CN113055388B - Deep packet detection method and system based on generation countermeasure network - Google Patents

Deep packet detection method and system based on generation countermeasure network Download PDF

Info

Publication number
CN113055388B
CN113055388B CN202110279259.4A CN202110279259A CN113055388B CN 113055388 B CN113055388 B CN 113055388B CN 202110279259 A CN202110279259 A CN 202110279259A CN 113055388 B CN113055388 B CN 113055388B
Authority
CN
China
Prior art keywords
dpi
network
gan
deep packet
traffic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110279259.4A
Other languages
Chinese (zh)
Other versions
CN113055388A (en
Inventor
戴锦友
余少华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fiberhome Telecommunication Technologies Co Ltd
Original Assignee
Fiberhome Telecommunication Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fiberhome Telecommunication Technologies Co Ltd filed Critical Fiberhome Telecommunication Technologies Co Ltd
Priority to CN202110279259.4A priority Critical patent/CN113055388B/en
Publication of CN113055388A publication Critical patent/CN113055388A/en
Application granted granted Critical
Publication of CN113055388B publication Critical patent/CN113055388B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Biophysics (AREA)
  • Molecular Biology (AREA)
  • Biomedical Technology (AREA)
  • Artificial Intelligence (AREA)
  • General Physics & Mathematics (AREA)
  • Computational Linguistics (AREA)
  • Software Systems (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a deep packet detection system based on a generation countermeasure network, which comprises the following steps: dividing a current policy rule base into a first set A and a second set B; a generating network G in the DPI-L-GAN accepts as input the first set A and traffic characteristics F mined from actual network traffic, a generating network G of the DPI-E-GAN accepts as input the first set A and traffic characteristics F mined from actual network traffic and a simulated network traffic S generated by a simulated traffic generator, the generating network G of the DPI-L-GAN and the DPI-E-GAN based on the corresponding inputs to generate a new rule policy Rn; rn and a second set B input a decision network D of DPI-L-GAN and DPI-E-GAN to determine the logical validity of the generation rule policy; evaluating Rn by using S to judge the functional effectiveness of Rn; and adding the effective Rn into the strategy rule base, and simultaneously checking and updating the strategy rule base. The deep packet inspection system is more intelligent and has stronger expandability. The invention also provides a corresponding deep packet detection method based on the generation countermeasure network.

Description

Deep packet detection method and system based on generation countermeasure network
Technical Field
The invention belongs to the technical field of data communication networks, and particularly relates to a deep packet detection method and system based on a generation countermeasure network.
Background
The continuous development of the internet makes the network become more and more complex, the operation and maintenance management of the network become more difficult, and the problem of network security becomes more and more prominent. Various network attack traffic causes harm to the network, various network garbage floods the network, and the network resources are consumed while the network is harmful but not beneficial, which require corresponding technologies and tools for discrimination and inhibition. At the same time, the traffic in the internet is very diverse and requires technologies and tools to accurately perceive and classify to provide better management and service.
Deep Packet Inspection (Deep Packet Inspection), often referred to simply as DPI, is one such class of techniques. The so-called "depth" is compared with the ordinary message analysis level, and the ordinary message detection "only analyzes the content below the layer 4 of the IP packet, including the source address, the destination address, the source port, the destination port and the protocol type, and the DPI technology is based on the analysis of the two-layer to seven-layer network protocols, and can realize the accurate perception of the data in the network, thereby realizing the accurate grasp of the current situation of the network.
The traditional DPI technology is widely applied to the existing network and plays an important role. However, the current mainstream DPI technology also has obvious defects that the matching with the current situation of network traffic is not accurate enough and not real-time enough. Since the policy rule base of DPI is manually configured, it is essentially static and unchanging over a period of time. However, network traffic is always in a changing state, especially active harmful traffic, and often pretends to escape detection of the DPI, so that the DPI cannot cope with the continuously changing network traffic depending on a static policy rule base. Especially application features above layer 4, there is usually no corresponding standard to specify the application layer features so that the application layer features can be changed without restriction. Although the emphasis of deep packet inspection is to summarize application features and identify traffic according to the application features, the conventional deep packet inspection is not careful in the face of frequently varying application features.
Disclosure of Invention
In view of the above defects or improvement requirements of the prior art, the present invention provides a deep packet inspection based on a generative countermeasure network, which organically combines a machine learning technique and a deep packet inspection technique, thereby improving the functions and performances of the deep packet inspection technique and improving the application effect of the deep packet inspection technique.
To achieve the above object, according to one aspect of the present invention, there is provided a deep packet inspection system based on a generative countermeasure network, comprising:
adding a local generation countermeasure network DPI-L-GAN component in a DPI node; adding a feature mining feature in an assembly DPI engine of a DPI system; adding two components of an enhanced generation countermeasure network DPI-E-GAN and an analog traffic generator in a DPI control plane;
dividing a current policy rule base into a first set A and a second set B; a generating network G in the DPI-L-GAN accepts as input the first set A and traffic characteristics F mined from actual network traffic, a generating network G of the DPI-E-GAN accepts as input the first set A and traffic characteristics F mined from actual network traffic and a simulated network traffic S generated by a simulated traffic generator, the generating network G of the DPI-L-GAN and the DPI-E-GAN based on the corresponding inputs to generate a new rule policy Rn; rn and a second set B input a decision network D of DPI-L-GAN and DPI-E-GAN to determine the logical validity of the generation network;
evaluating Rn by utilizing S to judge the functional effectiveness of the Rn; and adding the effective Rn into the strategy rule base, and simultaneously checking and updating the strategy rule base.
In one embodiment of the invention, the local DPI-L-GAN is used as a proxy of the enhanced DPI-E-GAN on the DPI entity to realize the embodiment of the rule strategy generated by the DPI-E-GAN on the DPI entity.
In an embodiment of the invention, the feature mining function is configured to mine actual network traffic features F that are not covered in the current policy rule base.
In one embodiment of the invention, the generation network G is responsible for generating samples and the discrimination network D is responsible for discriminating samples.
In one embodiment of the present invention, the policy rule base defines general rules for deep packet inspection, and each entry in the policy rule base contains a set of flow description information and operations, and each flow description information is composed of elements, operators, values and attributes.
According to another aspect of the present invention, there is also provided a detection method based on the deep packet inspection system for creating a countermeasure network, including:
(1) when the flow enters the DPI node, scanning and analyzing based on the existing strategy rule base R;
(2) if the matched rules exist, the operation in the strategy rule base is executed;
(3) if no matched rule exists, performing feature mining, and sending mining results to a local generation countermeasure network DPI-L-GAN and an enhanced generation countermeasure network DPI-E-GAN for training to generate a new rule Rn;
(4) after the new rule is generated, the new rule is jointly analyzed and optimized with other rules, and the flow returns to the scanning stage for re-detection.
In one embodiment of the present invention, in the step (4), if the DPI system is configured to "the new rule needs to be confirmed", the network management system is reported for operation and maintenance confirmation.
In one embodiment of the present invention, in the step (1), the features of the flow rate are imaged, each group of features is represented by binary, and all the features are collected into one image.
In one embodiment of the invention, a discrete form of the feature is retained in said step (1) and a discrete derivative of the feature is defined, the discrete derivative being defined as a curve fit: a smooth curve fit is used between the discrete points and the derivative is defined as the slope of the tangent to the curve.
In one embodiment of the invention, a discrete form of the feature is retained in said step (1) and discrete derivatives of the feature are defined, the discrete derivatives being defined as a polyline fit: and (3) inserting n points between the two points according to the distribution condition of the points to obtain n +2 points, and taking the slope average value of n +1 line segments between the n +2 points as a derivative result.
Generally, compared with the prior art, the technical scheme of the invention has the following beneficial effects:
(1) the deep packet inspection system is more intelligent and has stronger expandability;
(2) the strategy rule base of the deep packet inspection system is more accurate and real-time;
(3) real-time changing network traffic can also be sensed and identified by the deep packet inspection system.
Drawings
FIG. 1 is a main flow chart of the deep packet inspection method based on generation of a countermeasure network of the present invention;
FIG. 2 is a general model of a conventional deep packet inspection technique;
FIG. 3 is a model of the present invention after modifying the conventional deep packet inspection method;
FIG. 4 is a general model for generating a countermeasure network;
FIG. 5 is a model of DPI-GAN of the present invention;
FIG. 6 is an example of a policy rule base for a deep packet inspection system.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
The current deep packet inspection DPI technology and method are based on known rules configured manually for inspection, network traffic, especially active harmful traffic, adopts a frequent mutation method to avoid inspection of a deep packet inspection system, and a known strategy rule base is matched with real-time traffic, so that time and digital signature deviation exists, and a deep packet inspection result is incorrect and not real-time.
Artificial intelligence techniques including machine learning have come up with a new fast development phase, which brings a chance to solve the above-mentioned problems of DPI techniques. If the strategy rule base moves along with the network flow by means of the machine learning technology, the state of the network flow is adapted in real time, so that the strategy rule base is dynamically and accurately matched with the network flow in real time, and the method of the DPI is difficult to escape even if the active flow packages the strategy rule base. The machine learning technology and the deep packet inspection technology are organically combined, so that the function and performance of the deep packet inspection technology can be improved, and the application effect of the deep packet inspection technology is improved. It is an object of the present patent application to enhance the real-time, automation, and accuracy of deep packet inspection techniques using machine learning.
The deep packet inspection technology is an indispensable technology in the network, plays an important role, and is also an indispensable technology in the network in the future. However, the evolution and development of the network also expose the defects of the traditional deep packet inspection technology, and other technologies and methods are needed to be improved, so that the method can effectively make up the defects of the traditional deep packet inspection technology, and the deep packet inspection technology can better adapt to the change of the network.
The technical problem to be solved by the invention is as follows:
(1) the current deep packet inspection technology and method are based on known rules configured manually for inspection;
(2) network traffic, particularly active harmful traffic, adopts a frequent mutation method to escape detection of a deep packet inspection system;
(3) the time and digital signature deviation exists on the matching of the known strategy rule base and the real-time flow, so that the detection result of the deep packet is incorrect and not real-time.
The invention aims to solve the three problems of the traditional deep packet inspection technology, and the core for solving the problems is the linkage of the strategy rule base and the network flow, in other words, the strategy rule base does not only depend on manual configuration any more, but also depends on the autonomous learning of the deep packet inspection system, and the strategy rule base is continuously and autonomously expanded and perfected based on the existing strategy rule base and the current network flow, so that the strategy rule base is adapted to the current network flow condition in real time.
The technical scheme for realizing the aim is as follows:
(1) adding a local generation countermeasure network (DPI-L-GAN) component in the DPI node;
(2) adding a feature mining feature in an assembly DPI engine of a DPI system;
(3) adding two components of a network for enhancing generation countermeasure (DPI-E-GAN) and an analog flow generator (S) in a DPI control plane;
(4) dividing a current policy rule base into a first set A and a second set B;
(5) inputting the first set A and the mined network traffic characteristics F into a generation network G of the DPI-L-GAN, and inputting the first set A and the mined network traffic characteristics F and the simulated network traffic S generated by the simulated traffic generator into the generation network G of the DPI-E-GAN to generate a new rule strategy Rn;
(6) rn and a second set B input a decision network D of DPI-L-GAN and DPI-E-GAN to determine the logical validity of the generation network;
(7) evaluating Rn by using S to judge the functional effectiveness of Rn;
(8) and adding the effective Rn into the strategy rule base, and simultaneously checking and updating the strategy rule base.
Fig. 1 is a main process for implementing a deep packet inspection method based on a generated countermeasure network, which mainly includes the following steps, first, a deep packet inspection system based on a generated countermeasure network is established:
(1) dividing the list items in the manually configured strategy rule base into two subsets A and B, wherein A faces to a generation network G, and B faces to a discrimination network D;
(2) designing a local generation countermeasure network DPI-L-GAN in a DPI node, training G according to a set A, and training D according to a set B;
(3) generating an enhanced countermeasure network DPI-E-GAN at the control plane design, and similarly training G according to the set A and training D according to the set B;
(4) designing a flow simulation generator on a control plane, wherein the simulation network flow generated by the simulator is represented by S, and the S participates in training G and D;
(5) continuously training two GANs to generate a new rule strategy Rn;
(6) evaluating the generated new rule by using the simulated network traffic generated by the simulated traffic generator;
(7) the local DPI-L-GAN can also be used as an agent of the enhanced DPI-E-GAN on the DPI entity to realize the embodiment of the rule generated by the DPI-E-GAN on the DPI entity;
(8) and adding a feature mining sub-engine in the DPI engine to mine the actual network traffic features F which are not covered in the current policy rule base.
Based on the deep packet inspection system for generating the countermeasure network, DPI inspection can be performed on network traffic, and specifically, the deep packet inspection system includes:
(9) when the flow enters the DPI node, scanning and analyzing based on the existing strategy rule base R;
(10) if the matched rules exist, the operation in the strategy rule base is executed;
(11) if no matched rule exists, performing feature mining, and sending the mining result to the local GAN and the enhanced GAN training to generate a new rule Rn;
(12) after the new rule is generated, the new rule is analyzed and optimized in combination with other rules, if the DPI system is configured to 'the new rule needs to be confirmed', the new rule needs to be reported to a network management system for operation and maintenance confirmation, and the flow returns to the scanning stage for re-detection.
Fig. 2 illustrates a general logical structure of a conventional deep packet inspection method.
The whole DPI system comprises three layers of a data plane, a control plane and a management plane, but the DPI function is physically realized mainly by a DPI node function entity in the data plane. The control plane is used for leading and generating a strategy rule base, and the management plane performs the functions of management, operation and maintenance of the whole system. The DPI node functional entity mainly comprises three components: a local policy decision function (maintain policy rule base), a policy rule base, and a DPI engine. The DPI engine is composed of a scanning sub-engine, an analysis sub-engine and an operation execution sub-engine. The scanning sub-engine is responsible for scanning the data packet and generating a plurality of characteristic segments, the analysis sub-engine analyzes the characteristics of the data packet by combining the strategy rule base, and the operation execution sub-engine executes corresponding characteristics according to the results of the analysis sub-engine.
Fig. 3 depicts the logical structure of the method after modification for conventional deep packet inspection. The above-mentioned modification is mainly embodied in the following four aspects.
Firstly, a feature mining sub-engine is added in the DPI engine, and the function of the sub-engine is to extract features which are not in the policy rule base according to the condition of a data packet so as to prepare for generating a new policy rule base table entry.
Secondly, a local generation countermeasure network DPI-L-GAN is added in the DPI node functional entity, the aim of the DPI-L-GAN is generation of a new strategy rule, and the advantage of setting the DPI-L-GAN in the DPI node functional entity is that the DPI node functional entity can independently generate the new strategy rule.
Thirdly, an enhanced generation countermeasure network DPI-E-GAN is added on a control plane, the core function of the DPI-E-GAN is similar to that of the DPI-L-GAN, and a new strategy rule base table entry is generated, but the DPI-E-GAN is far stronger than that of the DPI-L-GAN due to the fact that the computation and storage resources of the control plane are far stronger than those of a DPI node functional entity.
And fourthly, a network flow simulator S is added on a control plane, the priori performance is poor only depending on actual network flow, training on the countermeasure network is not sufficient and real-time, the actual effect is not ideal, and the network flow simulator is utilized to generate enough network flow samples, so that training on the countermeasure network is powerfully generated, and the simulation test of the result is facilitated.
FIG. 4 depicts a general model for generating a countermeasure network.
The generation countermeasure network GAN mainly comprises a generation network G and a discrimination network D, wherein G is responsible for generating samples, and the generated samples are extremely similar to real samples as much as possible and are difficult to distinguish. And D is responsible for judging the sample, and distinguishing the real sample from the forged sample as much as possible, namely for the sample generated by G, D needs to go to the utmost to judge the sample generated by G as the forged sample, and when D cannot judge whether the sample generated by G is real or forged, the sample generated by G has the same effectiveness as the real sample.
Figure 5 illustrates that the model structure of DPI-L-GAN and DPI-E-GAN differs from the general model structure for generation of countermeasure networks, mainly in the following two points:
(1) the existing policy rule base is used as input for both G and D.
(2) The network traffic characteristics serve as input to G.
In addition, the method is also obviously different from general GAN in treatment mode:
first, for general GAN, D, the discrimination result is 50% (true or false), and the method is based on the similarity of the discrimination results of the true sample and the generated sample (if the discrimination result of the true sample is 40% on average, then the discrimination result of the generated sample is 40% if it is also, then the generated sample is considered to be valid).
Second, for feature processing, since the strongest processing object of GAN is an image and the feature is required to be continuously differentiable, whereas DPI features are not usually images, the method has two ways for this problem:
(1) the method comprises the following steps of (1) performing feature imaging, wherein a group of features are represented by a binary system, all the features are collected into an image, and then the general method of GAN can be adopted;
(2) the discrete form of the feature is preserved and the discrete derivatives of the feature are defined. Discrete derivatives are also defined by the following two methods:
a. and (3) curve fitting: a smooth curve fit is used between the discrete points and the derivative is defined as the slope of the tangent to the curve.
b. And (3) multi-section broken line fitting: and (3) inserting n points between the two points according to the distribution condition of the points to obtain n +2 points, and taking the slope average value of n +1 line segments between the n +2 points as a derivative result.
FIG. 6 depicts an example of a policy rules repository.
The policy rule base defines the general rules of deep packet inspection, and each entry in the base contains a set of flow description information (conditions) and operations (measures taken to satisfy the conditions). Each stream description information is composed of elements, operators, values, and attributes. For example, if the element is "VLAN", the operator is "<", and the value is "100", then the packet of "VLAN < 100" satisfies this condition, and the attribute is used for the extension of the flow description, and can be customized by the user, for example, to define whether the flow description information is "mandatory" or "optional".
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (10)

1. A deep packet inspection system based on a generative countermeasure network, comprising:
adding a local generation countermeasure network DPI-L-GAN component in a DPI node; adding a feature mining feature in an assembly DPI engine of a DPI system; adding two components of an enhanced generation countermeasure network DPI-E-GAN and an analog traffic generator in a DPI control plane;
dividing a current policy rule base into a first set A and a second set B; a generating network G in the DPI-L-GAN accepts as input the first set A and traffic characteristics F mined from actual network traffic, a generating network G of the DPI-E-GAN accepts as input the first set A and traffic characteristics F mined from actual network traffic and a simulated network traffic S generated by a simulated traffic generator, the generating network G of the DPI-L-GAN and DPI-E-GAN based on the corresponding inputs to generate a new rule policy Rn; rn and the second set B input a discriminative network D of DPI-L-GAN and DPI-E-GAN to determine the logical validity of the generated network;
evaluating Rn by using S to judge the functional effectiveness of Rn; and adding the effective Rn into the strategy rule base, and simultaneously checking and updating the strategy rule base.
2. The deep packet inspection system based on generation of a countermeasure network according to claim 1, characterized in that local DPI-L-GAN is used as a proxy on DPI entity to enhance DPI-E-GAN to implement the enforcement of rules policy of DPI-E-GAN generation on DPI entity.
3. The deep packet inspection system based on generation of a competing network according to claim 1 or 2, characterized in that said feature mining function component is used to mine actual network traffic features F not covered in the current policy rule base.
4. The deep packet inspection system based on generation countermeasure network as claimed in claim 1 or 2, wherein the generation network G is responsible for generating samples and the discrimination network D is responsible for discriminating samples.
5. The deep packet inspection system based on generation of countermeasure networks according to claim 1 or 2, characterized in that the policy rule base defines general rules of deep packet inspection, each entry in the base containing a set of flow description information and operations, each flow description information being composed of elements, operators, values and attributes.
6. The detection method of the deep packet inspection system based on the generation countermeasure network according to any one of claims 1 to 5, comprising:
(1) when the flow enters the DPI node, scanning and analyzing based on the existing strategy rule base R;
(2) if matched rules exist, the operation in the strategy rule base is executed;
(3) if no matched rule exists, performing feature mining, and sending mining results to a local generation countermeasure network DPI-L-GAN and an enhanced generation countermeasure network DPI-E-GAN for training to generate a new rule Rn;
(4) after the new rule is generated, the new rule is analyzed and optimized in a combined mode with other rules, and the flow returns to the scanning stage to be detected again.
7. The inspection method according to claim 6, wherein in step (4), if the DPI system is configured as "new rule needs to be confirmed", then reporting the network management system for operation and maintenance confirmation.
8. The method of claim 6, wherein in step (1), the flow features are imaged, each set of features is represented in binary, and all features are summed into one image.
9. The detection method according to claim 6, wherein a discrete form of the feature is retained in step (1) and a discrete derivative of the feature is defined, the discrete derivative being defined as a curve fit: a smooth curve fit is used between the discrete points and the derivative is defined as the slope of the tangent to the curve.
10. The detection method according to claim 6, wherein a discrete type of feature is retained in step (1) and a discrete derivative of the feature is defined, the discrete derivative being defined as a polyline fit: and (3) inserting n points between the two points according to the distribution condition of the points to obtain n +2 points, and taking the slope average value of n +1 line segments between the n +2 points as a derivative result.
CN202110279259.4A 2021-03-16 2021-03-16 Deep packet detection method and system based on generation countermeasure network Active CN113055388B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110279259.4A CN113055388B (en) 2021-03-16 2021-03-16 Deep packet detection method and system based on generation countermeasure network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110279259.4A CN113055388B (en) 2021-03-16 2021-03-16 Deep packet detection method and system based on generation countermeasure network

Publications (2)

Publication Number Publication Date
CN113055388A CN113055388A (en) 2021-06-29
CN113055388B true CN113055388B (en) 2022-06-03

Family

ID=76512795

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110279259.4A Active CN113055388B (en) 2021-03-16 2021-03-16 Deep packet detection method and system based on generation countermeasure network

Country Status (1)

Country Link
CN (1) CN113055388B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106301825A (en) * 2015-05-18 2017-01-04 中兴通讯股份有限公司 The generation method and device of DPI rule
CN109583497A (en) * 2018-11-29 2019-04-05 中电科嘉兴新型智慧城市科技发展有限公司 A kind of confrontation generates the quality of data rule generation method and system of network intelligence judgement
CN111953641A (en) * 2019-05-17 2020-11-17 瞻博网络公司 Classification of unknown network traffic

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190258953A1 (en) * 2018-01-23 2019-08-22 Ulrich Lang Method and system for determining policies, rules, and agent characteristics, for automating agents, and protection
WO2020180887A1 (en) * 2019-03-04 2020-09-10 Iocurrents, Inc. Near real-time detection and classification of machine anomalies using machine learning and artificial intelligence

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106301825A (en) * 2015-05-18 2017-01-04 中兴通讯股份有限公司 The generation method and device of DPI rule
CN109583497A (en) * 2018-11-29 2019-04-05 中电科嘉兴新型智慧城市科技发展有限公司 A kind of confrontation generates the quality of data rule generation method and system of network intelligence judgement
CN111953641A (en) * 2019-05-17 2020-11-17 瞻博网络公司 Classification of unknown network traffic

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PacketCGAN: Exploratory Study of Class Imbalance for Encrypted Traffic Classification Using CGAN;Pan Wang 等;《IEEE(ICC 2020 - 2020 IEEE International Conference on Communications (ICC))》;20200727;全文 *

Also Published As

Publication number Publication date
CN113055388A (en) 2021-06-29

Similar Documents

Publication Publication Date Title
Cvitić et al. Boosting-based DDoS detection in internet of things systems
CN111191767B (en) Vectorization-based malicious traffic attack type judging method
CN112468347B (en) Security management method and device for cloud platform, electronic equipment and storage medium
CN102420723A (en) Anomaly detection method for various kinds of intrusion
CN107819646A (en) A kind of net flow assorted system and method for distributed transmission
CN109743286A (en) A kind of IP type mark method and apparatus based on figure convolutional neural networks
Lin et al. Machine learning with variational autoencoder for imbalanced datasets in intrusion detection
CN110096013A (en) A kind of intrusion detection method and device of industrial control system
CN112884121A (en) Traffic identification method based on generation of confrontation deep convolutional network
CN111404768A (en) DPI recognition realization method and equipment
CN111478921A (en) Method, device and equipment for detecting communication of hidden channel
CN113055388B (en) Deep packet detection method and system based on generation countermeasure network
CN117914599A (en) Mobile network malicious traffic identification method based on graph neural network
Miller et al. The impact of different botnet flow feature subsets on prediction accuracy using supervised and unsupervised learning methods
CN113850282A (en) Traffic management method, system and device based on dynamic classification
CN107222343A (en) Dedicated network stream sorting technique based on SVMs
CN114866338B (en) Network security detection method and device and electronic equipment
CN1612135A (en) Invasion detection (protection) product and firewall product protocol identifying technology
CN104753934A (en) Method for separating known protocol multi-communication-parties data stream into point-to-point data stream
KR102497737B1 (en) A system and method for detecting undetected network intrusions types using generative adversarial network
Yang et al. Deep learning-based reverse method of binary protocol
CN114970680A (en) CNN + LSTM-based flow terminal real-time identification method and device
Karami et al. A novel centroids initialisation for K-means clustering in the presence of benign outliers
CN116318787B (en) Real-time intrusion detection method and system based on interpretable artificial intelligence
CN117596126B (en) Monitoring method for high-speed network abnormality in high-performance cluster

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant