CN106790295A - The method that distributed denial of service network attack is detected based on grey forecasting model - Google Patents
The method that distributed denial of service network attack is detected based on grey forecasting model Download PDFInfo
- Publication number
- CN106790295A CN106790295A CN201710157306.1A CN201710157306A CN106790295A CN 106790295 A CN106790295 A CN 106790295A CN 201710157306 A CN201710157306 A CN 201710157306A CN 106790295 A CN106790295 A CN 106790295A
- Authority
- CN
- China
- Prior art keywords
- network
- flow
- model
- value
- single order
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Abstract
The present invention proposes a kind of method that distributed denial of service network attack is detected based on grey forecasting model, mainly solves that prior art is big for the energy and resource requirement, the slow-footed problem of attack detecting.Its scheme is:1. network flow characteristic is extracted;2. according to the network flow characteristic for being extracted, the single order single argument gray model of network context radiant flux and non-network background radiation flow is set up, realize the identification to network context radiant flux;3. according to the network flow characteristic for being extracted, the single order single argument gray model of the flow of network context radiant flux normal discharge and distributed denial of service DDoS is set up, realize the detection to distributed denial of service ddos attack.The present invention improves the speed of attack detecting, can be used to carry out attack detecting for the limited network equipment of the energy and resource.
Description
Technical field
The invention belongs to computer network security field, more particularly to a kind of detection distributed denial of service network attack
Method, in the abnormality detection network that can be used under resource, limited energy.
Background technology
Network context radiant flux IBR, is uncalled one-way flow on internet, is also a kind of unauthorized flow.
For IBR stream quantifier elimination contribute to control its origin cause of formation and characteristic, can for network security related work provide technical support with
Ensure.Various distributed denial of service network attack DDoS can be initiated using this flow, and ddos attack is still present
Topmost network attack mode, so and value also just more meaningful for unauthorized stream quantifier elimination.Existing DDoS is attacked
Detection of the detection mainly under general network flow is hit, not specifically designed for the detection of IBR flows, and existing DDoS
Detection method is mainly message frequencies, and whether whether the feature of normal, network traffics is normal, but this is required for according to substantial amounts of
Network traffic analysis data, required resource, the energy are very big, are used for some nodes in present Internet of Things
Equipment is unpractical, resource, limited energy due to these equipment.Feitosa E, Souto E, Sadok D H,
Dainotti A Amman R Aben E et al. are conducted in-depth research to IBR flows, research find DDoS be mostly
Found in IBR flows.But the existing survey that the IBR flows based on darknet are primarily related to for IBR stream quantifier eliminations
Amount, the analysis of feature, the application in ddos attack.And it is less for the research of the operational network in reality.Relative to darknet,
Operational network has researching value higher for Transitional Space, and acquired in darknet, Transitional Space is simple IBR flows.More need
IBR flows are extracted in the operational network to be used in reality, but it is growing day by day due to data volume, it is impossible to realize extract real-time
IBR flows simultaneously detect ddos attack, and this is accomplished by a kind of efficiently IBR flows identification in real time and ddos attack testing mechanism.
The content of the invention
It is an object of the invention to be directed to the defect that above-mentioned prior art is present, propose a kind of based on single order single argument grey
The method of model inspection distributed denial of service network attack, is attacked with the environment of resource and limited energy, improving detection
Speed.
To achieve the above object, technical solution of the present invention includes as follows:
(1) network traffics of operational network are obtained, and extracts the characteristic value of network traffics;
(2) characteristic value of the operational network flow according to obtained by sets up network context radiant flux and non-network background spoke
The single order single argument gray model of amount of jet:
Wherein,It is the single order list to be set up network context radiant flux and non-network background radiation flow
Variable gray model, l=1,2,3 ..., l-th value of sequence is represented,It is the characteristic value sequence of primitive network flow
First value, m=1, represent set up be normal network context radiant flux model, what m=2 represented foundation is distribution
Formula refuses the model of service DDoS attack flow, and a is development coefficient, and b is grey actuating quantity;
(3) single order single argument gray model is set up according to (2), obtains operational network flow to be measured by two kinds of single order lists
The value of gained after variable gray model, is abbreviated as gray value, and calculates two differences between gray value and initial value respectively, will
Model corresponding to the small gray value of difference is judged to the model corresponding to operational network flow to be measured;
(4) according to the characteristic value of the operational network flow obtained by (1), the normal discharge of network context radiant flux is set up
With the single order single argument gray model of distributed denial of service ddos attack flow:
Wherein,It is the single order list of the normal discharge to be set up and distributed denial of service ddos attack flow
Variable gray model, l=1,2,3 ..., l-th value of sequence is represented,It is the characteristic value sequence of primitive network flow
First value, n=1 represents that what is set up is the model of normal network context radiant flux, and n=2, what expression was set up is distribution
Formula refuses the model of service DDoS attack flow, and a is development coefficient, and b is grey actuating quantity;
(5) single order single argument gray model is set up according to (4), obtains network under test background radiation flow by two kind one
The gray value of gained after rank single argument gray model, and two kinds of differences between gray value and initial value are calculated respectively, by difference
Model corresponding to small gray value is judged to the model corresponding to network under test background radiation flow;
(6) model corresponding to network under test background radiation flow is obtained according to (5), judges network context radiation to be measured
Whether there is distributed denial of service ddos attack in network where flow:
If the model corresponding to network radiation background flow to be measured is the single order list of distributed denial of service ddos attack
Variable gray model, then the network under test radiation background flow is distributed denial of service ddos attack flow, is judged in network
There is distributed denial of service ddos attack;
If the model corresponding to network radiation background flow to be measured is that the single order of proper network background radiation flow is monotropic
Amount gray model, then network under test radiation background flow is normal discharge, is judged to do not exist distributed denial of service in network
Ddos attack.
The present invention compared with prior art, has the following advantages that:
First, the present invention detects that distributed denial of service DDoS is attacked by the method that single order single argument gray model is modeled
Hit, because single order single argument gray model modeling process is simple, data volume demand is small, amount of calculation is small, calculating speed is fast, so can
To detect distributed denial of service ddos attack present in network faster, the speed that detection is attacked is improve;
Second, the single order single argument gray model that the present invention is used, because its demand to the energy and resource is few, phase
Than the network equipment that the energy and resource-constrained are more suitable in other distributed denial of service ddos attack detection methods.
Brief description of the drawings
Fig. 1 realizes general flow chart for of the invention;
Fig. 2 is the single order single argument grey mould of network context radiant flux in the present invention and non-network background radiation flow
The Establishing process of type;
Fig. 3 be network in the present invention help background traffic normal discharge and distributed denial of service ddos attack one
The Establishing process of rank single argument gray model.
Specific embodiment
Below in conjunction with the accompanying drawings, the present invention is described in further detail.
Reference picture 1, it is of the invention to realize that step is as follows:
Step 1, obtains the network traffics of operational network, and extracts the characteristic value of network traffics.
The network traffics of operational network 1a) are obtained, operational network flow is obtained by flow collection in network node;
The characteristic value of network traffics 1b) is extracted, i.e., by the network context in the 1 second statistical unit time respectively by network
Distributed denial of service DDoS flows in radiant flux, non-network background radiation flow, network context radiant flux and treat
The number of the packet included in the network traffics of survey, using the number of these packets as extract network traffics feature
Value.
Step 2, the characteristic value according to resulting operational network flow sets up network context radiant flux and the non-network back of the body
The single order single argument gray model of scape radiant flux.
Reference picture 2, this step is implemented:
2a) according to the characteristic value of the network traffics extracted, the initial characteristicses value sequence of network traffics is obtained
Wherein, fm (0)L () is the initial characteristicses value sequence of network trafficsL-th component, L is to set up network context
The data volume of the single order single argument gray model of radiant flux and non-network background radiation flow, m=1, represent foundation is net
The model of network background radiation flow, what m=2 represented foundation is the model of non-network context radiant flux;
2b) calculateThe cumulative sequence of single orderFor:
Wherein,ForL-th component;
2c) calculate the cumulative sequence of single orderClose to average generation sequence Z(1):
Z(1)=(z(1)(1),z(1)(2),...,z(1)(l),...,z(1)(L)),
Wherein,It is close to average generation sequence Z(1)L-th component;
2d) Grey Differential Equation for building single order single argument gray model is:
Wherein, a is development coefficient, and b is grey actuating quantity;
2e) solve 3d) in Grey Differential Equation coefficient matrix:Obtain a and b
Solution, wherein:
It is to use Z(1)Component constitute matrix,It is useComponent constitute
Matrix;
2f) according to obtaining 2e) a and b solution, obtain 2d) in the solution of Grey Differential Equation be:
Wherein,It is the initial characteristicses value sequence of network trafficsSecond value;
2g) according to 2f) solution of the differential equation that obtains, by calculatingSet up network context spoke
The single order single argument gray model of amount of jet and non-network background radiation flow:
Step 3, according to the gray model that step 2 is set up, when calculating l=L-1, network context radiant flux and non-network
The single order single argument gray model of background radiation flowThe gray value of gained.
Step 4, calculates the difference between two kinds of gray values and the characteristic value initial value of operational network flow respectively.
4a) calculate operational network flow by network context radiant flux single order single argument gray model obtained by grey
ValueWith the characteristic value of initial launch network trafficsDifference
4b) calculate operational network flow by non-network background radiation flow single order single argument gray model obtained by ash
ColourWith the characteristic value of initial launch network trafficsDifference
Step 5, the model according to corresponding to step 4 by the small gray value of difference is judged to that operational network flow institute to be measured is right
The model answered:
If the model corresponding to operational network flow to be measured is the single order single argument grey mould of network context radiant flux
Type, then the network under test radiation background flow is network context radiant flux;
If the model corresponding to operational network flow to be measured is the single order single argument grey of non-network background radiation flow
Model, then the network under test radiation background flow is non-network background radiation flow.
Step 6, sets up the normal discharge and the one of distributed denial of service ddos attack flow of network context radiant flux
Rank single argument gray model.
Reference picture 3, this step is implemented:
6a) according to the characteristic value of the network traffics extracted, network traffics initial characteristicses value sequence is obtained
Wherein,It is the initial characteristicses value sequence of network trafficsL-th component, L is to set up network context spoke
The normal discharge of amount of jet and the data volume of distributed denial of service ddos attack flow, n=1, represent foundation is the network back of the body
The model of scape radiant flux, what n=2 represented foundation is the model of non-network context radiant flux;
6b) calculateThe cumulative sequence of single orderFor:
Wherein,It is the cumulative sequence of single orderL-th component;
6c) calculate the cumulative sequence of single orderClose to average generation sequence Z(1):
Z(1)=(z(1)(1),z(1)(2),...,z(1)(l),...,z(1)(L)),
Wherein,It is close to average generation sequence Z(1)L-th component;
6d) build the single order list of the normal discharge with distributed denial of service ddos attack flow of network context radiant flux
The Grey Differential Equation of variable gray model is:
Wherein, a is development coefficient, and b is grey actuating quantity;
6e) solve 6d) Grey Differential Equation coefficient matrix:Obtain a's and b
Solution, wherein:
It is to use Z(1)Component constitute matrix,It is useComponent constitute
Matrix;
6f) according to obtaining 6e) a and b solution, 6d can be obtained) in the solution of Grey Differential Equation be:
Wherein,It is the initial characteristicses value sequence for the network traffics for modelingSecond value;
6g) according to 6f) solution of the differential equation that obtains, by calculatingSet up network context radiation
The single order single argument gray model of normal discharge and distributed denial of service ddos attack flow:
Step 7, according to step 6, as l=L-1, obtains operational network flow to be measured and is refused with distribution by normal discharge
Exhausted service DDoS attack flow single order single argument gray modelGray value obtained by afterwards.
Step 8, judges the model corresponding to operational network flow to be measured.
8a) calculate single order single argument grey mould of the network under test background radiation flow by proper network background radiation flow
Gray value obtained by typeWith the characteristic value of initial network under test background radiation flowDifference
8b) calculate single order single argument grey of the network under test background radiation flow by distributed denial of service ddos attack
The gray value that model is obtainedWith the characteristic value of initial network under test background radiation flowDifference
8c) according to step 8a) and 8b), the model corresponding to the small gray value of difference is judged to network under test background spoke
Model corresponding to amount of jet.
Step 9, the model according to corresponding to step 8 obtains network under test background radiation flow judges the network back of the body to be measured
Whether there is distributed denial of service ddos attack in network where scape radiant flux:
If the model corresponding to network radiation background flow to be measured is the single order list of distributed denial of service ddos attack
Variable gray model, then the network under test radiation background flow is distributed denial of service ddos attack flow, in illustrating network
There is distributed denial of service ddos attack;
If the model corresponding to network radiation background flow to be measured is that the single order of proper network background radiation flow is monotropic
Amount gray model, then network under test radiation background flow is normal discharge, illustrates do not exist distributed denial of service in network
Ddos attack.
Described above is only example of the present invention, does not constitute any limitation of the invention, it is clear that for
For one of skill in the art, after present invention and principle is understood.All may be without departing substantially from the principle of the invention, structure
In the case of, various amendments and the change in form and details are carried out, but these are based on the amendment of inventive concept and change still
Within claims of the invention.
Claims (7)
1. it is a kind of based on grey forecasting model detect distributed denial of service network attack method, including
(1) network traffics of operational network are obtained, and extracts the characteristic value of network traffics;
(2) characteristic value of the operational network flow according to obtained by sets up network context radiant flux and non-network background radiation stream
The single order single argument gray model of amount:
Wherein,It is the single order single argument ash to be set up network context radiant flux and non-network background radiation flow
Color model, l=1,2,3 ..., l-th value of sequence is represented,It is first of the characteristic value sequence of primitive network flow
Value, m=1 represents that what is set up is the model of normal network context radiant flux, and what m=2 represented foundation is distributed refusal clothes
The model of business ddos attack flow, a is development coefficient, and b is grey actuating quantity;
(3) single order single argument gray model is set up according to (2), obtains operational network flow to be measured by two kinds of single order single arguments
The value of gained after gray model, is abbreviated as gray value, and calculates two differences between gray value and initial value respectively, by difference
Model corresponding to small gray value is judged to the model corresponding to operational network flow to be measured;
(4) according to the characteristic value of the operational network flow obtained by (1), set up the normal discharge of network context radiant flux and divide
Cloth refuses the single order single argument gray model of service DDoS attack flow:
Wherein,It is the single order single argument of the normal discharge to be set up and distributed denial of service ddos attack flow
Gray model, l=1,2,3 ..., l-th value of sequence is represented,It is the first of the characteristic value sequence of primitive network flow
Individual value, n=1, represent set up be normal network context radiant flux model, n=2, represent set up be that distribution is refused
The model of exhausted service DDoS attack flow, a is development coefficient, and b is grey actuating quantity;
(5) single order single argument gray model is set up according to (4), obtains network under test background radiation flow by two kinds of single order lists
The gray value of gained after variable gray model, and calculate respectively two kinds of gray values and operational network flow characteristic value initial value it
Between difference, the model corresponding to the small gray value of difference is judged to the model corresponding to network under test background radiation flow;
(6) model corresponding to network under test background radiation flow is obtained according to (5), judges network context radiant flux to be measured
Whether there is distributed denial of service ddos attack in the network at place:
If the model corresponding to network radiation background flow to be measured is the single order single argument of distributed denial of service ddos attack
Gray model, then the network under test radiation background flow is distributed denial of service ddos attack flow, is judged to exist in network
Distributed denial of service ddos attack;
If the model corresponding to network radiation background flow to be measured is the single order single argument ash of proper network background radiation flow
Color model, then network under test radiation background flow is normal discharge, is judged to be attacked in the absence of distributed denial of service DDoS in network
Hit.
2. method according to claim 1, it is characterised in that the characteristic value of network traffics is extracted in step (1), is to pass through
Respectively by network context radiant flux, non-network background radiation flow, the network context spoke of network in 1 second statistical unit time
The number of the packet included in the distributed denial of service DDoS flows and network traffics to be measured in amount of jet, by these
The number of packet as extract network traffics characteristic value.
3. method according to claim 1, it is characterised in that network context radiant flux and non-net are set up in step (2)
The single order single argument gray model of network background radiation flow, is carried out as follows:
2a) according to the characteristic value of the network traffics extracted, the initial characteristicses value sequence of network traffics is obtained
Wherein, fm (0)L () is the initial characteristicses value sequence of network trafficsL-th component, L for set up network context radiation
The data volume of the single order single argument gray model of flow and non-network background radiation flow, m=1, represent foundation is the network back of the body
The model of scape radiant flux, what m=2 represented foundation is the model of non-network context radiant flux;
2b) calculateThe cumulative sequence of single orderFor:
Wherein,ForL-th component;
2c) calculate the cumulative sequence of single orderClose to average generation sequence Z(1):
Z(1)=(z(1)(1),z(1)(2),...,z(1)(l),...,z(1)(L)),
Wherein,It is close to average generation sequence Z(1)L-th component;
2d) Grey Differential Equation for building single order single argument gray model is:
Wherein, a is development coefficient, and b is grey actuating quantity;
2e) solve 2d) in Grey Differential Equation coefficient matrix:Obtain a's and b
Solution, wherein:
It is to use Z(1)The matrix that is constituted of component,It is useComponent constituted
Matrix;
2f) according to 2e) solution of a that is calculated and b, obtain 2d) in the solution of the differential equation be:
Wherein,It is the initial characteristicses value sequence of network trafficsSecond value;
2g) according to 2f) solution of the differential equation that obtains, by calculatingSet up network context radiant flux
The single order single argument gray model of amount and non-network background radiation flow:
Wherein,It is l+1 of the solution of the differential equation,It is l of Solutions of Ordinary Differential Equations.
4. method according to claim 1, it is characterised in that initial value refers to the operation net to be measured of extraction in step (3)
The initial characteristic values of network flow.
5. method according to claim 1, it is characterised in that sets up single order single argument grey according to (2) in step (3)
Model, obtains gray value of the operational network flow to be measured by gained after two kinds of single order single argument gray models, refers to work as l=L-
When 1, the single order single argument gray model of network context radiant flux and non-network background radiation flowThe ash of gained
Colour.
6. method according to claim 1, it is characterised in that step sets up the normal of network context radiant flux in (4)
Flow and the single order single argument gray model of distributed denial of service ddos attack flow, set up process as follows:
4a) according to the characteristic value of the network traffics extracted, network traffics initial characteristicses value sequence is obtained
Wherein,It is the initial characteristicses value sequence of network trafficsL-th component, L is to set up network context radiant flux
The normal discharge of amount and the data volume of distributed denial of service ddos attack flow, n=1, represent foundation is network context spoke
The model of amount of jet, what n=2 represented foundation is the model of non-network context radiant flux;
4b) calculateThe cumulative sequence of single orderFor:
Wherein,It is the cumulative sequence of single orderL-th component;
4c) calculate the cumulative sequence of single orderClose to average generation sequence Z(1):
Z(1)=(z(1)(1),z(1)(2),...,z(1)(l),...,z(1)(L)),
Wherein,It is close to average generation sequence Z(1)L-th component;
4d) build the single order single argument of the normal discharge with distributed denial of service ddos attack flow of network context radiant flux
The Grey Differential Equation of gray model is:
Wherein, a is development coefficient, and b is grey actuating quantity;
4e) solve 4d) Grey Differential Equation coefficient matrix:The solution of a and b is obtained,
Wherein:
It is to use Z(1)The matrix that is constituted of component,It is useThe matrix for being constituted;
4f) according to 4e) solution of a that is calculated and b, and then obtain 4d) solution be:
Wherein,It is the initial characteristicses value sequence for the network traffics for modelingSecond value;
4g) according to 4f) solution of the differential equation that obtains, by calculatingSet up network context radiation normal
The single order single argument gray model of flow and distributed denial of service ddos attack flow:
Wherein,It is l+1 of the solution of the differential equation,It is l of the solution of the differential equation.
7. method according to claim 1, it is characterised in that network under test background radiation flow warp is obtained in step (5)
The gray value of gained after two kinds of single order single argument gray models is crossed, refers to normal discharge and distributed refusal clothes as l=L-1
The single order single argument gray model of business ddos attack flowThe value of gained.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710157306.1A CN106790295B (en) | 2017-03-16 | 2017-03-16 | Method based on grey forecasting model detection distributed denial of service network attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710157306.1A CN106790295B (en) | 2017-03-16 | 2017-03-16 | Method based on grey forecasting model detection distributed denial of service network attack |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106790295A true CN106790295A (en) | 2017-05-31 |
CN106790295B CN106790295B (en) | 2019-10-11 |
Family
ID=58966179
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710157306.1A Active CN106790295B (en) | 2017-03-16 | 2017-03-16 | Method based on grey forecasting model detection distributed denial of service network attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106790295B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111600859A (en) * | 2020-05-08 | 2020-08-28 | 恒安嘉新(北京)科技股份公司 | Method, device, equipment and storage medium for detecting distributed denial of service attack |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101217377A (en) * | 2008-01-18 | 2008-07-09 | 南京邮电大学 | A detecting method of distributed denial of service attacking based on improved sequence scale regulation |
CN102821007A (en) * | 2012-08-06 | 2012-12-12 | 河南科技大学 | Network security situation awareness system based on self-discipline computing and processing method thereof |
CN104506482A (en) * | 2014-10-10 | 2015-04-08 | 香港理工大学 | Detection method and detection device for network attack |
CN104850916A (en) * | 2015-05-31 | 2015-08-19 | 上海电机学院 | Improved-gray-Markov-model-based power equipment fault prediction method |
-
2017
- 2017-03-16 CN CN201710157306.1A patent/CN106790295B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101217377A (en) * | 2008-01-18 | 2008-07-09 | 南京邮电大学 | A detecting method of distributed denial of service attacking based on improved sequence scale regulation |
CN102821007A (en) * | 2012-08-06 | 2012-12-12 | 河南科技大学 | Network security situation awareness system based on self-discipline computing and processing method thereof |
CN104506482A (en) * | 2014-10-10 | 2015-04-08 | 香港理工大学 | Detection method and detection device for network attack |
CN104850916A (en) * | 2015-05-31 | 2015-08-19 | 上海电机学院 | Improved-gray-Markov-model-based power equipment fault prediction method |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111600859A (en) * | 2020-05-08 | 2020-08-28 | 恒安嘉新(北京)科技股份公司 | Method, device, equipment and storage medium for detecting distributed denial of service attack |
CN111600859B (en) * | 2020-05-08 | 2022-08-05 | 恒安嘉新(北京)科技股份公司 | Method, device, equipment and storage medium for detecting distributed denial of service attack |
Also Published As
Publication number | Publication date |
---|---|
CN106790295B (en) | 2019-10-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Wang et al. | Unification of theoretical approaches for epidemic spreading on complex networks | |
Xiao et al. | Deep-q: Traffic-driven qos inference using deep generative network | |
Zhang et al. | Enhancing the transmission efficiency by edge deletion in scale-free networks | |
Gupta et al. | Centrality measures for networks with community structure | |
CN104836810B (en) | A kind of collaborative detection method of NDN low speed caching pollution attack | |
Dong et al. | Network measurement based modeling and optimization for IP geolocation | |
CN105681338A (en) | Vulnerability exploiting success probability calculation method and network security risk management method | |
CN105162654B (en) | A kind of link prediction method based on local community information | |
CN103152341B (en) | The network security situation awareness emulation mode that a kind of actual situation combines and system | |
CN103294833B (en) | The junk user of concern relation based on user finds method | |
TW201103281A (en) | Botnet early detection using HHMM algorithm | |
CN107454039A (en) | The method of network attack detection system and detection network attack | |
Xu et al. | Detection on application layer DDoS using random walk model | |
CN106972952A (en) | A kind of Information Communication leader's Node extraction method based on internet pricing correlation | |
CN106790295A (en) | The method that distributed denial of service network attack is detected based on grey forecasting model | |
CN103281158A (en) | Method for detecting communication granularity of deep web and detection equipment thereof | |
CN101986608B (en) | Method for evaluating heterogeneous overlay network load balance degree | |
Kesidis et al. | Coupled kermack-mckendrick models for randomly scanning and bandwidth-saturating internet worms | |
Zhang et al. | Traffic fluctuations on weighted networks | |
CN105812204B (en) | A kind of recurrence name server online recognition method based on Connected degree estimation | |
CN112016085A (en) | Power transmission and distribution system planning method for coping with information-physical cooperative attack | |
CN106603294A (en) | Comprehensive vulnerability assessment method based on power communication network structure and state | |
CN106656464A (en) | Complex network side attack method under power exponent adjustable attack cost | |
CN106790099A (en) | Charge network survivability Measurement Method based on network survivability entropy | |
Zhao et al. | Modular effects on epidemic dynamics in small-world networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |