CN113162926B - KNN-based network attack detection attribute weight analysis method - Google Patents

KNN-based network attack detection attribute weight analysis method Download PDF

Info

Publication number
CN113162926B
CN113162926B CN202110419085.7A CN202110419085A CN113162926B CN 113162926 B CN113162926 B CN 113162926B CN 202110419085 A CN202110419085 A CN 202110419085A CN 113162926 B CN113162926 B CN 113162926B
Authority
CN
China
Prior art keywords
sample
knn
naming
file
knn model
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110419085.7A
Other languages
Chinese (zh)
Other versions
CN113162926A (en
Inventor
张留美
邓茜
王一川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Shiyou University
Original Assignee
Xian Shiyou University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Shiyou University filed Critical Xian Shiyou University
Priority to CN202110419085.7A priority Critical patent/CN113162926B/en
Publication of CN113162926A publication Critical patent/CN113162926A/en
Application granted granted Critical
Publication of CN113162926B publication Critical patent/CN113162926B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • General Physics & Mathematics (AREA)
  • Artificial Intelligence (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Evolutionary Computation (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Medical Informatics (AREA)
  • Evolutionary Biology (AREA)
  • Mathematical Physics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a KNN-based network attack detection attribute weight analysis method, which comprises the following steps: step 1, downloading a DDoS data set and recording as a sample A; step 2, processing the sample A obtained in the step 1, converting the sample A into a file with a suffix name of csv format, and naming the file as a sample I; step 3, classifying the label columns in the sample I obtained in the step 2 by 0 and 1; step 4, preprocessing the sample II obtained in the step 3 to obtain a sample V; and 5, dividing the sample five obtained in the step 4 into a training set and a testing set, inputting the training set into the KNN model for training, adjusting adjustable parameters to obtain a trained KNN model, inputting the testing set into the trained KNN model for testing, and checking the accuracy. The method solves the problems of low data processing speed and small amount of obtained information in the existing method.

Description

KNN-based network attack detection attribute weight analysis method
Technical Field
The invention belongs to the technical field of network attack detection, and relates to a KNN-based network attack detection attribute weight analysis method.
Background
With the rapid development and wide popularization of the internet, the types and the number of network intrusion are more and more, and network intrusion events occur more frequently. In the internet information era, the capability of a computer for processing information is accelerated, meanwhile, more and more network attacks aim at the personal information condition of the public, the network attacks cause social and economic losses and personal psychological panic, and the network security of individuals, enterprises and governments is more and more emphasized. A common attack mode in the network attack is a distributed denial of service attack, that is, a DDoS attack.
DDoS is one of the most important threats of the internet today. DDoS attacks refer to an attacker who sends a large number of continuous requests to an attack target by controlling a plurality of computers, so that the attack target cannot respond to a request for a legitimate user to normally access resources, and huge loss is brought to the attack target. The DDoS attack mainly aims at websites and servers, and resources of the servers are consumed, wherein the resources comprise a CPU (Central processing Unit), a memory, network bandwidth and the like. In addition, DDoS can attack network infrastructure, and through huge attack traffic including routers, switches and the like, the performance of a network where an attack target is located can be greatly reduced or even paralyzed.
The principle of DDoS attack can be understood as that an attacker hijacks and controls a large number of computers on a network by means of hackers, and attacks a target. Thus, such attacks are also referred to as distributed attacks. There are three common attack modes: the first is SYN Flood attack, three times of handshake of TCP protocol are utilized, because the request IP address is fake, the third time of handshake packet can not be confirmed, the server is always in a semi-connected state until the waiting queue is full, and the server can not provide normal service; the second is UDP Flood attack, which uses the non-connectivity of UDP to make the attack target unable to provide normal service by sending a large amount of UDP packets; the third is CC attack, which is generally used for website attack and makes the website unable to access normally by sending data packets.
For better specification of network security, analysis of DDoS data sets is required. And analyzing the effect of the attributes in the data set on the network security, and acquiring whether DDoS attack occurs in the target network. Common DDoS datasets are CAIDA DDoS attach 2007, CIC-IDS2018, KDD and the like. KDD Cup 99, for example, is a data set used to monitor for abnormal connections from normal connections. There are 41 attributes in the dataset and one label column. The 41 attributes can be divided into the basic characteristics of a TCP connection; content characteristics of the TCP connection; time-based network traffic statistics using a 2 second time window; the host features are used to evaluate attacks that last more than two seconds based on the statistical characteristics of the host's network traffic. Since KDD Cup 99 has the problem of class imbalance, NSL-KDD is a resampled version of the KDD Cup 99 dataset. Researchers need to select proper attributes for preprocessing according to actual needs and purposes of the researchers, and then select proper algorithms for analysis. Most researchers adopt data sets with the characteristics of small data volume, few attributes and the like, and the requirements can be met by selecting partial attributes and combining the traditional method. However, with the development of science and technology, the 5G technology and the gradual development of technologies such as the internet of things and artificial intelligence, the data set has larger and larger scale and more attributes, and a series of problems including low processing speed, low efficiency and small amount of obtained information can occur by using the traditional data processing method.
Disclosure of Invention
The invention aims to provide a KNN-based network attack detection attribute weight analysis method, which solves the problems of low data processing speed and small obtained information amount in the conventional method.
The technical scheme adopted by the invention is that a KNN-based network attack detection attribute weight analysis method is implemented according to the following steps:
step 1, downloading a DDoS data set and recording as a sample A;
step 2, processing the sample A obtained in the step 1, converting the sample A into a file with a suffix name of csv format, and naming the file as a sample I;
step 3, classifying the label columns in the sample I obtained in the step 2 by 0 and 1;
step 4, preprocessing the sample II obtained in the step 3 to obtain a sample V;
and 5, dividing the sample five obtained in the step 4 into a training set and a test set, inputting the training set into the KNN model for training, adjusting adjustable parameters to obtain a trained KNN model, inputting the test set into the trained KNN model for testing, and checking the accuracy.
The present invention is also characterized in that,
the specific process of the step 2 is as follows: and (2) opening the file for the sample A obtained in the step (1) in a read-only mode, removing a blank space of each line in the sample A, slicing the character string by using the separator, converting the character string into a file with the suffix name of csv format, and naming the file as sample one.
The specific process of the step 3 is as follows:
step 3.1, selecting protocal which is tcp and attack types which are DoS and normal data from the sample I obtained in the step 2, setting a label column of the normal data to be 1, setting a label column of the DoS attack to be 0, and naming the sample I as a sample II;
and 3.2, counting the number of normal flow and abnormal flow in the sample II obtained in the step 3.1, and displaying a histogram by means of matriplib.
The specific process of the step 4 is as follows:
step 4.1, reading the second sample obtained in the step 3 through a pandas function, and removing the separator in the step 2 to obtain a third sample;
step 4.2, checking the line number of the sample three obtained in the step 4.1 through shape, and taking the first 60% of lines as a sample four;
step 4.3, naming each attribute of the four samples obtained in the step 4.2, and carrying out normalization processing according to columns;
and 4.4, sequentially selecting each attribute and label column of the sample four processed in the step 4.3 to be marked as X and Y respectively, converting the X into a two-dimensional array and naming the two-dimensional array as X, converting the Y into a one-dimensional array and naming the one-dimensional array as Y, and splicing the X and the Y into a sample five.
The specific process of the step 5 is as follows:
step 5.1, defining the numerical values of weights and leaf _ size parameters in the KNN model;
step 5.2, dividing the sample five obtained in the step 4 into a training set and a testing set, inputting the training set into the KNN model for training, and sequentially taking values of n _ neighbors according to an integer custom range, wherein the highest accuracy in the custom range is the optimal KNN model;
and 5.3, inputting the test set in the step 5.2 into the optimal KNN model for testing, and checking the accuracy.
In step 5.2, the sample size ratio of the training set to the test set is 7: 3.
The network attack detection attribute weight analysis method based on KNN has the advantages that attack detection is carried out on a DDoS data set, partial attributes are selected for analysis, accuracy of each attribute is analyzed by means of a machine learning KNN model, the partial attributes with the highest accuracy are quickly selected, whether DDoS attack occurs or not can be timely detected, strong referential performance is achieved, data processing speed is high, and the obtained information amount is comprehensive.
Drawings
FIG. 1 is a flowchart of an algorithm in the KNN-based cyber attack detection attribute weight analysis method according to the present invention;
fig. 2 is a histogram of normal traffic and abnormal traffic in a statistical sample two in the KNN-based network attack detection attribute weight analysis method of the present invention.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.
The invention provides a KNN-based network attack detection attribute weight analysis method, which is implemented according to the following steps as shown in figure 1:
step 1, downloading a DDoS data set and recording as a sample A;
step 2, opening a file of the sample A obtained in the step 1 in a read-only mode, removing a blank of each line in the sample A, slicing the character string by using a separator, converting the character string into a file with a suffix name of csv format, and naming the file as a sample I;
step 3, classifying the label columns in the sample I obtained in the step 2 by 0 and 1;
step 3.1, selecting protocal as tcp from the sample one obtained in the step 2, wherein the attack type is DoS and normal data, setting the label column of the normal data as 1, and setting the label column of the DoS attack as 0, and naming the sample as sample two;
step 3.2, counting the number of normal flow and abnormal flow in the sample II obtained in the step 3.1, and displaying a histogram in a visualization manner by means of matplotlib.
Step 4, preprocessing the sample II obtained in the step 3 to obtain a sample V;
step 4.1, reading the second sample obtained in the step 3 through a pandas function, and removing the separator in the step 2 to obtain a third sample;
step 4.2, checking the line number of the sample three obtained in the step 4.1 through shape, and taking the first 60% of lines as a sample four;
step 4.3, naming each attribute of four samples obtained in the step 4.2 according to official introduction of a DDoS data set, and carrying out normalization processing according to columns;
4.4, sequentially selecting each attribute and each label column of the sample four processed in the step 4.3 as X and Y, converting the X into a two-dimensional array and naming the X, converting the Y into a one-dimensional array and naming the Y, and splicing the X and the Y into a sample five;
step 5, dividing the sample five obtained in the step 4 into a training set and a testing set, wherein the sample amount ratio of the training set to the testing set is 7:3, inputting the training set into a KNN model for training, adjusting adjustable parameters to obtain a trained KNN model, inputting the testing set into the trained KNN model for testing, and checking the accuracy;
step 5.1, defining the numerical values of weights and leaf _ size parameters in the KNN model;
step 5.2, dividing the sample five obtained in the step 4 into a training set and a testing set, inputting the training set into the KNN model for training, and sequentially taking values of n _ neighbors according to an integer custom range, wherein the highest accuracy in the custom range is the optimal KNN model;
and 5.3, inputting the test set in the step 5.2 into the optimal KNN model for testing, checking the accuracy, knowing the prediction effect of the KNN model according to the accuracy, and detecting whether DDoS attack occurs in time.
Examples
Step 1, downloading a DDoS Data set KDD99(Data Mining and Knowledge Discovery Cup 1999DataSet) and recording as a sample A;
step 2, opening a file of the sample A obtained in the step 1 in a read-only mode, removing a blank of each line in the sample A, slicing the character string by using a separator, converting the character string into a file with a suffix name of csv format, and naming the file as a sample I;
step 3.1, selecting data with protocal being tcp from the sample one obtained in the step 2, wherein the attack types are DoS and normal data, the label column of the normal data is set to be 1, and the label column of the DoS attack is set to be 0 and named as a sample two;
step 3.2, counting the number of the normal flow and the abnormal flow in the sample two obtained in the step 3.1, and displaying a histogram in a visualization manner by means of matriplit. pyplot, as shown in fig. 2, as can be seen from fig. 2, the abscissa displays the normal flow, the abnormal flow and the total flow, and the ordinate is the specific number of each flow, then the number of the normal flow is 768670, the number of the abnormal flow is 1074241, and the number of the total flow is 1842911;
step 4.1, reading the second sample obtained in the step 3 through a pandas function, and removing the separator in the step 2 to obtain a third sample;
step 4.2, checking the line number of the sample three obtained in the step 4.1 through shape, and taking the first 60% of lines as a sample four;
step 4.3, naming the attributes of four 41 samples obtained in the step 4.2 according to official introduction of the data set, carrying out normalization processing according to columns, and naming the 42 th column as attach _ type;
step 4.4, sequentially selecting four attributes of count, same _ srv _ rate, dst _ host _ seror _ rate, dst _ host _ srv _ seror _ rate and attack _ type columns as X and Y for the sample four processed in the step 4.3, converting X into a two-dimensional array and naming X, converting Y into a one-dimensional array and naming Y, and splicing X and Y into a sample five;
step 5.1, determining the values of weight and leaf _ size parameters in the KNN model, wherein the weight values have a uniform value and a distance, the results of prediction accuracy of the two values are very close to the influence, the trend of prediction accuracy of leaf _ size tends to be gentle after 29 and 30, in this embodiment, the weight is removed as 'uniform', and the leaf _ size is removed as 30;
step 5.2, dividing the sample five obtained in the step 4 into a training set and a testing set, wherein the sample amount ratio of the training set to the testing set is 7:3, inputting the training set into a KNN model for training, wherein n _ neighbors is 5, obtaining a trained KNN model, checking the accuracy rate, wherein the accuracy rate is 0.9981128890282283, and the running time is 1340.890951 seconds;
and 5.3, inputting the test set in the step 5.2 into the trained KNN model for testing, and checking the accuracy.
The run time is expressed as: if the second sample obtained in step 3 has N samples and each sample is characterized by a D-dimensional vector, all training samples need to be cycled through for prediction, with a time complexity of o (N). In addition, when the distance between two samples is calculated, the complexity depends on the characteristic dimension of the samples, and the time complexity is O (D); the attribute is only selected one at a time, the time complexity is O (1), the process of circulating samples is regarded as outer circulation, the distance between the samples is calculated and regarded as inner circulation, the time complexity is O (N x 1), D attributes are predicted, and the total time complexity is O (N x D).
Comparative example
Step 4.4, for the sample four processed in the step 4.3, randomly selecting num _ shells, num _ root, dst _ host _ srv _ diff _ host _ rate, srv _ diff _ host _ rate and attribute _ type columns as X and Y respectively, converting X into a two-dimensional array and naming X, converting Y into a one-dimensional array and naming Y, and splicing X and Y into a sample six;
step 5.2, dividing the sample six obtained in the step 4 into a training set and a test set, wherein the sample size ratio of the training set to the test set is 7:3, inputting the training set into a KNN model for training, and obtaining a trained KNN model by setting n _ neighbors to 5, wherein the accuracy is 0.8638808165824601, and the running time is 3248.227169 seconds;
the rest of the procedure is the same as in the example.
Therefore, the accuracy of the embodiment of the invention is improved by 15.528% compared with the accuracy of the embodiment of the invention in which four attributes are randomly selected and the running time is improved by 58.719%. The accuracy of DDoS attack attributes is respectively predicted by means of a machine learning KNN model, partial attributes with the highest accuracy can be quickly selected for a researcher, whether DDoS attack occurs or not is timely detected, and the method has strong referential performance.

Claims (2)

1. A network attack detection attribute weight analysis method based on KNN is characterized by being implemented according to the following steps:
step 1, downloading a DDoS data set and recording as a sample A;
step 2, processing the sample A obtained in the step 1, converting the sample A into a file with a suffix name of csv format, and naming the file as a sample I;
the specific process is as follows: opening the file of the sample A obtained in the step 1 in a read-only mode, removing a blank of each line in the sample A, slicing the character string by using a separator, converting the character string into a file with a suffix name of csv format, and naming the file as a sample I;
step 3, classifying the label columns in the sample I obtained in the step 2 by 0 and 1;
the specific process is as follows:
step 3.1, selecting protocal as tcp from the sample one obtained in the step 2, wherein the attack type is DoS and normal data, setting the label column of the normal flow as 1, and setting the label column of the DoS attack as 0, and naming the label column as a sample two;
step 3.2, counting the number of normal flow and abnormal flow in the sample II obtained in the step 3.1, and displaying a histogram in a visualization manner by means of matplotlib.
Step 4, preprocessing the sample II obtained in the step 3 to obtain a sample V;
the specific process is as follows:
step 4.1, reading the second sample obtained in the step 3 through a pandas function, and removing the separator in the step 2 to obtain a third sample;
step 4.2, checking the line number of the sample three obtained in the step 4.1 through shape, and taking the first 60% of lines as a sample four;
step 4.3, naming each attribute of the four samples obtained in the step 4.2, and carrying out normalization processing according to columns;
4.4, sequentially selecting each attribute and each label column of the sample four processed in the step 4.3 as X and Y, converting the X into a two-dimensional array and naming the X, converting the Y into a one-dimensional array and naming the Y, and splicing the X and the Y into a sample five;
step 5, dividing the sample five obtained in the step 4 into a training set and a testing set, inputting the training set into a KNN model for training, adjusting adjustable parameters to obtain a trained KNN model, inputting the testing set into the trained KNN model for testing, and checking the accuracy;
the specific process is as follows:
step 5.1, defining the numerical values of weights and leaf _ size parameters in the KNN model;
step 5.2, dividing the sample five obtained in the step 4 into a training set and a test set, inputting the training set into the KNN model for training, and sequentially taking values of n _ neighbors according to an integer custom range, wherein the highest accuracy in the custom range is the optimal KNN model;
and 5.3, inputting the test set in the step 5.2 into the optimal KNN model for testing, and checking the accuracy.
2. The KNN-based cyber attack detection attribute weight analysis method according to claim 1, wherein in the step 5.2, a sample size ratio of the training set to the test set is 7: 3.
CN202110419085.7A 2021-04-19 2021-04-19 KNN-based network attack detection attribute weight analysis method Active CN113162926B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110419085.7A CN113162926B (en) 2021-04-19 2021-04-19 KNN-based network attack detection attribute weight analysis method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110419085.7A CN113162926B (en) 2021-04-19 2021-04-19 KNN-based network attack detection attribute weight analysis method

Publications (2)

Publication Number Publication Date
CN113162926A CN113162926A (en) 2021-07-23
CN113162926B true CN113162926B (en) 2022-08-26

Family

ID=76868851

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110419085.7A Active CN113162926B (en) 2021-04-19 2021-04-19 KNN-based network attack detection attribute weight analysis method

Country Status (1)

Country Link
CN (1) CN113162926B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107423580A (en) * 2017-04-01 2017-12-01 吉林大学 Grand genomic fragment attribute reduction and sorting technique based on neighborhood rough set
CN108632279A (en) * 2018-05-08 2018-10-09 北京理工大学 A kind of multilayer method for detecting abnormality based on network flow
CN108769079A (en) * 2018-07-09 2018-11-06 四川大学 A kind of Web Intrusion Detection Techniques based on machine learning
CN109873833A (en) * 2019-03-11 2019-06-11 浙江工业大学 A kind of Data Injection Attacks detection method based on chi-Square measure KNN
CN110929801A (en) * 2019-12-02 2020-03-27 武汉大学 Improved Euclid distance KNN classification method and system
CN111598163A (en) * 2020-05-14 2020-08-28 中南大学 Stacking integrated learning mode-based radar HRRP target identification method
CN111614576A (en) * 2020-06-02 2020-09-01 国网山西省电力公司电力科学研究院 Network data traffic identification method and system based on wavelet analysis and support vector machine

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108289104B (en) * 2018-02-05 2020-07-17 重庆邮电大学 Industrial SDN network DDoS attack detection and mitigation method
CN110213280A (en) * 2019-06-10 2019-09-06 湘潭大学 Ddos attack detection method based on LDMDBF under a kind of SDN environment
CN112187752A (en) * 2020-09-18 2021-01-05 湖北大学 Intrusion detection classification method and device based on random forest

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107423580A (en) * 2017-04-01 2017-12-01 吉林大学 Grand genomic fragment attribute reduction and sorting technique based on neighborhood rough set
CN108632279A (en) * 2018-05-08 2018-10-09 北京理工大学 A kind of multilayer method for detecting abnormality based on network flow
CN108769079A (en) * 2018-07-09 2018-11-06 四川大学 A kind of Web Intrusion Detection Techniques based on machine learning
CN109873833A (en) * 2019-03-11 2019-06-11 浙江工业大学 A kind of Data Injection Attacks detection method based on chi-Square measure KNN
CN110929801A (en) * 2019-12-02 2020-03-27 武汉大学 Improved Euclid distance KNN classification method and system
CN111598163A (en) * 2020-05-14 2020-08-28 中南大学 Stacking integrated learning mode-based radar HRRP target identification method
CN111614576A (en) * 2020-06-02 2020-09-01 国网山西省电力公司电力科学研究院 Network data traffic identification method and system based on wavelet analysis and support vector machine

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于数据增强和模型更新的异常流量检测技术;张浩等;《信息网络安全》;20200210(第02期);全文 *
基于深度学习的入侵检测系统;董宁等;《网络安全技术与应用》;20201015(第10期);全文 *

Also Published As

Publication number Publication date
CN113162926A (en) 2021-07-23

Similar Documents

Publication Publication Date Title
Qu et al. A survey on the development of self-organizing maps for unsupervised intrusion detection
CN109450842B (en) Network malicious behavior recognition method based on neural network
Lin et al. Dynamic network anomaly detection system by using deep learning techniques
Ye et al. A DDoS attack detection method based on SVM in software defined network
CN106713371B (en) Fast Flux botnet detection method based on DNS abnormal mining
CN107592312B (en) Malicious software detection method based on network flow
Chen et al. An efficient network intrusion detection
CN112910929B (en) Malicious domain name detection method and device based on heterogeneous graph representation learning
CN102685145A (en) Domain name server (DNS) data packet-based bot-net domain name discovery method
CN107370752B (en) Efficient remote control Trojan detection method
Lei et al. Detecting malicious domains with behavioral modeling and graph embedding
WO2024065956A1 (en) Network abnormal behavior detection method based on data multi-dimensional entropy fingerprints
Feng et al. Towards learning-based, content-agnostic detection of social bot traffic
Patcha et al. Network anomaly detection with incomplete audit data
CN113408707A (en) Network encryption traffic identification method based on deep learning
Zhao et al. DDoS family: A novel perspective for massive types of DDoS attacks
Do et al. An Efficient Feature Extraction Method for Attack Classification in IoT Networks
Catak Two-layer malicious network flow detection system with sparse linear model based feature selection
CN111510438B (en) Management and control method for data classification of power internet of things terminal
CN110650157B (en) Fast-flux domain name detection method based on ensemble learning
Cui et al. CBSeq: A Channel-level Behavior Sequence For Encrypted Malware Traffic Detection
Niu et al. Using XGBoost to discover infected hosts based on HTTP traffic
CN113162926B (en) KNN-based network attack detection attribute weight analysis method
Yang et al. Botnet detection based on machine learning
Deng et al. Abnormal traffic detection of IoT terminals based on Bloom filter

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant