[go: up one dir, main page]

CN113487010B - Power grid network security event analysis method based on machine learning - Google Patents

Power grid network security event analysis method based on machine learning Download PDF

Info

Publication number
CN113487010B
CN113487010B CN202110556026.4A CN202110556026A CN113487010B CN 113487010 B CN113487010 B CN 113487010B CN 202110556026 A CN202110556026 A CN 202110556026A CN 113487010 B CN113487010 B CN 113487010B
Authority
CN
China
Prior art keywords
training
network security
machine learning
hidden layer
neural network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110556026.4A
Other languages
Chinese (zh)
Other versions
CN113487010A (en
Inventor
杜猛俊
赵明琪
钱锦
徐李冰
陈元中
万燕珍
童俊
杨涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority to CN202110556026.4A priority Critical patent/CN113487010B/en
Publication of CN113487010A publication Critical patent/CN113487010A/en
Application granted granted Critical
Publication of CN113487010B publication Critical patent/CN113487010B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/084Backpropagation, e.g. using gradient descent
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S10/00Systems supporting electrical power generation, transmission or distribution
    • Y04S10/50Systems or methods supporting the power network operation or management, involving a certain degree of interaction with the load-side end user applications

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Mathematical Physics (AREA)
  • Computational Linguistics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明公开了一种基于机器学习的电网网络安全事件分析方法,包括:S01:输入数据集,所述数据集包括历史网络安全事件和对应处置方法;S02:将数据集划分为训练集和验证集,并将历史网络安全事件名称转化为词向量形式,建立特征集合;S03:将训练集中的特征集合和处置方法分批导入至参数不同的神经网络中进行训练得到若干种训练后的神经网络;S04:将验证集的特征集合输入至各训练后的神经网络中输出处置方法,与验证集中原处置方法进行对比,统计得到准确率;S05:根据准确率调整并筛选训练后的神经网络,从中得到最终模型;S06:将实时网络安全事件名称转化为词向量形式并建立特征集合后输入最终模型,得到处置方法。本发明能够智能判断处置方法。

The invention discloses a method for analyzing power grid network security events based on machine learning, which includes: S01: input a data set, the data set includes historical network security events and corresponding disposal methods; S02: divide the data set into a training set and a verification set Set, and convert the names of historical network security events into word vectors to establish feature sets; S03: Import the feature sets and treatment methods in the training set into neural networks with different parameters in batches for training to obtain several trained neural networks. ; S04: Input the feature set of the verification set into each trained neural network to output the treatment method, compare it with the original treatment method in the verification set, and obtain the accuracy rate statistically; S05: Adjust and filter the trained neural network according to the accuracy rate, Obtain the final model from it; S06: Convert the names of real-time network security events into word vector form and establish a feature set and then input the final model to obtain the disposal method. The invention can intelligently determine the disposal method.

Description

Power grid network security event analysis method based on machine learning
Technical Field
The invention mainly relates to the technical field of power network safety, in particular to a power network safety event analysis method based on machine learning.
Background
As the power grid continues to evolve, more and more security systems are used in the power grid. Traditional security products only alarm against attacks in the network, but do not have the function of automated handling. Some effective processing cannot be performed after the attack is generated, and all post processing is performed manually, so that the response speed of the security event is far lower than the reference.
In the prior art, machine learning related technology is commonly used at present to perform tasks such as abnormality detection. The invention as grant publication number CN106790008B discloses a machine learning system for detecting abnormal hosts in an enterprise network. The machine learning system comprises a data collecting subsystem, a data processing subsystem, a three-stage machine learning subsystem and a marking alarm subsystem, wherein the four subsystems are sequentially connected, the data collecting subsystem is used for collecting various security information in an enterprise network and then transmitting the security information to the data processing subsystem, the data processing subsystem is used for carrying out standardization and feature extraction processing on the data and then transmitting feature vectors to the three-stage machine learning subsystem, the three-stage machine learning subsystem is used for carrying out screening and screening of step-by-step refinement on the security information and transmitting information of an abnormal host to the marking alarm subsystem, and the marking alarm subsystem is used for marking the abnormal host and alarming an abnormal host and a security event which meet alarm requirements. The machine learning system can solve the problems of large alarm quantity and high false alarm rate in the prior art.
However, the prior art generally lacks a feedback mechanism of machine learning or has poor optimization of the feedback mechanism, so that the judgment accuracy is not as good as expected.
Disclosure of Invention
Aiming at the problems of lack of a feedback mechanism or poor feedback mechanism in the prior art, the invention provides a power grid network security event analysis method based on machine learning, and a model with relatively optimal accuracy is obtained by means of transverse comparison and adjustment in the training process, so that the accuracy of overall analysis is improved.
The following is a technical scheme of the invention.
A power grid network security event analysis method based on machine learning comprises the following steps:
s01: inputting a dataset comprising historical network security events and corresponding treatment methods;
s02: dividing a data set into a training set and a verification set, converting the names of the historical network security events into word vector forms, and establishing a feature set;
s03: the feature set and the treatment method in the training set are led into the neural networks with different parameters in batches for training to obtain a plurality of trained neural networks;
s04: inputting the feature set of the verification set into each trained neural network to output a disposal method, comparing the feature set with the original disposal method in the verification set, and counting to obtain the accuracy;
s05: according to the accuracy, the trained neural network is adjusted and screened, and a final model is obtained;
s06: and converting the real-time network security event name into a word vector form, establishing a feature set, and inputting the feature set into a final model to obtain a disposal method.
The invention uses the principle that different parameter settings in neural network learning can directly influence training results to transversely compare a plurality of neural networks with different parameters, thereby adjusting the neural networks and obtaining an optimal final model.
Preferably, the statistical process of the accuracy rate includes: if the comparison results are consistent, the correct count is incremented by one, and if the comparison results are inconsistent, the error count is incremented by one, and accuracy = correct count/sum of correct count and error count.
Preferably, the neural network is a BP neural network, and the training process includes: setting the number of nodes of an input layer, the number of nodes of an hidden layer, the number of nodes of an output layer, the training iteration times and the learning rate of the BP neural network, taking a feature set in a training set as input, taking a treatment method as output, and importing the feature set into the BP neural network for training, wherein different numbers of nodes of the hidden layer are set during each batch of training. Because the setting of the node number of the hidden layer has a larger influence on the accuracy, and the optimal solution cannot be obtained at one time, the node number is set in batches and then is adjusted later.
Preferably, the value range of the hidden layer node number m is: 30n > m >2n, and m < s, s are the number of input samples, and the hidden layer node number in each batch of training is randomly valued in the value range or is arranged in an arithmetic progression. The above ranges are given by empirical formulas and are only used to define the general range.
Preferably, step S05 includes: judging that the accuracy rate reaches a preset condition, if so, taking the neural network with the highest accuracy rate as a final model; if not, establishing an accuracy rate-hidden layer node number distribution diagram, performing curve fitting, taking the hidden layer node number corresponding to the highest accuracy rate point in the curve as the hidden layer node number of the final model, and retraining to obtain the final model. The ordinate in the distribution diagram is the accuracy rate, the abscissa is the hidden layer node number, the curve fluctuation high point can be intuitively reached, and the hidden layer node number corresponding to the vicinity of the high point is the optimal solution under the current condition.
The essential effects of the invention include: the safety event can be analyzed, the disposal method can be intelligently judged, and the learning and training process can be adjusted by setting up a feedback mechanism, so that the analysis accuracy is improved.
Drawings
FIG. 1 is a flow chart of an embodiment of the present invention.
Detailed Description
The technical scheme of the present application will be described below with reference to examples. In addition, numerous specific details are set forth in the following description in order to provide a better understanding of the present invention. It will be understood by those skilled in the art that the present invention may be practiced without some of these specific details. In some instances, well known methods, procedures, components, and circuits have not been described in detail so as not to obscure the present invention.
Examples:
a power grid network security event analysis method based on machine learning, as shown in figure 1, comprises the following steps:
s01: a dataset is input, the dataset comprising historical network security events and corresponding treatment methods.
S02: dividing the data set into a training set and a verification set, converting the names of the historical network security events into word vector forms, and establishing a feature set.
S03: and (3) introducing the feature set and the treatment method in the training set into the neural networks with different parameters in batches for training to obtain a plurality of trained neural networks. The neural network adopted in the embodiment is a BP neural network, and the training process comprises: setting the number of nodes of an input layer, the number of nodes of an hidden layer, the number of nodes of an output layer, the training iteration times and the learning rate of the BP neural network, taking a feature set in a training set as input, taking a treatment method as output, and importing the feature set into the BP neural network for training, wherein different numbers of nodes of the hidden layer are set during each batch of training. Because the setting of the node number of the hidden layer has a larger influence on the accuracy, and the optimal solution cannot be obtained at one time, the node number is set in batches and then is adjusted later. Wherein the value range of the node number m of the hidden layer is as follows: 30n > m >2n, and m < s, s are the number of input samples, and the hidden layer node number in each batch of training is randomly valued in the value range or is arranged in an arithmetic progression. The above ranges are given by empirical formulas and are only used to define the general range.
S04: inputting the feature set of the verification set into each trained neural network to output a disposal method, comparing the feature set with the original disposal method in the verification set, and counting to obtain the accuracy; the statistical process of the accuracy rate comprises the following steps: if the comparison results are consistent, the correct count is incremented by one, and if the comparison results are inconsistent, the error count is incremented by one, and accuracy = correct count/sum of correct count and error count.
S05: and adjusting and screening the trained neural network according to the accuracy rate, and obtaining a final model from the neural network. Step S05 includes: judging that the accuracy rate reaches a preset condition, if so, taking the neural network with the highest accuracy rate as a final model; if not, establishing an accuracy rate-hidden layer node number distribution diagram, performing curve fitting, taking the hidden layer node number corresponding to the highest accuracy rate point in the curve as the hidden layer node number of the final model, and retraining to obtain the final model. The ordinate in the distribution diagram is the accuracy rate, the abscissa is the hidden layer node number, the curve fluctuation high point can be intuitively reached, and the hidden layer node number corresponding to the vicinity of the high point is the optimal solution under the current condition.
S06: and converting the real-time network security event name into a word vector form, establishing a feature set, and inputting the feature set into a final model to obtain a disposal method.
According to the embodiment, the principle that different parameter settings in neural network learning can directly influence training results is utilized, and the neural networks with different parameters are transversely compared, so that adjustment is carried out, and an optimal final model is obtained.
The essential effects of the present embodiment include: the safety event can be analyzed, the disposal method can be intelligently judged, and the learning and training process can be adjusted by setting up a feedback mechanism, so that the analysis accuracy is improved.
From the foregoing description of the embodiments, it will be appreciated by those skilled in the art that, for convenience and brevity of description, only the above-described division of functional modules is illustrated, and in practical application, the above-described functional allocation may be implemented by different functional modules according to needs, i.e. the internal structure of a specific apparatus is divided into different functional modules to implement all or part of the functions described above.
In the embodiments provided in this application, it should be understood that the disclosed structures and methods may be implemented in other ways. For example, the embodiments described above with respect to structures are merely illustrative, e.g., the division of modules or units is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another structure, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via interfaces, structures or units, which may be in electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and the parts shown as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a readable storage medium. Based on such understanding, the technical solution of the embodiments of the present application may be essentially or a part contributing to the prior art or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions to cause a device (may be a single-chip microcomputer, a chip or the like) or a processor (processor) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read Only Memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (5)

1. The power grid network security event analysis method based on machine learning is characterized by comprising the following steps of:
s01: inputting a dataset comprising historical network security events and corresponding treatment methods;
s02: dividing a data set into a training set and a verification set, converting the names of the historical network security events into word vector forms, and establishing a feature set;
s03: the feature set and the treatment method in the training set are led into the neural networks with different parameters in batches for training to obtain a plurality of trained neural networks;
s04: inputting the feature set of the verification set into each trained neural network to output a disposal method, comparing the feature set with the original disposal method in the verification set, and counting to obtain the accuracy;
s05: according to the accuracy, the trained neural network is adjusted and screened, and a final model is obtained;
s06: and converting the real-time network security event name into a word vector form, establishing a feature set, and inputting the feature set into a final model to obtain a disposal method.
2. The machine learning based power grid network security event analysis method of claim 1, wherein the accuracy statistics process comprises: if the comparison results are consistent, the correct count is incremented by one, and if the comparison results are inconsistent, the error count is incremented by one, and accuracy = correct count/sum of correct count and error count.
3. The machine learning-based power grid network security event analysis method according to claim 1, wherein the neural network is a BP neural network, and the training process comprises: setting the number of nodes of an input layer, the number of nodes of an hidden layer, the number of nodes of an output layer, the training iteration times and the learning rate of the BP neural network, taking a feature set in a training set as input, taking a treatment method as output, and importing the feature set into the BP neural network for training, wherein different numbers of nodes of the hidden layer are set during each batch of training.
4. A machine learning based power grid network security event analysis method according to claim 3, wherein the value range of the hidden layer node number m is: 30n > m >2n, and m < s, s are the number of input samples, and the hidden layer node number in each batch of training is randomly valued in the value range or is arranged in an arithmetic progression.
5. The method for analyzing a network security event of a power grid based on machine learning according to claim 4, wherein step S05 comprises: judging that the accuracy rate reaches a preset condition, if so, taking the neural network with the highest accuracy rate as a final model; if not, establishing an accuracy rate-hidden layer node number distribution diagram, performing curve fitting, taking the hidden layer node number corresponding to the highest accuracy rate point in the curve as the hidden layer node number of the final model, and retraining to obtain the final model.
CN202110556026.4A 2021-05-21 2021-05-21 Power grid network security event analysis method based on machine learning Active CN113487010B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110556026.4A CN113487010B (en) 2021-05-21 2021-05-21 Power grid network security event analysis method based on machine learning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110556026.4A CN113487010B (en) 2021-05-21 2021-05-21 Power grid network security event analysis method based on machine learning

Publications (2)

Publication Number Publication Date
CN113487010A CN113487010A (en) 2021-10-08
CN113487010B true CN113487010B (en) 2024-01-05

Family

ID=77933625

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110556026.4A Active CN113487010B (en) 2021-05-21 2021-05-21 Power grid network security event analysis method based on machine learning

Country Status (1)

Country Link
CN (1) CN113487010B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114553596B (en) * 2022-04-21 2022-07-19 国网浙江省电力有限公司杭州供电公司 Multi-dimensional security condition real-time display method and system suitable for network security
CN116383662A (en) * 2023-04-24 2023-07-04 中国合格评定国家认可中心 A method and device for building an information security identification model

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546624A (en) * 2011-12-26 2012-07-04 西北工业大学 Method and system for detecting and defending multichannel network intrusion
CN109547431A (en) * 2018-11-19 2019-03-29 国网河南省电力公司信息通信公司 A kind of network security situation evaluating method based on CS and improved BP
CN109768981A (en) * 2019-01-20 2019-05-17 北京工业大学 A kind of network attack defence method and system under SDN framework based on machine learning
JP2019091421A (en) * 2017-11-15 2019-06-13 富士通株式会社 Deep learning network used in event detection, and training device and training method for the network
CN110740111A (en) * 2018-07-19 2020-01-31 中国移动通信集团有限公司 data leakage-proof method, device and computer readable storage medium
CN110929989A (en) * 2019-10-29 2020-03-27 重庆大学 N-1 safety checking method with uncertainty based on deep learning
CN111274395A (en) * 2020-01-19 2020-06-12 河海大学 Recognition method of power grid monitoring alarm events based on convolution and long short-term memory network
CN111901340A (en) * 2020-07-28 2020-11-06 四川大学 Intrusion detection system and method for energy Internet
CN111935134A (en) * 2020-08-06 2020-11-13 中国交通通信信息中心 Complex network security risk monitoring method and system
CN112153076A (en) * 2020-10-20 2020-12-29 台州学院 Computer network safety intrusion detection system
CN112528294A (en) * 2020-12-21 2021-03-19 网神信息技术(北京)股份有限公司 Vulnerability matching method and device, computer equipment and readable storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10819724B2 (en) * 2017-04-03 2020-10-27 Royal Bank Of Canada Systems and methods for cyberbot network detection
KR102153992B1 (en) * 2018-06-21 2020-09-09 한국전자통신연구원 Method and apparatus for detecting cyber threats using deep neural network

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546624A (en) * 2011-12-26 2012-07-04 西北工业大学 Method and system for detecting and defending multichannel network intrusion
JP2019091421A (en) * 2017-11-15 2019-06-13 富士通株式会社 Deep learning network used in event detection, and training device and training method for the network
CN110740111A (en) * 2018-07-19 2020-01-31 中国移动通信集团有限公司 data leakage-proof method, device and computer readable storage medium
CN109547431A (en) * 2018-11-19 2019-03-29 国网河南省电力公司信息通信公司 A kind of network security situation evaluating method based on CS and improved BP
CN109768981A (en) * 2019-01-20 2019-05-17 北京工业大学 A kind of network attack defence method and system under SDN framework based on machine learning
CN110929989A (en) * 2019-10-29 2020-03-27 重庆大学 N-1 safety checking method with uncertainty based on deep learning
CN111274395A (en) * 2020-01-19 2020-06-12 河海大学 Recognition method of power grid monitoring alarm events based on convolution and long short-term memory network
CN111901340A (en) * 2020-07-28 2020-11-06 四川大学 Intrusion detection system and method for energy Internet
CN111935134A (en) * 2020-08-06 2020-11-13 中国交通通信信息中心 Complex network security risk monitoring method and system
CN112153076A (en) * 2020-10-20 2020-12-29 台州学院 Computer network safety intrusion detection system
CN112528294A (en) * 2020-12-21 2021-03-19 网神信息技术(北京)股份有限公司 Vulnerability matching method and device, computer equipment and readable storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
基于改进行为特征分析的网络入侵检测研究;曹峰;;网络安全技术与应用(第02期);全文 *
基于群智能算法优化神经网络的网络安全事件分析;高峰;;现代电子技术(第21期);全文 *
基于防火墙的网络入侵检测系统;李信满, 赵宏, 马士军;东北大学学报(自然科学版)(第05期);全文 *

Also Published As

Publication number Publication date
CN113487010A (en) 2021-10-08

Similar Documents

Publication Publication Date Title
CN108874927A (en) Intrusion detection method based on hypergraph and random forest
US20230344842A1 (en) Detection of user anomalies for software as a service application traffic with high and low variance feature modeling
US8233494B2 (en) Hierarchical and incremental multivariate analysis for process control
CN113487010B (en) Power grid network security event analysis method based on machine learning
CN108881283B (en) Model training method, device and storage medium for evaluating network attacks
CN111680167B (en) Service request response method and server
CN110598180A (en) Event detection method, device and system based on statistical analysis
CN112671767B (en) Security event early warning method and device based on alarm data analysis
Zhang et al. Unsupervised IoT fingerprinting method via variational auto-encoder and k-means
CN116366374B (en) Security assessment method, system and medium for power grid network management based on big data
CN110598959A (en) Asset risk assessment method and device, electronic equipment and storage medium
CN111064719B (en) Method and device for detecting abnormal downloading behavior of file
CN114780358B (en) Abnormal operation behavior detection method and detection device
CN119363481A (en) Gateway access abnormity monitoring and early warning method and system
CN119396617A (en) A fault location system and method for intelligent terminal equipment
CN113938312B (en) A detection method and device for violently cracking traffic
CN114039780B (en) Low-speed DoS attack real-time response method based on flow coefficient
CN118523972B (en) Network information monitoring method and system based on machine learning
CN116663021B (en) Machine request behavior recognition method, device, electronic equipment and storage medium
Jiang et al. An enhanced EWMA for alert reduction and situation awareness in industrial control networks
CN117540373A (en) A method and device for detecting abnormal account behavior
CN114884801B (en) Alarm method, alarm device, electronic equipment and storage medium
CN105553990A (en) Network security triple anomaly detection method based on decision tree algorithm
CN113158185B (en) Safety detection method and device
CN104239785A (en) Intrusion detection data classification method based on cloud model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant