CN112202722A - Intrusion detection method - Google Patents
Intrusion detection method Download PDFInfo
- Publication number
- CN112202722A CN112202722A CN202010937092.1A CN202010937092A CN112202722A CN 112202722 A CN112202722 A CN 112202722A CN 202010937092 A CN202010937092 A CN 202010937092A CN 112202722 A CN112202722 A CN 112202722A
- Authority
- CN
- China
- Prior art keywords
- data
- detection model
- detected
- detection
- training
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
The application discloses an intrusion detection method, which comprises the following steps: performing character-level preprocessing on a first data set to be detected acquired from a protection system to obtain training input data; inputting the training input data to a detection model to be trained based on a time convolution neural network, calculating a loss function, and training the time convolution neural network to obtain a detection model; and carrying out intrusion detection by using a detection model, acquiring misjudgment data within a period of time, and updating the detection model by using the misjudgment data. The method has the advantages that through character-level preprocessing of a first data set to be detected, data formats of different data sources are kept consistent, original information is kept, different features can be extracted by combining a time convolution neural network technology, and robustness is high; training the time convolution neural network by using training input data to obtain a detection model, acquiring misjudgment data within a period of time, and updating the detection model by using the misjudgment data to enhance timeliness.
Description
Technical Field
The application relates to the technical field of intrusion detection, in particular to an intrusion detection method.
Background
In the face of information flood in networks nowadays, common security measures often become the first line of protection lines for guarding internet security. For example, a common firewall performs protection and verification between an external network and an internal network, performs verification, filtering, and permission on access operations, and performs encrypted transmission of information using an encryption algorithm and an encryption key. However, these first guard lines all belong to static or passive defense strategies, cannot deeply excavate the detection object, and have a very weak protection effect on unknown attacks. The intrusion detection system is used as a second protective line for network security, and can perform active dynamic detection action on the system through the constructed detection model, so that the existing security system is more perfect.
However, a general intrusion detection system needs to collect a large amount of behavior data, and a pattern expert performs statistical analysis on the behavior data to find behavior features, adds a tag comparison library, or utilizes a data mining and machine learning algorithm to abstract and extract the features first, and trains and detects the features by using an algorithm model to judge the security. However, the above traditional construction method depends on the extraction and selection operations of features, and different algorithms also depend on different features, which greatly affects the detection effect and cannot guarantee the timeliness and robustness of the detection algorithm.
In summary, it is desirable to provide a detection method capable of detecting different intrusion data with high robustness and long timeliness.
Disclosure of Invention
In order to solve the above problems, the present application provides an intrusion detection method, which obtains training input data by performing character-level preprocessing on a first data set to be detected, trains a time convolutional neural network to obtain a detection model, obtains misjudgment data within a period of time, and updates the detection model using the misjudgment data.
Specifically, the present invention provides an intrusion detection method, including:
performing character-level preprocessing on a first data set to be detected acquired from a protection system to obtain training input data;
inputting the training input data to a detection model to be trained based on a time convolution neural network, calculating a loss function, and training the time convolution neural network to obtain a detection model;
and carrying out intrusion detection by using a detection model, acquiring misjudgment data within a period of time, and updating the detection model by using the misjudgment data.
Preferably, the character-level preprocessing is performed on the first to-be-detected data set acquired from the protection system to obtain training input data, and includes:
counting data information of each first data to be detected in the first data set to be detected to generate a character table;
and uniformly converting the characters and numerical data in the data information into a vector matrix in a unique hot coded data format according to a character table to obtain the training input data.
Preferably, the detection model is based on a time convolutional neural network, including: expanding the network structure of causal convolution, Dropout, residual chaining, and batch normalization, the fully-connected layer uses a partial connection of the top-level nodes.
Preferably, the calculating a loss function, training the time convolution neural network, includes:
calculating the loss by using the cross entropy as a loss function;
and performing optimization training on the detection model to be trained by using an Adam optimization algorithm according to the obtained loss.
Preferably, the intrusion detection using the detection model includes:
preprocessing second data to be detected in the protection system, and inputting the preprocessed second data to be detected into a detection model to detect intrusion behaviors to obtain a detection result;
and if the abnormal behavior is detected, starting a response strategy.
Preferably, the misjudgment data includes the second data to be detected corresponding to false alarm and false negative alarm of the detection model.
Preferably, the updating the detection model using the misjudgment data includes:
adding the misjudgment data into the first data set to be detected to obtain an updated data set;
and preprocessing the data in the updated data set, inputting the preprocessed data into a detection model, and training and updating the detection model.
Preferably, the first dataset to be detected comprises: network traffic and data in the host log.
Preferably, the data comprises: mode information and a fixed protocol format or call sequence.
The application has the advantages that: by performing character-level preprocessing on the first data set to be detected, the data formats of different data sources can be kept consistent, original information can be greatly kept as model input, meanwhile, different features can be extracted by combining a time convolution neural network technology, and the robustness is high; the obtained training input data are used, the time convolution neural network is trained to obtain a detection model, misjudgment data in a period of time are obtained, the misjudgment data are used for updating the detection model, and timeliness of the detection method can be enhanced.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating preferred embodiments and are not to be construed as limiting the application. Also, like reference numerals are used to denote like parts throughout the drawings. In the drawings:
FIG. 1 is a schematic diagram illustrating steps of an intrusion detection method provided herein;
FIG. 2 is a flow chart diagram of an intrusion detection method provided herein;
fig. 3 is a schematic diagram of data source format information of an intrusion detection method provided in the present application;
FIG. 4 is a schematic diagram illustrating a preprocessing flow of an intrusion detection method according to the present application;
FIG. 5 is a block diagram of a TCN fabric of an intrusion detection method provided herein;
FIG. 6 is a schematic structural diagram of a detection model of an intrusion detection method provided in the present application;
fig. 7 is a schematic diagram of an intrusion detection system provided by the present application.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
According to an embodiment of the present application, an intrusion detection method is provided, as shown in fig. 1, including:
s101, performing character-level preprocessing on a first to-be-detected data set acquired from a protection system to obtain training input data;
s102, inputting training input data into a to-be-trained detection model based on a time Convolutional neural Network (TCN), calculating a loss function, and training the time Convolutional neural Network to obtain a detection model;
s103, intrusion detection is carried out by using the detection model, misjudgment data in a period of time are obtained, and the detection model is updated by using the misjudgment data.
The method comprises the following steps of performing character-level preprocessing on a first to-be-detected data set acquired from a protection system to obtain training input data, wherein the character-level preprocessing comprises the following steps:
counting data information of each first data to be detected in the first data set to be detected to generate a character table;
and uniformly converting the characters and numerical data in the data information into a vector matrix in a unique hot coded data format according to the character table to obtain training input data.
The detection model is based on a time convolution neural network, and comprises: expanding the network structure of causal convolution, Dropout, residual chaining, and batch normalization, the fully-connected layer uses a partial connection of the top-level nodes.
Calculating a loss function, training a time convolution neural network, comprising:
calculating the loss using cross entropy (CrossEntropy) as a loss function;
and performing optimization training on the detection model to be trained by using an Adam optimization algorithm according to the obtained loss.
Using a detection model for intrusion detection, comprising:
preprocessing second data to be detected in the protection system, and inputting the preprocessed second data to be detected into a detection model to detect intrusion behaviors to obtain a detection result;
and if the abnormal behavior is detected, starting a response strategy.
The misjudgment data comprises second data to be detected corresponding to false alarm and false negative alarm of the detection model.
Updating the detection model using the false positive data, comprising:
adding the misjudged data into the first data set to be detected to obtain an updated data set;
and preprocessing the data in the updated data set, inputting the preprocessed data into the detection model, and training and updating the detection model.
The first dataset to be detected comprises: network traffic and data in the host log.
The data includes: mode information and a fixed protocol format or call sequence.
Preferably, the extended causal convolution, Dropout, residual linkage and batch normalization are used as the basis for construction of the detection model.
In the network structure for expanding causal convolution, the receptive field in the top layer structure can cover all input data, the full-connection layer does not use a general neuron full-connection mode any more, and a partial connection mode of top-layer nodes is adopted, so that the overall model parameter quantity and the model size can be reduced.
Next, as shown in fig. 2, the embodiment of the present application will be described in further detail.
The data source to be detected can come from network flow and host logs according to different detection systems, and the data to be detected comprises: a fixed protocol format or call sequence, and mode information. The mode information is abnormal or non-abnormal information of the data.
For the input data source being network data, the format and information thereof are shown in fig. 3, and have fixed protocol characteristics and traffic characteristics. And counting the information of the input data (to-be-detected data) to form a character table. Vectorizing each character in the data according to the formed character table to obtain training input data in a vector matrix form, and finishing character-level coding preprocessing. When the sequence length of the data to be detected is l and the length of the character table is n, the input matrix is x epsilon Rl×n。
As shown in fig. 4, the data to be detected (the first data to be detected) in the protection system is subjected to character-level preprocessing to form a character table, and characters and numerical data in the data information are uniformly converted into a vector matrix in the format of unique hot coded data according to the character table, so that a consistent data format is obtained and used as training input data of the detection model.
Character-level data preprocessing uses the same processing flow for different source data.
The full-link layer uses a partial connection mode of top-level nodes by using the expansion causal convolution, Dropout, residual error linkage and batch standardization as a construction basis of a detection model based on a time convolution neural network.
And inputting training input data with normal behavior and abnormal behavior labels into the detection model to learn mode information.
The embodiment of the application can use loss functions of various convolutional neural networks and an optimization algorithm to train a detection model, and preferably, cross entropy is used as the loss function to calculate loss; and performing optimization training on the detection model to be trained by using an Adam optimization algorithm according to the obtained loss.
And obtaining the detection model after the detection model to be trained reaches the expected threshold value of the evaluation index.
Carrying out real-time intrusion detection on the protection system by using the detection model, preprocessing real-time data to be detected (second data to be detected) obtained by the protection system in operation, and inputting the preprocessed real-time data to be detected into the detection model to carry out intrusion behavior detection so as to obtain a detection result; and if the abnormal behavior is detected, starting a response strategy.
After the protection system is used for a period of time, the protection system is periodically upgraded and used for inputting new data obtained by the protection system in operation into the detection model to finish detection judgment, meanwhile, the record of errors forms a new training data set (an updating data set) according to misjudgment data in the second generation detection data set, and the detection model is updated and improved.
The period of time may be set as desired, such as days, weeks, months, etc.
The update data set includes new misjudgment data.
As shown in fig. 5, using the extended causal convolution, batch-standard process, Dropout is used as the basic time-convolved neural network structure block (TCN structure block) with ReLu as the activation function. Using the expansion coefficient design with 2 power increments of a layer, as shown in fig. 6, taking the use of 4 TCN structure blocks as an example, the expansion coefficient of TCN structure block 1 is 1, the expansion coefficient of TCN structure block 2 is 2, the expansion coefficient of TCN structure block 3 is 4, and the expansion coefficient of TCN structure block 4 is 8. And adding residual connection between each structural block to complete the whole model building.
The expansion causal convolution layer with the targeted design is used, batch standardization, Dropout and residual connection design are combined, and a partially connected structure is used in a full connection layer, so that the whole detection algorithm model has strong feature extraction capability on data from different sources, the parameter quantity is reduced, the training convergence speed is high, and the capability of light weight deployment is realized; through periodic upgrading, intrusion judgment is carried out on new data to be detected, response operation is carried out simultaneously, and for data judged abnormally, recording is carried out, training data set is added again, fine tuning training is carried out on the detection model again, so that updating is carried out, and timeliness and effectiveness of the detection method can be improved.
According to an embodiment of the present application, there is also provided an intrusion detection system, as shown in fig. 7, including:
the device comprises a preprocessing module 101, a detection module and a data processing module, wherein the preprocessing module 101 is used for performing character-level preprocessing on a first data set to be detected acquired from a protection system to obtain training input data;
the model training module 102 is used for inputting training input data to a detection model to be trained based on a time convolution neural network, calculating a loss function, and training the time convolution neural network to obtain a detection model;
and the detection updating module 103 is configured to perform intrusion detection by using the detection model, acquire misjudgment data within a period of time, and update the detection model by using the misjudgment data.
A pre-processing module comprising:
the character table unit is used for counting data information of each first data to be detected in the first data set to be detected and generating a character table;
and the conversion unit is used for uniformly converting the characters and numerical data in the data information into a vector matrix in a unique heat coding data format according to the character table to obtain training input data.
The detection model is based on a time convolution neural network, and comprises: expanding the network structure of causal convolution, Dropout, residual chaining, and batch normalization, the fully-connected layer uses a partial connection of the top-level nodes.
The model training module is specifically used for calculating a loss function according to training input data, training a time convolution neural network, and calculating loss by using cross entropy as the loss function; and performing optimization training on the detection model to be trained by using an Adam optimization algorithm according to the obtained loss.
A detection update module comprising:
the detection unit is used for preprocessing second data to be detected in the protection system and inputting the preprocessed second data to be detected into the detection model to detect the intrusion behavior, so that a detection result is obtained, and if the detection result is abnormal behavior, a response strategy is started;
and the updating unit is used for acquiring misjudged data within a period of time after the intrusion detection is carried out by using the detection model, adding the misjudged data into the first data set to be detected to obtain an updated data set, preprocessing the data in the updated data set, inputting the preprocessed data into the detection model, and training and updating the detection model.
The misjudgment data comprises second data to be detected corresponding to false alarm and false negative alarm of the detection model.
The first dataset to be detected comprises: network traffic and data in the host log.
The data includes: mode information and a fixed protocol format or call sequence.
According to the method, through character-level preprocessing of the first to-be-detected data sets of different data sources, data formats of the different data sources can be kept consistent, original information can be greatly kept to be used as model input, meanwhile, a high-efficiency and autonomous detection algorithm model is built by combining a time convolution neural network technology, different features can be extracted, optimization is carried out on the aspects of algorithm parameters and size, and the robustness is high; the method has the advantages that training input data are obtained through the use, the time convolution neural network is trained to obtain the detection model, misjudgment data in data to be detected, which are collected regularly, are used for fine adjustment and updating of the detection model, effectiveness and timeliness of the detection method are greatly guaranteed, the method is suitable for protection of various intrusion detection systems, burden of people in the intrusion detection systems can be relieved, the capability of guaranteeing system safety can be further improved, and high efficiency and intelligence are achieved.
The above description is only for the preferred embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (9)
1. An intrusion detection method, comprising:
performing character-level preprocessing on a first data set to be detected acquired from a protection system to obtain training input data;
inputting the training input data to a detection model to be trained based on a time convolution neural network, calculating a loss function, and training the time convolution neural network to obtain a detection model;
and carrying out intrusion detection by using a detection model, acquiring misjudgment data within a period of time, and updating the detection model by using the misjudgment data.
2. The method of claim 1, wherein the character-level preprocessing of the first to-be-detected data set obtained from the guard system to obtain training input data comprises:
counting data information of each first data to be detected in the first data set to be detected to generate a character table;
and uniformly converting the characters and numerical data in the data information into a vector matrix in a unique hot coded data format according to a character table to obtain the training input data.
3. The method of claim 1, wherein the detection model is based on a time convolutional neural network, comprising: expanding the network structure of causal convolution, Dropout, residual chaining, and batch normalization, the fully-connected layer uses a partial connection of the top-level nodes.
4. The method of claim 1, wherein the calculating a loss function, training a time convolutional neural network, comprises:
calculating the loss by using the cross entropy as a loss function;
and performing optimization training on the detection model to be trained by using an Adam optimization algorithm according to the obtained loss.
5. The method of claim 1, wherein the using the detection model for intrusion detection comprises:
preprocessing second data to be detected in the protection system, and inputting the preprocessed second data to be detected into a detection model to detect intrusion behaviors to obtain a detection result;
and if the abnormal behavior is detected, starting a response strategy.
6. The method of claim 1, wherein the misjudgment data comprises second data to be detected corresponding to false positives and false negatives of the detection model.
7. The method of claim 1, wherein the updating the detection model using false positive data comprises:
adding the misjudgment data into the first data set to be detected to obtain an updated data set;
and preprocessing the data in the updated data set, inputting the preprocessed data into a detection model, and training and updating the detection model.
8. The method of claim 1, wherein the first set of data to be detected comprises: network traffic and data in the host log.
9. The method of claim 8, wherein the data comprises: mode information and a fixed protocol format or call sequence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010937092.1A CN112202722A (en) | 2020-09-08 | 2020-09-08 | Intrusion detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010937092.1A CN112202722A (en) | 2020-09-08 | 2020-09-08 | Intrusion detection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112202722A true CN112202722A (en) | 2021-01-08 |
Family
ID=74005995
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010937092.1A Pending CN112202722A (en) | 2020-09-08 | 2020-09-08 | Intrusion detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112202722A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112887304A (en) * | 2021-01-25 | 2021-06-01 | 山东省计算中心(国家超级计算济南中心) | WEB application intrusion detection method and system based on character-level neural network |
| CN112887302A (en) * | 2021-01-22 | 2021-06-01 | 中汽创智科技有限公司 | Automobile controller local area network bus intrusion detection method and system |
| CN113132399A (en) * | 2021-04-23 | 2021-07-16 | 中国石油大学(华东) | Industrial control system intrusion detection method based on time convolution network and transfer learning |
| CN113472791A (en) * | 2021-06-30 | 2021-10-01 | 深信服科技股份有限公司 | Attack detection method and device, electronic equipment and readable storage medium |
| CN114785608A (en) * | 2022-05-09 | 2022-07-22 | 中国石油大学(华东) | Industrial control network intrusion detection method based on decentralized federal learning |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108347430A (en) * | 2018-01-05 | 2018-07-31 | 国网山东省电力公司济宁供电公司 | Network invasion monitoring based on deep learning and vulnerability scanning method and device |
| CN109379379A (en) * | 2018-12-06 | 2019-02-22 | 中国民航大学 | Based on the network inbreak detection method for improving convolutional neural networks |
| CN110188397A (en) * | 2019-05-06 | 2019-08-30 | 南瑞集团有限公司 | A kind of coated by ice of overhead power transmission line prediction model and method |
| CN111314329A (en) * | 2020-02-03 | 2020-06-19 | 杭州迪普科技股份有限公司 | Traffic intrusion detection system and method |
-
2020
- 2020-09-08 CN CN202010937092.1A patent/CN112202722A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108347430A (en) * | 2018-01-05 | 2018-07-31 | 国网山东省电力公司济宁供电公司 | Network invasion monitoring based on deep learning and vulnerability scanning method and device |
| CN109379379A (en) * | 2018-12-06 | 2019-02-22 | 中国民航大学 | Based on the network inbreak detection method for improving convolutional neural networks |
| CN110188397A (en) * | 2019-05-06 | 2019-08-30 | 南瑞集团有限公司 | A kind of coated by ice of overhead power transmission line prediction model and method |
| CN111314329A (en) * | 2020-02-03 | 2020-06-19 | 杭州迪普科技股份有限公司 | Traffic intrusion detection system and method |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112887302A (en) * | 2021-01-22 | 2021-06-01 | 中汽创智科技有限公司 | Automobile controller local area network bus intrusion detection method and system |
| CN112887304A (en) * | 2021-01-25 | 2021-06-01 | 山东省计算中心(国家超级计算济南中心) | WEB application intrusion detection method and system based on character-level neural network |
| CN112887304B (en) * | 2021-01-25 | 2022-12-30 | 山东省计算中心(国家超级计算济南中心) | WEB application intrusion detection method and system based on character-level neural network |
| CN113132399A (en) * | 2021-04-23 | 2021-07-16 | 中国石油大学(华东) | Industrial control system intrusion detection method based on time convolution network and transfer learning |
| CN113472791A (en) * | 2021-06-30 | 2021-10-01 | 深信服科技股份有限公司 | Attack detection method and device, electronic equipment and readable storage medium |
| CN114785608A (en) * | 2022-05-09 | 2022-07-22 | 中国石油大学(华东) | Industrial control network intrusion detection method based on decentralized federal learning |
| CN114785608B (en) * | 2022-05-09 | 2023-08-15 | 中国石油大学(华东) | Industrial control network intrusion detection method based on decentralised federal learning |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112202722A (en) | Intrusion detection method | |
| Zheng et al. | Raw wind data preprocessing: A data-mining approach | |
| Kalech | Cyber-attack detection in SCADA systems using temporal pattern recognition techniques | |
| CN112987675B (en) | Method, device, computer equipment and medium for anomaly detection | |
| Faisal et al. | Data-stream-based intrusion detection system for advanced metering infrastructure in smart grid: A feasibility study | |
| KR102088509B1 (en) | Method and apparatus for detection of anomaly on computer system | |
| CN110677437A (en) | User disguised attack detection method and system based on potential space countermeasure clustering | |
| CN109861825B (en) | Internal attack detection method based on weighting rule and consistency in CPS system | |
| CN110865625A (en) | Process data anomaly detection method based on time series | |
| CN116405326B (en) | Information security management method and system based on block chain | |
| CN111698241A (en) | Internet of things cloud platform system, verification method and data management method | |
| Ahmadi et al. | A new false data injection attack detection model for cyberattack resilient energy forecasting | |
| CN110011990A (en) | Intranet security threatens intelligent analysis method | |
| CN111125750A (en) | Database watermark embedding and detecting method and system based on double-layer ellipse model | |
| CN115277189A (en) | Unsupervised intrusion flow detection and identification method based on generative countermeasure network | |
| CN112187730A (en) | Intrusion detection system | |
| CN114090408A (en) | Data monitoring and analyzing method and device, computer equipment and storage medium | |
| CN117176433A (en) | Abnormal behavior detection system and method for network data | |
| CN116545679A (en) | Industrial situation security basic framework and network attack behavior feature analysis method | |
| CN113259122B (en) | Full-scene network security intelligent decision handling method based on artificial intelligence | |
| Agbaje et al. | A Framework for Consistent and Repeatable Controller Area Network IDS Evaluation | |
| CN110650130B (en) | Industrial control intrusion detection method based on multi-classification GoogLeNet-LSTM model | |
| Yan et al. | Cyberattack Detection for Cyber Physical Systems Security–A Preliminary Study. | |
| Qin et al. | Multi-View Graph Contrastive Learning for Multivariate Time Series Anomaly Detection in IoT | |
| CN115865458B (en) | Network attack behavior detection method, system and terminal based on LSTM and GAT algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210108 |