CN110535874A - A kind of network attack detecting method and system of antagonism network - Google Patents
A kind of network attack detecting method and system of antagonism network Download PDFInfo
- Publication number
- CN110535874A CN110535874A CN201910874123.0A CN201910874123A CN110535874A CN 110535874 A CN110535874 A CN 110535874A CN 201910874123 A CN201910874123 A CN 201910874123A CN 110535874 A CN110535874 A CN 110535874A
- Authority
- CN
- China
- Prior art keywords
- network attack
- noise simulation
- model
- generator
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides the network attack detecting method and system of a kind of antagonism network, data can be accessed based on history, analysis one noise simulation network attack model of building, first using the live network attack traffic training noise simulation network attack model, there are also the abilities of constantly compound variation network attack for model itself, after noise simulation network attack model training, in access machine learning module, simulation attack source as machine learning module, training machine study module is attacked incessantly, helps the ability of hoisting machine study module detection.
Description
Technical field
This application involves the network attack detecting method of technical field of network security more particularly to a kind of antagonism network and
System.
Background technique
Although existing statistical analysis and machine learning can detect Malware, malicious code, malicious act etc., also deposit
In two deficiencies: first is that, data deficiencies is attacked in training process, is far less than normal data, the deficiency of data and uneven meeting
Cause detection model unbalance, can not correctly detect attack data or behavior;Second is that with the development of technology, attacker's attacks
Hitter's section is also constantly changing, however these attack data will not disclose in advance, they can not be used for model training, lead to mould
Type can not detect unknown attack data.So workable attack data can be generated with self by being badly in need of one kind, enhance training number
According to the method and system of promotion detection model performance.
Summary of the invention
The purpose of the present invention is to provide the network attack detecting method and system of a kind of antagonism network, can be based on going through
History accesses data, analysis one noise simulation network attack model of building, first using described in the training of live network attack traffic
Noise simulation network attack model, there are also the abilities of constantly compound variation network attack for model itself, when noise simulation network is attacked
After hitting model training, attacked incessantly in access machine learning module as the simulation attack source of machine learning module
Training machine study module helps the ability of hoisting machine study module detection.
In a first aspect, the application provides a kind of network attack detecting method of antagonism network, which comprises
It obtains history and accesses data, according to the feature of known network attack type, analysis is extracted in history access data
Attack the feature vector of data;
Based on the feature vector of the attack data, noise simulation network attack model is constructed, it can be random using the model
It generates known various types of network attacks and multiple network attack is compound;
It includes the feature for being provided simultaneously with several network attack that the multiple network, which is attacked compound, or is carried out continuously several
Kind network attack or variation network attack signature;
Using the noise simulation network attack model as the generator of antagonism network, the output flow of the generator
It is sent into arbiter together with live network attack traffic incessantly;
The generator output flow and live network attack traffic that the arbiter is inputted according to both ends obtain differentiation knot
Fruit;If differentiate that result is true, show that generator output flow connects in feature vector very much with live network attack traffic
Closely, similarity information is fed back to generator by arbiter;If differentiation result is fictitious time, show generator output flow and true
Network Attack difference in feature vector is very big, arbiter by difference degree information, the feature of live network attack traffic to
Amount feeds back to generator together;
Generator adjusts the parameter of noise simulation network attack model according to the feedback result of arbiter, generates again newly
Output flow;
When the differentiation result that arbiter obtains is that genuine ratio is greater than pre-set threshold value, show the noise simulation
Network attack model training finishes;
The noise simulation network attack model is accessed into machine learning module, by the noise simulation network attack model
Uninterrupted random generation Network Attack, for machine learning module self-teaching;
It is special uninterruptedly to enrich various network attacks by the noise simulation network attack model for the machine learning module
Vector sample is levied, network attack detection is carried out to live network flow, and will test result and feed back to administrator, administrator can be with
Timing adjusts the parameter of the noise simulation network attack model according to testing result, starts the noise simulation network attack mould
The update mechanism of type.
With reference to first aspect, in a first possible implementation of that first aspect, the variation network attack signature packet
It includes to do known network attack characteristic vector and extend, and the field of several attacks of modification.
With reference to first aspect, in a second possible implementation of that first aspect, the arbiter can also be by differentiation
As a result administrator is fed back to, adjusts the parameter of the noise simulation network attack model in real time for administrator.
With reference to first aspect, in first aspect in the third possible implementation, the noise simulation network attack mould
The update mechanism of type refers to again using the noise simulation network attack model as generator, by the output flow of generator
It is sent into the arbiter.
Second aspect, the application provide a kind of network attack detection system of antagonism network, the system comprises:
Acquiring unit, for obtaining history access data, according to the feature of known network attack type, analysis is extracted and is gone through
History accesses the feature vector that data are attacked in data;
Construction unit constructs noise simulation network attack model, application for the feature vector based on the attack data
The model can generate known various types of network attacks at random and multiple network attack is compound;
It includes the feature for being provided simultaneously with several network attack that the multiple network, which is attacked compound, or is carried out continuously several
Kind network attack or variation network attack signature;
Generator, for using the noise simulation network attack model as the generator of antagonism network, the generation
The output flow of device is sent into arbiter with live network attack traffic incessantly together;
Arbiter, generator output flow and live network attack traffic for being inputted according to both ends obtain differentiation knot
Fruit;If differentiate that result is true, show that generator output flow connects in feature vector very much with live network attack traffic
Closely, similarity information is fed back to generator by arbiter;If differentiation result is fictitious time, show generator output flow and true
Network Attack difference in feature vector is very big, arbiter by difference degree information, the feature of live network attack traffic to
Amount feeds back to generator together;
The generator adjusts the parameter of noise simulation network attack model according to the feedback result of arbiter, generates again
New output flow;
When the differentiation result that arbiter obtains is that genuine ratio is greater than pre-set threshold value, show the noise simulation
Network attack model training finishes;
Machine learning module, for accessing the noise simulation network attack model, by the noise simulation network attack
Model uninterruptedly generates Network Attack at random, for machine learning module self-teaching;
It is special uninterruptedly to enrich various network attacks by the noise simulation network attack model for the machine learning module
Vector sample is levied, network attack detection is carried out to live network flow, and will test result and feed back to administrator, administrator can be with
Timing adjusts the parameter of the noise simulation network attack model according to testing result, starts the noise simulation network attack mould
The update mechanism of type.
In conjunction with second aspect, in second aspect in the first possible implementation, the variation network attack signature packet
It includes to do known network attack characteristic vector and extend, and the field of several attacks of modification.
In conjunction with second aspect, in second of second aspect possible implementation, the arbiter can also be by differentiation
As a result administrator is fed back to, adjusts the parameter of the noise simulation network attack model in real time for administrator.
In conjunction with second aspect, in second aspect in the third possible implementation, the noise simulation network attack mould
The update mechanism of type refers to again using the noise simulation network attack model as generator, by the output flow of generator
It is sent into the arbiter.
The present invention provides the network attack detecting method and system of a kind of antagonism network, can be based on history access number
According to analysis one noise simulation network attack model of building, first using the live network attack traffic training noise simulation
Network attack model, there are also the abilities of constantly compound variation network attack for model itself, when noise simulation network attack model is instructed
After white silk, training machine is attacked incessantly as the simulation attack source of machine learning module in access machine learning module
Study module helps the ability of hoisting machine study module detection.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to needed in the embodiment
Attached drawing is briefly described, it should be apparent that, for those of ordinary skills, before not making the creative labor
It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is the flow chart of the network attack detecting method of antagonism network of the present invention;
Fig. 2 is the architecture diagram of the network attack detection system of antagonism network of the present invention.
Specific embodiment
The preferred embodiment of the present invention is described in detail with reference to the accompanying drawing, so that advantages and features of the invention energy
It is easier to be readily appreciated by one skilled in the art, so as to make a clearer definition of the protection scope of the present invention.
Fig. 1 is the flow chart of the network attack detecting method of antagonism network provided by the present application, which comprises
It obtains history and accesses data, according to the feature of known network attack type, analysis is extracted in history access data
Attack the feature vector of data;
Based on the feature vector of the attack data, noise simulation network attack model is constructed, it can be random using the model
It generates known various types of network attacks and multiple network attack is compound;
It includes the feature for being provided simultaneously with several network attack that the multiple network, which is attacked compound, or is carried out continuously several
Kind network attack or variation network attack signature;
Using the noise simulation network attack model as the generator of antagonism network, the output flow of the generator
It is sent into arbiter together with live network attack traffic incessantly;
The generator output flow and live network attack traffic that the arbiter is inputted according to both ends obtain differentiation knot
Fruit;If differentiate that result is true, show that generator output flow connects in feature vector very much with live network attack traffic
Closely, similarity information is fed back to generator by arbiter;If differentiation result is fictitious time, show generator output flow and true
Network Attack difference in feature vector is very big, arbiter by difference degree information, the feature of live network attack traffic to
Amount feeds back to generator together;
Generator adjusts the parameter of noise simulation network attack model according to the feedback result of arbiter, generates again newly
Output flow;
When the differentiation result that arbiter obtains is that genuine ratio is greater than pre-set threshold value, show the noise simulation
Network attack model training finishes;
The noise simulation network attack model is accessed into machine learning module, by the noise simulation network attack model
Uninterrupted random generation Network Attack, for machine learning module self-teaching;
It is special uninterruptedly to enrich various network attacks by the noise simulation network attack model for the machine learning module
Vector sample is levied, network attack detection is carried out to live network flow, and will test result and feed back to administrator, administrator can be with
Timing adjusts the parameter of the noise simulation network attack model according to testing result, starts the noise simulation network attack mould
The update mechanism of type.
In some preferred embodiments, the variation network attack signature includes doing to known network attack characteristic vector
Extension, and the field of several attacks of modification.
In some preferred embodiments, the result of differentiation can also be fed back to administrator by the arbiter, for administrator's reality
When adjust the parameter of the noise simulation network attack model.
In some preferred embodiments, the update mechanism of the noise simulation network attack model, referring to again will be described
Noise simulation network attack model is sent into the arbiter as generator, by the output flow of generator.
Fig. 2 is the architecture diagram of the network attack detection system of antagonism network provided by the present application, the system comprises:
Acquiring unit, for obtaining history access data, according to the feature of known network attack type, analysis is extracted and is gone through
History accesses the feature vector that data are attacked in data;
Construction unit constructs noise simulation network attack model, application for the feature vector based on the attack data
The model can generate known various types of network attacks at random and multiple network attack is compound;
It includes the feature for being provided simultaneously with several network attack that the multiple network, which is attacked compound, or is carried out continuously several
Kind network attack or variation network attack signature;
Generator, for using the noise simulation network attack model as the generator of antagonism network, the generation
The output flow of device is sent into arbiter with live network attack traffic incessantly together;
Arbiter, generator output flow and live network attack traffic for being inputted according to both ends obtain differentiation knot
Fruit;If differentiate that result is true, show that generator output flow connects in feature vector very much with live network attack traffic
Closely, similarity information is fed back to generator by arbiter;If differentiation result is fictitious time, show generator output flow and true
Network Attack difference in feature vector is very big, arbiter by difference degree information, the feature of live network attack traffic to
Amount feeds back to generator together;
The generator adjusts the parameter of noise simulation network attack model according to the feedback result of arbiter, generates again
New output flow;
When the differentiation result that arbiter obtains is that genuine ratio is greater than pre-set threshold value, show the noise simulation
Network attack model training finishes;
Machine learning module, for accessing the noise simulation network attack model, by the noise simulation network attack
Model uninterruptedly generates Network Attack at random, for machine learning module self-teaching;
It is special uninterruptedly to enrich various network attacks by the noise simulation network attack model for the machine learning module
Vector sample is levied, network attack detection is carried out to live network flow, and will test result and feed back to administrator, administrator can be with
Timing adjusts the parameter of the noise simulation network attack model according to testing result, starts the noise simulation network attack mould
The update mechanism of type.
In some preferred embodiments, the variation network attack signature includes doing to known network attack characteristic vector
Extension, and the field of several attacks of modification.
In some preferred embodiments, the result of differentiation can also be fed back to administrator by the arbiter, for administrator's reality
When adjust the parameter of the noise simulation network attack model.
In some preferred embodiments, the update mechanism of the noise simulation network attack model, referring to again will be described
Noise simulation network attack model is sent into the arbiter as generator, by the output flow of generator.
In the specific implementation, the present invention also provides a kind of computer storage mediums, wherein the computer storage medium can deposit
Program is contained, which may include step some or all of in each embodiment of the present invention when executing.The storage medium
It can be magnetic disk, CD, read-only memory (referred to as: ROM) or random access memory (referred to as: RAM) etc..
It is required that those skilled in the art can be understood that the technology in the embodiment of the present invention can add by software
The mode of general hardware platform realize.Based on this understanding, the technical solution in the embodiment of the present invention substantially or
The part that contributes to existing technology can be embodied in the form of software products, which can store
In storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions use is so that a computer equipment (can be
Personal computer, server or network equipment etc.) it executes described in certain parts of each embodiment of the present invention or embodiment
Method.
The same or similar parts between the embodiments can be referred to each other for this specification.For embodiment,
Since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to the explanation in embodiment of the method
.
Invention described above embodiment is not intended to limit the scope of the present invention..
Claims (8)
1. a kind of network attack detecting method of antagonism network, which is characterized in that the described method includes:
It obtains history and accesses data, according to the feature of known network attack type, analysis is extracted attacks in history access data
The feature vector of data;
Based on the feature vector of the attack data, noise simulation network attack model is constructed, can be generated at random using the model
Known various types of network attacks and multiple network attack are compound;
It includes the feature for being provided simultaneously with several network attack that the multiple network, which is attacked compound, or is carried out continuously several net
Network attack or variation network attack signature;
Using the noise simulation network attack model as the generator of antagonism network, the output flow of the generator not between
It disconnectedly is sent into arbiter together with live network attack traffic;
The generator output flow and live network attack traffic that the arbiter is inputted according to both ends, obtain differentiation result;Such as
When fruit differentiates that result is true, shows that generator output flow and live network attack traffic are very close in feature vector, sentence
Similarity information is fed back to generator by other device;If differentiation result is fictitious time, show generator output flow and live network
Attack traffic difference in feature vector is very big, and arbiter is by difference degree information, the feature vector one of live network attack traffic
And feed back to generator;
Generator adjusts the parameter of noise simulation network attack model according to the feedback result of arbiter, generates new output again
Flow;
When the differentiation result that arbiter obtains is that genuine ratio is greater than pre-set threshold value, show the noise simulation network
Challenge model training finishes;
By the noise simulation network attack model access machine learning module, by the noise simulation network attack model not between
Disconnected random generation Network Attack, for machine learning module self-teaching;
The machine learning module by the noise simulation network attack model, uninterruptedly enrich various network attack characteristics to
Sample is measured, network attack detection is carried out to live network flow, and will test result and feed back to administrator, administrator can timing
The parameter for adjusting the noise simulation network attack model according to testing result starts the noise simulation network attack model
Update mechanism.
2. the method according to claim 1, wherein the variation network attack signature includes to known network
Attack signature vector, which is done, to be extended, and the field of several attacks of modification.
3. -2 described in any item methods according to claim 1, which is characterized in that the arbiter can also be anti-by the result of differentiation
Feed administrator, adjusts the parameter of the noise simulation network attack model in real time for administrator.
4. method according to claim 1-3, which is characterized in that the noise simulation network attack model is more
New mechanism refers to again using the noise simulation network attack model as generator, the output flow of generator is sent into institute
State arbiter.
5. a kind of network attack detection system of antagonism network, which is characterized in that the system comprises:
Acquiring unit, for obtaining history access data, according to the feature of known network attack type, analysis is extracted history and is visited
Ask the feature vector that data are attacked in data;
Construction unit constructs noise simulation network attack model, using the mould for the feature vector based on the attack data
Type can generate known various types of network attacks at random and multiple network attack is compound;
It includes the feature for being provided simultaneously with several network attack that the multiple network, which is attacked compound, or is carried out continuously several net
Network attack or variation network attack signature;
Generator, for using the noise simulation network attack model as the generator of antagonism network, the generator
Output flow is sent into arbiter with live network attack traffic incessantly together;
Arbiter, generator output flow and live network attack traffic for being inputted according to both ends, obtains differentiation result;Such as
When fruit differentiates that result is true, shows that generator output flow and live network attack traffic are very close in feature vector, sentence
Similarity information is fed back to generator by other device;If differentiation result is fictitious time, show generator output flow and live network
Attack traffic difference in feature vector is very big, and arbiter is by difference degree information, the feature vector one of live network attack traffic
And feed back to generator;
The generator adjusts the parameter of noise simulation network attack model according to the feedback result of arbiter, generates again newly
Output flow;
When the differentiation result that arbiter obtains is that genuine ratio is greater than pre-set threshold value, show the noise simulation network
Challenge model training finishes;
Machine learning module, for accessing the noise simulation network attack model, by the noise simulation network attack model
Uninterrupted random generation Network Attack, for machine learning module self-teaching;
The machine learning module by the noise simulation network attack model, uninterruptedly enrich various network attack characteristics to
Sample is measured, network attack detection is carried out to live network flow, and will test result and feed back to administrator, administrator can timing
The parameter for adjusting the noise simulation network attack model according to testing result starts the noise simulation network attack model
Update mechanism.
6. system according to claim 5, which is characterized in that the variation network attack signature includes to known network
Attack signature vector, which is done, to be extended, and the field of several attacks of modification.
7. according to the described in any item systems of claim 5-6, which is characterized in that the arbiter can also be anti-by the result of differentiation
Feed administrator, adjusts the parameter of the noise simulation network attack model in real time for administrator.
8. according to the described in any item systems of claim 5-7, which is characterized in that the noise simulation network attack model is more
New mechanism refers to again using the noise simulation network attack model as generator, the output flow of generator is sent into institute
State arbiter.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910874123.0A CN110535874A (en) | 2019-09-17 | 2019-09-17 | A kind of network attack detecting method and system of antagonism network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910874123.0A CN110535874A (en) | 2019-09-17 | 2019-09-17 | A kind of network attack detecting method and system of antagonism network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110535874A true CN110535874A (en) | 2019-12-03 |
Family
ID=68668817
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910874123.0A Pending CN110535874A (en) | 2019-09-17 | 2019-09-17 | A kind of network attack detecting method and system of antagonism network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110535874A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111787002A (en) * | 2020-06-30 | 2020-10-16 | 北京赋云安运营科技有限公司 | Method and system for analyzing service data network security |
| CN111866882A (en) * | 2019-12-17 | 2020-10-30 | 南京理工大学 | Mobile application traffic generation method based on generation countermeasure network |
| CN112261045A (en) * | 2020-10-22 | 2021-01-22 | 广州大学 | Network attack data automatic generation method and system based on attack principle |
| CN114189354A (en) * | 2021-11-10 | 2022-03-15 | 西安理工大学 | SYN Flooding network attack scene reproduction method |
| CN114499923A (en) * | 2021-11-30 | 2022-05-13 | 北京天融信网络安全技术有限公司 | ICMP (Internet control message protocol) simulation message generation method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107392019A (en) * | 2017-07-05 | 2017-11-24 | 北京金睛云华科技有限公司 | A kind of training of malicious code family and detection method and device |
| US20180314716A1 (en) * | 2017-04-27 | 2018-11-01 | Sk Telecom Co., Ltd. | Method for learning cross-domain relations based on generative adversarial networks |
-
2019
- 2019-09-17 CN CN201910874123.0A patent/CN110535874A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180314716A1 (en) * | 2017-04-27 | 2018-11-01 | Sk Telecom Co., Ltd. | Method for learning cross-domain relations based on generative adversarial networks |
| CN107392019A (en) * | 2017-07-05 | 2017-11-24 | 北京金睛云华科技有限公司 | A kind of training of malicious code family and detection method and device |
Non-Patent Citations (2)
| Title |
|---|
| 傅建明等: "基于GAN的网络攻击检测研究综述", 《信息网络安全》 * |
| 柴梦婷: "生成式对抗网络研究与应用进", 《计算机工程》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111866882A (en) * | 2019-12-17 | 2020-10-30 | 南京理工大学 | Mobile application traffic generation method based on generation countermeasure network |
| CN111787002A (en) * | 2020-06-30 | 2020-10-16 | 北京赋云安运营科技有限公司 | Method and system for analyzing service data network security |
| CN111787002B (en) * | 2020-06-30 | 2022-05-20 | 安全能力生态聚合(北京)运营科技有限公司 | Method and system for analyzing safety of service data network |
| CN112261045A (en) * | 2020-10-22 | 2021-01-22 | 广州大学 | Network attack data automatic generation method and system based on attack principle |
| CN114189354A (en) * | 2021-11-10 | 2022-03-15 | 西安理工大学 | SYN Flooding network attack scene reproduction method |
| CN114189354B (en) * | 2021-11-10 | 2024-07-02 | 西安理工大学 | SYN Flooding network attack scene reproduction method |
| CN114499923A (en) * | 2021-11-30 | 2022-05-13 | 北京天融信网络安全技术有限公司 | ICMP (Internet control message protocol) simulation message generation method and device |
| CN114499923B (en) * | 2021-11-30 | 2023-11-10 | 北京天融信网络安全技术有限公司 | ICMP simulation message generation method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110535874A (en) | A kind of network attack detecting method and system of antagonism network | |
| CN110505241A (en) | A kind of network attack face detection method and system | |
| US11991203B2 (en) | Method and system for generating stateful attacks | |
| Maeda et al. | Automating post-exploitation with deep reinforcement learning | |
| Bowen et al. | Botswindler: Tamper resistant injection of believable decoys in vm-based hosts for crimeware detection | |
| CN106209861B (en) | One kind being based on broad sense Jie Kade similarity factor Web application layer ddos attack detection method and device | |
| US20140157415A1 (en) | Information security analysis using game theory and simulation | |
| CN110493262A (en) | It is a kind of to improve the network attack detecting method classified and system | |
| Childers et al. | Organizing large scale hacking competitions | |
| CN104361285B (en) | The safety detection method and device of mobile device application program | |
| CN107395553A (en) | A kind of detection method and device of network attack | |
| KR20190028880A (en) | Method and appratus for generating machine learning data for botnet detection system | |
| Niu et al. | Modeling attack process of advanced persistent threat using network evolution | |
| Sahin et al. | Lessons learned from SunDEW: a self defense environment for web applications | |
| CN110619216A (en) | Malicious software detection method and system for adversarial network | |
| CN110598794A (en) | Classified countermeasure network attack detection method and system | |
| Zhang | Zhang's CAPTCHA architecture based on intelligent interaction via RIA | |
| CN110581857B (en) | Virtual execution malicious software detection method and system | |
| Clausen et al. | Evading stepping-stone detection with enough chaff | |
| Song et al. | A comprehensive approach to detect unknown attacks via intrusion detection alerts | |
| CN112532562B (en) | Malicious data flow detection method and system for adversarial network | |
| Wang et al. | HoneyGPT: Breaking the Trilemma in Terminal Honeypots with Large Language Model | |
| Kintana et al. | The goals and challenges of click fraud penetration testing systems | |
| Wei et al. | Information dissemination model based on clustering analysis of information network development | |
| Kukiełka et al. | Analysis of neural networks usage for detection of a new attack in IDS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191203 |
|
| RJ01 | Rejection of invention patent application after publication |