CN111741025B - Network security active defense method, storage medium and system based on digital ant colony - Google Patents
Network security active defense method, storage medium and system based on digital ant colony Download PDFInfo
- Publication number
- CN111741025B CN111741025B CN202010780394.2A CN202010780394A CN111741025B CN 111741025 B CN111741025 B CN 111741025B CN 202010780394 A CN202010780394 A CN 202010780394A CN 111741025 B CN111741025 B CN 111741025B
- Authority
- CN
- China
- Prior art keywords
- digital
- ants
- host
- network
- ant
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/004—Artificial life, i.e. computing arrangements simulating life
- G06N3/006—Artificial life, i.e. computing arrangements simulating life based on simulated virtual individual or collective life forms, e.g. social simulations or particle swarm optimisation [PSO]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Artificial Intelligence (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Life Sciences & Earth Sciences (AREA)
- Molecular Biology (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a network security active defense method based on a digital ant colony, which comprises the following steps: step one, digital ants of each host collect original state data of the respective resident host in real time and extract host state characteristic information; step two, the first mobile detection digital ants moving to the corresponding host machine judge whether the corresponding host machine has network threat according to the host machine state characteristic information; step three, the host digital ants judge whether to obtain a first response strategy corresponding to the network threat type from a corresponding response rule base; step four, the partition management digital ants report the received original state data corresponding to the network threat to the central control digital ants; and step five, the central control digital ants generate second mobile detection digital ants and manage the digital ants through the corresponding partitions to send the digital ants to the corresponding host. The invention also discloses a storage medium and a system. The invention can flexibly customize and generate corresponding detection and elimination digital ants.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a network security active defense method, a storage medium and a system based on a digital ant colony.
Background
In the field of network security, network security threat detection and elimination is an important link of network security defense. The traditional network security defense system comprises a firewall, an intrusion detection system, a malicious code searching and killing system and the like, and the network security threat detection and elimination general process comprises the following steps: firstly, the security threats possibly existing in the network system are identified and discovered through an intrusion detection system, a malicious code detection system and the like, and then the network security manager dispatches a firewall, a malicious code searching and killing system and the like to eliminate the threats through means of shielding, blocking, clearing and the like. Under the network security architecture, the threat detection information has fewer sources and lower fusion degree, so that the network security threat detection capability is limited, and the detection capability for complex network threats such as APT (android platform) and the like is limited. The inability to link between threat detection and threat resolution often requires the intervention of network security management personnel. And because the firewall, the intrusion detection system and the malicious code searching and killing system are relatively independent, the respective network security protection functions are completed under the scheduling management of a network security administrator according to a preset rule or mode, and a network security defense system is formed by centralized scheduling of the administrator, so that the limitations of large deployment workload, low integration level of the defense system, heavy burden of the network security administrator and the like exist, and security defense strategies among different networks or among different network nodes are difficult to unify, so that the security defense capabilities and the levels among different networks are inconsistent.
At present, the research results of applying the digital ant colony technology to network security defense are not many. For example, Glenn.A.Fink et al of North-West national laboratory of the Pacific America (PNNL) of Ant-Based Cyber Security in 2011 proposes the idea of discovering the network threat by simulating the foraging behavior of natural ants, and the feasibility of the network threat is simulated and verified by Netlogo simulation software. In 2014, the Vinod Balachandran at Davis university of California, university of Hive Mind designs a set of lightweight monitoring and response system based on host security events called Hive Mind by taking advantage of the characteristic of ant foraging in biological communities, and greatly simplifies the automatic response work. The basis for the system to detect threats is mainly the state information inside the host. And an ant police network security situation analysis system is provided by the domestic ant house software company, the system is a set of network security management system oriented to a large-scale network application environment, various security products such as an IDS (integrated management system), a firewall, a vulnerability assessment tool, a flow monitoring system and the like are integrated into a whole, and real security threats are excavated by comprehensively analyzing network security data. However, the project focuses on efficient fusion and mining of multi-source information, and is not sufficiently reflected in the aspects of behavior characteristics such as crawling, collaboration and decision making of digital ants.
Disclosure of Invention
One of the objectives of the present invention is to provide a network security active defense method based on digital ant colony, which can flexibly customize and generate corresponding detection and elimination digital ants for different types of security threats, and improve the adaptability of sensing and processing of network security threats.
It is a second object of the present invention to provide a storage medium.
The invention also aims to provide a network security active defense system based on the digital ant colony.
In order to achieve one of the purposes, the invention adopts the following technical scheme:
a network security active defense method based on digital ant colony comprises the following steps:
step one, digital ants of each host collect original state data of the respective resident host in real time and extract host state characteristic information;
step two, the first mobile detection digital ants moving to the corresponding host judge whether the corresponding host has network threat according to the host state characteristic information, if so, the network threat type is determined and sent to the corresponding host digital ants, and the step three is entered; if not, ending;
step three, the host digital ants judge whether to obtain a first response strategy corresponding to the network threat type from a corresponding response rule base, if so, the network threat is eliminated, and the operation is finished; if not, reporting the original state data corresponding to the network threat to the corresponding partition management digital ants, and entering the fourth step;
step four, the partition management digital ants report the received original state data corresponding to the network threat to the central control digital ants;
step five, the central control digital ants make a second response strategy according to the received original state data corresponding to the network threat; and according to a second response strategy, acquiring a corresponding digital ant code template from the digital ant library, generating a second mobile detection digital ant and issuing the second mobile detection digital ant to a corresponding host through a corresponding partition management digital ant.
Further, before the step one, the network security active defense method further includes:
the central control digital ants issue network security supervision strategies, network threat type knowledge and response rules to the corresponding partition management digital ants;
the partition management digital ants are locally deployed according to a network security supervision strategy; distributing the network threat type knowledge and the response rule to the corresponding host digital ants;
and the host digital ants store the distributed network threat type knowledge and the response rules into the response rule base corresponding to each host to realize local information updating.
Further, the first step further comprises:
and each host digital ant reports the original state data of the respective resident host collected in real time to the corresponding partition management digital ant.
Further, the fourth step further comprises:
and the partition management digital ants report the received original state data of each host to the central control digital ants for storage.
Further, step five also includes:
the central control digital ant recovers and processes the first mobile digital ant.
Further, the raw state data includes software running dynamic behavior, network traffic information, and corresponding host location information.
Further, the cyber threat types include a malware type and an intrusion behavior type.
Further, the first response strategy and the second response strategy both comprise killing processes, closing ports, cutting off networks and uninstalling software.
In order to achieve the second purpose, the invention adopts the following technical scheme:
a storage medium storing computer-executable instructions; when the computer executes the instructions, the network security active defense method is realized.
In order to achieve the third purpose, the invention adopts the following technical scheme:
a network security active defense system based on digital ant colony is characterized in that the network security active defense system comprises the storage medium.
The invention has the beneficial effects that:
1. the invention realizes the integration of discovery and elimination of network security threats by mobile detection digital ants, host digital ants, partition management digital ants and central control digital ants; by division and cooperation of different digital ant roles of mobile detection digital ants, host digital ants, partition management digital ants and central control digital ants, after the mobile detection digital ants executing threat detection find threats, the host digital ants for eliminating network threats are timely guided to eliminate the threats through communication mechanisms such as pheromones and the like, and corresponding detected mobile detection digital ants can be flexibly customized and generated aiming at different types of security threats, so that the adaptability of sensing and processing of network security threats is improved, and the capability of adapting to the requirements of diversified network security defense tasks is improved.
2. The invention can rapidly deploy network security function in the whole network system by mobile detection digital ants, host digital ants, partition management digital ants and central control digital ants, thereby avoiding deploying network security function programs on each host node and obviously reducing the workload of network security management personnel.
3. The invention can give full play to the advantages of distributed cooperative operation processing, can discover hidden complex network threats by integrating the detection and information processing capabilities of different digital ants, and can obviously improve the efficiency of threat detection and elimination by patrolling and distributing cooperative information processing in a protected network.
4. According to the development of the network security threat technology, the basic development template based on the digital ants is quickly developed and used for creating the corresponding detection and elimination digital ants and adding the digital ants into an ant colony system, so that the capability of the network security defense architecture adapting to the quick updating and development of the network threat technology is effectively improved.
5. The invention not only does not exclude the existing typical network security defense technology, but also can bring the digital ant colony frame system into the digital ant colony frame system through special digital ants to become an important information source and an execution component of the digital ant colony, thereby further enhancing the network security defense capability of the digital ant colony system.
Drawings
Fig. 1 is a schematic flow chart of the network security active defense method based on digital ant colony in the invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings.
The design principle of the embodiment is as follows: in natural ant colony, the ant individuals have different roles of division of work after the ant, worker ant, soldier ant and the like. Roles present in the digital ant colony include managers, sentinels, ants, and pheromones. Wherein, the manager distributes the sentry task and updates the network management strategy according to the knowledge base or the human intervention; the sentry, agents residing on each node, maintains the nodes according to tasks distributed by an administrator, and is responsible for generation of ants, information interaction, management and the like; ants crawl among the nodes according to a certain rule, detect safety problems, report to sentinels and interact with each other; pheromone, inter-ant communication carrier, faded out at a certain rate. The essence of the digital ant colony is that the ant foraging behavior is simulated and realized by using the technology of the multi-agent system, and the idea of group intelligence is embodied in the ant foraging behavior, so that the digital ant colony not only has certain characteristics of the multi-agent system, but also has partial characteristics of the group intelligence.
The digital ant colony has the following characteristics: mobility: the digital ants move continuously on different hosts instead of temporarily only in the face of demand; autonomy: the states of the digital ants such as moving, hanging, pausing and stopping are autonomously determined by the digital ants according to the change of the environment without artificial participation; the collaboration is as follows: a plurality of digital ants can autonomously and jointly complete a certain task in the system through indirect communication; intelligence: once the problem that a single digital ant individual cannot solve is met, corresponding treatment can be carried out according to the requirement; robustness: the digital ant colony has certain immunity to network invasion threats and complex and variable environments; emerging: the single individual function in the digital ant system is very single, and complex functions can be realized through the combination, cooperation and communication of the system; dynamic policy adjustment: the digital ant system can realize dynamic policy adjustment according to the requirement and environment change, and when the environment is in a safe state, the digital ant system can automatically run in a silent state, and only maintain necessary functions. Once the threat is found, the state is converted into an active state through a positive feedback mechanism, the related functions are quickly activated, and the threat is quickly eliminated. After the threat is removed, the system returns to a low load state. The characteristics can reduce the burden of the host, reduce the unnecessary load rate of the host in a safe state, monitor the global state in real time and realize the instant response and the quick elimination of the threat; platform independence: the operation of the digital ants is only related to the operation environment of the digital ants, and is not related to a specific network structure, a network protocol, computer equipment and an operating system, and the digital ants can realize cross-platform movement and operation as long as the operation environment of the digital ants is configured on the equipment.
Based on the above principle, the present embodiment respectively undertakes different tasks according to different digital ant roles. Digital ants with different roles work cooperatively, so that the security threats are automatically discovered, the response strategy is autonomously decided, the security threats are quickly eliminated, and the security of a network system is protected. Specifically, a network security active defense method based on a digital ant colony is provided, as shown in fig. 1, the network security active defense method includes the following steps:
and S1, collecting the original state data of each resident host in real time by each host digital ant and extracting the host state characteristic information.
The host digital ants of this embodiment are fixed digital ants that run on the monitored host and are not mobile. After obtaining the relevant instructions, the host digital ants collect original state data such as software running dynamic behaviors, network flow information and corresponding host position information on the resident host in real time, preliminarily filter and extract key features (namely host state feature information), and then transmit the key features to mobile detection digital ants (comprising first mobile detection digital ants and second mobile detection digital ants) which move to the corresponding host in a specified format; in order to reduce the data transmission quantity, updated dynamic data are reported in an incremental mode, the host digital ants report the original state data of the respective resident hosts collected in real time to the corresponding partition management digital ants and store the original state data into a local database, and meanwhile, data information is accumulated for further research and development of a more efficient network threat detection technology. The original state data of the embodiment includes a software running dynamic behavior on the host, network traffic information, and corresponding host location information, where the software running dynamic behavior on the host is completed by Cuckoo Sandbox. When new software is installed in a host, the software automatically runs in an isolation environment in a Cuckoo Sandbox, and information such as network behaviors, process operations, folder operations, API function calls and the like in the running process of the software is extracted; the network flow information is realized through a WinPCAP library, and the WinPCAP library is an open-source network access development library and supports continuous monitoring of the network state.
S2, the first mobile detection digital ants moving to the corresponding host judge whether the corresponding host has the network threat according to the host state characteristic information, if so, the network threat type is determined and sent to the corresponding host digital ants, and the process enters S3; if not, the process is ended.
The cyber threat types of the present embodiment include a malware type and an intrusion behavior type. The mobile detection digital ants (including the first mobile detection digital ant and the second mobile detection digital ant) running on the host are mainly malware detection digital ants, and a malware detection algorithm model is packaged inside the malware mobile detection digital ants. The generation of the malware mobile detection digital ants is finished on the central control digital ants, and the trained algorithm models are packaged and loaded into corresponding mobile digital ant code templates in the digital ant library, so that the malware mobile detection digital ants are generated.
When the mobile detection digital ants migrate to the host where the host digital ants reside, analyzing and processing the extracted host state characteristic information, judging whether the host has network threat or not, and determining the network threat type.
S3, the host digital ants judge whether to obtain a first response strategy corresponding to the network threat type from the corresponding response rule base, if so, the network threat is eliminated, and the operation is finished; if not, reporting the original state data corresponding to the network threat to the corresponding partition management digital ant, and entering S4.
The host digital ants find a first response strategy corresponding to the network threat type from the response rule base, wherein the first response strategy comprises a killing process, a port closing process, a network cutting-off process, software unloading process and the like, and original state data corresponding to the network threat of which the response strategy (namely the first response strategy corresponding to the network threat type) cannot be determined in the response rule base are reported to the corresponding partition management digital ants.
Meanwhile, the host digital ants also receive threat type knowledge, response rules and other information distributed by the corresponding partition management digital ants, and update local relevant information.
And S4, the partition management digital ants report the received original state data corresponding to the network threat to the central control digital ants.
The partition management digital ant is a lower-level management unit of the central control digital ant, is locally deployed according to a network security supervision strategy and is responsible for managing a next-level network domain; and distributing the network threat type knowledge and the response rule to the corresponding host digital ants.
The partition management digital ant of the embodiment also reports the received original state data of each host to the central control digital ant for storage, for example, to a local database, so that the whole network system can be divided into a plurality of areas, the frequency of exchanging information with the central control digital ant is reduced, and the burden of the central control digital ant is reduced. The local database also provides the mobile digital ants with the topological structure information of the managed sub-network and the security state information of the sub-network.
S5, the central control digital ants make a second response strategy according to the received original state data corresponding to the network threat; and according to a second response strategy, acquiring a corresponding digital ant code template from the digital ant library, generating a second mobile detection digital ant and issuing the second mobile detection digital ant to a corresponding host through a corresponding partition management digital ant. The second response policy of this embodiment includes killing the process, closing the port, disconnecting the network, and uninstalling the software.
The central control digital ant of the embodiment is responsible for receiving the original state data of each host transmitted by each partition management digital ant and storing the original state data into the local digital ant library; the system comprises a mobile detection digital ant (including a first mobile detection digital ant and a second mobile detection digital ant) and a partition management ant, wherein the mobile detection digital ant is used for receiving an instruction from the mobile detection digital ant and sending the instruction to a designated position; meanwhile, the system is responsible for generating a second response strategy according to the threat detection result, then generating a second mobile detection digital ant and issuing the second mobile detection digital ant to the corresponding partition management node for distribution; the local digital ant bank stores code templates of various types of digital ants; the database mainly stores information such as various network threat data and various decision rule knowledge.
The whole defense process of the embodiment is under the control of the central control digital ants, runs on the server of the control center, and is responsible for managing, coordinating and controlling each partition management digital ant and each mobile detection digital ant. If the first mobile digital ant is recycled; the management of network management personnel is received, and the running state of each digital ant in the system is adjusted under a specified strategy; and the detection mobile digital ants of the specific type of network threats can be actively dispatched to the network to execute the patrol task according to the management strategy.
In order to automatically realize the deployment of the network security supervision strategy and the update of related knowledge information, the whole network system is in a uniform security supervision rule system, and the consistency of the security rules is ensured. Before S1, the present embodiment further includes:
the central control digital ants issue network security supervision strategies, network threat type knowledge and response rules to the corresponding partition management digital ants;
the partition management digital ants are locally deployed according to a network security supervision strategy; distributing the network threat type knowledge and the response rule to the corresponding host digital ants;
and the host digital ants store the distributed network threat type knowledge and the response rules into the response rule base corresponding to each host to realize local information updating.
In the embodiment, the discovery and elimination of the network security threat are integrated by mobile detection digital ants, host digital ants, partition management digital ants and central control digital ants; by division and cooperation of different digital ant roles of mobile detection digital ants, host digital ants, partition management digital ants and central control digital ants, after the mobile detection digital ants executing threat detection find threats, the host digital ants for eliminating network threats are timely guided to eliminate the threats through communication mechanisms such as pheromones and the like, and corresponding detected mobile detection digital ants can be flexibly customized and generated aiming at different types of security threats, so that the adaptability of network security threat perception and processing is improved, and the capability of adapting to the requirements of diversified network security defense tasks is improved; by mobile detection digital ants, host digital ants, partition management digital ants and central control digital ants, the network security function can be rapidly deployed in the whole network system, the deployment of a network security function program on each host node is avoided, and the workload of network security management personnel is remarkably reduced; the advantages of distributed cooperative operation processing can be fully exerted, hidden complex network threats can be found by integrating the detection and information processing capabilities of different digital ants, the cooperative information processing is patrolled and distributed in a protected network, and the threat detection and elimination efficiency can be obviously improved; according to the development of the network security threat technology, a basic development template based on digital ants is quickly developed and used for creating corresponding detection and elimination of digital ants and adding the digital ants into an ant colony system, so that the capability of adapting to the quick updating and development of the network security defense architecture to the network threat technology is effectively improved; the embodiment does not exclude the existing typical network security defense technology, and can incorporate the digital ant colony frame system with the special digital ants to become an important information source and an execution component of the digital ant colony, thereby further enhancing the network security defense capability of the digital ant colony system.
Another embodiment provides a storage medium having stored thereon computer-executable instructions; when the computer executes the instructions, the network security active defense method provided by the embodiment is realized.
Yet another embodiment provides a network security active defense system based on digital ant colony, which includes the storage medium provided in the above embodiment.
Although the embodiments of the present invention have been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the spirit and scope of the embodiments of the present invention.
Claims (9)
1. A network security active defense method based on digital ant colony is characterized by comprising the following steps:
step one, digital ants of each host collect original state data of the respective resident host in real time and extract host state characteristic information;
step two, the first mobile detection digital ants moving to the corresponding host judge whether the corresponding host has network threat according to the host state characteristic information, if so, the network threat type is determined and sent to the corresponding host digital ants, and the step three is entered; if not, ending;
step three, the host digital ants judge whether to obtain a first response strategy corresponding to the network threat type from a corresponding response rule base, if so, the network threat is eliminated, and the operation is finished; if not, reporting the original state data corresponding to the network threat to the corresponding partition management digital ants, and entering the fourth step;
step four, the partition management digital ants report the received original state data corresponding to the network threat to the central control digital ants;
step five, the central control digital ants make a second response strategy according to the received original state data corresponding to the network threat;
according to a second response strategy, acquiring a corresponding digital ant code template from the digital ant library, generating a second mobile detection digital ant and issuing the second mobile detection digital ant to a corresponding host through a corresponding partition management digital ant;
before the first step, the network security active defense method further includes:
the central control digital ants issue network security supervision strategies, network threat type knowledge and response rules to the corresponding partition management digital ants;
the partition management digital ants are locally deployed according to a network security supervision strategy; distributing the network threat type knowledge and the response rule to the corresponding host digital ants;
and the host digital ants store the distributed network threat type knowledge and the response rules into the response rule base corresponding to each host to realize local information updating.
2. The active defense method of network security of claim 1, wherein step one further comprises:
and each host digital ant reports the original state data of the respective resident host collected in real time to the corresponding partition management digital ant.
3. The active defense method for network security according to claim 2, wherein the fourth step further comprises:
and the partition management digital ants report the received original state data of each host to the central control digital ants for storage.
4. The active defense method for network security according to claim 1, wherein step five further comprises:
the central control digital ant recovers and processes the first mobile digital ant.
5. The method of claim 1, wherein the raw state data comprises software running dynamic behavior, network traffic information, and corresponding host location information.
6. The method of claim 1, wherein the cyber threat types include a malware type and an intrusion type.
7. The method of claim 1, wherein the first response policy and the second response policy each comprise killing processes, closing ports, disconnecting networks, and uninstalling software.
8. A storage medium having stored thereon computer-executable instructions; the computer executes the instructions and realizes the network security active defense method of any one of claims 1-7 when executing the instructions.
9. A digital ant colony-based network security active defense system, characterized in that the network security active defense system comprises the storage medium of claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010780394.2A CN111741025B (en) | 2020-08-06 | 2020-08-06 | Network security active defense method, storage medium and system based on digital ant colony |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010780394.2A CN111741025B (en) | 2020-08-06 | 2020-08-06 | Network security active defense method, storage medium and system based on digital ant colony |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111741025A CN111741025A (en) | 2020-10-02 |
| CN111741025B true CN111741025B (en) | 2020-11-20 |
Family
ID=72658066
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010780394.2A Active CN111741025B (en) | 2020-08-06 | 2020-08-06 | Network security active defense method, storage medium and system based on digital ant colony |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111741025B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114430347A (en) * | 2022-01-31 | 2022-05-03 | 上海纽盾科技股份有限公司 | Security situation awareness defense method, device and system for network assets |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106934451A (en) * | 2015-12-29 | 2017-07-07 | 扬州大学 | A kind of BP neural network WSN forest fire crime prevention systems based on ant group optimization |
| CN108573517A (en) * | 2018-04-04 | 2018-09-25 | 浙江大学 | A kind of ant colony analogy method inspired by biology rule |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9536192B2 (en) * | 2014-06-23 | 2017-01-03 | International Business Machines Corporation | Solving vehicle routing problems using evolutionary computing techniques |
| CN107528850A (en) * | 2017-09-05 | 2017-12-29 | 西北大学 | A kind of optimal prevention policies analysis system and method based on improvement ant group algorithm |
| CN109871578B (en) * | 2019-01-08 | 2020-05-05 | 郑州轻工业学院 | Satellite cabin layout method based on ant colony labor division |
| CN110727943B (en) * | 2019-10-11 | 2022-08-16 | 中山职业技术学院 | Intrusion detection method and device |
| CN111125694B (en) * | 2019-12-20 | 2023-01-20 | 杭州安恒信息技术股份有限公司 | Threat information analysis method and system based on ant colony algorithm |
-
2020
- 2020-08-06 CN CN202010780394.2A patent/CN111741025B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106934451A (en) * | 2015-12-29 | 2017-07-07 | 扬州大学 | A kind of BP neural network WSN forest fire crime prevention systems based on ant group optimization |
| CN108573517A (en) * | 2018-04-04 | 2018-09-25 | 浙江大学 | A kind of ant colony analogy method inspired by biology rule |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111741025A (en) | 2020-10-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112769825A (en) | Network security guarantee method, system and computer storage medium | |
| US7127441B2 (en) | System and method for using agent-based distributed case-based reasoning to manage a computer network | |
| CN112887268B (en) | Network security guarantee method and system based on comprehensive detection and identification | |
| CN107817756A (en) | Networking DNC system target range design method | |
| CN103563302A (en) | Network asset information management | |
| CN112766672A (en) | Network security guarantee method and system based on comprehensive evaluation | |
| Haack et al. | Ant-based cyber security | |
| Fenet et al. | A distributed Intrusion Detection and Response System based on mobile autonomous agents using social insects communication paradigm | |
| US20210075810A1 (en) | Tracking host threats in a network and enforcing threat policy actions for the host threats | |
| CN112052607A (en) | Intelligent penetration testing method and device for power grid equipment and system | |
| CN114499982A (en) | Honey net dynamic configuration strategy generating method, configuration method and storage medium | |
| CN111741025B (en) | Network security active defense method, storage medium and system based on digital ant colony | |
| CN117614741B (en) | Network security vulnerability position detection method and system | |
| CN101867571A (en) | Intelligent network intrusion defensive system based on collaboration of a plurality of mobile agents | |
| Herrero et al. | Multiagent systems for network intrusion detection: A review | |
| CN101834847A (en) | Network intrusion prevention system based on multi-mobile agents and data mining technology | |
| Sen et al. | On holistic multi-step cyberattack detection via a graph-based correlation approach | |
| JP2023050189A (en) | Threat control method and system | |
| CA3226148A1 (en) | Cyber security system utilizing interactions between detected and hypothesize cyber-incidents | |
| Azab et al. | Bio-inspired evolutionary sensory system for cyber-physical system defense | |
| Khobragade et al. | Distributed intrusion detection system using mobile agent | |
| CN113867932A (en) | Method for detecting system problems and method for dispensing micro-mist | |
| Sampath et al. | Intrusion detection in software defined networking using genetic algorithm | |
| Eid et al. | LAMAIDS: A Lightweight Adaptive Mobile Agent-based Intrusion Detection System. | |
| Martovytskyi et al. | Technology for monitoring the functioning state of distributed computer systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |