CN112235288A - NDN network intrusion detection method based on GAN - Google Patents

NDN network intrusion detection method based on GAN Download PDF

Info

Publication number
CN112235288A
CN112235288A CN202011089853.9A CN202011089853A CN112235288A CN 112235288 A CN112235288 A CN 112235288A CN 202011089853 A CN202011089853 A CN 202011089853A CN 112235288 A CN112235288 A CN 112235288A
Authority
CN
China
Prior art keywords
network
data
ndn
attack
gan
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011089853.9A
Other languages
Chinese (zh)
Other versions
CN112235288B (en
Inventor
罗森林
魏继勋
潘丽敏
李班
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Technology BIT
Original Assignee
Beijing Institute of Technology BIT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Technology BIT filed Critical Beijing Institute of Technology BIT
Priority to CN202011089853.9A priority Critical patent/CN112235288B/en
Publication of CN112235288A publication Critical patent/CN112235288A/en
Application granted granted Critical
Publication of CN112235288B publication Critical patent/CN112235288B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2415Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on parametric or probabilistic models, e.g. based on likelihood ratio or false acceptance rate versus a false rejection rate
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/047Probabilistic or stochastic networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • General Physics & Mathematics (AREA)
  • Evolutionary Computation (AREA)
  • Computer Security & Cryptography (AREA)
  • Computational Linguistics (AREA)
  • Molecular Biology (AREA)
  • General Health & Medical Sciences (AREA)
  • Biophysics (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Probability & Statistics with Applications (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a GAN-based NDN network intrusion detection method, belonging to the technical field of computer and information science. The method mainly aims to solve the problems that in an NDN (named data networking) network, the generalization capability of a statistical method is poor, and intrusion detection aiming at CPA (cross-correlation analysis) attack and IFA (intrusion detection architecture) attack is difficult due to too little malicious flow sample data. Firstly, carrying out standardized preprocessing on statistical information acquired from NDN network routing nodes by using a variational Gaussian mixture model; secondly, performing data enhancement on the samples of the specific category by using a method based on conditional GAN, and expanding the number of malicious samples in the tabular data samples; then training a deep neural network classifier by using the enhanced data set; and finally, monitoring the traffic statistical information of the route by a classifier to judge the malicious intrusion attack type. The invention has better monitoring effect on CPA and IFA attacks.

Description

NDN network intrusion detection method based on GAN
Technical Field
The invention relates to a GAN-based NDN network intrusion detection method, belonging to the technical field of computer and information science.
Background
The existing TCP/IP network architecture takes an address as a core and takes a protection transmission path as a center, and the requirements of people on the safety, reliability and high efficiency of network data in the big data era are increasingly not met. To meet emerging communication needs from a fundamental level, future-oriented network architectures are receiving a great deal of attention. Among them, the Named Data Network (NDN) takes data as a center, turns the emphasis of communication from address to content, has the most potential to replace the TCP/IP network, and becomes the mainstream architecture of the future network.
NDN takes named data as a center, replaces an IP address, carries out route forwarding by using a data name and protects data instead of a channel. Each data packet is provided with a digital signature, and the integrity, the correctness and the data source of the data are effectively ensured by verifying information through the digital signature. Data can be found at any node in the NDN network, the addresses of the two transmission parties do not need to be known, and the two transmission parties do not establish a direct connection channel. The data is used as the center, and the security problems of information tampering, information deception and the like are solved from the architecture level by a mode of protecting the data through a digital signature. Compared with an IP (Internet protocol) architecture, the NDN network improves the security, but has potential safety attack hazards in the face of the complex situation of the Internet. Cache Pollution Attack (CPA) and flood Attack (IFA) are two most representative types of intrusion attacks.
1. Flood attack intrusion detection
The IFA attack targets the NDN router as an attack target, and sends an interest packet without content at a high speed in a short time aiming at a certain namespace, so as to exhaust the cache and bandwidth of the route, and make it difficult for a user to send or receive a data packet required by the user. If the attack duration is long, the entire NDN network eventually collapses.
When the IFA occurs, the number of interest packets is increased sharply, and the number of satisfied interest packets is decreased sharply. The intrusion detection method aiming at the IFA attack monitors an NDN routing interface in real time, analyzes the number of interest packets and data packets passing through a route in a period time and the dynamic change index of a routing cache table PIT, and judges whether the flooding attack occurs or not by using a statistical model. The existing statistical method has poor generalization capability and high misjudgment rate under the conditions of burst flow and hot content.
2. Cache pollution attack intrusion detection
The CPA attack aims at the cache of the NDN node, and makes the polluted content occupy the cache of the network node for a long time by requesting the content with low popularity for a long time at a low speed, so that the internal cache of the network node is controlled, the hit rate of a legal user is reduced, the time delay of obtaining the legal content is increased, and the NDN network performance is reduced.
When CPA attacks occur, the low prevalence of content in NDN networks increases. The intrusion detection method aiming at the CPA attack monitors the number of different interest packets in a specific time period in the NDN network, determines a threshold value based on an algorithm rule and judges whether cache pollution attack occurs or not. The method has better performance when the distance between a producer and a consumer is close, but low-speed malicious traffic has less proportion under a remote network environment, and the monitoring is difficult due to data imbalance.
In summary, in the existing NDN network intrusion detection method for IFA and CPA attacks, under the condition of a complex network, the generalization capability of the statistical method is poor, and the misjudgment rate of burst traffic is high; the data of the cached pollution flow is unbalanced, and the monitoring and the distinguishing are difficult. Therefore, the invention provides an NDN network intrusion detection method based on GAN.
Disclosure of Invention
The invention aims to solve the problems that the generalization capability of a statistical method is poor and the intrusion detection aiming at CPA attack and IFA attack is difficult due to too little malicious flow sample data in an NDN network, and provides a GAN-based NDN network intrusion detection method.
The design principle of the invention is as follows: firstly, carrying out standardized preprocessing on statistical information acquired from NDN network routing nodes by using a variational Gaussian mixture model; secondly, performing data enhancement on the samples of the specific category by using a method based on conditional GAN, and expanding the number of malicious samples in the tabular data samples; then training a deep neural network classifier by using the enhanced data set; and finally, monitoring the traffic statistical information of the route by a classifier to judge the malicious intrusion attack type.
The technical scheme of the invention is realized by the following steps:
step 1, preprocessing statistical information acquired from NDN network routing nodes.
Step 1.1, obtaining flow statistical Information of passing nodes in a statistical period from NDN routing, cache data (CS) of routing nodes, a Pending Interest Table (PIT) and a target Information Table (FIT).
Step 1.2, according to attack implementation time, dividing the flow samples obtained in step 1.1 into normal, CPA attack and IFA attack according to sampling time and routing node name
And step 1.3, processing the traffic classification statistical information obtained in step 1.2 according to a defined rule, and performing one-Hot coding processing on the classification label.
And step 1.4, carrying out standardization treatment on the numerical characteristics of the sample obtained in the step 1.3 by using a variational Gaussian mixture model.
And 2, performing data enhancement by using a GAN-based method, and expanding the number of malicious samples in the data samples.
And 2.1, generating an initial random sample by using random noise, and giving an initial classification as the input of the GAN generator.
And 2.2, sampling the real sample by adopting a logarithmic frequency method, and taking the sampled real attack sample and the output of the GAN generator as the input of the discriminator.
And 2.3, alternately training the discriminator network and the generator network by adopting a cross entropy loss function until a preset value is reached.
And 2.4, generating sample data of the specified attack type by using the generator model.
And 3, training the deep neural network classifier by using the enhanced data set.
And 3.1, taking the generated sample data and the original sample data as the input of a neural network classifier, and training the neural network classifier.
And 3.2, training by using an Adam optimizer to obtain a neural network classifier model.
And 4, monitoring the traffic statistical information of the route by the classifier to judge the malicious intrusion attack type, and quickly positioning the intrusion detection generation node according to the name and sampling time of the route node in the traffic information.
Advantageous effects
Compared with the flow statistic discrimination method based on the specific rule, the method can utilize the deep neural network to simultaneously process the multi-class characteristics to judge the CPA and IFA multi-class attacks, and has better generalization capability.
Compared with a BP neural network method, the method can expand data of a specific attack type by using a conditional GAN method, and reduces the misjudgment rate under an unbalanced data set.
Compared with a Bayesian network and deep neural network method, the method has a better modeling effect on sample characteristics with different distributions in the NDN network table type data.
Drawings
Fig. 1 is a diagram of an NDN network intrusion detection topology according to the present invention.
FIG. 2 is a diagram illustrating the data normalization process according to the present invention.
Fig. 3 is a flowchart of a GAN-based NDN network intrusion detection method according to the present invention.
Detailed Description
In order to better illustrate the objects and advantages of the present invention, embodiments of the method of the present invention are described in further detail below with reference to examples.
The data acquisition is to simulate the NDN network topology by using the NDNSIM, and acquire the traffic statistical information of each NDN route in the statistical period 3 s. A mesh topology network is constructed by 22 NDN routers and 36 links, and an optimal path forwarding strategy is adopted for route forwarding. The time delay of each link is set to 10ms, and the bandwidth is set to 1 Mbps. The cache capacity of each routing node is set to 100, and access requests are subjected to Zipf distribution by using an LFU as a cache replacement policy. The network topology is shown in figure 1.
Setting 5 normal consumers, 2 normal producers, 1 IFA attacker and 1 CPA attacker in the network, and then carrying out normal data network simulation and IFA attack, CPA attack and the mixed attack simulation of the two. The normal network simulation is carried out for 20min before each attack, and the attack time is 5 min. And finally, 33000 traffic statistical data samples passing through the router in unit time of normal network access 60min and various types of attack access 15min of 22 routers are obtained, wherein the class proportion is 8:1: 1. The sample data characteristics are shown in table 1.
TABLE 1 flow statistics
Figure BDA0002721743150000041
Figure BDA0002721743150000051
The experiment adopts the false alarm rate and the detection rate to evaluate the intrusion detection result of the method, the false alarm rate calculation method is shown as a formula 1, and the detection rate calculation method is shown as a formula 2:
Figure BDA0002721743150000052
Figure BDA0002721743150000053
the experimental equipment is a computer and a server, and the specific configuration of the computer is as follows: inter i9-9900K, a CPU (Central processing Unit) of 3.60GHz, an internal memory of 32G and an operating system of windows 10, 64 bits; the specific configuration of the server is as follows: e7-4820v4, RAM 256G, operating system is Linux Ubuntu 64 bit.
The specific process of the experiment is as follows:
step 1, discrete statistical information obtained from NDN network routing nodes is preprocessed.
Step 1.1, using the NDNSIM to simulate the network topology structure shown in fig. 1, and obtaining the NDN network traffic statistical data according to the above manner, the detailed characteristics are shown in table 1, and the method includes: the method comprises the steps of routing node name, counting time, the number of links of the route with other routes, the average time required for an interest packet to receive a corresponding content packet, the number of received interest packets, the number of received data packets, the average size of the received data packets, the number of sent interest packets, the number of sent data packets, the average size of the sent data packets, the number of satisfied interest packets, the number of cache data hits, the average cache persistence time, the length of a cache data queue at the current time, the number of PIT table updating entries, the number of PIT table entries at the current time, the number of PIT table overtime deletion entries and the number of target information table entries at the current time. Each sample data contains 18 features, and the total number is 33000, which is table type data.
And step 1.2, according to attack implementation time, dividing the flow samples obtained in the step 1.1 into normal, CPA attack and IFA attack according to sampling time and the name of the routing node, wherein the sample ratio is 8:1: 1.
And step 1.3, processing the traffic statistic information obtained in the step 1.2 according to a defined rule, wherein the Name and the Time are used as classification identifiers and are removed. Performing one-Hot coding on the classification label characteristicskK represents a class, and N is the totaldAnd (4) each category. Resulting in a tabular sample dataset C.
Step 1.4, the numerical characteristics in the data set C are standardized by using a Gaussian mixture model, and the numerical values are zoomed to an interval of [ -1,1]. For each column C in CiEstimating the number N of Gaussian modes of the column distribution by using a variation Gaussian mixture model (VGM), and carrying out one-Hot coding beta on the N modesk. The Gaussian mixture model obtained by learning is
Figure BDA0002721743150000061
Wherein, pikAs a weight, mukAnd phikIs the mean and standard deviation of the kth gaussian model. For each column CiEach value c ini,jCalculating the probability that it belongs to each of N Gaussian patterns
Figure BDA0002721743150000062
Figure BDA0002721743150000063
Selecting the Gaussian model with the maximum probability for standardization, and finally obtaining alpha as shown in formula (3)i,jThe one-Hot coding of the gaussian model used therewith replaces the original values, which are expressed as:
Figure BDA0002721743150000064
wherein
Figure BDA0002721743150000065
Representing the connected front and back vectors.
Figure BDA0002721743150000066
The preprocessed data set is recorded as R, and each row R in the final data set RjExpressed as a concatenation of the values with the one-Hot code:
Figure BDA0002721743150000067
wherein N iscRepresenting the number of columns of the data set C, the process is shown in fig. 2.
And 2, performing data enhancement by using a GAN-based method, and expanding the number of malicious samples in the data samples.
Step 2.1, generating a given random initial sample z ═ z with random noise z to N (0,1)1,z2,…,zNCAnd given an initial classification d as input to the GAN generator. Where d is the one-Hot encoding of the attack category. The output of the GAN generator is
Figure BDA0002721743150000068
Step 2.2, sampling the preprocessed real sample R by adopting a logarithmic frequency method, wherein the probability of sampling the normal flow sample is as follows: logarithm of the frequency of occurrence of normal flow samples. The probability of sampling other types of samples is the difference between 1 and the probability of sampling normal samples. The sampled samples are provided as inputs to a discriminator along with the output of the GAN generator.
And 2.3, using a discriminator network structure of PacMan to make a decision according to 8 original or generated samples in the same type of samples. And (3) alternately training the discriminator network D and the generator network G by adopting a cross entropy loss function and using an Adam optimizer until a preset value is reached. The loss function is defined as shown in equation (4):
Figure BDA0002721743150000069
step 2.4, generating sample data of the specified attack type by using the generator model, and generating a data set and recording the data set as: t issyn. Finally, the condition generator G (z, d) is represented as:
Figure BDA0002721743150000071
discriminator D (r)1,…,r8,d1,…,d8) Can be expressed as:
Figure BDA0002721743150000072
and 3, training a deep neural network classifier by using the enhanced data set.
And 3.1, fusing the generated sample data with the sample data preprocessed in the step 1 to serve as the input of the neural network classifier, and training a 5-layer deep neural network classifier. The neural network hidden layer activation function is a ReLUs function, and the output layer activation function adopts a SoftMax function.
And 3.2, training by using an Adam optimizer, inputting the enhanced data set, and finally obtaining the neural network classifier model, wherein the loss function is a mean square error function.
And 4, monitoring the traffic statistical information of the route by the classifier to judge the malicious intrusion attack type, and quickly positioning the intrusion detection generation node according to the name and sampling time of the route node in the traffic information.
The above detailed description is intended to illustrate the objects, aspects and advantages of the present invention, and it should be understood that the above detailed description is only exemplary of the present invention and is not intended to limit the scope of the present invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (3)

1. A NDN network intrusion detection method based on GAN is characterized by comprising the following steps:
step 1, preprocessing statistical Information acquired from NDN network routing nodes, firstly, acquiring flow statistical Information passing through the nodes in a statistical time interval from NDN routes and cache data (CS) of the routing nodes, a Pending Interest packet cache Table (PIT) and a target Information Table (FIT), then, dividing the acquired flow samples into normal, CPA attack and IFA attack according to attack implementation time and the sampling time and the names of the routing nodes, secondly, processing the acquired flow classified statistical Information according to a defined rule, performing one-Hot coding processing on classified labels, and finally, performing standardization processing on the numerical characteristics of the acquired samples by using a variational Gaussian mixture model;
step 2, using a GAN-based method to enhance data, expanding the number of malicious samples in the data samples, firstly, generating initial random samples by random noise, giving initial classification as the input of a GAN generator G (z, d), then, sampling real samples by adopting a logarithmic frequency method, using the sampled real attack samples and the output of the GAN generator as the input of a discriminator, secondly, adopting a cross entropy loss function to alternately train the discriminator network and the generator network until a preset value is reached, and finally, generating sample data of a specified attack type by using a generator model;
step 3, training the deep neural network classifier by using the enhanced data set, firstly, taking generated sample data and original sample data as input of the neural network classifier, training the neural network classifier, and then, training by using an Adam optimizer to obtain a neural network classifier model;
and 4, monitoring the traffic statistical information of the route by the classifier to judge the malicious intrusion attack type, and quickly positioning the intrusion detection generation node according to the name and sampling time of the route node in the traffic information.
2. The GAN-based NDN network intrusion detection method according to claim 1, wherein: the step 1 of carrying out standardization preprocessing on the extracted sample characteristics with different distribution of the 18 NDN routing node table types by using a variational Gaussian mixture model:
Figure FDA0002721743140000011
3. the GAN-based NDN network intrusion detection method according to claim 1, wherein: the definition of the generator network G (z, d) in step 2, in extending the data of the NDN network specific attack type by applying the conditional GAN method.
CN202011089853.9A 2020-10-13 2020-10-13 NDN network intrusion detection method based on GAN Active CN112235288B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011089853.9A CN112235288B (en) 2020-10-13 2020-10-13 NDN network intrusion detection method based on GAN

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011089853.9A CN112235288B (en) 2020-10-13 2020-10-13 NDN network intrusion detection method based on GAN

Publications (2)

Publication Number Publication Date
CN112235288A true CN112235288A (en) 2021-01-15
CN112235288B CN112235288B (en) 2022-05-17

Family

ID=74112418

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011089853.9A Active CN112235288B (en) 2020-10-13 2020-10-13 NDN network intrusion detection method based on GAN

Country Status (1)

Country Link
CN (1) CN112235288B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112884121A (en) * 2021-02-05 2021-06-01 武汉纺织大学 Traffic identification method based on generation of confrontation deep convolutional network
CN113283476A (en) * 2021-04-27 2021-08-20 广东工业大学 Internet of things network intrusion detection method
CN113810385A (en) * 2021-08-26 2021-12-17 浙江工业大学 Network malicious flow detection and defense method for self-adaptive interference
CN113922985A (en) * 2021-09-03 2022-01-11 西南科技大学 Network intrusion detection method and system based on ensemble learning
CN114399029A (en) * 2022-01-14 2022-04-26 国网河北省电力有限公司电力科学研究院 Malicious traffic detection method based on GAN sample enhancement
CN115392453A (en) * 2022-08-18 2022-11-25 湖南工商大学 Data enhancement model training method, data enhancement method and related equipment

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120317616A1 (en) * 2011-06-09 2012-12-13 Samsung Electronics Co., Ltd. Node device and method to prevent overflow of pending interest table in name based network system
CN106131844A (en) * 2016-07-21 2016-11-16 江苏大学 The defence method of malicious requests interest packet attack in a kind of NDN
CN108429761A (en) * 2018-04-10 2018-08-21 北京交通大学 Resource adaptation resolution server ddos attack detects defence method in wisdom contract network
US20180288086A1 (en) * 2017-04-03 2018-10-04 Royal Bank Of Canada Systems and methods for cyberbot network detection
US10097566B1 (en) * 2015-07-31 2018-10-09 Amazon Technologies, Inc. Identifying targets of network attacks
CN110012019A (en) * 2019-04-11 2019-07-12 鸿秦(北京)科技有限公司 A kind of network inbreak detection method and device based on confrontation model
CN110113353A (en) * 2019-05-20 2019-08-09 桂林电子科技大学 A kind of intrusion detection method based on CVAE-GAN
CN110808945A (en) * 2019-09-11 2020-02-18 浙江大学 Network intrusion detection method in small sample scene based on meta-learning
CN111327611A (en) * 2020-02-17 2020-06-23 辽宁大学 Security protection method for multiple attacks in named data network
CN111447212A (en) * 2020-03-24 2020-07-24 哈尔滨工程大学 Method for generating and detecting APT (advanced persistent threat) attack sequence based on GAN (generic antigen network)

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120317616A1 (en) * 2011-06-09 2012-12-13 Samsung Electronics Co., Ltd. Node device and method to prevent overflow of pending interest table in name based network system
US10097566B1 (en) * 2015-07-31 2018-10-09 Amazon Technologies, Inc. Identifying targets of network attacks
CN106131844A (en) * 2016-07-21 2016-11-16 江苏大学 The defence method of malicious requests interest packet attack in a kind of NDN
US20180288086A1 (en) * 2017-04-03 2018-10-04 Royal Bank Of Canada Systems and methods for cyberbot network detection
CN108429761A (en) * 2018-04-10 2018-08-21 北京交通大学 Resource adaptation resolution server ddos attack detects defence method in wisdom contract network
CN110012019A (en) * 2019-04-11 2019-07-12 鸿秦(北京)科技有限公司 A kind of network inbreak detection method and device based on confrontation model
CN110113353A (en) * 2019-05-20 2019-08-09 桂林电子科技大学 A kind of intrusion detection method based on CVAE-GAN
CN110808945A (en) * 2019-09-11 2020-02-18 浙江大学 Network intrusion detection method in small sample scene based on meta-learning
CN111327611A (en) * 2020-02-17 2020-06-23 辽宁大学 Security protection method for multiple attacks in named data network
CN111447212A (en) * 2020-03-24 2020-07-24 哈尔滨工程大学 Method for generating and detecting APT (advanced persistent threat) attack sequence based on GAN (generic antigen network)

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
SHUOKANG HUANG,KAI LEI: "IGAN-IDS:An imabalanced generative adverarial network towards instrusion detection system in ad-hoc network", 《ELSEVIER》 *
朱大立等: "内容中心网络安全技术研究综述", 《信息安全学报》 *
王 鑫,王枫皓: "基于神经网络的NDN 入侵检测方法", 《通信技术》 *
赵雪峰等: "NDN中一种基于节点的攻击检测与防御机制", 《网络空间安全》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112884121A (en) * 2021-02-05 2021-06-01 武汉纺织大学 Traffic identification method based on generation of confrontation deep convolutional network
CN113283476A (en) * 2021-04-27 2021-08-20 广东工业大学 Internet of things network intrusion detection method
CN113283476B (en) * 2021-04-27 2023-10-10 广东工业大学 Internet of things network intrusion detection method
CN113810385A (en) * 2021-08-26 2021-12-17 浙江工业大学 Network malicious flow detection and defense method for self-adaptive interference
CN113810385B (en) * 2021-08-26 2023-02-14 浙江工业大学 Network malicious flow detection and defense method for self-adaptive interference
CN113922985A (en) * 2021-09-03 2022-01-11 西南科技大学 Network intrusion detection method and system based on ensemble learning
CN113922985B (en) * 2021-09-03 2023-10-31 西南科技大学 Network intrusion detection method and system based on ensemble learning
CN114399029A (en) * 2022-01-14 2022-04-26 国网河北省电力有限公司电力科学研究院 Malicious traffic detection method based on GAN sample enhancement
CN115392453A (en) * 2022-08-18 2022-11-25 湖南工商大学 Data enhancement model training method, data enhancement method and related equipment

Also Published As

Publication number Publication date
CN112235288B (en) 2022-05-17

Similar Documents

Publication Publication Date Title
CN112235288B (en) NDN network intrusion detection method based on GAN
CN112398779B (en) Network traffic data analysis method and system
Liu et al. DDoS attack detection scheme based on entropy and PSO-BP neural network in SDN
CN106713371B (en) Fast Flux botnet detection method based on DNS abnormal mining
CN107222491B (en) Intrusion detection rule creating method based on industrial control network variant attack
CN107370752B (en) Efficient remote control Trojan detection method
CN112434298B (en) Network threat detection system based on self-encoder integration
CN110868404B (en) Industrial control equipment automatic identification method based on TCP/IP fingerprint
CN113645182B (en) Denial of service attack random forest detection method based on secondary feature screening
Shen et al. Efficient fine-grained website fingerprinting via encrypted traffic analysis with deep learning
CN114629718A (en) Hidden malicious behavior detection method based on multi-model fusion
CN111600877A (en) LDoS attack detection method based on MF-Ada algorithm
Man et al. Cache Pollution Detection Method Based on GBDT in Information‐Centric Network
CN109120733B (en) Detection method for communication by using DNS (Domain name System)
CN112235254B (en) Rapid identification method for Tor network bridge in high-speed backbone network
CN112839051B (en) Encryption flow real-time classification method and device based on convolutional neural network
CN117914599A (en) Mobile network malicious traffic identification method based on graph neural network
CN110650157B (en) Fast-flux domain name detection method based on ensemble learning
CN116781341A (en) Decentralised network DDoS attack identification method based on large language model
Deng et al. Abnormal traffic detection of IoT terminals based on Bloom filter
CN114362972B (en) Botnet hybrid detection method and system based on flow abstract and graph sampling
Yue et al. A detection method for I-CIFA attack in NDN network
CN111654479A (en) Flooding attack detection method based on random forest and XGboost
Fu et al. Towards aggregated features: a novel proxy detection method using NetFlow data
CN115225353B (en) Attack detection method considering both DoS/DDoS flooding and slow HTTP DoS

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant