CN105956473A - Malicious code detection method based on SDN (Software Defined Networking) - Google Patents
Malicious code detection method based on SDN (Software Defined Networking) Download PDFInfo
- Publication number
- CN105956473A CN105956473A CN201610315348.9A CN201610315348A CN105956473A CN 105956473 A CN105956473 A CN 105956473A CN 201610315348 A CN201610315348 A CN 201610315348A CN 105956473 A CN105956473 A CN 105956473A
- Authority
- CN
- China
- Prior art keywords
- sdn
- malicious code
- network
- different
- characteristic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 11
- 230000006855 networking Effects 0.000 title abstract description 3
- 238000000034 method Methods 0.000 claims abstract description 30
- 238000004458 analytical method Methods 0.000 claims abstract description 16
- 230000009467 reduction Effects 0.000 claims abstract description 12
- 208000015181 infectious disease Diseases 0.000 claims abstract description 6
- 238000004880 explosion Methods 0.000 claims abstract description 5
- 238000007635 classification algorithm Methods 0.000 claims abstract description 4
- 238000013461 design Methods 0.000 claims abstract description 4
- 238000004422 calculation algorithm Methods 0.000 claims description 35
- 230000002159 abnormal effect Effects 0.000 claims description 9
- 230000000507 anthelmentic effect Effects 0.000 claims description 5
- 238000013459 approach Methods 0.000 claims description 5
- 238000007418 data mining Methods 0.000 claims description 5
- 238000011160 research Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 3
- 230000009471 action Effects 0.000 claims description 2
- 238000007405 data analysis Methods 0.000 claims description 2
- 238000004088 simulation Methods 0.000 claims description 2
- 230000003068 static effect Effects 0.000 claims description 2
- 238000012360 testing method Methods 0.000 claims description 2
- 230000005012 migration Effects 0.000 abstract 1
- 238000013508 migration Methods 0.000 abstract 1
- 230000002265 prevention Effects 0.000 abstract 1
- 238000010187 selection method Methods 0.000 abstract 1
- 230000000875 corresponding effect Effects 0.000 description 6
- 238000013480 data collection Methods 0.000 description 4
- 238000003066 decision tree Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000012706 support-vector machine Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 206010001488 Aggression Diseases 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000016571 aggressive behavior Effects 0.000 description 1
- 208000012761 aggressive behavior Diseases 0.000 description 1
- 230000002547 anomalous effect Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000003053 immunization Effects 0.000 description 1
- 238000002649 immunization Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 230000003612 virological effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2119—Authenticating web pages, e.g. with suspicious links
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a malicious code detection method based on an SDN (Software Defined Networking), and belongs to the technical field of computer network security. New opportunities and challenges of solving detection and prevention problems of malicious codes under new architecture are brought to a network information security field by a brand new design concept of separating control and forwarding of the SDN. According to the method, through analysis of an SDN switch flow table characteristic selection method, a security data ranking and dimension reduction method for traffic characteristic selection based on OpenFlow is provided; on this basis, through comparison of influences on the operation time of different classification algorithms after characteristic selection, a reduction dimension m selection problem is analyzed, and the optimum characteristic subsets and matched classification algorithms corresponding to different kinds of malicious codes are found; the propagation characteristics and evolution models of the malicious codes in an SDN mobile environment are analyzed, thereby obtaining the influences of a node migration rate in a mobile network on the infection condition and explosion time of the malicious codes in a source sub-network and a target sub-network, and the influences have reference values on the routing control of the SDN controller to the switch nodes or host nodes.
Description
Technical field
The invention belongs to computer network security technology field.
Background technology
As a kind of novel network architecture based on software engineering, SDN(Software Defined
Networking, software defined network) application of brand-new design concept and innovation formula brings to filed of network information security
New opportunities and challenges.Owing to SDN uses the mode of centerized fusion, intuitively, it is meant that bigger security risk.Another
Aspect, SDN also impacts conventional security guard technology, due to SDN control and forward separating, its open types of applications
The leak brought of program is inevitable, and malicious code includes computer virus, network worm, wooden horse, logic bomb and DDOS
Attacking, for SDN, the analysis of malicious code and detection are also the major issues needing to solve.
To this end, invention is based on SDN thought, sets up malicious code traffic characteristic under SDN framework and analyze model.By to SDN
The flow collection of network flow table data and feature analysis, the sorting algorithm finding out coupling finds that all kinds of malice is attacked more accurately
Hitting, core is the research of generation, Feature Selection and the sorting algorithm of data collection, stream table feature.
The centralized architecture of SDN can carry out logic management and control flexibly to network, feeds back according to the information of logical subnetwork, it is achieved
To each node and the Macro or mass analysis of the network overall situation, thus select the counte-rplan of optimum.When some malicious codes are detected
During discovery, can infer, by current network state, the position that security incident occurs, SDN controller is by amendment switch
The stream list item of stream table realizes resetting of the logic network of network node (including mobile device, disparate networks equipment and main frame)
To, the dynamic exchange route adjusting periphery, it is to avoid congested generation, but this also gives network malicious code in internetwork propagation
Bring chance.When network is attacked by Large-scale intrusion, will be able to damage by changing the mode such as network topology, cooperation detection
Mistake is preferably minimized.Under patent research SDN mobile environment of the present invention, malicious code is propagated and evolutionary model, for SDN controller management
The formulation of strategy provides basis.It also is able to provide on theory and technology for the complex behavior detection method in network safety filed
Foundation, helps the exploitation of next generation network security tool.
Summary of the invention
It is an object of the invention to, solve for the network security data extensive, high-dimensional in SDN finds malice
The problem that code calculation consumption is huge.
The technical scheme is that, malicious code detecting method based on SDN, flow based on OpenFlow is special
Levy choosing method, use various features choosing method that different discharge characteristics is ranked up, find out and can reflect malicious code
Critical eigenvalues, it is achieved Data Dimensionality Reduction;For different types of malicious code, use different sorting algorithms and character subset
Carry out the matching analysis, find out matching characteristic subset and sorting technique that different types of Malicious Code Detection is analyzed;Basis at this
On realize SDN flow and redirect model and mobile network's EVOLUTION ANALYSIS.
(1) the secure data dimension reduction method that a kind of traffic characteristic based on OpenFlow is chosen is proposed.Choose suitably stream
Flow characteristic, carries out fine-grained data analysis, and by higher-dimension (n dimension) characteristic dimensionality reduction, the optimum obtaining all kinds of malicious code is low
Dimension (m dimension) character subset;
(2) according to the Critical eigenvalues after dimensionality reduction, com-parison and analysis difference sorting technique and character subset are to inhomogeneity malice generation
The classification performance of code, obtains optimal feature subset and the classification and matching algorithm of certain class malicious code;
(3) analyze in different network modeies, infect the node mobility of malicious code to it at source subnet and targeted subnet
Infection conditions and the impact of explosion time, propose a kind of malicious code propagation model in SDN mobile network.Divided by theory
Analysis and numerical simulation, find out malicious code and travel to the propagation characteristic of targeted subnet and the mobility of subnet intermediate node from source subnet
Relation.Analyze mobility threshold qc that malicious code spreads between corporations' subnet and propagates so that it is can reasonably reflect SDN
The network dynamics new feature that new architecture brings.
Particular content includes:
(1) the secure data dimension reduction method that traffic characteristic based on OpenFlow is chosen.
SDN is based on stream table, and stream table can serve as the matched rule of packet, and the structure of SDN stream table comprises
Three parts: packet header matching domain, enumerator and action.Along with the stream table design support to various agreements, mate more fine granularity
Changing, its eigenvalue having also is increasing.The feature selection of OpenFlow flow table is secure data pretreatment in SDN
Effective ways, by reducing the dimension of traffic characteristic, can reduce the complexity that security association is analyzed.Patent of the present invention pays close attention to spy
Levy system of selection application in the switch stream table data of SDN.Be respectively adopted Fisher, ReliefF, mRMR, InfoGain,
The traffic characteristic of OpenFlow flow table is ranked up by the feature selection approach such as CFS, LVF, and calculates according to different feature selections
Method is comprehensively analyzed, and selects effective traffic characteristic data to carry out the foundation of next step model.
(2) optimal feature subset of inhomogeneity malicious code and optimal classification algorithms selection.
Different Network Abnormal scenes shows difference in discharge characteristic, and different data mining algorithms is special for flow
Property matching degree the most different, different feature selection approach and data mining algorithm under the present invention emphatically research SDN environment
Combination process, analyze after different feature selections Riming time of algorithm and different Feature Selection Algorithms and sorting algorithm
The matching degree of energy.Analyze and show which the abnormal flow analysis for SDN flow should use crucial special under different scenes
Levy to differentiate Traffic Anomaly.The reason causing abnormal flow has a lot, such as DDOS attack, witty anthelmintic, slow scan etc., its
Traffic characteristic shows and is not quite similar, the front 8-12 dimension that Fisher, ReliefF and InfoGain scheduling algorithm is obtained
Characteristic sequence is combined with sorting techniques such as DT, SVM and KNN respectively, calculates the accuracy rate of its classification results, finds out variety classes
Malicious Code Detection analyze matching characteristic value and sorting technique.
(3) malicious code propagation characteristic analysis under SDN mobile environment
Set up the network model under SDN environment;Being considered as corporations by network subnet, subnet is internal is static corporations, and subnet
Between be dynamic corporations.By analyzing in different network model, the node mobility between corporations to malicious code at source subnet
With infection conditions and the impact of explosion time of targeted subnet, find that under mobile environment, the propagation of malicious code such as anthelmintic is to net
The impact that network develops, provides theoretical foundation to SDN controller to telephone net node or host node route test.
Accompanying drawing explanation
Fig. 1 Malicious Code Detection based on SDN route map;
The character subset of Fig. 2 malicious code and sorting algorithm select flow chart.
Detailed description of the invention
The route map of the present invention is as shown in Figure 1.
In actually detected, stream table data collection module periodically sends stream table request, switch to OpenFlow switch
The stream table information replied sends stream table collector node to by encrypted tunnel.Stream characteristic extracting module is according to the knot of feature analysis
Really, receive the stream table data that stream table collection module gathers, extract m relevant stream feature composition m tuple, each m tuple
It is used as mark, such that it is able to monitor which SDN switch to be found that certain class malice thing collecting the switch ID of these data
Part.Classifier modules is responsible for classifying the m tuple collected, with distinguish flow in this period be any class abnormal flow also
It it is normal discharge.
(1) OpenFlow flow table Feature Selection sorts with significance level
OpenFlow flow table uses circulation to send the traditional bag of replacement and forwards, and flow first looks at friendship when entering SDN switch
Stream table on changing planes, has coupling then to perform corresponding actions, without coupling, just message is sent controller, controller determine
The fixed stream table that how to generate sends switch.Therefore characteristic is chosen and can directly be selected from stream table.
The first step: build the characteristic of different dimensions;
At training sample generation phase, we can produce normal discharge and all kinds of malicious traffic stream such as in experimental situation
DDOS, anthelmintic, scanning etc., the generation of all kinds of abnormal flows can produce by corresponding attack tool, and such as DDOS attack can
To initiate the flow attackings such as TCP SYN flood, UDP flood.The equilibrium as far as possible of all kinds of exceptions and normal training subset.
40 packet header matching domains in convection current table, build the characteristic of different dimensions, and these Feature Selection may include that
IP bag rate, ICMP bag rate, TCP bag rate, long bag rate, short bag rate, IP are to flow ratio, port speedup, inter-packet gap time, stream bag number, stream
Byte number etc..
Second step: study the different feature selecting algorithm ranking results to corresponding data collection;
Use the different feature selecting algorithm such as Fisher, ReliefF, mRMR, InfoGain, CFS, LVF to corresponding data
Collection carries out feature ordering, and the standard of its sequence is the feature importance calculated according to various algorithms.
By different Feature Selection algorithms, the feature of different classes of anomalous event can be found to arrange by inspection data
Sequence, in the middle of this step, because also not having the participation of grader, it is impossible to directly select corresponding character subset, but can find one
Fixed rule, by selecting 8-12 the feature set sorting earlier in algorithms of different to analyze its dependency and similarity.
Can comprehensively analyze according to different feature selecting algorithm, select effective traffic characteristic data to carry out next step model
Foundation.
(2) study different Data Mining Classification methods to be combined with feature selecting algorithm, different malicious codes is selected
Respective algorithms.
The selection of character subset is combined by it is critical only that of SDN malicious code feature selecting algorithm with grader,
Judge which stack features or which feature can reach higher verification and measurement ratio by the performance of grader.Can consider to select allusion quotation
The classifier algorithm of type, such as decision tree (DT), support vector machine (SVM) and K are adjacent to classification method (KNN), with above-mentioned
Feature selecting algorithm combine, find out the feature selection sorting algorithm mated most, its flow process is as shown in Fig. 2.
By the front 8-12 dimensional feature sequence obtained of Fisher, ReliefF and InfoGain scheduling algorithm respectively with
DT, SVM and KNN combine, and calculate the accuracy rate of its classification results, finally select be suitable for different sorting algorithm character subset and
The feature selecting algorithm mated most.
(3) immunization strategy of viral communication in malicious code propagation model and SDN two mobility network is analyzed under SDN.
The centralized Control of SDN makes it be easier to find malicious code and Deviant Behavior, and can be abnormal to these rapidly
Respond with aggressive behavior.Patent of the present invention, by setting up corresponding network model, introduces mobility threshold qc, analyzes SDN
The logic of framework lower node moves propagates, to malicious code, the tendency influence brought.When certain class malicious code is in certain corporations' subnet
During outburst, the controller of SDN may be employed isolation and rights management, when malicious code outburst in network, can take
The mode of dynamic isolation suspected infection node and amendment network route and authorization policy reduces and avoids the propagation of malicious code.
Claims (4)
1. a malicious code detecting method based on SDN, proposes traffic characteristic choosing method based on OpenFlow, adopts
With various features choosing method, different discharge characteristics is ranked up, finds out the Critical eigenvalues that can reflect malicious code,
Realize Data Dimensionality Reduction;For different types of malicious code, different sorting algorithms and character subset is used to carry out the matching analysis,
Find out matching characteristic subset and sorting technique that different types of Malicious Code Detection is analyzed;Realize SDN on this basis
Flow redirects model and mobile network's EVOLUTION ANALYSIS, it is characterized in that:
(1) propose the secure data dimension reduction method that a kind of traffic characteristic based on OpenFlow is chosen, choose suitable flow special
Property, carry out fine-grained data analysis, by higher-dimension (n dimension) characteristic dimensionality reduction, obtain the optimum low dimensional of all kinds of malicious code
(m dimension) character subset;
(2) according to the Critical eigenvalues after dimensionality reduction, com-parison and analysis difference sorting technique and character subset are to inhomogeneity malice generation
The classification performance of code, obtains optimal feature subset and the classification and matching algorithm of certain class malicious code;
(3) analyze in different network modeies, infect the node mobility of malicious code to it at source subnet and targeted subnet
Infection conditions and the impact of explosion time, proposed a kind of malicious code propagation model in SDN mobile network, divided by theory
Analysis and numerical simulation, find out malicious code and travel to the propagation characteristic of targeted subnet and the mobility of subnet intermediate node from source subnet
Relation, analyze malicious code mobility threshold qc that spreads between corporations' subnet and propagate so that it is can reasonably reflect SDN
The network dynamics new feature that new architecture brings.
Malicious code detecting method based on SDN the most according to claim 1, is characterized in that, based on OpenFlow
The secure data dimension reduction method chosen of traffic characteristic, SDN based on stream table, stream table can serve as packet
Joining rule, the structure of SDN stream table comprises three parts: packet header matching domain, enumerator and action, along with stream table designs various associations
The support of view, mates more fine granularity, and its eigenvalue having also is increasing, and the feature selection of OpenFlow flow table is SDN
The effective ways of safety in network data prediction, by reducing the dimension of traffic characteristic, can reduce what security association was analyzed
Complexity, pay close attention to feature selection approach application in the switch stream table data of SDN, be respectively adopted Fisher, ReliefF,
The traffic characteristic of OpenFlow flow table is ranked up by the feature selection approach such as mRMR, InfoGain, CFS, LVF, and according to not
Same feature selecting algorithm is comprehensively analyzed, and selects effective traffic characteristic data to carry out the foundation of next step model.
Malicious code detecting method based on SDN the most according to claim 1, is characterized in that, inhomogeneity malice generation
The optimal feature subset of code and optimal classification algorithms selection, different Network Abnormal scenes shows difference in discharge characteristic, and
Different data mining algorithms is the most different for the matching degree of discharge characteristic, under patent of the present invention research SDN environment emphatically
The combination of different feature selection approach and data mining algorithm processes, and analyzes after different feature selections Riming time of algorithm
And the matching degree of different Feature Selection Algorithms and sorting algorithm performance, analyze and show that the abnormal flow for SDN flow divides
Which key feature analysis should use to differentiate Traffic Anomaly under different scenes, causes the reason of abnormal flow to have a lot, than
Such as DDOS attack, witty anthelmintic, slow scan etc., it shows in traffic characteristic and is not quite similar, by Fisher, ReliefF with
And the front 8-12 dimensional feature sequence that obtains of InfoGain scheduling algorithm is combined with the sorting technique such as DT, SVM and KNN respectively, meter
Calculate the accuracy rate of its classification results, find out matching characteristic value and sorting technique that different types of Malicious Code Detection is analyzed.
Malicious code detecting method based on SDN the most according to claim 1, is characterized in that, malicious code is at SDN
Propagation characteristic analysis under mobile environment, sets up the network model under SDN environment;Network subnet is considered as corporations, subnet
Inside is static corporations, and between subnet is dynamic corporations, and by analyzing in different network modeies, the node between corporations migrates
Malicious code in source subnet and the infection conditions of targeted subnet and the impact of explosion time, is found under mobile environment, maliciously by rate
The propagation of the code such as anthelmintic impact on network evolution, carries telephone net node or host node route test SDN controller
For theoretical foundation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610315348.9A CN105956473B (en) | 2016-05-15 | 2016-05-15 | Malicious code detecting method based on SDN network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610315348.9A CN105956473B (en) | 2016-05-15 | 2016-05-15 | Malicious code detecting method based on SDN network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105956473A true CN105956473A (en) | 2016-09-21 |
| CN105956473B CN105956473B (en) | 2018-11-13 |
Family
ID=56912536
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610315348.9A Expired - Fee Related CN105956473B (en) | 2016-05-15 | 2016-05-15 | Malicious code detecting method based on SDN network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105956473B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108632279A (en) * | 2018-05-08 | 2018-10-09 | 北京理工大学 | A kind of multilayer method for detecting abnormality based on network flow |
| CN109194612A (en) * | 2018-07-26 | 2019-01-11 | 北京计算机技术及应用研究所 | A kind of network attack detecting method based on depth confidence network and SVM |
| CN110555305A (en) * | 2018-05-31 | 2019-12-10 | 武汉安天信息技术有限责任公司 | Malicious application tracing method based on deep learning and related device |
| CN110598128A (en) * | 2019-09-11 | 2019-12-20 | 西安电子科技大学 | Community detection method for large-scale network for resisting Sybil attack |
| CN111064706A (en) * | 2019-11-25 | 2020-04-24 | 大连大学 | Method for detecting spatial network data stream of mRMR-SVM |
| CN111556054A (en) * | 2020-04-28 | 2020-08-18 | 南京大学 | Method for detecting wormhole attack aiming at SDN |
| WO2022007581A1 (en) * | 2020-07-10 | 2022-01-13 | Kyndryl, Inc. | Deep learning network intrusion detection |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021001236A1 (en) * | 2019-06-30 | 2021-01-07 | British Telecommunications Public Limited Company | Impeding forecast threat propagation in computer networks |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003089923A2 (en) * | 2002-04-17 | 2003-10-30 | The Trustees Of Columbia University In The City Of New York | A computational method for detecting remote sequence homology |
| US20090287621A1 (en) * | 2008-05-15 | 2009-11-19 | Eyal Krupka | Forward feature selection for support vector machines |
| US20100063948A1 (en) * | 2008-09-10 | 2010-03-11 | Digital Infuzion, Inc. | Machine learning methods and systems for identifying patterns in data |
| CN101604322B (en) * | 2009-06-24 | 2011-09-07 | 北京理工大学 | Decision level text automatic classified fusion method |
| CN103023725A (en) * | 2012-12-20 | 2013-04-03 | 北京工业大学 | Anomaly detection method based on network flow analysis |
| CN104243317A (en) * | 2014-09-26 | 2014-12-24 | 杭州华三通信技术有限公司 | Method and device for forwarding IP (internet protocol) routes |
-
2016
- 2016-05-15 CN CN201610315348.9A patent/CN105956473B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003089923A2 (en) * | 2002-04-17 | 2003-10-30 | The Trustees Of Columbia University In The City Of New York | A computational method for detecting remote sequence homology |
| US20090287621A1 (en) * | 2008-05-15 | 2009-11-19 | Eyal Krupka | Forward feature selection for support vector machines |
| US20100063948A1 (en) * | 2008-09-10 | 2010-03-11 | Digital Infuzion, Inc. | Machine learning methods and systems for identifying patterns in data |
| CN101604322B (en) * | 2009-06-24 | 2011-09-07 | 北京理工大学 | Decision level text automatic classified fusion method |
| CN103023725A (en) * | 2012-12-20 | 2013-04-03 | 北京工业大学 | Anomaly detection method based on network flow analysis |
| CN104243317A (en) * | 2014-09-26 | 2014-12-24 | 杭州华三通信技术有限公司 | Method and device for forwarding IP (internet protocol) routes |
Non-Patent Citations (5)
| Title |
|---|
| 左青云: "基于OpenFlow的SDN网络安全分析与研究", 《信息网络安全》 * |
| 巩永旺: "考虑个体行为的复杂网络病毒传播研究", 《中国博士学位论文全文数据库信息科技辑(月刊)》 * |
| 肖甫: "SDN环境下基于KNN的DDoS攻击检测方法", 《南京邮电大学学报(自然科学版)》 * |
| 解男男: "机器学习方法在入侵检测中的应用研究", 《中国博士学位论文全文数据库信息科技辑(月刊)》 * |
| 郭春梅: "SDN网络技术及其安全性研究", 《信息网络安全》 * |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108632279A (en) * | 2018-05-08 | 2018-10-09 | 北京理工大学 | A kind of multilayer method for detecting abnormality based on network flow |
| CN110555305A (en) * | 2018-05-31 | 2019-12-10 | 武汉安天信息技术有限责任公司 | Malicious application tracing method based on deep learning and related device |
| CN109194612A (en) * | 2018-07-26 | 2019-01-11 | 北京计算机技术及应用研究所 | A kind of network attack detecting method based on depth confidence network and SVM |
| CN109194612B (en) * | 2018-07-26 | 2021-05-18 | 北京计算机技术及应用研究所 | Network attack detection method based on deep belief network and SVM |
| CN110598128A (en) * | 2019-09-11 | 2019-12-20 | 西安电子科技大学 | Community detection method for large-scale network for resisting Sybil attack |
| CN110598128B (en) * | 2019-09-11 | 2022-08-09 | 西安电子科技大学 | Community detection method for large-scale network for resisting Sybil attack |
| CN111064706A (en) * | 2019-11-25 | 2020-04-24 | 大连大学 | Method for detecting spatial network data stream of mRMR-SVM |
| CN111064706B (en) * | 2019-11-25 | 2021-10-22 | 大连大学 | Method for detecting spatial network data stream of mRMR-SVM |
| CN111556054A (en) * | 2020-04-28 | 2020-08-18 | 南京大学 | Method for detecting wormhole attack aiming at SDN |
| WO2022007581A1 (en) * | 2020-07-10 | 2022-01-13 | Kyndryl, Inc. | Deep learning network intrusion detection |
| US11611588B2 (en) | 2020-07-10 | 2023-03-21 | Kyndryl, Inc. | Deep learning network intrusion detection |
| GB2611189A (en) * | 2020-07-10 | 2023-03-29 | Kyndryl Inc | Deep learning network intrusion detection |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105956473B (en) | 2018-11-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105956473A (en) | Malicious code detection method based on SDN (Software Defined Networking) | |
| Singh et al. | Detection and mitigation of DDoS attacks in SDN: A comprehensive review, research challenges and future directions | |
| Hajiheidari et al. | Intrusion detection systems in the Internet of things: A comprehensive investigation | |
| Cui et al. | Towards DDoS detection mechanisms in software-defined networking | |
| CN104836702B (en) | Mainframe network unusual checking and sorting technique under a kind of large traffic environment | |
| Nguyen et al. | Proactive detection of DDoS attacks utilizing k-NN classifier in an anti-DDoS framework | |
| Khashab et al. | DDoS attack detection and mitigation in SDN using machine learning | |
| Aleroud et al. | Identifying DoS attacks on software defined networks: A relation context approach | |
| US20220330027A1 (en) | Detecting malicious threats in a 5G network slice | |
| Gadallah et al. | Machine Learning-based Distributed Denial of Service Attacks Detection Technique using New Features in Software-defined Networks. | |
| Ma et al. | DDoS detection for 6G Internet of Things: Spatial-temporal trust model and new architecture | |
| Ozkan-Okay et al. | SABADT: hybrid intrusion detection approach for cyber attacks identification in WLAN | |
| Sundararajan et al. | Biologically inspired artificial intrusion detection system for detecting wormhole attack in MANET | |
| Hussain et al. | A novel deep learning based intrusion detection system: Software defined network | |
| Fenil et al. | Towards a secure software defined network with adaptive mitigation of dDoS attacks by machine learning approaches | |
| Shao et al. | Cluster-based cooperative back propagation network approach for intrusion detection in MANET | |
| Sharma et al. | An effective dos prevention system to analysis and prediction of network traffic using support vector machine learning | |
| Bolat-Akça et al. | Software-Defined Intrusion Detection System for DDoS Attacks in IoT Edge Networks | |
| Meddeb et al. | An effective ids against routing attacks on mobile ad-hoc networks | |
| Sivanesan et al. | Detecting distributed denial of service (DDoS) in MANET using Ad Hoc on-demand distance vector (AODV) with extra tree classifier (ETC) | |
| Ismail et al. | A comparative study of datasets for cyber-attacks detection in wireless sensor networks | |
| Ahmed et al. | Enhancing Cybersecurity with Trust-Based Machine Learning: A Defense against DDoS and Packet Suppression Attacks | |
| Alashhab et al. | A Survey of Low Rate DDoS Detection Techniques Based on Machine Learning in Software-Defined Networks. Symmetry 2022, 14, 1563 | |
| Baahmed et al. | Using Graph Neural Networks for the Detection and Explanation of Network Intrusions | |
| Zhu et al. | A research review on SDN-based DDOS attack detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 510665 Zhongshan Avenue, Guangdong, Tianhe District, No. 293, No. Patentee after: GUANGDONG POLYTECHNIC NORMAL University Address before: 510665 Zhongshan Avenue, Guangdong, Tianhe District, No. 293, No. Patentee before: GUANGDONG POLYTECHNIC NORMAL University |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20181113 |