CN104935600B - A kind of mobile ad-hoc network intrusion detection method and equipment based on deep learning - Google Patents
A kind of mobile ad-hoc network intrusion detection method and equipment based on deep learning Download PDFInfo
- Publication number
- CN104935600B CN104935600B CN201510344393.2A CN201510344393A CN104935600B CN 104935600 B CN104935600 B CN 104935600B CN 201510344393 A CN201510344393 A CN 201510344393A CN 104935600 B CN104935600 B CN 104935600B
- Authority
- CN
- China
- Prior art keywords
- network
- node
- data packet
- module
- invasion
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
Abstract
The invention discloses a kind of mobile ad-hoc network intrusion detection method and equipment based on deep learning, is related to wireless network secure field.Equipment of the invention includes data acquisition module, data fusion module, preprocessing module, memory module, intrusion detection module and response alarm module, after the wireless data packet that will be captured carries out fusion and de-redundancy, extracts network behavior feature and stores;The deep neural network model of expression network behavior is established after deep learning network behavior feature;Network data to be detected is inputted into deep neural network model, completes to alert response after the judgement and identification of invasion.The method of the present invention, which will test, store for abnormal network behavior feature vector and is used to train deep neural network, when these invasion types occur again, can be detected identification.The present invention improves Detection accuracy, further increases the safety of mobile ad-hoc network under the premise of guaranteeing model training and detection efficiency.
Description
Technical field
The present invention relates to mobile ad-hoc network fields and deep learning field, the especially intrusion detection in self-organizing network
Method and apparatus.
Background technique
The difference of movable self-organization (Ad hoc) network and fixed cable network, leads to intruding detection system (Intrusion
Detection System, IDS) in Adhoc network face different problems.Adhoc network uses open wireless communication
Road, no fixed router make it easier to be invaded.Ad hoc network causes IDS good without static infrastructure
Statistical data, the network characterization of acquisition are confined to specific range for wireless communication.Therefore, Intrusion Detection Technique in the urgent need to address
Problems faced in mobile ad-hoc network, and then the security protection system of network can be enhanced.
Deep learning big data, multidimensional characteristic Machine Learning Problems on show good performance.Ad hoc net
Invasion present in network is varied, needs to collect mass data, statistics multidimensional characteristic to analyze ad hoc network behavior, carries out
Intrusion detection.Deep learning is applied in the intrusion detection of ad hoc network, deep neural network can be played in machine learning, spy
The advantage that sign is extracted, for the intrusion detection of ad hoc network, this complicated behavior pattern recognition problem provides an effectively way
Diameter.
It is CN101610516A, entitled " intrusion detection method and equipment in self-organizing network " in notification number
One kind is disclosed in patent document network characterization is classified based on information gain, screened from grouping using support vector machines optimal
Character subset judges the intrusion detection method whether network is invaded.But this method is only able to detect in network and whether there is
Invasion, cannot recognize that invasion type, only a kind of abnormality detection technology;This method uses a kind of shallow-layer Neural Network Science
Practise model, the advantage without deep learning;In addition, this method is without reference to wireless monitor and packet capture.
Application No. is a kind of 201310682813.9, entitled " wireless sensor networks neural network based
Intrusion detection algorithm " discloses a kind of wireless sensor network IDS Framework, including misuse detection, abnormality detection and decision
Module has chosen BP neural network, generalized regression nerve networks, the BP neural network based on genetic algorithm optimization and carries out MATLAB
Emulation experiment.The invention does not use deep neural network, and has only carried out MATLAB emulation, it cannot be said that bright algorithm is true
Validity in network environment does not capture wireless self-organization network data packet, extracts without reference to network characterization, cannot be direct
Applied to the intrusion detection in self-organizing network.
Summary of the invention
The technical problem to be solved by the present invention is to, it is faced with extremely complex security threat for current ad hoc network,
Still lack mature research achievement for the Intrusion Detection Technique of ad hoc network, ad hoc network cannot be met well
Demand for security proposes the intrusion detection method in a kind of mobile ad-hoc network, can guarantee model training and detection efficiency
Under the premise of, improve Detection accuracy.
In order to solve the above technical problems, the present invention adopts the following technical scheme:
A kind of mobile ad-hoc network intrusion detection method based on deep learning, comprising the following steps:
1. capturing wireless data packet from normal mobile ad-hoc network, by data prediction, it is normal to obtain network
Behavioural characteristic data set, and it is split as the training set and test set of normal behavior of the network feature;In mobile ad-hoc network
It is middle that a variety of known invasion nodes are added, wireless data packet is captured from the mobile ad-hoc network that invasion node is added, is passed through
Data prediction obtains network intrusions behavioural characteristic data set, and be split as network intrusions behavioural characteristic training set and
Test set;The wireless data packet includes routing request packet, route replies packet, routing error packet and business data packet;
Feature in the normal behavior of the network characteristic data set and network intrusions behavioural characteristic data set includes:
(1) RREQ Sent: the route request information packet sum that node is sent;
(2) RREQ Received: the received route request information packet sum of node;
(3) RREP Sent: the route replies message package sum that node is sent;
(4) RREP Received: the received route replies message package sum of node;
(5) RERR Sent: the routing error message package sum that node is sent;
(6) RERR Received: the received routing error message package sum of node;
(7) Data Sent: the business data packet sum that node is sent;
(8) Data Received: the received business data packet sum of node;
(9) Route Drop: the routing packet sum that node abandons;
(10) Route Transmit: the routing packet sum of node forwarding;
(11) Data Drop: the business data packet sum that node abandons;
(12) Data Transmit: the business data packet sum of node forwarding;
(13) Packet size: data packet mean size;
(14) Active Node: live-vertex number;
2. being obtained to network just using normal behavior of the network feature training set training deep neural network abnormality detection model
The expression of Chang Hangwei;Using network intrusions behavioural characteristic training set training deep neural network Misuse Detection Model, obtain to net
The expression of network intrusion behavior;
3. normal behavior of the network characteristic test collection test depth neural network abnormality detection model is used, according to test result
Further adjust model parameter;Use network intrusions behavioural characteristic test set test depth neural network Misuse Detection Model, root
Model parameter is further adjusted according to test result;
4. when intrusion detection, multiple wireless monitor nodes capture wireless data packet from mobile ad-hoc network in real time, warp
It crosses data prediction and obtains network behavior feature vector, the depth nerve net after network behavior feature vector to be inputted to adjusting parameter
Network abnormality detection model is identified that the depth after will be deemed as abnormal network behavior feature vector input adjusting parameter is neural
Network Misuse & detection model is identified, is judged the recognition result of invasion type;
5. alerting such invasion of display if recognition result meets known invasion type;If recognition result is not met
Abnormal network behavior feature vector is then stored as new network intrusion character vector, works as depth by known invasion type
After neural network can identify the new network intrusion character vector of storage, class division is carried out to it using clustering algorithm, will be clustered
New network intrusion character vector afterwards trains deep neural network Misuse Detection Model as network intrusions behavioural characteristic training set,
When these invasion types occur again, identification can be detected;
Complete the mobile ad-hoc network intrusion detection method based on deep learning.
Wherein, the data prediction specifically includes the following steps:
(101) size of each wireless data packet captured is calculated, then carry out frame parsing respectively and extracts representative nothing
The field of line type of data packet;
(102) judge the type of each wireless data packet and classify to each wireless data packet;
(103) the network behavior feature vector of every class wireless data packet is extracted.
Wherein, the vector that the network behavior feature vector is made of the element of multiple characterization network performances,
It specifically includes: the transmitting and receiving frequency of route request information, the transmitting and receiving frequency of route replies message and data packet delivery fraction.
Wherein, the use normal behavior of the network feature training set training deep neural network abnormality detection model is specific
The following steps are included:
(201) model parameter of deep neural network is initialized;The model parameter of the deep neural network includes learning
Habit rate, depth and each layer of neuron number;
(202) normal behavior of the network feature training set is inputted into deep neural network model, deep neural network model is certainly
Connection weight between dynamic adjustment neuron, obtains the abstract expression to training data.
Wherein, the number that the deep neural network abnormality detection model and deep neural network Misuse Detection Model use
Learning model is deep neural network model;The deep neural network is the mathematical model using deep learning algorithm, tool
Body are as follows: deepness belief network or convolutional neural networks.
Wherein, the step 3. specifically includes the following steps:
It (301) will be after normal behavior of the network characteristic test collection and network intrusions behavioural characteristic test set input adjusting parameter
Deep neural network abnormality detection model, deep neural network abnormality detection model identify each of test set feature vector
Be it is normal or abnormal, count detection accuracy, rate of failing to report and rate of false alarm;
(302) deep neural network after the feature vector that recognition result in (301) is exception to be inputted to adjusting parameter is missed
With detection model, invasion type is identified, recognition correct rate is counted;
(303) if statistical result does not reach goal-selling requirement, percentage regulation neural network abnormality detection model and
The parameter of Misuse Detection Model, the parameter of re -training deep neural network abnormality detection model and Misuse Detection Model, until
Reach goal-selling requirement.
A kind of mobile ad-hoc network intrusion detection device based on deep learning, comprising: data acquisition module, data are melted
Mold block, preprocessing module, memory module, intrusion detection module and response alarm module;
The data acquisition module, according to the mobile ad-hoc network size to be detected, the cloth in mobile ad-hoc network
Set multiple wireless monitor nodes, for capture the wireless data packet in mobile ad-hoc network in real time and by wireless data packet it is wireless
It is transmitted to data fusion module;The wireless data packet includes routing request packet, route replies packet, routing error packet and business
Data packet;
The wireless data packet for multiple wireless monitor points capture that the data fusion module is used to receive merges,
Preprocessing module is sent or is wirelessly transmitted to through cable after removing redundancy;
The preprocessing module is used to carry out frame dissection process to fused data, extracts, statistics network behavioural characteristic,
Network behavior feature vector is obtained, and network behavior feature vector is sent to memory module;
The network behavior feature includes:
(1) RREQ Sent: the route request information packet sum that node is sent;
(2) RREQ Received: the received route request information packet sum of node;
(3) RREP Sent: the route replies message package sum that node is sent;
(4) RREP Received: the received route replies message package sum of node;
(5) RERR Sent: the routing error message package sum that node is sent;
(6) RERR Received: the received routing error message package sum of node;
(7) Data Sent: the business data packet sum that node is sent;
(8) Data Received: the received business data packet sum of node;
(9) Route Drop: the routing packet sum that node abandons;
(10) Route Transmit: the routing packet sum of node forwarding;
(11) Data Drop: the business data packet sum that node abandons;
(12) Data Transmit: the business data packet sum of node forwarding;
(13) Packet size: data packet mean size;
(14) Active Node: live-vertex number;
The memory module includes general memory block and new Intrusion Signatures memory block, for what will be obtained after pretreatment
Network behavior feature vector is stored in general memory block, and network behavior feature vector is sent to intrusion detection module;
The intrusion detection module is used for real-time detection network intrusions, will invade information push-notification-answer alarm module and incite somebody to action
New invasion network behavior characteristic storage is in new Intrusion Signatures memory block;
If detecting network intrusions and identifying invasion type, information push-notification-answer alarm module will be invaded;If
It detects network intrusions but does not identify invasion type, judge that, there are unknown invasion type in network, push-notification-answer alerts mould
Block, by corresponding new invasion network behavior characteristic storage in new Intrusion Signatures memory block, the invasion information includes invasion class
Type and invasion time of origin;
The response alarm module is for issuing warning information after the notice for receiving intrusion detection module;The announcement
Alert information includes invasion type and invasion time of origin;
The new Intrusion Signatures memory block is used to reach intrusion detection module in the amount of storage of newly invasion network behavior feature
After capable of identifying, class division is carried out to it using clustering algorithm, and the new invasion network behavior feature after cluster is sent to invasion
Detection module.
Wherein, the intrusion detection module include abnormality detecting unit and misuse detection unit,
The abnormality detecting unit, for obtaining to network based on normal behavior of the network feature training deep neural network
The expression of normal behaviour, and real-time detection network intrusions;The normal behavior of the network feature vector is moved certainly from normal
It is obtained after the preprocessed module pretreatment of the wireless data packet acquired in tissue network;
The misuse detection unit, for obtaining to network based on network intrusions behavioural characteristic training deep neural network
The expression of intrusion behavior, and identify then invasion type will invade information push-notification-answer alarm module;The network intrusions row
Be characterized be from the preprocessed module of wireless data packet acquired in the mobile ad-hoc network that known invasion node is added in advance from
It is obtained after reason.
The present invention with respect to the background art the advantages of be:
By using the intrusion detection method and equipment, due to constructing deep neural network using depth learning technology
IDS Framework, the deep layer attribute of energy learning training data, obtains the feature representation to normal behavior of the network or intrusion behavior,
So Detection accuracy can be improved under the premise of guaranteeing model training and detection efficiency.
Detailed description of the invention
Fig. 1 is intrusion detection method flow chart of the present invention;
Fig. 2 is intrusion detection device block diagram of the present invention;
Fig. 3 is the training test process flow chart of intrusion detection in the embodiment of the present invention;
Fig. 4 is intrusion detection overhaul flow chart in the embodiment of the present invention.
In Fig. 2: 1. intrusion detection devices, 2. data acquisition modules (wireless monitor node), 3. data fusion modules, 4. are in advance
Processing module, 5. memory modules, 6. intrusion detection modules, 7. response alarm modules, 8. mobile ad-hoc networks, 9. network sections
Point.
Specific embodiment
The embodiment of the present invention provides a kind of intrusion detection method in the mobile ad-hoc network based on deep learning and sets
It is standby, Detection accuracy can be improved under the premise of guaranteeing model training and detection efficiency.
The embodiment of the present invention is described in detail with reference to the accompanying drawing.
As shown in Figure 1, a kind of mobile ad-hoc network intrusion detection method based on deep learning of the invention include with
Lower step:
1. packet capture and pretreatment: mass data packet is captured from normal mobile ad-hoc network, by frame solution
Analysis judges data package size, extracts the field for representing type of data packet, judges type of data packet, each in the statistical unit time
The transmission frequency of the data packet of seed type receives the characteristic informations such as frequency, mean size, duration, obtains the normal row of network
It is characterized data set, and it is split as training set and test set according to the ratio of 3:1;Add respectively in mobile ad-hoc network
Entering a variety of known invasion nodes, captures mass data respectively, the same above process obtains network intrusions behavioural characteristic data set,
And it is split as training set and test set;The wireless data packet includes routing request packet, route replies packet, routing error
Packet and business data packet;
2. using network behavior feature training set training deep neural network detection model: normal behavior of the network feature is instructed
Practice collection input deep neural network abnormality detection model, the connection weight between model adjust automatically neuron is obtained to network
The expression of normal behaviour;Network intrusion character training set is inputted into deep neural network Misuse Detection Model, model adjust automatically
Connection weight between neuron obtains the expression to network intrusions behavior;
Training process specifically:
(201) model parameter of deep neural network is initialized;The model parameter of the deep neural network includes learning
Habit rate, depth and each layer of neuron number;
(202) network behavior feature training set is inputted into deep neural network model, deep neural network model is adjusted automatically
Connection weight between whole neuron obtains the abstract expression to training data.
3. using network behavior characteristic test collection test depth neural network detection model: normal behavior of the network feature is surveyed
Examination collection input deep neural network abnormality detection model, test model detection effect further adjust model parameter (number of plies, mind
Through first number, learning rate etc.);Network intrusions behavioural characteristic test set is inputted into deep neural network abnormality detection model, test
Model inspection effect further adjusts model parameter (number of plies, neuron number, learning rate etc.);
Test process specifically:
(301) by the depth after network behavior characteristic test collection and network intrusions behavioural characteristic test set input adjusting parameter
Neural network abnormality detection model, deep neural network abnormality detection model identify that each of test set feature vector is just
It is normal or abnormal, count detection accuracy, rate of failing to report and rate of false alarm;
(302) deep neural network after the feature vector that recognition result in (301) is exception to be inputted to adjusting parameter is missed
With detection model, invasion type is identified, recognition correct rate is counted;
(303) if statistical result does not reach goal-selling requirement, percentage regulation neural network abnormality detection model and
The parameter of Misuse Detection Model, the parameter of re -training deep neural network abnormality detection model and Misuse Detection Model, until
Reach goal-selling requirement.
Embodiment: intrusion detection method is to deep neural network intrusion detection in mobile ad-hoc network of the embodiment of the present invention
Training testing process as shown in figure 3, intrusion detection process is as shown in Figure 4.
For example, routing layer attacks for mobile ad-hoc network, comprising: sequence number attack, mistake distance vector are attacked, are black
Hole attack etc., wireless monitor node captures wireless data packet, by data fusion, pretreatment, extracts following characteristics set:
(1) RREQ Sent: the route request information packet sum that node is sent;
(2) RREQ Received: the received route request information packet sum of node;
(3) RREP Sent: the route replies message package sum that node is sent;
(4) RREP Received: the received route replies message package sum of node;
(5) RERR Sent: the routing error message package sum that node is sent;
(6) RERR Received: the received routing error message package sum of node;
(7) Data Sent: the business data packet sum that node is sent;
(8) Data Received: the received business data packet sum of node;
(9) Route Drop: the routing packet sum that node abandons;
(10) Route Transmit: the routing packet sum of node forwarding;
(11) Data Drop: the business data packet sum that node abandons;
(12) Data Transmit: the business data packet sum of node forwarding;
(13) Packet size: data packet mean size;
(14) Active Node: live-vertex number.
All of above feature collectively constitutes network behavior feature vector, the input as deep neural network.
The embodiment of the present invention models training data using deepness belief network (Deep Belief Nets, DBN),
DBN is a kind of deep neural network model of comparative maturity, by two layers of limited Boltzmann machine (Restricted Boltzmann
Machine, RBM) plus one layer of BP (BackPropagation) neural network composition.To DBN by the way of successively training, close
Key is to train RBM that formula (1) (2) (3) can be obtained by derivation according to the structure of RBM unsupervisedly.In formula (1), T is indicated
Sample size, v indicate network characterization vector, the i.e. state vector of RBM visible layer;In formula (2), formula (3), viIndicate visible
The state of i-th of neuron of layer, aiIndicate the biasing of i-th of neuron of visible layer, hjIndicate the shape of j-th of neuron of hidden layer
State, bjIndicate the biasing of j-th of neuron of hidden layer;P (h | v, θ) it is that condition is distributed;θ is the parameter set { W, a, b } of RBM;W is
Connection weight matrix.
One RBM of training is actually adjusting parameter collection θ, to be fitted given training sample, that is, under the parameter by
The probability distribution that corresponding RBM is indicated is consistent with training data as much as possible, can be described as maximizing on mathematical expression public
The likelihood function of formula (1) description.
If Direct calculation formulas (1), process will be extremely complex, and the embodiment of the present invention uses the higher CD of computational efficiency
Fast learning algorithm, key step are as follows:
(1) the parameter set θ of RBM={ W, a, b } is initialized as smaller value, training data is split as supreme comprising tens
The small lot data of hundred samples;
(2) visual layers v is enabled1Equal to first small lot sample batch 1;
(3) h is acquired using formula (2)1=sigmoid (b'+v1·W');V is obtained using formula (3)2=sigmoid (a'+
h1W), formula (2) are recycled to acquire h2=sigmoid (b'+v2·W');
(4) parameters are updated according to following formula (4);In formula (4), W is connection weight matrix, a is visible
Layer bias vector, b are hidden layer bias vector, η is learning rate;
(5) v is enabled1Respectively equal to other small lot data repeat step (3) and step (4), obtain model parameter;
After the completion of two layers of RBM individually unsupervised training, upper label is added to training data, with having supervision training BP nerve
Network.
4. when intrusion detection, multiple wireless monitor nodes capture wireless data packet from mobile ad-hoc network in real time, warp
Frame parsing is crossed, judges data package size, the field for representing type of data packet is extracted, judges type of data packet, statistical unit time
The transmission frequency of the data packet of interior each type receives the characteristic informations such as frequency, mean size, duration, obtains network
Behavioural characteristic vector, the deep neural network abnormality detection model after network behavior feature vector to be inputted to adjusting parameter are known
Not, the deep neural network Misuse Detection Model after will be deemed as abnormal network behavior feature vector input adjusting parameter carries out
Identification judges the recognition result of invasion type;
The vector that the network behavior feature vector is made of the element of multiple characterization network performances, it is specific to wrap
It includes: the transmitting and receiving frequency of route request information, the transmitting and receiving frequency of route replies message and data packet delivery fraction.
5. alerting such invasion of display if recognition result meets known invasion type;If recognition result is not met
Abnormal network behavior feature vector is then stored as new network intrusion character vector, works as depth by known invasion type
After neural network can identify the new network intrusion character vector of storage, class division is carried out to it using clustering algorithm, will be clustered
New network intrusion character vector afterwards is as network intrusion character training set training deep neural network Misuse Detection Model, when this
When a little invasion types occur again, identification can be detected;
Embodiment: the DBN model after training, the normal or intrusion behavior that network is saved in the form of parameter set are special
Sign, to establish the normal or intrusion behavior identification model of mobile ad-hoc network, in detection process and normal behaviour deviation
Larger network characterization is judged as exception, with certain higher network characterization of intrusion behavior matching degree be judged as it is this enter
It invades.After detecting invasion, equipment issues warning information to network management, then updates detection journal file, continues next inspection
It surveys.
Complete the mobile ad-hoc network intrusion detection method based on deep learning.
As shown in Fig. 2, a kind of mobile ad-hoc network intrusion detection device based on deep learning of the invention includes: number
According to acquisition module, data fusion module, preprocessing module, memory module, intrusion detection module and response alarm module.
1. data acquisition module arranges that multiple wireless monitor nodes, monitoring network flow are caught in mobile ad-hoc network
Wireless data packet is obtained, the data of capture are radioed into data fusion module, the fusion of complete paired data, removal redundancy letter
Breath;
2. data fusion module merges the data that multiple monitoring points capture, redundancy is removed, guarantees information
Accuracy;
3. preprocessing module judges data package size, the field for representing type of data packet is extracted, judges type of data packet,
The features letter such as the transmission frequency of the data packet of each type, reception frequency, mean size, duration in the statistical unit time
Breath, obtains network behavior feature vector;
4. memory module, including general memory block and new Intrusion Signatures memory block, the network that will be obtained after pretreatment
Behavioural characteristic vector is stored in general memory block, convenient for analyzing in next step;
5. intrusion detection module, including abnormality detecting unit and misuse detection unit, are used for real-time detection network intrusions, will
Invasion information push-notification-answer alarm module simultaneously will newly invade network behavior characteristic storage in new Intrusion Signatures memory block;
If detecting network intrusions and identifying invasion type, information push-notification-answer alarm module will be invaded;If
It detects network intrusions but does not identify invasion type, judge that, there are unknown invasion type in network, push-notification-answer alerts mould
Block, by corresponding new invasion network behavior characteristic storage in new Intrusion Signatures memory block, the invasion information includes invasion class
Type and invasion time of origin;
Abnormality detecting unit, for obtaining normal to network based on normal behavior of the network feature training deep neural network
The expression of behavior, and real-time detection network intrusions;The normal behavior of the network feature vector is from normal movable self-organization
It is obtained after the preprocessed module pretreatment of the wireless data packet acquired in network;
Detection unit is misapplied, for obtaining to network intrusions based on network intrusions behavioural characteristic training deep neural network
The expression of behavior, and identify then invasion type will invade information push-notification-answer alarm module;The network intrusions behavior is special
Sign is after the preprocessed module pretreatment of wireless data packet acquired in the mobile ad-hoc network that known invasion node is added
It obtains;
6. responding alarm module, warning information is issued after receiving the notice of intrusion detection module;The warning information
Including invasion type and invasion time of origin;
7. new Intrusion Signatures memory block, for reaching intrusion detection module energy in the amount of storage of newly invasion network behavior feature
After identification, class division is carried out to it using clustering algorithm, and the new invasion network behavior feature after cluster is sent to invasion inspection
Survey module.
Claims (8)
1. a kind of mobile ad-hoc network intrusion detection method based on deep learning, which comprises the following steps:
1. capturing wireless data packet from normal mobile ad-hoc network, by data prediction, normal behavior of the network is obtained
Characteristic data set, and it is split as the training set and test set of normal behavior of the network feature;Add in mobile ad-hoc network
Enter a variety of known invasion nodes, wireless data packet is captured from the mobile ad-hoc network that invasion node is added, by data
Pretreatment, obtains network intrusions behavioural characteristic data set, and be split as training set and the test of network intrusions behavioural characteristic
Collection;The wireless data packet includes routing request packet, route replies packet, routing error packet and business data packet;
Feature in the normal behavior of the network characteristic data set and network intrusions behavioural characteristic data set includes:
(1) RREQ Sent: the route request information packet sum that node is sent;
(2) RREQ Received: the received route request information packet sum of node;
(3) RREP Sent: the route replies message package sum that node is sent;
(4) RREP Received: the received route replies message package sum of node;
(5) RERR Sent: the routing error message package sum that node is sent;
(6) RERR Received: the received routing error message package sum of node;
(7) Data Sent: the business data packet sum that node is sent;
(8) Data Received: the received business data packet sum of node;
(9) Route Drop: the routing packet sum that node abandons;
(10) Route Transmit: the routing packet sum of node forwarding;
(11) Data Drop: the business data packet sum that node abandons;
(12) Data Transmit: the business data packet sum of node forwarding;
(13) Packet size: data packet mean size;
(14) Active Node: live-vertex number;
2. being obtained using normal behavior of the network feature training set training deep neural network abnormality detection model to the normal row of network
For expression;Using network intrusions behavioural characteristic training set training deep neural network Misuse Detection Model, obtain entering network
Invade the expression of behavior;
3. normal behavior of the network characteristic test collection test depth neural network abnormality detection model is used, according to test result into one
Successive step model parameter;Using network intrusions behavioural characteristic test set test depth neural network Misuse Detection Model, according to survey
Test result further adjusts model parameter;
4. when intrusion detection, multiple wireless monitor nodes capture wireless data packet from mobile ad-hoc network in real time, by number
Data preprocess obtains network behavior feature vector, and the deep neural network after network behavior feature vector to be inputted to adjusting parameter is different
Normal detection model is identified, be will be deemed as abnormal network behavior feature vector and is inputted the deep neural network after adjusting parameter
Misuse Detection Model is identified, is judged the recognition result of invasion type;
5. alerting such invasion of display if recognition result meets known invasion type;If recognition result does not meet known
Type is invaded, then is stored abnormal network behavior feature vector as new network intrusion character vector, when depth nerve
After network can identify the new network intrusion character vector of storage, class division is carried out to it using clustering algorithm, after cluster
New network intrusion character vector is as network intrusions behavioural characteristic training set training deep neural network Misuse Detection Model, when this
When a little invasion types occur again, identification can be detected;
Complete the mobile ad-hoc network intrusion detection method based on deep learning.
2. a kind of mobile ad-hoc network intrusion detection method based on deep learning according to claim 1, feature
Be: the data prediction specifically includes the following steps:
(101) size of each wireless data packet captured is calculated, then carry out frame parsing respectively and extracts representative without line number
According to the field of Packet type;
(102) judge the type of each wireless data packet and classify to each wireless data packet;
(103) the network behavior feature vector of every class wireless data packet is extracted.
3. a kind of mobile ad-hoc network intrusion detection method based on deep learning according to claim 1 or 2, special
Sign is: the vector that the network behavior feature vector is made of the element of multiple characterization network performances, specific to wrap
It includes: the transmitting and receiving frequency of route request information, the transmitting and receiving frequency of route replies message and data packet delivery fraction;
The acquisition modes of the network behavior feature vector are as follows: frame parsing is carried out to wireless data packet, data package size is judged, mentions
The field for replacing table type of data packet, judges type of data packet, the transmission of the data packet of each type in the statistical unit time
Frequency receives frequency, mean size, duration, obtains network behavior feature vector.
4. a kind of mobile ad-hoc network intrusion detection method based on deep learning according to claim 1, feature
Be: described being specifically included using normal behavior of the network feature training set training deep neural network abnormality detection model is following
Step:
(201) model parameter of deep neural network is initialized;The model parameter of the deep neural network include learning rate,
Depth and each layer of neuron number;
(202) normal behavior of the network feature training set is inputted into deep neural network model, deep neural network model is adjusted automatically
Connection weight between whole neuron obtains the abstract expression to training data.
5. a kind of mobile ad-hoc network intrusion detection method based on deep learning according to claim 1 or 4, special
Sign is: the mathematical model that the deep neural network abnormality detection model and deep neural network Misuse Detection Model use
It is deep neural network model;The deep neural network is the mathematical model using deep learning algorithm, specifically: it is deep
Spend belief network or convolutional neural networks.
6. a kind of mobile ad-hoc network intrusion detection method based on deep learning according to claim 1, feature
Be: the step 3. specifically includes the following steps:
(301) by the depth after normal behavior of the network characteristic test collection and network intrusions behavioural characteristic test set input adjusting parameter
Neural network abnormality detection model, deep neural network abnormality detection model identify that each of test set feature vector is just
It is normal or abnormal, count detection accuracy, rate of failing to report and rate of false alarm;
(302) deep neural network after the feature vector that recognition result in (301) is exception to be inputted to adjusting parameter misapplies inspection
Model is surveyed, invasion type is identified, recognition correct rate is counted;
(303) if statistical result does not reach goal-selling requirement, percentage regulation neural network abnormality detection model and misuse
The parameter of detection model, the parameter of re -training deep neural network abnormality detection model and Misuse Detection Model, until reaching
Goal-selling requirement.
7. a kind of mobile ad-hoc network intrusion detection device based on deep learning, characterized by comprising: data acquisition module
Block, data fusion module, preprocessing module, memory module, intrusion detection module and response alarm module;
The data acquisition module, according to the mobile ad-hoc network size to be detected, in the covering model of mobile ad-hoc network
The multiple wireless monitor nodes of middle arrangement are enclosed, for capturing the wireless data packet in mobile ad-hoc network in real time and by wireless data
Packet is wirelessly transmitted to data fusion module;The wireless data packet includes routing request packet, route replies packet, routing error packet
And business data packet;
The wireless data packet for multiple wireless monitor nodes capture that the data fusion module is used to receive merges, and goes
Preprocessing module is sent or is wirelessly transmitted to through cable after falling redundancy;
The preprocessing module is used to carry out frame dissection process to fused data, extracts, statistics network behavioural characteristic, obtains
Network behavior feature vector, and network behavior feature vector is sent to memory module;
The network behavior feature includes:
(1) RREQ Sent: the route request information packet sum that node is sent;
(2) RREQ Received: the received route request information packet sum of node;
(3) RREP Sent: the route replies message package sum that node is sent;
(4) RREP Received: the received route replies message package sum of node;
(5) RERR Sent: the routing error message package sum that node is sent;
(6) RERR Received: the received routing error message package sum of node;
(7) Data Sent: the business data packet sum that node is sent;
(8) Data Received: the received business data packet sum of node;
(9) Route Drop: the routing packet sum that node abandons;
(10) Route Transmit: the routing packet sum of node forwarding;
(11) Data Drop: the business data packet sum that node abandons;
(12) Data Transmit: the business data packet sum of node forwarding;
(13) Packet size: data packet mean size;
(14) Active Node: live-vertex number;
The memory module includes general memory block and new Intrusion Signatures memory block, the network for will obtain after pretreatment
Behavioural characteristic vector is stored in general memory block, and network behavior feature vector is sent to intrusion detection module;
The intrusion detection module is used for real-time detection network intrusions, will enter invasion information push-notification-answer alarm module and newly
Network behavior characteristic storage is invaded in new Intrusion Signatures memory block;
If detecting network intrusions and identifying invasion type, information push-notification-answer alarm module will be invaded;If detection
It does not identify to network intrusions but invasion type, judges that there are unknown invasion types in network, push-notification-answer alarm module will
In new Intrusion Signatures memory block, the invasion information includes invasion type and enters corresponding new invasion network behavior characteristic storage
Invade time of origin;
The response alarm module is for issuing warning information after the notice for receiving intrusion detection module;The alarm letter
Breath includes invasion type and invasion time of origin;
The new Intrusion Signatures memory block, which is used to reach intrusion detection module in the newly amount of storage of invasion network behavior feature, to know
After not, class division is carried out to it using clustering algorithm, and the new invasion network behavior feature after cluster is sent to intrusion detection
Module.
8. a kind of mobile ad-hoc network intrusion detection device based on deep learning according to claim 7, feature
Be: the intrusion detection module include abnormality detecting unit and misuse detection unit,
The abnormality detecting unit, for obtaining to network based on normal behavior of the network feature vector training deep neural network
The expression of normal behaviour, and real-time detection network intrusions;The normal behavior of the network feature vector is moved certainly from normal
It is obtained after the preprocessed module pretreatment of the wireless data packet acquired in tissue network;
The misuse detection unit, for obtaining to network intrusions based on network intrusions behavioural characteristic training deep neural network
The expression of behavior, and identify then invasion type will invade information push-notification-answer alarm module;The network intrusions behavior is special
Sign is after the preprocessed module pretreatment of wireless data packet acquired in the mobile ad-hoc network that known invasion node is added
It obtains.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510344393.2A CN104935600B (en) | 2015-06-19 | 2015-06-19 | A kind of mobile ad-hoc network intrusion detection method and equipment based on deep learning |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510344393.2A CN104935600B (en) | 2015-06-19 | 2015-06-19 | A kind of mobile ad-hoc network intrusion detection method and equipment based on deep learning |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104935600A CN104935600A (en) | 2015-09-23 |
CN104935600B true CN104935600B (en) | 2019-03-22 |
Family
ID=54122572
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510344393.2A Active CN104935600B (en) | 2015-06-19 | 2015-06-19 | A kind of mobile ad-hoc network intrusion detection method and equipment based on deep learning |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104935600B (en) |
Families Citing this family (60)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105471854B (en) * | 2015-11-18 | 2019-06-28 | 国网智能电网研究院 | A kind of adaptive boundary method for detecting abnormality based on multistage strategy |
CN105959255A (en) * | 2016-01-08 | 2016-09-21 | 杭州迪普科技有限公司 | Intrusion message shunting method and device |
CN105577685A (en) * | 2016-01-25 | 2016-05-11 | 浙江海洋学院 | Intrusion detection independent analysis method and system in cloud calculation environment |
CN105933312A (en) * | 2016-04-21 | 2016-09-07 | 温州大学瓯江学院 | Identity detection method of cognitive wireless network based on BP neural network |
CN105915555B (en) * | 2016-06-29 | 2020-02-18 | 北京奇虎科技有限公司 | Method and system for detecting network abnormal behavior |
CN106327324B (en) * | 2016-08-23 | 2019-08-16 | 同盾控股有限公司 | A kind of quick calculation method and system of network behavior feature |
CN107889111A (en) * | 2016-09-30 | 2018-04-06 | 北京金山安全软件有限公司 | Crank call identification method and device based on deep neural network |
CN106656981B (en) * | 2016-10-21 | 2020-04-28 | 东软集团股份有限公司 | Network intrusion detection method and device |
CN109891436A (en) * | 2016-10-24 | 2019-06-14 | Lg 电子株式会社 | Security system and its control method based on deep learning neural network |
CN106572493B (en) | 2016-10-28 | 2018-07-06 | 南京华苏科技有限公司 | Rejecting outliers method and system in LTE network |
CN106453416A (en) * | 2016-12-01 | 2017-02-22 | 广东技术师范学院 | Detection method of distributed attack intrusion based on deep belief network |
CN106603531A (en) * | 2016-12-15 | 2017-04-26 | 中国科学院沈阳自动化研究所 | Automatic establishing method of intrusion detection model based on industrial control network and apparatus thereof |
CN107070913B (en) * | 2017-04-07 | 2020-04-28 | 杭州安恒信息技术股份有限公司 | Webshell attack-based detection and protection method and system |
CN107222867A (en) * | 2017-06-22 | 2017-09-29 | 刘诗楠 | Method, device and the wireless signal detection device of wireless signal detection |
CN107241358B (en) * | 2017-08-02 | 2020-04-07 | 重庆邮电大学 | Smart home intrusion detection method based on deep learning |
CN107371175B (en) * | 2017-08-17 | 2020-02-18 | 东南大学 | Self-organizing network fault detection method using cooperative prediction |
CN108200008A (en) * | 2017-12-05 | 2018-06-22 | 阿里巴巴集团控股有限公司 | The recognition methods and device that abnormal data accesses |
CN108011782B (en) * | 2017-12-06 | 2020-10-16 | 北京百度网讯科技有限公司 | Method and device for pushing alarm information |
CN107819790A (en) * | 2017-12-08 | 2018-03-20 | 中盈优创资讯科技有限公司 | The recognition methods of attack message and device |
CN108156142A (en) * | 2017-12-14 | 2018-06-12 | 哈尔滨理工大学 | Network inbreak detection method based on data mining |
CN108055276B (en) * | 2017-12-25 | 2020-10-20 | 南京南邮信息产业技术研究院有限公司 | Intrusion detection real-time analysis system for big data application platform |
CN109995601B (en) * | 2017-12-29 | 2020-12-01 | 中国移动通信集团上海有限公司 | Network traffic identification method and device |
CN108377240B (en) * | 2018-02-07 | 2020-05-15 | 平安科技(深圳)有限公司 | Abnormal interface detection method and device, computer equipment and storage medium |
CN108712404B (en) * | 2018-05-04 | 2020-11-06 | 重庆邮电大学 | Internet of things intrusion detection method based on machine learning |
CN108684043B (en) * | 2018-05-15 | 2021-09-28 | 南京邮电大学 | Abnormal user detection method of deep neural network based on minimum risk |
CN108809948B (en) * | 2018-05-21 | 2020-07-10 | 中国科学院信息工程研究所 | Abnormal network connection detection method based on deep learning |
CN108924090B (en) * | 2018-06-04 | 2020-12-11 | 上海交通大学 | Method for detecting traffics of shadowsocks based on convolutional neural network |
CN108809974A (en) * | 2018-06-07 | 2018-11-13 | 深圳先进技术研究院 | A kind of Network Abnormal recognition detection method and device |
CN109272118B (en) * | 2018-08-10 | 2020-03-06 | 北京达佳互联信息技术有限公司 | Data training method, device, equipment and storage medium |
CN109067773B (en) * | 2018-09-10 | 2020-10-27 | 成都信息工程大学 | Vehicle-mounted CAN network intrusion detection method and system based on neural network |
CN109391624A (en) * | 2018-11-14 | 2019-02-26 | 国家电网有限公司 | A kind of terminal access data exception detection method and device based on machine learning |
CN109547254B (en) * | 2018-11-28 | 2022-03-15 | 湖北文理学院 | Intrusion detection method and device, electronic equipment and storage medium |
CN109639662A (en) * | 2018-12-06 | 2019-04-16 | 中国民航大学 | Onboard networks intrusion detection method based on deep learning |
CN109753992B (en) * | 2018-12-10 | 2020-09-01 | 南京师范大学 | Unsupervised domain adaptive image classification method based on condition generation countermeasure network |
CN109391700B (en) * | 2018-12-12 | 2021-04-09 | 北京华清信安科技有限公司 | Internet of things security cloud platform based on depth flow sensing |
CN109787958B (en) * | 2018-12-15 | 2021-05-25 | 深圳先进技术研究院 | Network flow real-time detection method, detection terminal and computer readable storage medium |
CN109474497A (en) * | 2018-12-19 | 2019-03-15 | 四川艾贝斯科技发展有限公司 | A kind of reliable network maintenance terminal deep learning algorithm |
CN109698836B (en) * | 2019-02-01 | 2021-07-23 | 重庆邮电大学 | Wireless local area network intrusion detection method and system based on deep learning |
CN110086767A (en) * | 2019-03-11 | 2019-08-02 | 中国电子科技集团公司电子科学研究院 | A kind of hybrid intrusion detection system and method |
CN109960929B (en) * | 2019-03-20 | 2023-06-02 | 西北大学 | Regression model-based zero sample intrusion detection method |
CN109890027B (en) * | 2019-03-20 | 2022-04-15 | 上海连尚网络科技有限公司 | Method and apparatus for determining security risk information of target wireless access point |
CN110086776A (en) * | 2019-03-22 | 2019-08-02 | 国网河南省电力公司经济技术研究院 | Intelligent substation Network Intrusion Detection System and detection method based on deep learning |
CN110070857B (en) * | 2019-04-25 | 2021-11-23 | 北京梧桐车联科技有限责任公司 | Model parameter adjusting method and device of voice awakening model and voice equipment |
CN110213287B (en) * | 2019-06-12 | 2020-07-10 | 北京理工大学 | Dual-mode intrusion detection device based on integrated machine learning algorithm |
CN110262467B (en) * | 2019-07-15 | 2021-06-18 | 北京工业大学 | Industrial control system intrusion attack and clue discovery method based on deep learning |
CN110401955B (en) * | 2019-09-06 | 2023-03-24 | 江门职业技术学院 | Method and system for detecting malicious nodes in mobile network |
CN110995459B (en) * | 2019-10-12 | 2021-12-14 | 平安科技(深圳)有限公司 | Abnormal object identification method, device, medium and electronic equipment |
CN111049828B (en) * | 2019-12-13 | 2021-05-07 | 国网浙江省电力有限公司信息通信分公司 | Network attack detection and response method and system |
CN111274216B (en) * | 2020-01-09 | 2023-05-23 | 腾讯科技(深圳)有限公司 | Identification method and identification device of wireless local area network, storage medium and electronic equipment |
CN111224998B (en) * | 2020-01-21 | 2020-12-25 | 福州大学 | Botnet identification method based on extreme learning machine |
CN111614659B (en) * | 2020-05-19 | 2022-09-23 | 杭州英视信息科技有限公司 | Distributed detection method for unknown network flow |
CN111817844B (en) * | 2020-07-20 | 2021-06-25 | 西安电子科技大学 | Double-link wireless ad hoc network and security defense method in emergency scene |
CN114647525A (en) * | 2020-12-21 | 2022-06-21 | 中兴通讯股份有限公司 | Diagnostic method, diagnostic device, terminal and storage medium |
CN112714446B (en) * | 2020-12-31 | 2023-05-02 | 中国电子科技集团公司第七研究所 | Collaborative intrusion sensing method based on edge intelligence |
CN113065127B (en) * | 2021-02-24 | 2022-09-20 | 山东英信计算机技术有限公司 | Database protection method, system and medium |
CN114465769B (en) * | 2021-12-28 | 2024-03-15 | 尚承科技股份有限公司 | Network equipment, processing system and method for learning network behavior characteristics |
CN114553468A (en) * | 2022-01-04 | 2022-05-27 | 国网浙江省电力有限公司金华供电公司 | Three-level network intrusion detection method based on feature intersection and ensemble learning |
CN115604018B (en) * | 2022-11-02 | 2023-05-05 | 广东网安科技有限公司 | Network security monitoring method, system, equipment and storage medium |
CN115650460B (en) * | 2022-12-14 | 2023-04-14 | 鹏凯环境科技股份有限公司 | Sewage treatment device and method with online monitoring function |
CN117439820B (en) * | 2023-12-20 | 2024-03-19 | 国家电网有限公司客户服务中心 | Network intrusion detection method capable of dynamically adjusting threshold |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1477811A (en) * | 2003-07-11 | 2004-02-25 | 北京邮电大学 | Formalized description method of network infection behaviour and normal behaviour |
CN1649311A (en) * | 2005-03-23 | 2005-08-03 | 北京首信科技有限公司 | Detecting system and method for user behaviour abnormal based on machine study |
CN101399672A (en) * | 2008-10-17 | 2009-04-01 | 章毅 | Intrusion detection method for fusion of multiple neutral networks |
CN101610516A (en) * | 2009-08-04 | 2009-12-23 | 华为技术有限公司 | Intrusion detection method in the self-organizing network and equipment |
CN103023927A (en) * | 2013-01-10 | 2013-04-03 | 西南大学 | Method and system for intrusion detection based on non-negative matrix factorization under sparse representation |
CN103729678A (en) * | 2013-12-12 | 2014-04-16 | 中国科学院信息工程研究所 | Navy detection method and system based on improved DBN model |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7082117B2 (en) * | 2002-08-12 | 2006-07-25 | Harris Corporation | Mobile ad-hoc network with intrusion detection features and related methods |
-
2015
- 2015-06-19 CN CN201510344393.2A patent/CN104935600B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1477811A (en) * | 2003-07-11 | 2004-02-25 | 北京邮电大学 | Formalized description method of network infection behaviour and normal behaviour |
CN1649311A (en) * | 2005-03-23 | 2005-08-03 | 北京首信科技有限公司 | Detecting system and method for user behaviour abnormal based on machine study |
CN101399672A (en) * | 2008-10-17 | 2009-04-01 | 章毅 | Intrusion detection method for fusion of multiple neutral networks |
CN101610516A (en) * | 2009-08-04 | 2009-12-23 | 华为技术有限公司 | Intrusion detection method in the self-organizing network and equipment |
CN103023927A (en) * | 2013-01-10 | 2013-04-03 | 西南大学 | Method and system for intrusion detection based on non-negative matrix factorization under sparse representation |
CN103729678A (en) * | 2013-12-12 | 2014-04-16 | 中国科学院信息工程研究所 | Navy detection method and system based on improved DBN model |
Non-Patent Citations (1)
Title |
---|
一种基于DBN的网络入侵检测算法;徐东辉等;《上海电力学院学报》;20131231;第29卷(第6期);正文第1.1-2.3节、第3节 |
Also Published As
Publication number | Publication date |
---|---|
CN104935600A (en) | 2015-09-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104935600B (en) | A kind of mobile ad-hoc network intrusion detection method and equipment based on deep learning | |
CN103581186B (en) | A kind of network security situational awareness method and system | |
CN110210512B (en) | Automatic log anomaly detection method and system | |
CN109768985A (en) | A kind of intrusion detection method based on traffic visualization and machine learning algorithm | |
CN107872460B (en) | A kind of wireless sense network DoS attack lightweight detection method based on random forest | |
Fawzy et al. | Outliers detection and classification in wireless sensor networks | |
CN110428522A (en) | A kind of intelligent safety and defence system of wisdom new city | |
CN106022229B (en) | The abnormal behaviour recognition methods with the Back propagation neural networks of self-adaptive enhancement algorithm is extracted based on video motion information characteristics | |
CN108062349A (en) | Video frequency monitoring method and system based on video structural data and deep learning | |
CN106789904B (en) | Internet of Things intrusion detection method and device | |
CN108809974A (en) | A kind of Network Abnormal recognition detection method and device | |
CN105678247A (en) | Abnormal behavior early warning method and system for hovering event space-time big data analysis | |
CN109726735A (en) | A kind of mobile applications recognition methods based on K-means cluster and random forests algorithm | |
CN106844138A (en) | O&M warning system and method | |
CN105471882A (en) | Behavior characteristics-based network attack detection method and device | |
CN104660464B (en) | A kind of network anomaly detection method based on non-extension entropy | |
CN109787979A (en) | A kind of detection method of electric power networks event and invasion | |
CN107241358A (en) | A kind of smart home intrusion detection method based on deep learning | |
CN109359098A (en) | A kind of dispatch data net behavior monitoring system and method | |
CN106559261A (en) | A kind of substation network intrusion detection of feature based fingerprint and analysis method | |
CN112367303B (en) | Distributed self-learning abnormal flow collaborative detection method and system | |
CN106789351A (en) | A kind of online intrusion prevention method and system based on SDN | |
CN107483451A (en) | Based on serial parallel structural network secure data processing method and system, social networks | |
CN112532652A (en) | Attack behavior portrait device and method based on multi-source data | |
CN115277113A (en) | Power grid network intrusion event detection and identification method based on ensemble learning |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |