CN108076060B - Neural network situation prediction method based on dynamic k-means clustering - Google Patents
Neural network situation prediction method based on dynamic k-means clustering Download PDFInfo
- Publication number
- CN108076060B CN108076060B CN201711361681.4A CN201711361681A CN108076060B CN 108076060 B CN108076060 B CN 108076060B CN 201711361681 A CN201711361681 A CN 201711361681A CN 108076060 B CN108076060 B CN 108076060B
- Authority
- CN
- China
- Prior art keywords
- network
- situation
- neural network
- security
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
- G06F18/232—Non-hierarchical techniques
- G06F18/2321—Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions
- G06F18/23213—Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions with fixed number of clusters, e.g. K-means clustering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/147—Network analysis or design for predicting network behaviour
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Data Mining & Analysis (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- General Physics & Mathematics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Molecular Biology (AREA)
- Health & Medical Sciences (AREA)
- Computational Linguistics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Biophysics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Probability & Statistics with Applications (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Biology (AREA)
- Biomedical Technology (AREA)
Abstract
The neural network situation prediction method based on the dynamic k-means clustering comprises the following steps: 1) collecting network security basic data of a certain system, wherein data indexes are the number of hosts infected with network viruses, the number of tampered networks, the number of networks implanted into a backdoor, the number of security event reports, the number of counterfeit pages, and the number of security holes and high-risk holes, and normalizing the network security basic data; 2) clustering the normalized network security basic data by using a dynamic k-means clustering algorithm, and determining the parameters and the number N of central neurons of the RBF neural network; 3) using the normalized data to participate in RBF neural network training, calculating the width of RBF neurons and determining neuron output; 4) in the training process, the output weight of the RBF neural network is encoded, and the optimal weight is obtained by using a PSO algorithm, so that the prediction precision of the network situation is improved; 5) predicting the network situation of a month by using the trained RBF neural network, comparing the predicted network situation with the estimated value of the network situation of the month, and calculating an error; the method has the characteristic of high prediction precision.
Description
Technical Field
The invention belongs to the technical field of network situation prediction, and particularly relates to a neural network situation prediction method based on dynamic k-means clustering.
Background
The increasingly complex network environment and unpredictable network security vulnerabilities make network management efforts exceptionally laborious. In recent years, the emergence of network situation prediction technology facilitates network management work by collecting and processing information of security elements (such as vulnerability information, the number of hosts infected with viruses, and the like) on the bottom layer of a system. The network situation prediction technology can not only provide data analysis for the security situation of the future network, but also help a network manager to make management decisions in advance, so that the network anti-attack capability of the system in which the network situation prediction technology is located is improved, and the probability of occurrence of unsafe events is reduced. Therefore, the network situation prediction technology is a topic that needs to be researched urgently nowadays.
Bass et al originally proposed the concept of network situation awareness in 2000, and summarized the basic concept, target and related characteristics of network situation awareness. But how to acquire, understand and apply the network security situation information and predict the future network development trend are not described.
SrihariR provides a concept-based network situation awareness method. And extracting elements of the concept to obtain situation perception information. The method has good effect on extracting the elements, and has the defects that only single invasion attack can be resisted, and the data source is single, so that the situation prediction is not deeply researched.
StephenL proposes a visualization technology of network traffic information based on a three-dimensional space. X, Y, Z three-dimensional coordinates are adopted to depict a network address, a source IP and a port number, and a system based on a rotating cube structure is designed, so that the situation assessment capability is better. However, the method focuses on the visualization research of the current network situation, and the network situation prediction is not involved.
And the LiuZ and the like are combined with the existing element extraction technology, and data are fused by adopting a data mining method, so that the network situation is only evaluated and predicted. The adoption of the data mining technology enables the results of network situation evaluation and prediction to be more accurate, but simultaneously, the problems of dimension explosion, slow algorithm operation and the like are caused by excessive redundant data and excessive calculation complexity.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention aims to provide a neural network situation prediction method based on dynamic k-means clustering, which is more accurate than the traditional neural network situation prediction method.
In order to achieve the purpose, the invention adopts the technical scheme that: the neural network situation prediction method based on the dynamic k-means clustering comprises the following steps:
step 1, collecting network security basic data of a certain system within half a year, wherein data indexes are the number of infected network virus hosts, the number of tampered networks, the number of networks implanted into a backdoor, the number of security event reports, the number of counterfeit pages, the number of security holes and high-risk holes, and carrying out normalization processing on the network security basic data to ensure that the value of the network security basic data is normalized within the range of [0,1 ];
Step 4, in the training process, using a PSO algorithm to obtain an output weight W of the RBF neural network as [ omega ]1,ω2,…,ωp]TP represents the total number of weight coefficients, so that the network situation prediction precision is improved;
the MSE can evaluate the change degree of data, and the smaller the value of the MSE is, the better accuracy of the prediction model describing the experimental data is shown, wherein y in the formulaiA state of charge evaluation value is represented,the situation prediction value is shown, and a represents the total number of situation evaluation values.
The invention has the beneficial effects that:
compared with the prior art, the invention discovers that the application of the dynamic k-means clustering algorithm and the particle swarm optimization algorithm in the neural network is combined by analyzing the predicted value and the prediction error of the algorithm, and the network situation prediction precision is obviously improved. Therefore, the invention has application prospect.
The method is based on an RBF (radial basis function) neural network, and a network situation prediction method based on a dynamic k-means algorithm combined with a Particle Swarm Optimization (PSO) algorithm is provided, the dynamic k-means clustering algorithm overcomes the defect of artificially determining initial clustering centers, and the method for dynamically adjusting the clustering centers is adopted, so that the mutual distance between the initial clustering centers is as far as possible, and the network center selection of the RBF is more accurate. The Particle Swarm Optimization (PSO) algorithm aims at selecting the most appropriate RBF weights.
A network environment is set up for simulation, and analysis finds that compared with the traditional RBF neural network for predicting the network situation, the prediction accuracy of the algorithm is improved. Therefore, the algorithm provided by the invention has certain feasibility and effectiveness in network situation prediction.
Drawings
Fig. 1(a) CNVD counts the number of network virus hosts infected in the last half of 2017.
Fig. 1(b) CNVD counts a graph of network security vulnerabilities and high-risk vulnerabilities in the last half of 2017.
FIG. 2 is a Particle Swarm Optimization (PSO) flow chart.
Fig. 3 is a schematic structural diagram of an RBF neural network.
FIG. 4 is a topological structure diagram of an experimental environment of the present invention.
FIG. 5 is a comparison graph of predicted values of the algorithm of the present invention and the conventional algorithm.
FIG. 6 is a comparison graph of the prediction error of the algorithm of the present invention and the conventional algorithm.
Detailed Description
The structural and operational principles of the present invention are explained in further detail below with reference to the accompanying drawings and examples.
The local area network built for the laboratory in the experimental environment built by the embodiment comprises a plurality of hosts, routers, a firewall and a switch. The host is configured as an Intel (R) core (TM) i7-4790 CPU 3.60GHz, 8.00GB memory, 64-bit operating system.
Both normal users and attackers can access the hosts within the local area network. Selecting a plurality of hosts in a local area network for attack, wherein the attack means is as follows:
injecting CVE-2016-9732, CVE-2016-2979 and CVE-2016-2973 bugs to perform cross-site scripting attack on the host.
Injecting CVE-2016-2299, CVE-2016-4040 and CVE-2016-3172 bugs to carry out SQL injection attack on the host.
Injecting CVE-2017 and 10804 loopholes to obtain the privacy information of the host user.
The method comprises the steps of detecting and analyzing a local area network by using burpsuit and WireShark software, obtaining the number of infected network virus hosts, the number of tampered networks, the number of implanted backdoors and basic data of security vulnerabilities and high-risk vulnerabilities when the local area network is attacked within one year, and taking the basic data as a research foundation. As shown in fig. 4, which is an experimental environment topology, only a portion of the hosts are shown due to the limited space topology. Table 1 is a table for collecting monthly basic network security data of the constructed lan within one year.
TABLE 1 network Security basic data sample
The neural network situation prediction method based on the dynamic k-means clustering comprises the following steps:
step 1, collecting network security basic data of a certain system within half a year, wherein data indexes are the number of infected network virus hosts, the number of tampered networks, the number of networks implanted into a backdoor, the number of security event reports, the number of counterfeit pages, the number of security holes and high-risk holes, and carrying out normalization processing on the network security basic data to ensure that the value of the network security basic data is normalized within the range of [0,1 ];
Step 4, in the training process, using a PSO algorithm to obtain an output weight W of the RBF neural network as [ omega ]1,ω2,…,ωp]TP represents the total number of weight coefficients, so that the network situation prediction precision is improved;
the MSE can evaluate the change degree of data, and the smaller the value of the MSE is, the better accuracy of the prediction model describing the experimental data is shown, wherein y in the formulaiA state of charge evaluation value is represented,the situation prediction value is shown, and a represents the total number of situation evaluation values.
Table 2 network situation level table under CVSS standard
Fig. 1(a) is a graph of the number of hosts infected with network viruses in the last half year of 2017 counted by the CNVD, and fig. 1(b) is a graph of the number of network security vulnerabilities and high-risk vulnerabilities in the last half year of 2017 counted by the CNVD, respectively.
A national information security vulnerability sharing platform (CNVD) is an information security vulnerability information sharing knowledge base which is commonly established by a national computer network emergency technology processing coordination center in combination with domestic important information system units, basic telecommunication operators, network security manufacturers and the like.
The CNVD refers to CVSS (universal vulnerability scoring system) evaluation criteria for setting of network security levels. And (3) dividing the security level of the network security situation into 5 levels by combining the key element characteristics of network threats, vulnerabilities and the like, wherein the 5 levels are respectively safe, slight danger, general danger, moderate danger and high danger, and the equivalent description is carried out by using numerical values in the interval of [0,1 ]. The network situation levels under the CVSS standard are shown in table 1.
The basic information mainly collected by the CNVD comprises the number of infected network virus hosts, the number of tampered networks, the number of implanted backdoor networks, the number of counterfeit pages, the number of security event reports, and the number of security vulnerabilities and high-risk vulnerabilities. The basic data of the system collected by the simulation experiment are the above seven types.
The characteristic parameters of each index often have different dimensions and physical meanings. If the data directly participate in the network situation prediction operation, unpredictable errors can be caused by the data with different physical units, and the situation prediction fails. Therefore, according to actual needs, the situation evaluation index is normalized, interference of a data physical unit is removed, and a data value is normalized in a range of [0,1 ]. The index initialization formula is as follows:
wherein: x is the number ofiRepresenting a data value, xmaxDenotes the numerical upper limit, xminRepresents the lower numerical limit.
By collecting the half-year basic information in the local area network (see fig. 4) built by the embodiment, the PSO-RBF neural network in the algorithm is used for training, and finally the situation of the local area network is predicted.
The experimental analysis is compared with the traditional RBF neural network prediction algorithm. The comparison includes a predicted value and a prediction error. Where the prediction error is evaluated using Mean Square Error (MSE). Table 3 compares the predicted output and true value of the present algorithm with the conventional algorithm. Fig. 5 and 6 are a predicted value comparison graph and a prediction error comparison graph of the algorithm and the conventional algorithm, respectively.
The mean square error is the expected value of the square of the difference between the estimated value of the parameter and the true value of the parameter. The MSE can evaluate the change degree of the data, and the smaller the value of the MSE is, the better the accuracy of the prediction model for describing the experimental data is. The expression is as follows:
in the formula yiThe true value of the situation is represented,the situation prediction value is shown, and a represents the total number of situation evaluation values.
TABLE 3 comparison of predicted output and true value of the present algorithm with conventional algorithms
Through analysis and discovery of a predicted value and a prediction error of the algorithm, the application of the dynamic k-means clustering algorithm and the particle swarm optimization algorithm in the neural network is combined, and the prediction precision of the network situation is obviously improved. Therefore, the algorithm of the invention can be expected to have a certain application prospect.
Referring to fig. 2, fig. 2 is a flow chart of Particle Swarm Optimization (PSO) algorithm.
Particle swarm optimization algorithm
The Particle Swarm Optimization (PSO) algorithm belongs to one of swarm intelligence algorithms and is designed by simulating the predation behavior of a bird swarm.
Particle swarm optimization simulates birds in a flock of birds by designing a particle that has only two attributes, velocity and position. Each particle independently searches the optimal solution in the search space to obtain the current individual extreme value PbestAnd sharing the extreme value with other particles in the whole particle swarm to find out the optimal individual extreme value as the current global optimal solution G of the whole particle swarmbest. All particles in the population are according to PbestAnd GbestAdjusting the speed and position of the device. The algorithm steps and expressions are as follows:
particle swarm initialization
The maximum speed interval needs to be set, the position information is the whole search space, and the speed and the position are initialized randomly. The population size m is set.
Individual extrema and global optimum solution
And the individual extreme value is historical optimal position information found for each particle, a global optimal solution is found from the individual historical optimal solutions, and the global optimal solution is compared with the historical optimal solution to select the optimal solution as the current historical optimal solution.
Update speed and position formula
a. Velocity update formula:
Vid=ωVid+C1random(0,1)(Pid-Xid)+C2random(0,1)(Pgd-Xid)
where ω is called the inertia factor, C1And C2Called the acceleration constant, and is generally taken as C1=C2∈[0,4]. random (0,1) indicates the interval is [0,1]]The random number of (2). PidRepresenting the individual extremum of the ith variable in the d-dimension. PgdRepresenting a globally optimal solution in the d-dimension.
b. Location update formula:
Xid=Xid+Vid
(iv) end conditions
The termination conditions are divided into two categories, one is the maximum number of iterations: gmax(ii) a Secondly, the error between two adjacent generations stops within a specified range. The second termination condition is used herein.
Referring to fig. 3, fig. 3 is a schematic structural diagram of an RBF neural network, wherein, in order to be suitable for situation prediction, the RBF neural network used in the present invention includes m input nodes, n hidden nodes, and l output nodes, and the full response function is a gaussian function. The expression and calculation method of each parameter are as follows:
determining an input vector X:
X=[x1,x2,...,xn]Tand n is the number of input layer units. From the first section, the number of input vectors is 7.
Initializing the connection weight from the hidden layer to the output layer:
W=[ω1,ω2,…,ωp]T(p ═ 1, 2.., n), where p is the number of hidden layer elements. The initialization and selection of connection weights is determined by a particle swarm optimization algorithm (PSO).
Determining the neuron center parameters of the hidden layer:
Cj=[cj1,cj2,…,cjn]Tand n is the number of neuron centers. The centers of different hidden layer neurons should have different values, and the corresponding widths of the centers can be adjusted, so that different input information characteristics can be maximally reflected by the different hidden layer neurons. Determining neural network center C using a dynamic k-means clustering algorithm hereinji。
Fourthly, initializing width vector Dj=[dj1,dj2,...,djn](n is the number of neuron centers), which is defined as follows:
wherein d isfThe width adjustment coefficient is less than 1, and has the effect that each neuron can easily realize the sensing capability on local information, thereby being beneficial to improving the local response capability of the RBF neural network.
The width vector affects the range of action of the neuron on the input information: the smaller the width, the narrower the shape of the corresponding hidden layer neuron's action function, the smaller the response of information near the center of other neurons at that neuron
Fifthly, calculating the output value z of the jth neuron of the hidden layerjIt is defined as follows:
wherein C isjIs the central vector of the jth neuron of the hidden layer, DjFor the jth neuron width vector of the hidden layer, and CjCorrespondingly, | | | is the euclidean norm.
Output of output layer neurons:
wherein p is the number of weight coefficients.
In addition, the RBF network can control an optimal solution through a fitness function, and the optimization goal is that an error function MSE of the expected output Y' and the actual output Y of the network is minimum, and then an error function E is:
Claims (1)
1. the neural network situation prediction method based on the dynamic k-means clustering is characterized by comprising the following steps of:
step 1, collecting network security basic data of a certain system within half a year, wherein data indexes are the number of infected network virus hosts, the number of tampered networks, the number of networks implanted into a backdoor, the number of security event reports, the number of counterfeit pages, the number of security holes and high-risk holes, and carrying out normalization processing on the network security basic data to ensure that the value of the network security basic data is normalized within the range of [0,1 ];
step 2, utilizing a dynamic k-means clustering algorithm to normalize the normalized network security basic data X ═ X1,x2,...,xn]TClustering is carried out to determine the central neuron parameter C of the RBF neural networkj=[cj1,cj2,…,cjn]TAnd n, wherein n represents the number of the clustering centers of the same local area network, and j represents different local area networks;
step 3, using the normalized network security basic data to participate in RBF neural network training and calculating the width D of RBF neuronsj=[dj1,dj2,...,djn],dfThe width adjustment coefficient is evaluated to be less than 1, and the neuron output z is determinedj,
Step 4, in the training process, using a PSO algorithm to obtain an output weight W of the RBF neural network as [ W [ [ W ]1,w2,…,wp]TP represents the total number of weight coefficients, so that the network situation prediction precision is improved;
step 5, predicting the network situation of a month by using the trained RBF neural network,and comparing with the evaluation value of the network situation in the current month, wherein the evaluation value of the network situation in the current month is obtained by evaluating and scoring each index by referring to the CVSS standard and randomly selecting 10 network security experts and taking the average value of the indexes, calculating the error according to the following formula,
the MSE can evaluate the change degree of data, and the smaller the value of the MSE is, the better accuracy of the prediction model describing the experimental data is shown, wherein y in the formulaiA state of charge evaluation value is represented,the situation prediction value is shown, and a represents the total number of situation evaluation values.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711361681.4A CN108076060B (en) | 2017-12-18 | 2017-12-18 | Neural network situation prediction method based on dynamic k-means clustering |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711361681.4A CN108076060B (en) | 2017-12-18 | 2017-12-18 | Neural network situation prediction method based on dynamic k-means clustering |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108076060A CN108076060A (en) | 2018-05-25 |
CN108076060B true CN108076060B (en) | 2020-12-08 |
Family
ID=62158864
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711361681.4A Active CN108076060B (en) | 2017-12-18 | 2017-12-18 | Neural network situation prediction method based on dynamic k-means clustering |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108076060B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109856530B (en) * | 2018-12-25 | 2021-11-02 | 国网江苏省电力有限公司南京供电分公司 | On-load tap-changer on-line monitoring fault diagnosis method |
CN110276476A (en) * | 2019-05-27 | 2019-09-24 | 南京信息工程大学 | A kind of automobile engine smoke intensity prediction technique based on PSO-RBF neural network |
CN110855467B (en) * | 2019-08-19 | 2022-02-08 | 中国电子科技集团公司第三十研究所 | Network comprehensive situation prediction method based on computer vision technology |
CN110796237B (en) * | 2019-10-28 | 2023-04-07 | 宁夏吉虎科技有限公司 | Method and device for detecting attack resistance of deep neural network |
CN111474490B (en) * | 2020-04-09 | 2022-06-24 | 北方工业大学 | Rapid screening method for batteries used in echelon |
CN111242291A (en) * | 2020-04-24 | 2020-06-05 | 支付宝(杭州)信息技术有限公司 | Neural network backdoor attack detection method and device and electronic equipment |
CN112291098B (en) * | 2020-10-30 | 2023-05-02 | 北京源堡科技有限公司 | Network security risk prediction method and related device thereof |
CN113364742B (en) * | 2021-05-17 | 2022-10-11 | 北京邮电大学 | Quantitative elastic calculation method and device for network security threat |
CN117254981B (en) * | 2023-11-17 | 2024-02-02 | 长扬科技(北京)股份有限公司 | Industrial control network security situation prediction method and device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1367534A3 (en) * | 2002-05-30 | 2008-07-02 | L'oreal | Method involving artificial intelligence |
CN106339357A (en) * | 2016-08-12 | 2017-01-18 | 北京同余科技有限公司 | Optimizing parameterized network information security detection system and method |
-
2017
- 2017-12-18 CN CN201711361681.4A patent/CN108076060B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1367534A3 (en) * | 2002-05-30 | 2008-07-02 | L'oreal | Method involving artificial intelligence |
CN106339357A (en) * | 2016-08-12 | 2017-01-18 | 北京同余科技有限公司 | Optimizing parameterized network information security detection system and method |
Non-Patent Citations (2)
Title |
---|
基于动态聚类算法的IRC 僵尸网络检测;刘建波;《哈尔滨商业大学学报( 自然科学版)》;20111031;第27卷(第5期);713-716 * |
基于混沌PSO算法优化RBF网络入侵检测模型;王亚等;《计算机工程与应用》;20130531;第49卷(第10期);84-87 * |
Also Published As
Publication number | Publication date |
---|---|
CN108076060A (en) | 2018-05-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108076060B (en) | Neural network situation prediction method based on dynamic k-means clustering | |
Miehling et al. | A POMDP approach to the dynamic defense of large-scale cyber networks | |
Hu et al. | Online adaboost-based parameterized methods for dynamic distributed network intrusion detection | |
CN112766343B (en) | Network security situation assessment method based on improved WOA-SVM | |
Hassan et al. | An improved binary manta ray foraging optimization algorithm based feature selection and random forest classifier for network intrusion detection | |
CN111709022B (en) | Hybrid alarm association method based on AP clustering and causal relationship | |
Yin et al. | Towards accurate intrusion detection based on improved clonal selection algorithm | |
CN114301712A (en) | Industrial internet alarm log correlation analysis method and system based on graph method | |
Song et al. | A method of intrusion detection based on woa-xgboost algorithm | |
CN108769001A (en) | Malicious code detecting method based on the analysis of network behavior feature clustering | |
Chen et al. | An effective metaheuristic algorithm for intrusion detection system | |
Nadiammai et al. | An evaluation of clustering technique over intrusion detection system | |
CN114037145B (en) | Network security situation prediction method and system | |
Ensafi et al. | Optimizing fuzzy k-means for network anomaly detection using pso | |
Ravipati et al. | A survey on different machine learning algorithms and weak classifiers based on KDD and NSL-KDD datasets | |
Wang et al. | Network intrusion detection method based on improved CNN in Internet of Things environment | |
KR102085415B1 (en) | Method and Apparatus of Intrusion Detection for Wi-Fi Network Based on Weight-Selected Neural Networks | |
Fries | Classification of network traffic using fuzzy clustering for network security | |
De-La-Hoz-Franco et al. | Implementation of an intrusion detection system based on self organizing map | |
Sunita et al. | A hybrid approach of intrusion detection using ANN and FCM | |
Zhao et al. | Hybrid intrusion detection method based on improved bisecting k-means in cloud computing | |
Adil et al. | An Improved Intrusion Detection Approach using Synthetic Minority Over-Sampling Technique and Deep Belief Network. | |
Tajari Siahmarzkooh et al. | A Novel Anomaly-based Intrusion Detection System using Whale Optimization Algorithm WOA-Based Intrusion Detection System | |
Liu | A computer network intrusion detection technology based on improved neural network algorithm | |
Borah et al. | Towards the development of an efficient intrusion detection system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |