[go: up one dir, main page]

CN111200607A - Online user behavior analysis method based on multilayer LSTM - Google Patents

Online user behavior analysis method based on multilayer LSTM Download PDF

Info

Publication number
CN111200607A
CN111200607A CN201911425080.4A CN201911425080A CN111200607A CN 111200607 A CN111200607 A CN 111200607A CN 201911425080 A CN201911425080 A CN 201911425080A CN 111200607 A CN111200607 A CN 111200607A
Authority
CN
China
Prior art keywords
user
behavior
data
access request
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911425080.4A
Other languages
Chinese (zh)
Other versions
CN111200607B (en
Inventor
程宏兵
刘加玲
杨斌飞
周凡凡
方艺程
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University of Technology ZJUT
Original Assignee
Zhejiang University of Technology ZJUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University of Technology ZJUT filed Critical Zhejiang University of Technology ZJUT
Priority to CN201911425080.4A priority Critical patent/CN111200607B/en
Publication of CN111200607A publication Critical patent/CN111200607A/en
Application granted granted Critical
Publication of CN111200607B publication Critical patent/CN111200607B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Evolutionary Computation (AREA)
  • Molecular Biology (AREA)
  • Mathematical Physics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Health & Medical Sciences (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Artificial Intelligence (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides an online user behavior analysis method based on multilayer LSTM, which adopts LSTM long and short term memory network to train access request behavior data of known user types to generate a model of user access request behavior; the method can realize dynamic analysis and identification of the user category according to the specific scene requirements and different division rules of the malicious user and the trusted user, so that the system can actively take certain security defense measures for the identified malicious user.

Description

Online user behavior analysis method based on multilayer LSTM
Technical Field
The invention relates to the field of network information security, in particular to an online user behavior analysis method based on multilayer LSTM.
Background
The arrival of the big data era accelerates the visual informatization of the life style of people, promotes the change of various industries, and when the life of people becomes diversified and convenient, the personal information data security faces great threat and challenge. In addition to the existence of potential attacks of the "darknet", some individuals hidden in the crowd are also non-negligent, and they distribute illegal information, implement malicious behaviors, and pose a great threat to the normal system and other people's private data, property security and public image.
On 5.9.2019, the user who announces malicious behaviors regularly will be disclosed by the drip-to-the-outside announcement, and the malicious behaviors such as false complaints, false complaints and induced cancellation are involved. The method for reporting the mass data by the user every time and verifying the user behavior by using the traditional manual investigation and evidence obtaining method not only needs to consume a large amount of human and material resources, but also has long period and can not draw a conclusion in a short time. Therefore, we need to record the "evidence" left by the user on the network platform by using a big data analysis method, where the evidence includes social information, behavior habits, interest preferences, and the like, so as to avoid causal logic relationships between things and obtain information directly from the data itself to draw a conclusion.
At present, deep learning is a very popular technology and is widely applied to the fields of computer vision, face recognition, natural language, data analysis and the like. The Long Short-Term Memory network (LSTM) is a kind of deep learning, and is based on a neural network of time recursion, and can process data with time sequence characteristics. The method is an effective method for monitoring the malicious user behaviors by using the characteristics of time-cycle neural network learning data and by using the interactive behavior of the user with the server on line with certain time sequence information.
Disclosure of Invention
The invention provides an online user behavior analysis method based on multilayer LSTM, which adopts LSTM long and short term memory network to train access request behavior data of known user types to generate a model of user access request behavior; the method can realize dynamic analysis and identification of the user category according to the specific scene requirements and different division rules of the malicious user and the trusted user, so that the system can actively take certain security defense measures for the identified malicious user.
An online user behavior analysis method based on multilayer LSTM comprises the following steps:
acquiring all interactive data with a user within a period of time from a server log, cleaning the data, and then collecting all user access request data; preprocessing access request data of a user, filtering interference information, and extracting an attribute value of a user access behavior;
reprocessing the processed data, dividing corresponding access request data sets according to different users within a period of time, wherein each piece of data in the data sets represents one access request behavior of the users; classifying the data set by adopting a tag, and screening out malicious users and trusted users as training data;
step 1, collecting a training sample data set, acquiring access request records of known malicious users and trusted users in a period of time from a server user access log, cleaning the access request log data, filtering interference information, extracting a user access behavior attribute value and marking the user;
step 2, performing mathematical representation on data, and Encoding a primary access request behavior of a certain user by adopting One-Hot Encoding (One-Hot Encoding) to obtain an access request behavior vector; constructing an access request behavior matrix by all access request behavior vectors of a user in a period of time;
step 3, learning microcosmic features, dividing the period into T small periods according to different behavior performances of the user in different periods, acquiring T behavior matrixes corresponding to the small periods, and putting the T behavior matrixes into T LSTM network units for training to obtain time sequence feature vectors of T user behavior data;
step 4, learning macroscopic features, combining T time sequence feature vectors into a total time sequence feature vector of a complete time period, training again as input data of the LSTM, transmitting the obtained final output to a full connection layer, and performing dimensionality reduction mapping to two classifications;
step 5, after training of all marked user access behavior data according to the steps 3 and 4 is completed, a characteristic model of the user access request behavior is obtained;
and 6, at the fixed time point of the server, testing and analyzing the online user access behavior data, and actively taking appropriate safety countermeasures for the identified malicious user system, wherein the measures comprise warning, no providing of related functional service and even permanent number sealing.
In the step 1, the original log data accessed by the user is obtained from the server, and because the original data are usually discrete, inconsistent and noisy, the log data are cleaned by adopting a regular expression, interference information is filtered, and the attribute value of the user access behavior, including the unique identity Id of the user, the interface request timestamp and the interface request keyword data, is extracted. Grouping the processed data according to the unique identity Id of the user to obtain an access request data set S of each useridLabeling the data set according to the known user category, wherein the labeling method comprises the following steps:
Figure BDA0002351679630000031
in step 2, a One-Hot Encoding (One-Hot Encoding) is adopted, that is, One-bit effective Encoding is adopted, all interface keyword data (n in total) in a system interface document are used as characteristics of user access request behaviors, each characteristic represents One dimension of the data, and a certain access request behavior vector Vi ═ of a user at an i-th time point is constructed (v1, v 2.., vn)TWherein, the values of v1, v 2.. vn are all 0 or 1, 1 represents that the behavior accesses a certain interface, and 0 represents that the behavior does not access the certain interface; constructing an access request behavior matrix M in the period of the user by all the access request behavior vectors in the period of the userid=[V1,V2,...,Vt]Where t is in seconds;
in the above method for analyzing user behavior on line based on multi-layer LSTM, in step 3, according to the fact that the behavior characteristics of the user in different time periods are different during the time period, for example, the user access request behavior is relatively less than the rest time during the work time, the access request behavior matrix M is subdivided into T matrices, and the T matrices are placed on T LSTM network units for microscopic training to obtain the time sequence characteristic vectors of T user behavior data.
In step 4, the time sequence features with different T periods obtained in step 3 are combined into a total time sequence feature vector of a complete time period to perform macroscopic LSTM training again, the output is transmitted to the full link layer, the obtained total time sequence feature vector is mapped to a final prediction label through an activation function softmax, and after the prediction label is compared with an actual label, the weight parameters of the neural network are modified through error reverse propagation obtained through a loss function, so that a training process is completed.
In the above online user behavior analysis method based on multilayer LSTM, in step 5, the above steps may be repeated continuously on a new data set of a known user category to train and learn the user access request behavior model, so as to enhance the ability of the model to analyze the user behavior.
In step 6, the log data of the user behavior to be detected is obtained from the server at regular time, an access request behavior vector and matrix are formed according to data cleaning and coding, the T access request behavior matrices are divided into a series of steps, and then the trained model in step 5 is used for testing, and the system actively takes appropriate security defense measures including warning, stopping providing service and even permanently sealing number for malicious users in the output data set.
In the multilayer LSTM-based online user behavior analysis method, the LSTM is used for extracting microscopic time sequence characteristics of the user access request behavior matrix in the step 2, and the behavior characteristics of the user at a certain specific time point can be analyzed; considering that some malicious user behaviors are continued for a long time period, LSTM is used for learning macroscopic time sequence characteristics, and behavior characteristics of the user in a certain time period are analyzed. The method analyzes the user behavior based on two levels of time, and effectively improves the accuracy of identifying the malicious user.
Drawings
FIG. A flow chart of a specific implementation of the online user behavior analysis method based on multi-layer LSTM of the present invention
Graph two multilayer LSTM network data model graph
Detailed Description
The invention relates to an online user behavior analysis method based on multilayer LSTM, the specific implementation scheme of which is further described by combining with a certain social APP, and the method comprises the following specific steps:
the method comprises the following steps of firstly, acquiring a behavior log of a known malicious user (relating to bad behaviors such as excessive release and repeated forwarding of advertisement information, excessive concern, excessive friend harassment information and the like) and a trusted user in a certain day from an APP server, wherein the log data comprises information such as client information, an IP address, a user identity Id, a request timestamp, a request url and the like used by the user, for example, one piece of access log data from the malicious user is as follows: "27.38.5.159" - ""03/Nov/2019:00:30:01+0800"" "GET/applet/selective activity? activityid (06 d) 45b&user=12710950HTTP/1.1""200""74168"-"http://www.duiCom/offfining activity "" "mozilla/5.0 (iphone; cpu iphone os10_3_1like mac os x) applewkit/603.1.30 (khtml, like gecko) version/10.0mobile/14e304 safari/602.1" "" "" soc. Adopting a regular expression as regex ═ for the log content and format]*\")(\"[-|^]*\")(\"[^}]*\")(\"[^}]*\")(\"[0-9]*\")(\"[0-9]*\")([-|^]*)(\"[^]*\")(\"[^\"]*\")(\"[-|^]*\")(\"[^]Cleaning \ "), filtering out interference information such as quotation marks, space bars and the like, and extracting values of user, selectority, 03/Nov/2019:00:30:01+0800 as user access behavior attributes (user identity Id, request timestamp and request interface keywords). All the cleaned data are grouped according to the user identity Id to obtain an access request data set S of each useridAnd labeling the user data set, wherein if the user is known to be a malicious user, Label _ S (S)12710950)=1。
Secondly, taking all interface keyword data (75 in total) in the system interface document as access request behavior characteristics of the user, wherein each characteristic represents One dimension of the data, and taking 1s as a window and adopting One-HotEncoding to perform One-time access request on 2019-11-0300: 30:01 (1801 s) of the userThe behavior is encoded to obtain an access request behavior vector V1801 ═ 0,0TIf the user does not have the access request behavior at a certain time point, filling the access request behavior with a zero vector, and if the user occurs multiple times (less occurrence) within 1s, randomly taking one time; then the access request behavior matrix of the user in one day is M12710950=[V1,V2,...,V86400]86400, i.e., seconds of a day.
Thirdly, because the access behaviors of the users in different time periods in one day are different in frequency, the access request behaviors of people at rest time of entertainment are more than those at work time. In order to better learn the behavior characteristics of each time period, an access request behavior matrix M is subdivided into 24 matrixes by hours, the number of columns of each matrix is 3600, and the 24 matrixes are put into 24 LSTM network units to be trained respectively to obtain time sequence characteristic vectors of 24 microscopic user behavior data.
Fourthly, combining the 24 time sequence feature vectors into a total time sequence feature vector of a complete time period, performing macroscopic training again as input data of the LSTM, and transmitting the obtained final output to a full-connection layer for dimensionality reduction and mapping to two classifications; specifically, a function is activated through softmax, an output result is mapped to a final predicted label, the predicted label is compared with an actual label, and then the weight parameters of the neural network are modified through reverse propagation of errors obtained through a loss function, so that a training process is completed.
And fifthly, continuously acquiring a new data set of a known user category from the APP server user behavior log, repeating the steps to train and learn the social APP user access request behavior model, and enhancing the capability of the model for analyzing the user behavior.
And sixthly, obtaining user behavior log data from the APP server end every day zero point, forming an access request behavior vector and matrix according to data cleaning and coding, dividing T access request behavior matrices, testing the user access request data to be identified by using a model trained by S6, and taking punishments of warning, stopping providing service and even permanently sealing a number for malicious users in the output data set.

Claims (8)

1. An online user behavior analysis method based on multilayer LSTM is characterized by comprising the following steps: acquiring all interactive data with a user within a period of time from a server log, cleaning the data, and then collecting all user access request data; preprocessing access request data of a user, filtering interference information, and extracting an attribute value of a user access behavior;
reprocessing the processed data, dividing corresponding access request data sets according to different users within a period of time, wherein each piece of data in the data sets represents one access request behavior of the users; classifying the data set by adopting a tag, and screening out malicious users and trusted users as training data;
step 1, collecting a training sample data set, acquiring access request records of known malicious users and trusted users in a period of time from a server user access log, cleaning the access request log data, filtering interference information, extracting a user access behavior attribute value and marking the user;
step 2, performing mathematical representation on data, and Encoding a primary access request behavior of a certain user by adopting One-Hot Encoding (One-Hot Encoding) to obtain an access request behavior vector; constructing an access request behavior matrix by all access request behavior vectors of a user in a period of time;
step 3, learning microcosmic features, dividing the period into T small periods according to different behavior performances of the user in different periods, acquiring T behavior matrixes corresponding to the small periods, and putting the T behavior matrixes into T LSTM network units for training to obtain time sequence feature vectors of T user behavior data;
step 4, learning macroscopic features, combining T time sequence feature vectors into a total time sequence feature vector of a complete time period, training again as input data of the LSTM, transmitting the obtained final output to a full connection layer, and performing dimensionality reduction mapping to two classifications;
step 5, after training of all marked user access behavior data according to the steps 3 and 4 is completed, a characteristic model of the user access request behavior is obtained;
and 6, at the fixed time point of the server, testing and analyzing the online user access behavior data, and actively taking appropriate safety countermeasures for the identified malicious user system, wherein the measures comprise warning, no providing of related functional service and even permanent number sealing.
2. The method for analyzing the online user behavior based on the multi-layer LSTM as claimed in claim 1, wherein in step 1, the raw log data accessed by the user is obtained from the server, and since the raw data is usually discrete, inconsistent and noisy, the log data is cleaned by using a regular expression, interference information is filtered out, and the attribute values of the user access behavior including the user unique identity Id, the interface request timestamp and the interface request keyword data are extracted; grouping the processed data according to the unique identity Id of the user to obtain an access request data set S of each useridLabeling the data set according to the known user category, wherein the labeling method comprises the following steps:
Figure FDA0002351679620000021
3. the method as claimed in claim 1, wherein in step 2, One-Hot Encoding (One-Hot Encoding) is used, and all interface keyword data (n in total) in the system interface document are used as the characteristics of the user access request behavior, each characteristic represents a dimension of data, and a certain access request behavior vector Vi of the user at the ith time point is constructed (v1, v 2.,. once, vn)TWherein, the values of v1, v 2.. vn are all 0 or 1, 1 represents that the behavior accesses a certain interface, and 0 represents that the behavior does not access the certain interface; constructing an access request behavior matrix M in the period of the user by all the access request behavior vectors in the period of the userid=[V1,V2,...,Vt]Where t is in seconds.
4. The method as claimed in claim 1, wherein in step 3, the access request behavior matrix M is subdivided into T matrices, and the T matrices are placed on T LSTM network units for microscopic training to obtain T time sequence feature vectors of user behavior data, according to the behavior features of users in different time periods during the time period, such as the user access request behavior is relatively less than the rest time during working time.
5. The method as claimed in claim 1, wherein in step 4, the T different time-series features obtained in step 3 are combined into a total time-series feature vector of a complete time period, and then macroscopic LSTM training is performed again, the output is transmitted into the full link layer, and is mapped to a final predicted label by an activation function softmax, and after comparing the predicted label with an actual label, weight parameters of the neural network are modified by inverse propagation of an error obtained by a loss function, thereby completing a training process.
6. The method as claimed in claim 1, wherein in step 5, the above steps are repeated continuously for new data sets of known user categories to perform training learning on the user access request behavior model, so as to enhance the ability of the model to analyze the user behavior.
7. The method as claimed in claim 1, wherein in step 6, log data of user behavior to be detected is obtained from the server at regular time, and is subjected to a test by using the model trained in step 5 after a series of steps of forming an access request behavior vector and matrix according to data cleaning and coding, and dividing T access request behavior matrices, and the system actively takes appropriate security defense measures including giving an alarm, stopping providing service, and even permanently sealing a number to malicious users in the output data set.
8. The method as claimed in claim 1, wherein the multi-layer LSTM extracts micro timing characteristics from the user access request behavior matrix of step 2 by using LSTM, and can analyze the behavior characteristics of the user at a specific time point; considering that some malicious user behaviors are continued for a long time period, and then using the LSTM to learn macroscopic time sequence characteristics, analyzing the behavior characteristics of the user in a certain time period; the method analyzes the user behavior based on two levels of time, and effectively improves the accuracy of identifying the malicious user.
CN201911425080.4A 2019-12-31 2019-12-31 An online user behavior analysis method based on multi-layer LSTM Active CN111200607B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911425080.4A CN111200607B (en) 2019-12-31 2019-12-31 An online user behavior analysis method based on multi-layer LSTM

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911425080.4A CN111200607B (en) 2019-12-31 2019-12-31 An online user behavior analysis method based on multi-layer LSTM

Publications (2)

Publication Number Publication Date
CN111200607A true CN111200607A (en) 2020-05-26
CN111200607B CN111200607B (en) 2022-04-19

Family

ID=70747545

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911425080.4A Active CN111200607B (en) 2019-12-31 2019-12-31 An online user behavior analysis method based on multi-layer LSTM

Country Status (1)

Country Link
CN (1) CN111200607B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113569063A (en) * 2021-07-28 2021-10-29 深圳Tcl新技术有限公司 User analysis method, system, storage medium and terminal device
CN113901334A (en) * 2021-10-13 2022-01-07 东南大学 A social software user behavior recognition method based on service data matrix
WO2022240324A1 (en) * 2021-05-11 2022-11-17 Telefonaktiebolaget Lm Ericsson (Publ) Categorizing a new user in an information technology system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106777024A (en) * 2016-12-08 2017-05-31 北京小米移动软件有限公司 Recognize the method and device of malicious user
CN108989294A (en) * 2018-06-28 2018-12-11 杭州安恒信息技术股份有限公司 A kind of method and system for the malicious user accurately identifying website visiting
CN109302410A (en) * 2018-11-01 2019-02-01 桂林电子科技大学 A method, system and computer storage medium for detecting abnormal behavior of internal users
WO2019147330A1 (en) * 2018-01-24 2019-08-01 Hrl Laboratories, Llc System for continuous validation and protection of mobile applications
CN110138793A (en) * 2019-05-21 2019-08-16 哈尔滨英赛克信息技术有限公司 A kind of network penetration recognition methods based on interbehavior analysis

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106777024A (en) * 2016-12-08 2017-05-31 北京小米移动软件有限公司 Recognize the method and device of malicious user
WO2019147330A1 (en) * 2018-01-24 2019-08-01 Hrl Laboratories, Llc System for continuous validation and protection of mobile applications
CN108989294A (en) * 2018-06-28 2018-12-11 杭州安恒信息技术股份有限公司 A kind of method and system for the malicious user accurately identifying website visiting
CN109302410A (en) * 2018-11-01 2019-02-01 桂林电子科技大学 A method, system and computer storage medium for detecting abnormal behavior of internal users
CN110138793A (en) * 2019-05-21 2019-08-16 哈尔滨英赛克信息技术有限公司 A kind of network penetration recognition methods based on interbehavior analysis

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022240324A1 (en) * 2021-05-11 2022-11-17 Telefonaktiebolaget Lm Ericsson (Publ) Categorizing a new user in an information technology system
CN113569063A (en) * 2021-07-28 2021-10-29 深圳Tcl新技术有限公司 User analysis method, system, storage medium and terminal device
CN113901334A (en) * 2021-10-13 2022-01-07 东南大学 A social software user behavior recognition method based on service data matrix
CN113901334B (en) * 2021-10-13 2024-07-16 东南大学 Social software user behavior recognition method based on service data matrix

Also Published As

Publication number Publication date
CN111200607B (en) 2022-04-19

Similar Documents

Publication Publication Date Title
US11768866B2 (en) Dark web content analysis and identification
Maharaj et al. A dataset and exploration of models for understanding video data through fill-in-the-blank question-answering
CN111783712B (en) Video processing method, device, equipment and medium
US12455985B2 (en) Generating behavioral profiles
CN108734184B (en) Method and device for analyzing sensitive image
CN111818198B (en) Domain name detection method, domain name detection device, equipment and medium
CN110598016A (en) Method, device, equipment and medium for recommending multimedia information
KR102399787B1 (en) Recognition of behavioural changes of online services
Pratama et al. The influence of fake accounts on sentiment analysis related to COVID-19 in Indonesia
CN114138968B (en) Network hotspot mining method, device, equipment and storage medium
CN112348417B (en) A marketing value evaluation method and device based on principal component analysis algorithm
CN111866004A (en) Security assessment method, apparatus, computer system, and medium
CN111200607A (en) Online user behavior analysis method based on multilayer LSTM
Shenkman et al. Do you see what I see? Capabilities and limits of automated multimedia content analysis
CN110991246A (en) Video detection method and system
CN115204436A (en) Method, device, equipment and medium for detecting abnormal reasons of business indexes
Laczi et al. Impact of deepfake technology on children: risks and consequences
CN114186810A (en) Method and system for automatically evaluating reported events of grid staffs
Manchanayaka et al. Using causality to infer coordinated attacks in social media
MATH Time series analysis of pubg and tiktok applications using sentiments obtained from social media-twitter
CN119669827A (en) Abnormal behavior detection method and device based on video, equipment and storage medium
CN119415772A (en) An adaptive recommendation method integrating graph neural network and knowledge graph
CN110059117A (en) A kind of analysis and processing method and device of big data of imparting knowledge to students
Kolekar et al. Modified literature based approach to identify learning styles in adaptive E-learning
CN114626058B (en) Method and system for identifying malicious community access behaviors

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant