CN107786492A - Network security situation evaluating method based on integrated classifier - Google Patents

Network security situation evaluating method based on integrated classifier Download PDF

Info

Publication number
CN107786492A
CN107786492A CN201610719966.XA CN201610719966A CN107786492A CN 107786492 A CN107786492 A CN 107786492A CN 201610719966 A CN201610719966 A CN 201610719966A CN 107786492 A CN107786492 A CN 107786492A
Authority
CN
China
Prior art keywords
data
network
security situation
assessment
method based
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610719966.XA
Other languages
Chinese (zh)
Inventor
郭敏
曾颖明
姚金利
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Computer Technology and Applications
Original Assignee
Beijing Institute of Computer Technology and Applications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Computer Technology and Applications filed Critical Beijing Institute of Computer Technology and Applications
Priority to CN201610719966.XA priority Critical patent/CN107786492A/en
Publication of CN107786492A publication Critical patent/CN107786492A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2415Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on parametric or probabilistic models, e.g. based on likelihood ratio or false acceptance rate versus a false rejection rate
    • G06F18/24155Bayesian classification

Abstract

The invention discloses a kind of network security situation evaluating method based on integrated classifier, wherein, including:Gather networks security situation assessment data;Carry out data prediction and dimension is chosen;Data after data prediction and dimension are chosen carry out assessment classification according to ID3 graders;ID3 graders carry out assessing sorted result carries out assessment classification according to Naive Bayes Classifier;Weighted calculation networks security situation assessment fraction, the assessment classification to three channels of each network sample is weighted, to obtain the last security evaluation fraction of each network sample.Network security situation evaluating method of the invention based on integrated classifier, the effective safe early warning for improving network are horizontal.

Description

Network security situation evaluating method based on integrated classifier
Technical field
The invention belongs to technical field of network security, more particularly to a kind of network safety situation based on integrated classifier is commented Estimate method.
Background technology
With the fast development of Internet technology, various information security issues also occur in succession, and network security problem is increasingly Seriously.Networks security situation assessment technology can reflect security status on the whole, and the development trend of security situation is entered Row prediction and early warning, are Strengthens network security providing method, are the key links in network security system.In recent years, network is pacified Full Situation Assessment technology has turned into the study hotspot of domestic and international network safety filed, to improve the safe early warning of network level.
The content of the invention
It is an object of the invention to provide a kind of network security situation evaluating method based on integrated classifier, for solving Above-mentioned problem of the prior art.
A kind of network security situation evaluating method based on integrated classifier of the present invention, wherein, including:Gather network peace Full Situation Assessment data;Carry out data prediction and dimension is chosen;Data after data prediction and dimension are chosen are divided according to ID3 Class device carries out assessment classification;ID3 graders assess sorted result and according to Naive Bayes Classifier assess dividing Class;Weighted calculation networks security situation assessment fraction, the assessment classification to three channels of each network sample are weighted, with Obtain the last security evaluation fraction of each network sample.
According to the network security situation evaluating method based on integrated classifier an embodiment, wherein, dimension choose bag Include:Selected training set is designated as A, and data volume is n in A, chooses m component and carries out security evaluation, assessment number of dimensions is s=s1+s2+ s3, wherein S1For the number of dimensions of configuration data, S2For the number of dimensions of service data, S3To invade the number of dimensions of data;By network sample This collection A is divided into A1、A2、A3, wherein A1Configuration data collection is represented, there is s1Individual dimension, A2Service data collection is represented, there is s2Individual dimension Degree, A3Intrusion detection data are represented, there is s3Individual dimension, 3 channels are divided to carry out assessment classification safely component and network sample.
According to the network security situation evaluating method based on integrated classifier an embodiment, wherein, collection network peace Full Situation Assessment data by professional detecting system by being obtained.
According to the network security situation evaluating method based on integrated classifier an embodiment, wherein, carry out data it is pre- Processing includes:Outlier processing, Data Discretization and standardization, missing values processing and correlation processing.
According to the network security situation evaluating method based on integrated classifier an embodiment, wherein, carry out exceptional value Processing, including:By the descending arrangement of data, its upper quartile Q3 is calculated, median, lower quartile Q1, is further counted Calculate exceptional value boundary up and down:Q3+3IQR (interquartile-range IQR), A1-3IQR, the value beyond boundary are defined as extreme exceptional value;It is right In the exceptional value detected, handled using two methods of value revision and deletion data.
According to the network security situation evaluating method based on integrated classifier an embodiment, wherein, carry out data from Dispersion and standardization include:The first step:By the nonumeric type data of networks security situation assessment data by setting rule, turn It is changed to numerical value 1-10;Second step:Using attribute construction method, make all the dimension numerical value and network of networks security situation assessment data Security is proportionate, and is converted into numerical value 1-10.
According to the network security situation evaluating method based on integrated classifier an embodiment, wherein, carry out missing values Processing step includes:For the missing data of networks security situation assessment data, using data interpolation and two kinds of hands of data are deleted Section, processing method is selected according to the practical significance of missing values.
According to the network security situation evaluating method based on integrated classifier an embodiment, wherein, carry out correlation Processing is to carry out correlation processing by SPSS or Python.
According to the network security situation evaluating method based on integrated classifier an embodiment, wherein, data prediction Data after being chosen with dimension carry out assessment classification according to ID3 graders to be included:By network sample set A1、A2、A3Enter one by component Step division, obtains Ai,j, i=1,2,3;J=1,2 ..., m;Classification collection:B={ 1,2,3,4,5 }, practical significance corresponding to 1-5 For:Security is low, in it is low, in, it is middle high, high.
According to the network security situation evaluating method based on integrated classifier an embodiment, wherein, ID3 graders enter The sorted result of row assessment carries out assessment classification according to Naive Bayes Classifier to be included:The first step:Determine network sample set C ={ C1,C2,...,Cm, comprising m conditional attribute, i.e. m component, each element is designated as c, c=(c1,c2,...,cm);Second Step:Category set H={ 1,2,3,4,5 }, each element are designated as hk(1≤k≤5);3rd step:And if only if P (hk|c)>P(hj| C), 1≤k, j≤m, j ≠ k, by given network sample c=(c1,c2,...,cm) it is assigned to class hk, P is probable value;According to shellfish This theorem of leaf, hasBecause P (c) is constant for all classifications, therefore it need to only maximize P (hk)P(c|hk), have againWherein,nkIt is class hkIn training sample The instance number of concentration, n are training sample sums;P(ci|hk)=nki/nk, nkiIt is attribute ciOn be categorized as hkNetwork sample number Amount.
To sum up, a kind of network security situation evaluating method based on integrated classifier of the invention, with reference to ID3 decision trees point Class device and Naive Bayes Classifier establish model, carry out double classification to the network sample hardware data collected, finally lead to Cross weighted calculation and obtain safety situation evaluation value, the effective safe early warning for improving network is horizontal.
Brief description of the drawings
Fig. 1 show 3 kinds of channel various dimensions networks security situation assessment data structure diagrams of a component;
Fig. 2 a- Fig. 2 c show grader f process charts;
Fig. 3 a- Fig. 3 c show grader g process chart.
Embodiment
To make the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to the present invention's Embodiment is described in further detail.
A kind of network security situation evaluating method based on integrated classifier of the present invention, with reference to ID3 decision tree classifiers Model is established with Naive Bayes Classifier, double classification is carried out to the network sample hardware data that collects, finally by adding Safety situation evaluation value is calculated in power.
A kind of network security situation evaluating method based on integrated classifier of the present invention includes:Gather network safety situation Assessment packet includes:Fig. 1 show 3 kinds of channel various dimensions networks security situation assessment data structure diagrams of a component, such as Fig. 1 institutes Show the various nets such as substantial amounts of main frame, server, router, fire wall and intruding detection system in computer network architecture be present Network hardware, referred to as component.Networks security situation assessment data are mainly derived from 3 kinds of channels:Configuration information, operation information, invasion Information.Networks security situation assessment data are obtained by the inspection software on each networking component, wherein, invade information It can be obtained by Snort intruding detection systems, 360 safety detecting systems etc..
Carry out data prediction and dimension is chosen:
Basic data:Training network sample set A0, A0Include multiple samples (i.e. multiple networks), network sample set A0In it is every Data includes m0Individual module information, each module information include 3 kinds of common s of channel again0Individual dimension data.
Data prediction:Different dimensions data sense is different;Naive Bayes Classifier is insensitive to missing values, and requires Between dimension independently of each other;Exceptional value in initial data be present.Therefore, it is necessary to be pre-processed to initial data, i.e., data are clear Wash.
(1) outlier processing is carried out, including:
All dimension numerical value of networks security situation assessment data, factor data collection are in not necessarily normal distribution, and we use Simple and effective box traction substation method verifies exceptional value.Box traction substation principle:By the descending arrangement of data, its upper quartile is calculated Q3, median, lower quartile Q1, further calculate exceptional value boundary up and down:Q3+3IQR (interquartile-range IQR), A1-3IQR, Value beyond boundary is defined as extreme exceptional value.
For the exceptional value detected, according to the practical significance of exceptional value, using value revision and delete at two kinds of data Reason method.Value revision method is similar with following data interpolatings.
(2) Data Discretization and standardization are carried out:
The discrete normalized target to be reached is:It is 1-10 by the processing of all data normalizations, wherein, the bigger table of numerical value Show that the dimension security of the component is higher.
Discrete normalized step includes:
The first step:By the nonumeric type data of networks security situation assessment data by setting rule, numerical value 1-10 is converted to.
Second step:Using attribute construction method, make all dimension numerical value and network security of networks security situation assessment data Property is proportionate, and is converted into numerical value 1-10.
(3) missing values processing step includes:
For the missing data of networks security situation assessment data, mainly (inserted using data interpolation according to certain rule Enter numerical value 1-10) and two kinds of means of data are deleted, processing method is selected according to the practical significance of missing values.Interpolation method can be used and drawn Ge Lang interpolation methods etc..
(4) correlation processing includes:
It is the set of the homogeneous data of multiple network samples in one dimension, when two dimensions for having correlation are classified It is also easy to produce redundancy.The coefficient correlation of any two dimension is calculated, for two stronger dimensions of correlation, an influence can be rejected Little dimension.Correlation calculations can utilize coefficient correlation calculation formula, can also use SPSS, Python etc. directly to calculate.
Carry out data prediction and dimension is chosen, finally selected training set is designated as A, and data volume is n in A, chooses m component Security evaluation is carried out, assessment number of dimensions is s=s1+s2+s3, wherein s1、s2、s3The respectively number of dimensions of configuration data, operation number According to number of dimensions, invade data number of dimensions.
Network sample set A is divided into A1、A2、A3, wherein A1Configuration data collection is represented, there is s1Individual dimension, A2Represent operation Data set, there is s2Individual dimension, A3Intrusion detection data are represented, there is s3Individual dimension.Divide 3 channels safely to component and network sample Assessment classification is carried out, in order to finally weight to obtain final networks security situation assessment fraction to three parts assessment result.With A1 Exemplified by, data mode is as follows:
A1=(a1,a2,...,an), aiIt is m × s1Matrix;
Represent the numerical value of each dimension of a component of some network sample Set, includes s1Individual dimensional information, by taking the firewall configuration information of some network sample as an example,
Fig. 2 a- Fig. 2 c show grader f process charts, as shown in Fig. 2 a- Fig. 2 c, including:
Grader f, the pretreated data of the first step are subjected to assessment classification according to ID3 graders;To obtain each group The assessment classification of 3 channels of part;
Target:Safety evaluation is carried out to each component of each network sample.
Component sample set:By network sample set A1、A2、A3Further divided by component, obtain Ai,j, i=1,2,3;J=1, 2,…,m.
Classification collection:B={ 1,2,3,4,5 }, practical significance corresponding to 1-5 are:Security is low, in it is low, in, it is middle high, high.
The collection of classification collection obtains its recommendation typically by specific software such as 360 protection capacity of safety protection software etc. in training set, Numerical value 1-5 is converted into by discrete normalized method above again.
Fig. 3 a- Fig. 3 c show grader g process chart, as shown in Fig. 3 a- Fig. 3 c, the first step is pretreated Data carry out assessment classification according to grader g;To obtain the assessment of three channels of each network sample classification;
Network sample set:The classification results of first grader are regarded as to the network sample set of this grader:In order to make it easy to understand, under State it is bright in, we are unified to be designated as C={ C by three network sample sets1,C2,...,Cm}。
Naive Bayes Classifier flow is:
The first step:Determine network sample set C={ C1,C2,...,Cm, comprising m conditional attribute, i.e. m component, each Element is designated as c, c=(c1,c2,...,cm)。
Second step:Category set H={ 1,2,3,4,5 }, each element are designated as hk(1≤k≤5)。
3rd step:And if only if P (hk|c)>P(hj| c), 1≤k, j≤m, j ≠ k, by given network sample c=(c1, c2,...,cm) it is assigned to class hk, P is probable value.
According to Bayes' theorem, haveBecause P (c) is constant for all classifications, Therefore it need to only maximize P (hk)P(c|hk), have again
Wherein
nkIt is class hkIn the instance number that training sample is concentrated, n is training sample sum.
P(ci|hk)=nki/nk, nkiIt is attribute ciOn be categorized as hkNetwork sample size.
Training network sample data can be obtained by 360 protection capacity of safety protection software and grader f classification results.
Assessment classification is carried out to component and network 3 channels of sample point:The present invention builds together vertical two graders, wherein, f is Decision tree ID3 graders, assessment classification is carried out to each component safety of each network sample;G is Naive Bayes Classifier, net Network sample set is the classification collection of f graders, and assessment classification is carried out safely to the overall network of each network sample.
(3) weighted calculation networks security situation assessment fraction, the assessment to three channels of each network sample classify into Row weighting, to obtain the last security evaluation fraction of each network sample.
By double classification above, each network sample ai3 assessed values are obtained, are designated asNow by three dimensions Degree is weighted, and generates final valuation functions e, network sample aiNetworks security situation assessment fraction be designated as Si(0≤Si≤ 100):
Empirically determined weight parameter, it is 0.4 temporarily to take service data weights, and configuration and invasion data weights are 0.3, i.e., Finally valuation functions are:
A kind of network security situation evaluating method based on integrated classifier of the present invention.With reference to ID3 decision tree classifiers Model is established with Naive Bayes Classifier, double classification is carried out to the network sample hardware data that collects, finally by adding Safety situation evaluation value is calculated in power.The effective safe early warning for improving network is horizontal.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, without departing from the technical principles of the invention, some improvement and deformation can also be made, these are improved and deformation Also it should be regarded as protection scope of the present invention.

Claims (10)

  1. A kind of 1. network security situation evaluating method based on integrated classifier, it is characterised in that including:
    Gather networks security situation assessment data;
    Carry out data prediction and dimension is chosen;
    Data after data prediction and dimension are chosen carry out assessment classification according to ID3 graders;
    ID3 graders carry out assessing sorted result carries out assessment classification according to Naive Bayes Classifier;
    Weighted calculation networks security situation assessment fraction, the assessment classification to three channels of each network sample are weighted, To obtain the last security evaluation fraction of each network sample.
  2. 2. the network security situation evaluating method based on integrated classifier as claimed in claim 1, it is characterised in that dimension is selected Take including:
    Selected training set is designated as A, and data volume is n in A, chooses m component and carries out security evaluation, assessment number of dimensions is s=s1+s2+ s3, wherein S1For the number of dimensions of configuration data, S2For the number of dimensions of service data, S3To invade the number of dimensions of data;
    Network sample set A is divided into A1、A2、A3, wherein A1Configuration data collection is represented, there is s1Individual dimension, A2Represent service data Collection, there is s2Individual dimension, A3Intrusion detection data are represented, there is s3Individual dimension, to component and point 3 channels progress safely of network sample Assess classification.
  3. 3. the network security situation evaluating method based on integrated classifier as claimed in claim 1, it is characterised in that collection net Network safety situation evaluation data by professional detecting system by being obtained.
  4. 4. the network security situation evaluating method based on integrated classifier as claimed in claim 1, it is characterised in that enter line number Data preprocess includes:Outlier processing, Data Discretization and standardization, missing values processing and correlation processing.
  5. 5. the network security situation evaluating method based on integrated classifier as claimed in claim 4, it is characterised in that carry out different Constant value processing, including:
    By the descending arrangement of data, its upper quartile Q3 is calculated, median, lower quartile Q1, is further calculated abnormal Boundary above and below value:Q3+3IQR (interquartile-range IQR), A1-3IQR, the value beyond boundary are defined as extreme exceptional value;
    For the exceptional value detected, handled using two methods of value revision and deletion data.
  6. 6. the network security situation evaluating method based on integrated classifier as claimed in claim 4, it is characterised in that enter line number Include according to discretization and standardization:
    The first step:By the nonumeric type data of networks security situation assessment data by setting rule, numerical value 1-10 is converted to;
    Second step:Using attribute construction method, all dimension numerical value for making networks security situation assessment data are in internet security Positive correlation, it is converted into numerical value 1-10.
  7. 7. the network security situation evaluating method based on integrated classifier as claimed in claim 4, it is characterised in that lacked Mistake value processing step includes:
    For the missing data of networks security situation assessment data, using data interpolation and two kinds of means of data are deleted, according to scarce The practical significance selection processing method of mistake value.
  8. 8. the network security situation evaluating method based on integrated classifier as claimed in claim 4, it is characterised in that carry out phase The processing of closing property is to carry out correlation processing by SPSS or Python.
  9. 9. the network security situation evaluating method based on integrated classifier as claimed in claim 1, it is characterised in that data are pre- Data after processing and dimension selection carry out assessment classification according to ID3 graders to be included:By network sample set A1、A2、A3By component Further division, obtains Ai,j, i=1,2,3;J=1,2 ..., m;
    Classification collection:B={ 1,2,3,4,5 }, practical significance corresponding to 1-5 are:Security is low, in it is low, in, it is middle high, high.
  10. 10. the network security situation evaluating method based on integrated classifier as claimed in claim 1, it is characterised in that ID3 points Class device, which assess sorted result and carries out assessing classification according to Naive Bayes Classifier, to be included:
    The first step:Determine network sample set C={ C1,C2,...,Cm, include m conditional attribute, i.e. m component, each element It is designated as c, c=(c1,c2,...,cm);
    Second step:Category set H={ 1,2,3,4,5 }, each element are designated as hk(1≤k≤5);
    3rd step:And if only if P (hk| c) > P (hj| c), 1≤k, j≤m, j ≠ k, by given network sample c=(c1, c2,...,cm) it is assigned to class hk, P is probable value;
    According to Bayes' theorem, haveBecause P (c) is constant for all classifications, therefore only P (h need to be maximizedk)P(c|hk), have again
    Wherein,
    nkIt is class hkIn the instance number that training sample is concentrated, n is training sample sum;
    P(ci|hk)=nki/nk, nkiIt is attribute ciOn be categorized as hkNetwork sample size.
CN201610719966.XA 2016-08-24 2016-08-24 Network security situation evaluating method based on integrated classifier Pending CN107786492A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610719966.XA CN107786492A (en) 2016-08-24 2016-08-24 Network security situation evaluating method based on integrated classifier

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610719966.XA CN107786492A (en) 2016-08-24 2016-08-24 Network security situation evaluating method based on integrated classifier

Publications (1)

Publication Number Publication Date
CN107786492A true CN107786492A (en) 2018-03-09

Family

ID=61388541

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610719966.XA Pending CN107786492A (en) 2016-08-24 2016-08-24 Network security situation evaluating method based on integrated classifier

Country Status (1)

Country Link
CN (1) CN107786492A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108632081A (en) * 2018-03-26 2018-10-09 中国科学院计算机网络信息中心 Network Situation appraisal procedure, device and storage medium
CN109005173A (en) * 2018-08-02 2018-12-14 北京航空航天大学 A kind of car networking abnormal intrusion detection method based on traffic flow density variation
CN111968268A (en) * 2020-06-29 2020-11-20 南斗六星系统集成有限公司 New energy vehicle health condition remote evaluation method and system
CN114598486A (en) * 2020-12-03 2022-06-07 华中科技大学 Service flow-oriented threat level classification method and system in SDN (software defined network)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015091225A1 (en) * 2013-12-16 2015-06-25 Philip Morris Products S.A. Systems and methods for predicting a smoking status of an individual
EP3002686A1 (en) * 2014-09-30 2016-04-06 Accenture Global Services Limited Language identification

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015091225A1 (en) * 2013-12-16 2015-06-25 Philip Morris Products S.A. Systems and methods for predicting a smoking status of an individual
EP3002686A1 (en) * 2014-09-30 2016-04-06 Accenture Global Services Limited Language identification

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
姚沛津: ""基于朴素贝叶斯的集成算法研究"", 《中国优秀硕士学位论文全文数据库》 *
文志诚等: ""基于朴素贝叶斯分类器的网络安全态势评估方法"", 《计算机应用》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108632081A (en) * 2018-03-26 2018-10-09 中国科学院计算机网络信息中心 Network Situation appraisal procedure, device and storage medium
CN108632081B (en) * 2018-03-26 2021-10-08 中国科学院计算机网络信息中心 Network situation evaluation method, device and storage medium
CN109005173A (en) * 2018-08-02 2018-12-14 北京航空航天大学 A kind of car networking abnormal intrusion detection method based on traffic flow density variation
CN109005173B (en) * 2018-08-02 2020-08-07 北京航空航天大学 Vehicle networking abnormal intrusion detection method based on traffic flow density difference
CN111968268A (en) * 2020-06-29 2020-11-20 南斗六星系统集成有限公司 New energy vehicle health condition remote evaluation method and system
CN114598486A (en) * 2020-12-03 2022-06-07 华中科技大学 Service flow-oriented threat level classification method and system in SDN (software defined network)
CN114598486B (en) * 2020-12-03 2023-04-07 华中科技大学 Service flow-oriented threat level classification method and system in SDN (software defined network)

Similar Documents

Publication Publication Date Title
CN106570144B (en) The method and apparatus of recommendation information
CN108566364B (en) Intrusion detection method based on neural network
Kanimozhi et al. UNSW-NB15 dataset feature selection and network intrusion detection using deep learning
CN107786492A (en) Network security situation evaluating method based on integrated classifier
CN103593609B (en) Trustworthy behavior recognition method and device
TW200849917A (en) Detecting method of network invasion
CN108833139B (en) OSSEC alarm data aggregation method based on category attribute division
CN102420723A (en) Anomaly detection method for various kinds of intrusion
CN103095728A (en) Network security marking system based on behavioral data fusion and method
CN103929330A (en) Domain name service quality evaluation method and system
KR20200057903A (en) Artificial intelligence model platform and operation method thereof
CN107590196A (en) Earthquake emergency information screening and evaluating system and system in a kind of social networks
CN106803039B (en) A kind of homologous determination method and device of malicious file
CN112488716B (en) Abnormal event detection system
CN112511351B (en) Security situation prediction method and system based on MES identification data intercommunication system
US20220277174A1 (en) Evaluation method, non-transitory computer-readable storage medium, and information processing device
CN109889436A (en) A kind of discovery method of spammer in social networks
CN107273752A (en) Leak automatic classification method based on word frequency statisticses and naive Bayesian Fusion Model
CN109766441A (en) File classification method, apparatus and system
CN106096413A (en) A kind of malicious code detecting method based on multi-feature fusion and system
Hamid et al. Profiling phishing email based on clustering approach
CN108809989A (en) A kind of detection method and device of Botnet
CN110580570B (en) Law enforcement analysis method, device and medium
Kaiser et al. Attack hypotheses generation based on threat intelligence knowledge graph
Silva et al. Attackers are not stealthy: Statistical analysis of the well-known and infamous KDD network security dataset

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180309

RJ01 Rejection of invention patent application after publication