CN113536299A - Design method of intrusion detection system based on Bayesian neural network - Google Patents
Design method of intrusion detection system based on Bayesian neural network Download PDFInfo
- Publication number
- CN113536299A CN113536299A CN202110770677.3A CN202110770677A CN113536299A CN 113536299 A CN113536299 A CN 113536299A CN 202110770677 A CN202110770677 A CN 202110770677A CN 113536299 A CN113536299 A CN 113536299A
- Authority
- CN
- China
- Prior art keywords
- layer
- module
- data
- intrusion detection
- detection system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 52
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000013531 bayesian neural network Methods 0.000 title claims abstract description 20
- 238000013461 design Methods 0.000 title claims abstract description 11
- 238000012360 testing method Methods 0.000 claims abstract description 12
- 238000007781 pre-processing Methods 0.000 claims abstract description 6
- 230000006870 function Effects 0.000 claims description 32
- 238000013528 artificial neural network Methods 0.000 claims description 16
- 238000012549 training Methods 0.000 claims description 16
- 230000004913 activation Effects 0.000 claims description 12
- 238000005070 sampling Methods 0.000 claims description 10
- 238000004364 calculation method Methods 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 7
- 238000010606 normalization Methods 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 6
- 238000013398 bayesian method Methods 0.000 claims description 3
- 238000004806 packaging method and process Methods 0.000 claims description 3
- 238000005206 flow analysis Methods 0.000 claims description 2
- 230000007123 defense Effects 0.000 abstract description 2
- 238000004458 analytical method Methods 0.000 description 9
- 230000006399 behavior Effects 0.000 description 7
- 230000008901 benefit Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000001934 delay Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 230000002547 anomalous effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006403 short-term memory Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/29—Graphical models, e.g. Bayesian networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
- G06N3/084—Backpropagation, e.g. using gradient descent
Abstract
The invention provides a design method of an intrusion detection system based on a Bayesian neural network, wherein the intrusion detection system establishes, trains, verifies and tests a Bayesian neural network model after carrying out ETL, characteristic engineering and other related preliminary preprocessing on data, and carries out related parameter tuning work. The intrusion detection system adopts an unsupervised learning model, not only does not need label data, but also can detect unknown network attacks, and plays an especially important role in a network attack defense system.
Description
Technical Field
The invention belongs to the technical field of intrusion detection, and particularly relates to a design method of an intrusion detection system based on a Bayesian neural network.
Background
Attack events in the data of the Internet of vehicles and the Internet of things account for a small proportion of the whole, obvious data imbalance is reflected, some attack data are related before and after, namely, the attack data can be short-term or long-term, meanwhile, the actual attack modes are various, and label data are lacked, so that the intrusion detection and classification prediction of the data are difficult.
Intrusion detection, named enics, is the discovery of intrusion behavior. It collects information from several key points in computer network or computer system and analyzes them to find out if there is any behavior violating security policy and the sign of attack in the network or system. The combination of software and hardware that performs intrusion detection is an intrusion detection system. Unlike other security products, intrusion detection systems require more intelligence and must be able to analyze the resulting data and produce useful results. A qualified intrusion detection system can greatly simplify the work of an administrator and ensure the safe operation of a network. Intrusion detection systems can be classified into host-based intrusion detection systems and network-based intrusion detection systems according to the difference of the objects of the intrusion detection systems.
Firstly, a host intrusion detection module is installed on a protected machine based on a host large intrusion detection system, and information on the protected machine is collected specially. The information source can be a system log and a specific application log, or can capture specific processes and system calls, and the like. Through analysis of the information, it is determined whether an action is an intrusion action. Host-based intrusion detection systems typically protect the host on which the intrusion detection system is located. Disadvantages of host-based intrusion detection systems are: depending on the particular system platform. The user must develop the corresponding module for the different operating systems. Because there are many different operating systems in a network, it is difficult to ensure that each operating system has a corresponding host intrusion detection module, and one host intrusion detection module can only protect the local machine, so there is a great limitation in use. Furthermore, it requires installation on each machine, which is a significant investment for the user if the number of installations is large. However, the intrusion detection system is not limited by a network structure, and simultaneously can report the attack behavior more accurately by utilizing the functions provided by the operating system and combining with the anomaly analysis.
And secondly, the data source of the network-based intrusion detection system is a data packet on the network. The intrusion detection system achieves the purpose of obtaining information by detecting messages in the network. Generally, the detection method can only detect the message of the local device, and in order to monitor the messages of other devices, the network card needs to be set to a promiscuous mode to monitor all data packets in the local network segment and make a judgment. By placing an intrusion detection module in the network, we can monitor the data packets of the protected machine. The intrusion detection module may discover the protected machine first before it is about to be attacked. Network-based intrusion detection systems are typically tasked with protecting entire network segments. The network-based intrusion detection system has the advantages that: the network segment intrusion detection system is simple and convenient, the condition of the whole network segment can be monitored only by installing one or more systems on one network segment, and meanwhile, a special computer can be allocated to serve as an operation bearing machine of the network-based intrusion detection system, so that the load of a host running key services is not increased.
From the machine learning perspective, a hidden markov (HMM) model or a Long Short Term Memory (LSTM) model is often used to process time series data, but the hidden markov model is a model based on a homogeneous markov assumption, and the state at any time depends only on the state at the previous time, so it is not good to process and predict important events with long intervals and delays in the time series, whereas the LSTM model is mainly used for time series data with long intervals and delays, but is generally a supervised learning model.
Disclosure of Invention
The invention aims to solve the technical problems and provides a design method of an intrusion detection system based on a Bayesian neural network.
In order to achieve the purpose, the invention adopts the following technical scheme:
a design method of an intrusion detection system based on a Bayesian neural network comprises the following steps:
s1, reading normal network flow analysis data under the condition of no network attack;
s2, preprocessing data;
s3, compiling a coding layer module;
s4, compiling a Lambda unit module, wherein the Lambda unit module adopts a Lambda framework and provides calculation for the preprocessed data, meanwhile, the calculation result of the latest data is preliminarily displayed, and the acquired data passes through a coding layer and then is related to statistical characteristics;
s5, compiling a sampling layer module, and obtaining a sampling function according to the Lambda unit module and the statistical distribution set by the model;
s6, writing a decoding layer module, and taking the output of the sampling layer module as input;
s7, compiling a VLB module, wherein the VLB module adopts a variational Bayesian method and is used for calculating a loss function of the model, and normal network flow data, decoding layer output and Lambda unit module output are used as input of the VLB module;
s8, setting a loss function, an optimizer, a learning rate, batch data size and the like of the model, and training;
and S9, testing the trained model based on the normal network traffic data and the attack traffic data respectively.
Preferably, S2 includes:
s201: performing shuffle operation on original data to break up the arrangement sequence;
s202: dividing data after the shuffle operation into a training set, a verification set and a test set;
s203: and (4) carrying out mean/variance normalization processing on the training set, and carrying out normalization processing on the verification set and the test set based on the mean/variance of the training set in order to prevent data leakage.
Preferably, S3 specifically includes: writing an encoding layer module, setting the size of batch data as 100, setting the dimensionality of a first Dense layer as 256, dividing the dimensionality of a rear 5-layer hidden layer by 2, 4, 8, 16 and 32 respectively, using relu for each layer of activation function, setting the dimensionality of the last layer as 8, and having no activation function;
s4 specifically includes: writing Lambda modules, packaging functions into Layer objects through a Lamdba framework in TensorFlow, wherein the Layer objects are other calculation unit layers except a conventional Layer such as Dense, Conv, LSTM and the like, writing a plurality of Lambda modules, and respectively extracting a mean value and a log covariance of data after being processed by a coding Layer;
s5 specifically includes: compiling a sampling layer module, and taking the mean value and the log covariance obtained in S4 as input;
s6 specifically includes: a decoding layer module is written, the output of S5 is used as input, the decoding layer module corresponds to an encoding layer, the dimensionality of each Dense layer corresponds to the encoding layer to perform reverse operation, namely, the dimensionality of each hidden layer is divided by 32, 16, 8, 4 and 2, the dimensionality of the 2 nd layer from the last is 256, the activation function of each hidden layer uses relu, the dimensionality of the last layer is 115, and the activation function uses sigmoid;
s7 specifically includes: writing VLB module, and according to the assumption of independent same distribution, obtaining log of joint probability and expressing asAccording to Bayesian neural network theory, the formula can be rewritten asIn the present model, a priori probabilitiesAnd posterior probabilityUsing a gaussian distribution;
through the re-parametric technique, the KL divergence in the above equation can be derived, which facilitates the back propagation of the neural network, so that the loss function of the whole model can be written as:
Neural network technology has been studied for a long time in intrusion detection and is continuously developing. Early studies identified known network intrusions by training back-propagating neural networks, and further studies identified unknown network intrusion behaviors. Today's neural network technologies have been provided with quite powerful attack pattern analysis capabilities, and various other neural network architectures such as self-organizing feature mapping networks and the like are now proposed in an attempt to overcome several limiting drawbacks of back-propagation networks.
The processing of the neural network comprises two phases. The first stage aims at constructing a detector of an intrusion analysis model, training by using historical data representing user behaviors, and completing construction and assembly of a network; the second stage is the actual operation stage of the intrusion analysis model, and the network receives the input event data, compares the event data with the reference historical behavior, and judges the similarity or deviation of the event data and the reference historical behavior. In neural networks, the following methods are used to identify anomalous events: changing the state of the cell, changing the weight of the connection, adding or deleting a connection, while also providing the ability to gradually modify the defined normal mode.
Neural networks use fully connected networks to fit the data, which is equivalent to using multiple fully connected networks. When a neural network enters intrusion detection, in many cases, a system tends to form a certain unstable network structure, specific knowledge cannot be learned from training data, and the cause of the situation cannot be completely determined at present. In this configuration, the network fails to learn something for non-obvious reasons. Neural networks are easy to over-fit and have poor generalization; and no confidence can be given to the predicted results.
The bayesian neural network can be simply understood as regularization by introducing uncertainty to the weight of the neural network, and is also equivalent to predicting by integrating infinite groups of neural networks on a certain weight distribution. The bayesian neural network is different from a general neural network in that a weight parameter is a random variable rather than a certain value. That is, the Bayesian neural network fits the posterior distribution, as opposed to the traditional neural network that fits the label values using cross entropy, mse, etc. loss functions. The benefit of this is that overfitting is reduced.
Preferably, S8 specifically includes: according to the VLB module, inputting normal flow data, decoding layer output and Lambda module output as input of the VLB module, and setting a loss function of the model; the optimizer is set to RMSprop, and the initial learning rate is 1 e-7.
After the technical scheme is adopted, the invention has the following advantages:
the invention discloses a design method of an intrusion detection system based on a Bayesian neural network, wherein the intrusion detection system establishes, trains, verifies and tests a Bayesian neural network model after performing ETL, characteristic engineering and other related preliminary preprocessing on data, and performs related parameter tuning work. The intrusion detection system adopts an unsupervised learning model, not only does not need label data, but also can detect unknown network attacks, and plays an especially important role in a network attack defense system.
Drawings
Fig. 1 is a flowchart illustrating steps of a method for designing an intrusion detection system based on a bayesian neural network according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the following drawings and specific examples.
As shown in fig. 1, a method for designing an intrusion detection system based on a bayesian neural network includes the following steps:
s1, respectively reading and merging the normal traffic analysis data and the Mirai zombie traffic analysis data, wherein 1098677 pieces of traffic analysis data are totally provided in the embodiment, and the number of analysis fields of each piece of data is 115;
s2, preprocessing the data, wherein the preprocessing comprises the following steps:
s201: performing shuffle operation on original data to break up the arrangement sequence;
s202: dividing data after the shuffle operation into a training set, a verification set and a test set;
s203: carrying out mean value/variance normalization processing on the training set, and carrying out normalization processing on the verification set and the test set based on the mean value/variance of the training set in order to prevent data leakage;
s3, writing an encoding layer module, setting the size of batch data as 100, setting the dimensionality of a first Dense layer as 256, dividing the dimensionality of a rear 5-layer hidden layer by 2, 4, 8, 16 and 32 respectively, using relu for each layer of activation function, setting the dimensionality of the last layer as 8, and having no activation function;
s4, compiling Lambda unit modules, packaging functions into Layer objects through a Lamdba framework in TensorFlow, wherein the Layer objects are other calculation unit layers except a Dense Layer, a Conv Layer, a LSTM Layer and other conventional layers;
the Lambda unit module adopts a Lambda framework, provides calculation for the preprocessed data, simultaneously preliminarily displays the calculation result of the latest data, and obtains the relevant statistical characteristics of the data after passing through a coding layer;
s5, compiling a sampling layer module, taking the mean value and the log covariance obtained in the S4 as input, and obtaining a sampling function according to the Lambda unit module and the statistical distribution set by the model;
s6, writing a decoding layer module, taking the output of S5 as input, corresponding to a coding layer, and performing reverse operation on the dimensionality of each Dense layer corresponding to the coding layer respectively, namely dividing the dimensionality of each hidden layer by 32, 16, 8, 4 and 2 respectively, wherein the dimensionality of the 2 nd layer is 256, the activation function of each hidden layer uses relu, the dimensionality of the last layer is 115, and the activation function uses sigmoid;
s7, compiling a VLB module, wherein the VLB module adopts a variational Bayesian method and is used for calculating a loss function of the model, and normal network flow data, decoding layer output and Lambda unit module output are used as input of the VLB module;
according to the independent same distribution hypothesis, the joint probability log can be expressed asAccording to Bayesian neural network theory, the formula can be rewritten asIn the present model, a priori probabilitiesAnd posterior probabilityUsing a gaussian distribution;
through the re-parametric technique, the KL divergence in the above equation can be derived, which facilitates the back propagation of the neural network, so that the loss function of the whole model can be written as:
S8, setting a loss function, an optimizer, a learning rate, batch data size and the like of the model, and training;
in this embodiment, according to the VLB module, the input normal flow data, the output of the decoding layer, and the output of the Lambda module are used as the inputs of the VLB module, and the loss function of the model is set; setting an optimizer as RMSprop, and initializing the learning rate to 1 e-7;
and S9, testing the trained model based on the normal network traffic data and the attack traffic data respectively.
The model uses 16 million sample data for training and testing, and the intrusion detection system designed by the design method has the false alarm rate of 4.6% on normal flow and the detection rate of 92.5% on malicious flow. The sample data used for this example is Philips _ B120N10_ Baby _ Monitor.
The design method of the intrusion detection system provided by the invention establishes the unsupervised learning model of intrusion detection based on the Bayesian neural network, can be applied to the traditional network space security and can also be applied to the emerging intrusion detection of Internet of vehicles and Internet of things.
Other embodiments of the present invention than the preferred embodiments described above will be apparent to those skilled in the art from the present invention, and various changes and modifications can be made therein without departing from the spirit of the present invention as defined in the appended claims.
Claims (4)
1. A design method of an intrusion detection system based on a Bayesian neural network is characterized by comprising the following steps:
s1, reading normal network flow analysis data under the condition of no network attack;
s2, preprocessing data;
s3, compiling a coding layer module;
s4, compiling a Lambda unit module, wherein the Lambda unit module adopts a Lambda framework and provides calculation for the preprocessed data, meanwhile, the calculation result of the latest data is preliminarily displayed, and the acquired data passes through a coding layer and then is related to statistical characteristics;
s5, compiling a sampling layer module, and obtaining a sampling function according to the Lambda unit module and the statistical distribution set by the model;
s6, writing a decoding layer module, and taking the output of the sampling layer module as input;
s7, compiling a VLB module, wherein the VLB module adopts a variational Bayesian method and is used for calculating a loss function of the model, and normal network flow data, decoding layer output and Lambda unit module output are used as input of the VLB module;
s8, setting a loss function, an optimizer, a learning rate, batch data size and the like of the model, and training;
and S9, testing the trained model based on the normal network traffic data and the attack traffic data respectively.
2. The method for designing an intrusion detection system according to claim 1, wherein the step S2 includes:
s201: performing shuffle operation on original data to break up the arrangement sequence;
s202: dividing data after the shuffle operation into a training set, a verification set and a test set;
s203: and (4) carrying out mean/variance normalization processing on the training set, and carrying out normalization processing on the verification set and the test set based on the mean/variance of the training set in order to prevent data leakage.
3. The method for designing an intrusion detection system according to claim 1,
s3 specifically includes: writing an encoding layer module, setting the size of batch data as 100, setting the dimensionality of a first Dense layer as 256, dividing the dimensionality of a rear 5-layer hidden layer by 2, 4, 8, 16 and 32 respectively, using relu for each layer of activation function, setting the dimensionality of the last layer as 8, and having no activation function;
s4 specifically includes: writing Lambda modules, packaging functions into Layer objects through a Lamdba framework in TensorFlow, wherein the Layer objects are other calculation unit layers except a conventional Layer such as Dense, Conv, LSTM and the like, writing a plurality of Lambda modules, and respectively extracting a mean value and a log covariance of data after being processed by a coding Layer;
s5 specifically includes: compiling a sampling layer module, and taking the mean value and the log covariance obtained in S4 as input;
s6 specifically includes: a decoding layer module is written, the output of S5 is used as input, the decoding layer module corresponds to an encoding layer, the dimensionality of each Dense layer corresponds to the encoding layer to perform reverse operation, namely, the dimensionality of each hidden layer is divided by 32, 16, 8, 4 and 2, the dimensionality of the 2 nd layer from the last is 256, the activation function of each hidden layer uses relu, the dimensionality of the last layer is 115, and the activation function uses sigmoid;
s7 specifically includes: writing VLB module, and according to the assumption of independent same distribution, obtaining log of joint probability and expressing asAccording to Bayesian neural network theory, the formula can be rewritten asIn the present model, a priori probabilitiesAnd posterior probabilityUsing a gaussian distribution;
through the re-parametric technique, the KL divergence in the above equation can be derived, which facilitates the back propagation of the neural network, so that the loss function of the whole model can be written as:
4. The design method of the Bayesian neural network-based intrusion detection system according to claim 3,
s8 specifically includes: according to the VLB module, inputting normal flow data, decoding layer output and Lambda module output as input of the VLB module, and setting a loss function of the model; the optimizer is set to RMSprop, and the initial learning rate is 1 e-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110770677.3A CN113536299A (en) | 2021-07-08 | 2021-07-08 | Design method of intrusion detection system based on Bayesian neural network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110770677.3A CN113536299A (en) | 2021-07-08 | 2021-07-08 | Design method of intrusion detection system based on Bayesian neural network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113536299A true CN113536299A (en) | 2021-10-22 |
Family
ID=78098028
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110770677.3A Pending CN113536299A (en) | 2021-07-08 | 2021-07-08 | Design method of intrusion detection system based on Bayesian neural network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113536299A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113961922A (en) * | 2021-10-27 | 2022-01-21 | 浙江网安信创电子技术有限公司 | Malicious software behavior detection and classification system based on deep learning |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7181768B1 (en) * | 1999-10-28 | 2007-02-20 | Cigital | Computer intrusion detection system and method based on application monitoring |
CN101803337A (en) * | 2007-09-19 | 2010-08-11 | 阿尔卡特朗讯公司 | Intrusion detection method and system |
CN111277603A (en) * | 2020-02-03 | 2020-06-12 | 杭州迪普科技股份有限公司 | Unsupervised anomaly detection system and method |
CN111314331A (en) * | 2020-02-05 | 2020-06-19 | 北京中科研究院 | Unknown network attack detection method based on conditional variation self-encoder |
CN112165464A (en) * | 2020-09-15 | 2021-01-01 | 江南大学 | Industrial control hybrid intrusion detection method based on deep learning |
CN112433518A (en) * | 2020-10-20 | 2021-03-02 | 中国科学院沈阳计算技术研究所有限公司 | Industrial control system intrusion detection method based on recurrent neural network |
CN112464996A (en) * | 2020-11-09 | 2021-03-09 | 中国科学院沈阳自动化研究所 | Intelligent power grid intrusion detection method based on LSTM-XGboost |
-
2021
- 2021-07-08 CN CN202110770677.3A patent/CN113536299A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7181768B1 (en) * | 1999-10-28 | 2007-02-20 | Cigital | Computer intrusion detection system and method based on application monitoring |
CN101803337A (en) * | 2007-09-19 | 2010-08-11 | 阿尔卡特朗讯公司 | Intrusion detection method and system |
CN111277603A (en) * | 2020-02-03 | 2020-06-12 | 杭州迪普科技股份有限公司 | Unsupervised anomaly detection system and method |
CN111314331A (en) * | 2020-02-05 | 2020-06-19 | 北京中科研究院 | Unknown network attack detection method based on conditional variation self-encoder |
CN112165464A (en) * | 2020-09-15 | 2021-01-01 | 江南大学 | Industrial control hybrid intrusion detection method based on deep learning |
CN112433518A (en) * | 2020-10-20 | 2021-03-02 | 中国科学院沈阳计算技术研究所有限公司 | Industrial control system intrusion detection method based on recurrent neural network |
CN112464996A (en) * | 2020-11-09 | 2021-03-09 | 中国科学院沈阳自动化研究所 | Intelligent power grid intrusion detection method based on LSTM-XGboost |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113961922A (en) * | 2021-10-27 | 2022-01-21 | 浙江网安信创电子技术有限公司 | Malicious software behavior detection and classification system based on deep learning |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Khan et al. | An enhanced multi-stage deep learning framework for detecting malicious activities from autonomous vehicles | |
Abadeh et al. | A parallel genetic local search algorithm for intrusion detection in computer networks | |
Peng et al. | Network intrusion detection based on deep learning | |
Chang et al. | Anomaly detection for industrial control systems using k-means and convolutional autoencoder | |
Wang et al. | Cyber-attacks detection in industrial systems using artificial intelligence-driven methods | |
CN106411921A (en) | Multi-step attack prediction method based on cause-and-effect Byesian network | |
Aktukmak et al. | Quick and accurate attack detection in recommender systems through user attributes | |
Issa et al. | DDoS attack intrusion detection system based on hybridization of cnn and lstm | |
Senthilnayaki et al. | An intelligent intrusion detection system using genetic based feature selection and Modified J48 decision tree classifier | |
Kumar et al. | Intrusion detection using artificial neural network with reduced input features | |
Wei et al. | Toward identifying APT malware through API system calls | |
Zohrevand et al. | Should i raise the red flag? A comprehensive survey of anomaly scoring methods toward mitigating false alarms | |
Aljehane | A Secure Intrusion Detection System in Cyberphysical Systems Using a Parameter-Tuned Deep-Stacked Autoencoder. | |
CN113536299A (en) | Design method of intrusion detection system based on Bayesian neural network | |
Govindarajan et al. | Intrusion detection using k-Nearest Neighbor | |
Suratkar et al. | Multi hidden markov models for improved anomaly detection using system call analysis | |
CN111191683A (en) | Network security situation assessment method based on random forest and Bayesian network | |
Liu et al. | Online cyber-attack detection in the industrial control system: A deep reinforcement learning approach | |
Ahirwar et al. | Anomaly detection by Naive Bayes & RBF network | |
Raman et al. | A hybrid method to intrusion detection systems using HMM | |
Misbha | Detection of Attacks using Attention-based Conv-LSTM and Bi-LSTM in Industrial Internet of Things | |
KR20230076938A (en) | Valuable alert screening methods for detecting malicious threat | |
Jan et al. | Effective intrusion detection in IoT environment: deep learning approach | |
Chetouane et al. | Performance Improvement of DDoS Intrusion Detection Model Using Hybrid Deep Learning Method in the SDN Environment | |
Li et al. | Anomaly detection of aviation data bus based on SAE and IMD |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |