CN107360152A - A kind of Web based on semantic analysis threatens sensory perceptual system - Google Patents

A kind of Web based on semantic analysis threatens sensory perceptual system Download PDF

Info

Publication number
CN107360152A
CN107360152A CN201710551326.7A CN201710551326A CN107360152A CN 107360152 A CN107360152 A CN 107360152A CN 201710551326 A CN201710551326 A CN 201710551326A CN 107360152 A CN107360152 A CN 107360152A
Authority
CN
China
Prior art keywords
data
analysis
risk
identity
semantic analysis
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710551326.7A
Other languages
Chinese (zh)
Inventor
方勇
黄诚
刘亮
易楠
彭嘉毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan University
Original Assignee
Sichuan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan University filed Critical Sichuan University
Priority to CN201710551326.7A priority Critical patent/CN107360152A/en
Publication of CN107360152A publication Critical patent/CN107360152A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • G06F18/232Non-hierarchical techniques
    • G06F18/2321Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions
    • G06F18/23213Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions with fixed number of clusters, e.g. K-means clustering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Mining & Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Evolutionary Computation (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • General Physics & Mathematics (AREA)
  • Artificial Intelligence (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Medical Informatics (AREA)
  • Evolutionary Biology (AREA)
  • Mathematical Physics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A kind of threat sensory perceptual system that can the data in Web application systems be carried out with behavior understanding based on semantic analysis of present invention design, by the efficiency of the abnormality detection skill upgrading semantic analysis based on machine learning, the attack of order injection type such as SQL injection and cross-site attack for Web system etc. is fast and accurately perceived.

Description

A kind of Web based on semantic analysis threatens sensory perceptual system
Technical field
A kind of prestige that can the data in Web application systems be carried out with behavior understanding based on semantic analysis of present invention design Sensory perceptual system is coerced, by the efficiency of the abnormality detection skill upgrading semantic analysis based on machine learning, to the life for Web system Injection type attack such as SQL injection and cross-site attack etc. is made fast and accurately to be perceived.
Background technology
With the expansion of network size, network system function cover comprehensively various aspects such as social, communication in life and Amusement etc., the complexity of network structure significantly rises.The complicated structure of network application and abundant function provide the user More quality services, have also been enlarged under fire face, make system be easier to be attacked.It is so how accurate promptly right The malicious act of menace network safety is positioned to for urgent problem to be solved.
In face of miscellaneous attack pattern, current network security defensive equipment such as fire wall, IDS, IPS etc., generally Malicious attack is detected using rule-based mode, system protected by building secure border.Interconnecting Under the high speed development of net, safety means emerge in an endless stream around means and new vulnerability exploit mode, above-mentioned defence method and thinking Declining trend is faded in fantastic changeable attack meanses are resisted.In recent years both at home and abroad because causing large-scale data to reveal event by attack Of common occurrence, ascendant trend is presented in internet security event occurrence frequency.The attack of order injection type is that Web application systems are threatened Maximum attack pattern, including SQL injection attack, the execution of XSS cross-site attacks, system command etc..
Using semantic analysis carry out attack detecting can effectively analyze data behavior intention, be network security defence capability Obtain the study hotspot of breakthrough lifting.Semantic analysis positions from the execution level of vector of attack to malicious act, relative to rule Detection means confrontation Code obfuscation and inspection policies around etc. have very big advantage.Framework aspect is being defendd, to making The research protected with secure border starts to using the perception for threatening cognition technology to carry out multi-azimuth tridimensional to system mode Research on develop.Situation Awareness System carries out convergence analysis to multi-sensor data, can make up secure border in flexibility With the deficiency of initiative etc..As can be seen here, it is accurately and efficiently right to be realized in Situation Awareness model using semantic analysis technology Cyberthreat behavior, which perceive responding, has important Research Significance.
The problem that attack detecting and effectively perceive for Web applications mainly solve is:
(1)How feature effectively to be extracted to attack load variant and unknown attack load and establishes model.
(2)How to distinguish whether one section of character string for carrying compromising feature has attack intension to system.
(3)How to improve semantic analysis efficiency makes system transparent to normal users.
The system emphasis solves for three above problem, realizes that the Web of a semantic analysis threatens sensory perceptual system.
The content of the invention
The invention is using semantic analysis technology, the abnormality detection technology based on TCM-KNN, the exception based on K-Means The AS of the multinomial technological development such as detection technique, Tim-Base Situation Awareness models, by the daily record data in system Analyzed with real-time traffic data, attack therein is perceived and responded.
The invention aims at following target:
(1)System carries out accurate security quantification assessment to data processed result, obtains the security postures result of current system.
(2)The master data that system can be collected in topic type carries out initialization process, can be reduced to obtain by flow Http solicited messages.There is the data-handling capacity that data are split to, stored and are converted into eigenmatrix.
(3)System is carried out determined property to data and divided using the anomaly extracting of improvement K-Means and TCM-KNN algorithms Hair.
(4)System possesses semantic analysis ability, can carry out grammer to interpreted languages such as SQL Query, Javascript Analysis obtains abstract syntax tree, and behavior sequence value-at-risk is calculated using characteristic pattern matching algorithm.
(5)System possesses data fusion ability, can carry out identity positioning to user by window fingerprint and be associated with behavior Tracking, and according to behavioral data and identity data completion identity and the mark of behavior, realize feedback regulation.
To achieve the above object, the invention employs following technical scheme:Threat sensory perceptual system master based on semantic analysis To include three parts:Data distribution, calculated based on semantic analysis value-at-risk, the Activity recognition of identity-based information and threat sense Know.
Anomaly extracting part includes data initialization, K-Means data clusterers and TCM-KNN data sorters.System This part carries out initialization process to the initial data in network system first, and extraction feature establishes eigenmatrix feeding and is based on machine The data processor of device study.TCM-KNN graders are trained using training data.
Semantic analysis model is mainly for the attack pattern such as SQL injection, XSS of application layer and order execution etc., by right Data are carried out after syntactic analysis obtains abstract syntax tree, and usage behavior characteristic pattern carries out behavior representation to syntax tree, and by Behaviorist risk value calculate with algorithm and is sent into threat analysis module.
Data fusion and the semantic value-at-risk for threatening each sensor of the sensing module to reception incoming are associated analysis. User is positioned by client location techniques simultaneously and behavior is associated analysis, relating value can dynamic adjustment behavior language The threat information that adopted value-at-risk is drawn, finally give the security situation and risk situation assessment result of whole system.
Brief description of the drawings
Fig. 1 is the system architecture diagram of the present invention
Fig. 2 is the system overall operation flow chart of the present invention
Fig. 3 is the initialization module operational flow diagram of the present invention
Fig. 4 is the data distribution module operational flow diagram of the present invention
Fig. 5 is the semantic module operational flow diagram of the present invention
Embodiment:
The threat sensory perceptual system based on semantic analysis includes four modules:Data initialization processing module, data distribution module, Semantic module, risk analysis and threat sensing module.
It is the main frame figure of system as shown in Figure 1, detailed describes the relevant design for threatening sensory perceptual system and deployment Framework.By the data analysis of three levels, the initial data of system is passed through and extracted based on machine learning abnormality detection module Abnormal, semantic analysis merges to obtain the security postures of system to abnormal data Activity recognition final data, completes Situation Awareness system Extraction of the data of uniting to information to three levels of knowledge.
The overall operation flow chart of model system shown in Fig. 2, describe the overall operation logic of system in detail.By system Initialize and training is completed to the grader of system, feature of risk figure is imported into each vulnerability database, and will be by analysis Web system Each facility information import analysis system.Data extraction is completed, data distribution, Risk Calculation, threatens extraction operation, output point Analysis report.
Fig. 3 is the operational flow diagram of initialization module, needs to enter daily record data with prefixed time interval in initialization Row segmentation, while key message is extracted in order to extract feature during data processing from various daily records.After daily record data slitting, Arrange and be put into database and store for Log Source, time, log content.K-Means cluster analyses device extracts daily record according to the time Log content is converted into eigenmatrix and analyzed by content progress feature extraction.
Fig. 4 is data distribution module operational flow diagram, and module completes daily record data using K-Means abnormality detections analyzer Cluster analysis.Analyzer obtains daily record data from the database in data initialization module and takes out data, completes feature extraction Generate normal data.Normal data is made up of eigenmatrix and primary data two parts, because needing language after completing cluster analysis Adopted analysis module needs to carry out syntactic analysis to initial data, and next module analysis directly can enter from cluster result after merging Row extraction of semantics.The data on flows that module finishes receiving initialization process using TCM-KNN abnormality detection graders is analyzed. The training of grader is completed first by training data, the classification degree of accuracy of the training data to TCM-KNN graders has very big shadow Ring, grader is contemplated to be as high as possible to abnormal data recall rate in the module, can with receiving portion normal data by mistake Classification, classifier training is completed using training data.
Fig. 5 is semantic module operational flow diagram, and semantic module carries out extraction of semantics and row to the data of reception Calculated for value-at-risk.After the mark of abnormal data is completed, semantic analysis can be special by the grammer of application layer attack behavior Property carry out value-at-risk assessment.Semantic module carries out morphological analysis and syntactic analysis structure for specific attack to data Build abstract syntax tree.It is that order is injected into request to realize the purpose of attack database to be attacked such as SQL injection, therefore is being attacked Must contain in vector can be by the SQL Query orders to understand of database command resolver.Syntax analyzer can be completed Efficient syntax snippet extraction, and generated abstract syntax tree.XSS attack and order perform attack and same principle, compile Traversal of programming syntax tree, obtains behavior sequence construction feature figure.Use the characteristic pattern use in malice feature chart database With behavior similarity is obtained, pass through Similarity Measure value-at-risk.
The present invention the course of work be:
Daily record and flow initial data in extraction system, daily record data is clustered using K-Means algorithms, abnormal data is sent Enter the Activity recognition module based on semantic analysis, to the abnormal progress Activity recognition extracted and wrong cluster data amendment.Together When use the KNN sorting algorithms for directly pushing away reliability machine(TCM-KNN)Anomaly classification is carried out to data on flows, abnormal data is sent into base In semantic module, the calculating of behaviorist risk value and the amendment of wrong grouped data are equally done.The wind that semantic module obtains Danger value is threatening sensing layer to carry out data fusion, and the state of runtime machine embodied is handled from daily record data and is further obtained Threat situation, while the user behavior that flow embodies impends judgement.
Wherein, the data distribution improved, process based on machine learning is as follows:
1)K-Means algorithms after improvement no longer randomly select the initial cluster heart, and the initial cluster heart that will be obtained using test data Add data to be analyzed and labeled as the initial cluster heart of cluster.Because K-Means algorithms itself do not possess to cluster result attribute Judgement, therefore whether need after different clusters is obtained to complete each cluster is abnormal judgement, proposes to increase to algorithm Additive attribute judges link.By analysis, normal clusters have following characteristics:First, relatively attack for cluster, the closer super dimension space of the cluster heart Origin.Second, dot density is noticeably greater than other clusters around the cluster heart after the completion of cluster.Therefore can be by calculating cluster heart initial point distance And dot density, obtain the attribute of cluster.
Number of samples of the statistical space distance less than reference range R is simultaneously divided by with cluster total number of samples.Institute in reference range selection cluster There is the lower quartile of sample and cluster heart distance statistics value.Compared by dot density and space length, by the poly- mark for the feature that meets It is designated as normal clusters.
2)The TCM-KNN graders used in model do not undertake the responsibility of behavioural analysis, and are responsible for point of initial flow bag Hair, the most normal discharge normal works allowed in flow, save the resource loss of threat analysis.Grader is contemplated by Normal behaviour pattern as far as possible correctly separates malicious traffic stream, can receive to classify normal discharge mistake to a certain extent For malicious traffic stream.Confusion matrix is not calculated to assess classification results, but directly contrasts abnormal data recall rate and normal Data false drop rate obtains most suitable K values.The straight reliability machine that pushes away has carried out primary calibration, classical TCM-KNN algorithms for classification results Singularity Degree is calculated to all classification results and obtains the value of the confidence of classifying.Because semantic analysis can be corrected to abnormal data, because This only carries out Singularity Degree calculating, and pass through threshold decision this number to mark in TCM-KNN algorithms are improved for data According to correct credibility of classifying, data with a low credibility are re-flagged as abnormal data.

Claims (5)

1. the invention discloses a kind of Web based on semantic analysis to threaten sensor model, its feature comprises the following steps:
Step 1:To being extracted by analysis Web application system data, formatting processing and storage;
Step 2:High speed distribution is carried out to initial data using based on the method for detecting abnormality of machine learning, extracts abnormal data;
Step 3:Syntactic analysis is carried out to abnormal data and characteristic pattern matches to obtain the behaviorist risk value of data;
Step 4:The data that the Activity recognition method of identity-based is submitted to each analysis module are analyzed, and are believed from value-at-risk Positioning dangerous behavior in breath, perceive threat situation;
Step 5:Multistage threat identity is established, the data threatened will be produced to system and carries out identity information extraction and is stored in body In part feature database, while identity characteristic storehouse judges to instruct to behavior.
2. the two-stage decision tree analysis of the abnormality detection and semantic analysis structure according to claim 1 based on machine learning Device, it is characterised in that:Based on optimization K-means daily record data distribution method, including but not limited to initial cluster heart system of selection With by dot density and cluster heart moment of the orign to cluster determined property method;Data on flows distribution method based on TCM-KNN, including ginseng Number secondary correction method and Singularity Degree selectivity computational methods;Abstract syntax tree value-at-risk is calculated by malice characteristic pattern.
3. Web attacks understand according to claim 1, it is characterised in that:Order injection abstract syntax tree is understood, bag Include and data are carried out with syntactic analysis extraction behavior sequence construction feature figure;Behavioural characteristic figure point and side risk weighted exposure calculating side Method.
4. the behavior judgment models of identity-based according to claim 1, it is characterised in that:Build malice identity characteristic Storehouse, advanced hacker is established, attempt attack user, the multiple risk class regulation threshold values of normal users;Using analysis result to threshold value Risk threshold value when identity information to analyzing again is modified and feedback regulation.
5. threat sensing module according to claim 1, it is characterised in that:Daily record data in Web application systems Data extraction is completed with data on flows first layer, entering row information by machine learning and semantic analysis refines, and passes through data fusion Carry out knowledge refinement obtains the threat situation of Web application systems.
CN201710551326.7A 2017-07-07 2017-07-07 A kind of Web based on semantic analysis threatens sensory perceptual system Pending CN107360152A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710551326.7A CN107360152A (en) 2017-07-07 2017-07-07 A kind of Web based on semantic analysis threatens sensory perceptual system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710551326.7A CN107360152A (en) 2017-07-07 2017-07-07 A kind of Web based on semantic analysis threatens sensory perceptual system

Publications (1)

Publication Number Publication Date
CN107360152A true CN107360152A (en) 2017-11-17

Family

ID=60292803

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710551326.7A Pending CN107360152A (en) 2017-07-07 2017-07-07 A kind of Web based on semantic analysis threatens sensory perceptual system

Country Status (1)

Country Link
CN (1) CN107360152A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108769079A (en) * 2018-07-09 2018-11-06 四川大学 A kind of Web Intrusion Detection Techniques based on machine learning
CN109257393A (en) * 2018-12-05 2019-01-22 四川长虹电器股份有限公司 XSS attack defence method and device based on machine learning
CN110460598A (en) * 2019-08-12 2019-11-15 西北工业大学深圳研究院 Network flow space-time migrates method for detecting abnormality
TWI688903B (en) * 2017-12-28 2020-03-21 香港商阿里巴巴集團服務有限公司 Social content risk identification method, device and equipment
CN111708681A (en) * 2020-06-15 2020-09-25 北京优特捷信息技术有限公司 Log processing method, device, equipment and storage medium
CN111950197A (en) * 2020-08-04 2020-11-17 珠海市鸿瑞信息技术股份有限公司 Distribution network attack and fault acquisition and analysis system based on artificial intelligence semantics
CN112532654A (en) * 2021-01-25 2021-03-19 黑龙江朝南科技有限责任公司 Abnormal behavior detection technology for Web attack discovery
CN112883372A (en) * 2019-11-29 2021-06-01 中国电信股份有限公司 Cross-site scripting attack detection method and device
CN113076543A (en) * 2021-03-22 2021-07-06 四川大学 Construction method for vulnerability exploitation knowledge base in social network
CN113536678A (en) * 2021-07-19 2021-10-22 中国人民解放军国防科技大学 XSS risk analysis method and device based on Bayesian network and STRIDE model
CN114547290A (en) * 2020-11-27 2022-05-27 四川大学 Attack technique extraction method based on condition co-occurrence degree
CN114726642A (en) * 2022-04-26 2022-07-08 东北电力大学 Quantification system based on network threat of power monitoring system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833270A (en) * 2012-09-18 2012-12-19 山石网科通信技术(北京)有限公司 Method and device for detecting SQL (structured query language) injection attacks and firewall with device
US20150326600A1 (en) * 2013-12-17 2015-11-12 George KARABATIS Flow-based system and method for detecting cyber-attacks utilizing contextual information
CN105141598A (en) * 2015-08-14 2015-12-09 中国传媒大学 APT (Advanced Persistent Threat) attack detection method and APT attack detection device based on malicious domain name detection
CN105491013A (en) * 2015-11-20 2016-04-13 电子科技大学 Multi-domain network security situation perception model and method based on SDN
US20160358268A1 (en) * 2013-03-06 2016-12-08 Kunal Verma Methods and systems for automatically detecting fraud and compliance issues in expense reports and invoices

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102833270A (en) * 2012-09-18 2012-12-19 山石网科通信技术(北京)有限公司 Method and device for detecting SQL (structured query language) injection attacks and firewall with device
US20160358268A1 (en) * 2013-03-06 2016-12-08 Kunal Verma Methods and systems for automatically detecting fraud and compliance issues in expense reports and invoices
US20150326600A1 (en) * 2013-12-17 2015-11-12 George KARABATIS Flow-based system and method for detecting cyber-attacks utilizing contextual information
CN105141598A (en) * 2015-08-14 2015-12-09 中国传媒大学 APT (Advanced Persistent Threat) attack detection method and APT attack detection device based on malicious domain name detection
CN105491013A (en) * 2015-11-20 2016-04-13 电子科技大学 Multi-domain network security situation perception model and method based on SDN

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
华辉有: "《一种融合Kmeans和KNN的网络入侵检测算法》", 《计算机科学》 *
易楠: "《基于 语义分析的Webshell检测技术研究》", 《信息安全研究》 *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11200381B2 (en) 2017-12-28 2021-12-14 Advanced New Technologies Co., Ltd. Social content risk identification
TWI688903B (en) * 2017-12-28 2020-03-21 香港商阿里巴巴集團服務有限公司 Social content risk identification method, device and equipment
CN108769079A (en) * 2018-07-09 2018-11-06 四川大学 A kind of Web Intrusion Detection Techniques based on machine learning
CN109257393A (en) * 2018-12-05 2019-01-22 四川长虹电器股份有限公司 XSS attack defence method and device based on machine learning
CN110460598B (en) * 2019-08-12 2021-08-17 西北工业大学深圳研究院 Network flow space-time migration abnormity detection method
CN110460598A (en) * 2019-08-12 2019-11-15 西北工业大学深圳研究院 Network flow space-time migrates method for detecting abnormality
CN112883372A (en) * 2019-11-29 2021-06-01 中国电信股份有限公司 Cross-site scripting attack detection method and device
CN112883372B (en) * 2019-11-29 2024-02-09 中国电信股份有限公司 Cross-site scripting attack detection method and device
CN111708681A (en) * 2020-06-15 2020-09-25 北京优特捷信息技术有限公司 Log processing method, device, equipment and storage medium
CN111950197A (en) * 2020-08-04 2020-11-17 珠海市鸿瑞信息技术股份有限公司 Distribution network attack and fault acquisition and analysis system based on artificial intelligence semantics
CN114547290A (en) * 2020-11-27 2022-05-27 四川大学 Attack technique extraction method based on condition co-occurrence degree
CN114547290B (en) * 2020-11-27 2023-07-18 四川大学 Attack skill extraction method based on conditional co-occurrence degree
CN112532654A (en) * 2021-01-25 2021-03-19 黑龙江朝南科技有限责任公司 Abnormal behavior detection technology for Web attack discovery
CN113076543A (en) * 2021-03-22 2021-07-06 四川大学 Construction method for vulnerability exploitation knowledge base in social network
CN113536678B (en) * 2021-07-19 2022-04-19 中国人民解放军国防科技大学 XSS risk analysis method and device based on Bayesian network and STRIDE model
CN113536678A (en) * 2021-07-19 2021-10-22 中国人民解放军国防科技大学 XSS risk analysis method and device based on Bayesian network and STRIDE model
CN114726642A (en) * 2022-04-26 2022-07-08 东北电力大学 Quantification system based on network threat of power monitoring system
CN114726642B (en) * 2022-04-26 2023-09-22 东北电力大学 Quantification system based on network threat of power monitoring system

Similar Documents

Publication Publication Date Title
CN107360152A (en) A kind of Web based on semantic analysis threatens sensory perceptual system
Gao et al. A distributed network intrusion detection system for distributed denial of service attacks in vehicular ad hoc network
Khan et al. HML-IDS: A hybrid-multilevel anomaly prediction approach for intrusion detection in SCADA systems
CN110233849B (en) Method and system for analyzing network security situation
Khan et al. Malicious insider attack detection in IoTs using data analytics
CN110245496A (en) A kind of source code leak detection method and detector and its training method and system
CN105471882A (en) Behavior characteristics-based network attack detection method and device
CN107992746A (en) Malicious act method for digging and device
CN104809069A (en) Source node loophole detection method based on integrated neural network
CN103577755A (en) Malicious script static detection method based on SVM (support vector machine)
Koshal et al. Cascading of C4. 5 decision tree and support vector machine for rule based intrusion detection system
CN117081858B (en) Intrusion behavior detection method, system, equipment and medium based on multi-decision tree
CN107895171A (en) A kind of intrusion detection method based on K averages Yu depth confidence network
Ahmad et al. Analysis of classification techniques for intrusion detection
CN110011990A (en) Intranet security threatens intelligent analysis method
CN107341371A (en) A kind of script control method suitable for web configurations
CN106603538A (en) Invasion detection method and system
D'hooge et al. In-depth comparative evaluation of supervised machine learning approaches for detection of cybersecurity threats
Neethu Adaptive intrusion detection using machine learning
Kumar et al. A semantic machine learning algorithm for cyber threat detection and monitoring security
Xu et al. [Retracted] DDoS Detection Using a Cloud‐Edge Collaboration Method Based on Entropy‐Measuring SOM and KD‐Tree in SDN
CN108040053A (en) A kind of network security threats analysis method and system based on DNS daily record datas
Celil et al. Detecting IoT botnet attacks using machine learning methods
Paramkusem et al. Classifying categories of SCADA attacks in a big data framework
Mahapatra et al. Self adaptive intrusion detection technique using data mining concept in an ad-hoc network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171117

RJ01 Rejection of invention patent application after publication