CN108512841A - A kind of intelligent system of defense and defence method based on machine learning - Google Patents
A kind of intelligent system of defense and defence method based on machine learning Download PDFInfo
- Publication number
- CN108512841A CN108512841A CN201810246950.0A CN201810246950A CN108512841A CN 108512841 A CN108512841 A CN 108512841A CN 201810246950 A CN201810246950 A CN 201810246950A CN 108512841 A CN108512841 A CN 108512841A
- Authority
- CN
- China
- Prior art keywords
- line
- request
- machine learning
- module
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of intelligent system of defense and defence method based on machine learning, the system includes unit and line lower unit on database, line, unit is made of malicious requests processing module on real time information collection module on line, line on line, and line lower unit is by collecting message processing module, machine learning module composition under line;Real time information collection module can monitor the request received in real time on line;It collects message processing module under line to be respectively processed the request listened to, and data are input on learning model by treated;Machine learning module can learn request data in learning model, establish normal request feature database, exception request feature database and exception response library respectively;Malicious requests processing module is identified Real time request on line according to the solicited message for including in each library and intercepts malicious requests on line.Technical scheme of the present invention can solve the problems, such as the protection of the intruding detection system of traditional approach deployment not in time and WAF systemic defence rules are unable to all standing.
Description
Technical field
The present invention relates to computer software information technology field, more particularly to a kind of intelligence defence system based on machine learning
System and defence method.
Background technology
Network, computer hardware technique gradually it is ripe instantly, our life, production all tend to networking,
Intelligence, this be science and technology to our convenient place brought, but also simultaneously caused a series of safety problem, at each
Under the impact of painful security incident, safety problem is increasingly come by enterprise, and national attention, a series of safety is soft therewith
Part is also constantly being born and is tending to ripe, however these security softwares all will be regular dependent on powerful vulnerability database or defence,
Vulnerability database and defence rule are required for manually going to add and customizing, and the manpower and the consumption of time generated in a stage is undoubtedly huge
Big.
And now more and more network attack persons are then to initiate network attack by automatic technology, but it is under attack
Enterprise or tissue but still summarizing internal security problem using manpower, compared in conjunction with outside threat information.It is this
The intruding detection system of traditional approach deployment generally requires to spend the time of several weeks or even some months to repair, however is just pacifying
In this period that full personnel repair, attacker can still utilize loophole invasive system, rob data wantonly.
Some enterprises relevant WAF systems of defense in order to which enterprise security deploys, WAF systems of defense to a certain extent can be with
The security risk of enterprise is substantially reduced, but WAF systems of defense can not prevent control unknown risks, and if WAF defence rules
It not enough tightly can still be broken, while its regular collection based on previous knowledge is still difficult to cope with 0day attacks.
Invention content
It is insufficient in above-mentioned background technology the purpose of the present invention is overcoming, a kind of intelligence defence system based on machine learning is provided
System and defence method effectively to solve the protection of the intruding detection system of traditional approach deployment not in time and WAF systemic defences
Rule be unable to all standing or it is not rigorous the problems such as.
In order to reach above-mentioned technique effect, the present invention takes following technical scheme:
A kind of intelligent system of defense based on machine learning, including unit and line lower unit on database, line, on the line
Unit is made of malicious requests processing module on real time information collection module on line, line, and line lower unit is by collecting information under line
Manage module, machine learning module composition;Real time information collection module can monitor the request received in real time on the line, and
The request listened to is preserved in real time to database;Message processing module is collected under the line to collect mould to real time information on line
Block monitors the request being collected into and carries out information filtering, information categorization, information conversion processing respectively, and data input by treated
To the corresponding learning model for the study of machine learning module;The learning model includes white sample learning model, black sample
This learning model, exception response learning model;The machine learning module can learn white sample learning model, black sample respectively
Practise model, the request data in exception response learning model, then establish respectively normal request feature database, exception request feature database and
Exception response library;The normal request feature database, different that malicious requests processing module can be established according to machine learning module on the line
The solicited message for including in feature database and exception response library is often asked to be identified and intercept to Real time request on line, respond malice
Request;
It is mainly collected into row information by real time information collection module on line in the intelligent system of defense of the present invention, is received under line
Collection message processing module on line real time information collection module collect information be filtered, classify conversion etc. processing, then will locate
Data transmission after reason to machine learning module so that machine learning module is learnt and analyzes storage, finally again by being disliked on line
Meaning request processing module applies the learning outcome of machine learning module and is finally reached the effect of defence.
Meanwhile the invention also discloses a kind of using above-mentioned that the intelligent system of defense based on machine learning is on the defensive
Method specifically comprises the steps of:
S1. real time information collection module implements Real time request monitoring to goal systems on line, collects and preserves and listens to
In solicited message to database;
S2. message processing module being collected under line, information filtering, information categorization, information are carried out to the solicited message in database
Conversion processing, then data are input on the relevant learning model of machine learning module by treated, wherein the study mould
Type is comprising in white sample learning model, black sample learning model, exception response learning model;
S3. machine learning module carries out in white sample learning model, black sample learning model, exception response learning model
Training learns and generates normal request feature database, exception request feature database and exception response library;
S4. normal request feature database and exception response of the malicious requests processing module using the generation of machine learning module on line
Library is identified and handles to the Real time request of goal systems, is finally completed defence.
Further, message processing module being collected under the step S2 center lines, letter is carried out to the solicited message in database
When ceasing filtration treatment, mainly comprise the steps of:
S201. message processing module is collected under line first to ask the solicited message in database by normal request information and malice
Information is asked to classify;
S202. message processing module is collected under line refilters invalid, repetition in normal request information and malicious requests information
Information.
Further, collected under the step S201 center lines message processing module to solicited message by normal request information and
When malicious requests information is classified, criteria for classification can be according to malicious requests on existing WAF systemic defences rule and/or line
Processing module intercepts the result of record.
Further, message processing module being collected under the step S2 center lines, letter is carried out to the solicited message in database
When breath sorts out processing, mainly comprise the steps of:
S211. first the solicited message from different business systems is sorted out by the difference of operation system;
S212. again to sorting out from same operation system but the different solicited message of request method;
S213. solicited messages finally different to the business from same operation system but request is sorted out.
Further, message processing module being collected under the step S2 center lines, letter is carried out to the solicited message in database
When ceasing conversion processing, predominantly converting the solicited message handled through information filtering to machine learning module can identify and handle
Data.
Further, the step S3 is specially:
S31. primary learning is carried out to the data of a large amount of normal request information, and extracts the data characteristics of normal request, built
Vertical normal request feature database;
S32. the daily record of the solicited message or goal systems to being collected by unit on line is carried out reinforcing study and be updated just
Often request feature database;
S33. collected to unit on the line or existing exception request data of goal systems are learnt, are predicted, are expanded, and
It establishes and update abnormal asks feature database;
S34. exception request feature database is utilized, exception request response model is established, and be trained study, further according to exception
Request response model establishes exception response library.
Further, the normal request information in the step S31 includes the request of the network delay under non-malicious request
Solicited message in the case of information and server-side response delay.
Further, the data characteristics for the normal request extracted in the step S31 includes between access frequency, access time
Every, access order, required parameter character distribution, parameter value value length, parameter missing, wherein the access frequency includes single
The access frequency of IP and total access frequency.
Further, the intelligent system of defense is based in WAF systems, and real time information collection module is portion on the line
Administration is in WAF systems, and various ways may be used in the deployment way of system, and real time information collection module can be deployed on line
In WAF systems, directly goal systems can also be asked to monitor in real time,
How both modes are selected, can be depending on actual demand situation, the request being deployed in WAF systems is relatively dry
It is net, it is suitable for the collection of white sample information, directly goal systems is asked to monitor the collection for being then suitble to black sample data in real time,
And system itself combines exception processing module, malicious requests processing module then can be directly to goal systems real-time protection on line
It monitors.
Compared with prior art, the present invention having advantageous effect below:
The technical solution adopted by the present invention can effectively solve the protection of the intruding detection system of traditional approach deployment not in time
And WAF systemic defence rules be unable to all standing or it is not rigorous the problems such as, network is detected and safeguarded by using machine learning
The safety of application, in machine learning by it is reliable, stablize training data based on, then with targetedly learning model carry out
Study and analysis data, and combine machine learning using the characteristic value of a large amount of normal request of data as training set, then with study
As a result reference library come intercept malicious requests with achieve the effect that intelligence defend and predict unknown result.
Description of the drawings
Fig. 1 is the execution flow chart of each module of intelligent system of defense based on machine learning of the present invention.
Specific implementation mode
With reference to the embodiment of the present invention, the invention will be further elaborated.
Embodiment:
Embodiment one:
As shown in Figure 1, a kind of intelligent system of defense based on machine learning, including unit and line place an order on database, line
Member, unit is made of malicious requests processing module on real time information collection module on line, line on line, and line lower unit under line by collecting
Message processing module, machine learning module composition.
Wherein, the deployment way of intelligent system of defense may be used various ways, and real time information collection module can be on line
It is deployed in WAF systems, directly goal systems can also be asked to monitor in real time,
How both modes are selected, can be depending on actual demand situation, the request being deployed in WAF systems is relatively dry
It is net, it is suitable for the collection of white sample information, directly goal systems is asked to monitor the collection for being then suitble to black sample data in real time,
And system itself combines exception processing module, malicious requests processing module then can be directly to goal systems real-time protection on line
It monitors.It is directly to ask to monitor in real time to goal systems in the present embodiment.
Real time information collection module can monitor the request received in real time on line, and the request listened to is protected in real time
It deposits to database;Collected under line message processing module real time information collection module on line can be monitored the request that is collected into respectively into
Row information filtering, information categorization, information conversion processing, and data are input to accordingly for machine learning module by treated
On the learning model of study.
Learning model includes white sample learning model, black sample learning model, exception response learning model,
Machine learning module can learn white sample learning model, black sample learning model, exception response learning model respectively
Interior request data, then normal request feature database, exception request feature database and exception response library are established respectively;Malicious requests on line
Normal request feature database, exception request feature database and the exception response Ku Neibao that processing module can be established according to machine learning module
The solicited message contained is identified Real time request on line and intercepts, responds malicious requests.
Wherein, white sample learning model needle is modeled to a large amount of normal request, and by including access frequency
(access frequency of single IP, total access frequency), access time interval, access order, the distribution of required parameter character, parameter value
The features such as value length, parameter missing carry out statistics and Probability analysis, the correlated characteristic domain of normal request are obtained, with white name
Single mode identifies judgement exception request, to reach protection effect,
Black sample learning model is to carry out modeling analysis to exception request, predict to derive other more exception requests
Feature, to generate corresponding defence rule and to be applied to existing WAF systems.Exception response learning model is then mainly to black
The result of sample learning model carries out the corresponding abnormal processing of further training study generation and (directly intercepts, anomaly parameter
The responsive measures such as filtering).
It is mainly collected into row information by real time information collection module on line in the intelligent system of defense of the present invention, is received under line
Collection message processing module on line real time information collection module collect information be filtered, classify conversion etc. processing, then will locate
Data transmission after reason to machine learning module so that machine learning module is learnt and analyzes storage, finally again by being disliked on line
Meaning request processing module applies the learning outcome of machine learning module and is finally reached the effect of defence.
Wherein, information, which is collected, needs acquisition in real time, so needing to run simultaneously with goal systems, since machine learning is extracted
Characteristic value needs a large amount of training data as support, thus information processing can only online under come as machine learning engine data
Source, and machine learning engine then need a large amount of time execute corresponding learning model, extraction characteristic value, prediction result etc., when
Machine learning engine study has handled out relevant result data, then is identified by malicious requests processing module and processing target
The Real time request of system, so malicious requests processing module is also to need to run with target service system synchronization.
It is specifically comprised the steps of when also the intelligent system of defense based on machine learning is on the defensive:
S1. real time information collection module implements Real time request monitoring to goal systems on line, collects and preserves and listens to
In solicited message to database;In case the training set as machine learning.
S2. message processing module being collected under line, information filtering, information categorization, information are carried out to the solicited message in database
Conversion processing, then data are input on the relevant learning model of machine learning module by treated, wherein learning model packet
Containing in white sample learning model, black sample learning model, exception response learning model.
Specifically, information filtering is divided into two steps:
S201. message processing module is collected under line first to ask the solicited message in database by normal request information and malice
Information is asked to classify;(it can refer to the knot that record is intercepted in malicious requests in existing WAF systemic defences rule and line when classification
Fruit)
S202. message processing module is collected under line refilters invalid, repetition in normal request information and malicious requests information
Information.
First the solicited message from different business systems is sorted out by the difference of operation system when information categorization;It is right again
Sorted out from same operation system but the different solicited message of request method;Finally to coming from same operation system but request
The different solicited message of business sorted out.
Information conversion processing, which predominantly converts the solicited message handled through information filtering to machine learning module, to be known
Other and processing data.
S3. machine learning module carries out in white sample learning model, black sample learning model, exception response learning model
Training learns and generates normal request feature database, exception request feature database and exception response library;
Specifically machine learning module first to a large amount of normal request of data (including the network delay under non-malicious request,
The requests in special circumstances such as server-side response delay) carry out primary learning, and extract feature, including access frequency (single IP's
Access frequency, total access frequency), access time interval, access order, the distribution of required parameter character, parameter value value length,
Parameter lacks, and establishes normal request feature database;
Then machine learning module carries out reinforcement study to the information or goal systems daily record collected by unit on line, and
Update individual features libraries, then to the exception request data set of collection or existing (WAF systems) by machine learning model into
Row study, is expanded at prediction, and establishes update abnormal request feature database.
S4. normal request feature database and exception response of the malicious requests processing module using the generation of machine learning module on line
Library is identified and handles to the Real time request of goal systems, is finally completed defence.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary implementation that uses
Mode, however the present invention is not limited thereto.For those skilled in the art, in the essence for not departing from the present invention
In the case of refreshing and essence, various changes and modifications can be made therein, these variations and modifications are also considered as protection scope of the present invention.
Claims (10)
1. a kind of intelligent system of defense based on machine learning, which is characterized in that place an order comprising unit on database, line and line
Member, unit is made of malicious requests processing module on real time information collection module on line, line on the line, and line lower unit is by under line
Collect message processing module, machine learning module composition;
Real time information collection module can monitor the request received in real time on the line, and the request listened to is protected in real time
It deposits to database;
Message processing module is collected under the line to carry out the request that the monitoring of real time information collection module is collected on line respectively
Information filtering, information categorization, information conversion processing, and data are input to accordingly for machine learning module by treated
On the learning model of habit;The learning model includes white sample learning model, black sample learning model, exception response study mould
Type;
The machine learning module can learn white sample learning model, black sample learning model, exception response learning model respectively
Interior request data, then normal request feature database, exception request feature database and exception response library are established respectively;
Malicious requests processing module can be special according to the normal request feature database, exception request that machine learning module is established on the line
The solicited message for including in sign library and exception response library is identified Real time request on line and intercepts, responds malicious requests.
2. the method being on the defensive using the intelligent system of defense described in claim 1 based on machine learning, which is characterized in that
Specifically comprise the steps of:
S1. real time information collection module implements Real time request monitoring to goal systems on line, collects and preserves the request listened to
In information to database;
S2. message processing module is collected under line, and information filtering, information categorization, information conversion are carried out to the solicited message in database
Processing, then data are input on the relevant learning model of machine learning module by treated, wherein the learning model packet
Containing in white sample learning model, black sample learning model, exception response learning model;
S3. machine learning module is instructed in white sample learning model, black sample learning model, exception response learning model
Practice, learn and generate normal request feature database, exception request feature database and exception response library;
S4. normal request feature database and exception response library pair of the malicious requests processing module using the generation of machine learning module on line
The Real time request of goal systems is identified and handles, and is finally completed defence.
3. the method that the intelligent system of defense according to claim 2 based on machine learning is on the defensive, which is characterized in that
When collection message processing module carries out information filtering processing to the solicited message in database under the step S2 center lines, mainly
It comprises the steps of:
S201. message processing module is collected under line first to believe the solicited message in database by normal request information and malicious requests
Breath is classified;
S202. message processing module is collected under line refilters invalid, repetition letter in normal request information and malicious requests information
Breath.
4. the method that the intelligent system of defense according to claim 3 based on machine learning is on the defensive, which is characterized in that
Message processing module is collected under the step S201 center lines to carry out solicited message by normal request information and malicious requests information
When classification, criteria for classification can intercept record according to malicious requests processing module on existing WAF systemic defences rule and/or line
Result.
5. the method that the intelligent system of defense according to claim 2 based on machine learning is on the defensive, which is characterized in that
When collection message processing module carries out information categorization processing to the solicited message in database under the step S2 center lines, mainly
It comprises the steps of:
S211. first the solicited message from different business systems is sorted out by the difference of operation system;
S212. again to sorting out from same operation system but the different solicited message of request method;
S213. solicited messages finally different to the business from same operation system but request is sorted out.
6. the method that the intelligent system of defense according to claim 2 based on machine learning is on the defensive, which is characterized in that
Under the step S2 center lines collect message processing module to the solicited message in database into row information conversion processing when, mainly
To convert the solicited message handled through information filtering to the data that machine learning module can be identified and be handled.
7. the method that the intelligent system of defense according to claim 2 based on machine learning is on the defensive, which is characterized in that
The step S3 is specially:
S31. primary learning is carried out to the data of a large amount of normal request information, and extracts the data characteristics of normal request, established just
Often request feature database;
S32. the daily record of the solicited message or goal systems to being collected by unit on line carries out reinforcing study and update normally to ask
Seek feature database;
S33. collected to unit on the line or existing exception request data of goal systems are learnt, are predicted, are expanded, and are established
And update abnormal asks feature database;
S34. exception request feature database is utilized, exception request response model is established, and be trained study, further according to exception request
Response model establishes exception response library.
8. the method that the intelligent system of defense according to claim 7 based on machine learning is on the defensive, which is characterized in that
Normal request information in the step S31 includes that the solicited message of the network delay under non-malicious request and server-side response are prolonged
When in the case of solicited message.
9. the method that the intelligent system of defense according to claim 7 based on machine learning is on the defensive, which is characterized in that
The data characteristics for the normal request extracted in the step S31 includes access frequency, access time interval, access order, request
The distribution of parameter character, parameter value value length, parameter missing, wherein the access frequency includes the access frequency of single IP and total
Access frequency.
10. according to the method that any intelligent system of defense based on machine learning is on the defensive in claim 2 to 9,
It is characterized in that, the intelligence system of defense is based in WAF systems, real time information collection module is to be deployed on the line
In WAF systems.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810246950.0A CN108512841B (en) | 2018-03-23 | 2018-03-23 | Intelligent defense system and method based on machine learning |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810246950.0A CN108512841B (en) | 2018-03-23 | 2018-03-23 | Intelligent defense system and method based on machine learning |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108512841A true CN108512841A (en) | 2018-09-07 |
| CN108512841B CN108512841B (en) | 2021-03-16 |
Family
ID=63378231
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810246950.0A Active CN108512841B (en) | 2018-03-23 | 2018-03-23 | Intelligent defense system and method based on machine learning |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108512841B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108965340A (en) * | 2018-09-25 | 2018-12-07 | 网御安全技术(深圳)有限公司 | A kind of industrial control system intrusion detection method and system |
| CN109525551A (en) * | 2018-10-07 | 2019-03-26 | 杭州安恒信息技术股份有限公司 | A method of the CC based on statistical machine learning attacks protection |
| CN109547423A (en) * | 2018-11-09 | 2019-03-29 | 上海交通大学 | A kind of WEB malicious requests depth detection system and method based on machine learning |
| CN110020532A (en) * | 2019-04-15 | 2019-07-16 | 苏州浪潮智能科技有限公司 | A kind of information filtering method, system, equipment and computer readable storage medium |
| CN110472418A (en) * | 2019-07-15 | 2019-11-19 | 中国平安人寿保险股份有限公司 | A kind of security breaches means of defence and system, relevant device |
| CN111062493A (en) * | 2019-12-20 | 2020-04-24 | 深圳前海微众银行股份有限公司 | Longitudinal federation method, device, equipment and medium based on public data |
| CN111400721A (en) * | 2020-03-24 | 2020-07-10 | 杭州数梦工场科技有限公司 | API interface detection method and device |
| CN111651524A (en) * | 2020-06-05 | 2020-09-11 | 第四范式(北京)技术有限公司 | Auxiliary implementation method and device for online prediction by using machine learning model |
| CN113037779A (en) * | 2021-04-19 | 2021-06-25 | 清华大学 | Intelligent self-learning white list method and system in active defense system |
| CN113691562A (en) * | 2021-09-15 | 2021-11-23 | 神州网云(北京)信息技术有限公司 | Method for implementing rule engine for accurately identifying malicious network communication |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150128263A1 (en) * | 2013-11-07 | 2015-05-07 | Cyberpoint International, LLC | Methods and systems for malware detection |
| CN106790292A (en) * | 2017-03-13 | 2017-05-31 | 摩贝(上海)生物科技有限公司 | The web application layer attacks detection and defence method of Behavior-based control characteristic matching and analysis |
| CN106778259A (en) * | 2016-12-28 | 2017-05-31 | 北京明朝万达科技股份有限公司 | A kind of abnormal behaviour based on big data machine learning finds method and system |
| CN107404473A (en) * | 2017-06-06 | 2017-11-28 | 西安电子科技大学 | Based on Mshield machine learning multi-mode Web application means of defences |
| CN107612948A (en) * | 2017-11-08 | 2018-01-19 | 国网四川省电力公司信息通信公司 | A kind of intrusion prevention system and method |
-
2018
- 2018-03-23 CN CN201810246950.0A patent/CN108512841B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150128263A1 (en) * | 2013-11-07 | 2015-05-07 | Cyberpoint International, LLC | Methods and systems for malware detection |
| CN106778259A (en) * | 2016-12-28 | 2017-05-31 | 北京明朝万达科技股份有限公司 | A kind of abnormal behaviour based on big data machine learning finds method and system |
| CN106790292A (en) * | 2017-03-13 | 2017-05-31 | 摩贝(上海)生物科技有限公司 | The web application layer attacks detection and defence method of Behavior-based control characteristic matching and analysis |
| CN107404473A (en) * | 2017-06-06 | 2017-11-28 | 西安电子科技大学 | Based on Mshield machine learning multi-mode Web application means of defences |
| CN107612948A (en) * | 2017-11-08 | 2018-01-19 | 国网四川省电力公司信息通信公司 | A kind of intrusion prevention system and method |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108965340A (en) * | 2018-09-25 | 2018-12-07 | 网御安全技术(深圳)有限公司 | A kind of industrial control system intrusion detection method and system |
| CN109525551A (en) * | 2018-10-07 | 2019-03-26 | 杭州安恒信息技术股份有限公司 | A method of the CC based on statistical machine learning attacks protection |
| CN109547423A (en) * | 2018-11-09 | 2019-03-29 | 上海交通大学 | A kind of WEB malicious requests depth detection system and method based on machine learning |
| CN109547423B (en) * | 2018-11-09 | 2021-03-30 | 上海交通大学 | WEB malicious request deep detection system and method based on machine learning |
| CN110020532A (en) * | 2019-04-15 | 2019-07-16 | 苏州浪潮智能科技有限公司 | A kind of information filtering method, system, equipment and computer readable storage medium |
| CN110020532B (en) * | 2019-04-15 | 2020-07-07 | 苏州浪潮智能科技有限公司 | Information filtering method, system, equipment and computer readable storage medium |
| CN110472418B (en) * | 2019-07-15 | 2023-08-29 | 中国平安人寿保险股份有限公司 | Security vulnerability protection method and system and related equipment |
| CN110472418A (en) * | 2019-07-15 | 2019-11-19 | 中国平安人寿保险股份有限公司 | A kind of security breaches means of defence and system, relevant device |
| CN111062493A (en) * | 2019-12-20 | 2020-04-24 | 深圳前海微众银行股份有限公司 | Longitudinal federation method, device, equipment and medium based on public data |
| CN111400721A (en) * | 2020-03-24 | 2020-07-10 | 杭州数梦工场科技有限公司 | API interface detection method and device |
| CN111400721B (en) * | 2020-03-24 | 2024-04-12 | 杭州数梦工场科技有限公司 | API interface detection method and device |
| CN111651524A (en) * | 2020-06-05 | 2020-09-11 | 第四范式(北京)技术有限公司 | Auxiliary implementation method and device for online prediction by using machine learning model |
| WO2021244639A1 (en) * | 2020-06-05 | 2021-12-09 | 第四范式(北京)技术有限公司 | Auxiliary implementation method and apparatus for online prediction using machine learning model |
| CN111651524B (en) * | 2020-06-05 | 2023-10-03 | 第四范式(北京)技术有限公司 | Auxiliary implementation method and device for on-line prediction by using machine learning model |
| CN113037779B (en) * | 2021-04-19 | 2022-02-11 | 清华大学 | Intelligent self-learning white list method and system in active defense system |
| CN113037779A (en) * | 2021-04-19 | 2021-06-25 | 清华大学 | Intelligent self-learning white list method and system in active defense system |
| CN113691562A (en) * | 2021-09-15 | 2021-11-23 | 神州网云(北京)信息技术有限公司 | Method for implementing rule engine for accurately identifying malicious network communication |
| CN113691562B (en) * | 2021-09-15 | 2024-04-23 | 神州网云(北京)信息技术有限公司 | Rule engine implementation method for accurately identifying malicious network communication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108512841B (en) | 2021-03-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108512841A (en) | A kind of intelligent system of defense and defence method based on machine learning | |
| Karatas et al. | Deep learning in intrusion detection systems | |
| US10721249B2 (en) | Method for web application layer attack detection and defense based on behavior characteristic matching and analysis | |
| CN107070929A (en) | A kind of industry control network honey pot system | |
| Norouzian et al. | Classifying attacks in a network intrusion detection system based on artificial neural networks | |
| Ahmed et al. | Network traffic analysis based on collective anomaly detection | |
| CN107888887A (en) | A kind of video monitoring method for early warning and system for monitoring gas pipeline damage from third-party | |
| CN103905459A (en) | Cloud-based intelligent security defense system and defense method | |
| Lahre et al. | Analyze different approaches for ids using kdd 99 data set | |
| Dhakar et al. | A novel data mining based hybrid intrusion detection framework | |
| CN109660518A (en) | Communication data detection method, device and the machine readable storage medium of network | |
| US20150358292A1 (en) | Network security management | |
| CN103136476A (en) | Mobile intelligent terminal malicious software analysis system | |
| CN114499982A (en) | Honey net dynamic configuration strategy generating method, configuration method and storage medium | |
| Qi | Computer Real-Time Location Forensics Method for Network Intrusion Crimes. | |
| Xu | Research on network intrusion detection method based on machine learning | |
| Liao et al. | Research on network intrusion detection method based on deep learning algorithm | |
| Amro et al. | Application of fuzzy logic in computer security and forensics | |
| Sulaiman et al. | Big data analytic of intrusion detection system | |
| Fu et al. | Multi-agents artificial immune system (maais) inspired by danger theory for anomaly detection | |
| Arumugam et al. | Implementation of two class classifiers for hybrid intrusion detection | |
| Karim et al. | Implementation of K-Means Clustering for Intrusion Detection | |
| Lopez–Yepez et al. | Increasing attacker engagement on SSH honeypots using semantic embeddings of cyber-attack patterns and deep reinforcement learning | |
| Nugroho et al. | Implementation of CM-SPADE Algorithm in Building Denial of Service Detection System Model Using Snort | |
| Varshovi et al. | A fuzzy Intrusion Detection System based on categorization of attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |