CN109995722A - Magnanimity detection data analysis system towards APT protection - Google Patents
Magnanimity detection data analysis system towards APT protection Download PDFInfo
- Publication number
- CN109995722A CN109995722A CN201711489965.1A CN201711489965A CN109995722A CN 109995722 A CN109995722 A CN 109995722A CN 201711489965 A CN201711489965 A CN 201711489965A CN 109995722 A CN109995722 A CN 109995722A
- Authority
- CN
- China
- Prior art keywords
- data
- analysis
- detection
- layer
- magnanimity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention discloses a kind of magnanimity detection data analysis systems towards APT protection, which includes: data collection layer and data analysis layer;Wherein, the data collection layer is adjacent by physical location or non-conterminous several magnanimity heterogeneous data sources form, and is responsible for the data analysis layer and provides the secure data and scene of multi-angle;The data analysis layer is responsible for subscribing to the data of the data collection layer according to association analysis rule, to be analyzed and processed.The present invention program carries out depth association analysis to monitor and detection data using big data technology, can not only realize early warning in advance, can also realize in thing and block, can also be achieved post-audit and trace to the source.
Description
Technical field
The invention belongs to big data analysis technical fields, are related to a kind of magnanimity detection data analysis system towards APT protection
System.
Background technique
The i.e. advanced duration of APT (advanced persistent threat) threatens attack, is different from traditional net
Network people invades, and APT stresses to permeate and obtains information, to steal business and government core information assets as the main purpose.
The characteristics of APT shows on A and P2 characteristic: A represents Advanced, and it is superb to be mainly manifested in attack means, attacks
It hits behavioural characteristic to be difficult to extract, attack single-point concealment is strong, attacks channel diversities and attack space is uncertain.P is represented
Persistent is mainly manifested in attack persistently and cover time is long, it makes random attack of the Cyberthreat from stragglers and disbanded soldiers' formula
Become the attack of purposeful, organized, premeditated group formula, makes traditional defence based on real-time detection, real-time blocking
Mode is difficult to play a role again.
Currently, APT attack has tended to explosive growth.Though the great attention of government and enterprise has been caused,
Existing defense schemes mostly have certain limitation, can not cover the overall situation, and so as to cause to fail to report, and many products are only
APT attack can be detected, real-time guard function can not be but provided.
Summary of the invention
It is an object of that present invention to provide a kind of magnanimity detection data analysis systems towards APT protection, for this population of APT
Body formula attacks the detection technique bring enormous impact to traditional based on real-time monitoring, real-time blocking, utilizes big data
Technology carries out depth association analysis to monitor and detection data, can not only comprehensive analysis goal systems whether there is the wind attacked
Danger, and then realize early warning in advance, it is also seen that ongoing attack, more accurately understands intention and backward tracing, realize
It to the comprehensive analysis of threat, so that relevant strategy be taken to prevent attack in time, realizes and is blocked in thing, also safety can be examined simultaneously
It counts information and carries out big data analysis, according to the historic state and evolution process of tracking reproduction path data, realize that post-audit is traced back
Source.
In order to solve the above technical problems, the present invention adopts the following technical scheme that: a kind of magnanimity detection towards APT protection
Data analysis system, the system include: data collection layer and data analysis layer;Wherein, the data collection layer is by physical bit
Adjacent or non-conterminous several magnanimity heterogeneous data source compositions are set, the data analysis layer is responsible for and the safe number of multi-angle is provided
According to and scene;The data analysis layer is responsible for subscribing to the data of the data collection layer according to association analysis rule, to carry out
Analysis processing.
Further, the data source of the data collection layer includes traffic mirroring, firewall, UDS and IPS etc..
Further, the data analysis layer is by safety detection module, security audit module and big data association analysis
Module composition.
Further, the safety detection module includes low level detection and high-order detection function.
Further, the big data association analysis module contains lateral association analysis and longitudinal association analysis function.
Further, the security audit module comprising leak analysis and attacks function of tracing to the source.
The present invention have compared with prior art it is below the utility model has the advantages that
The present invention program is attacked for this kind of groups formula of APT to traditional inspection based on real-time monitoring, real-time blocking
Survey technology bring enormous impact carries out depth association analysis to monitor and detection data using big data technology, and then realizes thing
Preceding early warning and comprehensive analysis to threat take relevant strategy to prevent attack in time, realize and block in thing and post-audit
It traces to the source.
Detailed description of the invention
Fig. 1 is the general frame figure of the magnanimity detection data analysis system towards APT protection.
Specific embodiment
With reference to the accompanying drawing and specific embodiment to the present invention carry out in further detail with complete explanation.It is understood that
It is that described herein the specific embodiments are only for explaining the present invention, rather than limitation of the invention.
Referring to Fig.1, a kind of magnanimity detection data analysis system towards APT protection of the invention, which includes: data
Acquisition layer and data analysis layer;Wherein, the data analysis layer is responsible for subscribing to the data acquisition according to association analysis rule
The data of layer, to be analyzed and processed;The data source of the data collection layer includes traffic mirroring, firewall, UDS, IPS
It waits a series of physical position adjacent or non-conterminous several magnanimity heterogeneous data source compositions, is responsible for the data analysis layer and provides
The secure data and scene of multi-angle.
Data analysis layer has safety detection module, security audit module and big data association analysis module, wherein safety inspection
Survey module includes low level detection module and high-order detection module again, and big data association analysis module is divided into lateral association analysis module
With longitudinal association analysis module, security audit module is divided into leak analysis module and attacks module of tracing to the source, and each module is by a variety of
Technology is realized.
1) low level detection module
Permission is obtained since APT generallys use Oday loophole, is remotely controlled by unknown wooden horse, and tradition is based on spy
Levying matched detection device always will first capture malicious code sample, could extract feature and carry out attack recognition based on feature,
This there is inborn hysteresis quality.Low level detection is the subsystem of the anomaly alarm emergency response platform of terminaloriented.System
System has essential technology to distinguish with traditional protection capacity of safety protection software.Safety enhancing module uses anomaly theoretical model, can not only
It is enough that known threat is effectively monitored, while can be to unknown threat discovery in time.
Anomaly analysis with early warning subsystem include apply anomaly module, system exception discovery module, communicate it is different
Normal discovery module, transmission abnormality discovery module, data exception discovery module and other anomaly modules.Internal main logic is
It is associated with anomaly, decision judgement and early warning.Association anomaly is the hazard rating for judging to collect extremely according to policy library information,
That is risk carries out 2 suppositions to potential threat;Its policy library can be communicated with high position monitoring by I/O interface and is updated, in advance
It is alert, the 3rd deduction is carried out to threat according to user property library information, and abnormal data set can be uploaded by I/O interface, to seek
It asks more accurate the 4th to threaten to infer.The data in user property library can independently be defined by user or by being associated with each mould
The result set for the user operation habits that block is collected slowly is adjusted and is generated.The purpose for constructing user property library is association user
Social property, to perceive the threat infiltration of customization.Low level detection can not only support high-order detection, can also pass through early warning I/
Warning information is sent to other security protection systems, such as antivirus software, sweet net and firewall by the output interface of O.
2) high-order detection module
High position detection is the core of the anomaly alarm emergency response platform in face of source and approach.A high position detects excellent
Gesture is that the exception for finding a large amount of backbone networks can be captured, excavates the resource of a large amount of attack implementers of discovery, it is big to detect discovery
Measure source malicious application.It is associated with low level detection data, the ability that high-order detection can be made to have " the big visual field " can be analyzed effectively
It was found that unknown threat, traces attacker's identity, reply APT attack.
High-order detection technique includes quickly being identified to network service and sorting technique based on stream mode;Based on information theory
Cognition identification and Feature Extraction Technology are carried out to flow;Network monitor technology based on content analysis;The inspection of Behavior-based control feature
Survey technology;Centered on network data flow and network behavior, multi-orientation detection analytical calculation anomaly technology;For detection point
Analyse the Network Abnormal technology obtained;Using multi-layer network association and Data fusion technique extremely;Multi-layer network is associated with extremely
Rule base constructing technology etc..
High position detection establishes the visit of normal users network by the feature of the protocal layers such as IP layers of statistics, transport layer, application layer
It asks model, detects possible abnormal behaviour, the speed including flow transmission abnormality, DNS becomes the exception of attack and other wooden horses
Network behavior.The different behavioural characteristics for studying user on business network and entrance network, respectively to business network behavioural characteristic
Exception Model is established with border networks behavioural characteristic, finds unknown threat.The core of high position detection is abnormal decision engine, low level
Detection data provides support by I/O interface for high-order anomaly decision.Furthermore transmission abnormality discovery module in low level detection
In abnormal data packet can also pass through the incoming high-order detection architecture of I/O interface corresponding with network information flow and carry out depth analysis.
The result of abnormal decision engine can be exported by corresponding I/O interface, detected and referred to for low level.The result set of anomaly can also lead to
It crosses I/O interface and provides technical support for other security protection platforms.
3) security audit module
It includes the logs sum numbers such as system log, resource use, user behavior and network flow that security audit module, which is collected,
It traces to the source data collected by submodule preliminary analysis according to record, and using leak analysis submodule and attack, it is traditional except using
Outside the analysis methods such as blacklist, white list, more to carry out comprehensive analysis in conjunction with big data association analysis module, with from it is a large amount of,
Potential threat problem is excavated in the log recording and data record mixed.
4) big data association analysis module
Analysis and data mining are associated to low level detection and the monitoring data of high-order detection, security audit information, looked for
Correlation between record out, finds new feature.Artificial classification or cluster are carried out for the sample data excavated, with
The method of machine learning classification results construction feature library training set, is continuously improved the classification accuracy of feature database.
Log recording, high-order detection module and the low level detection mould that security audit module is collected using big data technology
The monitoring data of block carries out big data association analysis, whether there is the possibility attacked with comprehensive analysis goal systems, realizes thing
Preceding early warning.Big data analysis is carried out to ongoing attack, can more accurately understand intention and backward tracing, is realized to prestige
The comprehensive analysis of the side of body is realized and is blocked in thing so that relevant strategy be taken to prevent attack in time.Simultaneously to the peace of attack overall process
Full audit information carries out big data analysis, according to the historic state and evolution process of tracking reproduction path data, realizes subsequent examine
Meter is traced to the source.
Detection data, business-critical, log, context and the information of outside that all kinds of APT attack detecting tools generate
Information etc. forms the mass data with a variety of different structures.It is the multi-source of data, how structural, long timing, low close
Degree property brings protection challenge to the defence method of big data analysis.How big data technical treatment analysis number is effectively utilized
According to being critical issue.
1) data management technique
In current big data era, once developed perfect relation data management system (RDBMS) and encounter data type list
One, the difficulties such as scalability deficiency.With the growth of data volume, the elementary tactics of data analysis is that calculating is pushed to data, without
It is that data are pushed to calculate.In recent years, non-relation data administrative skill is a dark horse, and is carried out to a plurality of types of data effective
Management, processing and analysis;Good system performance is obtained by parallel processing technique;And met with the scalability of its height continuous
The processing requirement of the data volume of growth.
The data of data engine of the relational database as core, various sources lead relationship database by ETL tool
System.Client utility realizes the report generation of routine by sql like language.For complicated analysis, the ability to express of SQL is just
Expose its limitation.If data are extracted from database, after importing frontal chromatography tool (SAS.SPSS) progress
Continuous analysis, it is mobile to will lead to a large amount of data.The data-handling capacity of frontal chromatography tool will be limited by memory size simultaneously, number
It will have a greatly reduced quality according to analysis efficiency.In addition, since current data tend to type multiplicity, huge, the tissue of relational database
The challenge of large-scale Higher Dimensional Space Time data can not have been coped with processing capacity.Therefore, it induces one in data analysis process parallel
It calculates, will be the inevitable choice for realizing high-performance data management.
It is the non-relation data administrative skill of representative from storage model and calculating using MapReduce technology relative to RDBMS
Higher fault-tolerance, stronger scalability are supported on model, provide good operation platform guarantee for big data analysis, together
When, it is difficult to it is easier to calculate function representation with MapReduce with the analysis task that SQL is expressed.It is aimed to solve the problem that as one kind
The concurrent technique frame of extensive unstructured data rapid batch processing, MapReduce obtain significant progress.In order to gram
The too simple caused degraded performance problem of dispatching algorithm is taken, towards differences such as multi-core CPU, GPU, heterogeneous system and cloud platforms
The scheduling strategy of environment is optimised.By defining the logical model of flow chart of data processing, model conversion algorithm and code are used
Logical model is converted physical model by generating algorithm, realizes the support of data processing of the MapReduce to multi-data source.It is logical
It crosses intermediate result caching, streamlined and localization and improves the Data Stream Processing ability of MapReduce, and then propose that one kind is directed to
The real-time MapReduce method of high-speed sensor data flow.
In order to detect the behavior for each phase of the attack that APT is attacked from the data of various dimensions, it is necessary to be carried out to data deep
The analysis entered, rather than only generate simple report.The analysis of this complexity is necessarily dependent upon complicated analysis model, is difficult
It is expressed with SQL, belongs to depth analysis.Therefore, in face of the challenge of big data depth analysis, it is with MapReduce technology
The non-relation data administrative skill represented has apparent advantage.
2) depth analysis technology
Techtarget is using complex data processing technique from comprising structuring, unstructured to the definition of depth analysis
And semi-structured multi-source data is concentrated and obtains knowledge.It is from the demand of user, in such a way that effective, user are acceptable pair
Large amount of complex distributed data is analyzed, extracted and is summarized, to provide corresponding guidance for user's decision.
Due to depth analysis it is generally necessary to complete the accurate positioning and complex query of PB grades of even EB grades data, and it is usually used in
Need in real time and the environment that responds of near real-time, typical data analysis operation (such as: assembling, rotate, be sliced and summarize) without
Method meets its requirement, and need to induce one more complicated analytical technology, such as: time series analysis, path analysis, What-if analysis,
Social network analysis and the sophisticated statistical model that do not attempted due to hardware/software limitation.Below to time sequence
Column analysis and map analysis are simply introduced:
1. time series analysis.Time series analysis adds chronological data sequence using the method for mathematical statistics
With processing, and the following things development trend is predicted with this.It had both recognized the continuity of things development it is also contemplated that things development
Randomness.Since time series analysis has the characteristics of predicting Future Data according to historical data, therefore it is commonly applied to market and dives
Measure the fields such as prediction, weather forecast, hydrologic forecast, national economy macro-control and enterprise operation and management.
2. social network analysis and Large Scale Graphs analysis.Social network analysis lays particular emphasis on the mode of relationship and relationship, general
In thought, the ways and means of use are different from traditional statistical analysis and data processing method.1 node on behalf society in the figure
Understand 1 independent entity in network, 1 side between 2 points represents the connection between entity.It, can be with using social network analysis
Obtaining critical entities in some useful knowledge, such as discovery network etc., (critical entities connect each group in network
Together).These information can be used for the fields such as the analysis of public opinion, product sale and potential threat prediction.
Based on the complexity and polyphyly feature of APT attack data, being introduced into depth analysis can be effectively from historical data
Knowledge is extracted, and nonevent attack is predicted with this, is prevented trouble before it happens.
3) big data digging technology
It is a kind of important safety detection technology based on the safety detection that big data is excavated.Traditional data mining algorithm base
In serial computing, it is limited to handle data scale, once moving to big data environment, execution efficiency can decline to a great extent or even can not
Operation, is unable to satisfy the demand of current big data era.
Cloud computing is big data analysis and the computing platform that digging technology can rely on, and big data focuses on to magnanimity number
According to excavation and analysis, single computer can not be used only and complete operation, and distributed computing architecture must be used.Therefore, according to
Distributed treatment, distributed data base, cloud storage and the virtualization technology of support cloud computing are to improve having for big data digging efficiency
Calculating task dispersion is run simultaneously on a different computer, various application systems is made to can according to need acquisition by effect means
Storage resource, computing resource and other Service Sources.The high performance such as MapReduce, Hadoop, Spark, high scalability it is parallel
Calculation and programming model, distributed big data processing frame and related key technical continue to bring out and develop, so that big data
Data storage and distributed computing become a reality.Based on calculating in a distributed manner, big data digging technology can preferably be
Safety detection problem based on big data provides new theory and technical support.The safety detection skill excavated currently based on big data
Art mainly studies the parallelization strategies of various data mining algorithms, novel big data method for digging based on distributed computing and
Large-scale anomaly analysis and detection etc. are realized on MapReduce, Spark frame.
The above description is only a preferred embodiment of the present invention, is not intended to restrict the invention, for those skilled in the art
For, the invention can have various changes and changes.All any modifications made within the spirit and principles of the present invention are equal
Replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (6)
1. the magnanimity detection data analysis system towards APT protection, which is characterized in that the system comprises: data collection layer with
And data analysis layer;Wherein, the data collection layer is by physical location is adjacent or non-conterminous several magnanimity heterogeneous data source groups
At being responsible for the data analysis layer and provide the secure data and scene of multi-angle;The data analysis layer is responsible for according to association
Analysis rule subscribes to the data of the data collection layer, to be analyzed and processed.
2. the magnanimity detection data analysis system according to claim 1 towards APT protection, which is characterized in that the number
Data source according to acquisition layer includes traffic mirroring, firewall, UDS and IPS etc..
3. the magnanimity detection data analysis system according to claim 1 towards APT protection, which is characterized in that the number
It is made of according to process layer safety detection module, security audit module and big data association analysis module.
4. the magnanimity detection data analysis system according to claim 3 towards APT protection, which is characterized in that the peace
Full detection module includes low level detection and high-order detection function.
5. the magnanimity detection data analysis system according to claim 3 towards APT protection, which is characterized in that described big
Data relation analysis module contains lateral association analysis and longitudinal association analysis function.
6. the magnanimity detection data analysis system according to claim 3 towards APT protection, which is characterized in that the peace
Full Audit Module is comprising leak analysis and attacks function of tracing to the source.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711489965.1A CN109995722A (en) | 2017-12-30 | 2017-12-30 | Magnanimity detection data analysis system towards APT protection |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711489965.1A CN109995722A (en) | 2017-12-30 | 2017-12-30 | Magnanimity detection data analysis system towards APT protection |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109995722A true CN109995722A (en) | 2019-07-09 |
Family
ID=67111444
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711489965.1A Pending CN109995722A (en) | 2017-12-30 | 2017-12-30 | Magnanimity detection data analysis system towards APT protection |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109995722A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111104670A (en) * | 2019-12-11 | 2020-05-05 | 国网甘肃省电力公司电力科学研究院 | APT attack identification and protection method |
CN111259204A (en) * | 2020-01-13 | 2020-06-09 | 深圳市联软科技股份有限公司 | APT detection correlation analysis method based on graph algorithm |
CN111628988A (en) * | 2020-05-23 | 2020-09-04 | 北京紫通科技有限责任公司 | Security analysis method, system and device based on multi-source security threat data |
US20220342690A1 (en) * | 2021-04-26 | 2022-10-27 | Orca Security | Forward and Rearward Facing Attack Vector Visualization |
-
2017
- 2017-12-30 CN CN201711489965.1A patent/CN109995722A/en active Pending
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111104670A (en) * | 2019-12-11 | 2020-05-05 | 国网甘肃省电力公司电力科学研究院 | APT attack identification and protection method |
CN111104670B (en) * | 2019-12-11 | 2023-09-01 | 国网甘肃省电力公司电力科学研究院 | APT attack identification and protection method |
CN111259204B (en) * | 2020-01-13 | 2023-04-11 | 深圳市联软科技股份有限公司 | APT detection correlation analysis method based on graph algorithm |
CN111259204A (en) * | 2020-01-13 | 2020-06-09 | 深圳市联软科技股份有限公司 | APT detection correlation analysis method based on graph algorithm |
CN111628988A (en) * | 2020-05-23 | 2020-09-04 | 北京紫通科技有限责任公司 | Security analysis method, system and device based on multi-source security threat data |
US20220342690A1 (en) * | 2021-04-26 | 2022-10-27 | Orca Security | Forward and Rearward Facing Attack Vector Visualization |
US11627154B2 (en) * | 2021-04-26 | 2023-04-11 | Orca Security LTD. | Forward and rearward facing attack vector visualization |
US11616803B2 (en) | 2021-04-26 | 2023-03-28 | Orca Security LTD. | Hybrid deployment of ephemeral scanners |
US11637855B2 (en) | 2021-04-26 | 2023-04-25 | Orca Security LTD. | Systems and methods for managing cyber vulnerabilities |
US11582257B2 (en) | 2021-04-26 | 2023-02-14 | Orca Security | Prioritizing internet-accessible workloads for cyber security |
US11848956B2 (en) | 2021-04-26 | 2023-12-19 | Orca Security LTD. | Systems and methods for disparate risk information aggregation |
US11888888B2 (en) | 2021-04-26 | 2024-01-30 | Orca Security LTD. | Systems and methods for passive key identification |
US11943251B2 (en) | 2021-04-26 | 2024-03-26 | Orca Security | Systems and methods for malware detection |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Gao et al. | A distributed network intrusion detection system for distributed denial of service attacks in vehicular ad hoc network | |
Osanaiye et al. | Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing | |
Mohammed et al. | Intrusion detection system based on SVM for WLAN | |
CN113079143A (en) | Flow data-based anomaly detection method and system | |
CN109995722A (en) | Magnanimity detection data analysis system towards APT protection | |
Lappas et al. | Data mining techniques for (network) intrusion detection systems | |
Kotenko et al. | Systematic literature review of security event correlation methods | |
Jia et al. | Big-data analysis of multi-source logs for anomaly detection on network-based system | |
CN108282460B (en) | Evidence chain generation method and device for network security event | |
CN112685459A (en) | Attack source feature identification method based on K-means clustering algorithm | |
Gomes et al. | Cryingjackpot: Network flows and performance counters against cryptojacking | |
Kumar et al. | Unsupervised outlier detection technique for intrusion detection in cloud computing | |
Wei et al. | A novel intrusion detection model for the CAN bus packet of in-vehicle network based on attention mechanism and autoencoder | |
Singh et al. | Intrusion detection system using data mining a review | |
Mohammad et al. | A novel local network intrusion detection system based on support vector machine | |
CN117478403A (en) | Whole scene network security threat association analysis method and system | |
CN115883213B (en) | APT detection method and system based on continuous time dynamic heterogeneous graph neural network | |
Liao et al. | Research on network intrusion detection method based on deep learning algorithm | |
Li et al. | A Survey of Encrypted Malicious Traffic Detection | |
Sun et al. | Advances in Artificial Intelligence and Security: 7th International Conference, ICAIS 2021, Dublin, Ireland, July 19-23, 2021, Proceedings, Part III | |
Bravo et al. | Distributed Denial of Service Attack Detection in Application Layer Based on User Behavior. | |
Laksono et al. | DDoS detection using CURE clustering algorithm with outlier removal clustering for handling outliers | |
Xu | Design of intrusion detection system for intelligent mobile network teaching | |
Su et al. | Detection ddos of attacks based on federated learning with digital twin network | |
Christopher et al. | Cloud Intrution Detection System Using Antlion Optimization Algorithm and Support Vector Machine (SVM) Techniques |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190709 |
|
WD01 | Invention patent application deemed withdrawn after publication |