CN113536299A - Design method of intrusion detection system based on Bayesian neural network - Google Patents

Design method of intrusion detection system based on Bayesian neural network Download PDF

Info

Publication number
CN113536299A
CN113536299A CN202110770677.3A CN202110770677A CN113536299A CN 113536299 A CN113536299 A CN 113536299A CN 202110770677 A CN202110770677 A CN 202110770677A CN 113536299 A CN113536299 A CN 113536299A
Authority
CN
China
Prior art keywords
layer
module
data
intrusion detection
detection system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110770677.3A
Other languages
Chinese (zh)
Inventor
刘晶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Wangan Xinchuang Electronic Technology Co ltd
Original Assignee
Zhejiang Wangan Xinchuang Electronic Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Wangan Xinchuang Electronic Technology Co ltd filed Critical Zhejiang Wangan Xinchuang Electronic Technology Co ltd
Priority to CN202110770677.3A priority Critical patent/CN113536299A/en
Publication of CN113536299A publication Critical patent/CN113536299A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/29Graphical models, e.g. Bayesian networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/084Backpropagation, e.g. using gradient descent

Abstract

The invention provides a design method of an intrusion detection system based on a Bayesian neural network, wherein the intrusion detection system establishes, trains, verifies and tests a Bayesian neural network model after carrying out ETL, characteristic engineering and other related preliminary preprocessing on data, and carries out related parameter tuning work. The intrusion detection system adopts an unsupervised learning model, not only does not need label data, but also can detect unknown network attacks, and plays an especially important role in a network attack defense system.

Description

Design method of intrusion detection system based on Bayesian neural network
Technical Field
The invention belongs to the technical field of intrusion detection, and particularly relates to a design method of an intrusion detection system based on a Bayesian neural network.
Background
Attack events in the data of the Internet of vehicles and the Internet of things account for a small proportion of the whole, obvious data imbalance is reflected, some attack data are related before and after, namely, the attack data can be short-term or long-term, meanwhile, the actual attack modes are various, and label data are lacked, so that the intrusion detection and classification prediction of the data are difficult.
Intrusion detection, named enics, is the discovery of intrusion behavior. It collects information from several key points in computer network or computer system and analyzes them to find out if there is any behavior violating security policy and the sign of attack in the network or system. The combination of software and hardware that performs intrusion detection is an intrusion detection system. Unlike other security products, intrusion detection systems require more intelligence and must be able to analyze the resulting data and produce useful results. A qualified intrusion detection system can greatly simplify the work of an administrator and ensure the safe operation of a network. Intrusion detection systems can be classified into host-based intrusion detection systems and network-based intrusion detection systems according to the difference of the objects of the intrusion detection systems.
Firstly, a host intrusion detection module is installed on a protected machine based on a host large intrusion detection system, and information on the protected machine is collected specially. The information source can be a system log and a specific application log, or can capture specific processes and system calls, and the like. Through analysis of the information, it is determined whether an action is an intrusion action. Host-based intrusion detection systems typically protect the host on which the intrusion detection system is located. Disadvantages of host-based intrusion detection systems are: depending on the particular system platform. The user must develop the corresponding module for the different operating systems. Because there are many different operating systems in a network, it is difficult to ensure that each operating system has a corresponding host intrusion detection module, and one host intrusion detection module can only protect the local machine, so there is a great limitation in use. Furthermore, it requires installation on each machine, which is a significant investment for the user if the number of installations is large. However, the intrusion detection system is not limited by a network structure, and simultaneously can report the attack behavior more accurately by utilizing the functions provided by the operating system and combining with the anomaly analysis.
And secondly, the data source of the network-based intrusion detection system is a data packet on the network. The intrusion detection system achieves the purpose of obtaining information by detecting messages in the network. Generally, the detection method can only detect the message of the local device, and in order to monitor the messages of other devices, the network card needs to be set to a promiscuous mode to monitor all data packets in the local network segment and make a judgment. By placing an intrusion detection module in the network, we can monitor the data packets of the protected machine. The intrusion detection module may discover the protected machine first before it is about to be attacked. Network-based intrusion detection systems are typically tasked with protecting entire network segments. The network-based intrusion detection system has the advantages that: the network segment intrusion detection system is simple and convenient, the condition of the whole network segment can be monitored only by installing one or more systems on one network segment, and meanwhile, a special computer can be allocated to serve as an operation bearing machine of the network-based intrusion detection system, so that the load of a host running key services is not increased.
From the machine learning perspective, a hidden markov (HMM) model or a Long Short Term Memory (LSTM) model is often used to process time series data, but the hidden markov model is a model based on a homogeneous markov assumption, and the state at any time depends only on the state at the previous time, so it is not good to process and predict important events with long intervals and delays in the time series, whereas the LSTM model is mainly used for time series data with long intervals and delays, but is generally a supervised learning model.
Disclosure of Invention
The invention aims to solve the technical problems and provides a design method of an intrusion detection system based on a Bayesian neural network.
In order to achieve the purpose, the invention adopts the following technical scheme:
a design method of an intrusion detection system based on a Bayesian neural network comprises the following steps:
s1, reading normal network flow analysis data under the condition of no network attack;
s2, preprocessing data;
s3, compiling a coding layer module;
s4, compiling a Lambda unit module, wherein the Lambda unit module adopts a Lambda framework and provides calculation for the preprocessed data, meanwhile, the calculation result of the latest data is preliminarily displayed, and the acquired data passes through a coding layer and then is related to statistical characteristics;
s5, compiling a sampling layer module, and obtaining a sampling function according to the Lambda unit module and the statistical distribution set by the model;
s6, writing a decoding layer module, and taking the output of the sampling layer module as input;
s7, compiling a VLB module, wherein the VLB module adopts a variational Bayesian method and is used for calculating a loss function of the model, and normal network flow data, decoding layer output and Lambda unit module output are used as input of the VLB module;
s8, setting a loss function, an optimizer, a learning rate, batch data size and the like of the model, and training;
and S9, testing the trained model based on the normal network traffic data and the attack traffic data respectively.
Preferably, S2 includes:
s201: performing shuffle operation on original data to break up the arrangement sequence;
s202: dividing data after the shuffle operation into a training set, a verification set and a test set;
s203: and (4) carrying out mean/variance normalization processing on the training set, and carrying out normalization processing on the verification set and the test set based on the mean/variance of the training set in order to prevent data leakage.
Preferably, S3 specifically includes: writing an encoding layer module, setting the size of batch data as 100, setting the dimensionality of a first Dense layer as 256, dividing the dimensionality of a rear 5-layer hidden layer by 2, 4, 8, 16 and 32 respectively, using relu for each layer of activation function, setting the dimensionality of the last layer as 8, and having no activation function;
s4 specifically includes: writing Lambda modules, packaging functions into Layer objects through a Lamdba framework in TensorFlow, wherein the Layer objects are other calculation unit layers except a conventional Layer such as Dense, Conv, LSTM and the like, writing a plurality of Lambda modules, and respectively extracting a mean value and a log covariance of data after being processed by a coding Layer;
s5 specifically includes: compiling a sampling layer module, and taking the mean value and the log covariance obtained in S4 as input;
s6 specifically includes: a decoding layer module is written, the output of S5 is used as input, the decoding layer module corresponds to an encoding layer, the dimensionality of each Dense layer corresponds to the encoding layer to perform reverse operation, namely, the dimensionality of each hidden layer is divided by 32, 16, 8, 4 and 2, the dimensionality of the 2 nd layer from the last is 256, the activation function of each hidden layer uses relu, the dimensionality of the last layer is 115, and the activation function uses sigmoid;
s7 specifically includes: writing VLB module, and according to the assumption of independent same distribution, obtaining log of joint probability and expressing as
Figure 100002_DEST_PATH_IMAGE002
According to Bayesian neural network theory, the formula can be rewritten as
Figure 100002_DEST_PATH_IMAGE004
In the present model, a priori probabilities
Figure 100002_DEST_PATH_IMAGE006
And posterior probability
Figure 100002_DEST_PATH_IMAGE008
Using a gaussian distribution;
through the re-parametric technique, the KL divergence in the above equation can be derived, which facilitates the back propagation of the neural network, so that the loss function of the whole model can be written as:
Figure 100002_DEST_PATH_IMAGE010
wherein
Figure 100002_DEST_PATH_IMAGE012
At the same time
Figure 100002_DEST_PATH_IMAGE014
Neural network technology has been studied for a long time in intrusion detection and is continuously developing. Early studies identified known network intrusions by training back-propagating neural networks, and further studies identified unknown network intrusion behaviors. Today's neural network technologies have been provided with quite powerful attack pattern analysis capabilities, and various other neural network architectures such as self-organizing feature mapping networks and the like are now proposed in an attempt to overcome several limiting drawbacks of back-propagation networks.
The processing of the neural network comprises two phases. The first stage aims at constructing a detector of an intrusion analysis model, training by using historical data representing user behaviors, and completing construction and assembly of a network; the second stage is the actual operation stage of the intrusion analysis model, and the network receives the input event data, compares the event data with the reference historical behavior, and judges the similarity or deviation of the event data and the reference historical behavior. In neural networks, the following methods are used to identify anomalous events: changing the state of the cell, changing the weight of the connection, adding or deleting a connection, while also providing the ability to gradually modify the defined normal mode.
Neural networks use fully connected networks to fit the data, which is equivalent to using multiple fully connected networks. When a neural network enters intrusion detection, in many cases, a system tends to form a certain unstable network structure, specific knowledge cannot be learned from training data, and the cause of the situation cannot be completely determined at present. In this configuration, the network fails to learn something for non-obvious reasons. Neural networks are easy to over-fit and have poor generalization; and no confidence can be given to the predicted results.
The bayesian neural network can be simply understood as regularization by introducing uncertainty to the weight of the neural network, and is also equivalent to predicting by integrating infinite groups of neural networks on a certain weight distribution. The bayesian neural network is different from a general neural network in that a weight parameter is a random variable rather than a certain value. That is, the Bayesian neural network fits the posterior distribution, as opposed to the traditional neural network that fits the label values using cross entropy, mse, etc. loss functions. The benefit of this is that overfitting is reduced.
Preferably, S8 specifically includes: according to the VLB module, inputting normal flow data, decoding layer output and Lambda module output as input of the VLB module, and setting a loss function of the model; the optimizer is set to RMSprop, and the initial learning rate is 1 e-7.
After the technical scheme is adopted, the invention has the following advantages:
the invention discloses a design method of an intrusion detection system based on a Bayesian neural network, wherein the intrusion detection system establishes, trains, verifies and tests a Bayesian neural network model after performing ETL, characteristic engineering and other related preliminary preprocessing on data, and performs related parameter tuning work. The intrusion detection system adopts an unsupervised learning model, not only does not need label data, but also can detect unknown network attacks, and plays an especially important role in a network attack defense system.
Drawings
Fig. 1 is a flowchart illustrating steps of a method for designing an intrusion detection system based on a bayesian neural network according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the following drawings and specific examples.
As shown in fig. 1, a method for designing an intrusion detection system based on a bayesian neural network includes the following steps:
s1, respectively reading and merging the normal traffic analysis data and the Mirai zombie traffic analysis data, wherein 1098677 pieces of traffic analysis data are totally provided in the embodiment, and the number of analysis fields of each piece of data is 115;
s2, preprocessing the data, wherein the preprocessing comprises the following steps:
s201: performing shuffle operation on original data to break up the arrangement sequence;
s202: dividing data after the shuffle operation into a training set, a verification set and a test set;
s203: carrying out mean value/variance normalization processing on the training set, and carrying out normalization processing on the verification set and the test set based on the mean value/variance of the training set in order to prevent data leakage;
s3, writing an encoding layer module, setting the size of batch data as 100, setting the dimensionality of a first Dense layer as 256, dividing the dimensionality of a rear 5-layer hidden layer by 2, 4, 8, 16 and 32 respectively, using relu for each layer of activation function, setting the dimensionality of the last layer as 8, and having no activation function;
s4, compiling Lambda unit modules, packaging functions into Layer objects through a Lamdba framework in TensorFlow, wherein the Layer objects are other calculation unit layers except a Dense Layer, a Conv Layer, a LSTM Layer and other conventional layers;
the Lambda unit module adopts a Lambda framework, provides calculation for the preprocessed data, simultaneously preliminarily displays the calculation result of the latest data, and obtains the relevant statistical characteristics of the data after passing through a coding layer;
s5, compiling a sampling layer module, taking the mean value and the log covariance obtained in the S4 as input, and obtaining a sampling function according to the Lambda unit module and the statistical distribution set by the model;
s6, writing a decoding layer module, taking the output of S5 as input, corresponding to a coding layer, and performing reverse operation on the dimensionality of each Dense layer corresponding to the coding layer respectively, namely dividing the dimensionality of each hidden layer by 32, 16, 8, 4 and 2 respectively, wherein the dimensionality of the 2 nd layer is 256, the activation function of each hidden layer uses relu, the dimensionality of the last layer is 115, and the activation function uses sigmoid;
s7, compiling a VLB module, wherein the VLB module adopts a variational Bayesian method and is used for calculating a loss function of the model, and normal network flow data, decoding layer output and Lambda unit module output are used as input of the VLB module;
according to the independent same distribution hypothesis, the joint probability log can be expressed as
Figure DEST_PATH_IMAGE002A
According to Bayesian neural network theory, the formula can be rewritten as
Figure DEST_PATH_IMAGE015
In the present model, a priori probabilities
Figure DEST_PATH_IMAGE006A
And posterior probability
Figure DEST_PATH_IMAGE008A
Using a gaussian distribution;
through the re-parametric technique, the KL divergence in the above equation can be derived, which facilitates the back propagation of the neural network, so that the loss function of the whole model can be written as:
Figure DEST_PATH_IMAGE010A
wherein
Figure DEST_PATH_IMAGE012A
At the same time
Figure DEST_PATH_IMAGE014A
S8, setting a loss function, an optimizer, a learning rate, batch data size and the like of the model, and training;
in this embodiment, according to the VLB module, the input normal flow data, the output of the decoding layer, and the output of the Lambda module are used as the inputs of the VLB module, and the loss function of the model is set; setting an optimizer as RMSprop, and initializing the learning rate to 1 e-7;
and S9, testing the trained model based on the normal network traffic data and the attack traffic data respectively.
The model uses 16 million sample data for training and testing, and the intrusion detection system designed by the design method has the false alarm rate of 4.6% on normal flow and the detection rate of 92.5% on malicious flow. The sample data used for this example is Philips _ B120N10_ Baby _ Monitor.
The design method of the intrusion detection system provided by the invention establishes the unsupervised learning model of intrusion detection based on the Bayesian neural network, can be applied to the traditional network space security and can also be applied to the emerging intrusion detection of Internet of vehicles and Internet of things.
Other embodiments of the present invention than the preferred embodiments described above will be apparent to those skilled in the art from the present invention, and various changes and modifications can be made therein without departing from the spirit of the present invention as defined in the appended claims.

Claims (4)

1. A design method of an intrusion detection system based on a Bayesian neural network is characterized by comprising the following steps:
s1, reading normal network flow analysis data under the condition of no network attack;
s2, preprocessing data;
s3, compiling a coding layer module;
s4, compiling a Lambda unit module, wherein the Lambda unit module adopts a Lambda framework and provides calculation for the preprocessed data, meanwhile, the calculation result of the latest data is preliminarily displayed, and the acquired data passes through a coding layer and then is related to statistical characteristics;
s5, compiling a sampling layer module, and obtaining a sampling function according to the Lambda unit module and the statistical distribution set by the model;
s6, writing a decoding layer module, and taking the output of the sampling layer module as input;
s7, compiling a VLB module, wherein the VLB module adopts a variational Bayesian method and is used for calculating a loss function of the model, and normal network flow data, decoding layer output and Lambda unit module output are used as input of the VLB module;
s8, setting a loss function, an optimizer, a learning rate, batch data size and the like of the model, and training;
and S9, testing the trained model based on the normal network traffic data and the attack traffic data respectively.
2. The method for designing an intrusion detection system according to claim 1, wherein the step S2 includes:
s201: performing shuffle operation on original data to break up the arrangement sequence;
s202: dividing data after the shuffle operation into a training set, a verification set and a test set;
s203: and (4) carrying out mean/variance normalization processing on the training set, and carrying out normalization processing on the verification set and the test set based on the mean/variance of the training set in order to prevent data leakage.
3. The method for designing an intrusion detection system according to claim 1,
s3 specifically includes: writing an encoding layer module, setting the size of batch data as 100, setting the dimensionality of a first Dense layer as 256, dividing the dimensionality of a rear 5-layer hidden layer by 2, 4, 8, 16 and 32 respectively, using relu for each layer of activation function, setting the dimensionality of the last layer as 8, and having no activation function;
s4 specifically includes: writing Lambda modules, packaging functions into Layer objects through a Lamdba framework in TensorFlow, wherein the Layer objects are other calculation unit layers except a conventional Layer such as Dense, Conv, LSTM and the like, writing a plurality of Lambda modules, and respectively extracting a mean value and a log covariance of data after being processed by a coding Layer;
s5 specifically includes: compiling a sampling layer module, and taking the mean value and the log covariance obtained in S4 as input;
s6 specifically includes: a decoding layer module is written, the output of S5 is used as input, the decoding layer module corresponds to an encoding layer, the dimensionality of each Dense layer corresponds to the encoding layer to perform reverse operation, namely, the dimensionality of each hidden layer is divided by 32, 16, 8, 4 and 2, the dimensionality of the 2 nd layer from the last is 256, the activation function of each hidden layer uses relu, the dimensionality of the last layer is 115, and the activation function uses sigmoid;
s7 specifically includes: writing VLB module, and according to the assumption of independent same distribution, obtaining log of joint probability and expressing as
Figure DEST_PATH_IMAGE002
According to Bayesian neural network theory, the formula can be rewritten as
Figure DEST_PATH_IMAGE004
In the present model, a priori probabilities
Figure DEST_PATH_IMAGE006
And posterior probability
Figure DEST_PATH_IMAGE008
Using a gaussian distribution;
through the re-parametric technique, the KL divergence in the above equation can be derived, which facilitates the back propagation of the neural network, so that the loss function of the whole model can be written as:
Figure DEST_PATH_IMAGE010
wherein
Figure DEST_PATH_IMAGE012
At the same time
Figure DEST_PATH_IMAGE014
4. The design method of the Bayesian neural network-based intrusion detection system according to claim 3,
s8 specifically includes: according to the VLB module, inputting normal flow data, decoding layer output and Lambda module output as input of the VLB module, and setting a loss function of the model; the optimizer is set to RMSprop, and the initial learning rate is 1 e-7.
CN202110770677.3A 2021-07-08 2021-07-08 Design method of intrusion detection system based on Bayesian neural network Pending CN113536299A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110770677.3A CN113536299A (en) 2021-07-08 2021-07-08 Design method of intrusion detection system based on Bayesian neural network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110770677.3A CN113536299A (en) 2021-07-08 2021-07-08 Design method of intrusion detection system based on Bayesian neural network

Publications (1)

Publication Number Publication Date
CN113536299A true CN113536299A (en) 2021-10-22

Family

ID=78098028

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110770677.3A Pending CN113536299A (en) 2021-07-08 2021-07-08 Design method of intrusion detection system based on Bayesian neural network

Country Status (1)

Country Link
CN (1) CN113536299A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113961922A (en) * 2021-10-27 2022-01-21 浙江网安信创电子技术有限公司 Malicious software behavior detection and classification system based on deep learning

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7181768B1 (en) * 1999-10-28 2007-02-20 Cigital Computer intrusion detection system and method based on application monitoring
CN101803337A (en) * 2007-09-19 2010-08-11 阿尔卡特朗讯公司 Intrusion detection method and system
CN111277603A (en) * 2020-02-03 2020-06-12 杭州迪普科技股份有限公司 Unsupervised anomaly detection system and method
CN111314331A (en) * 2020-02-05 2020-06-19 北京中科研究院 Unknown network attack detection method based on conditional variation self-encoder
CN112165464A (en) * 2020-09-15 2021-01-01 江南大学 Industrial control hybrid intrusion detection method based on deep learning
CN112433518A (en) * 2020-10-20 2021-03-02 中国科学院沈阳计算技术研究所有限公司 Industrial control system intrusion detection method based on recurrent neural network
CN112464996A (en) * 2020-11-09 2021-03-09 中国科学院沈阳自动化研究所 Intelligent power grid intrusion detection method based on LSTM-XGboost

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7181768B1 (en) * 1999-10-28 2007-02-20 Cigital Computer intrusion detection system and method based on application monitoring
CN101803337A (en) * 2007-09-19 2010-08-11 阿尔卡特朗讯公司 Intrusion detection method and system
CN111277603A (en) * 2020-02-03 2020-06-12 杭州迪普科技股份有限公司 Unsupervised anomaly detection system and method
CN111314331A (en) * 2020-02-05 2020-06-19 北京中科研究院 Unknown network attack detection method based on conditional variation self-encoder
CN112165464A (en) * 2020-09-15 2021-01-01 江南大学 Industrial control hybrid intrusion detection method based on deep learning
CN112433518A (en) * 2020-10-20 2021-03-02 中国科学院沈阳计算技术研究所有限公司 Industrial control system intrusion detection method based on recurrent neural network
CN112464996A (en) * 2020-11-09 2021-03-09 中国科学院沈阳自动化研究所 Intelligent power grid intrusion detection method based on LSTM-XGboost

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113961922A (en) * 2021-10-27 2022-01-21 浙江网安信创电子技术有限公司 Malicious software behavior detection and classification system based on deep learning

Similar Documents

Publication Publication Date Title
Khan et al. An enhanced multi-stage deep learning framework for detecting malicious activities from autonomous vehicles
Abadeh et al. A parallel genetic local search algorithm for intrusion detection in computer networks
Peng et al. Network intrusion detection based on deep learning
Chang et al. Anomaly detection for industrial control systems using k-means and convolutional autoencoder
Wang et al. Cyber-attacks detection in industrial systems using artificial intelligence-driven methods
CN106411921A (en) Multi-step attack prediction method based on cause-and-effect Byesian network
Aktukmak et al. Quick and accurate attack detection in recommender systems through user attributes
Issa et al. DDoS attack intrusion detection system based on hybridization of cnn and lstm
Senthilnayaki et al. An intelligent intrusion detection system using genetic based feature selection and Modified J48 decision tree classifier
Kumar et al. Intrusion detection using artificial neural network with reduced input features
Wei et al. Toward identifying APT malware through API system calls
Zohrevand et al. Should i raise the red flag? A comprehensive survey of anomaly scoring methods toward mitigating false alarms
Aljehane A Secure Intrusion Detection System in Cyberphysical Systems Using a Parameter-Tuned Deep-Stacked Autoencoder.
CN113536299A (en) Design method of intrusion detection system based on Bayesian neural network
Govindarajan et al. Intrusion detection using k-Nearest Neighbor
Suratkar et al. Multi hidden markov models for improved anomaly detection using system call analysis
CN111191683A (en) Network security situation assessment method based on random forest and Bayesian network
Liu et al. Online cyber-attack detection in the industrial control system: A deep reinforcement learning approach
Ahirwar et al. Anomaly detection by Naive Bayes & RBF network
Raman et al. A hybrid method to intrusion detection systems using HMM
Misbha Detection of Attacks using Attention-based Conv-LSTM and Bi-LSTM in Industrial Internet of Things
KR20230076938A (en) Valuable alert screening methods for detecting malicious threat
Jan et al. Effective intrusion detection in IoT environment: deep learning approach
Chetouane et al. Performance Improvement of DDoS Intrusion Detection Model Using Hybrid Deep Learning Method in the SDN Environment
Li et al. Anomaly detection of aviation data bus based on SAE and IMD

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination