CN108566364A - Intrusion detection method based on neural network - Google Patents
Intrusion detection method based on neural network Download PDFInfo
- Publication number
- CN108566364A CN108566364A CN201810036362.4A CN201810036362A CN108566364A CN 108566364 A CN108566364 A CN 108566364A CN 201810036362 A CN201810036362 A CN 201810036362A CN 108566364 A CN108566364 A CN 108566364A
- Authority
- CN
- China
- Prior art keywords
- neural network
- feature
- detection method
- attack
- intrusion detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
The invention discloses an intrusion detection method based on a neural network, which comprises the following steps: step 1) a detection step comprising: sniffing to acquire flow information of a connected host, judging which ports are opened or closed and which programs are running, and judging whether the system receives an attack or is about to receive the attack according to the information; step 2) a data preprocessing step, which comprises: giving a large number of training samples, selecting characteristics, preprocessing data, and identifying abnormality; step 3), an attack classification step comprises: classifying various attacks by using a neural network algorithm through a decision tree model, a support vector machine or a neural network model; and 4) an alarm step, which comprises the step of notifying the detected attack event so that a network administrator can make a decision in time and the loss caused by the attack behavior is reduced.
Description
Technical field
The invention belongs to a kind of intrusion detection methods based on neural network.
Background technology
With the development of internet, internet greatly facilitates people’s lives, more and more personal, corporations
Or government organs all rely on internet to commence business, some of which is the information or secret for being unwilling to be disclosed.By
In having some our enemies or competitor that can get the information with mandate without approval by means, one dangerous
System often personal, company or government organs is given to bring loss.Network intrusions behavior has greatly threatened secure internet connection
And secret protection.Due to the complexity of network, the diversity of attack means, attacker's is purposive, this all exacerbates network
The difficulty of intrusion detection.There are many methods currently on the market to ensure system safety, such as install fire wall, and encryption technology enters
Invade detecting system etc..The present invention mainly has found even to reduce intrusion behavior in terms of intruding detection system.
Intruding detection system (Intrusion Detection Systems), commonly referred to as IDS are that one kind passing through collection
The various information of sensory perceptual system and network, come analysis system and network activity, for preventing unwarranted attack.Deployment
The target of IDS is monitoring system activity, finds and prevent possible intrusion behavior in time, reduces property loss or prevents privacy from letting out
Dew etc..One intruding detection system mainly provides three functions:Monitoring system detects suspicious actions and generates safe police
Report.It is to allow network administrator to carry out security decision in time to generate safety alarm.The area of intruding detection system and fire wall
It is not:Fire wall according to certain rule is filtered the flow passed in and out just as a hedge, to prevent invading,
This is a passive process;And intruding detection system is to go detection and analysis system behavior to active, or to having worn long
The behavior of saturating fire wall is analyzed, to report goods network security.In practical applications, it often combines both, Xiang get
Benefit is evident, resists exotic invasive jointly.
Current intruding detection system both domestic and external can go to classify in terms of following three:
1. data source:The IDS of IDS and the two mixing of IDS, Intrusion Detection based on host based on flow analysis
2. IDS Framework:Misuse detection (misuse detection) and abnormality detection (anomaly
detection)
3. deployment way:Centralized detecting system and distributed detection system
The core concept of detecting system (anomaly based detection system) based on misuse is right first
Known abnormal behaviour carries out modeling analysis, obtains their some behavioural characteristics, then pre-defines these in systems
Characteristic information if meeting these features pre-defined in system, is judged as all behaviors in network
Otherwise attack is judged as normal access behavior.For example, snort, as soon as the intruding detection system of the lightweight increased income,
It is typical such IDS.It is this that known attack can be carried out well based on the detecting system of misuse
It prevents, but for new unknown attack, often seems helpless, therefore, this system needs a large amount of expert continuous
Ground goes the new attack method that analysis emerges one after another, for having deployed the user of this system, it is also desirable to often update him
Rule.
Core concept based on abnormal intruding detection system (anomaly based detection system) is logical
It crosses and modeling analysis is carried out to normal behaviour, in network activity, for alreading exceed the threshold value of normal behaviour, be determined as
It is abnormal.This abnormality detection system, also need not be a large amount of different by analyzing it can be found that unknown attacks before some
Chang Hangwei to define a rule for each attack, greatly reduces human activities.But this system needs just
True distinguishes normal behaviour and abnormal behaviour, and the boundary of theirs between the two is that comparison is fuzzy, compares and is difficult to accurately carve
It draws, so this system often will produce some false alarms.Although it is this " would rather mistake kill 1,000, be also reluctant to let off one
It is a " way it is somewhat extreme, but in network safety filed, when more particularly to great privacy or property, this is also one
Kind salvo, therefore the method based on abnormality detection is widely studied.
Invention content
Technical problem to be solved by the invention is to provide a kind of intrusion detection methods based on neural network, for solving
Problem of the existing technology.
It is as follows that the present invention solves the technical solution that above-mentioned technical problem is taken:
After said program,
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
It obtains it is clear that understand through the implementation of the invention.The purpose of the present invention and other advantages can be by the explanations write
Specifically noted structure is realized and is obtained in book, claims and attached drawing.
Description of the drawings
The present invention is described in detail below in conjunction with the accompanying drawings, so that the above-mentioned advantage of the present invention is definitely.Its
In,
Fig. 1 is the frame diagram of intruding detection system in the present invention
Fig. 2 is neural network in the present invention --- multi-layer perception (MLP) structure chart.
Specific implementation mode
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings and examples, how to be applied to the present invention whereby
Technological means solves technical problem, and the realization process for reaching technique effect can fully understand and implement.It needs to illustrate
As long as not constituting conflict, each embodiment in the present invention and each feature in each embodiment can be combined with each other,
It is formed by technical solution within protection scope of the present invention.
In addition, step shown in the flowchart of the accompanying drawings can be in the department of computer science of such as a group of computer-executable instructions
It is executed in system, although also, logical order is shown in flow charts, and it in some cases, can be to be different from herein
Sequence execute shown or described step.
The purpose of the invention is to overcome to be based on the shortcomings that misuse detection system can not find new attack behavior in time,
And the problems such as overcoming, hyper parameter computationally intensive for traditional neural network selection and new attack behavior emerge one after another
Problem, it is proposed that a kind of adaptive intruding detection system to be feedback based on neural network, the system include mainly following
Several steps:
Step 1) detects
Which port detection has open or close, which has primarily to being responsible for detecting system, such as flow sniff
Program is currently running, the important information in collection system, and by these information come judge system whether have received attack or i.e.
Attack will be received.The present invention is a kind of intruding detection system based on data on flows packet, so inside this module mainly
The flow information of sniff capture connection host.
Step 2) data prediction
The step is to detect exception.For given a large amount of training sample, which determines from feature selecting,
To data prediction, then arrive this abnormal process of identification.
Step 3) is classified
Sorting algorithm can be decision-tree model, support vector machines or neural network model etc..It is used in the present invention
Neural network algorithm is come various attacks of classifying.
Step 4) alarm
Alarm is in order to be notified for the attack that IDS has been detected by, so that network administrator can be in time
It makes a policy, reduces the loss that attack is brought.
Module 5) feedback
Network administrator can make a series of operation according to the alarm that system generates to current system;However, for
Normal access behavior is judged as that attack is judged as normal row by attack and false alarm by false-alarm report, that is, system
For the case where, the error that this system generates can be fed back to system by system manager, allow it constantly to learn, so as to after
Encountering such case can correctly make a policy.
Step 2) and following basic sub-step can be divided into above-mentioned technical proposal:
Step 2-1) feature selecting
A large amount of feature is contained inside collected data packet flow information, but in practical application, is not
All enough can obtain, some can even influence detection result, and feature can increase the scale of neural network too much, increase
Add computing cost, so present invention employs the methods of feature based engineering to carry out feature selecting, does not reduce accuracy of detection
In the case of, feature quantity can be reduced.
Step 2-2) feature coding
There is something Nominal Attribute in feature, needs to be converted into numerical attribute by using the mode of pseudo-coding
's.
Step 2-3) feature vector standardization
For the column data in eigenmatrix, there is the very poor bigger of some numerical value, and dimension also disunity, for this purpose,
Numerical value is standardized using z-score methods.
Neural network needs a large amount of sample set and is trained before really being able to classification, and the present invention uses KDD
99 data sets are trained.
Compared to the intruding detection system based on misuse, the present invention can be effectively found not based on abnormal detection
The new attack behavior known;Inspection can be improved by its powerful nonlinear fitting ability using the disaggregated model of neural network
The precision of survey.The difficult problem that hyper parameter selects when for neural metwork training, the present invention use Grid Search methods, can
Efficiently to select one group of hyper parameter for being suitble to current task;Using Feature Engineering, a large amount of network characterization is screened,
Input size can be reduced, computing cost is reduced;Using the mechanism of feedback, being system becomes a closed loop, can be in use
Constantly promote detection attacking ability.
1. the feature selecting based on SVM;
2. the IDS Framework based on MLP;
3. feedback mechanism makes system become a closed loop, model is continued to optimize in actual combat;
Hyper parameter selection based on Grid Search;
Step 1) captures data packet using open source software Winpcap, collected data packet format should be set as with
Format in training set KDD Cup 1999 is the same.
Step 2), data prediction part include mainly three sub-steps of feature selecting, data encoding and data normalization:
Step 2-1), select the upper limit of the direct precision for determining algorithm classification of feature, weight of the feature for testing result
The property wanted sequence is the basic norm of feature selecting.In a large amount of feature, it is thus necessary to determine which feature is important, which weight
The property wanted is general, which is useless.By the method for feature selecting, a part of useless or even harmful feature letter can be eliminated
Breath, this has great role for improving system detectio precision;In addition it is also possible to which eliminating some influences result smaller spy
Sign, can reduce the detection time of system in this way.It is most comprehensive that feature selection approach is exactly to combine the subset for selecting all features,
Then test is trained for each subset, sees which effect is best and time overhead is relatively low.If there is n feature,
Then have 2nA subset, this is practical for small-scale characteristic set, but for this packet of network data package informatin
Containing being less suitable for a large amount of attributive character.Therefore it is important to carry out feature that present invention employs another " elimination methods "
Property sequence.Specific algorithm is as follows:
Feature selecting algorithm based on SVM:
Input:41 all features of KDD Cup 1999 and required Characteristic Number k
Output:Subcharacter set
Algorithm:
1. building training set and test set
For each feature in characteristic set
2. deleting one of feature from training set and test set
3. training grader using remaining feature
4. analyzing the performance of grader, including accuracy of detection and predicted time expense
The importance for all features that sort, k feature feature the most final before taking
The present invention mainly uses two standards of whole accuracy of detection and predicted time expense to evaluate.According to general
SVM is compared applied to 40 data sets after one feature of the original data set for carrying 41 features and deletion, each
A characteristic attribute can all be labeled as " important ", " secondary " and " general " three grades.Define following rule:
Note:All it is that the data set containing 40 features is compared with the data set containing 41 features above.
Because being finally to select k characteristic value from 41 features, according to from " important " to " secondary important " again to " one
As " sequence, inside look for the preceding k of precision minimum.
Step 2-2), feature coding is primarily directed to Nominal Attribute.The input of neural network is that requirement is entirely numerical value,
And Nominal Attribute is a series of classification, so needing to convert them.It is main herein to be known as pseudo-coding using a kind of
The mode of (dummy code).Be exactly specifically, if a feature have 5 in classification, for some sample in this feature
Value is cls_2 on attribute, then this feature is finally expressed as { 0,1,0,0,0 }, 5 features are extended to by a feature.
Step 2-3), standardization is standardized for row of training data, and the characteristic value of sample is transformed into together
Under one dimension, data fit after treatment is just distributed very much.Z-score methods are used herein:
Wherein, μ is the mean value of all sample datas, and σ is the standard deviation of all sample datas.
Step 3), classification are the core components of intrusion detection.The present invention uses the god with powerful nonlinear fitting ability
Through network as sorting algorithm, multi-layer perception (MLP) (MLP) is a kind of common neural network algorithm.Multi-layer perception (MLP) is by a series of
Cascade neural unit and nonlinear activation function composition, including input layer, hidden layer and output layer, such as 2 institute of Figure of description
Show, behind one layer of input be one layer of front output result.MLP is a supervised learning algorithm, including propagated forward and mistake
Two processes of poor backpropagation.In the forward propagation process,
z(l+1)=W(l)a(l)+b(l)
a(l+1)=f (z(l+1)), for l=0,1,2 ..., n
Wherein, a0It is input, Wo MenyongTo indicate j-th of neural unit of connection l and i-th of nerve of l+1
Parameter between unit,It is to be initialized with the random number between -0.01 and 0.01;
Likewise, withTo indicate, in the amount of bias of i-th of neural unit of l+1, to be initialized as zero;F (z) is sharp
Function living, as sigmoid or tanh etc..
Wherein e is indicated with natural number.
We train our neural network by gradient decline.More formalization representation, for a training sample
(x, y), the cost function about this training sample are defined as:
Wherein hW,b(x) given input x is indicated, by the result of neural computing.
In back-propagation process, we update our parameter using following formula.
Wherein α is learning rate, and J (W, b) indicates loss function.
Step 4), generating alarm is notified in time to work as when intruding detection system has detected abnormal access behavior
Network administrator.
Step 5), the intruding detection system based on abnormality detection usually has higher empty alarm rate, in order to reduce false
Alert rate, using feedback mechanism.The concrete operations of feedback mechanism be when system produces alarm, but it is practical do not attack,
At this time system can be synchronous with newly arriving data center by this initial data and the classification results of mistake.It then regularly can be again
Training neural network algorithm, updates the parameter of the inside.By feedback mechanism, system is formed into a closed loop, system can be allowed to exist
Constantly become " clever " during use, classification results are more accurate.
Described above is the operational process of whole system, but before sorting algorithm can be classified, it is also necessary to it is right
MLP is trained.
The present invention is trained using Grid Search (lattice search) methods.Grid Search concrete operations are exactly first
A series of hyper parameters for needing to optimize are defined, include herein the number of plies of hidden layer and the number of each layer of neural unit,
The selection sigmoid or tanh of activation primitive, if L2 regularizations are added }, then again by way of permutation and combination, combination
Go out all possible form, the setting for being finally directed to each group of hyper parameter is trained, and highest one group of selection sort precision is super
Parameter is as final parameter setting.
It should be noted that for above method embodiment, for simple description, therefore it is all expressed as a series of
Combination of actions, but those skilled in the art should understand that, the application is not limited by the described action sequence because
According to the application, certain steps can be performed in other orders or simultaneously.Secondly, those skilled in the art should also know
It knows, embodiment described in this description belongs to preferred embodiment, involved action and module not necessarily the application
It is necessary.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.
It can be used in the computer that one or more wherein includes computer usable program code moreover, the application can be used
The computer program product implemented on storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
Form.
Finally it should be noted that:The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention,
Although the present invention is described in detail referring to the foregoing embodiments, for those skilled in the art, still may be used
With technical scheme described in the above embodiments is modified or equivalent replacement of some of the technical features.
All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in the present invention's
Within protection domain.
Claims (11)
1. a kind of intrusion detection method based on neural network, which is characterized in that including:
Step 1) detecting step, including:Which port the flow information of sniff capture connection host, judgement have beat on or off
It closes, there is which program to be currently running, and attack is attacked or will receive to judge whether system has received by these information;
Step 2) data prediction step, including:A large amount of training sample is given, and selects feature, then carries out data prediction,
And identify exception;
Step 3) Attack Classification step, including:By decision-tree model, support vector machines or neural network model, god is used
Classify through network algorithm various attacks;
Step 4) alarm step, including:The attack having been detected by is notified, so that network administrator can be timely
Ground makes a policy, and reduces the loss that attack is brought.
2. the intrusion detection method according to claim 1 based on neural network, which is characterized in that further comprise:Mould
Block 5) feedback step, including:The alarm that network administrator generates according to system makes a series of operation to current system;
Attack and false alarm, which judge attack, to be judged as by normal access behavior for false-alarm report, that is, system
For normal behaviour the case where, the error that this system generates is fed back to system by system manager, it is allowed constantly to learn, so as to
Encountering such case later can correctly make a policy.
3. the intrusion detection method according to claim 1 based on neural network, which is characterized in that in step 2), specifically
Including following sub-step:
Step 2-1) feature selecting sub-step, including:The method of feature based engineering carries out feature selecting, is not thus reducing
In the case of accuracy of detection, feature quantity can be reduced;
Step 2-2) feature coding sub-step, including:There to be something Nominal Attribute in feature, by using the mode of pseudo-coding
It is converted into numerical attribute;
Step 2-3) feature vector normalizer step, including:It is for the column data in eigenmatrix, numerical value is very poor bigger
Or dimension also skimble-scamble data, numerical value is standardized using z-score methods.
4. the intrusion detection method according to claim 1 based on neural network, which is characterized in that in step 2), also wrap
It includes:In neural network before really being able to classification, it is trained using 99 data sets of KDD.
5. the intrusion detection method according to claim 1 based on neural network, which is characterized in that in step 1), use
Open source software Winpcap captures data packet, and collected data packet format should be set as with training set KDD Cup 1999
In format it is the same.
6. the intrusion detection method according to claim 3 based on neural network, which is characterized in that step 2-1) in, tool
Body includes:
Feature selecting algorithm based on SVM, wherein input as 41 all features of KDD Cup 1999 and required feature
Number k exports as subcharacter set;
Including:Structure training set and test set delete each feature in characteristic set from training set and test set
One of feature trains grader using remaining feature, analyzes the performance of grader, including when accuracy of detection and prediction
Between expense, the importance for all features that sort, the most final feature of k feature before taking.
7. the intrusion detection method according to claim 3 based on neural network, which is characterized in that step 2-2) in, tool
Body includes:
Feature coding is carried out in such a way that one kind being known as pseudo-coding (dummy code).
8. the intrusion detection method according to claim 3 based on neural network, which is characterized in that step 2-3) in, tool
Body includes:Standardization is standardized for row of training data, and the characteristic value of sample is transformed under the same dimension,
Data fit after treatment is just distributed very much, and uses z-score methods:
Wherein, μ is the mean value of all sample datas, and σ is the standard deviation of all sample datas.
9. the intrusion detection method according to claim 1 based on neural network, which is characterized in that in step 3), specifically
Including:
Using multi-layer perception (MLP) (MLP) neural network algorithm with powerful nonlinear fitting ability as sorting algorithm;
Multi-layer perception (MLP) is made of a series of cascade neural units and nonlinear activation function, including input layer, hidden layer and
Output layer, behind one layer of input be one layer of front output result;
MLP is a supervised learning algorithm, including two processes of propagated forward and error back propagation;
In the forward propagation process,
z(l+1)=W(l)a(l)+b(l)
a(l+1)=f (z(l+1)), for l=0,1,2 ..., n
Wherein, a0It is input, Wo MenyongCome indicate connection l j-th of neural unit and l+1 i-th of neural unit
Between parameter,It is to be initialized with the random number between -0.01 and 0.01;
Likewise, withTo indicate, in the amount of bias of i-th of neural unit of l+1, to be initialized as zero;F (z) is activation primitive
Sigmoid or tanh;
Wherein e is indicated with natural number;
Our neural network is trained by gradient decline, including:
For a training sample (x, y), the cost function about this training sample is defined as:
Wherein hW,b(x) given input x is indicated, by the result of neural computing;
In back-propagation process, we update our parameter using following formula:
Wherein α is learning rate, and J (W, b) indicates loss function.
10. the intrusion detection method according to claim 2 based on neural network, which is characterized in that in step 5), specifically
Including:
When system produces alarm, but reality is not attacked, and at this time system can be by this initial data and mistake
Classification results are synchronized with newly arriving data center;
Then regularly can re -training neural network algorithm, update the inside parameter;By feedback mechanism, system is formed one
A closed loop.
11. the intrusion detection method according to claim 9 based on neural network, which is characterized in that further include:To MLP
It is trained, including:
It is trained using Grid Search (lattice search) methods;
Wherein, Grid Search concrete operations are exactly to define a series of hyper parameters for needing to optimize first, include { hidden herein
Hide the number of plies of layer and the number of each layer of neural unit, the selection sigmoid or tanh of activation primitive, if L2 is added
Regularization };
Again by way of permutation and combination, it is combined into all possible form;
Finally be directed to each group of hyper parameter setting be trained, the highest one group of hyper parameter of selection sort precision as finally
Parameter setting.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810036362.4A CN108566364B (en) | 2018-01-15 | 2018-01-15 | Intrusion detection method based on neural network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810036362.4A CN108566364B (en) | 2018-01-15 | 2018-01-15 | Intrusion detection method based on neural network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108566364A true CN108566364A (en) | 2018-09-21 |
CN108566364B CN108566364B (en) | 2021-01-12 |
Family
ID=63530810
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810036362.4A Active CN108566364B (en) | 2018-01-15 | 2018-01-15 | Intrusion detection method based on neural network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108566364B (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109379377A (en) * | 2018-11-30 | 2019-02-22 | 极客信安(北京)科技有限公司 | Encrypt malicious traffic stream detection method, device, electronic equipment and storage medium |
CN109525548A (en) * | 2018-09-25 | 2019-03-26 | 平安科技(深圳)有限公司 | A kind of white list updating method based on cost function, device and electronic equipment |
CN109525577A (en) * | 2018-11-09 | 2019-03-26 | 四川大学 | Malware detection method based on HTTP behavior figure |
CN109582724A (en) * | 2018-12-07 | 2019-04-05 | 厦门铅笔头信息科技有限公司 | Distributed automated characterization engineering system framework |
CN109948649A (en) * | 2019-02-04 | 2019-06-28 | 复旦大学 | The softward interview behavioral data character representation method of data-oriented opening and shares |
CN109981596A (en) * | 2019-03-05 | 2019-07-05 | 腾讯科技(深圳)有限公司 | A kind of host external connection detection method and device |
CN110213287A (en) * | 2019-06-12 | 2019-09-06 | 北京理工大学 | A kind of double mode invasion detecting device based on ensemble machine learning algorithm |
CN110719289A (en) * | 2019-10-14 | 2020-01-21 | 北京理工大学 | Industrial control network intrusion detection method based on multilayer feature fusion neural network |
CN110995815A (en) * | 2019-11-27 | 2020-04-10 | 大连民族大学 | Information transmission method based on Gaia big data analysis system |
CN111314329A (en) * | 2020-02-03 | 2020-06-19 | 杭州迪普科技股份有限公司 | Traffic intrusion detection system and method |
CN112085281A (en) * | 2020-09-11 | 2020-12-15 | 支付宝(杭州)信息技术有限公司 | Method and device for detecting safety of business prediction model |
CN112887326A (en) * | 2021-02-23 | 2021-06-01 | 昆明理工大学 | Intrusion detection method based on edge cloud cooperation |
CN114500018A (en) * | 2022-01-17 | 2022-05-13 | 武汉大学 | Web application firewall security detection and reinforcement system and method based on neural network |
CN114596535A (en) * | 2022-03-22 | 2022-06-07 | 天目爱视(北京)科技有限公司 | Non-contact doorbell visiting processing method and related equipment |
CN115174268A (en) * | 2022-09-05 | 2022-10-11 | 北京金睛云华科技有限公司 | Intrusion detection method based on structured regular term |
CN115906927A (en) * | 2022-11-29 | 2023-04-04 | 李星 | Data access analysis method and system based on artificial intelligence and cloud platform |
CN116232772A (en) * | 2023-05-08 | 2023-06-06 | 中国人民解放军国防科技大学 | Unsupervised network data intrusion detection method based on ensemble learning |
-
2018
- 2018-01-15 CN CN201810036362.4A patent/CN108566364B/en active Active
Cited By (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109525548A (en) * | 2018-09-25 | 2019-03-26 | 平安科技(深圳)有限公司 | A kind of white list updating method based on cost function, device and electronic equipment |
CN109525548B (en) * | 2018-09-25 | 2021-10-29 | 平安科技(深圳)有限公司 | White list updating method and device based on cost function and electronic equipment |
CN109525577B (en) * | 2018-11-09 | 2021-08-20 | 四川大学 | Malicious software detection method based on HTTP behavior diagram |
CN109525577A (en) * | 2018-11-09 | 2019-03-26 | 四川大学 | Malware detection method based on HTTP behavior figure |
CN109379377A (en) * | 2018-11-30 | 2019-02-22 | 极客信安(北京)科技有限公司 | Encrypt malicious traffic stream detection method, device, electronic equipment and storage medium |
CN109379377B (en) * | 2018-11-30 | 2020-12-08 | 极客信安(北京)科技有限公司 | Encrypted malicious traffic detection method and device, electronic equipment and storage medium |
CN109582724A (en) * | 2018-12-07 | 2019-04-05 | 厦门铅笔头信息科技有限公司 | Distributed automated characterization engineering system framework |
CN109948649A (en) * | 2019-02-04 | 2019-06-28 | 复旦大学 | The softward interview behavioral data character representation method of data-oriented opening and shares |
CN109948649B (en) * | 2019-02-04 | 2023-03-24 | 复旦大学 | Data open sharing-oriented software access behavior data characteristic representation method |
CN109981596A (en) * | 2019-03-05 | 2019-07-05 | 腾讯科技(深圳)有限公司 | A kind of host external connection detection method and device |
CN110213287A (en) * | 2019-06-12 | 2019-09-06 | 北京理工大学 | A kind of double mode invasion detecting device based on ensemble machine learning algorithm |
CN110213287B (en) * | 2019-06-12 | 2020-07-10 | 北京理工大学 | Dual-mode intrusion detection device based on integrated machine learning algorithm |
CN110719289A (en) * | 2019-10-14 | 2020-01-21 | 北京理工大学 | Industrial control network intrusion detection method based on multilayer feature fusion neural network |
CN110995815B (en) * | 2019-11-27 | 2022-08-05 | 大连民族大学 | Information transmission method based on Gaia big data analysis system |
CN110995815A (en) * | 2019-11-27 | 2020-04-10 | 大连民族大学 | Information transmission method based on Gaia big data analysis system |
CN111314329B (en) * | 2020-02-03 | 2022-01-28 | 杭州迪普科技股份有限公司 | Traffic intrusion detection system and method |
CN111314329A (en) * | 2020-02-03 | 2020-06-19 | 杭州迪普科技股份有限公司 | Traffic intrusion detection system and method |
CN112085281B (en) * | 2020-09-11 | 2023-03-10 | 支付宝(杭州)信息技术有限公司 | Method and device for detecting safety of business prediction model |
CN112085281A (en) * | 2020-09-11 | 2020-12-15 | 支付宝(杭州)信息技术有限公司 | Method and device for detecting safety of business prediction model |
CN112887326A (en) * | 2021-02-23 | 2021-06-01 | 昆明理工大学 | Intrusion detection method based on edge cloud cooperation |
CN114500018A (en) * | 2022-01-17 | 2022-05-13 | 武汉大学 | Web application firewall security detection and reinforcement system and method based on neural network |
CN114500018B (en) * | 2022-01-17 | 2022-10-14 | 武汉大学 | Web application firewall security detection and reinforcement system and method based on neural network |
CN114596535A (en) * | 2022-03-22 | 2022-06-07 | 天目爱视(北京)科技有限公司 | Non-contact doorbell visiting processing method and related equipment |
CN115174268A (en) * | 2022-09-05 | 2022-10-11 | 北京金睛云华科技有限公司 | Intrusion detection method based on structured regular term |
CN115906927A (en) * | 2022-11-29 | 2023-04-04 | 李星 | Data access analysis method and system based on artificial intelligence and cloud platform |
CN115906927B (en) * | 2022-11-29 | 2023-11-03 | 北京国联视讯信息技术股份有限公司 | Data access analysis method and system based on artificial intelligence and cloud platform |
CN116232772A (en) * | 2023-05-08 | 2023-06-06 | 中国人民解放军国防科技大学 | Unsupervised network data intrusion detection method based on ensemble learning |
CN116232772B (en) * | 2023-05-08 | 2023-07-07 | 中国人民解放军国防科技大学 | Unsupervised network data intrusion detection method based on ensemble learning |
Also Published As
Publication number | Publication date |
---|---|
CN108566364B (en) | 2021-01-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108566364A (en) | Intrusion detection method based on neural network | |
CN111914256B (en) | Defense method for machine learning training data under toxic attack | |
Khan et al. | Malicious insider attack detection in IoTs using data analytics | |
Ektefa et al. | Intrusion detection using data mining techniques | |
Joo et al. | The neural network models for IDS based on the asymmetric costs of false negative errors and false positive errors | |
Lopez-Rojas et al. | Money laundering detection using synthetic data | |
US11699160B2 (en) | Method, use thereof, computer program product and system for fraud detection | |
CN110348528A (en) | Method is determined based on the user credit of multidimensional data mining | |
Savage et al. | Detection of money laundering groups: Supervised learning on small networks | |
CN107846389B (en) | Internal threat detection method and system based on user subjective and objective data fusion | |
Nadiammai et al. | A comprehensive analysis and study in intrusion detection system using data mining techniques | |
Kumar et al. | Comprehensive Review on Intrusion Detection System and Techniques | |
CN115687758A (en) | User classification model training method and user detection method | |
CN110365625A (en) | Internet of Things safety detection method, device and storage medium | |
CN110347669A (en) | Risk prevention method based on streaming big data analysis | |
Zhang et al. | A hierarchical clustering strategy of processing class imbalance and its application in fraud detection | |
Ogunde et al. | A decision tree algorithm based system for predicting crime in the university | |
Herrera-Semenets et al. | A framework for intrusion detection based on frequent subgraph mining | |
Lasky et al. | Machine Learning Based Approach to Recommend MITRE ATT&CK Framework for Software Requirements and Design Specifications | |
Shrivastava et al. | Cyber attack detection and classification based on machine learning technique using nsl kdd dataset | |
Alves et al. | Evaluating the behaviour of stream learning algorithms for detecting invasion on wireless networks | |
Majeed et al. | Propose hmnids hybrid multilevel network intrusion detection system | |
Kai et al. | Anomaly detection on dns traffic using big data and machine learning | |
Zhang et al. | An Intelligent Network Intrusion Detector Using Deep Learning Model | |
Abbas | IDS Feature Reduction Using Two Algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |