CN108512841B - Intelligent defense system and method based on machine learning - Google Patents
Intelligent defense system and method based on machine learning Download PDFInfo
- Publication number
- CN108512841B CN108512841B CN201810246950.0A CN201810246950A CN108512841B CN 108512841 B CN108512841 B CN 108512841B CN 201810246950 A CN201810246950 A CN 201810246950A CN 108512841 B CN108512841 B CN 108512841B
- Authority
- CN
- China
- Prior art keywords
- request
- information
- online
- module
- learning model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an intelligent defense system and a defense method based on machine learning, wherein the system comprises a database, an online unit and an offline unit, wherein the online unit consists of an online real-time information collection module and an online malicious request processing module, and the offline unit consists of an offline collected information processing module and a machine learning module; the online real-time information collection module can monitor the received request in real time; the offline collected information processing module respectively processes the monitored requests and inputs the processed data to the learning model; the machine learning module can respectively learn the request data in the learning model, and establish a normal request feature library, an abnormal request feature library and an abnormal response library; and the online malicious request processing module identifies the online real-time request according to the request information contained in each library and intercepts the malicious request. The technical scheme of the invention can solve the problems that the intrusion detection system deployed in the traditional mode is not protected in time and the defense rules of the WAF system cannot be covered completely.
Description
Technical Field
The invention relates to the technical field of computer software information, in particular to an intelligent defense system and a defense method based on machine learning.
Background
At the moment that the network and computer software and hardware technologies are gradually mature, the life and production of people tend to be networked and intelligentized, which is a convenient place brought to people by science and technology, but a series of safety problems are also caused at the same time, under the impact of a safety event which is tragic and painful for the time, the safety problems are increasingly received by enterprises, the national attention is paid, a series of safety software is born and tends to be mature continuously, however, the safety software depends on a strong leak library or defense rules, the leak library and the defense rules need to be added and customized manually, and the manpower and time consumption generated at one stage is undoubtedly huge.
Nowadays, more and more network attackers launch network attacks through automation technology, but the attacked enterprises or organizations still use manpower to summarize internal security problems and then compare with external threat information. Such conventionally deployed intrusion detection systems often take weeks or even months to repair, however, during this time period of security personnel repair, attackers can still exploit the vulnerability intrusion system to willingly grab data.
Some enterprises deploy related WAF defense systems for enterprise security, the WAF defense systems can greatly reduce security risks of the enterprises to a certain extent, but the WAF defense systems cannot prevent unknown risks, WAF defense rules can still be broken if the WAF defense rules are not tight enough, and meanwhile, a rule set based on past knowledge still cannot cope with 0day attack.
Disclosure of Invention
The invention aims to overcome the defects in the background art, and provides an intelligent defense system and a defense method based on machine learning, so as to effectively solve the problems that the intrusion detection system deployed in the traditional mode is not timely protected, the defense rule of the WAF system cannot be fully covered or is not strict, and the like.
In order to achieve the technical effects, the invention adopts the following technical scheme:
an intelligent defense system based on machine learning comprises a database, an online unit and an offline unit, wherein the online unit consists of an online real-time information collection module and an online malicious request processing module, and the offline unit consists of an offline collected information processing module and a machine learning module; the online real-time information collection module can monitor the received request in real time and store the monitored request to a database in real time; the off-line collected information processing module can respectively carry out information filtering, information classification and information conversion processing on the requests monitored and collected by the on-line real-time information collecting module, and input the processed data to a corresponding learning model for learning of the machine learning module; the learning model comprises a white sample learning model, a black sample learning model and an abnormal response learning model; the machine learning module can respectively learn the request data in the white sample learning model, the black sample learning model and the abnormal response learning model, and then respectively establish a normal request feature library, an abnormal request feature library and an abnormal response library; the online malicious request processing module can identify, intercept and respond to the online real-time request according to request information contained in a normal request feature library, an abnormal request feature library and an abnormal response library which are established by the machine learning module;
the intelligent defense system mainly collects information through the online real-time information collecting module, the offline collected information processing module carries out processing such as filtering, classification and conversion on the information collected by the online real-time information collecting module, the processed data are transmitted to the machine learning module to be learned, analyzed and stored in a warehouse through the machine learning module, and finally the online malicious request processing module applies the learning result of the machine learning module and finally achieves the defense effect.
Meanwhile, the invention also discloses a method for defending by applying the intelligent defense system based on machine learning, which specifically comprises the following steps:
s1, an online real-time information collection module carries out real-time request monitoring on a target system, and collects and stores monitored request information into a database;
s2, the offline collected information processing module carries out information filtering, information classification and information conversion processing on the request information in the database, and then the processed data are input to a relevant learning model of the machine learning module, wherein the learning model comprises a white sample learning model, a black sample learning model and an abnormal response learning model;
s3, the machine learning module trains and learns in the white sample learning model, the black sample learning model and the abnormal response learning model and generates a normal request feature library, an abnormal request feature library and an abnormal response library;
and S4, the online malicious request processing module identifies and processes the real-time request of the target system by using the normal request feature library and the abnormal response library generated by the machine learning module, and finally completes defense.
Further, when the offline collected information processing module performs information filtering processing on the request information in the database in step S2, the method mainly includes the following steps:
s201, the offline collected information processing module classifies the request information in the database according to normal request information and malicious request information;
s202, the offline collected information processing module filters invalid and repeated information in the normal request information and the malicious request information.
Further, when the offline collected information processing module classifies the request information according to the normal request information and the malicious request information in step S201, the classification standard may be according to the existing WAF system defense rules and/or the results intercepted and recorded by the online malicious request processing module.
Further, when the offline collected information processing module performs information classification processing on the request information in the database in step S2, the method mainly includes the following steps:
s211, classifying request information from different service systems according to different service systems;
s212, classifying the request information which comes from the same service system but has different request modes;
and S213, finally classifying the request information which comes from the same service system but has different requested services.
Further, when the offline collected information processing module performs the information conversion processing on the request information in the database in step S2, the request information subjected to the information filtering processing is mainly converted into data that can be recognized and processed by the machine learning module.
Further, the step S3 is specifically:
s31, preliminarily learning a large amount of data of normal request information, extracting data characteristics of normal requests, and establishing a normal request characteristic library;
s32, performing reinforcement learning on the request information or the log of the target system collected by the online unit and updating a normal request feature library;
s33, learning, predicting and expanding the abnormal request data collected by the online units or existing in the target system, and establishing and updating an abnormal request feature library;
and S34, establishing an abnormal request response model by using the abnormal request feature library, performing training and learning, and establishing an abnormal response library according to the abnormal request response model.
Further, the normal request information in step S31 includes request information of network delay in the case of non-malicious request and request information in the case of response delay of the server.
Further, the data characteristics of the normal request extracted in step S31 include access frequency, access time interval, access order, request parameter character distribution, parameter value length, and parameter missing, where the access frequency includes access frequency of a single IP and total access frequency.
Furthermore, the intelligent defense system is based on the WAF system, the online real-time information collection module is deployed on the WAF system, the deployment mode of the system can adopt various modes, the online real-time information collection module can be deployed on the WAF system and can also directly request real-time monitoring to a target system,
how to select the two modes can be determined according to actual demand conditions, the requests deployed on the WAF system are relatively clean, the method is suitable for collecting white sample information, the method is suitable for collecting black sample data when the real-time monitoring is directly performed on the target system, the system is combined with an exception handling module, and the online malicious request handling module can directly perform real-time protection monitoring on the target system.
Compared with the prior art, the invention has the following beneficial effects:
the technical scheme adopted by the invention can effectively solve the problems that the intrusion detection system deployed in the traditional mode is not protected timely, the defense rules of the WAF system cannot be covered completely or are not strict and the like, the safety of network application is detected and maintained by utilizing machine learning, reliable and stable training data is taken as the basis in the machine learning, a targeted learning model is used for learning and analyzing data, a large number of characteristic values of normal data requests are taken as a training set in combination with the machine learning, and malicious requests are intercepted by a learning result reference library so as to achieve the effects of intelligent defense and unknown result prediction.
Drawings
FIG. 1 is a flow chart of the execution of the modules of the intelligent defense system based on machine learning of the invention.
Detailed Description
The invention will be further elucidated and described with reference to the embodiments of the invention described hereinafter.
Example (b):
the first embodiment is as follows:
as shown in fig. 1, an intelligent defense system based on machine learning includes a database, an online unit and an offline unit, wherein the online unit is composed of an online real-time information collection module and an online malicious request processing module, and the offline unit is composed of an offline collected information processing module and a machine learning module.
Wherein, the deployment mode of the intelligent defense system can adopt various modes, the on-line real-time information collection module can be deployed on the WAF system, and can also directly request the target system to monitor in real time,
how to select the two modes can be determined according to actual demand conditions, the requests deployed on the WAF system are relatively clean, the method is suitable for collecting white sample information, the method is suitable for collecting black sample data when the real-time monitoring is directly performed on the target system, the system is combined with an exception handling module, and the online malicious request handling module can directly perform real-time protection monitoring on the target system. In this embodiment, the target system is directly requested to monitor in real time.
The online real-time information collection module can monitor the received request in real time and store the monitored request to the database in real time; the offline collected information processing module can respectively perform information filtering, information classification and information conversion processing on the requests monitored and collected by the online real-time information collecting module, and input the processed data to the corresponding learning model for the machine learning module to learn.
The learning model comprises a white sample learning model, a black sample learning model and an abnormal response learning model,
the machine learning module can respectively learn the request data in the white sample learning model, the black sample learning model and the abnormal response learning model, and then respectively establish a normal request feature library, an abnormal request feature library and an abnormal response library; the online malicious request processing module can identify, intercept and respond to the online real-time request according to the request information contained in the normal request feature library, the abnormal request feature library and the abnormal response library which are established by the machine learning module.
Wherein, the white sample learning model is aimed at modeling a large number of normal requests, and obtains the related characteristic domain of the normal requests by carrying out statistics and probabilistic analysis on the characteristics including access frequency (single IP access frequency, total access frequency), access time interval, access sequence, request parameter character distribution, parameter value length, parameter deficiency and the like, and identifies and judges abnormal requests in a white list mode, thereby achieving the defense effect,
the black sample learning model is used for modeling and analyzing the abnormal request and predicting and deriving other more abnormal request characteristics so as to generate a corresponding defense rule and apply the defense rule to the existing WAF system. The abnormal response learning model is mainly used for further training and learning the result of the black sample learning model to generate corresponding abnormal processing (namely response measures such as direct interception, abnormal parameter filtering and the like).
The intelligent defense system mainly collects information through the online real-time information collecting module, the offline collected information processing module carries out processing such as filtering, classification and conversion on the information collected by the online real-time information collecting module, the processed data are transmitted to the machine learning module to be learned, analyzed and stored in a warehouse through the machine learning module, and finally the online malicious request processing module applies the learning result of the machine learning module and finally achieves the defense effect.
The information collection needs to be collected in real time, so that the information collection needs to run synchronously with a target system, as a large amount of training data is needed for the machine learning extraction of characteristic values as a support, the information processing can only be used as a machine learning engine data source on line, the machine learning engine needs a large amount of time to execute corresponding learning models, extract characteristic values, predict results and the like, when the machine learning engine learns and processes relevant result data, and then a malicious request processing module identifies and processes a real-time request of the target system, so that the malicious request processing module also needs to run synchronously with a target business system.
The intelligent defense system based on machine learning specifically comprises the following steps of:
s1, an online real-time information collection module carries out real-time request monitoring on a target system, and collects and stores monitored request information into a database; and the training set is prepared for machine learning.
And S2, the offline collected information processing module performs information filtering, information classification and information conversion processing on the request information in the database, and then inputs the processed data to a relevant learning model of the machine learning module, wherein the learning model comprises a white sample learning model, a black sample learning model and an abnormal response learning model.
Specifically, the information filtering is divided into two steps:
s201, the offline collected information processing module classifies the request information in the database according to normal request information and malicious request information; (reference can be made to the existing WAF system defense rules and the results of the online malicious request interception records during classification)
S202, the offline collected information processing module filters invalid and repeated information in the normal request information and the malicious request information.
When information is classified, request information from different service systems is classified according to different service systems; classifying the request information which comes from the same service system but has different request modes; and finally classifying the request information which comes from the same service system but has different requested services.
The information conversion processing is mainly used for converting the request information subjected to the information filtering processing into data which can be identified and processed by the machine learning module.
S3, the machine learning module trains and learns in the white sample learning model, the black sample learning model and the abnormal response learning model and generates a normal request feature library, an abnormal request feature library and an abnormal response library;
the method specifically comprises the steps that a machine learning module firstly conducts preliminary learning on a large number of normal data requests (including requests under special conditions such as network delay under non-malicious requests and server response delay), extracts features including access frequency (single IP access frequency and total access frequency), access time interval, access sequence, request parameter character distribution, parameter value length and parameter loss, and establishes a normal request feature library;
then the machine learning module carries out reinforcement learning on the information or target system logs collected by the online unit, updates the corresponding feature library, then learns, predicts and expands the collected or existing (WAF system) abnormal request data set through a machine learning model, and establishes an updated abnormal request feature library.
And S4, the online malicious request processing module identifies and processes the real-time request of the target system by using the normal request feature library and the abnormal response library generated by the machine learning module, and finally completes defense.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.
Claims (8)
1. The method is characterized in that the intelligent defense system based on machine learning comprises a database, an online unit and an offline unit, wherein the online unit consists of an online real-time information collection module and an online malicious request processing module, and the offline unit consists of an offline information collection processing module and a machine learning module;
the online real-time information collection module can monitor the received request in real time and store the monitored request to a database in real time;
the off-line collected information processing module can respectively carry out information filtering, information classification and information conversion processing on the requests monitored and collected by the on-line real-time information collecting module, and input the processed data to a corresponding learning model for learning of the machine learning module; the learning model comprises a white sample learning model, a black sample learning model and an abnormal response learning model;
the machine learning module can respectively learn the request data in the white sample learning model, the black sample learning model and the abnormal response learning model, and then respectively establish a normal request feature library, an abnormal request feature library and an abnormal response library;
the online malicious request processing module can identify, intercept and respond to the online real-time request according to request information contained in a normal request feature library, an abnormal request feature library and an abnormal response library which are established by the machine learning module;
the method for defending by the intelligent defense system based on machine learning specifically comprises the following steps:
s1, an online real-time information collection module carries out real-time request monitoring on a target system, and collects and stores monitored request information into a database;
s2, the offline collected information processing module carries out information filtering, information classification and information conversion processing on the request information in the database, and then the processed data are input to a relevant learning model of the machine learning module, wherein the learning model comprises a white sample learning model, a black sample learning model and an abnormal response learning model;
s3, the machine learning module trains and learns in the white sample learning model, the black sample learning model and the abnormal response learning model and generates a normal request feature library, an abnormal request feature library and an abnormal response library; the step S3 specifically includes:
s31, preliminarily learning a large amount of data of normal request information, extracting data characteristics of normal requests, and establishing a normal request characteristic library;
s32, performing reinforcement learning on the request information or the log of the target system collected by the online unit and updating a normal request feature library;
s33, learning, predicting and expanding the abnormal request data collected by the online units or existing in the target system, and establishing and updating an abnormal request feature library;
s34, establishing an abnormal request response model by using an abnormal request feature library, carrying out training learning, and establishing an abnormal response library according to the abnormal request response model;
and S4, the online malicious request processing module identifies and processes the real-time request of the target system by using the normal request feature library and the abnormal response library generated by the machine learning module, and finally completes defense.
2. The method according to claim 1, wherein when the offline collected information processing module performs information filtering processing on the requested information in the database in step S2, the method mainly comprises the following steps:
s201, the offline collected information processing module classifies the request information in the database according to normal request information and malicious request information;
s202, the offline collected information processing module filters invalid and repeated information in the normal request information and the malicious request information.
3. The method according to claim 2, wherein in step S201, when the offline collected information processing module classifies the request information according to normal request information and malicious request information, the classification criteria thereof may be based on existing WAF system defense rules and/or results intercepted and recorded by the online malicious request processing module.
4. The method according to claim 1, wherein when the offline collected information processing module performs information classification processing on the requested information in the database in step S2, the method mainly comprises the following steps:
s211, classifying request information from different service systems according to different service systems;
s212, classifying the request information which comes from the same service system but has different request modes;
and S213, finally classifying the request information which comes from the same service system but has different requested services.
5. The method according to claim 1, wherein in step S2, when the offline collected information processing module performs the information conversion process on the requested information in the database, the requested information is mainly converted into data that can be recognized and processed by the machine learning module.
6. The method according to claim 1, wherein the normal request message in step S31 includes a network delayed request message in case of non-malicious request and a request message in case of server response delay.
7. The method according to claim 1, wherein the data characteristics of the normal request extracted in step S31 include access frequency, access time interval, access sequence, request parameter character distribution, parameter value length, and parameter missing, wherein the access frequency includes access frequency of single IP and total access frequency.
8. The method according to any one of claims 1 to 7, wherein the intelligent defense system is based on a WAF system, and the online real-time information collection module is deployed on the WAF system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810246950.0A CN108512841B (en) | 2018-03-23 | 2018-03-23 | Intelligent defense system and method based on machine learning |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810246950.0A CN108512841B (en) | 2018-03-23 | 2018-03-23 | Intelligent defense system and method based on machine learning |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108512841A CN108512841A (en) | 2018-09-07 |
| CN108512841B true CN108512841B (en) | 2021-03-16 |
Family
ID=63378231
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810246950.0A Active CN108512841B (en) | 2018-03-23 | 2018-03-23 | Intelligent defense system and method based on machine learning |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108512841B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108965340B (en) * | 2018-09-25 | 2020-05-05 | 网御安全技术(深圳)有限公司 | Industrial control system intrusion detection method and system |
| CN109525551A (en) * | 2018-10-07 | 2019-03-26 | 杭州安恒信息技术股份有限公司 | A method of the CC based on statistical machine learning attacks protection |
| CN109547423B (en) * | 2018-11-09 | 2021-03-30 | 上海交通大学 | WEB malicious request deep detection system and method based on machine learning |
| CN110020532B (en) * | 2019-04-15 | 2020-07-07 | 苏州浪潮智能科技有限公司 | Information filtering method, system, equipment and computer readable storage medium |
| CN110472418B (en) * | 2019-07-15 | 2023-08-29 | 中国平安人寿保险股份有限公司 | Security vulnerability protection method and system and related equipment |
| CN111062493B (en) * | 2019-12-20 | 2021-06-15 | 深圳前海微众银行股份有限公司 | Longitudinal federation method, device, equipment and medium based on public data |
| CN111400721B (en) * | 2020-03-24 | 2024-04-12 | 杭州数梦工场科技有限公司 | API interface detection method and device |
| CN111651524B (en) * | 2020-06-05 | 2023-10-03 | 第四范式(北京)技术有限公司 | Auxiliary implementation method and device for on-line prediction by using machine learning model |
| CN113037779B (en) * | 2021-04-19 | 2022-02-11 | 清华大学 | Intelligent self-learning white list method and system in active defense system |
| CN113691562B (en) * | 2021-09-15 | 2024-04-23 | 神州网云(北京)信息技术有限公司 | Rule engine implementation method for accurately identifying malicious network communication |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778259A (en) * | 2016-12-28 | 2017-05-31 | 北京明朝万达科技股份有限公司 | A kind of abnormal behaviour based on big data machine learning finds method and system |
| CN106790292A (en) * | 2017-03-13 | 2017-05-31 | 摩贝(上海)生物科技有限公司 | The web application layer attacks detection and defence method of Behavior-based control characteristic matching and analysis |
| CN107404473A (en) * | 2017-06-06 | 2017-11-28 | 西安电子科技大学 | Based on Mshield machine learning multi-mode Web application means of defences |
| CN107612948A (en) * | 2017-11-08 | 2018-01-19 | 国网四川省电力公司信息通信公司 | A kind of intrusion prevention system and method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9288220B2 (en) * | 2013-11-07 | 2016-03-15 | Cyberpoint International Llc | Methods and systems for malware detection |
-
2018
- 2018-03-23 CN CN201810246950.0A patent/CN108512841B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778259A (en) * | 2016-12-28 | 2017-05-31 | 北京明朝万达科技股份有限公司 | A kind of abnormal behaviour based on big data machine learning finds method and system |
| CN106790292A (en) * | 2017-03-13 | 2017-05-31 | 摩贝(上海)生物科技有限公司 | The web application layer attacks detection and defence method of Behavior-based control characteristic matching and analysis |
| CN107404473A (en) * | 2017-06-06 | 2017-11-28 | 西安电子科技大学 | Based on Mshield machine learning multi-mode Web application means of defences |
| CN107612948A (en) * | 2017-11-08 | 2018-01-19 | 国网四川省电力公司信息通信公司 | A kind of intrusion prevention system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108512841A (en) | 2018-09-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108512841B (en) | Intelligent defense system and method based on machine learning | |
| CN112769796B (en) | Cloud network side collaborative defense method and system based on end side edge computing | |
| CN106790186B (en) | Multi-step attack detection method based on multi-source abnormal event correlation analysis | |
| CN114584405B (en) | Electric power terminal safety protection method and system | |
| CN108965340B (en) | Industrial control system intrusion detection method and system | |
| US9961047B2 (en) | Network security management | |
| CN113381980B (en) | Information security defense method and system, electronic device and storage medium | |
| CN111049827A (en) | Network system safety protection method, device and related equipment | |
| CN112560029A (en) | Website content monitoring and automatic response protection method based on intelligent analysis technology | |
| CN111786986B (en) | Numerical control system network intrusion prevention system and method | |
| CN113794276A (en) | Power distribution network terminal safety behavior monitoring system and method based on artificial intelligence | |
| CN112039858A (en) | Block chain service security reinforcement system and method | |
| CN110519231A (en) | A kind of cross-domain data exchange supervisory systems and method | |
| CN115001934A (en) | Industrial control safety risk analysis system and method | |
| CN111049828B (en) | Network attack detection and response method and system | |
| CN115941317A (en) | Network security comprehensive analysis and situation awareness platform | |
| Skendžić et al. | Management and monitoring security events in a business organization-siem system | |
| Liao et al. | Research on network intrusion detection method based on deep learning algorithm | |
| CN112839029B (en) | Botnet activity degree analysis method and system | |
| CN114006744A (en) | LSTM-based power monitoring system network security situation prediction method and system | |
| Jun et al. | Research of intrusion detection system based on machine learning | |
| CN117807590B (en) | Information security prediction and monitoring system and method based on artificial intelligence | |
| Wang et al. | Adaptive feature-weighted alert correlation system applicable in cloud environment | |
| CN117648689B (en) | Automatic response method for industrial control host safety event based on artificial intelligence | |
| Yin et al. | Research on the Optimization and Upgrade of Computer Network Detection Technology in the Intelligent Age |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |