CN102158486A - Method for rapidly detecting network invasion - Google Patents
Method for rapidly detecting network invasion Download PDFInfo
- Publication number
- CN102158486A CN102158486A CN2011100842307A CN201110084230A CN102158486A CN 102158486 A CN102158486 A CN 102158486A CN 2011100842307 A CN2011100842307 A CN 2011100842307A CN 201110084230 A CN201110084230 A CN 201110084230A CN 102158486 A CN102158486 A CN 102158486A
- Authority
- CN
- China
- Prior art keywords
- sample
- characteristic
- training
- characteristic attribute
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method for rapidly detecting network invasion in the technical field of information safety, which is used for solving the problems of low computing speed and poor detection instantaneity of the traditional method for detecting the network invasion. The method disclosed by the invention comprises the following steps: preprocessing the characteristic attributes of each sample with concentrated training; selecting the characteristic attributes of the samples with concentrated training to realize characteristic dimensionality reduction; using the characteristic attributes after the dimensionality reduction to form a first characteristic vector and using the first characteristic vector as the input of a ball vector machine learning algorithm to train a classifier; preprocessing the characteristic attributes of each sample with concentrated testing; selecting the characteristic attributes of the sample with concentrated testing to realize the characteristic dimensionality reduction; using the characteristic attributes after the dimensionality reduction to form a second characteristic vector, using the second characteristic vector as the input of the classifier after training to test the classifier; and judging whether a network is invaded or not according to the testing result. The method disclosed by the invention reduces the complexity of network invasion detecting computation and enhances the instantaneity and accuracy of detection.
Description
Technical field
The invention belongs to field of information security technology, relate in particular to a kind of network intrusions method for quick.
Background technology
Along with popularizing and development of information technology, human society has moved towards the networked epoch.Yet the Internet be one towards masses, open network, present Internet protocol for information maintain secrecy and the security consideration of system gets and incomplete, be difficult to safeguard for safety problems such as illegal invasion, assault, confidentiality information leakage.Computer network constantly suffers illegal invasion, and the valuable information data constantly is stolen, thereby makes network invasion monitoring work be faced with great challenge.Existing network inbreak detection method all adopts usually based on the method for machine learning and carries out modeling, and its process is at first to grasp initial data from network, and data are quantized and normalized; Next adopts machine learning algorithm, imports training classifier with the data of handling well as it.
In network invasion monitoring, primary network is connected as a sample, each sample data comprises tens features usually, during modeling all features are carried out quantification treatment and normalized, promptly each raw sample data is represented with the form of vector, thereby with the training set of all vectorial set of forming as grader; Adopt machine learning algorithm then, and import training classifier as it with training set.With the grader that trains the test sample book of input is handled, just can be obtained predicting output valve, belong to the still unusual connection of normal connection to determine it.
Said process is a typical network inbreak detection method of present stage, and the topmost shortcoming of this detection technique is: the initial data of intrusion detection comprises tens features usually, and these data apply in some sorting algorithms, will make classification speed very slow; Not all feature all produces active influence to testing result in tens features that comprise in the initial data in addition, some feature even can produce passive influence.Have, above method considers that the scale of the training data that the classification speed problem adopts usually is less, thereby causes accuracy of detection not high again, and rate of false alarm and rate of failing to report are very high.
Deficiency at the above-mentioned detection technique of mentioning, the present invention proposes a kind of based on LLE (the local linear algorithm that embeds in the manifold learning arithmetic, Locally Linear Embedding) BVM of feature extraction (ball vector machine, Ball Vector Machine) network intrusions method for quick.To comprise normal connection and the sample set that unusually is connected simultaneously as training set, each sample in the training set is quantized and normalized, and the key feature that extracts each sample is to reduce the dimension of intrusion detection data, utilize the classification algorithm training grader then, utilizing the grader that trains that the unknown is connected at last and classify, is normal the connection or unusual the connection to determine it.In the process of sample data being carried out dimensionality reduction, introduce manifold learning arithmetic, the characteristic attribute of great amount of samples is carried out analyzing and processing, finding being hidden in significant low dimensional structures in the high dimensional data, thereby reach the purpose of the high dimensional feature attribute being carried out dimension-reduction treatment.The classification learning algorithm is introduced ball vector machine algorithm, and this algorithm has been introduced the notion of core set, the problem of finding the solution support vector in the SVMs is converted into the problem of finding the solution the smallest sphere (MEB) that comprises training sample set.Because the scale of core set is far smaller than original training sample set, so reduced the cost of solving-optimizing problem greatly.The BVM algorithm can effectively reduce the training time of sample, thereby can effectively improve the real-time of detection under the situation that guarantees verification and measurement ratio.
Summary of the invention
The objective of the invention is to, propose a kind of network intrusions method for quick, it is slow and detect the problem that lacks real-time and accuracy rate to calculate arithmetic speed that the dimension height causes in order to the network inbreak detection method that solves present use.
For achieving the above object, technical scheme provided by the invention is that a kind of network intrusions method for quick is characterized in that described method comprises:
Step 1: comprising normal connection and the sample set that unusually is connected simultaneously, the characteristic attribute of each sample in the training set is carried out preliminary treatment as training set;
Step 2: adopt the local linear algorithm that embeds in the manifold learning arithmetic that the characteristic attribute of sample in the sample set is selected, realize the feature dimensionality reduction;
Step 3: will form first characteristic vector through the characteristic attribute behind step 2 dimensionality reduction, and come training classifier as the input of ball vector machine learning algorithm with described first characteristic vector;
Step 4: the characteristic attribute to each sample in the test set carries out preliminary treatment;
Step 5: adopt the local linear algorithm that embeds in the manifold learning arithmetic that the characteristic attribute of sample in the test set is selected, realize the feature dimensionality reduction;
Step 6: will form second characteristic vector through the characteristic attribute behind step 5 dimensionality reduction, the input of the grader after training as step 3 with described second characteristic vector is tested grader;
Step 7: whether invaded according to the test result decision network.
Described characteristic attribute to each sample in the training set carries out preliminary treatment and specifically comprises:
Step 11: find out the character feature in each sample;
Step 12:, character feature is replaced with the corresponding digital characteristic value according to the antistop list that presets;
Step 13:, and the characteristic attribute in each sample carried out normalized with the characteristic attribute of the numerical characteristic value in each sample as this sample.
Described normalized is used the maximum method for normalizing, specifically adopts formula
Carry out normalization
Handle; Wherein
Xi is the characteristic attribute of sample, and N is a number of samples.
Described step 2 comprises:
Step 21: utilize the k nearest neighbor method to seek K neighbour's point of each sample, wherein K is a specified value;
Step 22: utilize K the neighbour's point that obtains in the step 21 to construct the partial reconstruction weight matrix of each sample;
Step 23: partial reconstruction weight matrix and K neighbour thereof by each sample put its low-dimensional output valve of calculating.
Described partial reconstruction weight matrix utilizes error function
Construct, wherein
Described low-dimensional output valve y
iSatisfy mapping condition:
And
Wherein I is the unit matrix on m * m rank.
Described step 3 comprises:
Step 31: given radius r and l=0, and any 1 z in the selection training set makes initial cores collection S as the initial cores collection
0=z}, and according to S
0Calculate the initial center c of spheroid
0
Step 32: carry out interative computation, in the l time iteration, if core set S
lComprised the sample in all training sets, promptly all samples all drop on spheroid B (c
l, (1+ ε) r) within, then iteration finishes; Otherwise, forward step 33 to; Wherein ε is a set point, and ε>0;
Step 33: in the nuclear feature space, find spheroid B (c
l, (1+ ε) r) and outer any sample point φ (x), and generate core set S
L+1=S
l∪ { x}; Wherein, φ (*) is the nuclear mapping function;
Step 34: by core set S
L+1, find the solution S
L+1Center c
L+1Wherein, c
L+1More new formula be: c
L+1=φ (x)+β
l(c
l-φ (x)), β
l=r/ ‖ c
l-φ (x) ‖.
Step 35: make l=l+1, turn back to step 32.
The present invention has reduced the network invasion monitoring computational complexity, has improved detection real-time and accuracy.
Description of drawings
Fig. 1 is a network intrusions method for quick flow chart;
Fig. 2 adopts the local linearity in the manifold learning arithmetic to embed algorithm carries out the feature dimensionality reduction to sample in the sample set schematic diagram;
Fig. 3 is the flow chart that comes training classifier with characteristic vector as the input of ball vector machine learning algorithm.
Embodiment
Below in conjunction with accompanying drawing, preferred embodiment is elaborated.Should be emphasized that following explanation only is exemplary, rather than in order to limit the scope of the invention and to use.
Network intrusions method for quick provided by the invention is based on the BVM network intrusions method for quick of LLE feature extraction, this method helps to solve in the detection method in the past can not be well carries out dimensionality reduction to the characteristic attribute of intrusion detection data, and detects real-time difference and the not high problem of verification and measurement ratio.For this reason, solution of the present invention is: to comprise normal connection and the sample set that unusually is connected simultaneously as training set, each sample in the training set is quantized and normalized, and the LLE algorithm in the employing manifold learning arithmetic extracts the key feature of each sample to reduce the dimension of intrusion detection data, utilize ball vector machine algorithm training classifier then, utilize the grader that trains that the unknown is connected at last and classify, belong to normal connection and still connect unusually to determine it.
Fig. 1 is a network intrusions method for quick flow chart.Among Fig. 1, a kind of network intrusions method for quick provided by the invention comprises the following steps:
Step 1: comprising normal connection and the sample set that unusually is connected simultaneously, the characteristic attribute of each sample in the training set is carried out preliminary treatment as training set.
Training set can be directly from network download.The data set that carries out network invasion monitoring assessment usefulness is specially arranged on the net, be called KDDCUP ' 99 data sets.Sample in the training set is network and connects, and for the grader that training is come out detects test set more exactly, the sample in the training set will comprise normal connection simultaneously and be connected unusually herein.
The attribute of each sample in the training set is carried out preliminary treatment specifically to be comprised:
Step 11: find out the character feature in each sample.Each sample is each connection, comprises numerical characteristic and/or character feature, can be with numerical characteristic (in fact being exactly a numeral) directly as numerical characteristic value.
Step 12:, character feature is replaced with the corresponding digital characteristic value according to the antistop list that presets.
Antistop list comprises two fields at least, is respectively character feature and corresponding numerical characteristic value.Like this, the character feature (in fact being exactly character) of each sample can be converted to numerical value, i.e. numerical characteristic value.
Step 12 is actual to be the quantification treatment process.
Step 13:, and the characteristic attribute in each sample carried out normalized with the characteristic attribute of the numerical characteristic value in each sample as this sample.
Described normalized is used the maximum method for normalizing, specifically adopts formula
Carry out normalized; Wherein
x
iBe the characteristic attribute of sample, N is a number of samples.
Step 2: adopt the local linear algorithm that embeds in the manifold learning arithmetic that the characteristic attribute of sample in the sample set is selected, realize the feature dimensionality reduction.
Fig. 2 adopts local linear in the manifold learning arithmetic to embed algorithm sample in the sample set is carried out the schematic diagram of feature dimensionality reduction, and among Fig. 2, step 2 specifically comprises:
Step 21: utilize the k nearest neighbor method to seek K neighbour's point of each sample, wherein, K is a specified value.
K the sample point nearest with respect to asking sample point is defined as K neighbour's point of the sample point of asking, and wherein, K is a value given in advance.The calculating of distance can be adopted the Euclidean distance computational methods, and the Euclidean distance algorithm is as follows: establish x, y ∈ R
N, x then, the Euclidean distance of y can be tried to achieve by following formula:
Step 22: utilize K the neighbour's point that obtains in the step 21 to construct the partial reconstruction weight matrix of each sample.
Partial reconstruction weight matrix W=(w
Ij) ∈ M
N, nBe such weight matrix, if x
iWith x
jNon-conterminous, w then
Ij=0, establish x
iWith x
Jk(k=1,2 ..., be adjacent K), constraint is then arranged
Use XW approximate representation X, can have certain error, the Frobenius norm that defines matrix here is as follows: A=(a
I, j) ∈ M
M, n, then
Seek W by the following formula constraint:
Promptly
Wherein, x
Jk, iRepresent x
iK neighbour's point.This is equivalent to ask separating of a series of least square problems.As to x
i, can obtain by following equation group
Step 23: partial reconstruction weight matrix and K neighbour thereof by each sample put its low-dimensional output valve of calculating.
By weight matrix W, can in lower dimensional space, find suitable y
iFinish by following constraint:
Y wherein
iBe x
iOutput vector, y
Jk, i(k=1,2 ..., K) be y
iNeighbour's point, and to satisfy two conditions:
With
Wherein I is the unit matrix of m * m.Thus, loss function can be rewritten as:
Wherein M is the symmetrical matrix of N * N: M=(I-W)
T(I-W).
Make the loss function value reach minimum, then getting Y is minimum m the pairing characteristic vector of nonzero eigenvalue of M.In processing procedure, the characteristic value of M to be arranged from small to large, first characteristic value almost approaches zero, casts out first characteristic value so.Usually get between the 2nd to m+1 the pairing characteristic vector of characteristic value as output the result.
Step 3: will form first characteristic vector through the characteristic attribute behind step 2 dimensionality reduction, and come training classifier as the input of ball vector machine learning algorithm with described first characteristic vector.
Fig. 3 is the flow chart that comes training classifier with characteristic vector as the input of ball vector machine learning algorithm.
Among Fig. 3, step 3 specifically comprises:
Step 31: given radius r, and any 1 the z ∈ S among the selection training set S is as initial cores collection S
0={ z} and according to S
0Calculate the initial center c of spheroid
0Z is actually a sample.
Step 32: carry out interative computation, in the l time iteration, if core set S
lComprised the sample in all training sets, promptly all samples all drop on spheroid B (c
l, (1+ ε) r) within (ε is a set point, and ε>0), then iteration finishes; Otherwise, forward step 33 to.
Step 33: in the nuclear feature space, find spheroid B (c
l, (1+ ε) r) and outer any sample point φ (x), and generate core set S
L+1=S
l∪ { x}; Wherein, φ (*) is the nuclear mapping function.
Step 34: by core set S
L+1, find the solution S
L+1Center c
L+1Wherein, c
L+1More new formula be: c
L+1=φ (x)+β
l(c
l-φ (x)), β
l=r/ ‖ c
l-φ (x) ‖.
Step 35: make l=l+1, turn back to step 32.
Step 4: the characteristic attribute to each sample in the test set carries out preliminary treatment.
Test set can also can carry out packet capturing to the network connection data in the artificial network by the network true environment is carried out emulation from network download, analyzes acquisition then.
Step 5: adopt the local linear test of heuristics that embeds in the manifold learning arithmetic to concentrate the characteristic attribute of sample to select, realize the feature dimensionality reduction.
The concrete implementation such as the step 2 of step 5, the object that only carries out the feature dimensionality reduction has made test set into by training set.
Step 6: will form second characteristic vector through the characteristic attribute behind step 5 dimensionality reduction, the input of the grader after training as step 3 with described second characteristic vector is tested grader.
The detailed process and the step 3 of this step are similar, only are input as second characteristic vector, and the output result is normal the connection or unusual the connection.
Step 7: whether invaded according to the test result decision network.
According to the output result of step 6, if be normal the connection, then network is invaded; If do not connect unusually, then the decidable network is invaded.
The manifold learning arithmetic that the present invention uses has stronger dimensionality reduction ability, can find the useful feature of data; Ball vector machine learning algorithm is by finding the solution the core set that the minimal closure spheroid obtains sample, because the scale of core set is far smaller than original training sample set, so calculating consuming time and memory headroom that take all reduces greatly, the time of finding the solution of support vector and the cost of solving-optimizing problem have also been reduced simultaneously, both realize the detection of network intrusions behavior, guaranteed the accuracy rate and the real-time that detect again.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (7)
1. network intrusions method for quick is characterized in that described method comprises:
Step 1: comprising normal connection and the sample set that unusually is connected simultaneously, the characteristic attribute of each sample in the training set is carried out preliminary treatment as training set;
Step 2: adopt the local linear algorithm that embeds in the manifold learning arithmetic that the characteristic attribute of sample in the sample set is selected, realize the feature dimensionality reduction;
Step 3: will form first characteristic vector through the characteristic attribute behind step 2 dimensionality reduction, and come training classifier as the input of ball vector machine learning algorithm with described first characteristic vector;
Step 4: the characteristic attribute to each sample in the test set carries out preliminary treatment;
Step 5: adopt the local linear algorithm that embeds in the manifold learning arithmetic that the characteristic attribute of sample in the test set is selected, realize the feature dimensionality reduction;
Step 6: will form second characteristic vector through the characteristic attribute behind step 5 dimensionality reduction, the input of the grader after training as step 3 with described second characteristic vector is tested grader;
Step 7: whether invaded according to the test result decision network.
2. a kind of network intrusions method for quick according to claim 1 is characterized in that described characteristic attribute to each sample in the training set carries out preliminary treatment and specifically comprises:
Step 11: find out the character feature in each sample;
Step 12:, character feature is replaced with the corresponding digital characteristic value according to the antistop list that presets;
Step 13:, and the characteristic attribute in each sample carried out normalized with the characteristic attribute of the numerical characteristic value in each sample as this sample.
3. a kind of network intrusions method for quick according to claim 2 is characterized in that described normalized use maximum method for normalizing, specifically adopts formula
Carry out normalized; Wherein
Xi is the characteristic attribute of sample, and N is a number of samples.
4. a kind of network intrusions method for quick according to claim 1 is characterized in that described step 2 comprises:
Step 21: utilize the k nearest neighbor method to seek K neighbour's point of each sample, wherein K is a specified value;
Step 22: utilize K the neighbour's point that obtains in the step 21 to construct the partial reconstruction weight matrix of each sample;
Step 23: partial reconstruction weight matrix and K neighbour thereof by each sample put its low-dimensional output valve of calculating.
5. a kind of network intrusions method for quick according to claim 4 is characterized in that described partial reconstruction weight matrix utilizes error function
Construct, wherein
6. a kind of network intrusions method for quick according to claim 4 is characterized in that described low-dimensional output valve yi satisfies mapping condition:
And
Wherein I is the unit matrix on m * m rank.
7. a kind of network intrusions method for quick according to claim 1 is characterized in that described step 3 comprises:
Step 31: given radius r and l=0, and any 1 z in the selection training set makes initial cores collection S as the initial cores collection
0=z}, and according to S
0Calculate the initial center c of spheroid
0
Step 32: carry out interative computation, in the l time iteration, if core set S
lComprised the sample in all training sets, promptly all samples all drop on spheroid B (c
l, (1+ ε) r) within, then iteration finishes; Otherwise, forward step 33 to; Wherein ε is a set point, and ε>0;
Step 33: in the nuclear feature space, find spheroid B (c
l, (1+ ε) r) and outer any sample point φ (x), and generate core set S
L+1=S
l∪ { x}; Wherein, φ (*) is the nuclear mapping function;
Step 34: by core set S
L+1, find the solution S
L+1Center c
L+1Wherein, c
L+1More new formula be: c
L+1=φ (x)+β
l(c
l-φ (x)), β
l=r/ ‖ c
l-φ (x) ‖.
Step 35: make l=l+1, turn back to step 32.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100842307A CN102158486A (en) | 2011-04-02 | 2011-04-02 | Method for rapidly detecting network invasion |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100842307A CN102158486A (en) | 2011-04-02 | 2011-04-02 | Method for rapidly detecting network invasion |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102158486A true CN102158486A (en) | 2011-08-17 |
Family
ID=44439669
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100842307A Pending CN102158486A (en) | 2011-04-02 | 2011-04-02 | Method for rapidly detecting network invasion |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102158486A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105072115A (en) * | 2015-08-12 | 2015-11-18 | 国家电网公司 | Information system invasion detection method based on Docker virtualization |
| CN106951778A (en) * | 2017-03-13 | 2017-07-14 | 步步高电子商务有限责任公司 | A kind of intrusion detection method towards complicated flow data event analysis |
| CN107066881A (en) * | 2016-12-14 | 2017-08-18 | 四川长虹电器股份有限公司 | Intrusion detection method based on Kohonen neutral nets |
| CN107404471A (en) * | 2017-04-05 | 2017-11-28 | 青海民族大学 | One kind is based on ADMM algorithm network flow abnormal detecting methods |
| CN109962909A (en) * | 2019-01-30 | 2019-07-02 | 大连理工大学 | A kind of network intrusions method for detecting abnormality based on machine learning |
| CN110198319A (en) * | 2019-06-03 | 2019-09-03 | 电子科技大学 | Security protocol bug excavation method based on more counter-examples |
| CN110249331A (en) * | 2017-01-30 | 2019-09-17 | 微软技术许可有限责任公司 | For the successive learning of intrusion detection |
| CN110875912A (en) * | 2018-09-03 | 2020-03-10 | 中移(杭州)信息技术有限公司 | Network intrusion detection method, device and storage medium based on deep learning |
| CN111753877A (en) * | 2020-05-19 | 2020-10-09 | 海克斯康制造智能技术(青岛)有限公司 | Product quality detection method based on deep neural network transfer learning |
| CN111797997A (en) * | 2020-07-08 | 2020-10-20 | 北京天融信网络安全技术有限公司 | Network intrusion detection method, model construction method, device and electronic equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6157921A (en) * | 1998-05-01 | 2000-12-05 | Barnhill Technologies, Llc | Enhancing knowledge discovery using support vector machines in a distributed network environment |
| CN101478534A (en) * | 2008-12-02 | 2009-07-08 | 广东海洋大学 | Network exception detecting method based on artificial immunity principle |
-
2011
- 2011-04-02 CN CN2011100842307A patent/CN102158486A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6157921A (en) * | 1998-05-01 | 2000-12-05 | Barnhill Technologies, Llc | Enhancing knowledge discovery using support vector machines in a distributed network environment |
| CN101478534A (en) * | 2008-12-02 | 2009-07-08 | 广东海洋大学 | Network exception detecting method based on artificial immunity principle |
Non-Patent Citations (1)
| Title |
|---|
| 李元诚等: "《An Intrusion Detection Method Based on LLE and BVM》", 《INFORMATION NETWORKING AND AUTOMATION(ICINA)》 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105072115B (en) * | 2015-08-12 | 2018-06-08 | 国家电网公司 | A kind of information system intrusion detection method based on Docker virtualizations |
| CN105072115A (en) * | 2015-08-12 | 2015-11-18 | 国家电网公司 | Information system invasion detection method based on Docker virtualization |
| CN107066881A (en) * | 2016-12-14 | 2017-08-18 | 四川长虹电器股份有限公司 | Intrusion detection method based on Kohonen neutral nets |
| CN110249331A (en) * | 2017-01-30 | 2019-09-17 | 微软技术许可有限责任公司 | For the successive learning of intrusion detection |
| US11689549B2 (en) | 2017-01-30 | 2023-06-27 | Microsoft Technology Licensing, Llc | Continuous learning for intrusion detection |
| CN106951778A (en) * | 2017-03-13 | 2017-07-14 | 步步高电子商务有限责任公司 | A kind of intrusion detection method towards complicated flow data event analysis |
| CN107404471A (en) * | 2017-04-05 | 2017-11-28 | 青海民族大学 | One kind is based on ADMM algorithm network flow abnormal detecting methods |
| CN110875912A (en) * | 2018-09-03 | 2020-03-10 | 中移(杭州)信息技术有限公司 | Network intrusion detection method, device and storage medium based on deep learning |
| CN109962909B (en) * | 2019-01-30 | 2021-05-14 | 大连理工大学 | Network intrusion anomaly detection method based on machine learning |
| CN109962909A (en) * | 2019-01-30 | 2019-07-02 | 大连理工大学 | A kind of network intrusions method for detecting abnormality based on machine learning |
| CN110198319A (en) * | 2019-06-03 | 2019-09-03 | 电子科技大学 | Security protocol bug excavation method based on more counter-examples |
| CN111753877A (en) * | 2020-05-19 | 2020-10-09 | 海克斯康制造智能技术(青岛)有限公司 | Product quality detection method based on deep neural network transfer learning |
| CN111753877B (en) * | 2020-05-19 | 2024-03-05 | 海克斯康制造智能技术(青岛)有限公司 | Product quality detection method based on deep neural network migration learning |
| CN111797997A (en) * | 2020-07-08 | 2020-10-20 | 北京天融信网络安全技术有限公司 | Network intrusion detection method, model construction method, device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102158486A (en) | Method for rapidly detecting network invasion | |
| Liu et al. | Data anomaly detection for structural health monitoring using a combination network of GANomaly and CNN | |
| CN109858509A (en) | Based on multilayer stochastic neural net single classifier method for detecting abnormality | |
| CN112491796A (en) | Intrusion detection and semantic decision tree quantitative interpretation method based on convolutional neural network | |
| CN103198251B (en) | Hardware Trojan horse recognition method based on neural network | |
| CN108932527A (en) | Using cross-training model inspection to the method for resisting sample | |
| CN111562612B (en) | Deep learning microseismic event identification method and system based on attention mechanism | |
| CN114429152A (en) | Rolling bearing fault diagnosis method based on dynamic index antagonism self-adaption | |
| CN113887136A (en) | Improved GAN and ResNet based electric vehicle motor bearing fault diagnosis method | |
| CN114492768A (en) | Twin capsule network intrusion detection method based on small sample learning | |
| CN107390259A (en) | A kind of nuclide identification method based on SVD and SVM | |
| Xu et al. | Rail defect detection method based on recurrent neural network | |
| CN115277189B (en) | Unsupervised intrusion flow detection and identification method based on generation type countermeasure network | |
| Potluri et al. | Deep feature extraction for multi-class intrusion detection in industrial control systems | |
| CN110677437A (en) | User disguised attack detection method and system based on potential space countermeasure clustering | |
| CN111310719B (en) | Unknown radiation source individual identification and detection method | |
| CN111458145A (en) | Cable car rolling bearing fault diagnosis method based on road map characteristics | |
| He et al. | Wood species identification based on an ensemble of deep convolution neural networks | |
| CN112836274B (en) | Data fusion method for tracing and auditing hidden engineering | |
| Wei et al. | Distributed sparse approximation for frog sound classification | |
| AU2021104460A4 (en) | an electromagnetic attack method of AES cryptographic chip based on neural network | |
| CN112528849B (en) | Structure health monitoring method based on inner product matrix and deep learning | |
| CN106530199A (en) | Multimedia integrated steganography analysis method based on window hypothesis testing | |
| Liu et al. | Automatic terahertz recognition of hidden defects in layered polymer composites based on a deep residual network with transfer learning | |
| CN110807399A (en) | Single-category support vector machine-based collapse and slide hidden danger point detection method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110817 |