CN108494772B - Model optimization, network intrusion detection method and device and computer storage medium - Google Patents
Model optimization, network intrusion detection method and device and computer storage medium Download PDFInfo
- Publication number
- CN108494772B CN108494772B CN201810249117.1A CN201810249117A CN108494772B CN 108494772 B CN108494772 B CN 108494772B CN 201810249117 A CN201810249117 A CN 201810249117A CN 108494772 B CN108494772 B CN 108494772B
- Authority
- CN
- China
- Prior art keywords
- model
- network model
- layer
- training
- sample set
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a model optimization and network intrusion detection method, a device and a computer storage medium, wherein the model optimization method comprises the steps of establishing an original depth network model, generating a training sample set, initializing original target parameters of the original depth network model layer by layer to obtain new target parameters, adjusting the new target parameters according to the training sample set, periodically updating the training data set, and optimizing the depth network model according to the updated training data set. The network intrusion detection method comprises the step of carrying out network intrusion detection based on the optimized deep network model, and the invention inherits the advantages of the deep network multilayer perceptron through the technical scheme and improves the accuracy and the real-time performance of the network intrusion detection.
Description
Technical Field
The present invention relates to the field of information security, and in particular, to a deep network model optimization method, a network intrusion detection method and apparatus, and a computer-readable storage medium.
Background
With the rapid development of internet technology, the internet has been widely used in various fields. Meanwhile, more and more websites are attacked, and the invasion attack seriously threatens the privacy of individuals and important information of enterprises, so that the network security defense technology is very important. At present, the network security defense technology mainly comprises the following steps: firewalls, VPN security gateways, cryptographic authentication, etc., but these are passive defense techniques.
With the increasing complexity of network intrusion behaviors, a plurality of machine learning methods and models are applied to the field and make great progress, but the methods and models are shallow layer perceptron models and cannot be applied to large sample sets such as detection data.
The current mainstream method in the intrusion detection field is based on a deep network model, which can actually improve the accuracy of the model, but has two disadvantages, i.e. because the data set of the training sample is huge each time, the method will consume a lot of time in the training process, and the real-time performance is difficult to ensure; secondly, gradient dispersion and overfitting are easy to occur in the training process of the deep network model, and the accuracy rate needs to be further improved.
Disclosure of Invention
The model optimization method, the model optimization device and the computer storage medium mainly solve the technical problems that an existing deep network model is low in accuracy and insufficient in real-time performance; the network intrusion detection method, the network intrusion detection device and the computer storage medium mainly solve the technical problems of low accuracy and insufficient real-time performance of network intrusion detection based on a traditional deep network model.
In order to solve the above technical problems, the model optimization method provided by the present invention comprises:
step A, establishing an original depth network model;
b, acquiring a training data set, and preprocessing the training data set to generate a training sample set;
step C, initializing the original target parameters of the original depth network model layer by layer according to the training sample set to obtain new target parameters;
step D, adjusting the new target parameters according to the training sample set;
and E, periodically updating the training data set, and re-executing the steps B to D according to the updated training data set to obtain an optimized depth network model.
The network intrusion detection method provided by the invention comprises the following steps:
acquiring data transmitted by a network, and generating a detection data set;
preprocessing the detection data set to generate a detection sample set;
and detecting the detection sample set by adopting the optimized deep network model obtained by adopting the optimization method of the deep network model, and outputting a detection result.
The model optimization device provided by the invention comprises:
the model establishing module is used for establishing an original depth network model;
the first sample generation module is used for acquiring a training data set, preprocessing the training data set and generating a training sample set;
the initialization module is used for initializing the original target parameters of the original depth network model layer by layer according to the training sample set to obtain new target parameters;
the adjusting module is used for adjusting the new target parameters according to the training sample set;
and the updating module is used for periodically updating the training data set and outputting the training data set to the first sample generating module.
The network intrusion detection device provided by the invention comprises:
the data acquisition module is used for acquiring data transmitted by a network;
the data set generating module is used for generating a detection data set;
the second sample generation module is used for preprocessing the detection data set to generate a detection sample set;
and the detection module is used for detecting the detection sample set by adopting the optimized deep network model obtained by the optimization device of the deep network model and outputting a detection result.
The present invention also provides a computer readable storage medium storing one or more programs, the one or more programs being executable by one or more processors to perform the steps of any of the model optimization methods or the network intrusion detection methods described above.
The invention has the beneficial effects that:
the model optimization method, the device and the computer storage medium inherit the advantages of the deep network multi-layer perceptron, and have the improvement of two aspects, firstly, the target parameters of the deep network model are initialized layer by layer, and the target parameters obtained after the initialization are adjusted, so that the accuracy of the deep network model is improved; and secondly, the model is continuously corrected by periodically updating the training data set for optimization, so that batch training of a large sample set is avoided, and the real-time performance of the deep network model is enhanced. The network intrusion detection method, the network intrusion detection device and the computer storage medium provided by the embodiment of the invention are realized based on the novel deep network model provided by the invention, and the accuracy and the real-time performance of network intrusion detection are improved.
Furthermore, in the embodiment of the invention, in the processes of generating the training sample set, initializing the target parameters of the original depth network model layer by layer and adjusting the target parameters obtained after initialization, a batch normalization processing method is largely used, so that the convergence speed is accelerated, the accuracy is further improved, and the optimization process is accelerated. In addition, in the embodiment of the invention, the training data set can be further periodically updated by adopting an online learning mode, the online learning is a training method of machine learning, is just suitable for the increasingly changing invasion attack behaviors, the training sample set is updated in real time, and the model is continuously corrected and optimized by the online learning method, so that the accuracy and the real-time performance of detection are enhanced. The batch normalization and the online learning method are combined, for example, a batch gradient descending deep network model is adopted, input data are normalized again in a hidden layer in the training process, deviation in the learning process is prevented, gradient scattering is effectively avoided, training time is shortened, and overfitting of the deep network can be prevented.
Drawings
FIG. 1 is a diagram of network element deployment for network intrusion detection;
FIG. 2 is a flowchart of a model optimization method according to a first embodiment of the present invention;
fig. 3 is a flowchart of a network intrusion detection method according to a first embodiment of the present invention;
FIG. 4 is a graph comparing the convergence rate compared to the conventional network intrusion detection method according to the second embodiment of the present invention;
FIG. 5 is a graph showing the variation of the accuracy of the second embodiment of the present invention;
FIG. 6 is a schematic diagram of a model optimization apparatus according to a third embodiment of the present invention;
fig. 7 is a schematic diagram of a network intrusion detection device according to a fourth embodiment of the present invention.
Detailed Description
Fig. 1 is a network element deployment diagram of network intrusion detection, as shown in fig. 1. Assume that the existing network hardware architecture includes: the subnet, the switch, the core switch, the firewall and the router are connected in sequence and then are accessed to the internet through the router. The network intrusion detection device of the invention has at least the following two deployment methods, one is deployed between a firewall and a core switch to provide a security barrier for the whole intranet; and the other is arranged behind a common switch to provide a security barrier for the subnet. Of course, the deployment mode of the network intrusion detection device provided by the present invention is not limited to this.
The first embodiment is as follows:
fig. 2 is a flowchart of a model optimization method according to a first embodiment of the present invention, where the model optimization method mainly includes the following steps:
step 201, establishing an original deep network model;
202, acquiring a training data set, and preprocessing the training data set to generate a training sample set;
step 203, initializing the original target parameters of the original depth network model layer by layer according to the training sample set to obtain new target parameters;
step 204, adjusting the new target parameters according to the training sample set;
and 205, periodically updating the training data set, and re-executing the steps 202 to 204 according to the updated training data set to obtain an optimized deep network model.
For step 201, for each hidden layer of the original depth network model, a Relu (linear rectification function) activation function may be adopted, and for each output layer, a Sigmoid function (S-shaped growth curve) function may be adopted. The number of nodes of the input layer and the number of nodes of the output layer of the original deep network model can be determined by the feature dimension and the category number of the training sample set. The step size and white gaussian noise of the original deep network model can be determined empirically. The weight parameters W and bias parameters b of the original depth network model may be initialized randomly. The number of layers of the original deep network model can adopt a compromise value in the accuracy and the training time, and preferably, a seven-layer deep network model with the structure of 128-80-50-30-10-5 can be established. Of course, the method for building the original deep network model can also be referred to the conventional scheme.
For the above step 202, historical transmission data in the target network may be obtained as a training data set, and the target network may be a network to be subjected to network intrusion detection, or may be a network of the same nature or type. The training data set is preprocessed to generate a training sample set, which includes but is not limited to the following:
an NSL-KDD (Lincoln laboratories DDoS) data set can be selected to form a training data set, and as a large amount of discrete qualitative characteristic data exist in the NSL-KDD data set, the discrete qualitative characteristic data in the training data set can be extracted; quantizing the extracted discrete qualitative feature data through high-dimensional mapping, wherein the discrete qualitative feature data generally comprises character-type feature data and digital feature data, for example, in one embodiment, after mapping is completed, the data features are changed from original 41 dimensions to 128 dimensions, and the category labels are changed from original 1 dimension to 5 dimensions; and then carrying out normalization processing on the data obtained after quantization. Preferably, the normalization formula is shown in (1.1), wherein E (x) represents the mean, Var (x) represents the variance, x represents the feature vector, k represents the kth data,
represent normalized feature vectors:
for step 203, the following methods are included but not limited to:
removing class labels in the training sample set, adopting an unsupervised learning mode, and learning an objective function
To optimize the objective function, where x denotes the input feature vector, hW,b(x) Representing the objective function, w and b representing the objective functionThe weight and the offset of (c) is,
representing the output feature vector.
After the objective function is optimized, the weight parameters from the input layer to the hidden layer are reserved, the hidden layer is used as the input layer of the next layer, and the like, and the original objective parameters of the original depth network model are initialized layer by layer to obtain new objective parameters. The target parameters include: at least one of a weight parameter W and a bias parameter b.
Step 203 can complete layer-by-layer initialization through a stacked self-encoder, the optimization objective function can adopt a back propagation algorithm, batch normalization processing is adopted in a forward propagation process, and the batch normalization processing in the step mainly comprises normalization processing of input data of each hidden layer. After the objective function is optimized, the weights from the input layer to the hidden layer are reserved, then the hidden layer is used as the input layer of the next layer, and so on, the stacked self-encoder initializes the weight parameters W and the bias parameters b of the whole depth network model layer by layer.
For the step 204, the following methods are included but not limited to:
and according to the training sample set, taking the new target parameter obtained in the step 203 as an initial value of the original deep network model, adjusting the new target parameter through a backward propagation algorithm, and performing normalization processing on the input data of each input layer and the input data of each hidden layer in the forward propagation process.
In this step, the training sample set may adopt data with tags, and new target parameters calculated in step C, such as a weight parameter W and a bias parameter b, are used as initial values of the deep network model, and then parameters of the model are optimized by a back propagation algorithm. In the process of the previous item transmission, in addition to the normalization processing of the input data of each input layer, the normalization processing of the input data of each hidden layer is also needed.
The above step 205 includes, but is not limited to, the following listed manners:
the training data set is periodically updated, generally once a week, to adapt to increasingly complex intrusion behavior. In this step, after the training data set is updated, the updated training data set pair is preprocessed by the same method as in step B to generate an updated training sample set, so as to periodically update the training sample set. The model parameters are then modified and optimized in the same way as in steps 203 and 204. In the step, an online learning mode can be adopted, the training sample set is periodically updated, the optimized model in the step 204 is trained, and the model is continuously corrected and optimized, so that the method is effectively suitable for variable network intrusion attacks.
Based on the optimized deep network model, network intrusion detection can be carried out. Fig. 3 is a flowchart of a network intrusion detection method according to an embodiment of the present invention, which mainly includes:
301, acquiring data transmitted by a network, and generating a detection data set;
step 302, preprocessing the detection data set to generate a detection sample set;
step 303, detecting the detection sample set by using the optimized deep network model obtained by the method for optimizing the deep network model in this embodiment, and outputting a detection result.
Wherein, for step 301, data transmitted by the network can be captured by the network probe. Step 302 may analyze data according to different layers of a TCP/IP protocol to obtain discrete qualitative feature data in an NSL-KDD data set, quantize the discrete qualitative feature data through high-dimensional mapping, and perform normalization processing on the quantized data to generate a detection sample set. Step 303 detects whether there is data intrusion behavior on the network connection, and the output vector y of step 303 may be a 5-dimensional vector, which may be represented by a function max (y).
The embodiment adopts the scheme to overcome the defects of low detection accuracy, poor real-time performance and poor generalization capability; in the process of optimizing the deep network model, the online learning method is effectively suitable for variable network intrusion attacks, batch normalization processing is adopted, the detection accuracy is improved, and the false alarm rate and the false missing rate are effectively reduced. Table 1 is a table comparing accuracy rates of the network intrusion detection method of the present embodiment with other network intrusion detection methods.
TABLE 1
Example two:
in the embodiment, the deep network model is optimized by combining the batch normalization method and the online learning method, the advantages of the deep network model multilayer perceptron are inherited, and the improvement of two aspects is realized, namely, firstly, the convergence speed is accelerated by the batch normalization method, and the accuracy is improved; and secondly, the model is continuously corrected by an online learning method for optimization, so that batch training of a large sample set is avoided, and the real-time performance of intrusion detection is enhanced.
The present embodiment mainly comprises a model optimization stage, and a network intrusion detection stage, wherein,
in the model optimization stage, the main purpose is to train the deep network model based on the training sample set, and optimize the deep network model, and the main process may include:
establishing an n-layer stacked noise reduction self-encoder depth network model; collecting transmission NSL-KDD data of a network to be detected to form a training data set, preprocessing the training data set, namely extracting discrete qualitative characteristic data in the training data set, quantizing the discrete qualitative characteristic data through high-dimensional mapping, and then performing normalization processing on the quantized data to obtain a training sample set; initializing the weight parameters and the offset parameters of an original depth network model layer by layer through a stacked self-encoder in an unsupervised learning mode according to a training sample set, finely adjusting the weight parameters and the offset parameters of the depth network model by adopting a back-propagation algorithm, and storing the weight parameters and the offset parameters of the current depth network model after training; and periodically performing on-line learning, namely periodically updating the training data set to update the training sample set, training the optimized deep network model in the previous steps, and continuously correcting and optimizing the deep network model.
In this embodiment, the batch bitchsize in the batch gradient descent may be 60; the iteration number of the self-encoder can be 45000, and the iteration number of the fine-tuning depth network model can be 7200; the number of layers of the deep network model can be 7, and a 128-80-50-30-10-5 network structure can be adopted; the white gaussian noise ratio of the noise reduction autocoder may be 0.2; the depth network Dropout regularization parameter dropoutframe may be 0.35.
The network intrusion detection stage mainly aims at carrying out network intrusion detection according to the depth network model optimized in the model optimization stage, and mainly comprises the following processes: collecting NSL-KDD data transmitted by a network to be detected through a network detector to form a detection data set, and preprocessing the NSL-KDD detection data set by adopting the same preprocessing mode in the model optimization stage to generate a detection sample set; and detecting the detection sample set by adopting the depth network model optimized in the model optimization stage, detecting whether the connection has data intrusion behavior, and displaying and outputting a detection result. The accuracy rate shown in fig. 5 changes with the iteration number numepochs, and finally the accuracy rate reaches 81.76%, which is obviously higher than that of other methods, and false alarm and missed alarm can be effectively reduced. In addition, as can be seen from fig. 4, when the batch bitchsize in the batch gradient descent is 1000, the training error changes with the number of iterations numepochs, and the convergence of the deep network can be accelerated significantly by using the batch normalization algorithm, so that the real-time performance of intrusion detection is enhanced.
Example three:
fig. 6 is a schematic diagram of a model optimization device according to a third embodiment of the present invention, where the model optimization device may be used to execute the model optimization method according to the first embodiment, as shown in fig. 6, the model optimization device mainly includes:
a model establishing module 601, configured to establish an original deep network model;
a first sample generation module 602, configured to obtain a training data set, and perform preprocessing on the training data set to generate a training sample set;
an initialization module 603, configured to initialize, layer by layer, an original target parameter of the original depth network model according to the training sample set to obtain a new target parameter;
an adjusting module 604, configured to adjust the new target parameter according to the training sample set;
and the updating module 605 is configured to update the training data set periodically and output the updated training data set to the first sample generating module.
Example four:
fig. 7 is a schematic diagram of a network intrusion detection apparatus according to a fourth embodiment of the present invention, where the network intrusion detection apparatus may be used to execute the network intrusion detection method according to the first embodiment, and as shown in fig. 7, the network intrusion detection apparatus mainly includes:
a data obtaining module 701, configured to obtain data transmitted by a network;
a data set generating module 702 for generating a detection data set;
a second sample generation module 703, configured to preprocess the detection data set to generate a detection sample set;
a detecting module 704, configured to detect the detection sample set by using the optimized deep network model obtained by the deep network model optimizing apparatus according to claim 8, and output a detection result.
The model optimization method, the model optimization device and the computer storage medium inherit the advantages of the deep network multi-layer perceptron and improve the accuracy and the real-time performance of the deep network model. The network intrusion detection method, the network intrusion detection device and the computer storage medium provided by the embodiment of the invention are realized based on the novel deep network model provided by the invention, and the accuracy and the real-time performance of network intrusion detection are improved. Furthermore, the embodiment of the invention can also adopt a batch normalization processing method to accelerate the convergence speed of model training, further improve the accuracy and accelerate the optimization process. The model can be further periodically trained in an online learning mode to adapt to the increasingly changing intrusion attack behavior.
It will be apparent to those skilled in the art that the modules or steps of the embodiments of the invention described above may be implemented in a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented in program code executable by a computing device, such that they may be stored on a computer storage medium (ROM/RAM, magnetic disk, optical disk) and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The foregoing is a more detailed description of embodiments of the present invention, and the present invention is not to be considered limited to such descriptions. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.
Claims (10)
1. A model optimization method, characterized in that the model optimization method comprises:
step A, establishing an original depth network model; each hidden layer of the original deep network model adopts a Relu activation function, and each output layer adopts a Sigmoid function; the number of nodes of an input layer and the number of nodes of an output layer of the original deep network model are determined through the feature dimension and the category number of a training sample set; the step length and the Gaussian white noise of the original depth network model are determined through experience; randomly initializing a weight parameter W and a bias parameter b of the original depth network model; adopting a median in the accuracy and training time of the layer number of the original depth network model, and establishing a seven-layer depth network model with the structure of 128-80-50-30-10-5;
b, acquiring a training data set, and preprocessing the training data set to generate a training sample set;
step C, initializing the original target parameters of the original depth network model layer by layer according to the training sample set to obtain new target parameters;
step D, adjusting the new target parameters according to the training sample set;
step E, periodically updating the training data set, and re-executing the steps B to D according to the updated training data set to obtain an optimized depth network model; then, correcting and optimizing the model parameters by adopting the same method as the steps C and D; in the step, an online learning mode is adopted, the training sample set is periodically updated, the optimized model in the step D is trained, and the model is continuously corrected and optimized, so that the method is effectively suitable for variable network intrusion attacks.
2. The model optimization method of claim 1, wherein the target parameters comprise: at least one of a weight parameter and a bias parameter.
3. The model optimization method of claim 1, wherein step B specifically comprises:
step B1, acquiring a training data set;
step B2, discrete qualitative characteristic data in the training data set are extracted;
b3, quantizing the discrete qualitative characteristic data through high-dimensional mapping;
and step B4, carrying out normalization processing on the quantized data to obtain a training sample set.
4. The model optimization method of claim 1, wherein the step C specifically comprises:
removing class labels in the training sample set, and adopting an unsupervised learning mode to learn the objective function
To optimize the objective function;
and after the objective function is optimized, retaining the weight parameters from the input layer to the hidden layer, taking the hidden layer as the input layer of the next layer, and so on, initializing the original objective parameters of the original depth network model layer by layer to obtain new objective parameters.
5. The model optimization method of claim 4, wherein the objective function is optimized by using a back propagation algorithm, and the input data of each hidden layer is normalized during the forward propagation process.
6. The model optimization method of claim 1, wherein said step D specifically comprises:
and C, according to the training sample set, taking the new target parameter obtained in the step C as an initial value of the original depth network model, adjusting the new target parameter through a backward propagation algorithm, and performing normalization processing on the input data of each input layer and the input data of each hidden layer in the forward propagation process.
7. A network intrusion detection method is characterized by comprising the following steps:
acquiring data transmitted by a network, and generating a detection data set;
preprocessing the detection data set to generate a detection sample set;
detecting the detection sample set by adopting the optimized deep network model obtained by the optimization method of the deep network model according to any one of claims 1 to 6, and outputting a detection result.
8. A model optimization apparatus, comprising:
the model establishing module is used for establishing an original depth network model; each hidden layer of the original deep network model adopts a Relu activation function, and each output layer adopts a Sigmoid function; the number of nodes of an input layer and the number of nodes of an output layer of the original deep network model are determined through the feature dimension and the category number of a training sample set; the step length and the Gaussian white noise of the original deep network model are determined empirically; wherein the weight parameter W and the bias parameter b of the original depth network model are initialized randomly; and adopting a median in the accuracy and training time for the layer number of the original deep network model, and establishing a seven-layer deep network model with the structure of 128-80-50-30-10-5;
the first sample generation module is used for acquiring a training data set, preprocessing the training data set and generating a training sample set;
the initialization module is used for initializing the original target parameters of the original depth network model layer by layer according to the training sample set to obtain new target parameters;
the adjusting module is used for adjusting the new target parameters according to the training sample set;
the updating module is used for periodically updating the training data set and outputting the training data set to the first sample generating module to obtain an optimized deep network model; and for outputting to said initialization module, modifying and optimizing model parameters; and the method is used for periodically updating the training sample set by adopting an online learning mode, training the optimized model in the adjusting module, continuously correcting and optimizing the model, and effectively applying to variable network intrusion attacks.
9. A network intrusion detection device, comprising:
the data acquisition module is used for acquiring data transmitted by a network;
the data set generating module is used for generating a detection data set;
the second sample generation module is used for preprocessing the detection data set to generate a detection sample set;
a detection module, configured to detect the detection sample set by using the optimized deep network model obtained by the deep network model optimizing apparatus according to claim 8, and output a detection result.
10. A computer readable storage medium, storing one or more programs, which are executable by one or more processors, for performing the steps of the model optimization method of any one of claims 1 to 6 or the network intrusion detection method of claim 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810249117.1A CN108494772B (en) | 2018-03-25 | 2018-03-25 | Model optimization, network intrusion detection method and device and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810249117.1A CN108494772B (en) | 2018-03-25 | 2018-03-25 | Model optimization, network intrusion detection method and device and computer storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108494772A CN108494772A (en) | 2018-09-04 |
| CN108494772B true CN108494772B (en) | 2021-08-17 |
Family
ID=63337393
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810249117.1A Active CN108494772B (en) | 2018-03-25 | 2018-03-25 | Model optimization, network intrusion detection method and device and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108494772B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109672666B (en) * | 2018-11-23 | 2021-12-14 | 北京丁牛科技有限公司 | Network attack detection method and device |
| CN109547254B (en) * | 2018-11-28 | 2022-03-15 | 湖北文理学院 | Intrusion detection method and device, electronic equipment and storage medium |
| CN111031387B (en) * | 2019-11-21 | 2020-12-04 | 南京大学 | Method for controlling video coding flow rate of monitoring video sending end |
| CN111507520A (en) * | 2020-04-15 | 2020-08-07 | 瑞纳智能设备股份有限公司 | Dynamic prediction method and system for load of heat exchange unit |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107452023A (en) * | 2017-07-21 | 2017-12-08 | 上海交通大学 | A kind of monotrack method and system based on convolutional neural networks on-line study |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8327443B2 (en) * | 2008-10-29 | 2012-12-04 | Lockheed Martin Corporation | MDL compress system and method for signature inference and masquerade intrusion detection |
| CN105320961A (en) * | 2015-10-16 | 2016-02-10 | 重庆邮电大学 | Handwriting numeral recognition method based on convolutional neural network and support vector machine |
| CN106555788B (en) * | 2016-11-11 | 2018-02-06 | 河北工业大学 | Application based on the deep learning of Fuzzy Processing in hydraulic equipment fault diagnosis |
| CN107392015B (en) * | 2017-07-06 | 2019-09-17 | 长沙学院 | A kind of intrusion detection method based on semi-supervised learning |
| CN107506786B (en) * | 2017-07-21 | 2020-06-02 | 华中科技大学 | Deep learning-based attribute classification identification method |
-
2018
- 2018-03-25 CN CN201810249117.1A patent/CN108494772B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107452023A (en) * | 2017-07-21 | 2017-12-08 | 上海交通大学 | A kind of monotrack method and system based on convolutional neural networks on-line study |
Non-Patent Citations (1)
| Title |
|---|
| 神经网络在网络入侵检测中的应用研究;傅学彦等;《计算机仿真》;20101215(第12期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108494772A (en) | 2018-09-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108494772B (en) | Model optimization, network intrusion detection method and device and computer storage medium | |
| Qu et al. | A survey on the development of self-organizing maps for unsupervised intrusion detection | |
| Chiba et al. | A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection | |
| Triastcyn et al. | Federated generative privacy | |
| CN106911669B (en) | DDOS detection method based on deep learning | |
| Liang et al. | A long short-term memory enabled framework for DDoS detection | |
| CN111222133A (en) | Multistage self-adaptive coupling method for industrial control network intrusion detection | |
| CN111753881B (en) | Concept sensitivity-based quantitative recognition defending method against attacks | |
| Yakubreddy et al. | Grape CS-ML Database-Informed Methods for Contemporary Vineyard Management | |
| CN112087442A (en) | Time sequence related network intrusion detection method based on attention mechanism | |
| CN111641598A (en) | Intrusion detection method based on width learning | |
| CN113722718A (en) | Cloud edge collaborative industrial control network security protection method based on policy base | |
| Shettar et al. | Intrusion detection system using MLP and chaotic neural networks | |
| Dixit et al. | Comparing and analyzing applications of intelligent techniques in cyberattack detection | |
| CN115174272A (en) | Small sample malicious network flow detection method based on meta-learning | |
| Zhu et al. | A novel simple visual tracking algorithm based on hashing and deep learning | |
| CN114565106A (en) | Defense method for federal learning poisoning attack based on isolated forest | |
| CN113109782B (en) | Classification method directly applied to radar radiation source amplitude sequence | |
| Rahmadeyan et al. | Phishing Website Detection with Ensemble Learning Approach Using Artificial Neural Network and AdaBoost | |
| Li et al. | Unbalanced network attack traffic detection based on feature extraction and GFDA-WGAN | |
| Kulkarni et al. | Intrusion detection system for iot networks using neural networks with extended kalman filter | |
| CN108121912B (en) | Malicious cloud tenant identification method and device based on neural network | |
| Tekleselassie | A deep learning approach for DDoS attack detection using supervised learning | |
| CN115766140A (en) | Distributed denial of service (DDoS) attack detection method and device | |
| Barapatre et al. | Training MLP neural network to reduce false alerts in IDS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |