CN108540474B - Computer network defense decision-making system - Google Patents

Computer network defense decision-making system Download PDF

Info

Publication number
CN108540474B
CN108540474B CN201810316414.3A CN201810316414A CN108540474B CN 108540474 B CN108540474 B CN 108540474B CN 201810316414 A CN201810316414 A CN 201810316414A CN 108540474 B CN108540474 B CN 108540474B
Authority
CN
China
Prior art keywords
virus
module
class
clustering
defense
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810316414.3A
Other languages
Chinese (zh)
Other versions
CN108540474A (en
Inventor
唐云
刘明哲
罗俊松
杨中良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Univeristy of Technology
Original Assignee
Chengdu Univeristy of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Univeristy of Technology filed Critical Chengdu Univeristy of Technology
Priority to CN201810316414.3A priority Critical patent/CN108540474B/en
Publication of CN108540474A publication Critical patent/CN108540474A/en
Application granted granted Critical
Publication of CN108540474B publication Critical patent/CN108540474B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Measuring Or Testing Involving Enzymes Or Micro-Organisms (AREA)
  • Apparatus Associated With Microorganisms And Enzymes (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention belongs to the technical field of network security, and discloses a computer network defense decision system. The virus residual situation is detected by the virus defense detection module, and the residual virus can be directly conveyed to the virus treatment defense module to be continuously checked and killed when meeting. In another stage, a virus inspection module is arranged to monitor various viruses at any time, and when encountering the viruses before the same species, the viruses can directly transmit data to a virus processing defense module for inspection and killing. The defense decision system has clear logical level of modules, clear division of labor of each module, automatic monitoring of viruses by each module at any time, guarantee of network security and guarantee of permanent and thorough killing of the same type of viruses.

Description

Computer network defense decision-making system
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a computer network defense decision system.
Background
At present, with the progress of computer technology, computers have become necessary tools for people to live and work due to unique functions and strong working capacity of the computers. For computer networks, network security and information security have become an increasingly concerned issue, and it is necessary to strictly ensure that personal networks cannot be invaded, internal data cannot be leaked, and viruses and trojans on the internet cannot be infected. The existing computer network has poor information security, the computer is not convenient to manage, and the existing defense system mostly has incomplete searching and killing and has no complete monitoring system.
In summary, the problems of the prior art are as follows: the existing computer network has poor information security, the computer is not convenient to manage, and the existing defense system mostly has incomplete searching and killing and has no complete monitoring system.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a computer network defense decision system.
The invention is realized in such a way that the computer network defense decision-making system is provided with a virus pre-detection module, a virus identification module, a virus classification module, a virus processing defense module, a virus post-defense detection module and a virus inspection module. The virus pre-detection module, the virus identification module, the virus classification module, the virus processing defense module and the virus post-defense detection module are sequentially connected, and the virus inspection module is used for patrol monitoring.
The virus pre-detection module detects the existing possible virus problem, transmits data of the possible virus to the virus identification module for virus identification, transmits the data determined as the virus to the virus classification module, and transmits the virus classification to the virus treatment defense module for virus killing through the virus classification module; the virus residual situation is detected by the virus post-defense detection module, and when the residual virus is encountered, the residual virus can be directly conveyed to the virus treatment defense module for continuous searching and killing; the other grade is provided with a virus inspection module which monitors various viruses at any time, and when encountering the viruses before the same species, the viruses can directly transmit data to a virus processing defense module for inspection and killing;
the adaptability function of the particles in the basic PSO clustering algorithm of the virus pre-detection module is as follows:
Figure GDA0002838304000000021
Figure GDA0002838304000000022
Figure GDA0002838304000000023
wherein N isbIs the dimensionality of the virus data; n is a radical ofcThe number of clusters; z is a radical ofpA virus data vector representing a sample; n isjRepresents the number of samples in cluster C; m isjRepresents a cluster CjMean of medium samples;
the virus identification module finite set X ═ X1,x2,…,xnBelongs to a p-dimensional Euclidean space Rp, i.e. xk∈RpK is 1,2, …, n; the FCM algorithm uses a sum of squared errors function JFCMAs a clustering objective function:
Figure GDA0002838304000000024
Figure GDA0002838304000000025
Figure GDA0002838304000000026
wherein n is the number of samples; c is a given number of classes, and 1<c<n; m is called a weighted power exponent, which affects the ambiguity of the membership matrix; v. ofiThe cluster center of the ith class; u. ofikRepresenting a virus data object xkBelong to cluster CiThe degree of (d);
the virus classification module sets the number of clusters k to 2 and increments to
Figure GDA0002838304000000027
Respectively searching respective optimal cluster centers, and finally determining the cluster number and the corresponding cluster centers through the clustering effect index I (k) under each k value;
firstly, initializing a particle swarm size N, a maximum iteration number T, a variation amplitude coefficient lambda, an antibody similarity coefficient eta and a clustering number set X; according to the following formula
Figure GDA0002838304000000031
Normalized to X '═ X'1,x′2,Λx′nGet k of the maximum value as the clustering number, and need to determine the corresponding virus data setAnd X is the best clustering result.
Further, the post-virus defense detection module compares virus clustering results:
1) and (3) Purity: purity, another measure of how well a cluster obtained by running an algorithm contains objects of the original single class;
Figure GDA0002838304000000032
if the purity is higher, the clustering result obtained by the algorithm is closer to the known basic fact, and the clustering effect is better;
2) RI: the Rand statistic is a measure which takes the correlation degree of an ideal cluster similarity matrix and an ideal class similarity matrix as the clustering effectiveness; in the ideal cluster similarity matrix, the ijth item is 1, if two objects i and j are in the same cluster, otherwise, the number is 0; in the ideal class similarity matrix, the ijth item is 1, if two objects i and j are in the same class, otherwise, the number is 0; the Rand statistic can be calculated as follows:
Figure GDA0002838304000000033
wherein f is00Number of pairs of objects having different classes and different clusters
f01Number of pairs having different classes and the same cluster
f10Number of pairs of objects having the same class and different clusters
f11Number of pairs having the same class and the same cluster
The formula shows that the larger the Rand statistic is, the closer the clustering result obtained by the algorithm is to the known basic fact, and the better the clustering effect is;
3) error _ degree Error rate, wherein the number of virus data in the original virus data is T, and the number of virus data in the ith class is TiBy clustering, get the ith1Class pairIn response to the ith class of the original virus data, and1the number of virus data belonging to the original i-th class in the virus data of the class is
Figure GDA0002838304000000034
Then the error rate for class i is:
Figure GDA0002838304000000041
recording the virus data point (belonging to ith) found by mistake in each class after clustering1The number of classes other than class i) is T1', the total error rate is:
Figure GDA0002838304000000042
and (3) respectively applying different algorithms, such as a k-means algorithm, a PROCLUS _ clustering algorithm and a particle swarm high-dimensional clustering algorithm in the project, to the plan, analyzing and comparing two groups of different virus data sets, counting the three clustering effectiveness measurement indexes, and giving specific experimental parameters and experimental analysis results.
The invention detects the problem of possible viruses by the virus pre-detection module, transmits data of the possible viruses to the virus identification module for virus identification, transmits the data determined as the viruses to the virus classification module, and transmits the viruses to the virus treatment defense module for virus killing by the virus classification module. The virus residual situation is detected by the virus defense detection module, and the residual virus can be directly conveyed to the virus treatment defense module to be continuously checked and killed when meeting. In another stage, a virus inspection module is arranged to monitor various viruses at any time, and when encountering the viruses before the same species, the viruses can directly transmit data to a virus processing defense module for inspection and killing. The defense decision system has clear logical level of modules, clear division of labor of each module, automatic monitoring of viruses by each module at any time, guarantee of network security and guarantee of permanent and thorough killing of the same type of viruses.
Drawings
FIG. 1 is a schematic structural diagram of a computer network defense decision system provided by an embodiment of the invention;
in the figure: 1. a virus pre-detection module; 2. a virus recognition module; 3. a virus classification module; 4. a virus processing defense module; 5. a post-virus defense detection module; 6. and a virus inspection module.
Detailed Description
In order to further understand the contents, features and effects of the present invention, the following embodiments are illustrated and described in detail with reference to the accompanying drawings.
The structure of the present invention will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the computer network defense decision system provided by the embodiment of the present invention is provided with a virus pre-detection module 1, a virus identification module 2, a virus classification module 3, a virus processing defense module 4, a virus post-defense detection module 5, and a virus inspection module 6.
The virus pre-detection module 1, the virus identification module 2, the virus classification module 3, the virus treatment defense module 4 and the virus post-defense detection module 5 are sequentially connected, and the virus inspection module 6 is used for patrol monitoring.
The virus pre-detection module 1 is positioned at the uppermost part of the whole system. The virus recognition module 2 is positioned at the lower part of the virus pre-detection module 1. The virus classification module 3 is positioned at the lower part of the virus identification module 2. The virus processing defense module 4 is positioned at the lower part of the virus classification module 3. The post-virus defense detection 5 module is positioned at the lower part of the virus treatment defense module 4. The virus inspection module 6 is another level module.
The adaptability function of the particles in the basic PSO clustering algorithm of the virus pre-detection module is as follows:
Figure GDA0002838304000000051
Figure GDA0002838304000000052
Figure GDA0002838304000000053
wherein N isbIs the dimensionality of the virus data; n is a radical ofcThe number of clusters; z is a radical ofpA virus data vector representing a sample; n isjRepresents the number of samples in cluster C; m isjRepresents a cluster CjMean of medium samples;
the virus identification module finite set X ═ X1,x2,…,xnBelongs to a p-dimensional Euclidean space Rp, i.e. xk∈RpK is 1,2, …, n; the FCM algorithm uses a sum of squared errors function JFCMAs a clustering objective function:
Figure GDA0002838304000000054
Figure GDA0002838304000000055
Figure GDA0002838304000000056
wherein n is the number of samples; c is a given number of classes, and 1<c<n; m is called a weighted power exponent, which affects the ambiguity of the membership matrix; v. ofiThe cluster center of the ith class; u. ofikRepresenting a virus data object xkBelong to cluster CiThe degree of (d);
the virus classification module sets the number of clusters k to 2 and increments to
Figure GDA0002838304000000061
Respectively searching respective optimal cluster centers, and finally determining the cluster number and the corresponding cluster centers through the clustering effect index I (k) under each k value;
firstly, initializing a particle swarm size N, a maximum iteration number T, a variation amplitude coefficient lambda, an antibody similarity coefficient eta and a clustering number set X; according to the following formula
Figure GDA0002838304000000062
Normalized to X '═ X'1,x′2,Λx′nAnd f, obtaining k with the maximum value as a clustering number by the clustering effect index I (k), and judging the optimal clustering result of the corresponding classified virus data set X.
The virus post defense detection module compares virus clustering results:
1) and (3) Purity: purity, another measure of how well a cluster obtained by running an algorithm contains objects of the original single class;
Figure GDA0002838304000000063
if the purity is higher, the clustering result obtained by the algorithm is closer to the known basic fact, and the clustering effect is better;
2) RI: the Rand statistic is a measure which takes the correlation degree of an ideal cluster similarity matrix and an ideal class similarity matrix as the clustering effectiveness; in the ideal cluster similarity matrix, the ijth item is 1, if two objects i and j are in the same cluster, otherwise, the number is 0; in the ideal class similarity matrix, the ijth item is 1, if two objects i and j are in the same class, otherwise, the number is 0; the Rand statistic can be calculated as follows:
Figure GDA0002838304000000064
wherein f is00Number of pairs of objects having different classes and different clusters
f01Number of pairs having different classes and the same cluster
f10Number of pairs of objects having the same class and different clusters
f11Number of pairs having the same class and the same cluster
The formula shows that the larger the Rand statistic is, the closer the clustering result obtained by the algorithm is to the known basic fact, and the better the clustering effect is;
3) error _ degree Error rate, wherein the number of virus data in the original virus data is T, and the number of virus data in the ith class is TiBy clustering, get the ith1Class corresponds to class i of the original virus data, and class i1The number of virus data belonging to the original i-th class in the virus data of the class is
Figure GDA0002838304000000071
Then the error rate for class i is:
Figure GDA0002838304000000072
recording the virus data point (belonging to ith) found by mistake in each class after clustering1The number of classes other than class i) is T1', the total error rate is:
Figure GDA0002838304000000073
and (3) respectively applying different algorithms, such as a k-means algorithm, a PROCLUS _ clustering algorithm and a particle swarm high-dimensional clustering algorithm in the project, to the plan, analyzing and comparing two groups of different virus data sets, counting the three clustering effectiveness measurement indexes, and giving specific experimental parameters and experimental analysis results.
The working principle of the invention is as follows: the defense decision system detects the existing possible virus problem through the virus pre-detection module 1, transmits the possible virus to the virus identification module 2 for virus identification, transmits the data determined as the virus to the virus classification module 3, and transmits the virus classification to the virus treatment defense module 4 for virus killing through the virus classification module 3. The virus residual situation is detected by the virus defense detection module 5, and when the residual virus is encountered, the virus can be directly conveyed to the virus treatment defense module 4 for continuous searching and killing. In another stage, there is a virus inspection module 6, which monitors various viruses at any time, and when encountering a virus before the same species, can directly transmit data to the virus processing defense module 4 for inspection and killing. The defense decision system has clear logical level of modules, clear division of labor of each module, automatic monitoring of viruses by each module at any time, guarantee of network security and guarantee of permanent and thorough killing of the same type of viruses.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and all simple modifications, equivalent changes and modifications made to the above embodiment according to the technical spirit of the present invention are within the scope of the technical solution of the present invention.

Claims (2)

1. A computer network defense decision-making system is characterized by being provided with a virus pre-detection module, a virus identification module, a virus classification module, a virus processing defense module, a virus post-defense detection module and a virus inspection module;
the virus pre-detection module, the virus identification module, the virus classification module, the virus processing defense module and the virus post-defense detection module are sequentially connected, and the virus inspection module is used for patrol monitoring;
the virus pre-detection module detects the existing possible virus problem, transmits data of the possible virus to the virus identification module for virus identification, transmits the data determined as the virus to the virus classification module, and transmits the virus classification to the virus treatment defense module for virus killing through the virus classification module; detecting the virus residual situation through a virus rear defense detection module, and directly conveying the residual virus to a virus treatment defense module for continuous searching and killing when the residual virus is encountered; the other grade is provided with a virus inspection module which monitors various viruses at any time, and when encountering the same species, the viruses directly transmit data to a virus processing defense module for inspection and killing;
the adaptability function of the particles in the basic PSO clustering algorithm of the virus pre-detection module is as follows:
Figure FDA0002838303990000011
Figure FDA0002838303990000012
Figure FDA0002838303990000013
wherein N isbIs the dimensionality of the virus data; n is a radical ofcThe number of clusters; z is a radical ofpA virus data vector representing a sample; n isjRepresents a cluster CjThe number of the middle samples; m isjRepresents a cluster CjMean of medium samples;
the virus identification module finite set X ═ X1,x2,…,xnBelongs to a p-dimensional Euclidean space Rp, i.e. xk∈RpK is 1,2, …, n; the FCM algorithm uses a sum of squared errors function JFCMAs a clustering objective function:
Figure FDA0002838303990000014
Figure FDA0002838303990000021
Figure FDA0002838303990000022
wherein n is the number of samples; c is a given number of classes, and 1<c<n; m is called a weighted power exponent, which affects the ambiguity of the membership matrix; v. ofiThe cluster center of the ith class; u. ofikRepresenting a virus data object xkBelong to cluster CiThe degree of (d);
the virus classification module sets the number of clusters k to 2 and increments to
Figure FDA0002838303990000023
Respectively searching respective optimal cluster centers, and finally determining the cluster number and the corresponding cluster centers through the clustering effect index I (k) under each k value;
firstly, initializing a particle swarm size N, a maximum iteration number T, a variation amplitude coefficient lambda, an antibody similarity coefficient eta and a clustering number set X; according to the following formula
Figure FDA0002838303990000024
Normalized to X '═ X'1,x′2,…x′nAnd f, obtaining k with the maximum value as a clustering number by the clustering effect index I (k), and judging the optimal clustering result of the corresponding classified virus data set X.
2. The computer network defense decision making system of claim 1, wherein the post-virus defense detection module compares virus clustering results:
1) and (3) Purity: purity, another measure of how well a cluster obtained by running an algorithm contains objects of the original single class;
Figure FDA0002838303990000025
if the purity is higher, the clustering result obtained by the algorithm is closer to the known basic fact, and the clustering effect is better;
2) RI: the Rand statistic is a measure which takes the correlation degree of an ideal cluster similarity matrix and an ideal class similarity matrix as the clustering effectiveness; if two objects i and j are in the same cluster in the ideal cluster similarity matrix, the ijth item is 1, otherwise, the ijth item is 0; if two objects i and j are in the same class in the ideal class similarity matrix, the ijth item is 1, otherwise, the ijth item is 0; the Rand statistic can be calculated as follows:
Figure FDA0002838303990000031
wherein f is00Number of pairs of objects having different classes and different clusters
f01Number of pairs having different classes and the same cluster
f10Number of pairs of objects having the same class and different clusters
f11Number of pairs having the same class and the same cluster
The formula shows that the larger the Rand statistic is, the closer the clustering result obtained by the algorithm is to the known basic fact, and the better the clustering effect is;
3) error _ degree Error rate, wherein the number of virus data in the original virus data is T, and the number of virus data in the ith class is TiBy clustering, get the ith1Class corresponds to class i of the original virus data, and class i1The number of virus data belonging to the original i-th class in the virus data of the class is Ti1Then the error rate of class i is:
Figure FDA0002838303990000032
recording the number of the virus data points found by mistake in each class after clustering as T1', said viral data point belongs to the ith1Class i instead of class i, the total error rate is:
Figure FDA0002838303990000033
and (3) respectively applying different algorithms including a k-means algorithm, a PROCLUS _ clustering algorithm and a particle swarm high-dimensional clustering algorithm in the project to the plan, analyzing and comparing two groups of different virus data sets, counting the three clustering effectiveness measurement indexes, and giving specific experimental parameters and experimental analysis results.
CN201810316414.3A 2018-04-10 2018-04-10 Computer network defense decision-making system Active CN108540474B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810316414.3A CN108540474B (en) 2018-04-10 2018-04-10 Computer network defense decision-making system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810316414.3A CN108540474B (en) 2018-04-10 2018-04-10 Computer network defense decision-making system

Publications (2)

Publication Number Publication Date
CN108540474A CN108540474A (en) 2018-09-14
CN108540474B true CN108540474B (en) 2021-03-05

Family

ID=63479869

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810316414.3A Active CN108540474B (en) 2018-04-10 2018-04-10 Computer network defense decision-making system

Country Status (1)

Country Link
CN (1) CN108540474B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110784381B (en) * 2019-11-05 2021-04-13 安徽师范大学 Flow classification method based on particle calculation

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8407793B2 (en) * 2008-12-15 2013-03-26 At&T Intellectual Property I, L.P. Method and apparatus for providing mobile device malware defense
CN103905459A (en) * 2014-04-14 2014-07-02 上海电机学院 Cloud-based intelligent security defense system and defense method
CN104836805A (en) * 2015-05-04 2015-08-12 南京邮电大学 Network intrusion detection method based on fuzzy immune theory
CN106850551A (en) * 2016-12-12 2017-06-13 长春理工大学 Network security risk evaluation and Autonomous Defense system
CN107277070A (en) * 2017-08-15 2017-10-20 山东华诺网络科技有限公司 A kind of computer network instrument system of defense and intrusion prevention method
CN107612933A (en) * 2017-10-20 2018-01-19 广东岭南职业技术学院 A kind of novel computer internet worm system of defense

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5731223B2 (en) * 2011-02-14 2015-06-10 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation Abnormality detection device, monitoring control system, abnormality detection method, program, and recording medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8407793B2 (en) * 2008-12-15 2013-03-26 At&T Intellectual Property I, L.P. Method and apparatus for providing mobile device malware defense
CN103905459A (en) * 2014-04-14 2014-07-02 上海电机学院 Cloud-based intelligent security defense system and defense method
CN104836805A (en) * 2015-05-04 2015-08-12 南京邮电大学 Network intrusion detection method based on fuzzy immune theory
CN106850551A (en) * 2016-12-12 2017-06-13 长春理工大学 Network security risk evaluation and Autonomous Defense system
CN107277070A (en) * 2017-08-15 2017-10-20 山东华诺网络科技有限公司 A kind of computer network instrument system of defense and intrusion prevention method
CN107612933A (en) * 2017-10-20 2018-01-19 广东岭南职业技术学院 A kind of novel computer internet worm system of defense

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于粒子群的模糊聚类算法研究;李衍君;《佳木斯大学学报(自然科学版)》;20120315(第02期);281-284 *
粒子群聚类算法综述;李峻金等;《计算机应用研究》;20091215(第12期);4423-4427 *

Also Published As

Publication number Publication date
CN108540474A (en) 2018-09-14

Similar Documents

Publication Publication Date Title
Gao et al. An adaptive ensemble machine learning model for intrusion detection
Sinha et al. Efficient deep CNN-BiLSTM model for network intrusion detection
Zaman et al. Evaluation of machine learning techniques for network intrusion detection
Benaddi et al. Improving the intrusion detection system for NSL-KDD dataset based on PCA-fuzzy clustering-KNN
Li et al. Fileprints: Identifying file types by n-gram analysis
Andreoni Lopez et al. A fast unsupervised preprocessing method for network monitoring
Hu et al. False positive elimination in intrusion detection based on clustering
Amini et al. Effective intrusion detection with a neural network ensemble using fuzzy clustering and stacking combination method
Syarif et al. Data mining approaches for network intrusion detection: from dimensionality reduction to misuse and anomaly detection
Pathak et al. Study on decision tree and KNN algorithm for intrusion detection system
Jha et al. An immune inspired unsupervised intrusion detection system for detection of novel attacks
Somwang et al. Computer network security based on support vector machine approach
CN109951462A (en) A kind of application software Traffic anomaly detection system and method based on holographic modeling
CN108540474B (en) Computer network defense decision-making system
Khaleefah et al. Detection of iot botnet cyber attacks using machine learning
Eren et al. Malwaredna: Simultaneous classification of malware, malware families, and novel malware
CN112468498B (en) Cross-mode polymerization method for multi-source heterogeneous safety monitoring data of power distribution terminal
Chimphlee et al. Unsupervised clustering methods for identifying rare events in anomaly detection
Fries Classification of network traffic using fuzzy clustering for network security
Syaliman et al. Improving the Accuracy of Features Weighted k-Nearest Neighbor using Distance Weight
Kherbache et al. An Enhanced approach of the K-means clustering for Anomaly-based intrusion detection systems
Dharamkar et al. Cyber-attack classification using improved ensemble technique based on support vector machine and neural network
Alkafagi Build Network Intrusion Detection System based on combination of Fractal Density Peak Clustering and Artificial Neural Network
Rawat et al. Boosting classifiers for intrusion detection
Chliah et al. Hybrid Machine Learning-Based Approach for Anomaly Detection using Apache Spark

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant