 | Power module cycle test method |
| CN119204655A (en) * | 2024-09-02 | 2024-12-27 | 中国电子信息产业集团有限公司第六研究所 | A risk detection method and risk detection device for oil and gas pipeline network equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106888205A (en) * | 2017-01-04 | 2017-06-23 | 浙江大学 | A kind of non-intrusion type is based on the PLC method for detecting abnormality of power consumption analysis |
| US20180033144A1 (en) * | 2016-09-21 | 2018-02-01 | Realize, Inc. | Anomaly detection in volumetric images |
| CN108234496A (en) * | 2018-01-05 | 2018-06-29 | 宝牧科技(天津)有限公司 | A kind of method for predicting based on neural network |
| EP3355547A1 (en) * | 2017-01-27 | 2018-08-01 | Vectra Networks, Inc. | Method and system for learning representations of network flow traffic |
-
2018
- 2018-08-13 CN CN201810919681.XA patent/CN108900546A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180033144A1 (en) * | 2016-09-21 | 2018-02-01 | Realize, Inc. | Anomaly detection in volumetric images |
| CN106888205A (en) * | 2017-01-04 | 2017-06-23 | 浙江大学 | A kind of non-intrusion type is based on the PLC method for detecting abnormality of power consumption analysis |
| EP3355547A1 (en) * | 2017-01-27 | 2018-08-01 | Vectra Networks, Inc. | Method and system for learning representations of network flow traffic |
| CN108234496A (en) * | 2018-01-05 | 2018-06-29 | 宝牧科技(天津)有限公司 | A kind of method for predicting based on neural network |
Cited By (67)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111245667A (en) * | 2018-11-28 | 2020-06-05 | 中国移动通信集团浙江有限公司 | Network service identification method and device |
| CN109739720B (en) * | 2018-12-04 | 2022-08-02 | 东软集团股份有限公司 | Abnormality detection method, abnormality detection device, storage medium, and electronic apparatus |
| CN109739720A (en) * | 2018-12-04 | 2019-05-10 | 东软集团股份有限公司 | Method for detecting abnormality, device, storage medium and electronic equipment |
| CN109753049A (en) * | 2018-12-21 | 2019-05-14 | 国网江苏省电力有限公司南京供电分公司 | The exceptional instructions detection method of one provenance net load interaction industrial control system |
| CN109753049B (en) * | 2018-12-21 | 2021-12-17 | 国网江苏省电力有限公司南京供电分公司 | Abnormal instruction detection method for source-network-load interactive industrial control system |
| CN109740044A (en) * | 2018-12-24 | 2019-05-10 | 东华大学 | A kind of enterprise's unusual fluctuation method for early warning based on time series intelligent predicting |
| CN109740044B (en) * | 2018-12-24 | 2023-03-21 | 东华大学 | Enterprise transaction early warning method based on time series intelligent prediction |
| CN110008079A (en) * | 2018-12-25 | 2019-07-12 | 阿里巴巴集团控股有限公司 | Monitor control index method for detecting abnormality, model training method, device and equipment |
| CN109768995A (en) * | 2019-03-06 | 2019-05-17 | 国网甘肃省电力公司电力科学研究院 | A kind of network flow abnormal detecting method based on circular prediction and study |
| CN109768995B (en) * | 2019-03-06 | 2021-08-13 | 国网甘肃省电力公司电力科学研究院 | A network traffic anomaly detection method based on loop prediction and learning |
| CN110040107A (en) * | 2019-03-18 | 2019-07-23 | 百度在线网络技术(北京)有限公司 | Vehicle intrusion detection and prediction model training method, device and storage medium |
| CN110009429A (en) * | 2019-04-10 | 2019-07-12 | 金瓜子科技发展(北京)有限公司 | A kind of method, apparatus and computer equipment of predicted flow rate data |
| CN110009429B (en) * | 2019-04-10 | 2021-04-16 | 金瓜子科技发展(北京)有限公司 | Method and device for predicting flow data and computer equipment |
| CN110231447A (en) * | 2019-06-10 | 2019-09-13 | 精锐视觉智能科技(深圳)有限公司 | The method, apparatus and terminal device of water quality abnormality detection |
| CN110287439A (en) * | 2019-06-27 | 2019-09-27 | 电子科技大学 | A network behavior anomaly detection method based on LSTM |
| CN110839184B (en) * | 2019-10-15 | 2021-06-15 | 北京邮电大学 | Method and device for bandwidth adjustment of mobile fronthaul optical network based on traffic prediction |
| CN110839184A (en) * | 2019-10-15 | 2020-02-25 | 北京邮电大学 | Method and device for adjusting bandwidth of mobile fronthaul optical network based on flow prediction |
| CN110895598B (en) * | 2019-10-23 | 2021-09-14 | 山东九州信泰信息科技股份有限公司 | Real-time anomaly detection parallelization method based on multi-source prediction |
| CN110895598A (en) * | 2019-10-23 | 2020-03-20 | 山东九州信泰信息科技股份有限公司 | Real-time anomaly detection parallelization method based on multi-source prediction |
| CN111027591A (en) * | 2019-11-13 | 2020-04-17 | 西安交通大学 | A node failure prediction method for large-scale cluster systems |
| CN111027591B (en) * | 2019-11-13 | 2022-07-12 | 西安交通大学 | Node fault prediction method for large-scale cluster system |
| CN110874744B (en) * | 2019-11-18 | 2022-08-02 | 中国银联股份有限公司 | A kind of data abnormality detection method and device |
| CN110874744A (en) * | 2019-11-18 | 2020-03-10 | 中国银联股份有限公司 | Data anomaly detection method and device |
| CN111277444B (en) * | 2020-02-05 | 2022-12-27 | 苏州浪潮智能科技有限公司 | Switch fault early warning method and device |
| CN111277444A (en) * | 2020-02-05 | 2020-06-12 | 苏州浪潮智能科技有限公司 | Method and device for early warning of switch failure |
| CN111431937A (en) * | 2020-04-23 | 2020-07-17 | 国网浙江省电力有限公司 | Method and system for detecting abnormal flow of industrial network |
| CN113708987A (en) * | 2020-05-22 | 2021-11-26 | 浙江大学 | Network anomaly detection method and device |
| CN111669385A (en) * | 2020-05-29 | 2020-09-15 | 重庆理工大学 | A Malicious Traffic Monitoring System Integrating Deep Neural Networks and Hierarchical Attention Mechanisms |
| CN111669384A (en) * | 2020-05-29 | 2020-09-15 | 重庆理工大学 | A Malicious Traffic Detection Method Integrating Deep Neural Networks and Hierarchical Attention Mechanisms |
| CN111669384B (en) * | 2020-05-29 | 2021-11-23 | 重庆理工大学 | Malicious flow detection method integrating deep neural network and hierarchical attention mechanism |
| CN111967011A (en) * | 2020-07-10 | 2020-11-20 | 电子科技大学 | Interpretable internal threat assessment method |
| CN111967011B (en) * | 2020-07-10 | 2022-10-14 | 电子科技大学 | An explainable approach to insider threat assessment |
| CN112036075A (en) * | 2020-08-11 | 2020-12-04 | 中国环境监测总站 | Abnormal data judgment method based on environmental monitoring data association relation |
| CN112183576B (en) * | 2020-08-25 | 2022-12-27 | 北京邮电大学 | Time-LSTM classification method based on unbalanced data set |
| CN112183576A (en) * | 2020-08-25 | 2021-01-05 | 北京邮电大学 | Time-LSTM classification method based on unbalanced data set |
| CN114430378A (en) * | 2020-10-15 | 2022-05-03 | 中国移动通信集团浙江有限公司 | Anomaly detection method, device, computing device and storage medium of chat robot |
| CN114430378B (en) * | 2020-10-15 | 2023-08-18 | 中国移动通信集团浙江有限公司 | Anomaly detection method and device for chat robot, computing device and storage medium |
| CN112333155B (en) * | 2020-10-16 | 2022-07-22 | 济南浪潮数据技术有限公司 | Abnormal flow detection method and system, electronic equipment and storage medium |
| CN112333155A (en) * | 2020-10-16 | 2021-02-05 | 济南浪潮数据技术有限公司 | Abnormal flow detection method and system, electronic equipment and storage medium |
| CN112287602A (en) * | 2020-10-28 | 2021-01-29 | 北京国信会视科技有限公司 | Motor car axle temperature fault early warning method based on machine learning and isolated forest |
| CN112769752A (en) * | 2020-12-15 | 2021-05-07 | 浙江大学 | Network intrusion detection method based on machine learning integration model |
| CN112769752B (en) * | 2020-12-15 | 2021-11-23 | 浙江大学 | Network intrusion detection method based on machine learning integration model |
| CN112738098A (en) * | 2020-12-28 | 2021-04-30 | 北京天融信网络安全技术有限公司 | Anomaly detection method and device based on network behavior data |
| CN112770112A (en) * | 2021-01-28 | 2021-05-07 | 卓望数码技术(深圳)有限公司 | Traffic data anomaly detection method and device, electronic equipment and storage medium |
| CN115150248A (en) * | 2021-03-16 | 2022-10-04 | 中国移动通信集团江苏有限公司 | Network flow abnormity detection method and device, electronic equipment and storage medium |
| CN115150248B (en) * | 2021-03-16 | 2023-09-19 | 中国移动通信集团江苏有限公司 | Network traffic anomaly detection method, device, electronic equipment and storage medium |
| CN113079168B (en) * | 2021-04-13 | 2023-02-21 | 网络通信与安全紫金山实验室 | Network anomaly detection method and device and storage medium |
| CN113079168A (en) * | 2021-04-13 | 2021-07-06 | 网络通信与安全紫金山实验室 | Network anomaly detection method and device and storage medium |
| CN113255775A (en) * | 2021-05-28 | 2021-08-13 | 神威超算(北京)科技有限公司 | Method and device for identifying abnormal data of power system and intelligent chip |
| CN113255775B (en) * | 2021-05-28 | 2021-09-24 | 神威超算(北京)科技有限公司 | Method and device for identifying abnormal data of power system and intelligent chip |
| CN113162811A (en) * | 2021-06-01 | 2021-07-23 | 长扬科技(北京)有限公司 | Industrial control network flow abnormity detection method and device based on deep learning |
| CN113259207A (en) * | 2021-07-13 | 2021-08-13 | 中国人民解放军国防科技大学 | QRNN-based stateful network protocol fuzzy test case filtering method |
| CN113852603A (en) * | 2021-08-13 | 2021-12-28 | 京东科技信息技术有限公司 | Method and device for detecting abnormality of network traffic, electronic equipment and readable medium |
| CN113852603B (en) * | 2021-08-13 | 2023-11-07 | 京东科技信息技术有限公司 | Abnormality detection method and device for network traffic, electronic equipment and readable medium |
| CN113886118A (en) * | 2021-09-16 | 2022-01-04 | 杭州安恒信息技术股份有限公司 | Abnormal resource processing method, device, system, electronic device and storage medium |
| CN114339858A (en) * | 2021-12-30 | 2022-04-12 | 天翼物联科技有限公司 | Terminal packet sending parameter adjusting method and device and related equipment |
| CN114339858B (en) * | 2021-12-30 | 2023-12-05 | 天翼物联科技有限公司 | Terminal packet sending parameter adjusting method and device and related equipment |
| CN114679310A (en) * | 2022-03-22 | 2022-06-28 | 安徽赛福贝特信息技术有限公司 | Network information security detection method |
| CN114707413A (en) * | 2022-04-08 | 2022-07-05 | 广东利扬芯片测试股份有限公司 | Wafer test detection method based on long-short term memory network and sliding window |
| CN115720200A (en) * | 2022-11-17 | 2023-02-28 | 温州大学 | Network flow visualization and analysis method and system |
| CN116170200A (en) * | 2023-02-16 | 2023-05-26 | 国网上海市电力公司 | Time-series anomaly detection method, system, equipment and storage medium for power monitoring system |
| CN116074209A (en) * | 2023-02-20 | 2023-05-05 | 中移动信息技术有限公司 | Data prediction method, device, equipment and computer storage medium |
| CN116471196B (en) * | 2023-06-19 | 2023-10-20 | 宏景科技股份有限公司 | Operation and maintenance monitoring network maintenance method, system and equipment |
| CN116471196A (en) * | 2023-06-19 | 2023-07-21 | 宏景科技股份有限公司 | Operation and maintenance monitoring network maintenance method, system and equipment |
| CN118191550A (en) * | 2024-05-15 | 2024-06-14 | 天津海瑞电子科技有限公司 | Power module cycle test method |
| CN118191550B (en) * | 2024-05-15 | 2024-07-19 | 天津海瑞电子科技有限公司 | Power module circulation test method |
| CN119204655A (en) * | 2024-09-02 | 2024-12-27 | 中国电子信息产业集团有限公司第六研究所 | A risk detection method and risk detection device for oil and gas pipeline network equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108900546A (en) | The method and apparatus of time series Network anomaly detection based on LSTM | |
| US10600005B2 (en) | System for automatic, simultaneous feature selection and hyperparameter tuning for a machine learning model | |
| US10360500B2 (en) | Two-phase distributed neural network training system | |
| CN103168227B (en) | For distributing the method, apparatus and system of grading | |
| CN113407694B (en) | Method, device and related equipment for detecting ambiguity of customer service robot knowledge base | |
| CN113592019A (en) | Fault detection method, device, equipment and medium based on multi-model fusion | |
| WO2024067387A1 (en) | User portrait generation method based on characteristic variable scoring, device, vehicle, and storage medium | |
| CN109241669A (en) | A kind of method for automatic modeling, device and its storage medium | |
| TWI660277B (en) | Information processing device and information processing method | |
| CN105069470A (en) | Classification model training method and device | |
| US20160361878A1 (en) | System and method for evaluating additive manufacturing index | |
| Liu et al. | A KNNS based anomaly detection method applied for UAV flight data stream | |
| CN116485020A (en) | Supply chain risk identification early warning method, system and medium based on big data | |
| CN113704389A (en) | Data evaluation method and device, computer equipment and storage medium | |
| CN106537423A (en) | Adaptive Characterization as a Service | |
| CN108830417B (en) | ARMA (autoregressive moving average) and regression analysis based life energy consumption prediction method and system | |
| KR20210042709A (en) | Method and server for stock movement prediction using corporate relation data | |
| CN119579602A (en) | Defect detection system, method and device based on artificial intelligence image processing | |
| CN119130748A (en) | An interactive learning resource management method, system, computer device and medium for basic education | |
| CN116957361B (en) | Ship task system health state detection method based on virtual-real combination | |
| CN108241625A (en) | Predict the method and system of student performance variation tendency | |
| CN116739395A (en) | Enterprise outward migration prediction method, device, equipment and storage medium | |
| CN116186507A (en) | A feature subset selection method, device and storage medium | |
| CN110879821A (en) | Method, device, equipment and storage medium for generating rating card model derivative label | |
| WO2017221856A1 (en) | Analysis device, analysis method, and recording medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181127 |
|
| RJ01 | Rejection of invention patent application after publication |