CN101257417A - Method for detecting TCP/IP protocol concealed channel based on fuzzy neural network - Google Patents
Method for detecting TCP/IP protocol concealed channel based on fuzzy neural network Download PDFInfo
- Publication number
- CN101257417A CN101257417A CNA2008100608990A CN200810060899A CN101257417A CN 101257417 A CN101257417 A CN 101257417A CN A2008100608990 A CNA2008100608990 A CN A2008100608990A CN 200810060899 A CN200810060899 A CN 200810060899A CN 101257417 A CN101257417 A CN 101257417A
- Authority
- CN
- China
- Prior art keywords
- neural network
- fuzzy neural
- network
- fuzzy
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for detecting TCP/IP protocol covert channel based on fuzzy neural network. The method adopting the fuzzy neural network introduces a novel method for detecting the network covert channel by analyzing a domain in a TCP/IP data package head structure of a network interface. The method firstly obtains the TCP/IP data package from the network interface, analyzes the option domain in the data package head structure to obtain a network connection feature vector, sends the feature vector into the fuzzy neural network, trains the fuzzy neural network by a self-adapting fuzzy neural inference system to form a model of the fuzzy neural network, subsequently, sends the feature vector into the model of trained fuzzy neural network to get an output value, and finally performs fuzzy clustering onto the output value so as to distinguish whether the output data has covert channel. The invention is applicable for a mainstream operating system, has wide application range, can increase the security of the operating system and effectively prevents secret information leakage.
Description
Technical field
The present invention relates to information security and field of neural networks, especially relate to a kind of ICP/IP protocol convert channel detection method based on fuzzy neural network.
Background technology
Convert channel is a kind ofly to carry out the mechanism of message transmission to run counter to security strategy, also is a difficult point problem in the information security field.According to " Trusted Computer System Evaluation Criteria " requirement (TCSEC) of U.S. Department of Defense's promulgation, must carry out the concealed channel analysis to B2 safe level and above system, and the bandwidth of estimation concealed channel, then according to the processing of bandwidth decision to concealed channel.China standard GB 17859-1999 " computer information system class of security protection criteria for classifying ", and other relevant international and domestic standards have similar regulation.Convert channel can be divided into two classes: convert channel in the operating system and the convert channel in the network.Along with rapid development of network technology, whole network can be counted as a huge computer system, this under network environment with the closely-related convert channel of procotol, be commonly referred to as Network Covert Channel.It utilizes improper means transmission information in network, breaks through network security mechanism.Because these characteristics, the research to Network Covert Channel the angle of information security has special meaning.
Existing in the world at present convert channel identification method mainly contains following a few class: (1) semantic information stream method, (2) shared resource matrices method, (3) syntactic information stream method, (4) non-interferometric method.What wherein semantic information stream method and shared resource matrices method were used is many.These methods all are at the convert channel in the operating system, do not have special method in the Network Covert Channel context of detection at present, and detection convert channel Network Based is current focus direction about convert channel research.Investigative technique for it is many, and relates to the knowledge in a plurality of fields such as probability theory, statistical learning simultaneously.But now many technology still are in the junior stage the technology that stream profiling is relatively full-fledged.It extracts, sets up the feature discrimination model of various normal flow by writing down and analyze the normal flow of various different agreements.When in detecting a network, whether having certain class convert channel, only need see whether the communication characteristic in the current network meets corresponding characteristic model, just can judge whether to have the possibility that has convert channel.Present most application realizes all being based on this technology.
Summary of the invention
The objective of the invention is to solve its technical barrier, a kind of ICP/IP protocol convert channel detection method based on fuzzy neural network is provided.
ICP/IP protocol convert channel detection method based on fuzzy neural network comprises the steps:
1) sets up filter,, grasp the TCP/IP packet of exporting on the network interface according to the packet of filtering rule filtration by network interface;
2) option field in the data head-coating structure is analyzed the formation characteristic vector, then characteristic vector is imported fuzzy neural network;
3) fuzzy neural network is handled characteristic vector, at last the output result is carried out fuzzy clustering, and the result judges whether to exist convert channel by output.
The ICP/IP protocol bag of exporting on the described extracting network interface comprises the steps:
1) set up filter, the pointer of Data transmission link layer packet is given filter;
2) according to filtering rule filtering data bag, will duplicate portion by the packet of filtercondition and be put in the buffer memory chained list, when chained list surpasses the maximum of setting, send the chained list of preserving packet to the data packet analysis module;
3) transmitted packet, network driver regains control, and system carries out normal procotol and handles, and transmits the packet of giving filter just now and arrives the Upper Level Network Protocol stack;
Described option field in the data head-coating structure is analyzed forms characteristic vector and comprises the steps:
1) analyze packet structure, TCP/IP header structure in the sense data bag takes out destination address domain, port numbers territory and complement mark bit field;
2) analyze option field in Transmission Control Protocol header structure and the IP protocol header structure, if this territory is empty, then this partial results is 0, otherwise this partial results is 1, utilizes these two generating feature vectors as a result;
3) characteristic vector is classified according to destination address, each packet that each TCP/IP is connected from start to end all generates vector, be inserted into then in the chained list in the character pair vector set, when a TCP/IP connect finish after, set of eigenvectors is delivered to neural network module.
Described fuzzy neural network is handled characteristic vector, at last the output result is carried out fuzzy clustering, and the result judges whether to exist convert channel to comprise the steps: by output
1) training stage
A. receive set of eigenvectors from data acquisition module, set of eigenvectors connects all corresponding characteristic vectors by a TCP/IP and forms, and submits the fuzzy neural network module to;
B. utilize the Adaptive Fuzzy Neural-network inference system to train,, obtain fuzzy neural network model until system stability;
2) detection-phase
A. receive set of eigenvectors from data acquisition module, submit the fuzzy neural network module after corresponding training is finished to, obtain output valve;
B. fuzzy clustering is carried out in set to output valve, and whether the data of differentiating network output exist convert channel.
Described characteristic vector is classified according to destination address: Network Covert Channel is that unit classifies with the destination address normally to certain concrete address reveal information here, and information transmitted in the network is monitored.
Described output valve is gathered carried out fuzzy clustering, and whether the data of differentiating network output exist convert channel: Fuzzy C-Means Clustering is carried out in set to the neural net output valve, and output is 0 or 1, wherein 0 represents normally, and 1 representative is unusual.
The present invention expands to the network security aspect with fuzzy neural network, realizes the detection of Network Covert Channel.Compare with the detection method of other convert channel: 1) the present invention realizes simply, and it is more accurate to detect; 2) have good retractility, can detect other protocol data bags by simple modification; 3) be applicable to that (Network Covert Channel Unix) detects mainstream operation system for Windows, Linux.
Description of drawings
Fig. 1 is a system configuration schematic diagram of the present invention;
Fig. 2 is a storage chains list structure schematic diagram of the present invention.
Embodiment
ICP/IP protocol convert channel detection method based on fuzzy neural network comprises the steps:
1. set up filter,, grasp the TCP/IP packet of exporting on the network interface according to the packet of filtering rule filtration by network interface;
2. option field in the data head-coating structure is analyzed the formation characteristic vector, then characteristic vector is imported fuzzy neural network;
3. fuzzy neural network is handled characteristic vector, at last the output result is carried out fuzzy clustering, and the result judges whether to exist convert channel by output.
The ICP/IP protocol bag of exporting on the described extracting network interface comprises the steps:
1) set up filter, the pointer of Data transmission link layer packet is given filter;
(1) set up filter, in order to accelerate the rate of filtration, use filter virtual machine mode here, the predicate rule of filtering rule is expressed as follows:
(src local)and(tcp)
Wherein:
Local: indicate filtering rule and be applied to current machine;
Src: the source address field that needs captured packets is the host address
Tcp: monitoring tcp protocol data bag
Data acquisition module uses the filter virtual machine, and it is as follows that the predicate rule is converted to the filter virtual machine instructions:
// check whether be the IP agreement
L1:ldh[12]
L2:jeq#ETHERTYPE_IP,L3,L7
// check whether be Transmission Control Protocol
L3:ldh[23]
L4:jeq#TCP,L5,L7
// check whether source address is host
L5:ldh[28]
L6:jeq#host,L8,L7
L7:ret#FALSE
L8:ret#TRUE
Packet filtering is regarded packet as a byte arrays, and the predicate judgement is carried out interpretation filtration work according to 12,23 bytes that ICP/IP protocol is mapped to array.
The upper-layer protocol types value that Ethernet data is sealed dress is loaded in the a.L1 instruction, and itself and IP types value (0X0800) are compared in the L2 instruction, if equate, jump to the L3 place, if unequal, redirect L7 return false;
B.L3 instruction loading data is sealed the upper-layer protocol types value of dress, and L4 compares itself and TCP types value, if equate, jumps to the L5 place, if unequal, jumps to the L7 return false;
The source address that Ethernet data is sealed dress is loaded in the c.L5 instruction, and L6 compares itself and current machine address, if equate, jumps to L8, return true, if unequal, redirect L7 return false.
(2) pointer of Data transmission link layer packet is given filter;
At first obtain read lock, obtain the pointer that is subjected to the read lock protection, the pointer of Data transmission link layer packet is given filter, discharges read lock at last.
read_lock();
old_fp=dereference(filter);
Assign_pointer (filter, fp); The pointer of // Data transmission link layer packet is given filter
read_unlock();
fp=old_fp;
2) according to filtering rule filtering data bag, will duplicate portion by the packet of filtercondition and be put in the buffer memory chained list, when chained list surpasses the maximum of setting, send the chained list of preserving packet to the data packet analysis module;
3) transmitted packet, network driver regains control, and system carries out normal procotol and handles, and transmits the packet of giving filter just now and arrives the Upper Level Network Protocol stack;
Described option field in the data head-coating structure is analyzed forms characteristic vector and comprises the steps:
1) analyze packet structure, TCP/IP header structure in the sense data bag takes out destination address domain, port numbers territory and complement mark bit field;
2) analyze option field in Transmission Control Protocol header structure and the IP protocol header structure, if this territory is empty, then this partial results is 0, otherwise this partial results is 1, utilizes these two generating feature vector X (x as a result
1, x
2);
With bit field representation feature vector X (x
1, x
2), then two bit fields are combined, as return results, the Vec structure is used for depositing concrete characteristic vector, and it is defined as follows:
Table: Vec definition
Type | Variable | Describe |
char | TcpVec:1 | The TCP characteristic value |
char | IPVec :1 | The IP characteristic value |
3) characteristic vector is classified according to destination address; Each packet that each TCP/IP is connected from start to end all generates vector, be inserted into then in the chained list in the character pair vector set, when a TCP/IP connect finish after, set of eigenvectors is delivered to neural network module.The storage node structure DstNode that with the destination address is unit is as follows:
Table: DstNode definition
Type | Variable | Describe |
int | Dst | Destination address |
int | Num | The vector set number |
struct Connect | Cnt | The set of eigenvectors pointer |
struct DstNode * | Next | The next node pointer |
Search chained list, find out the node of destination address correspondence, if there is no then create this node, and then under this node, look for corresponding port, if lookup result is empty, then create the node of this port correspondence, vector set number (Num) value adds 1, otherwise, be put into respective nodes chained list afterbody; Here distinguish different TCP/IP by port numbers and connect, the TCP/IP connection is defined in count feature vector set pointer (Cnt) structure the inside, and it is defined as follows:
Table: Cnt definition
Type | Variable | Describe |
struct Vec | TcpIp | The characteristic vector pointer |
struct Cnt * | next | The next node pointer |
When a TCP/IP connects end, the set of eigenvectors under the corresponding destination address is submitted to the fuzzy neural network module, vector set number (Num) value subtracts 1, checks the value of vector set number (Num), if 0, then destroy the node of this destination address correspondence;
Described fuzzy neural network is handled characteristic vector, at last the output result is carried out Fuzzy C-Means Clustering, and the result judges whether to exist convert channel to comprise the steps: by output
The fuzzy neural network part
Fuzzy neural network adopts the Takagi-Sugeno Fuzzy Logic Reasoning Algorithm, and it is output as exact value, sticks with paste the linear combination that regular consequent partly is expressed as output variable input variable at the Takagi-Sugeno pattern, and zeroth order Sugeno pattern is stuck with paste rule and had following form:
If x is that A and y is B then z=k
Wherein k is a constant.And single order Sugeno pattern paste rule has following form:
If x is that A and y is B then z=px+qy+r
Wherein, p, q, r are constants.
Stick with paste inference system for a Takagi-Sugenno pattern of forming by n bar rule, establish every rule and have following form:
If x is that A and y is B then z=z
i(i=1,2 ..., n)
Then system is total is output as:
1) training stage
A. receive set of eigenvectors from data acquisition module, set of eigenvectors connects all corresponding characteristic vectors by a TCP/IP and forms, and submits the fuzzy neural network module to;
B. utilize the Adaptive Fuzzy Neural-network inference system to train,, obtain fuzzy neural network model until system stability;
2) detection-phase
A. receive set of eigenvectors X from data acquisition module
1, X
2... X
n, submit the fuzzy neural network module after corresponding training is finished to, obtain output valve Y (y
1, y
2... y
n);
B. fuzzy clustering is carried out in set to output valve, and whether the data of differentiating network output exist convert channel.
Utilize Fuzzy C-Means Clustering that output valve is gathered and classify, if y
i(1≤i≤n) belongs to 1 class, then input feature value x
i(1≤i≤n) there is convert channel in the network of correspondence in connecting, if y
i(1≤i≤n) belongs to 0 class, then input feature value x
i(1≤i≤n) there is not convert channel in the network of correspondence in connecting; Output valve exports 0 or 1 after Fuzzy C-Means Clustering, wherein 0 representative is normal, and 1 representative is unusual.
Claims (6)
1. the ICP/IP protocol convert channel detection method based on fuzzy neural network is characterized in that comprising the steps:
1) sets up filter,, grasp the TCP/IP packet of exporting on the network interface according to the packet of filtering rule filtration by network interface;
2) option field in the data head-coating structure is analyzed the formation characteristic vector, then characteristic vector is imported fuzzy neural network;
3) fuzzy neural network is handled characteristic vector, at last the output result is carried out fuzzy clustering, and the result judges whether to exist convert channel by output.
2. a kind of ICP/IP protocol convert channel detection method based on fuzzy neural network according to claim 1 is characterized in that the ICP/IP protocol bag of exporting on the described extracting network interface comprises the steps:
1) set up filter, the pointer of Data transmission link layer packet is given filter;
2) according to filtering rule filtering data bag, will duplicate portion by the packet of filtercondition and be put in the buffer memory chained list, when chained list surpasses the maximum of setting, send the chained list of preserving packet to the data packet analysis module;
3) transmitted packet, network driver regains control, and system carries out normal procotol and handles, and transmits the packet of giving filter just now and arrives the Upper Level Network Protocol stack;
3. a kind of ICP/IP protocol convert channel detection method based on fuzzy neural network according to claim 1 is characterized in that described option field in the data head-coating structure is analyzed forms characteristic vector and comprise the steps:
1) analyze packet structure, TCP/IP header structure in the sense data bag takes out destination address domain, port numbers territory and complement mark bit field;
2) analyze option field in Transmission Control Protocol header structure and the IP protocol header structure, if this territory is empty, then this partial results is 0, otherwise this partial results is 1, utilizes these two generating feature vectors as a result;
3) characteristic vector is classified according to destination address, each packet that each TCP/IP is connected from start to end all generates vector, be inserted into then in the chained list in the character pair vector set, when a TCP/IP connect finish after, set of eigenvectors is delivered to neural network module.
4. a kind of ICP/IP protocol convert channel detection method according to claim 1 based on fuzzy neural network, it is characterized in that described fuzzy neural network handles characteristic vector, at last the output result is carried out fuzzy clustering, the result judges whether to exist convert channel to comprise the steps: by output
1) training stage
A. receive set of eigenvectors from data acquisition module, set of eigenvectors connects all corresponding characteristic vectors by a TCP/IP and forms, and submits the fuzzy neural network module to;
B. utilize the Adaptive Fuzzy Neural-network inference system to train,, obtain fuzzy neural network model until system stability;
2) detection-phase
A. receive set of eigenvectors from data acquisition module, submit the fuzzy neural network module after corresponding training is finished to, obtain output valve;
B. fuzzy clustering is carried out in set to output valve, and whether the data of differentiating network output exist convert channel.
5. a kind of ICP/IP protocol convert channel detection method according to claim 3 based on fuzzy neural network, it is characterized in that described characteristic vector being classified according to destination address: Network Covert Channel is normally to certain concrete address reveal information, here be that unit classifies with the destination address, information transmitted in the network is monitored.
6. a kind of ICP/IP protocol convert channel detection method according to claim 4 based on fuzzy neural network, it is characterized in that carrying out fuzzy clustering described output valve is gathered, whether the data of differentiating network output exist convert channel: Fuzzy C-Means Clustering is carried out in set to the neural net output valve, output is 0 or 1, wherein 0 representative is normal, and 1 representative is unusual.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2008100608990A CN101257417A (en) | 2008-03-25 | 2008-03-25 | Method for detecting TCP/IP protocol concealed channel based on fuzzy neural network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2008100608990A CN101257417A (en) | 2008-03-25 | 2008-03-25 | Method for detecting TCP/IP protocol concealed channel based on fuzzy neural network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101257417A true CN101257417A (en) | 2008-09-03 |
Family
ID=39891907
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA2008100608990A Pending CN101257417A (en) | 2008-03-25 | 2008-03-25 | Method for detecting TCP/IP protocol concealed channel based on fuzzy neural network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101257417A (en) |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101873638A (en) * | 2010-07-15 | 2010-10-27 | 吉林大学 | Heterogeneous wireless network access selection method based on fuzzy neural network |
CN101527679B (en) * | 2009-03-12 | 2010-12-29 | 上海交通大学 | Interference method based on adaptive random-relayed TCP/IP network hidden-time signal path |
CN102045158A (en) * | 2010-11-26 | 2011-05-04 | 中国科学院软件研究所 | Concealed channel identification method |
CN102916972A (en) * | 2012-11-05 | 2013-02-06 | 杭州迪普科技有限公司 | Method and device for hiding web server information |
CN103228468A (en) * | 2010-11-24 | 2013-07-31 | 米其林集团总公司 | Method for reading data stored in an electronic device for a tyre |
CN103279414A (en) * | 2013-05-23 | 2013-09-04 | 北京大学 | Covert channel detection method suitable for Xen virtualization platform |
CN104753617A (en) * | 2015-03-17 | 2015-07-01 | 中国科学技术大学苏州研究院 | Detection method of time-sequence type covert channel based on neural network |
CN105100091A (en) * | 2015-07-13 | 2015-11-25 | 北京奇虎科技有限公司 | Protocol identification method and protocol identification system |
CN106355250A (en) * | 2016-08-31 | 2017-01-25 | 天津南大通用数据技术股份有限公司 | Optimization method and device for judging convert channels based on neural network |
CN107238742A (en) * | 2017-04-24 | 2017-10-10 | 天津瑞能电气有限公司 | MW class micro-capacitance sensor and off-network switching transient state monitoring system |
CN107332723A (en) * | 2016-04-28 | 2017-11-07 | 华为技术有限公司 | The detection method and detection device of convert channel |
CN108156034A (en) * | 2017-12-22 | 2018-06-12 | 武汉噢易云计算股份有限公司 | A kind of message forwarding method and message forwarding system based on deep neural network auxiliary |
CN109992657A (en) * | 2019-04-03 | 2019-07-09 | 浙江大学 | A kind of interactive problem generation method based on reinforcing Dynamic Inference |
CN110336806A (en) * | 2019-06-27 | 2019-10-15 | 四川大学 | A kind of covert communications detection method of combination session behavior and correspondence |
CN111461204A (en) * | 2020-03-30 | 2020-07-28 | 华南理工大学 | Emotion identification method based on electroencephalogram signals and used for game evaluation |
CN111478921A (en) * | 2020-04-27 | 2020-07-31 | 深信服科技股份有限公司 | Method, device and equipment for detecting communication of hidden channel |
CN111885146A (en) * | 2020-07-21 | 2020-11-03 | 合肥学院 | Industrial data cloud service platform data transmission method for new energy automobile drive motor assembly production line |
CN116599779A (en) * | 2023-07-19 | 2023-08-15 | 中国电信股份有限公司江西分公司 | IPv6 cloud conversion method for improving network security performance |
-
2008
- 2008-03-25 CN CNA2008100608990A patent/CN101257417A/en active Pending
Cited By (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101527679B (en) * | 2009-03-12 | 2010-12-29 | 上海交通大学 | Interference method based on adaptive random-relayed TCP/IP network hidden-time signal path |
CN101873638B (en) * | 2010-07-15 | 2013-04-17 | 吉林大学 | Heterogeneous wireless network access selection method based on fuzzy neural network |
CN101873638A (en) * | 2010-07-15 | 2010-10-27 | 吉林大学 | Heterogeneous wireless network access selection method based on fuzzy neural network |
CN103228468A (en) * | 2010-11-24 | 2013-07-31 | 米其林集团总公司 | Method for reading data stored in an electronic device for a tyre |
CN102045158A (en) * | 2010-11-26 | 2011-05-04 | 中国科学院软件研究所 | Concealed channel identification method |
CN102916972B (en) * | 2012-11-05 | 2016-05-11 | 杭州迪普科技有限公司 | A kind of method of hiding web server information and device |
CN102916972A (en) * | 2012-11-05 | 2013-02-06 | 杭州迪普科技有限公司 | Method and device for hiding web server information |
CN103279414A (en) * | 2013-05-23 | 2013-09-04 | 北京大学 | Covert channel detection method suitable for Xen virtualization platform |
CN103279414B (en) * | 2013-05-23 | 2016-04-20 | 北京大学 | A kind of convert channel detection method being applicable to Xen virtual platform |
CN104753617A (en) * | 2015-03-17 | 2015-07-01 | 中国科学技术大学苏州研究院 | Detection method of time-sequence type covert channel based on neural network |
CN104753617B (en) * | 2015-03-17 | 2017-06-13 | 中国科学技术大学苏州研究院 | The hidden channel detection method of sequential type based on neutral net |
CN105100091A (en) * | 2015-07-13 | 2015-11-25 | 北京奇虎科技有限公司 | Protocol identification method and protocol identification system |
CN105100091B (en) * | 2015-07-13 | 2018-12-14 | 北京奇安信科技有限公司 | A kind of protocol recognition method and system |
CN107332723A (en) * | 2016-04-28 | 2017-11-07 | 华为技术有限公司 | The detection method and detection device of convert channel |
CN107332723B (en) * | 2016-04-28 | 2020-09-04 | 华为技术有限公司 | Detection method and detection equipment for hidden channel |
CN106355250A (en) * | 2016-08-31 | 2017-01-25 | 天津南大通用数据技术股份有限公司 | Optimization method and device for judging convert channels based on neural network |
CN106355250B (en) * | 2016-08-31 | 2019-04-30 | 天津南大通用数据技术股份有限公司 | The optimization method and device of judgement private communication channel neural network based |
CN107238742A (en) * | 2017-04-24 | 2017-10-10 | 天津瑞能电气有限公司 | MW class micro-capacitance sensor and off-network switching transient state monitoring system |
CN108156034A (en) * | 2017-12-22 | 2018-06-12 | 武汉噢易云计算股份有限公司 | A kind of message forwarding method and message forwarding system based on deep neural network auxiliary |
CN109992657A (en) * | 2019-04-03 | 2019-07-09 | 浙江大学 | A kind of interactive problem generation method based on reinforcing Dynamic Inference |
CN109992657B (en) * | 2019-04-03 | 2021-03-30 | 浙江大学 | Dialogue type problem generation method based on enhanced dynamic reasoning |
CN110336806A (en) * | 2019-06-27 | 2019-10-15 | 四川大学 | A kind of covert communications detection method of combination session behavior and correspondence |
CN111461204A (en) * | 2020-03-30 | 2020-07-28 | 华南理工大学 | Emotion identification method based on electroencephalogram signals and used for game evaluation |
CN111461204B (en) * | 2020-03-30 | 2023-05-26 | 华南理工大学 | Emotion recognition method based on electroencephalogram signals for game evaluation |
CN111478921A (en) * | 2020-04-27 | 2020-07-31 | 深信服科技股份有限公司 | Method, device and equipment for detecting communication of hidden channel |
CN111885146A (en) * | 2020-07-21 | 2020-11-03 | 合肥学院 | Industrial data cloud service platform data transmission method for new energy automobile drive motor assembly production line |
CN111885146B (en) * | 2020-07-21 | 2022-06-24 | 合肥学院 | Data transmission method for industrial data cloud service platform |
CN116599779A (en) * | 2023-07-19 | 2023-08-15 | 中国电信股份有限公司江西分公司 | IPv6 cloud conversion method for improving network security performance |
CN116599779B (en) * | 2023-07-19 | 2023-10-27 | 中国电信股份有限公司江西分公司 | IPv6 cloud conversion method for improving network security performance |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101257417A (en) | Method for detecting TCP/IP protocol concealed channel based on fuzzy neural network | |
Amini et al. | RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks | |
CN110719275B (en) | Method for detecting power terminal vulnerability attack based on message characteristics | |
CN110011999A (en) | IPv6 network ddos attack detection system and method based on deep learning | |
Kayacik et al. | On the capability of an SOM based intrusion detection system | |
CN102271068B (en) | Method for detecting DOS/DDOS (denial of service/distributed denial of service) attack | |
Pan et al. | Hybrid neural network and C4. 5 for misuse detection | |
CN109391700A (en) | Internet of Things safe cloud platform based on depth traffic aware | |
CN108123931A (en) | Ddos attack defence installation and method in a kind of software defined network | |
CN106357622A (en) | Network anomaly flow detection and defense system based on SDN (software defined networking) | |
CN105554016A (en) | Network attack processing method and device | |
CN104618377A (en) | NetFlow based botnet network detection system and detection method | |
CN101729389A (en) | Flow control device and method based on flow prediction and trusted network address learning | |
CN105281973A (en) | Webpage fingerprint identification method aiming at specific website category | |
CN107566192A (en) | A kind of abnormal flow processing method and Network Management Equipment | |
KR101448550B1 (en) | Apparatus and Method for Traffic Classificaiton | |
CN110430224A (en) | A kind of communication network anomaly detection method based on random block models | |
CN109639624A (en) | Lopsided data filtering method in a kind of Modbus Transmission Control Protocol fuzz testing | |
CN101714948B (en) | A kind of sorting technique of net bag of multiple domain and device | |
CN107070952A (en) | A kind of network node Traffic Anomaly analysis method and system | |
CN110266680B (en) | Industrial communication anomaly detection method based on dual similarity measurement | |
CN105871861A (en) | Intrusion detection method for self-learning protocol rule | |
Tan et al. | DDoS detection method based on Gini impurity and random forest in SDN environment | |
CN111669396B (en) | Self-learning security defense method and system for software-defined Internet of things | |
Tavallaee et al. | Online classification of network flows |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20080903 |