CN109995722A - Magnanimity detection data analysis system towards APT protection - Google Patents

Magnanimity detection data analysis system towards APT protection Download PDF

Info

Publication number
CN109995722A
CN109995722A CN201711489965.1A CN201711489965A CN109995722A CN 109995722 A CN109995722 A CN 109995722A CN 201711489965 A CN201711489965 A CN 201711489965A CN 109995722 A CN109995722 A CN 109995722A
Authority
CN
China
Prior art keywords
data
analysis
detection
layer
magnanimity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711489965.1A
Other languages
Chinese (zh)
Inventor
徐继峰
祁建明
周峻松
陈墩金
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Ming - Collar Gene Technology Co Ltd
Original Assignee
Guangzhou Ming - Collar Gene Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Ming - Collar Gene Technology Co Ltd filed Critical Guangzhou Ming - Collar Gene Technology Co Ltd
Priority to CN201711489965.1A priority Critical patent/CN109995722A/en
Publication of CN109995722A publication Critical patent/CN109995722A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The invention discloses a kind of magnanimity detection data analysis systems towards APT protection, which includes: data collection layer and data analysis layer;Wherein, the data collection layer is adjacent by physical location or non-conterminous several magnanimity heterogeneous data sources form, and is responsible for the data analysis layer and provides the secure data and scene of multi-angle;The data analysis layer is responsible for subscribing to the data of the data collection layer according to association analysis rule, to be analyzed and processed.The present invention program carries out depth association analysis to monitor and detection data using big data technology, can not only realize early warning in advance, can also realize in thing and block, can also be achieved post-audit and trace to the source.

Description

Magnanimity detection data analysis system towards APT protection
Technical field
The invention belongs to big data analysis technical fields, are related to a kind of magnanimity detection data analysis system towards APT protection System.
Background technique
The i.e. advanced duration of APT (advanced persistent threat) threatens attack, is different from traditional net Network people invades, and APT stresses to permeate and obtains information, to steal business and government core information assets as the main purpose.
The characteristics of APT shows on A and P2 characteristic: A represents Advanced, and it is superb to be mainly manifested in attack means, attacks It hits behavioural characteristic to be difficult to extract, attack single-point concealment is strong, attacks channel diversities and attack space is uncertain.P is represented Persistent is mainly manifested in attack persistently and cover time is long, it makes random attack of the Cyberthreat from stragglers and disbanded soldiers' formula Become the attack of purposeful, organized, premeditated group formula, makes traditional defence based on real-time detection, real-time blocking Mode is difficult to play a role again.
Currently, APT attack has tended to explosive growth.Though the great attention of government and enterprise has been caused, Existing defense schemes mostly have certain limitation, can not cover the overall situation, and so as to cause to fail to report, and many products are only APT attack can be detected, real-time guard function can not be but provided.
Summary of the invention
It is an object of that present invention to provide a kind of magnanimity detection data analysis systems towards APT protection, for this population of APT Body formula attacks the detection technique bring enormous impact to traditional based on real-time monitoring, real-time blocking, utilizes big data Technology carries out depth association analysis to monitor and detection data, can not only comprehensive analysis goal systems whether there is the wind attacked Danger, and then realize early warning in advance, it is also seen that ongoing attack, more accurately understands intention and backward tracing, realize It to the comprehensive analysis of threat, so that relevant strategy be taken to prevent attack in time, realizes and is blocked in thing, also safety can be examined simultaneously It counts information and carries out big data analysis, according to the historic state and evolution process of tracking reproduction path data, realize that post-audit is traced back Source.
In order to solve the above technical problems, the present invention adopts the following technical scheme that: a kind of magnanimity detection towards APT protection Data analysis system, the system include: data collection layer and data analysis layer;Wherein, the data collection layer is by physical bit Adjacent or non-conterminous several magnanimity heterogeneous data source compositions are set, the data analysis layer is responsible for and the safe number of multi-angle is provided According to and scene;The data analysis layer is responsible for subscribing to the data of the data collection layer according to association analysis rule, to carry out Analysis processing.
Further, the data source of the data collection layer includes traffic mirroring, firewall, UDS and IPS etc..
Further, the data analysis layer is by safety detection module, security audit module and big data association analysis Module composition.
Further, the safety detection module includes low level detection and high-order detection function.
Further, the big data association analysis module contains lateral association analysis and longitudinal association analysis function.
Further, the security audit module comprising leak analysis and attacks function of tracing to the source.
The present invention have compared with prior art it is below the utility model has the advantages that
The present invention program is attacked for this kind of groups formula of APT to traditional inspection based on real-time monitoring, real-time blocking Survey technology bring enormous impact carries out depth association analysis to monitor and detection data using big data technology, and then realizes thing Preceding early warning and comprehensive analysis to threat take relevant strategy to prevent attack in time, realize and block in thing and post-audit It traces to the source.
Detailed description of the invention
Fig. 1 is the general frame figure of the magnanimity detection data analysis system towards APT protection.
Specific embodiment
With reference to the accompanying drawing and specific embodiment to the present invention carry out in further detail with complete explanation.It is understood that It is that described herein the specific embodiments are only for explaining the present invention, rather than limitation of the invention.
Referring to Fig.1, a kind of magnanimity detection data analysis system towards APT protection of the invention, which includes: data Acquisition layer and data analysis layer;Wherein, the data analysis layer is responsible for subscribing to the data acquisition according to association analysis rule The data of layer, to be analyzed and processed;The data source of the data collection layer includes traffic mirroring, firewall, UDS, IPS It waits a series of physical position adjacent or non-conterminous several magnanimity heterogeneous data source compositions, is responsible for the data analysis layer and provides The secure data and scene of multi-angle.
Data analysis layer has safety detection module, security audit module and big data association analysis module, wherein safety inspection Survey module includes low level detection module and high-order detection module again, and big data association analysis module is divided into lateral association analysis module With longitudinal association analysis module, security audit module is divided into leak analysis module and attacks module of tracing to the source, and each module is by a variety of Technology is realized.
1) low level detection module
Permission is obtained since APT generallys use Oday loophole, is remotely controlled by unknown wooden horse, and tradition is based on spy Levying matched detection device always will first capture malicious code sample, could extract feature and carry out attack recognition based on feature, This there is inborn hysteresis quality.Low level detection is the subsystem of the anomaly alarm emergency response platform of terminaloriented.System System has essential technology to distinguish with traditional protection capacity of safety protection software.Safety enhancing module uses anomaly theoretical model, can not only It is enough that known threat is effectively monitored, while can be to unknown threat discovery in time.
Anomaly analysis with early warning subsystem include apply anomaly module, system exception discovery module, communicate it is different Normal discovery module, transmission abnormality discovery module, data exception discovery module and other anomaly modules.Internal main logic is It is associated with anomaly, decision judgement and early warning.Association anomaly is the hazard rating for judging to collect extremely according to policy library information, That is risk carries out 2 suppositions to potential threat;Its policy library can be communicated with high position monitoring by I/O interface and is updated, in advance It is alert, the 3rd deduction is carried out to threat according to user property library information, and abnormal data set can be uploaded by I/O interface, to seek It asks more accurate the 4th to threaten to infer.The data in user property library can independently be defined by user or by being associated with each mould The result set for the user operation habits that block is collected slowly is adjusted and is generated.The purpose for constructing user property library is association user Social property, to perceive the threat infiltration of customization.Low level detection can not only support high-order detection, can also pass through early warning I/ Warning information is sent to other security protection systems, such as antivirus software, sweet net and firewall by the output interface of O.
2) high-order detection module
High position detection is the core of the anomaly alarm emergency response platform in face of source and approach.A high position detects excellent Gesture is that the exception for finding a large amount of backbone networks can be captured, excavates the resource of a large amount of attack implementers of discovery, it is big to detect discovery Measure source malicious application.It is associated with low level detection data, the ability that high-order detection can be made to have " the big visual field " can be analyzed effectively It was found that unknown threat, traces attacker's identity, reply APT attack.
High-order detection technique includes quickly being identified to network service and sorting technique based on stream mode;Based on information theory Cognition identification and Feature Extraction Technology are carried out to flow;Network monitor technology based on content analysis;The inspection of Behavior-based control feature Survey technology;Centered on network data flow and network behavior, multi-orientation detection analytical calculation anomaly technology;For detection point Analyse the Network Abnormal technology obtained;Using multi-layer network association and Data fusion technique extremely;Multi-layer network is associated with extremely Rule base constructing technology etc..
High position detection establishes the visit of normal users network by the feature of the protocal layers such as IP layers of statistics, transport layer, application layer It asks model, detects possible abnormal behaviour, the speed including flow transmission abnormality, DNS becomes the exception of attack and other wooden horses Network behavior.The different behavioural characteristics for studying user on business network and entrance network, respectively to business network behavioural characteristic Exception Model is established with border networks behavioural characteristic, finds unknown threat.The core of high position detection is abnormal decision engine, low level Detection data provides support by I/O interface for high-order anomaly decision.Furthermore transmission abnormality discovery module in low level detection In abnormal data packet can also pass through the incoming high-order detection architecture of I/O interface corresponding with network information flow and carry out depth analysis. The result of abnormal decision engine can be exported by corresponding I/O interface, detected and referred to for low level.The result set of anomaly can also lead to It crosses I/O interface and provides technical support for other security protection platforms.
3) security audit module
It includes the logs sum numbers such as system log, resource use, user behavior and network flow that security audit module, which is collected, It traces to the source data collected by submodule preliminary analysis according to record, and using leak analysis submodule and attack, it is traditional except using Outside the analysis methods such as blacklist, white list, more to carry out comprehensive analysis in conjunction with big data association analysis module, with from it is a large amount of, Potential threat problem is excavated in the log recording and data record mixed.
4) big data association analysis module
Analysis and data mining are associated to low level detection and the monitoring data of high-order detection, security audit information, looked for Correlation between record out, finds new feature.Artificial classification or cluster are carried out for the sample data excavated, with The method of machine learning classification results construction feature library training set, is continuously improved the classification accuracy of feature database.
Log recording, high-order detection module and the low level detection mould that security audit module is collected using big data technology The monitoring data of block carries out big data association analysis, whether there is the possibility attacked with comprehensive analysis goal systems, realizes thing Preceding early warning.Big data analysis is carried out to ongoing attack, can more accurately understand intention and backward tracing, is realized to prestige The comprehensive analysis of the side of body is realized and is blocked in thing so that relevant strategy be taken to prevent attack in time.Simultaneously to the peace of attack overall process Full audit information carries out big data analysis, according to the historic state and evolution process of tracking reproduction path data, realizes subsequent examine Meter is traced to the source.
Detection data, business-critical, log, context and the information of outside that all kinds of APT attack detecting tools generate Information etc. forms the mass data with a variety of different structures.It is the multi-source of data, how structural, long timing, low close Degree property brings protection challenge to the defence method of big data analysis.How big data technical treatment analysis number is effectively utilized According to being critical issue.
1) data management technique
In current big data era, once developed perfect relation data management system (RDBMS) and encounter data type list One, the difficulties such as scalability deficiency.With the growth of data volume, the elementary tactics of data analysis is that calculating is pushed to data, without It is that data are pushed to calculate.In recent years, non-relation data administrative skill is a dark horse, and is carried out to a plurality of types of data effective Management, processing and analysis;Good system performance is obtained by parallel processing technique;And met with the scalability of its height continuous The processing requirement of the data volume of growth.
The data of data engine of the relational database as core, various sources lead relationship database by ETL tool System.Client utility realizes the report generation of routine by sql like language.For complicated analysis, the ability to express of SQL is just Expose its limitation.If data are extracted from database, after importing frontal chromatography tool (SAS.SPSS) progress Continuous analysis, it is mobile to will lead to a large amount of data.The data-handling capacity of frontal chromatography tool will be limited by memory size simultaneously, number It will have a greatly reduced quality according to analysis efficiency.In addition, since current data tend to type multiplicity, huge, the tissue of relational database The challenge of large-scale Higher Dimensional Space Time data can not have been coped with processing capacity.Therefore, it induces one in data analysis process parallel It calculates, will be the inevitable choice for realizing high-performance data management.
It is the non-relation data administrative skill of representative from storage model and calculating using MapReduce technology relative to RDBMS Higher fault-tolerance, stronger scalability are supported on model, provide good operation platform guarantee for big data analysis, together When, it is difficult to it is easier to calculate function representation with MapReduce with the analysis task that SQL is expressed.It is aimed to solve the problem that as one kind The concurrent technique frame of extensive unstructured data rapid batch processing, MapReduce obtain significant progress.In order to gram The too simple caused degraded performance problem of dispatching algorithm is taken, towards differences such as multi-core CPU, GPU, heterogeneous system and cloud platforms The scheduling strategy of environment is optimised.By defining the logical model of flow chart of data processing, model conversion algorithm and code are used Logical model is converted physical model by generating algorithm, realizes the support of data processing of the MapReduce to multi-data source.It is logical It crosses intermediate result caching, streamlined and localization and improves the Data Stream Processing ability of MapReduce, and then propose that one kind is directed to The real-time MapReduce method of high-speed sensor data flow.
In order to detect the behavior for each phase of the attack that APT is attacked from the data of various dimensions, it is necessary to be carried out to data deep The analysis entered, rather than only generate simple report.The analysis of this complexity is necessarily dependent upon complicated analysis model, is difficult It is expressed with SQL, belongs to depth analysis.Therefore, in face of the challenge of big data depth analysis, it is with MapReduce technology The non-relation data administrative skill represented has apparent advantage.
2) depth analysis technology
Techtarget is using complex data processing technique from comprising structuring, unstructured to the definition of depth analysis And semi-structured multi-source data is concentrated and obtains knowledge.It is from the demand of user, in such a way that effective, user are acceptable pair Large amount of complex distributed data is analyzed, extracted and is summarized, to provide corresponding guidance for user's decision.
Due to depth analysis it is generally necessary to complete the accurate positioning and complex query of PB grades of even EB grades data, and it is usually used in Need in real time and the environment that responds of near real-time, typical data analysis operation (such as: assembling, rotate, be sliced and summarize) without Method meets its requirement, and need to induce one more complicated analytical technology, such as: time series analysis, path analysis, What-if analysis, Social network analysis and the sophisticated statistical model that do not attempted due to hardware/software limitation.Below to time sequence Column analysis and map analysis are simply introduced:
1. time series analysis.Time series analysis adds chronological data sequence using the method for mathematical statistics With processing, and the following things development trend is predicted with this.It had both recognized the continuity of things development it is also contemplated that things development Randomness.Since time series analysis has the characteristics of predicting Future Data according to historical data, therefore it is commonly applied to market and dives Measure the fields such as prediction, weather forecast, hydrologic forecast, national economy macro-control and enterprise operation and management.
2. social network analysis and Large Scale Graphs analysis.Social network analysis lays particular emphasis on the mode of relationship and relationship, general In thought, the ways and means of use are different from traditional statistical analysis and data processing method.1 node on behalf society in the figure Understand 1 independent entity in network, 1 side between 2 points represents the connection between entity.It, can be with using social network analysis Obtaining critical entities in some useful knowledge, such as discovery network etc., (critical entities connect each group in network Together).These information can be used for the fields such as the analysis of public opinion, product sale and potential threat prediction.
Based on the complexity and polyphyly feature of APT attack data, being introduced into depth analysis can be effectively from historical data Knowledge is extracted, and nonevent attack is predicted with this, is prevented trouble before it happens.
3) big data digging technology
It is a kind of important safety detection technology based on the safety detection that big data is excavated.Traditional data mining algorithm base In serial computing, it is limited to handle data scale, once moving to big data environment, execution efficiency can decline to a great extent or even can not Operation, is unable to satisfy the demand of current big data era.
Cloud computing is big data analysis and the computing platform that digging technology can rely on, and big data focuses on to magnanimity number According to excavation and analysis, single computer can not be used only and complete operation, and distributed computing architecture must be used.Therefore, according to Distributed treatment, distributed data base, cloud storage and the virtualization technology of support cloud computing are to improve having for big data digging efficiency Calculating task dispersion is run simultaneously on a different computer, various application systems is made to can according to need acquisition by effect means Storage resource, computing resource and other Service Sources.The high performance such as MapReduce, Hadoop, Spark, high scalability it is parallel Calculation and programming model, distributed big data processing frame and related key technical continue to bring out and develop, so that big data Data storage and distributed computing become a reality.Based on calculating in a distributed manner, big data digging technology can preferably be Safety detection problem based on big data provides new theory and technical support.The safety detection skill excavated currently based on big data Art mainly studies the parallelization strategies of various data mining algorithms, novel big data method for digging based on distributed computing and Large-scale anomaly analysis and detection etc. are realized on MapReduce, Spark frame.
The above description is only a preferred embodiment of the present invention, is not intended to restrict the invention, for those skilled in the art For, the invention can have various changes and changes.All any modifications made within the spirit and principles of the present invention are equal Replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims (6)

1. the magnanimity detection data analysis system towards APT protection, which is characterized in that the system comprises: data collection layer with And data analysis layer;Wherein, the data collection layer is by physical location is adjacent or non-conterminous several magnanimity heterogeneous data source groups At being responsible for the data analysis layer and provide the secure data and scene of multi-angle;The data analysis layer is responsible for according to association Analysis rule subscribes to the data of the data collection layer, to be analyzed and processed.
2. the magnanimity detection data analysis system according to claim 1 towards APT protection, which is characterized in that the number Data source according to acquisition layer includes traffic mirroring, firewall, UDS and IPS etc..
3. the magnanimity detection data analysis system according to claim 1 towards APT protection, which is characterized in that the number It is made of according to process layer safety detection module, security audit module and big data association analysis module.
4. the magnanimity detection data analysis system according to claim 3 towards APT protection, which is characterized in that the peace Full detection module includes low level detection and high-order detection function.
5. the magnanimity detection data analysis system according to claim 3 towards APT protection, which is characterized in that described big Data relation analysis module contains lateral association analysis and longitudinal association analysis function.
6. the magnanimity detection data analysis system according to claim 3 towards APT protection, which is characterized in that the peace Full Audit Module is comprising leak analysis and attacks function of tracing to the source.
CN201711489965.1A 2017-12-30 2017-12-30 Magnanimity detection data analysis system towards APT protection Pending CN109995722A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711489965.1A CN109995722A (en) 2017-12-30 2017-12-30 Magnanimity detection data analysis system towards APT protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711489965.1A CN109995722A (en) 2017-12-30 2017-12-30 Magnanimity detection data analysis system towards APT protection

Publications (1)

Publication Number Publication Date
CN109995722A true CN109995722A (en) 2019-07-09

Family

ID=67111444

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711489965.1A Pending CN109995722A (en) 2017-12-30 2017-12-30 Magnanimity detection data analysis system towards APT protection

Country Status (1)

Country Link
CN (1) CN109995722A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111104670A (en) * 2019-12-11 2020-05-05 国网甘肃省电力公司电力科学研究院 APT attack identification and protection method
CN111259204A (en) * 2020-01-13 2020-06-09 深圳市联软科技股份有限公司 APT detection correlation analysis method based on graph algorithm
CN111628988A (en) * 2020-05-23 2020-09-04 北京紫通科技有限责任公司 Security analysis method, system and device based on multi-source security threat data
US20220342690A1 (en) * 2021-04-26 2022-10-27 Orca Security Forward and Rearward Facing Attack Vector Visualization

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111104670A (en) * 2019-12-11 2020-05-05 国网甘肃省电力公司电力科学研究院 APT attack identification and protection method
CN111104670B (en) * 2019-12-11 2023-09-01 国网甘肃省电力公司电力科学研究院 APT attack identification and protection method
CN111259204B (en) * 2020-01-13 2023-04-11 深圳市联软科技股份有限公司 APT detection correlation analysis method based on graph algorithm
CN111259204A (en) * 2020-01-13 2020-06-09 深圳市联软科技股份有限公司 APT detection correlation analysis method based on graph algorithm
CN111628988A (en) * 2020-05-23 2020-09-04 北京紫通科技有限责任公司 Security analysis method, system and device based on multi-source security threat data
US20220342690A1 (en) * 2021-04-26 2022-10-27 Orca Security Forward and Rearward Facing Attack Vector Visualization
US11627154B2 (en) * 2021-04-26 2023-04-11 Orca Security LTD. Forward and rearward facing attack vector visualization
US11616803B2 (en) 2021-04-26 2023-03-28 Orca Security LTD. Hybrid deployment of ephemeral scanners
US11637855B2 (en) 2021-04-26 2023-04-25 Orca Security LTD. Systems and methods for managing cyber vulnerabilities
US11582257B2 (en) 2021-04-26 2023-02-14 Orca Security Prioritizing internet-accessible workloads for cyber security
US11848956B2 (en) 2021-04-26 2023-12-19 Orca Security LTD. Systems and methods for disparate risk information aggregation
US11888888B2 (en) 2021-04-26 2024-01-30 Orca Security LTD. Systems and methods for passive key identification
US11943251B2 (en) 2021-04-26 2024-03-26 Orca Security Systems and methods for malware detection

Similar Documents

Publication Publication Date Title
Gao et al. A distributed network intrusion detection system for distributed denial of service attacks in vehicular ad hoc network
Osanaiye et al. Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing
Mohammed et al. Intrusion detection system based on SVM for WLAN
CN113079143A (en) Flow data-based anomaly detection method and system
CN109995722A (en) Magnanimity detection data analysis system towards APT protection
Lappas et al. Data mining techniques for (network) intrusion detection systems
Kotenko et al. Systematic literature review of security event correlation methods
Jia et al. Big-data analysis of multi-source logs for anomaly detection on network-based system
CN108282460B (en) Evidence chain generation method and device for network security event
CN112685459A (en) Attack source feature identification method based on K-means clustering algorithm
Gomes et al. Cryingjackpot: Network flows and performance counters against cryptojacking
Kumar et al. Unsupervised outlier detection technique for intrusion detection in cloud computing
Wei et al. A novel intrusion detection model for the CAN bus packet of in-vehicle network based on attention mechanism and autoencoder
Singh et al. Intrusion detection system using data mining a review
Mohammad et al. A novel local network intrusion detection system based on support vector machine
CN117478403A (en) Whole scene network security threat association analysis method and system
CN115883213B (en) APT detection method and system based on continuous time dynamic heterogeneous graph neural network
Liao et al. Research on network intrusion detection method based on deep learning algorithm
Li et al. A Survey of Encrypted Malicious Traffic Detection
Sun et al. Advances in Artificial Intelligence and Security: 7th International Conference, ICAIS 2021, Dublin, Ireland, July 19-23, 2021, Proceedings, Part III
Bravo et al. Distributed Denial of Service Attack Detection in Application Layer Based on User Behavior.
Laksono et al. DDoS detection using CURE clustering algorithm with outlier removal clustering for handling outliers
Xu Design of intrusion detection system for intelligent mobile network teaching
Su et al. Detection ddos of attacks based on federated learning with digital twin network
Christopher et al. Cloud Intrution Detection System Using Antlion Optimization Algorithm and Support Vector Machine (SVM) Techniques

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20190709

WD01 Invention patent application deemed withdrawn after publication