CN101257417A - Method for detecting TCP/IP protocol concealed channel based on fuzzy neural network - Google Patents

Method for detecting TCP/IP protocol concealed channel based on fuzzy neural network Download PDF

Info

Publication number
CN101257417A
CN101257417A CNA2008100608990A CN200810060899A CN101257417A CN 101257417 A CN101257417 A CN 101257417A CN A2008100608990 A CNA2008100608990 A CN A2008100608990A CN 200810060899 A CN200810060899 A CN 200810060899A CN 101257417 A CN101257417 A CN 101257417A
Authority
CN
China
Prior art keywords
neural network
fuzzy neural
network
fuzzy
protocol
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2008100608990A
Other languages
Chinese (zh)
Inventor
王建强
平玲娣
潘雪增
姜励
陈小平
李善平
陈健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
Original Assignee
Zhejiang University ZJU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU filed Critical Zhejiang University ZJU
Priority to CNA2008100608990A priority Critical patent/CN101257417A/en
Publication of CN101257417A publication Critical patent/CN101257417A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method for detecting TCP/IP protocol covert channel based on fuzzy neural network. The method adopting the fuzzy neural network introduces a novel method for detecting the network covert channel by analyzing a domain in a TCP/IP data package head structure of a network interface. The method firstly obtains the TCP/IP data package from the network interface, analyzes the option domain in the data package head structure to obtain a network connection feature vector, sends the feature vector into the fuzzy neural network, trains the fuzzy neural network by a self-adapting fuzzy neural inference system to form a model of the fuzzy neural network, subsequently, sends the feature vector into the model of trained fuzzy neural network to get an output value, and finally performs fuzzy clustering onto the output value so as to distinguish whether the output data has covert channel. The invention is applicable for a mainstream operating system, has wide application range, can increase the security of the operating system and effectively prevents secret information leakage.

Description

ICP/IP protocol convert channel detection method based on fuzzy neural network
Technical field
The present invention relates to information security and field of neural networks, especially relate to a kind of ICP/IP protocol convert channel detection method based on fuzzy neural network.
Background technology
Convert channel is a kind ofly to carry out the mechanism of message transmission to run counter to security strategy, also is a difficult point problem in the information security field.According to " Trusted Computer System Evaluation Criteria " requirement (TCSEC) of U.S. Department of Defense's promulgation, must carry out the concealed channel analysis to B2 safe level and above system, and the bandwidth of estimation concealed channel, then according to the processing of bandwidth decision to concealed channel.China standard GB 17859-1999 " computer information system class of security protection criteria for classifying ", and other relevant international and domestic standards have similar regulation.Convert channel can be divided into two classes: convert channel in the operating system and the convert channel in the network.Along with rapid development of network technology, whole network can be counted as a huge computer system, this under network environment with the closely-related convert channel of procotol, be commonly referred to as Network Covert Channel.It utilizes improper means transmission information in network, breaks through network security mechanism.Because these characteristics, the research to Network Covert Channel the angle of information security has special meaning.
Existing in the world at present convert channel identification method mainly contains following a few class: (1) semantic information stream method, (2) shared resource matrices method, (3) syntactic information stream method, (4) non-interferometric method.What wherein semantic information stream method and shared resource matrices method were used is many.These methods all are at the convert channel in the operating system, do not have special method in the Network Covert Channel context of detection at present, and detection convert channel Network Based is current focus direction about convert channel research.Investigative technique for it is many, and relates to the knowledge in a plurality of fields such as probability theory, statistical learning simultaneously.But now many technology still are in the junior stage the technology that stream profiling is relatively full-fledged.It extracts, sets up the feature discrimination model of various normal flow by writing down and analyze the normal flow of various different agreements.When in detecting a network, whether having certain class convert channel, only need see whether the communication characteristic in the current network meets corresponding characteristic model, just can judge whether to have the possibility that has convert channel.Present most application realizes all being based on this technology.
Summary of the invention
The objective of the invention is to solve its technical barrier, a kind of ICP/IP protocol convert channel detection method based on fuzzy neural network is provided.
ICP/IP protocol convert channel detection method based on fuzzy neural network comprises the steps:
1) sets up filter,, grasp the TCP/IP packet of exporting on the network interface according to the packet of filtering rule filtration by network interface;
2) option field in the data head-coating structure is analyzed the formation characteristic vector, then characteristic vector is imported fuzzy neural network;
3) fuzzy neural network is handled characteristic vector, at last the output result is carried out fuzzy clustering, and the result judges whether to exist convert channel by output.
The ICP/IP protocol bag of exporting on the described extracting network interface comprises the steps:
1) set up filter, the pointer of Data transmission link layer packet is given filter;
2) according to filtering rule filtering data bag, will duplicate portion by the packet of filtercondition and be put in the buffer memory chained list, when chained list surpasses the maximum of setting, send the chained list of preserving packet to the data packet analysis module;
3) transmitted packet, network driver regains control, and system carries out normal procotol and handles, and transmits the packet of giving filter just now and arrives the Upper Level Network Protocol stack;
Described option field in the data head-coating structure is analyzed forms characteristic vector and comprises the steps:
1) analyze packet structure, TCP/IP header structure in the sense data bag takes out destination address domain, port numbers territory and complement mark bit field;
2) analyze option field in Transmission Control Protocol header structure and the IP protocol header structure, if this territory is empty, then this partial results is 0, otherwise this partial results is 1, utilizes these two generating feature vectors as a result;
3) characteristic vector is classified according to destination address, each packet that each TCP/IP is connected from start to end all generates vector, be inserted into then in the chained list in the character pair vector set, when a TCP/IP connect finish after, set of eigenvectors is delivered to neural network module.
Described fuzzy neural network is handled characteristic vector, at last the output result is carried out fuzzy clustering, and the result judges whether to exist convert channel to comprise the steps: by output
1) training stage
A. receive set of eigenvectors from data acquisition module, set of eigenvectors connects all corresponding characteristic vectors by a TCP/IP and forms, and submits the fuzzy neural network module to;
B. utilize the Adaptive Fuzzy Neural-network inference system to train,, obtain fuzzy neural network model until system stability;
2) detection-phase
A. receive set of eigenvectors from data acquisition module, submit the fuzzy neural network module after corresponding training is finished to, obtain output valve;
B. fuzzy clustering is carried out in set to output valve, and whether the data of differentiating network output exist convert channel.
Described characteristic vector is classified according to destination address: Network Covert Channel is that unit classifies with the destination address normally to certain concrete address reveal information here, and information transmitted in the network is monitored.
Described output valve is gathered carried out fuzzy clustering, and whether the data of differentiating network output exist convert channel: Fuzzy C-Means Clustering is carried out in set to the neural net output valve, and output is 0 or 1, wherein 0 represents normally, and 1 representative is unusual.
The present invention expands to the network security aspect with fuzzy neural network, realizes the detection of Network Covert Channel.Compare with the detection method of other convert channel: 1) the present invention realizes simply, and it is more accurate to detect; 2) have good retractility, can detect other protocol data bags by simple modification; 3) be applicable to that (Network Covert Channel Unix) detects mainstream operation system for Windows, Linux.
Description of drawings
Fig. 1 is a system configuration schematic diagram of the present invention;
Fig. 2 is a storage chains list structure schematic diagram of the present invention.
Embodiment
ICP/IP protocol convert channel detection method based on fuzzy neural network comprises the steps:
1. set up filter,, grasp the TCP/IP packet of exporting on the network interface according to the packet of filtering rule filtration by network interface;
2. option field in the data head-coating structure is analyzed the formation characteristic vector, then characteristic vector is imported fuzzy neural network;
3. fuzzy neural network is handled characteristic vector, at last the output result is carried out fuzzy clustering, and the result judges whether to exist convert channel by output.
The ICP/IP protocol bag of exporting on the described extracting network interface comprises the steps:
1) set up filter, the pointer of Data transmission link layer packet is given filter;
(1) set up filter, in order to accelerate the rate of filtration, use filter virtual machine mode here, the predicate rule of filtering rule is expressed as follows:
(src local)and(tcp)
Wherein:
Local: indicate filtering rule and be applied to current machine;
Src: the source address field that needs captured packets is the host address
Tcp: monitoring tcp protocol data bag
Data acquisition module uses the filter virtual machine, and it is as follows that the predicate rule is converted to the filter virtual machine instructions:
// check whether be the IP agreement
L1:ldh[12]
L2:jeq#ETHERTYPE_IP,L3,L7
// check whether be Transmission Control Protocol
L3:ldh[23]
L4:jeq#TCP,L5,L7
// check whether source address is host
L5:ldh[28]
L6:jeq#host,L8,L7
L7:ret#FALSE
L8:ret#TRUE
Packet filtering is regarded packet as a byte arrays, and the predicate judgement is carried out interpretation filtration work according to 12,23 bytes that ICP/IP protocol is mapped to array.
The upper-layer protocol types value that Ethernet data is sealed dress is loaded in the a.L1 instruction, and itself and IP types value (0X0800) are compared in the L2 instruction, if equate, jump to the L3 place, if unequal, redirect L7 return false;
B.L3 instruction loading data is sealed the upper-layer protocol types value of dress, and L4 compares itself and TCP types value, if equate, jumps to the L5 place, if unequal, jumps to the L7 return false;
The source address that Ethernet data is sealed dress is loaded in the c.L5 instruction, and L6 compares itself and current machine address, if equate, jumps to L8, return true, if unequal, redirect L7 return false.
(2) pointer of Data transmission link layer packet is given filter;
At first obtain read lock, obtain the pointer that is subjected to the read lock protection, the pointer of Data transmission link layer packet is given filter, discharges read lock at last.
read_lock();
old_fp=dereference(filter);
Assign_pointer (filter, fp); The pointer of // Data transmission link layer packet is given filter
read_unlock();
fp=old_fp;
2) according to filtering rule filtering data bag, will duplicate portion by the packet of filtercondition and be put in the buffer memory chained list, when chained list surpasses the maximum of setting, send the chained list of preserving packet to the data packet analysis module;
3) transmitted packet, network driver regains control, and system carries out normal procotol and handles, and transmits the packet of giving filter just now and arrives the Upper Level Network Protocol stack;
Described option field in the data head-coating structure is analyzed forms characteristic vector and comprises the steps:
1) analyze packet structure, TCP/IP header structure in the sense data bag takes out destination address domain, port numbers territory and complement mark bit field;
2) analyze option field in Transmission Control Protocol header structure and the IP protocol header structure, if this territory is empty, then this partial results is 0, otherwise this partial results is 1, utilizes these two generating feature vector X (x as a result 1, x 2);
With bit field representation feature vector X (x 1, x 2), then two bit fields are combined, as return results, the Vec structure is used for depositing concrete characteristic vector, and it is defined as follows:
Table: Vec definition
Type Variable Describe
char TcpVec:1 The TCP characteristic value
char IPVec :1 The IP characteristic value
3) characteristic vector is classified according to destination address; Each packet that each TCP/IP is connected from start to end all generates vector, be inserted into then in the chained list in the character pair vector set, when a TCP/IP connect finish after, set of eigenvectors is delivered to neural network module.The storage node structure DstNode that with the destination address is unit is as follows:
Table: DstNode definition
Type Variable Describe
int Dst Destination address
int Num The vector set number
struct Connect Cnt The set of eigenvectors pointer
struct DstNode * Next The next node pointer
Search chained list, find out the node of destination address correspondence, if there is no then create this node, and then under this node, look for corresponding port, if lookup result is empty, then create the node of this port correspondence, vector set number (Num) value adds 1, otherwise, be put into respective nodes chained list afterbody; Here distinguish different TCP/IP by port numbers and connect, the TCP/IP connection is defined in count feature vector set pointer (Cnt) structure the inside, and it is defined as follows:
Table: Cnt definition
Type Variable Describe
struct Vec TcpIp The characteristic vector pointer
struct Cnt * next The next node pointer
When a TCP/IP connects end, the set of eigenvectors under the corresponding destination address is submitted to the fuzzy neural network module, vector set number (Num) value subtracts 1, checks the value of vector set number (Num), if 0, then destroy the node of this destination address correspondence;
Described fuzzy neural network is handled characteristic vector, at last the output result is carried out Fuzzy C-Means Clustering, and the result judges whether to exist convert channel to comprise the steps: by output
The fuzzy neural network part
Fuzzy neural network adopts the Takagi-Sugeno Fuzzy Logic Reasoning Algorithm, and it is output as exact value, sticks with paste the linear combination that regular consequent partly is expressed as output variable input variable at the Takagi-Sugeno pattern, and zeroth order Sugeno pattern is stuck with paste rule and had following form:
If x is that A and y is B then z=k
Wherein k is a constant.And single order Sugeno pattern paste rule has following form:
If x is that A and y is B then z=px+qy+r
Wherein, p, q, r are constants.
Stick with paste inference system for a Takagi-Sugenno pattern of forming by n bar rule, establish every rule and have following form:
If x is that A and y is B then z=z i(i=1,2 ..., n)
Then system is total is output as:
y = Σ i = 1 n μ A i ( x ) μ B i ( y ) z i Σ i = 1 n μ A i ( x ) μ B i ( y )
1) training stage
A. receive set of eigenvectors from data acquisition module, set of eigenvectors connects all corresponding characteristic vectors by a TCP/IP and forms, and submits the fuzzy neural network module to;
B. utilize the Adaptive Fuzzy Neural-network inference system to train,, obtain fuzzy neural network model until system stability;
2) detection-phase
A. receive set of eigenvectors X from data acquisition module 1, X 2... X n, submit the fuzzy neural network module after corresponding training is finished to, obtain output valve Y (y 1, y 2... y n);
B. fuzzy clustering is carried out in set to output valve, and whether the data of differentiating network output exist convert channel.
Utilize Fuzzy C-Means Clustering that output valve is gathered and classify, if y i(1≤i≤n) belongs to 1 class, then input feature value x i(1≤i≤n) there is convert channel in the network of correspondence in connecting, if y i(1≤i≤n) belongs to 0 class, then input feature value x i(1≤i≤n) there is not convert channel in the network of correspondence in connecting; Output valve exports 0 or 1 after Fuzzy C-Means Clustering, wherein 0 representative is normal, and 1 representative is unusual.

Claims (6)

1. the ICP/IP protocol convert channel detection method based on fuzzy neural network is characterized in that comprising the steps:
1) sets up filter,, grasp the TCP/IP packet of exporting on the network interface according to the packet of filtering rule filtration by network interface;
2) option field in the data head-coating structure is analyzed the formation characteristic vector, then characteristic vector is imported fuzzy neural network;
3) fuzzy neural network is handled characteristic vector, at last the output result is carried out fuzzy clustering, and the result judges whether to exist convert channel by output.
2. a kind of ICP/IP protocol convert channel detection method based on fuzzy neural network according to claim 1 is characterized in that the ICP/IP protocol bag of exporting on the described extracting network interface comprises the steps:
1) set up filter, the pointer of Data transmission link layer packet is given filter;
2) according to filtering rule filtering data bag, will duplicate portion by the packet of filtercondition and be put in the buffer memory chained list, when chained list surpasses the maximum of setting, send the chained list of preserving packet to the data packet analysis module;
3) transmitted packet, network driver regains control, and system carries out normal procotol and handles, and transmits the packet of giving filter just now and arrives the Upper Level Network Protocol stack;
3. a kind of ICP/IP protocol convert channel detection method based on fuzzy neural network according to claim 1 is characterized in that described option field in the data head-coating structure is analyzed forms characteristic vector and comprise the steps:
1) analyze packet structure, TCP/IP header structure in the sense data bag takes out destination address domain, port numbers territory and complement mark bit field;
2) analyze option field in Transmission Control Protocol header structure and the IP protocol header structure, if this territory is empty, then this partial results is 0, otherwise this partial results is 1, utilizes these two generating feature vectors as a result;
3) characteristic vector is classified according to destination address, each packet that each TCP/IP is connected from start to end all generates vector, be inserted into then in the chained list in the character pair vector set, when a TCP/IP connect finish after, set of eigenvectors is delivered to neural network module.
4. a kind of ICP/IP protocol convert channel detection method according to claim 1 based on fuzzy neural network, it is characterized in that described fuzzy neural network handles characteristic vector, at last the output result is carried out fuzzy clustering, the result judges whether to exist convert channel to comprise the steps: by output
1) training stage
A. receive set of eigenvectors from data acquisition module, set of eigenvectors connects all corresponding characteristic vectors by a TCP/IP and forms, and submits the fuzzy neural network module to;
B. utilize the Adaptive Fuzzy Neural-network inference system to train,, obtain fuzzy neural network model until system stability;
2) detection-phase
A. receive set of eigenvectors from data acquisition module, submit the fuzzy neural network module after corresponding training is finished to, obtain output valve;
B. fuzzy clustering is carried out in set to output valve, and whether the data of differentiating network output exist convert channel.
5. a kind of ICP/IP protocol convert channel detection method according to claim 3 based on fuzzy neural network, it is characterized in that described characteristic vector being classified according to destination address: Network Covert Channel is normally to certain concrete address reveal information, here be that unit classifies with the destination address, information transmitted in the network is monitored.
6. a kind of ICP/IP protocol convert channel detection method according to claim 4 based on fuzzy neural network, it is characterized in that carrying out fuzzy clustering described output valve is gathered, whether the data of differentiating network output exist convert channel: Fuzzy C-Means Clustering is carried out in set to the neural net output valve, output is 0 or 1, wherein 0 representative is normal, and 1 representative is unusual.
CNA2008100608990A 2008-03-25 2008-03-25 Method for detecting TCP/IP protocol concealed channel based on fuzzy neural network Pending CN101257417A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA2008100608990A CN101257417A (en) 2008-03-25 2008-03-25 Method for detecting TCP/IP protocol concealed channel based on fuzzy neural network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2008100608990A CN101257417A (en) 2008-03-25 2008-03-25 Method for detecting TCP/IP protocol concealed channel based on fuzzy neural network

Publications (1)

Publication Number Publication Date
CN101257417A true CN101257417A (en) 2008-09-03

Family

ID=39891907

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2008100608990A Pending CN101257417A (en) 2008-03-25 2008-03-25 Method for detecting TCP/IP protocol concealed channel based on fuzzy neural network

Country Status (1)

Country Link
CN (1) CN101257417A (en)

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101873638A (en) * 2010-07-15 2010-10-27 吉林大学 Heterogeneous wireless network access selection method based on fuzzy neural network
CN101527679B (en) * 2009-03-12 2010-12-29 上海交通大学 Interference method based on adaptive random-relayed TCP/IP network hidden-time signal path
CN102045158A (en) * 2010-11-26 2011-05-04 中国科学院软件研究所 Concealed channel identification method
CN102916972A (en) * 2012-11-05 2013-02-06 杭州迪普科技有限公司 Method and device for hiding web server information
CN103228468A (en) * 2010-11-24 2013-07-31 米其林集团总公司 Method for reading data stored in an electronic device for a tyre
CN103279414A (en) * 2013-05-23 2013-09-04 北京大学 Covert channel detection method suitable for Xen virtualization platform
CN104753617A (en) * 2015-03-17 2015-07-01 中国科学技术大学苏州研究院 Detection method of time-sequence type covert channel based on neural network
CN105100091A (en) * 2015-07-13 2015-11-25 北京奇虎科技有限公司 Protocol identification method and protocol identification system
CN106355250A (en) * 2016-08-31 2017-01-25 天津南大通用数据技术股份有限公司 Optimization method and device for judging convert channels based on neural network
CN107238742A (en) * 2017-04-24 2017-10-10 天津瑞能电气有限公司 MW class micro-capacitance sensor and off-network switching transient state monitoring system
CN107332723A (en) * 2016-04-28 2017-11-07 华为技术有限公司 The detection method and detection device of convert channel
CN108156034A (en) * 2017-12-22 2018-06-12 武汉噢易云计算股份有限公司 A kind of message forwarding method and message forwarding system based on deep neural network auxiliary
CN109992657A (en) * 2019-04-03 2019-07-09 浙江大学 A kind of interactive problem generation method based on reinforcing Dynamic Inference
CN110336806A (en) * 2019-06-27 2019-10-15 四川大学 A kind of covert communications detection method of combination session behavior and correspondence
CN111461204A (en) * 2020-03-30 2020-07-28 华南理工大学 Emotion identification method based on electroencephalogram signals and used for game evaluation
CN111478921A (en) * 2020-04-27 2020-07-31 深信服科技股份有限公司 Method, device and equipment for detecting communication of hidden channel
CN111885146A (en) * 2020-07-21 2020-11-03 合肥学院 Industrial data cloud service platform data transmission method for new energy automobile drive motor assembly production line
CN116599779A (en) * 2023-07-19 2023-08-15 中国电信股份有限公司江西分公司 IPv6 cloud conversion method for improving network security performance

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101527679B (en) * 2009-03-12 2010-12-29 上海交通大学 Interference method based on adaptive random-relayed TCP/IP network hidden-time signal path
CN101873638B (en) * 2010-07-15 2013-04-17 吉林大学 Heterogeneous wireless network access selection method based on fuzzy neural network
CN101873638A (en) * 2010-07-15 2010-10-27 吉林大学 Heterogeneous wireless network access selection method based on fuzzy neural network
CN103228468A (en) * 2010-11-24 2013-07-31 米其林集团总公司 Method for reading data stored in an electronic device for a tyre
CN102045158A (en) * 2010-11-26 2011-05-04 中国科学院软件研究所 Concealed channel identification method
CN102916972B (en) * 2012-11-05 2016-05-11 杭州迪普科技有限公司 A kind of method of hiding web server information and device
CN102916972A (en) * 2012-11-05 2013-02-06 杭州迪普科技有限公司 Method and device for hiding web server information
CN103279414A (en) * 2013-05-23 2013-09-04 北京大学 Covert channel detection method suitable for Xen virtualization platform
CN103279414B (en) * 2013-05-23 2016-04-20 北京大学 A kind of convert channel detection method being applicable to Xen virtual platform
CN104753617A (en) * 2015-03-17 2015-07-01 中国科学技术大学苏州研究院 Detection method of time-sequence type covert channel based on neural network
CN104753617B (en) * 2015-03-17 2017-06-13 中国科学技术大学苏州研究院 The hidden channel detection method of sequential type based on neutral net
CN105100091A (en) * 2015-07-13 2015-11-25 北京奇虎科技有限公司 Protocol identification method and protocol identification system
CN105100091B (en) * 2015-07-13 2018-12-14 北京奇安信科技有限公司 A kind of protocol recognition method and system
CN107332723A (en) * 2016-04-28 2017-11-07 华为技术有限公司 The detection method and detection device of convert channel
CN107332723B (en) * 2016-04-28 2020-09-04 华为技术有限公司 Detection method and detection equipment for hidden channel
CN106355250A (en) * 2016-08-31 2017-01-25 天津南大通用数据技术股份有限公司 Optimization method and device for judging convert channels based on neural network
CN106355250B (en) * 2016-08-31 2019-04-30 天津南大通用数据技术股份有限公司 The optimization method and device of judgement private communication channel neural network based
CN107238742A (en) * 2017-04-24 2017-10-10 天津瑞能电气有限公司 MW class micro-capacitance sensor and off-network switching transient state monitoring system
CN108156034A (en) * 2017-12-22 2018-06-12 武汉噢易云计算股份有限公司 A kind of message forwarding method and message forwarding system based on deep neural network auxiliary
CN109992657A (en) * 2019-04-03 2019-07-09 浙江大学 A kind of interactive problem generation method based on reinforcing Dynamic Inference
CN109992657B (en) * 2019-04-03 2021-03-30 浙江大学 Dialogue type problem generation method based on enhanced dynamic reasoning
CN110336806A (en) * 2019-06-27 2019-10-15 四川大学 A kind of covert communications detection method of combination session behavior and correspondence
CN111461204A (en) * 2020-03-30 2020-07-28 华南理工大学 Emotion identification method based on electroencephalogram signals and used for game evaluation
CN111461204B (en) * 2020-03-30 2023-05-26 华南理工大学 Emotion recognition method based on electroencephalogram signals for game evaluation
CN111478921A (en) * 2020-04-27 2020-07-31 深信服科技股份有限公司 Method, device and equipment for detecting communication of hidden channel
CN111885146A (en) * 2020-07-21 2020-11-03 合肥学院 Industrial data cloud service platform data transmission method for new energy automobile drive motor assembly production line
CN111885146B (en) * 2020-07-21 2022-06-24 合肥学院 Data transmission method for industrial data cloud service platform
CN116599779A (en) * 2023-07-19 2023-08-15 中国电信股份有限公司江西分公司 IPv6 cloud conversion method for improving network security performance
CN116599779B (en) * 2023-07-19 2023-10-27 中国电信股份有限公司江西分公司 IPv6 cloud conversion method for improving network security performance

Similar Documents

Publication Publication Date Title
CN101257417A (en) Method for detecting TCP/IP protocol concealed channel based on fuzzy neural network
Amini et al. RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks
CN110719275B (en) Method for detecting power terminal vulnerability attack based on message characteristics
CN110011999A (en) IPv6 network ddos attack detection system and method based on deep learning
Kayacik et al. On the capability of an SOM based intrusion detection system
CN102271068B (en) Method for detecting DOS/DDOS (denial of service/distributed denial of service) attack
Pan et al. Hybrid neural network and C4. 5 for misuse detection
CN109391700A (en) Internet of Things safe cloud platform based on depth traffic aware
CN108123931A (en) Ddos attack defence installation and method in a kind of software defined network
CN106357622A (en) Network anomaly flow detection and defense system based on SDN (software defined networking)
CN105554016A (en) Network attack processing method and device
CN104618377A (en) NetFlow based botnet network detection system and detection method
CN101729389A (en) Flow control device and method based on flow prediction and trusted network address learning
CN105281973A (en) Webpage fingerprint identification method aiming at specific website category
CN107566192A (en) A kind of abnormal flow processing method and Network Management Equipment
KR101448550B1 (en) Apparatus and Method for Traffic Classificaiton
CN110430224A (en) A kind of communication network anomaly detection method based on random block models
CN109639624A (en) Lopsided data filtering method in a kind of Modbus Transmission Control Protocol fuzz testing
CN101714948B (en) A kind of sorting technique of net bag of multiple domain and device
CN107070952A (en) A kind of network node Traffic Anomaly analysis method and system
CN110266680B (en) Industrial communication anomaly detection method based on dual similarity measurement
CN105871861A (en) Intrusion detection method for self-learning protocol rule
Tan et al. DDoS detection method based on Gini impurity and random forest in SDN environment
CN111669396B (en) Self-learning security defense method and system for software-defined Internet of things
Tavallaee et al. Online classification of network flows

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Open date: 20080903