CN103973702A - Information security defense rule intelligent deployment method based on improved particle swarm optimization - Google Patents
Information security defense rule intelligent deployment method based on improved particle swarm optimization Download PDFInfo
- Publication number
- CN103973702A CN103973702A CN201410220237.0A CN201410220237A CN103973702A CN 103973702 A CN103973702 A CN 103973702A CN 201410220237 A CN201410220237 A CN 201410220237A CN 103973702 A CN103973702 A CN 103973702A
- Authority
- CN
- China
- Prior art keywords
- attack
- intelligent
- rule
- access
- deployment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 239000002245 particle Substances 0.000 title claims abstract description 49
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000007123 defense Effects 0.000 title claims abstract description 26
- 238000005457 optimization Methods 0.000 title claims abstract description 18
- 230000006870 function Effects 0.000 claims description 28
- 230000008569 process Effects 0.000 claims description 9
- 230000006872 improvement Effects 0.000 claims description 4
- 238000002347 injection Methods 0.000 claims description 4
- 239000007924 injection Substances 0.000 claims description 4
- 238000001514 detection method Methods 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 claims description 3
- 230000004075 alteration Effects 0.000 claims description 2
- 230000008878 coupling Effects 0.000 claims description 2
- 238000010168 coupling process Methods 0.000 claims description 2
- 238000005859 coupling reaction Methods 0.000 claims description 2
- 230000000977 initiatory effect Effects 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 239000000243 solution Substances 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000011164 primary particle Substances 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 239000004575 stone Substances 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an information security defense rule intelligent deployment method based on an improved particle swarm optimization. The method comprises the steps of deployment strategies of the intelligent learning algorithm and security rules; according to attack frequency and type and potential attacks in parametric improved particle swarm optimization system logs, the intelligent learning algorithm is adopted for deployment on the condition that normal resource overheads of a security defense system are not influenced, rule deployment is conducted for the actual environment of the network, an access log attack analysis engine which can defend existing attacks and see through the potential attacks according to network conditions and has the independent attack analysis ability is adopted, and common attacks can be recognized through the access logs. According to the information security defense rule intelligent deployment method, on the condition that an existing security rule defense flow or principle is not influenced, intelligent deployment is conducted on the rules, and the intelligent deployment is different from manual deployment. On the basis of the existing manual deployment, defense pertinence of security products is improved, and server overheads are reduced to a greater degree.
Description
Technical field
The present invention relates to much need on the market up till now the regular safety product of configuration defence.Such as the SS series safety product of fire compartment wall, Langchao Group, the configuration of safety regulation need to arrange according to client's needs.Fire compartment wall is to realize one of the most basic, most economical, effective measures of network security.Fire compartment wall can strictly be controlled to all access (allow, forbid, report to the police).But it is static, and network security is dynamic, overall, hacker's attack method has countless, and fire compartment wall is not omnipotent, can not prevent these intentional or unintentional attacks completely.This just exists hidden danger, and intelligent rules is disposed can play comprehensive defence and warning function.
Technical background
Traditional safety regulation is disposed, artificially as required whole rules or part rule to be joined in system, due to safety product for network environment be not unique, a lot of safety regulations are unnecessary for specific network environment, but which rule is necessary actually, this need to diagnose and intelligent learning.Configuration safety regulation is blindly unscientific.Configured the rule of too much redundancy, the impact of the wasting of resources on safety product and whole network network speed is very large.And having configured inaccurate rule, the rule that should configure for this environment is not joined, and can affect the protection effect of safety product, thereby protected server has been decontroled to leak.Being configured on this series products of the safety regulation that can write is all shortage very.
The setting of at present a lot of safety defense systems is artificial, machinery, and what there is no science disposes defence rule according to actual environment.
Summary of the invention
The technical problem to be solved in the present invention is: the technology that this patent proposes is the algorithm according to a kind of intelligent learning, each factors such as the COS that provides according to current network environment, server, access object type, the attack suffering, access time section are as initial value, decide best regular deployment scheme by the study of a period of time, and can carry out dynamic rule deployment according to the common attack of whole network and potential threat.Aspect use Prevention-Security rule, accomplishing that intelligent deployment, Dynamic Recognition threaten.
The core algorithm of this technology is the improved particle swarm optimization algorithm of an intelligent learning optimized algorithm-----.
Particle cluster algorithm is a kind of by the study to various factors, thereby through constantly optimizing a kind of learning algorithm of the optimum results that reaches best, the improvement of the learning algorithm of this patent through traditional particle cluster algorithm is carried out, by the study of each factor guaranteeing network security and dynamic observation being set to the template of Prevention-Security rule, for the defence efficiency that improves network security lays the first stone.
The technical solution adopted in the present invention is:
A kind of intelligent dispositions method of information safety defense rule based on improved particle cluster algorithm, described method comprises intelligent learning algorithm, the deployment strategy of safety regulation, according to the frequency of attacking in the improved particle cluster algorithm optimization system daily record of parameter, kind and potential attack, adopt intelligent learning algorithm to dispose in the situation that not affecting safety defense system normal resource expense, carrying out rule for the actual environment of network disposes, employing can defend existing attack and and can see clearly potential attack according to network condition, there is the access log attack analysis engine of the ability of autonomous analytical attack, can identify common attack by access log.
Described method comprises: initialization module, log analysis module, intelligent acquisition module, high speed retrieval module, on-line analysis functional module, attack detecting function,
Wherein:
Initialization module, according to system parameters determine the classification of server, according to access log determine client's roughly classification and access frequency, according in the attack occurring in event log, access log access content and the parameter such as mode, current configured rule functional was determined in this stage, according to the data of these groupings, data in corresponding group have been carried out to initialization, be initialized as respectively N particle, and set optimum position and the initial velocity in this group, set the overall goals position of all groups;
Log analysis module, rule in recognition system and the best shortcut of attack are analyzed by daily record exactly, in access log, can attack or potential threat according to the content recognition of return code or access, certainly need to increase attack detecting function to the content analysis of access log, this function can be sorted out according to attack signature; The analysis of event log is mainly that the attack of tackling for rule is analyzed, thereby increases dependency rule or alteration ruler configuration;
Intelligence acquisition module, after algorithm initialization, connects with server and the outer net on backstage, in the situation that each initiation parameter puts in place, is optimized, and by circulation study repeatedly and the regular collection that can defend at present, finally provides defence suggestion; As: can draw defensive attack rank, priority according to parameters by optimizing, priority is higher; Need to carry out setting or the recommendation of respective rule and enable this similarly rule.
High speed retrieval module: initialized parameter can be regarded particle as, such as can be according to access resources type, N particle of potential threat type initialization in access log, attack record, type of server and customer type etc. in event log are initialized as particle, the optimization of the population by these many aspects, provide optimization formula according to the learning process of algorithm, after population has been learnt certain number of times, the conclusion of the attack type drawing is preferred plan, retrieval rate is very fast, can serial in Prevention-Security function, not take defence resource.
On-line analysis functional module: this module is in the situation that connecting outer net, draw the sequence of common attack by search on network, common attack is initialized as to a particle group equally, and the optimum position in setting group and optimum speed, and real-time joining in algorithm is optimized, for place mat has been made in the defence of system to existing attack and the early warning of potential attack;
Attack detecting function, this function class is similar to built-in IDS, intruding detection system, in this patent, the realization of this function is to sort out by analyzing all access logs, can identify SQL injection, XSS cross-site attack, ddos, CC attack etc. by coupling regular expression and judge whether it is to attack by algorithmic match, this detection type is similar to IDS, but simpler than IDS, save time, accurately.
Carry out the expansion of initialization, intelligent learning work according to the parameter of the network environment detecting and system itself, function on just initiatively goes to connect background server, outer net, searching system daily record statistics later, circulate according to intelligent learning algorithm optimization, whole function walks abreast in defence process, if do not provide optimum defense scheme or optimize unsuccessfully, still arrange by original rule.
Function flow process is as follows:
#Define ACCESS_CSIZE 4096
Rule_Clever_Setting(Rule_string *info)
{
if (RULE_ON==status)
{
Pcache=pcalloc(ACCESS_CSIZE);
Initial (sys); // initialization system parameter
}
If(PARAS==FULL)
{
My_PSO(PARAS)
}
}。
The key issue solving:
1, judge in time network environment and work in real time.
2, work time parallel with safety regulation defense function, control resource overhead can not affect safety system and normally work.
3, the in the situation that of study, the threshold value that the amount of intelligent Gains resources will keep appointments.
What this patent was applied is the type that a kind of improved particle swarm optimization algorithm (PSO) is attacked at present according to the parameter search of actual environment, algorithm prototype: bevy is at random search food.In this region, only has a food target.All birds are not all known food there.But they know how far current position also has from food.And find the optimal policy of food.The most simple and effective is exactly to search the current peripheral region from the nearest bird of food.
SO is initialized as a group random particles, and the solution of each optimization problem is a bird in search volume.We are referred to as " particle ".All examples have an adaptive value (fitness value) being determined by optimised function, and each particle also has a speed to determine direction and the distance that they circle in the air.Then particles are just followed current optimal particle and are searched in solution space, in this patent, PSO is improved, on the basis of original parameter, add population grouping mechanism, make each particle group as a large particle, there is again common target energy with overall particle, can reduce like this iterations of convergence.Improve the efficiency of optimizing, by that analogy.
PSO particle cluster algorithm formula after improvement is as follows:
C1=0.9
C2=1.1
v[] = v[] + [c1 * rand() * (pbest[] - present[]) + c2 * rand() * (gbest[] - present[]) ]
Persent[i]=Group[i]-persent[i-1]。
Described attack analysis engine is different with traditional attack detecting, general principle is according to built-in all kinds of attacks, such as the characteristic value of SQL injection attacks, XSS cross-site attack, wooden horse attack, can judge the type of this attack by detecting the characteristic value of these attacks, this than real IDS have efficiently, simple, save time, advantage accurately, can unsuccessfully make preliminary judgement for attacking.For the rule intelligence configuration of system and the effect of defensive attack startup early warning.
Beneficial effect of the present invention is: the intelligent deployment techniques that the invention provides a kind of information safety defense rule based on improved particle cluster algorithm, this technology is in the situation that not affecting original safety regulation defence flow process or principle, rule has been carried out to intelligent deployment, and intelligence is disposed with people as being deployed with difference.In existing artificial deployment base, improve the defence specific aim of safety product, reduced greatly the expense of server.
Function of the present invention:
On the basis of primary particle colony intelligence optimized algorithm, revise
User can be according to network environment, demand levels configuration parameter
Can improve greatly the load of safe coefficient, reduction system
This technology has the ability that early warning is attacked, and can provide defensive measure or alarm prompt according to the new attack on current network.
Brief description of the drawings
Fig. 1 is the workflow diagram that intelligent rules of the present invention is disposed;
Fig. 2 is PSO algorithm parameter table of the present invention;
Fig. 3 is the PSO Optimization of Information Retrieval schematic diagram after the present invention improves;
Fig. 4 is access log attack analysis engine flow chart of the present invention.
Embodiment
With reference to the accompanying drawings, by embodiment, the present invention is further described:
A kind of intelligent dispositions method of information safety defense rule based on improved particle cluster algorithm, described method comprises intelligent learning algorithm, the deployment strategy of safety regulation, according to the frequency of attacking in the improved particle cluster algorithm optimization system daily record of parameter, kind and potential attack, adopt intelligent learning algorithm to dispose in the situation that not affecting safety defense system normal resource expense, carrying out rule for the actual environment of network disposes, employing can defend existing attack and and can see clearly potential attack according to network condition, there is the access log attack analysis engine of the ability of autonomous analytical attack, can identify common attack by access log.
Described method comprises: initialization module, log analysis module, intelligent acquisition module, high speed retrieval module, on-line analysis functional module, attack detecting function,
As shown in Figure 1, it is the principle Organization Chart that this intelligent rules maps out the work, this function is the workflow that joins the intelligent deployment module of safety defense system, carry out the expansion of initialization, intelligent learning work according to the parameter of the network environment detecting and system itself, function on just initiatively goes to connect background server, outer net, searching system daily record statistics later, circulate according to intelligent learning algorithm optimization, whole function walks abreast in defence process, if do not provide optimum defense scheme or optimize unsuccessfully, still arrange by original rule.
Function flow process is as follows:
#Define ACCESS_CSIZE 4096
Rule_Clever_Setting(Rule_string *info)
{
if (RULE_ON==status)
{
Pcache=pcalloc(ACCESS_CSIZE);
Initial (sys); // initialization system parameter
}
If(PARAS==FULL)
{
My_PSO(PARAS)
}
}。
As shown in the PSO Optimization of Information Retrieval schematic diagram after Fig. 2 improves, described improved particle cluster algorithm (PSO), on the basis of original parameter, add population grouping mechanism, make each particle group as a large particle, there is again common target energy with overall particle, can reduce like this iterations of convergence.Improve the efficiency of optimizing, by that analogy.
Particle cluster algorithm (PSO) formula after improvement is as follows:
C1=0.9
C2=1.1
v[] = v[] + [c1 * rand() * (pbest[] - present[]) + c2 * rand() * (gbest[] - present[]) ]
Persent[i]=Group[i]-persent[i-1]。
Wherein relate to parameter as shown in Fig. 2 parameter list.
As shown in Figure 3, described attack analysis engine is different with traditional attack detecting, general principle is according to built-in all kinds of attacks, such as the characteristic value of SQL injection attacks, XSS cross-site attack, wooden horse attack, can judge the type of this attack by detecting the characteristic value of these attacks, this than real IDS have efficiently, simple, save time, advantage accurately, can unsuccessfully make preliminary judgement for attacking.For the rule intelligence configuration of system and the effect of defensive attack startup early warning.
Claims (7)
1. the intelligent dispositions method of information safety defense rule based on improved particle cluster algorithm, it is characterized in that: described method comprises intelligent learning algorithm, the deployment strategy of safety regulation, according to the frequency of attacking in the improved particle cluster algorithm optimization system daily record of parameter, kind and potential attack, adopt intelligent learning algorithm to dispose in the situation that not affecting safety defense system normal resource expense, carrying out rule for the actual environment of network disposes, employing can defend existing attack and and can see clearly potential attack according to network condition, there is the access log attack analysis engine of the ability of autonomous analytical attack, can identify common attack by access log.
2. the intelligent dispositions method of information safety defense rule based on improved particle cluster algorithm according to claim 1, it is characterized in that, described method comprises: initialization module, log analysis module, intelligent acquisition module, high speed retrieval module, on-line analysis functional module, attack detecting function
Wherein:
Initialization module, according to system parameters determine the classification of server, according to access log determine client's roughly classification and access frequency, according in the attack occurring in event log, access log access content and mode, current configured rule functional parameter were determined in this stage, according to the data of these groupings, data in corresponding group have been carried out to initialization, be initialized as respectively N particle, and set optimum position and the initial velocity in this group, set the overall goals position of all groups;
Log analysis module, rule in recognition system and the best shortcut of attack are analyzed by daily record exactly, in access log, attack or potential threat according to the content recognition of return code or access, need to increase attack detecting function to the content analysis of access log, this function can be sorted out according to attack signature; The analysis of event log is mainly that the attack of tackling for rule is analyzed, thereby increases dependency rule or alteration ruler configuration;
Intelligence acquisition module, after algorithm initialization, connects with server and the outer net on backstage, in the situation that each initiation parameter puts in place, is optimized, and by circulation study repeatedly and the regular collection that can defend at present, finally provides defence suggestion;
High speed retrieval module: initialized parameter can be regarded particle as, attack record, type of server and customer type in event log are initialized as particle, the optimization of the population by these many aspects, provide optimization formula according to the learning process of algorithm, after population has been learnt certain number of times, the conclusion of the attack type drawing is preferred plan;
On-line analysis functional module: this module is in the situation that connecting outer net, draw the sequence of common attack by search on network, common attack is initialized as to a particle group equally, and the optimum position in setting group and optimum speed, and real-time joining in algorithm is optimized, for place mat has been made in the defence of system to existing attack and the early warning of potential attack;
Attack detecting function, this function class is similar to built-in IDS, intruding detection system, the realization of this function is to sort out by analyzing all access logs, can identify SQL injections, XSS cross-site attack, ddos, CC attack by algorithmic match to judge whether it is attack by coupling regular expression.
3. the intelligent dispositions method of information safety defense rule based on improved particle cluster algorithm according to claim 1 and 2, it is characterized in that: carry out the expansion of initialization, intelligent learning work according to the parameter of the network environment detecting and system itself, function on just initiatively goes to connect background server, outer net, searching system daily record statistics later, circulate according to intelligent learning algorithm optimization, whole function walks abreast in defence process, if do not provide optimum defense scheme or optimize unsuccessfully, still arrange by original rule.
4. the intelligent dispositions method of information safety defense rule based on improved particle cluster algorithm according to claim 3, is characterized in that:
Function flow process is as follows:
#Define ACCESS_CSIZE 4096
......
Rule_Clever_Setting(Rule_string *info)
{
......
if (RULE_ON==status)
{
Pcache=pcalloc(ACCESS_CSIZE);
Initial (sys); // initialization system parameter
}
If(PARAS==FULL)
{
My_PSO(PARAS)
}
......
}。
5. the intelligent dispositions method of information safety defense rule based on improved particle cluster algorithm according to claim 1 and 2, it is characterized in that: described improved particle cluster algorithm, on the basis of original parameter, add population grouping mechanism, make each particle group as a large particle, and the particle of entirety have again common target energy.
6. the intelligent dispositions method of information safety defense rule based on improved particle cluster algorithm according to claim 5, is characterized in that: the particle cluster algorithm formula after improvement is as follows:
C1=0.9
C2=1.1
v[] = v[] + [c1 * rand() * (pbest[] - present[]) + c2 * rand() * (gbest[] - present[]) ]
Persent[i]=Group[i]-persent[i-1]。
7. the intelligent dispositions method of information safety defense rule based on improved particle cluster algorithm according to claim 1 and 2, it is characterized in that: described attack analysis engine, according to built-in all kinds of attacks, can judge the type of this attack by detecting the characteristic value of these attacks.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410220237.0A CN103973702A (en) | 2014-05-23 | 2014-05-23 | Information security defense rule intelligent deployment method based on improved particle swarm optimization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410220237.0A CN103973702A (en) | 2014-05-23 | 2014-05-23 | Information security defense rule intelligent deployment method based on improved particle swarm optimization |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103973702A true CN103973702A (en) | 2014-08-06 |
Family
ID=51242748
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410220237.0A Withdrawn CN103973702A (en) | 2014-05-23 | 2014-05-23 | Information security defense rule intelligent deployment method based on improved particle swarm optimization |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103973702A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105592049A (en) * | 2015-09-07 | 2016-05-18 | 杭州华三通信技术有限公司 | Attack defense rule opening method and device |
| EP3065376A1 (en) * | 2015-03-02 | 2016-09-07 | Harris Corporation | Cross-layer correlation in secure cognitive network |
| CN105959324A (en) * | 2016-07-15 | 2016-09-21 | 江苏博智软件科技有限公司 | Regular matching-based network attack detection method and apparatus |
| CN106534114A (en) * | 2016-11-10 | 2017-03-22 | 北京红马传媒文化发展有限公司 | Big-data-analysis-based anti-malicious attack system |
| CN106845239A (en) * | 2017-02-27 | 2017-06-13 | 郑州云海信息技术有限公司 | A kind of operating system real-time alert method based on intelligence learning algorithm |
| CN107104959A (en) * | 2017-04-20 | 2017-08-29 | 北京东方棱镜科技有限公司 | Anomaly detection method and device in cloud environment |
| CN108351940A (en) * | 2015-09-03 | 2018-07-31 | 策安保安有限公司 | High frequency heuristic data for information security events obtains the system and method with analysis |
| CN108494805A (en) * | 2018-05-25 | 2018-09-04 | 何林明 | A kind of processing method and processing device of CC attacks |
| CN110737524A (en) * | 2019-10-18 | 2020-01-31 | 北京思维造物信息科技股份有限公司 | task rule management method, device, equipment and medium |
| CN117857222A (en) * | 2024-03-07 | 2024-04-09 | 国网江西省电力有限公司电力科学研究院 | Dynamic IP-based network dynamic defense system and method for new energy centralized control station |
-
2014
- 2014-05-23 CN CN201410220237.0A patent/CN103973702A/en not_active Withdrawn
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3065376A1 (en) * | 2015-03-02 | 2016-09-07 | Harris Corporation | Cross-layer correlation in secure cognitive network |
| TWI631843B (en) * | 2015-03-02 | 2018-08-01 | 賀利實公司 | Communication network defending itself from adversarial attack and method for defending communication network from adversarial attack |
| CN108351940A (en) * | 2015-09-03 | 2018-07-31 | 策安保安有限公司 | High frequency heuristic data for information security events obtains the system and method with analysis |
| CN108351940B (en) * | 2015-09-03 | 2021-05-07 | 策安保安有限公司 | System and method for high frequency heuristic data acquisition and analysis of information security events |
| CN105592049B (en) * | 2015-09-07 | 2019-01-25 | 新华三技术有限公司 | A kind of open method and device of attack defending rule |
| CN105592049A (en) * | 2015-09-07 | 2016-05-18 | 杭州华三通信技术有限公司 | Attack defense rule opening method and device |
| CN105959324A (en) * | 2016-07-15 | 2016-09-21 | 江苏博智软件科技有限公司 | Regular matching-based network attack detection method and apparatus |
| CN106534114A (en) * | 2016-11-10 | 2017-03-22 | 北京红马传媒文化发展有限公司 | Big-data-analysis-based anti-malicious attack system |
| CN106534114B (en) * | 2016-11-10 | 2020-10-02 | 北京红马传媒文化发展有限公司 | Malicious attack prevention system based on big data analysis |
| CN106845239A (en) * | 2017-02-27 | 2017-06-13 | 郑州云海信息技术有限公司 | A kind of operating system real-time alert method based on intelligence learning algorithm |
| CN107104959A (en) * | 2017-04-20 | 2017-08-29 | 北京东方棱镜科技有限公司 | Anomaly detection method and device in cloud environment |
| CN108494805A (en) * | 2018-05-25 | 2018-09-04 | 何林明 | A kind of processing method and processing device of CC attacks |
| CN110737524A (en) * | 2019-10-18 | 2020-01-31 | 北京思维造物信息科技股份有限公司 | task rule management method, device, equipment and medium |
| CN117857222A (en) * | 2024-03-07 | 2024-04-09 | 国网江西省电力有限公司电力科学研究院 | Dynamic IP-based network dynamic defense system and method for new energy centralized control station |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103973702A (en) | Information security defense rule intelligent deployment method based on improved particle swarm optimization | |
| Wu et al. | Data mining-based intrusion detectors | |
| Niu et al. | Identifying APT malware domain based on mobile DNS logging | |
| CN104811452A (en) | Data mining based intrusion detection system with self-learning and classified early warning functions | |
| CN114499982B (en) | Honey net dynamic configuration strategy generation method, configuration method and storage medium | |
| CN106030272A (en) | Engine management using knock data | |
| CN107483425A (en) | Composite attack detection method based on attack chain | |
| Chakravarty | Feature selection and evaluation of permission-based android malware detection | |
| Maslan et al. | Feature selection for DDoS detection using classification machine learning techniques | |
| Piplai et al. | Using knowledge graphs and reinforcement learning for malware analysis | |
| CN116405246A (en) | Vulnerability exploitation chain construction technology based on attack and defense combination | |
| Nadiammai et al. | A comprehensive analysis and study in intrusion detection system using data mining techniques | |
| Milan et al. | Reducing false alarms in intrusion detection systems–a survey | |
| Murugan et al. | System and methodology for unknown malware attack | |
| Cai et al. | Automatic software vulnerability detection based on guided deep fuzzing | |
| CN103916399A (en) | Computer information security defense system | |
| Yuan et al. | Research of intrusion detection system on android | |
| Zhou et al. | Expdf: Exploits detection system based on machine-learning | |
| Daund et al. | Intrusion Detection in Wireless Sensor Networks using Hybrid Deep Belief Networks and Harris Hawks Optimizer | |
| Hashim et al. | A proposal to detect computer worms (malicious codes) using data mining classification algorithms | |
| Luo | Research on network security intrusion detection system based on machine learning | |
| Jia et al. | Bidirectional RNN-Based Few-Shot Training for Detecting Multi-stage Attack | |
| Sun et al. | Application of Artificial Intelligence Technology in Honeypot Technology | |
| Yu | A new model of intelligent hybrid network intrusion detection system | |
| Shaout et al. | Fuzzy zero day exploits detector system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20140806 |
|
| WW01 | Invention patent application withdrawn after publication |