CN107317756A - A kind of optimal attack paths planning method learnt based on Q - Google Patents

A kind of optimal attack paths planning method learnt based on Q Download PDF

Info

Publication number
CN107317756A
CN107317756A CN201710556319.6A CN201710556319A CN107317756A CN 107317756 A CN107317756 A CN 107317756A CN 201710556319 A CN201710556319 A CN 201710556319A CN 107317756 A CN107317756 A CN 107317756A
Authority
CN
China
Prior art keywords
leak
main frame
mrow
msub
optimal attack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710556319.6A
Other languages
Chinese (zh)
Inventor
胡昌振
陈韵
吕坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Technology BIT
Original Assignee
Beijing Institute of Technology BIT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Technology BIT filed Critical Beijing Institute of Technology BIT
Priority to CN201710556319.6A priority Critical patent/CN107317756A/en
Publication of CN107317756A publication Critical patent/CN107317756A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to a kind of optimal attack paths planning method learnt based on Q, belong to field of information security technology.Concrete operation step is:Step 1: obtaining network structure.Step 2: obtaining leak present in each main frame in network system.Step 3: setting up Q learning models.Step 4: by Q learning models, obtaining optimal attack Route Routes.The optimal attack paths planning method proposed by the present invention learnt based on Q is compared with the prior art compared with advantages below:1. training data need not be collected, network model is trained;2. can on-line study, the not corresponding optimal attack path of heterogeneous networks state in the same time is determined in real time;3. learning rate has used annealing model, so convergent more accurate;4. optimal attack path formation speed is fast;5. due to attack graph need not be generated, it is possible to suitable for large-scale computer cluster.

Description

A kind of optimal attack paths planning method learnt based on Q
Technical field
The present invention relates to a kind of optimal attack paths planning method learnt based on Q, belong to field of information security technology.
Background technology
When being permeated to information systems internetting, attacker is intended to select cost small and the attack path that has high repayment, Wherein, attack return and attack cost are only optimal attack path, current acquisition optimal attack road than maximum attack path The method in footpath is mainly based upon attack graph to obtain after the attack path between all source node and destination node, then chooses these One in path is used as optimal attack path.
At present, the more commonly used network attack map has:Network attack map based on fragility and based on network state Attack graph.The problem of generation method of attack path or Protection path based on above two attack graph is present be:1. speed is generated Degree is slow;2. in order to solve state explosion the problem of, by the way of attack path is limited, attack path is caused to be asked comprising not congruent Topic.
For the influence solved the above problems to producing optimal attack path, India scientist Nirnay Ghosh, Saurav Nanda, S.K.Ghosh were proposed based on minimum attack graph (minimal attack graph) and made in 2010 The method to choose optimal attack path is optimized to attack path with ant group algorithm.But the method is due to algorithm expense It is too big, when in face of a large-scale computer group of planes, immediately using minimum attack graph, also can not Fast Fitting go out optimal attack road Footpath.
The content of the invention
, only need to be to network system the purpose of the present invention is to propose to a kind of optimal attack paths planning method learnt based on Q Modeling and without generating attack graph, solve that formation speed present in existing optimal attack paths planning method is slow and state The problems such as blast or attack path not converge to optimal.
The purpose of the present invention is achieved through the following technical solutions.
A kind of optimal attack paths planning method learnt based on Q of the present invention, concrete operation step is:
Step 1: obtaining network structure.
Step 1.1:The software application of each main frame in network system is obtained, software application and main frame corresponding table is set up.
The software application is included with main frame corresponding table:Software application title and Hostname.
Step 1.2:The session link between each main frame in network system is obtained, session link table between main frame is set up.It is described Session link table includes between main frame:Source host name and target-host-name.
Step 2: obtaining leak present in each main frame in network system, main frame Vuln Status table is set up, while setting up leakage Hole is gathered, and is represented with symbol A.The main frame Vuln Status table includes:Hostname, leak ID and success attack rate.
Step 3: Q learning models are set up, shown in such as formula (1).
Qn+1(s, a)=(1- δn(s,a))Qn(s,a)+δn(s,a)[R(s,a,s')+γJn(s')]) (1)
Wherein, s represents current state, and s' represents current state s successor states;A represents current leak;A ∈ A, A are step Leak set A described in rapid 2.1;N is iterative steps, n >=0;Qn+1(s, a) when being (n+1) step iteration under current state s Utilize an estimate of the obtained overall return of current leak a;Qn(s, a) to being utilized under current state s when being the n-th step iteration One estimate of the overall return that current leak a is obtained;δn(s is a) learning rate of the n-th step, obtained by formula (2);R (s, a, s') is Reward Program immediately, is obtained by formula (3);γ is discount factors, is artificial preset value, γ ∈ [0, 1);Jn(s') it is delay Reward Program, is obtained by formula (4).
Wherein, α, β are artificial setting value, and
Wherein, R (s, a, s') is represented under current state s, by using current leak a, reaches the vertical of successor states s' Return estimate;PrFor atomic strike success rate;I is the sequential encoding of main frame;WiFor main frame i weight;∑jWjTo be whole In network system the weight of All hosts and;M is main frame i m kind authorities, and m is positive integer;Ti mRepresent to utilize current leak a Obtain the main frame i corresponding score value of m kind authorities;∑mTi mIt is to all Ti mSummation.
Jn(s')=maxQn(s',b) (4)
Wherein, Jn(s') it is the Q under successor states s'n(s', maximum b);Qn(s' b) is represented in the n-th step, rear After under state s', the estimate of the overall return obtained using follow-up leak (being represented with symbol b);b∈A.
Step 4: learning by Q, optimal attack Route Routes are obtained.Specially:
Step 4.1:Optimal attack path sequence is set up, is represented with symbol L, its initial value is sky.
Step 4.2:The initial value of Q learning models is set, now iterative steps n=0.Specially:Attack path is set Source host and destination host;Randomly selected from leak set A source host can a leak utilizing of a step, as current Leak a;To the corresponding states of the current leak a of main frame Vuln Status table search, as current state s;Q is setn(s, a)= 0, i.e. Q0(s, a)=0.
Step 4.3:When calculating (n+1) step iteration by formula (1), to being obtained under current state s using current leak a Overall return an estimate Qn+1(s, a), while obtaining follow-up leak b set.
Step 4.4:If Qn+1(s, a)=Qn(s, a), then the follow-up leak b obtained current leak a and step 2.4 Set, be put into optimal attack path sequence L, so as to obtain optimal attack path sequence L, end operation.Otherwise iteration is made Step number n increases 1, the operation of repeat step 4.3 to step 4.4 certainly.
Last leak is located at described in step 4.2 in destination host in the optimal attack path sequence L.
By the operation of above-mentioned steps, the optimal attack path sequence L from source host to destination host is obtained.
The optimal attack paths planning method proposed by the present invention learnt based on Q is compared with the prior art compared with following Advantage:
1. training data need not be collected, network model is trained;
2. can on-line study, the not corresponding optimal attack path of heterogeneous networks state in the same time is determined in real time;
3. learning rate has used annealing model, so convergent more accurate;
4. optimal attack path formation speed is fast;
5. due to attack graph need not be generated, it is possible to suitable for large-scale computer cluster.
Brief description of the drawings
Fig. 1 is the operational flowchart based on the Q optimal attack paths planning methods learnt in the specific embodiment of the invention;
Fig. 2 is network topological diagram in the specific embodiment of the invention.
Embodiment
According to above-mentioned technical proposal, the present invention is described in detail with embodiment below in conjunction with the accompanying drawings.
Use most preferably attacking in the optimal attack paths planning method searching network system proposed by the present invention learnt based on Q Path is hit, its operating process is as shown in figure 1, concrete operation step is as follows:
Step 1: obtaining network structure.
As shown in Fig. 2 being provided with initial defence policies in network system:Outer net personnel can access main frame in DMZ areas H2, H3And H4Browser and DNS domain name.Main frame H2And H3H can be accessed4In mail service and H5And H6On SQL clothes Business.Main frame H7For ftp server, except main frame H8Outside, other main frames can only read and download open file, it is impossible to change file. Main frame H2, H3And H4All forbid Access Management Access server H8。H8The various services on other main frames can be accessed.
Step 1.1:The software application of each main frame in network system is obtained, software application and main frame corresponding table, such as table 1 is set up It is shown.
The software application is included with main frame corresponding table:Software application title and Hostname.
The software application of table 1 and main frame corresponding table
Dbase Hostname
IIS7.0 H2, H3
BIND 9 H4
Sendmail 8.13 H4
MySQL 5.7 H5, H6
Serv-U 10.5 H7
IE6.0 H8
Step 1.2:The session link in network system between each main frame is obtained according to the defence policies in step 1.1, is built Session link table between vertical main frame, as shown in table 2.Session link table includes between the main frame:Source host name and target-host-name.
Session link table between the main frame of table 2
Wherein, it can connect, can not be connected between 0 two main frames of expression between 1 two main frames of expression.
Step 2: obtaining leak present in each main frame in network system, main frame Vuln Status table is set up, as shown in table 3; Leak set is set up simultaneously, is represented with symbol A.The main frame Vuln Status table includes:Hostname, leak ID (CVE ID) and Success attack rate.
The main frame Vuln Status table of table 3
Step 3: Q learning models are set up, shown in such as formula (1).
Qn+1(s, a)=(1- δn(s,a))Qn(s,a)+δn(s,a)[R(s,a,s')+γJn(s')]) (1)
Wherein, s represents current state, and s' represents current state s successor states;A represents current leak;A ∈ A, A are step Leak set A in rapid 2.1;N is iterative steps, n >=0;Qn+1(s is a) to sharp under current state s in (n+1) step iteration One estimate of the overall return obtained with current leak a;Qn(s, a) be in the n-th step iteration under current state s using working as One estimate of the overall return that preceding leak a is obtained;δn(s is a) learning rate of the n-th step, obtained by formula (2);R(s, A, s') for Reward Program immediately, obtained by formula (3);γ is discount factors, is artificial preset value, γ ∈ [0,1); Jn(s') it is delay Reward Program, is obtained by formula (4).
Wherein,
Wherein, R (s, a, s') represents that current state s, by using current leak a, reaches successor states s' return immediately Estimate;PrFor atomic strike success rate, specific assignment is as shown in table 4;I is the sequential encoding of main frame;WiFor main frame i weight, Service that main frame the weight position of network and main frame where the main frame are provided is determined.In the present embodiment, when initial, each master Machine host position and service assignment, as shown in table 5, main frame has Internet (internet), DMZ (non-military in the position of network Area's network) and three kinds of Intranet (Intranet).Host services have following 7 kinds:Web、DNS、MAIL、DHCP、SQL、FTP、 Manager.Then this ten attributes are input in T-S fuzzy neural networks as input vector, when main frame has this service, located When this position, property value be table in correspondence, without when be 0.The output of neutral net is according to secret of the main frame to network system Property, reliability and integrality influence are divided into this dangerous, high, medium and low, very low five kinds of fuzzy outputs.Because output is also fuzzy , therefore, the training of neutral net only needs to ensure that network output has identical trend with desired output.Network is to each defeated The average weight for entering attribute is the weights of correspondence attribute.Final position of host machine and service weight as shown in table 6, the of table 6 The coefficient of the weight of one behavior each attribute, the true weighted value of the second behavior is multiplied by corresponding initial weight with weight coefficient.
Jn(s')=maxQn(s',b) (4)
Wherein, Jn(s') it is the Q under successor states s'n(s', maximum b);Qn(s' b) is represented in the n-th step, rear After under state s', using the estimate of the obtained overall return of follow-up leak (being represented with symbol b);b∈A.
The success attack rate scoring criteria of table 4
Grade Pr Description
1 0.9 Attack tool is not needed, there is detailed attack method
2 0.7 There are available attack tool and detailed attack method
3 0.5 Without attack tool but there is detailed attack method
4 0.3 Vulnerability information is issued, rough indication attack method
5 0.1 Vulnerability information is issued, and attack method is not provided
The Initial master position of table 5 and service weight
Internet DMZ Intranet Web DNS MAIL DHCP SQL FTP Manager
Score 1 2 3 1 2 3 4 5 6 7
The position of host machine of table 6 and service weight
jWjFor All hosts in whole network system weight and;M is main frame i m kind authorities, and m is positive integer; Ti mRepresent the corresponding score value of m kind authorities using current leak a acquisition main frames i, ∑mTi mIt is to all Ti mSummation.It is described Main frame i authority classification includes:Disconnect (Broken), connection (Connection), user right (User), administrator right (Root), Denial of Service attack (DoS) and destruction (Crash), authority scoring are as shown in table 7.
The main frame authority grade form of table 7
Permission type Scoring
Broken 0
Connection 1
User 2
Root 3
DoS 4
Crash 5
Step 4: learning by Q, optimal attack Route Routes are obtained.Specially:
Step 4.1:Optimal attack path sequence is set up, is represented with symbol L, its initial value is sky.
Step 4.2:The initial value of Q learning models is set, now iterative steps n=0.Specially:Attack path is set Source host and destination host;Randomly selected from leak set A a source host can the leak that utilizes of a step, such as the institute of table 8 Show, be used as current leak a (CVE-2015-1635);To the corresponding states of the current leak a of main frame Vuln Status table search, by it It is used as current state s;Q is setn(s, a)=0, i.e. Q0(s, a)=0.
The source host of table 8 being capable of the leak table that utilizes of a step
Leak title There is main frame
CVE-2015-1635 H2, H3
CVE-2015-5477 H4
CVE-2009-4565 H4
Step 4.3:(n+1) step is calculated by formula (1), to the totality obtained under current state s using current leak a One estimate Q of returnn+1(s, a), while obtaining follow-up leak b set.
Step 4.4:If Qn+1(s, a)=Qn(s, a), then the follow-up leak b obtained current leak a and step 2.4 Set, be put into optimal attack path sequence L, so as to obtain optimal attack path sequence L, end operation.Otherwise iteration is made Step number n increases 1, the operation of repeat step 4.3 to step 4.4 certainly.The optimal attack path finally obtained is:H1,Root→CVE- 2015-1635→H3,Root→CVE-2011-4800→H7,Root

Claims (1)

1. a kind of optimal attack paths planning method learnt based on Q, concrete operation step is:
Step 1: obtaining network structure;
Step 1.1:The software application of each main frame in network system is obtained, software application and main frame corresponding table is set up;
The software application is included with main frame corresponding table:Software application title and Hostname;
Step 1.2:The session link between each main frame in network system is obtained, session link table between main frame is set up;The main frame Between session link table include:Source host name and target-host-name;
Step 2: obtaining leak present in each main frame in network system, main frame Vuln Status table is set up, while setting up leak collection Close, represented with symbol A;The main frame Vuln Status table includes:Hostname, leak ID and success attack rate;
Step 3: Q learning models are set up, shown in such as formula (1);
Qn+1(s, a)=(1- δn(s,a))Qn(s,a)+δn(s,a)[R(s,a,s')+γJn(s')]) (1)
Wherein, s represents current state, and s' represents current state s successor states;A represents current leak;A ∈ A, A are step The A of leak set described in 2.1;N is iterative steps, n >=0;Qn+1(s, a) to sharp under current state s when being (n+1) step iteration One estimate of the overall return obtained with current leak a;Qn(s, a) when being the n-th step iteration under current state s using working as One estimate of the overall return that preceding leak a is obtained;δn(s is a) learning rate of the n-th step, obtained by formula (2);R(s, A, s') for Reward Program immediately, obtained by formula (3);γ is discount factors, is artificial preset value, γ ∈ [0,1); Jn(s') it is delay Reward Program, is obtained by formula (4);
<mrow> <msub> <mi>&amp;delta;</mi> <mi>n</mi> </msub> <mrow> <mo>(</mo> <mi>s</mi> <mo>,</mo> <mi>a</mi> <mo>)</mo> </mrow> <mo>=</mo> <mfrac> <mi>&amp;alpha;</mi> <mrow> <mi>&amp;beta;</mi> <mo>+</mo> <mi>n</mi> </mrow> </mfrac> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>2</mn> <mo>)</mo> </mrow> </mrow>
Wherein, α, β are artificial setting value, and
<mrow> <mi>R</mi> <mrow> <mo>(</mo> <mi>s</mi> <mo>,</mo> <mi>a</mi> <mo>,</mo> <msup> <mi>s</mi> <mo>&amp;prime;</mo> </msup> <mo>)</mo> </mrow> <mo>=</mo> <msqrt> <msub> <mi>P</mi> <mi>r</mi> </msub> </msqrt> <mo>&amp;times;</mo> <mfrac> <msub> <mi>W</mi> <mi>i</mi> </msub> <mrow> <msub> <mi>&amp;Sigma;</mi> <mi>j</mi> </msub> <msub> <mi>W</mi> <mi>j</mi> </msub> </mrow> </mfrac> <mo>&amp;times;</mo> <msub> <mi>&amp;Sigma;</mi> <mi>m</mi> </msub> <msubsup> <mi>T</mi> <mi>i</mi> <mi>m</mi> </msubsup> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>3</mn> <mo>)</mo> </mrow> </mrow>
Wherein, R (s, a, s') is represented under current state s, by using current leak a, reaches returning immediately for successor states s' Report estimate;PrFor atomic strike success rate;I is the sequential encoding of main frame;WiFor main frame i weight;∑jWjFor whole network In system the weight of All hosts and;M is main frame i m kind authorities, and m is positive integer;Ti mRepresent to obtain using current leak a The main frame i corresponding score value of m kind authorities;∑mTi mIt is to all Ti mSummation;
Jn(s')=maxQn(s',b) (4)
Wherein, Jn(s') it is the Q under successor states s'n(s', maximum b);Qn(s' b) is represented in the n-th step, in follow-up shape Under state s', using the estimate of the obtained overall return of follow-up leak b;b∈A;
Step 4: learning by Q, optimal attack Route Routes are obtained;Specially:
Step 4.1:Optimal attack path sequence is set up, is represented with symbol L, its initial value is sky;
Step 4.2:The initial value of Q learning models is set, now iterative steps n=0;Specially:The source master of attack path is set Machine and destination host;Randomly selected from leak set A source host can a leak utilizing of a step, be used as current leak a;To the corresponding states of the current leak a of main frame Vuln Status table search, as current state s;Q is setn(s, a)=0, i.e., Q0(s, a)=0;
Step 4.3:By formula (1) calculate (n+1) step iteration when, under current state s using current leak a obtain it is total One estimate Q of body returnn+1(s, a), while obtaining follow-up leak b set;
Step 4.4:If Qn+1(s, a)=Qn(s, a), then by the obtained follow-up leak b of current leak a and step 2.4 collection Close, be put into optimal attack path sequence L, so as to obtain optimal attack path sequence L, end operation;Otherwise iterative steps n is made From increasing 1, the operation of repeat step 4.3 to step 4.4;
Last leak is located at described in step 4.2 in destination host in the optimal attack path sequence L;
By the operation of above-mentioned steps, the optimal attack path sequence L from source host to destination host is obtained.
CN201710556319.6A 2017-07-10 2017-07-10 A kind of optimal attack paths planning method learnt based on Q Pending CN107317756A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710556319.6A CN107317756A (en) 2017-07-10 2017-07-10 A kind of optimal attack paths planning method learnt based on Q

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710556319.6A CN107317756A (en) 2017-07-10 2017-07-10 A kind of optimal attack paths planning method learnt based on Q

Publications (1)

Publication Number Publication Date
CN107317756A true CN107317756A (en) 2017-11-03

Family

ID=60178357

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710556319.6A Pending CN107317756A (en) 2017-07-10 2017-07-10 A kind of optimal attack paths planning method learnt based on Q

Country Status (1)

Country Link
CN (1) CN107317756A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108123962A (en) * 2018-01-19 2018-06-05 北京理工大学 A kind of method that BFS algorithms generation attack graph is realized using Spark
CN110213262A (en) * 2019-05-30 2019-09-06 华北电力大学 A kind of full-automatic advanced escape technical testing method based on depth Q network
CN110378439A (en) * 2019-08-09 2019-10-25 重庆理工大学 Single robot path planning method based on Q-Learning algorithm
CN111637444A (en) * 2020-06-05 2020-09-08 沈阳航空航天大学 Nuclear power steam generator water level control method based on Q learning
CN112039864A (en) * 2020-08-25 2020-12-04 华北电力大学 Method for analyzing cross-layer security risk of electric power CPS
CN112235283A (en) * 2020-10-10 2021-01-15 南方电网科学研究院有限责任公司 Vulnerability description attack graph-based network attack evaluation method for power engineering control system

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108123962A (en) * 2018-01-19 2018-06-05 北京理工大学 A kind of method that BFS algorithms generation attack graph is realized using Spark
CN110213262A (en) * 2019-05-30 2019-09-06 华北电力大学 A kind of full-automatic advanced escape technical testing method based on depth Q network
CN110213262B (en) * 2019-05-30 2022-01-28 华北电力大学 Full-automatic advanced escape technology detection method based on deep Q network
CN110378439A (en) * 2019-08-09 2019-10-25 重庆理工大学 Single robot path planning method based on Q-Learning algorithm
CN111637444A (en) * 2020-06-05 2020-09-08 沈阳航空航天大学 Nuclear power steam generator water level control method based on Q learning
CN111637444B (en) * 2020-06-05 2021-10-22 沈阳航空航天大学 Nuclear power steam generator water level control method based on Q learning
CN112039864A (en) * 2020-08-25 2020-12-04 华北电力大学 Method for analyzing cross-layer security risk of electric power CPS
CN112235283A (en) * 2020-10-10 2021-01-15 南方电网科学研究院有限责任公司 Vulnerability description attack graph-based network attack evaluation method for power engineering control system
CN112235283B (en) * 2020-10-10 2022-11-11 南方电网科学研究院有限责任公司 Vulnerability description attack graph-based network attack evaluation method for power engineering control system

Similar Documents

Publication Publication Date Title
CN107317756A (en) A kind of optimal attack paths planning method learnt based on Q
CN108933793B (en) Attack graph generation method and device based on knowledge graph
Su et al. De-anonymizing web browsing data with social networks
JP6093396B2 (en) System and method for developing risk profiles for Internet resources
Abraham et al. Cyber security analytics: a stochastic model for security quantification using absorbing markov chains
CN107347069A (en) A kind of optimal attack paths planning method based on Kohonen neutral nets
CN107948137A (en) A kind of optimal attack paths planning method based on improved Q study
CN113347156B (en) Intelligent flow confusion method and system for website fingerprint defense and computer storage medium
CN102333096B (en) Creditworthiness control method and system for anonymous communication system
CN105681338A (en) Vulnerability exploiting success probability calculation method and network security risk management method
CN110519298A (en) A kind of Tor method for recognizing flux and device based on machine learning
CN103595734B (en) Based on the online social network fast repairing method that user-association structure divides
Subramanian The growth of global internet censorship and circumvention: A survey
CN106657144B (en) A kind of dynamic protection paths planning method based on enhancing study
CN108491714A (en) The man-machine recognition methods of identifying code
CN108900513B (en) DDOS effect evaluation method based on BP neural network
CN111586046A (en) Network traffic analysis method and system combining threat intelligence and machine learning
Coull et al. Taming the devil: Techniques for evaluating anonymized network data
CN104883356A (en) Target model-based network attack detection method
CN107277121B (en) A kind of network equipment localization method and device
CN107133527A (en) A kind of personalized recommendation method based on location privacy protection
CN110830490A (en) Malicious domain name detection method and system based on area confrontation training deep network
Beznosov et al. On the imbalance of the security problem space and its expected consequences
Ko et al. Unsupervised learning with hierarchical feature selection for DDoS mitigation within the ISP domain
CN105430615A (en) Location privacy protection method based on false locations under continuous location service requests

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20171103