Research On Key Technology Of Anomaly Detection For Public Security

Public security,as an important component of the holistic approach to national security,is concerned with the stable development of the country and the construction of a new development pattern.The public security information capacity construction is an important means to expand the public security to the whole field and great depth,but it faces complex and variable attack penetration by hackers,cyber espionage organizations,APT organizations,etc.,and presents the characteristics of expanding attack field,hidden attack mode,asymmetry of attack and defense,enhanced duration,deepening damage threat,etc.From the perspective of security protection,this thesis addresses the real problems of diversified attack channels and multi-layered attack methods of public security information infrastructure,carries out research on anomaly detection of public security information infrastructure,bases on the intertwined integration of physical space and cyberspace,designs anomaly detection schemes for personnel attacks of physical security,network attacks of interconnection and data attacks of information service,and constructs a hierarchical detection system to provide strong support for in-depth security protection mechanism.The research and innovation work of this thesis mainly includes three aspects as follows.(1)Research on violent conflict detection for personnel attacks in public security,focusing on the behavior recognition problem of human posture.In view of the reality that the security field of public security information infrastructure is wide,the monitoring range is large,and the security demand is strong,and the difficulties such as rule determination of violent conflict behavior and detection performance improvement under limited resources are committed.Based on the idea of depth-separable convolution,the large-size convolution is partitioned into depth-separable convolution while maintaining the perceptual field,and the convolutional layer stacking method is used to reduce the computational effort of pose recognition while ensuring that information such as internal data structure and spatial hierarchy is not lost.On the basis of recognizing the conflict party's pose,a rectangular border function is used to locate the human frame range,and the accuracy of conflict recognition is improved by calculating the human pose activity range of the conflict party and constraining the violent conflict behavior according to the rule of de Morgan's law.The results show the detection accuracy of the industry'smainstream framework and the computational performance is improved,which can efficiently warn violent conflict behaviors and label the perpetrators of violent conflict behavioral actions,verifying the experimental effects of lightweight,real-time and low loss.(2)Research on anomalous covert channel detection for network attacks in public security,focusing on the problem of identifying covert channels in abnormal network traffic.Aiming at the reality of the existence of covert channels in public security information infrastructure,the thesis proposes a covert channel detection model incorporating semantic features,which is dedicated to the difficulty of feature extraction of abnormal covert channels and the improvement of the accuracy of abnormal channel detection.Through pre-processing,the combination of "word vector" embedding and "character vector" embedding is used to extract and analyze domain name length,domain name statistics,special resource record type statistics,domain name character frequency analysis,etc.from different dimensions of DNS covert channels.The semantic association information is extracted and vectorized to achieve richer and more effective feature capture.Based on the effective extraction of the vector features of anomalous covert channels,we adopt the multi-headed attention mechanism to overcome the disadvantages of feedforward networks and recurrent networks,such as high computational power requirements and low "memory" capability of information over long distances when the complexity increases,and then output the key value matrix by summing and normalizing the feedforward neural network,and finally complete the classification by the classification operation is completed by linear transformation and Softmax.The proposed algorithm of anomalous covert channel detection(ADMHA)is based on multi-head attention to expand the search space of the model,improve the parallel operation of the model,and further enrich the feature extraction by fusion vector to achieve effective detection of DNS malicious domain names.The results show that the ADMHA algorithm achieves accuracy in binary classification,which improves the detection efficiency of malicious domain names and further enhances the detection capability of abnormal covert channels.By using "word vector" embedding and "character vector" fusion,the detection rate is higher than that of "character vector" or "character vector",both in this thesis and on CNN networks.The detection rate is higher than that of "character vector" or "word vector" features.(3)Research on the anomaly detection of data attacks in public security,focusing on the identification of blockchain attack features in the environment of national cryptographic algorithm.Aiming at the reality of multiple attacks faced by the security protection of data resources of public security information infrastructure,dedicated to the performance optimization of the national cryptographic algorithm environment,security detection of blockchain attacks and other difficulties,this thesis proposes a blockchain anomaly attack detection model under the state-secure environment.We propose an optimization scheme for the national cryptographic algorithm environment.For the higher secrecy and security requirements of public security,the national cryptographic hash algorithm SM3 and SM9 are used instead of weak encryption algorithms and international encryption algorithms to build a secure and controllable environment.Design blockchain based on proof of work(Po W).By constructing a private chain,we record and monitor the data situation of the public security blockchain to improve the efficiency of detection and supervision.Propose Blockchain Attack Detection Algorithm(BADL)based on Light GBM,which enhances the learning ability of the model and strengthens the detection performance of blockchain attacks by using Light GBM.The results show that the computational overhead of proof of work is stable,and the optimization of the national secret algorithm SM3/SM9 is obvious,firstly using The directed graph abstraction transaction detection and alerting strategy can detect the non-existence of the receiver,insufficient node retention,and quality loss beyond expectation in a timely manner.Secondly,using machine learning methods,Light GBM has the most stable detection rate in six categories of machine learning,and is able to maintain an accuracy rate in 11 different division ratios of the data set.Using a deep learning model,Light GBM better than the typical deep learning model CNN performs in terms of accuracy,precision,recall and F1 factor in the feature set,and better maintains the accuracy of attack detection.