CN112637202B - LDoS attack detection method based on integrated wavelet transform in SDN environment - Google Patents
LDoS attack detection method based on integrated wavelet transform in SDN environment Download PDFInfo
- Publication number
- CN112637202B CN112637202B CN202011530024.XA CN202011530024A CN112637202B CN 112637202 B CN112637202 B CN 112637202B CN 202011530024 A CN202011530024 A CN 202011530024A CN 112637202 B CN112637202 B CN 112637202B
- Authority
- CN
- China
- Prior art keywords
- wavelet
- integrated
- entropy value
- sdn
- value set
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention discloses an LDoS attack detection method based on integrated wavelet transformation in an SDN environment. The invention relates to the technical field of signal processing, which utilizes a plurality of different wavelet transformation basis functions to calculate and obtain entropy value sets of different wavelet energy spectrums; randomly selecting a wavelet basis function from a wavelet basis function library; judging whether the number of the selected wavelet basis functions reaches the number of the appointed integrated wavelet basis functions or not, and decomposing by using three different wavelet basis functions; extracting detail coefficients of each coefficient matrix, calculating integrated wavelet energy values, acquiring an entropy value set of integrated wavelet energy spectrums, distributing corresponding labels, and selecting a part of data sets to train a support vector machine model and a full-connection neural network model; and detecting LDoS attack in the SDN by using the trained support vector machine model and the fully connected neural network model, sending a warning message when detecting the LDoS, discarding a data packet corresponding to the flow table item, and reducing the load of the SDN.
Description
Technical Field
The invention relates to the technical field of signal processing, in particular to an LDoS attack detection method based on integrated wavelet transformation in an SDN environment.
Background
Software-Defined Networking (SDN) is one of the next generation network architectures that is widely recognized as an alternative to current networks. Different from the structure of the traditional network, the SDN realizes the decoupling of a control plane and a data forwarding plane and has the advantages of network programmability, global visibility, unified management and the like. Although SDN is widely used, SDN faces serious security issues that constrain the development and application of SDN. Low rate Denial of Service (LDoS) attacks are one of the more serious network security problems in SDNs.
Discrete Wavelet Transform (DWT) realizes signal processing by discretizing the scale and translation of basic wavelets, and belongs to an analysis method in the field of signals. In the SDN, flow table item information is used as an input signal, different time frequency and normal flow of LDoS are utilized, and an entropy value set of an integrated wavelet energy spectrum extracted by wavelet transformation is utilized to distinguish attack flow.
The LDoS attack is to send attack flows periodically at a low rate, so that a victim end is continuously attacked without being aware of the attack flows, which affects the usability of the SDN. In view of the architecture of SDN, which is different from that of the conventional network, the LDoS attack presents different features in SDN from those in the conventional network: in the SDN, the LDoS attack may also cause damage to the switches and the controllers, and consume a large amount of switch resources, so that channel resources of the controllers and the switches are exhausted, thereby causing the controllers to fail.
Disclosure of Invention
The invention provides an LDoS attack detection method based on integrated wavelet transform in an SDN environment, aiming at solving the problems of saturated frequency resources, narrow frequency band and less carried resources, and the invention provides the following technical scheme:
an LDoS attack detection method based on integrated wavelet transform in an SDN environment comprises the following steps:
step 1: calculating to obtain different entropy value sets of wavelet energy spectrums by utilizing a plurality of different wavelet transformation basis functions;
step 2: randomly selecting a wavelet basis function from a wavelet basis function library, and setting the wavelet basis function as a Daubechies basis function;
and step 3: performing wavelet decomposition on the extracted flow table item features sequentially and recursively on the low-pass approximation coefficient obtained by each layer based on Daubechies basis functions to correspondingly obtain each coefficient matrix, judging whether the number of the selected wavelet basis functions reaches the number of the specified integrated wavelet basis functions, and completing the wavelet decomposition when the number reaches the specified value;
and 4, step 4: distributing corresponding labels for the entropy value set of the integrated wavelet energy spectrum obtained by calculation, and selecting a part of data sets to train a support vector machine model and a fully-connected neural network model;
and 5: and detecting the LDoS attack in the SDN by using the trained support vector machine model and the fully connected neural network model, sending a warning message when detecting the LDoS attack, discarding a data packet corresponding to the flow table item, and reducing the load of the SDN.
Preferably, the step 3 specifically comprises:
step 3.1: initializing a wavelet basis function library according to the wavelet transform type, and selecting one wavelet basis function;
step 3.2: performing wavelet decomposition on the low-pass approximation coefficient obtained by each layer in sequence recursively based on the selected wavelet basis function convection table entry characteristics;
step 3.3: calculating a wavelet coefficient matrix decomposed by the corresponding basis function, extracting detail coefficients of the wavelet coefficient matrix, calculating corresponding integrated wavelet energy values, and calculating entropy values of different wavelet energy spectrums according to the integrated wavelet energy values and information entropy values to obtain an entropy value set of the integrated wavelet energy spectrums;
step 3.4: and judging whether the preset number of the wavelet base classes is reached, if so, finishing, otherwise, skipping to the step 3.2.
Preferably, the step 3 further comprises: after three different wavelet basis functions are utilized for decomposition, detail coefficients of each coefficient matrix are obtained, corresponding integrated wavelet energy values are calculated, entropy values of corresponding integrated wavelet energy spectrums are calculated by combining the integrated wavelet energy values and information entropy values, so that an entropy value set of the integrated wavelet energy spectrums is obtained, the entropy value set of the integrated wavelet energy spectrums is taken as a characteristic and stored in an array, and an entropy value set library of the integrated wavelet energy spectrums is generated.
Preferably, the step 4 specifically includes:
step 4.1: sequentially selecting an entropy value set of the wavelet energy spectrum from an entropy value set library of the integrated wavelet energy spectrum, and allocating corresponding labels to the entropy value set of the wavelet energy spectrum to generate a corresponding training set;
step 4.2: and training a model through a training set, analyzing the difference and the connection between entropy value sets of the wavelet energy spectrums by using the training model, and detecting the LDoS attack flow.
The invention has the following beneficial effects:
the invention designs an LDoS attack detection method based on integrated wavelet transform. The method comprises the steps of calculating wavelet coefficient matrixes by utilizing the characteristics of various wavelet basis functions on flow table items, extracting detail coefficients of the wavelet coefficient matrixes, calculating to obtain integrated wavelet energy values, calculating integrated wavelet energy entropy values according to the integrated wavelet energy values and information entropy values to obtain an integrated wavelet energy entropy value set, and detecting LDoS attacks based on the connection among the integrated wavelet energy entropy value set. By using the method, the speed and the accuracy of detecting the LDoS attack can be improved, and the burden of the LDoS attack on the SDN network is reduced.
Drawings
Fig. 1 is a flowchart of an LDoS detection method based on integrated wavelet transform in an SDN environment.
Detailed Description
The present invention will be described in detail with reference to specific examples.
The first embodiment is as follows:
as shown in fig. 1, the present invention provides an integrated wavelet transform-based LDoS attack detection method in an SDN environment, which includes the following steps:
step 1: calculating to obtain different entropy value sets of wavelet energy spectrums by utilizing a plurality of different wavelet transformation basis functions;
step 2: randomly selecting a wavelet basis function from a wavelet basis function library, wherein the wavelet basis function is assumed to be a Daubechies basis function;
and step 3: performing wavelet decomposition on the extracted flow table item features sequentially and recursively on the low-pass approximation coefficient obtained by each layer based on Daubechies basis functions to correspondingly obtain each coefficient matrix, judging whether the number of the selected wavelet basis functions reaches the number of the specified integrated wavelet basis functions, and completing the wavelet decomposition when the number reaches the specified value;
the step 3 specifically comprises the following steps:
step 3.1: initializing a wavelet basis function library according to the wavelet transform type, and selecting one wavelet basis function;
step 3.2: performing wavelet decomposition on the low-pass approximation coefficient obtained by each layer in sequence recursively based on the selected wavelet basis function convection table entry characteristics;
step 3.3: calculating a wavelet coefficient matrix decomposed by the corresponding basis function, extracting detail coefficients of the wavelet coefficient matrix, calculating corresponding integrated wavelet energy values, and calculating entropy values of different wavelet energy spectrums according to the integrated wavelet energy values and information entropy values to obtain an entropy value set of the integrated wavelet energy spectrums;
step 3.4: and judging whether the preset number of the wavelet base classes is reached, if so, finishing, otherwise, skipping to the step 3.2.
The step 3 further comprises: after three different wavelet basis functions are utilized for decomposition, the entropy values of the integrated wavelet energy spectrums corresponding to the coefficient matrixes are calculated, the entropy value set of the integrated wavelet energy spectrums is taken as a characteristic and stored in an array, and an entropy value set library of the integrated wavelet energy spectrums is generated.
And 4, step 4: distributing corresponding labels for the entropy value set of the wavelet energy spectrum obtained by calculation, and selecting a part of data sets to train a support vector machine model and a full-connection neural network model;
the step 4 specifically comprises the following steps:
step 4.1: sequentially selecting an entropy value set of the wavelet energy spectrum from an entropy value set library of the integrated wavelet energy spectrum, and allocating corresponding labels to the entropy value set of the wavelet energy spectrum to generate a corresponding training set;
step 4.2: and training a model through a training set, analyzing the difference and the connection between entropy value sets of the integrated wavelet energy spectrum by using the training model, and detecting the LDoS attack flow.
And 5: and detecting the LDoS attack in the SDN by using the trained support vector machine model and the fully connected neural network model, sending a warning message when detecting the LDoS attack, discarding a data packet corresponding to the flow table item, and reducing the load of the SDN.
The second embodiment is as follows:
the invention aims to utilize the advantages of multi-dimensionality and diversity of energy spectrum entropy extracted by various wavelet basis functions to be applied to detection of LDoS attacks in an SDN environment, improve the detection accuracy of the LDoS attacks and avoid the consumption of a large number of resources in the SDN network caused by inaccurate detection and positioning of the LDoS attacks.
The method comprises the steps of carrying out LDoS attack detection on flow entries in an SDN environment, utilizing various wavelet basis functions to calculate and analyze the flow entries in an SDN switch respectively to obtain a wavelet coefficient matrix of the basis functions, extracting detail coefficients of the wavelet coefficient matrix to calculate integrated wavelet energy values, and calculating entropy values of corresponding integrated wavelet energy spectrums according to the integrated wavelet energy values and information entropy values to obtain entropy value sets of the integrated wavelet energy spectrums. And taking the calculation result as the characteristic values of the flow table entry, distributing corresponding labels to the characteristic values, and generating a corresponding training set. Training a machine learning model based on the training set, and analyzing and detecting whether LDoS attack exists in the SDN or not by using the trained model. On the basis, the invention designs the LDoS attack detection method based on the integrated wavelet basis transformation under the SDN environment so as to improve the LDoS resistance of the SDN.
The present invention is further illustrated by the following examples, which are provided for the purpose of illustration only and are not intended to limit the scope of the present invention.
The method comprises the following specific steps:
step 1: according to the DWT which is the wavelet type used in the method, a wavelet basis function library is initialized, and basis functions suitable for the DWT are selected. The wavelet basis function library comprises Coiflets basis functions, Symlets functions, Haar basis functions and Daubechies basis functions, and the number of the integrated wavelet basis is specified to be 3;
step 2: randomly selecting a wavelet basis function from a wavelet basis function library, wherein the wavelet basis function is assumed to be a Daubechies basis function;
and step 3: performing wavelet decomposition on the extracted flow entry features in turn recursively on the low-pass approximation coefficient obtained by each layer based on the Daubechies basis function until an iteration termination condition is reached;
and 4, step 4: judging whether the number of the selected wavelet basis functions reaches the number of the appointed integrated wavelet basis functions, if so, finishing the step, otherwise, skipping to the step 2;
and 5: and decomposing by using three different wavelet basis functions to correspondingly obtain each coefficient matrix. Calculating Entropy values (EWEE) of the integrated Wavelet Energy spectrums corresponding to the coefficient matrixes, obtaining an Entropy value set (EWEE) of the integrated Wavelet Energy spectrums, taking the Entropy value set of the integrated Wavelet Energy spectrums as a characteristic, and storing the characteristic into an array W S Performing the following steps;
step 6: distributing corresponding labels for the entropy value set of the integrated wavelet energy spectrum obtained by calculation, and selecting a part of data sets to train a support vector machine model and a fully-connected neural network model;
and 7: detecting LDoS attack in the SDN network by using the trained support vector machine model and the fully-connected neural network model;
and 8: and if the LDoS attack is detected, a warning message is sent, the data packet corresponding to the flow entry is discarded, and the SDN network load is reduced.
The above description is only a preferred embodiment of the integrated wavelet transform-based LDoS attack detection method in the SDN environment, and the protection range of the integrated wavelet transform-based LDoS attack detection method in the SDN environment is not limited to the above embodiments, and all technical solutions belonging to the idea belong to the protection range of the present invention. It should be noted that modifications and variations which do not depart from the gist of the invention will be those skilled in the art to which the invention pertains and which are intended to be within the scope of the invention.
Claims (2)
1. An LDoS attack detection method based on integrated wavelet transformation in an SDN environment is characterized by comprising the following steps: the method comprises the following steps:
step 1: calculating to obtain different entropy value sets of wavelet energy spectrums by utilizing a plurality of different wavelet transformation basis functions;
step 2: randomly selecting a wavelet basis function from a wavelet basis function library, and setting the wavelet basis function as a Daubechies basis function;
and 3, step 3: performing wavelet decomposition on the extracted flow table item features sequentially and recursively on the low-pass approximation coefficient obtained by each layer based on Daubechies basis functions to correspondingly obtain each coefficient matrix, judging whether the number of the selected wavelet basis functions reaches the number of the specified integrated wavelet basis functions, and completing the wavelet decomposition when the number reaches the specified value;
the step 3 specifically comprises the following steps:
step 3.1: initializing a wavelet basis function library according to the wavelet transform type, and selecting one wavelet basis function;
step 3.2: performing wavelet decomposition on the low-pass approximation coefficient obtained by each layer in sequence recursively based on the selected wavelet basis function convection table entry characteristics;
step 3.3: calculating a wavelet coefficient matrix decomposed by the corresponding basis function, extracting detail coefficients of the wavelet coefficient matrix, calculating corresponding integrated wavelet energy values, and calculating entropy values of different wavelet energy spectrums according to the integrated wavelet energy values and information entropy values to obtain an entropy value set of the integrated wavelet energy spectrums;
step 3.4: judging whether the number of the wavelet base classes reaches the preset number, if so, finishing, otherwise, skipping to the step 3.2;
and 4, step 4: distributing corresponding labels for the entropy value set of the integrated wavelet energy spectrum obtained by calculation, and selecting a part of data sets to train a support vector machine model and a fully-connected neural network model;
the step 4 specifically comprises the following steps:
step 4.1: sequentially selecting an entropy value set of the wavelet energy spectrum from an entropy value set library of the integrated wavelet energy spectrum, and allocating corresponding labels to the entropy value set of the wavelet energy spectrum to generate a corresponding training set;
step 4.2: training a model through a training set, analyzing differences and connections among entropy value sets of the integrated wavelet energy spectrums by using the training model, and detecting LDoS attack flow;
and 5: and detecting the LDoS attack in the SDN by using the trained support vector machine model and the fully connected neural network model, sending a warning message when detecting the LDoS attack, discarding a data packet corresponding to the flow table item, and reducing the load of the SDN.
2. The method of claim 1, wherein the method comprises the steps of: the step 3 further comprises: after three different wavelet basis functions are utilized for decomposition, detail coefficients of each coefficient matrix are obtained, corresponding integrated wavelet energy values are calculated, entropy values of corresponding integrated wavelet energy spectrums are calculated by combining the integrated wavelet energy values and information entropy values, so that an entropy value set of the integrated wavelet energy spectrums is obtained, the entropy value set of the integrated wavelet energy spectrums is taken as a characteristic and stored in an array, and an entropy value set library of the integrated wavelet energy spectrums is generated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011530024.XA CN112637202B (en) | 2020-12-22 | 2020-12-22 | LDoS attack detection method based on integrated wavelet transform in SDN environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011530024.XA CN112637202B (en) | 2020-12-22 | 2020-12-22 | LDoS attack detection method based on integrated wavelet transform in SDN environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112637202A CN112637202A (en) | 2021-04-09 |
| CN112637202B true CN112637202B (en) | 2022-08-12 |
Family
ID=75321889
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011530024.XA Active CN112637202B (en) | 2020-12-22 | 2020-12-22 | LDoS attack detection method based on integrated wavelet transform in SDN environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112637202B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114024762B (en) * | 2021-11-11 | 2022-08-16 | 湖南大学 | LDoS attack detection method based on S-R analysis and FASSA-SVM |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101577642A (en) * | 2008-05-08 | 2009-11-11 | 吴志军 | Method for one-step forecasting Kalman filtering detection of LDoS attack |
| CN101621425A (en) * | 2009-05-21 | 2010-01-06 | 北京邮电大学 | Method and device for detecting low-speed denial of service attack |
| CN102457489A (en) * | 2010-10-26 | 2012-05-16 | 中国民航大学 | Attacking, detecting and defending module for LDoS (Low-rate Denial of Service) |
| CN105245503A (en) * | 2015-09-08 | 2016-01-13 | 中国民航大学 | Method of using hidden Markov model to detect LDoS (Low-Rate Denial of Service) attack |
| CN106411829A (en) * | 2015-12-14 | 2017-02-15 | 中国民航大学 | LDoS attack detection method based on wavelet energy spectrum and combined neural network |
| CN107483473A (en) * | 2017-09-05 | 2017-12-15 | 上海海事大学 | A kind of low speed Denial of Service attack data-flow detection method of cloud environment |
| WO2018089615A1 (en) * | 2016-11-10 | 2018-05-17 | Intel Corporation | Radio access network (ran) node, mobile device and methods for configuration of a group-cast mode in a software defined network (sdn) |
| CN109040131A (en) * | 2018-09-20 | 2018-12-18 | 天津大学 | A kind of LDoS attack detection method under SDN environment |
| CN109150838A (en) * | 2018-07-24 | 2019-01-04 | 湖南大学 | A kind of method for comprehensive detection for Denial of Service attack at a slow speed |
| CN109167789A (en) * | 2018-09-13 | 2019-01-08 | 上海海事大学 | A kind of cloud environment LDoS attack data-flow detection method and system |
| CN110177115A (en) * | 2019-06-10 | 2019-08-27 | 中国民航大学 | LDoS attack detection method based on multi-feature fusion |
| CN110661802A (en) * | 2019-09-27 | 2020-01-07 | 湖南大学 | Low-speed denial of service attack detection method based on PCA-SVM algorithm |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103139166A (en) * | 2011-11-30 | 2013-06-05 | 中国民航大学 | Low-rate denial of service (LDoS) attack detection method based on small signal detection theory |
| CN103546465B (en) * | 2013-10-15 | 2016-10-19 | 北京交通大学长三角研究院 | LDoS attack detection based on traffic period monitoring and defence method |
| US10701103B2 (en) * | 2017-02-16 | 2020-06-30 | Dell Products, L.P. | Securing devices using network traffic analysis and software-defined networking (SDN) |
| CN110572413A (en) * | 2019-09-27 | 2019-12-13 | 湖南大学 | Low-rate denial of service attack detection method based on Elman neural network |
-
2020
- 2020-12-22 CN CN202011530024.XA patent/CN112637202B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101577642A (en) * | 2008-05-08 | 2009-11-11 | 吴志军 | Method for one-step forecasting Kalman filtering detection of LDoS attack |
| CN101621425A (en) * | 2009-05-21 | 2010-01-06 | 北京邮电大学 | Method and device for detecting low-speed denial of service attack |
| CN102457489A (en) * | 2010-10-26 | 2012-05-16 | 中国民航大学 | Attacking, detecting and defending module for LDoS (Low-rate Denial of Service) |
| CN105245503A (en) * | 2015-09-08 | 2016-01-13 | 中国民航大学 | Method of using hidden Markov model to detect LDoS (Low-Rate Denial of Service) attack |
| CN106411829A (en) * | 2015-12-14 | 2017-02-15 | 中国民航大学 | LDoS attack detection method based on wavelet energy spectrum and combined neural network |
| WO2018089615A1 (en) * | 2016-11-10 | 2018-05-17 | Intel Corporation | Radio access network (ran) node, mobile device and methods for configuration of a group-cast mode in a software defined network (sdn) |
| CN107483473A (en) * | 2017-09-05 | 2017-12-15 | 上海海事大学 | A kind of low speed Denial of Service attack data-flow detection method of cloud environment |
| CN109150838A (en) * | 2018-07-24 | 2019-01-04 | 湖南大学 | A kind of method for comprehensive detection for Denial of Service attack at a slow speed |
| CN109167789A (en) * | 2018-09-13 | 2019-01-08 | 上海海事大学 | A kind of cloud environment LDoS attack data-flow detection method and system |
| CN109040131A (en) * | 2018-09-20 | 2018-12-18 | 天津大学 | A kind of LDoS attack detection method under SDN environment |
| CN110177115A (en) * | 2019-06-10 | 2019-08-27 | 中国民航大学 | LDoS attack detection method based on multi-feature fusion |
| CN110661802A (en) * | 2019-09-27 | 2020-01-07 | 湖南大学 | Low-speed denial of service attack detection method based on PCA-SVM algorithm |
Non-Patent Citations (2)
| Title |
|---|
| Identifying LDoS attack traffic based on wavelet energy spectrum and combined neural network;Yue M et al.;《International Journal of Communication Systems》;20180228;全文 * |
| SDN环境下的LDoS攻击检测与防御技术;颜通 等;《计算机科学与探索》;20190812;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112637202A (en) | 2021-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zhang et al. | Network intrusion detection: Based on deep hierarchical network and original flow data | |
| CN110012029B (en) | Method and system for distinguishing encrypted and non-encrypted compressed flow | |
| Lichodzijewski et al. | Dynamic intrusion detection using self-organizing maps | |
| CN110996343B (en) | Intelligent recognition system and recognition method of interference recognition model based on deep convolutional neural network | |
| CN106878314B (en) | Network malicious behavior detection method based on credibility | |
| CN108683526B (en) | Method for identifying competitive MAC protocol | |
| CN109299742A (en) | Method, apparatus, equipment and the storage medium of automatic discovery unknown network stream | |
| CN112637202B (en) | LDoS attack detection method based on integrated wavelet transform in SDN environment | |
| CN114039901A (en) | Protocol identification method based on residual error network and recurrent neural network mixed model | |
| Malboubi et al. | A learning-based measurement framework for traffic matrix inference in software defined networks | |
| Patcha et al. | Network anomaly detection with incomplete audit data | |
| CN117411806B (en) | Power communication network performance evaluation method, system, equipment and storage medium | |
| Acimovic et al. | Adaptive distributed algorithms for power-efficient data gathering in sensor networks | |
| CN113114691B (en) | Network intrusion detection method, system, equipment and readable storage medium | |
| Tang et al. | Towards memory-efficient streaming processing with counter-cascading sketching on FPGA | |
| CN112383488B (en) | Content identification method suitable for encrypted and non-encrypted data streams | |
| CN111291078B (en) | Domain name matching detection method and device | |
| CN117294497A (en) | Network traffic abnormality detection method and device, electronic equipment and storage medium | |
| CN116347492A (en) | 5G slice flow abnormality detection method, device, computer equipment and storage medium | |
| CN115225310B (en) | Lightweight malicious software flow detection method and device based on optimization element learning | |
| CN111447169A (en) | Method and system for identifying malicious webpage in real time on gateway | |
| Erhan et al. | Statistical properties of DDoS attacks | |
| CN114330504A (en) | Network malicious traffic detection method based on Sketch | |
| CN114205821A (en) | Wireless radio frequency anomaly detection method based on depth prediction coding neural network | |
| Ren et al. | Deep Learning Based Identification Method for Signal-Level Wireless Protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |