CN101060444A - Bayesian statistical model based network anomaly detection method - Google Patents
Bayesian statistical model based network anomaly detection method Download PDFInfo
- Publication number
- CN101060444A CN101060444A CNA2007100179191A CN200710017919A CN101060444A CN 101060444 A CN101060444 A CN 101060444A CN A2007100179191 A CNA2007100179191 A CN A2007100179191A CN 200710017919 A CN200710017919 A CN 200710017919A CN 101060444 A CN101060444 A CN 101060444A
- Authority
- CN
- China
- Prior art keywords
- network
- tcp
- detection method
- statistical model
- dst
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The related network abnormal detection method based Bayes statistical model comprises: 1. grasping TCP/IP flow data package by bypass interception way; 2. decomposing attributes to form a data matrix; 3. mining data to build normal training matrix, known-abnormal training matrix, and unknown-abnormal training matrix; 4. continual grasping the TCP/IP package to detect them with Bayes evaluator; and 5. alarming the abnormal condition and filling into the known-abnormal training matrix by self-learning way; or else, back to step 4. This invention overcomes defects in prior art.
Description
Technical field:
The present invention relates to exception flow of network and detect and the Intrusion Detection Technique field, be specifically related to a kind of based on the unusual detection method of the network of Bayesian statistical model.
Background technology:
Be accompanied by the normal use flow of network, various abnormal flows are also following on the network, have influence on the normal operation of network, threatening the safety and the use of subscriber's main station.Network is often caused by reasons such as network attack, worm-type virus, net abuses unusually, for example: diverse network scanning, ddos attack, network worm virus, malice downloads, all can cause network performance to descend to the improper use of Internet resources etc., can influence normal network when serious uses, cause network congestion, even cause the inefficacy of network interruption, the network equipment.Therefore, network traffics are monitored in real time and managed, the network of finding the known type that exists in the network and UNKNOWN TYPE is unusual, and having become needs the matter of utmost importance that solves in the network security management, and it has great significance to the reliabilty and availability that improves network.
Traditional exception flow of network detection is analysis, the study by long network operation flow information; set up the performance parameter reference range that network normally uses pattern; when network operation state and normal baseline have obvious deviation, then there be unusual the generation in the decision network.This method can find that basic network is unusual, and still, it exists the parameter benchmark scope to be difficult to determine, to lack defectives such as flexibility and rate of false alarm height.
Summary of the invention:
Main purpose of the present invention provides a kind of method of the network abnormality detection based on Bayesian statistical model, is difficult to determine, lack flexibility and the high problem of rate of false alarm to overcome the parameter benchmark scope that prior art exists.
For overcoming the problem that prior art exists, of the present inventionly realize by following step:
Step 1: intercept mode with bypass and grasp TCP/IP data on flows bag on the network;
Step 2: carry out the attribute decomposition for grabbing the packet that comes,, and form data matrix for the preliminary treatment of data is carried out in next step operation;
Step 3: the data matrix that preliminary treatment is obtained carries out data mining, makes up the training data matrix of normal condition, known exception state and unknown abnormality;
Step 4: continue to grasp in real time the TCP/IP data on flows bag on the network, it is detected by Bayes's evaluator;
Step 5: if note abnormalities, then report to the police and unusual kind is packed into the known exception slip condition database in the mode of self study, otherwise execution in step (four).
The attribute of above-mentioned steps two described packets decomposes and is meant that the network packet that will grab decomposes classification according to the attribute item.That is, produce the attribute record that each TCP/IP connects by grasping the form of network packet, the form of these records is as follows:
R(T,Src.IP,Src.Port,Dst.IP,Dst.Port,FLAG)
Wherein, the T representative connects the time of beginning; Src.IP represents source IP; Src.Port represents source port; Dst.IP represents purpose IP; Dst.Port represents destination interface; FLAG represents the state that TCP/IP connects.By above attribute item, system will be an attribute record collection of each TCP/IP linkage record R.
The above-mentioned steps three described data matrixes that preliminary treatment is obtained carry out data mining and are meant that continuing conclusion for training data matrix given, that include normal condition, known exception state and unknown abnormality handles, form a probability tables, in this table, the attributive character of a kind of stateful example of each row representative, a kind of stateful example of each row representative.This tableau format is as shown in the table:
X 0 | … | X j | … | |
A 0 | T 000,…,T 00g | … | T 0j0,…,T 0jg | … |
_ | _ | _ | _ | _ |
A i | ||||
_ | _ | _ | _ | _ |
A I-1 | T (I-1)00,…,T (I-1)0g | … | T (I-1)j0,…,T (I-1)jg | … |
A I | T I00,…,T I0g | … | T Ij0,…,T Ijg | … |
A represents the title of stateful example in the last table, and these states comprise three types of normal condition, known exception state and unknown abnormalities; The property parameters of every kind of state of X representative.
The algorithm of above-mentioned steps four described Bayes's evaluators is as follows:
Make incident X=(X
1, X
2..., X
t), parameter
And p=(p
1..., p
t)
Observe one of them example x=(x
1, x
2..., x
t), the probability function of its multinomial distribution is as can be known:
This distribution can be deformed into Dirichlet
Here there is β for all i
i>0, and
Make parameter
With
Can draw its prior probability mathematic expectaion thus is:
E(p
i|K,λ)=λ
i
Its posterior probability mathematic expectaion is:
Thus, through calculating that we can draw following formula and calculate unusual estimated value:
Obtain thus
Utilize Bayes to obtain:
The x here
MjBe meant the mj row in the table, and
Can calculate current network conditions by above step and meet the sort of state.
The self-learning function of above-mentioned steps five is meant, when system is first find one new when unusual, system joins this in tranining database unusually, when finding that once more this is unusual, then is known exception.
Compared with prior art, advantage of the present invention is:
Network anomaly detection method based on Bayesian statistical model is the learning functionality that adopts Bayes' theorem to disclose, find the relation between a large amount of variablees, data are predicted, classified, set up unusual intrusion detection Bayesian network, come phase-split network unusual by this network then, judged result.This method by Bayesian statistical model find, unusual in the decision network, have the advantage of flexible, the intelligent degree height of method, accuracy of judgement.
Description of drawings:
Accompanying drawing is the network anomaly detection method flow chart that the present invention is based on Bayesian statistical model.
Embodiment:
Bayesian statistical analysis combines prior information with sample information, be used among the statistical inference.Comprehensive with Bayesian formula prior information and sample information, obtain posterior information.And the posterior information that obtains can be used as the priori that a new round is calculated, and is comprehensive with the sample information of further acquisition, the next posterior information of asking.Along with this process continues, posterior information is more and more to approach true value really.That is to say that the study mechanism of bayes method is existence really and effective.The process of this study is actually the process of an iteration.
Step of the present invention is:
(1) intercept mode with bypass and catch packet on the network:
(2) packet is carried out the decomposition of attribute with set form,
The attribute of packet decomposes and is meant that the network packet that will grab decomposes classification according to the attribute item.That is, produce the attribute record that each TCP/IP connects by grasping the form of network packet, the form of these records is as follows:
R(T,Src.IP,Src.Port,Dst.IP,Dst.Port,FLAG)
Wherein, the T representative connects the time of beginning; Src.IP represents source IP; Src.Port represents source port; Dst.IP represents purpose IP; Dst.Port represents destination interface; FLAG represents the state that TCP/IP connects.By above attribute item, system will be an attribute record collection of each TCP/IP linkage record R.
(3) data matrix that preliminary treatment is obtained carries out data mining, makes up the training data matrix of normal condition, known exception state and unknown abnormality,
Decompose classification according to the attribute item, form is as follows:
Connect | T | Src.IP | Src.Port | Dst.IP | Dst.Port | FLAG |
L1 | T1 | Src.IP1 | Src.Port1 | Dst.IP1 | Dst.Port1 | FLAG1 |
L2 | T2 | Src.IP2 | Src.Port2 | Dst.IP2 | Dst.Port2 | FLAG2 |
L3 | T3 | Src.IP3 | Src.Port3 | Dst.IP3 | Dst.Port3 | FLAG3 |
_ | _ | _ | _ | _ | _ | _ |
Ln | Tn | Src.IPn | Src.Portn | Dst.IPn | Dst.Portn | FLAGn |
(4) continue the real-time TCP/IP data on flows bag that grasps on the network, and carry out attribute and decompose, according to the formula of front
The x here
MjBe meant the mj row in the table, and
Calculate the Bayesian Estimation value of the packet of current period, and judge its state thus;
(5), then report to the police if note abnormalities.And unusual kind is packed into the known exception slip condition database in the mode of self study, otherwise directly carry out next step;
(6) forward (four) to.
It should be noted last that: above execution mode is the unrestricted technical scheme of the present invention in order to explanation only, although the present invention is had been described in detail with reference to above-mentioned execution mode, those of ordinary skill in the art is to be understood that: still can make amendment or be equal to replacement the present invention, and any modification that does not break away from the spirit and scope of the present invention is replaced with local, and it all should be encompassed in the claim scope of the present invention.
Claims (4)
1, based on the network anomaly detection method of Bayesian statistical model, comprises the steps successively
Step 1: intercept mode with bypass and grasp TCP/IP data on flows bag on the network;
Step 2: carry out the attribute decomposition for grabbing the packet that comes,, and form data matrix for the preliminary treatment of data is carried out in next step operation;
Step 3: the data matrix that preliminary treatment is obtained carries out data mining, makes up the training data matrix of normal condition, known exception state and unknown abnormality;
Step 4: continue to grasp in real time the TCP/IP data on flows bag on the network, it is detected by Bayes's evaluator;
Step 5: if note abnormalities, then report to the police and unusual kind is packed into the known exception slip condition database in the mode of self study, otherwise execution in step (four).
2, the network anomaly detection method based on Bayesian statistical model as claimed in claim 1, it is characterized in that: the attribute of the described packet of described step 2 decomposes and is meant that the network packet that will grab decomposes classification according to the attribute item, that is by grasping the form of network packet, produce the attribute record that each TCP/IP connects, the form of these records is as follows:
R(T,Src.IP,Src.Port,Dst.IP,Dst.Port,FLAG)
Wherein, the T representative connects the time of beginning; Src.IP represents source IP; Src.Port represents source port; Dst.IP represents purpose IP; Dst.Port represents destination interface; FLAG represents the state that TCP/IP connects.By above attribute item, system will be an attribute record collection of each TCP/IP linkage record R.
3, the network anomaly detection method based on Bayesian statistical model as claimed in claim 1 or 2, it is characterized in that: the described data matrix that preliminary treatment is obtained of described step 3 carries out data mining and is meant that continuing conclusion for training data matrix given, that include normal condition, known exception state and unknown abnormality handles, form a probability tables, in this table, the attributive character of a kind of stateful example of each row representative, a kind of stateful example of each row representative, this tableau format is as shown in the table:
A represents the title of stateful example in the last table, and these states comprise three types of normal condition, known exception state and unknown abnormalities; The property parameters of every kind of state of X representative.
4, the network anomaly detection method based on Bayesian statistical model as claimed in claim 3 is characterized in that: the algorithm of the described Bayes's evaluator of described step 4 is as follows
The x here
MjBe meant the mj row in the table, and
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2007100179191A CN101060444A (en) | 2007-05-23 | 2007-05-23 | Bayesian statistical model based network anomaly detection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2007100179191A CN101060444A (en) | 2007-05-23 | 2007-05-23 | Bayesian statistical model based network anomaly detection method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101060444A true CN101060444A (en) | 2007-10-24 |
Family
ID=38866348
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA2007100179191A Pending CN101060444A (en) | 2007-05-23 | 2007-05-23 | Bayesian statistical model based network anomaly detection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101060444A (en) |
Cited By (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2010037261A1 (en) * | 2008-09-26 | 2010-04-08 | 中联绿盟信息技术(北京)有限公司 | Equipment and method for network abnormal traffic analysis |
CN101848160A (en) * | 2010-05-26 | 2010-09-29 | 钱叶魁 | Method for detecting and classifying all-network flow abnormity on line |
CN102456032A (en) * | 2010-10-22 | 2012-05-16 | 北京启明星辰信息技术股份有限公司 | Database security protection method and device |
CN101594352B (en) * | 2009-07-02 | 2012-06-27 | 西安电子科技大学 | Classifying fusion intrusion detection method based on novel discovery and window function |
CN101645884B (en) * | 2009-08-26 | 2012-09-05 | 西安理工大学 | Multi-measure network abnormity detection method based on relative entropy theory |
CN103023725A (en) * | 2012-12-20 | 2013-04-03 | 北京工业大学 | Anomaly detection method based on network flow analysis |
CN101572691B (en) * | 2008-04-30 | 2013-10-02 | 华为技术有限公司 | Method, system and device for intrusion detection |
CN103440454A (en) * | 2013-08-01 | 2013-12-11 | 上海交通大学 | Search engine keyword-based active honeypot detection method |
CN103475663A (en) * | 2013-09-13 | 2013-12-25 | 无锡华御信息技术有限公司 | Trojan recognition method based on network communication behavior characteristics |
CN103516563A (en) * | 2013-10-18 | 2014-01-15 | 北京奇虎科技有限公司 | Equipment and method for monitoring abnormal or normal command |
CN103856467A (en) * | 2012-12-06 | 2014-06-11 | 百度在线网络技术(北京)有限公司 | Method and distributed system for achieving safety scanning |
CN104363253A (en) * | 2014-12-12 | 2015-02-18 | 北京奇虎科技有限公司 | Website security detecting method and device |
CN104363251A (en) * | 2014-12-12 | 2015-02-18 | 北京奇虎科技有限公司 | Website security detecting method and device |
CN104363252A (en) * | 2014-12-12 | 2015-02-18 | 北京奇虎科技有限公司 | Website security detecting method and device |
CN104378389A (en) * | 2014-12-12 | 2015-02-25 | 北京奇虎科技有限公司 | Website security detecting method and device |
CN105323258A (en) * | 2015-11-30 | 2016-02-10 | 睿峰网云(北京)科技股份有限公司 | Method and device for identifying abnormal flow based on time attenuation model |
CN105323257A (en) * | 2015-11-30 | 2016-02-10 | 睿峰网云(北京)科技股份有限公司 | Method and device for identifying abnormal flow |
CN105376248A (en) * | 2015-11-30 | 2016-03-02 | 睿峰网云(北京)科技股份有限公司 | Method and device for identifying abnormal flow |
CN105530218A (en) * | 2014-09-28 | 2016-04-27 | 北京奇虎科技有限公司 | Link security detection method and client |
CN106330544A (en) * | 2016-08-24 | 2017-01-11 | 华南师范大学 | Real-time alarm response method based on self-feedback model |
CN106446720A (en) * | 2016-09-08 | 2017-02-22 | 上海携程商务有限公司 | IDS rule optimization system and optimization method |
CN106982230A (en) * | 2017-05-10 | 2017-07-25 | 深信服科技股份有限公司 | A kind of flow rate testing methods and system |
CN107122658A (en) * | 2017-05-08 | 2017-09-01 | 四川长虹电器股份有限公司 | Database system of defense and method with autolearn feature |
CN107154950A (en) * | 2017-07-24 | 2017-09-12 | 深信服科技股份有限公司 | A kind of method and system of log stream abnormality detection |
CN107222497A (en) * | 2017-06-30 | 2017-09-29 | 联想(北京)有限公司 | Network traffic anomaly monitor method and electronic equipment |
CN107438052A (en) * | 2016-05-26 | 2017-12-05 | 中国科学院沈阳自动化研究所 | A kind of anomaly detection method towards unknown industrial communication protocol stipulations |
CN107483251A (en) * | 2017-08-22 | 2017-12-15 | 国网辽宁省电力有限公司辽阳供电公司 | A kind of Network exception detecting method based on the monitoring of distributed probe |
CN107733905A (en) * | 2017-10-24 | 2018-02-23 | 北京威努特技术有限公司 | A kind of detection method of industry control network unit exception flow |
CN108200032A (en) * | 2017-12-27 | 2018-06-22 | 北京奇艺世纪科技有限公司 | A kind of data detection method, device and electronic equipment |
CN108924118A (en) * | 2018-06-27 | 2018-11-30 | 亚信科技(成都)有限公司 | One kind hitting library behavioral value method and system |
CN109462521A (en) * | 2018-11-26 | 2019-03-12 | 华北电力大学 | A kind of network flow abnormal detecting method suitable for source net load interaction industrial control system |
CN109522095A (en) * | 2018-11-27 | 2019-03-26 | 无锡华云数据技术服务有限公司 | Cloud host abnormal failure detects recovery system, method and cloud platform |
CN109639526A (en) * | 2018-12-14 | 2019-04-16 | 中国移动通信集团福建有限公司 | Network Data Control method, apparatus, equipment and medium |
CN109688009A (en) * | 2018-12-28 | 2019-04-26 | 山东中孚安全技术有限公司 | Network abnormal data mining method based on service flow space diagram |
CN111565130A (en) * | 2020-04-22 | 2020-08-21 | 烽火通信科技股份有限公司 | TCP connection detection method and system |
CN111645745A (en) * | 2020-07-10 | 2020-09-11 | 广州百畅信息科技有限公司 | 5G communication server conveyer |
CN114039889A (en) * | 2021-09-27 | 2022-02-11 | 北京邮电大学 | Network anomaly detection method based on round-trip delay time sequence and related device |
-
2007
- 2007-05-23 CN CNA2007100179191A patent/CN101060444A/en active Pending
Cited By (52)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101572691B (en) * | 2008-04-30 | 2013-10-02 | 华为技术有限公司 | Method, system and device for intrusion detection |
WO2010037261A1 (en) * | 2008-09-26 | 2010-04-08 | 中联绿盟信息技术(北京)有限公司 | Equipment and method for network abnormal traffic analysis |
CN101686235B (en) * | 2008-09-26 | 2013-04-24 | 北京神州绿盟信息安全科技股份有限公司 | Device and method for analyzing abnormal network flow |
US8483056B2 (en) | 2008-09-26 | 2013-07-09 | NSFOCUS Information Technology Co., Ltd. | Analysis apparatus and method for abnormal network traffic |
CN101594352B (en) * | 2009-07-02 | 2012-06-27 | 西安电子科技大学 | Classifying fusion intrusion detection method based on novel discovery and window function |
CN101645884B (en) * | 2009-08-26 | 2012-09-05 | 西安理工大学 | Multi-measure network abnormity detection method based on relative entropy theory |
CN101848160A (en) * | 2010-05-26 | 2010-09-29 | 钱叶魁 | Method for detecting and classifying all-network flow abnormity on line |
CN101848160B (en) * | 2010-05-26 | 2012-07-18 | 钱叶魁 | Method for detecting and classifying all-network flow abnormity on line |
CN102456032A (en) * | 2010-10-22 | 2012-05-16 | 北京启明星辰信息技术股份有限公司 | Database security protection method and device |
CN102456032B (en) * | 2010-10-22 | 2013-06-19 | 北京启明星辰信息技术股份有限公司 | Database security protection method and device |
CN103856467A (en) * | 2012-12-06 | 2014-06-11 | 百度在线网络技术(北京)有限公司 | Method and distributed system for achieving safety scanning |
CN103856467B (en) * | 2012-12-06 | 2018-12-14 | 百度在线网络技术(北京)有限公司 | A kind of method and distributed system for realizing security sweep |
CN103023725A (en) * | 2012-12-20 | 2013-04-03 | 北京工业大学 | Anomaly detection method based on network flow analysis |
CN103440454B (en) * | 2013-08-01 | 2016-04-06 | 上海交通大学 | A kind of active honeypot detection method based on search engine keywords |
CN103440454A (en) * | 2013-08-01 | 2013-12-11 | 上海交通大学 | Search engine keyword-based active honeypot detection method |
CN103475663A (en) * | 2013-09-13 | 2013-12-25 | 无锡华御信息技术有限公司 | Trojan recognition method based on network communication behavior characteristics |
CN103475663B (en) * | 2013-09-13 | 2016-08-17 | 无锡华御信息技术有限公司 | Trojan horse recognition method based on network service behavior characteristics |
CN103516563A (en) * | 2013-10-18 | 2014-01-15 | 北京奇虎科技有限公司 | Equipment and method for monitoring abnormal or normal command |
CN105530218A (en) * | 2014-09-28 | 2016-04-27 | 北京奇虎科技有限公司 | Link security detection method and client |
CN104363253A (en) * | 2014-12-12 | 2015-02-18 | 北京奇虎科技有限公司 | Website security detecting method and device |
CN104378389A (en) * | 2014-12-12 | 2015-02-25 | 北京奇虎科技有限公司 | Website security detecting method and device |
CN104363252A (en) * | 2014-12-12 | 2015-02-18 | 北京奇虎科技有限公司 | Website security detecting method and device |
CN104363252B (en) * | 2014-12-12 | 2016-09-28 | 北京奇虎科技有限公司 | Website security detection method and device |
CN104363251A (en) * | 2014-12-12 | 2015-02-18 | 北京奇虎科技有限公司 | Website security detecting method and device |
CN105323257A (en) * | 2015-11-30 | 2016-02-10 | 睿峰网云(北京)科技股份有限公司 | Method and device for identifying abnormal flow |
CN105376248A (en) * | 2015-11-30 | 2016-03-02 | 睿峰网云(北京)科技股份有限公司 | Method and device for identifying abnormal flow |
CN105323258A (en) * | 2015-11-30 | 2016-02-10 | 睿峰网云(北京)科技股份有限公司 | Method and device for identifying abnormal flow based on time attenuation model |
CN107438052B (en) * | 2016-05-26 | 2019-10-25 | 中国科学院沈阳自动化研究所 | A kind of anomaly detection method towards unknown industrial communication protocol specification |
CN107438052A (en) * | 2016-05-26 | 2017-12-05 | 中国科学院沈阳自动化研究所 | A kind of anomaly detection method towards unknown industrial communication protocol stipulations |
CN106330544A (en) * | 2016-08-24 | 2017-01-11 | 华南师范大学 | Real-time alarm response method based on self-feedback model |
CN106330544B (en) * | 2016-08-24 | 2019-10-18 | 华南师范大学 | A kind of Real-time Alarm response method based on self feed back model |
CN106446720B (en) * | 2016-09-08 | 2019-02-01 | 上海携程商务有限公司 | The optimization system and optimization method of IDS rule |
CN106446720A (en) * | 2016-09-08 | 2017-02-22 | 上海携程商务有限公司 | IDS rule optimization system and optimization method |
CN107122658A (en) * | 2017-05-08 | 2017-09-01 | 四川长虹电器股份有限公司 | Database system of defense and method with autolearn feature |
CN106982230A (en) * | 2017-05-10 | 2017-07-25 | 深信服科技股份有限公司 | A kind of flow rate testing methods and system |
CN107222497A (en) * | 2017-06-30 | 2017-09-29 | 联想(北京)有限公司 | Network traffic anomaly monitor method and electronic equipment |
CN107154950A (en) * | 2017-07-24 | 2017-09-12 | 深信服科技股份有限公司 | A kind of method and system of log stream abnormality detection |
CN107154950B (en) * | 2017-07-24 | 2021-05-04 | 深信服科技股份有限公司 | Method and system for detecting log stream abnormity |
CN107483251A (en) * | 2017-08-22 | 2017-12-15 | 国网辽宁省电力有限公司辽阳供电公司 | A kind of Network exception detecting method based on the monitoring of distributed probe |
CN107483251B (en) * | 2017-08-22 | 2020-02-21 | 国网辽宁省电力有限公司辽阳供电公司 | Network service abnormity detection method based on distributed probe monitoring |
CN107733905A (en) * | 2017-10-24 | 2018-02-23 | 北京威努特技术有限公司 | A kind of detection method of industry control network unit exception flow |
CN108200032A (en) * | 2017-12-27 | 2018-06-22 | 北京奇艺世纪科技有限公司 | A kind of data detection method, device and electronic equipment |
CN108924118A (en) * | 2018-06-27 | 2018-11-30 | 亚信科技(成都)有限公司 | One kind hitting library behavioral value method and system |
CN108924118B (en) * | 2018-06-27 | 2021-07-02 | 亚信科技(成都)有限公司 | Method and system for detecting database collision behavior |
CN109462521A (en) * | 2018-11-26 | 2019-03-12 | 华北电力大学 | A kind of network flow abnormal detecting method suitable for source net load interaction industrial control system |
CN109522095A (en) * | 2018-11-27 | 2019-03-26 | 无锡华云数据技术服务有限公司 | Cloud host abnormal failure detects recovery system, method and cloud platform |
CN109639526A (en) * | 2018-12-14 | 2019-04-16 | 中国移动通信集团福建有限公司 | Network Data Control method, apparatus, equipment and medium |
CN109688009A (en) * | 2018-12-28 | 2019-04-26 | 山东中孚安全技术有限公司 | Network abnormal data mining method based on service flow space diagram |
CN109688009B (en) * | 2018-12-28 | 2022-03-11 | 山东中孚安全技术有限公司 | Network abnormal data mining method based on service flow space diagram |
CN111565130A (en) * | 2020-04-22 | 2020-08-21 | 烽火通信科技股份有限公司 | TCP connection detection method and system |
CN111645745A (en) * | 2020-07-10 | 2020-09-11 | 广州百畅信息科技有限公司 | 5G communication server conveyer |
CN114039889A (en) * | 2021-09-27 | 2022-02-11 | 北京邮电大学 | Network anomaly detection method based on round-trip delay time sequence and related device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101060444A (en) | Bayesian statistical model based network anomaly detection method | |
CN110213077B (en) | Method, device and system for determining safety event of power monitoring system | |
CN108521434B (en) | A kind of network security intrusion detecting system based on block chain technology | |
CN102821002B (en) | Network flow abnormal detecting method and system | |
NL2002694C2 (en) | Method and system for alert classification in a computer network. | |
CN105024877B (en) | A kind of Hadoop malicious node detecting systems based on user's behaviors analysis | |
CN1829953A (en) | Method and system for displaying network security incidents | |
CN101795215A (en) | Network traffic anomaly detection method and detection device | |
CN106453417A (en) | Network attack target prediction method based on neighbor similarity | |
CN101075917A (en) | Method and apparatus for predicting network attack behaviour | |
CN1642097A (en) | Journal accounting method and system | |
CN109698823B (en) | Network threat discovery method | |
CN1503508A (en) | Fault coherence analysis of network management system and implement method | |
CN110334105B (en) | Stream data abnormity detection method based on Storm | |
CN1635551A (en) | Universal multi-hierarchy alarm processing method | |
CN100342692C (en) | Invasion detecting device and invasion detecting system | |
CN112039906A (en) | Cloud computing-oriented network flow anomaly detection system and method | |
CN112583852A (en) | Abnormal flow detection method | |
CN114024762B (en) | LDoS attack detection method based on S-R analysis and FASSA-SVM | |
CN112600828B (en) | Attack detection and protection method and device for power control system based on data message | |
CN1750481A (en) | Network abnormal detecting method for weighting statistic model based on time section | |
CN112583842A (en) | Network security situation awareness system platform based on data stream processing | |
CN1612135A (en) | Invasion detection (protection) product and firewall product protocol identifying technology | |
CN1447263A (en) | Method for handling computer network information security events | |
Jianping et al. | A novel network attack audit system based on multi-agent technology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20071024 |