CN114189364A - Network node path reduction and prediction method based on Markov chain - Google Patents
Network node path reduction and prediction method based on Markov chain Download PDFInfo
- Publication number
- CN114189364A CN114189364A CN202111415179.3A CN202111415179A CN114189364A CN 114189364 A CN114189364 A CN 114189364A CN 202111415179 A CN202111415179 A CN 202111415179A CN 114189364 A CN114189364 A CN 114189364A
- Authority
- CN
- China
- Prior art keywords
- path
- network node
- node
- matrix
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mathematical Physics (AREA)
- Probability & Statistics with Applications (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Mathematical Analysis (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network node path reduction and prediction method based on a Markov chain, which comprises the following specific steps: calculating an attack path probability statistical table; establishing an attack path matrix; selecting Markov chain characteristics according to the sequence characteristics of the network nodes contained in the beacon detected by the current network node, determining the establishment principle of an attack path reduction matrix, and calculating the attack path reduction matrix; restoring a network node path; extracting nodes corresponding to all non-zero data in the attack path restoration matrix so as to restore the current network node path; predicting a network node path; and predicting the occurrence probability of connecting from one node to the next node in the attack paths based on the probability of each attack path in the attack path restoration matrix. Aiming at the situation that the prediction of the network attack path is inaccurate, the invention provides the method for processing the statistical result by using the characteristics of the Markov chain, so that the adaptability of the prediction model is wider.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a network node path restoration and prediction method based on a Markov chain.
Background
Typically, a network node is subject to a network attack, and network traffic from the attack source to the attacked node may traverse many paths. The paths are all formed by connecting one network node with another network node, and the whole attack path is like a chain. However, because the span of a network node path is long, there are many network routing nodes, the traffic on the network node is huge, and it is impossible to implant a beacon into each traffic packet on each node, so it is extremely difficult to restore the network node path completely by using the beacon, and the whole network node path cannot be grasped completely, which causes great difficulty in tracing the network attack. Meanwhile, if the incomplete network path statistical data is used to predict the network node path, the attack path prediction may be further inaccurate.
Disclosure of Invention
Aiming at the problems that the statistical data of the nodes of the attack path is incomplete and the prediction deviation is large in the process of using the beacons to restore the network node paths, and simultaneously, according to the characteristic requirement of the network node paths, the network node paths are transferred to the next node (state) and are only related to the current node (state) and are not related to the previous node (state), the invention discloses a method for restoring and predicting the network node paths based on the Markov chain. The method adopts a network node path matrix based on a Markov chain to carry out attack path statistics, and then utilizes a statistical result to carry out prediction. The method is used for counting the detected beacon in the network flow according to the state transition in the Markov chain, establishing an attack path reduction matrix, properly correcting the statistical result according to the characteristics of the attack path reduction matrix, and then predicting the path of the following possible attack based on the attack path reduction matrix by using the Markov chain. Therefore, the method can effectively avoid the problems of incomplete path data and large subsequent prediction deviation in the network attack.
The invention discloses a network node path reduction and prediction method based on a Markov chain, which comprises the following specific steps:
s1, calculating an attack path probability statistical table; analyzing network nodes passed by the beacon before entering the network node from the beacon received by the attacked network node to obtain a network node path formed by the network nodes passed by the beacon, establishing a Markov chain state transfer matrix of the nodes in the network node path, carrying out probability statistics on the connection of every two nodes in the network node path based on the Markov chain state transfer matrix, and establishing an attack path probability statistical table.
S2, establishing an attack path matrix; and selecting the Markov chain characteristic according to the sequence characteristic of the network nodes contained in the beacon detected by the current network node, determining the establishment principle of the attack path reduction matrix, and calculating the attack path reduction matrix.
S3, restoring the network node path; and extracting nodes corresponding to all non-zero data in the attack path restoration matrix, thereby restoring the current network node path.
S4, predicting a network node path; and predicting the occurrence probability of connecting from one node to the next node in the attack paths based on the probability of each attack path in the attack path restoration matrix.
The step S1 of establishing an attack path probability statistical table based on the markov chain state transition matrix includes:
s11, extracting and analyzing the beacon; and on the attacked network node, capturing, identifying and analyzing the beacon in the network node flow by using flow analysis software, and extracting the information of the network node flowing through the beacon.
S12, associating the network nodes through which the beacons flow; and associating the corresponding network nodes according to the sequence of the information of the network nodes flowing through the extracted beacons, so as to extract and obtain a complete beacon flowing path which comprises the network node path of the attacked network node.
S13, carrying out probability statistics on the connection of every two nodes in the network node path; and calculating the occurrence probability of each extracted beacon in all beacons when the traffic of each beacon flowing through one network node in the path flows to the next network node, namely the two network nodes are connected, and counting the probability of the connection of each two nodes.
The step S13 specifically includes:
numbering network nodes flowing through in the beacon according to the sequence of the flowing time, wherein the number of the network nodes flowing through in the beacon is N; note that the event of the traffic flow of the ith network node to the jth network node is ei,jIt also means that a node path e exists from the ith network node to the jth nodei,jThen node path ei,jThe calculation process of the occurrence probability of (2) is as follows:
traversing all the detected beacons and the connection conditions among the network nodes flowing through the beacons, and counting the node paths ei,jNumber of occurrences Ci,j(ii) a Calculating the set of all the occurring flows flowing into the ith nodeSimplifying the data of the generated flow set by an extreme method, wherein the process is as follows:
thereby obtaining a node path ei,jNormalized value of occurrence probability of (1H'i,j,HjRepresenting the set of all occurring traffic flowing into the jth node.
S14, based on the probability statistically obtained in step S13, creating an attack path probability statistical table conforming to the Markov chain state transition characteristic, wherein the line directory and column targets in the table are node numbers, and the data H'i,jFilling the corresponding spaces of the node i and the node j in the table.
The step S2 specifically includes:
s21, screening the characteristics of the Markov chain; and analyzing the Markov chain state transition matrix established in the step S1, and selecting the Markov characteristics applicable to the matrix, wherein the Markov chain characteristics specifically comprise interoperability, periodicity, transient state, constant return, ergodicity or absorption state.
S22, according to the Markov character selected in the step S21, the establishment principle of the attack path reduction matrix is determined.
S23, according to the established principle of the attack path reduction matrix, the missing data in the attack path probability statistical table is completed, and the original establishment which does not accord with the attack path reduction matrix in the attack path probability statistical table is completedOptimizing and adjusting the data items, and establishing an attack path reduction matrix P according to the Markov chain state transition matrix, wherein the elements of the ith row and the jth column in the P are | Pi,j|,1≤i≤N,1≤j≤N,pi,jRepresents a node path ei,jThe probability of the occurrence of the event is,
the step S3 specifically includes: and selecting elements with values larger than 0 in the attack path restoration matrix according to the column, and sequentially connecting the nodes corresponding to the elements according to the row so as to restore the current network node path. Recording a set of all elements with values larger than zero in a j column of an attack path reduction matrix as nos (j), wherein j is more than or equal to 1 and less than or equal to N, recording ANY element in the set as ANY (nos (j)), namely ANY (nos (j)) epsilon nos (j), and simultaneously satisfying the condition ANY (nos (j)) greater than 0, and recording a reduced current network node path as: ANY (nodes (1)) → ANY (nodes (2)) → … → ANY (nodes (n)), and the symbol → indicates that the network node from which it is ahead flows to the network node from which it is behind.
The step S4 specifically includes:
and S41, predicting the next node of the network node path, and selecting the node corresponding to the maximum value element of the current network node in the next column of the attack path restoration matrix according to the attack path restoration matrix as the next node of the predicted network node path. Recording j (j) of the current NODE in the j-th column of the attack path reduction matrix, recording as NODE (j),1 ≦ j ≦ N, belonging to the set nos (j), wherein the next NODE of the predicted network NODE path is located in the j + 1-th column of the attack path reduction matrix, recording as NODE (j +1), the NODE (j +1) belongs to the N + 1-th column of the attack path reduction matrix, and 1 ≦ j ≦ N, then the probability that the next NODE appears in the i-th row and the j + 1-th column of the attack path reduction matrix is represented as p'i,j+1The calculation method comprises the following steps:
wherein p isi,j+1>0,pi,j+1And the probability that the current node appears in the ith row and the (j +1) th column of the attack path reduction matrix is represented, and i is more than or equal to 1 and less than or equal to N.
And S42, constructing an attack path restoration matrix, and establishing an attack path prediction matrix according to the attack path restoration matrix. And selecting the network node with the maximum probability in each column of the attack path restoration matrix as the network node predicted by the network node path in the current column of the attack path prediction matrix, wherein the path formed by the network nodes is the predicted network node path. Constructing an attack path reduction matrix, wherein the expression of the attack path reduction matrix P' is as follows:
and S43, comparing the network node path predicted in the step S42 with the actually detected network node path for verification, and evaluating the effect of the network node path restoration and prediction method.
The invention has the beneficial effects that:
the invention discloses a network node path reduction and prediction method based on a Markov chain, which combines a widely used network attack chain and a Markov chain, improves the network node path statistical prediction method, and enables the network node path statistics to be more suitable for being applied to prediction, thereby improving the accuracy of network node path prediction.
The invention improves the existing network attack path prediction method, so that the network attack path prediction result is closer to the practical application; meanwhile, aiming at the situation that the prediction of the network attack path is inaccurate, the characteristic of a Markov chain is used for processing a statistical result, so that the adaptability of a prediction model is wider.
Drawings
FIG. 1 is a flow chart of an implementation of the method of the present invention.
Detailed Description
For a better understanding of the present disclosure, an example is given here. FIG. 1 is a flow chart of an implementation of the method of the present invention.
The invention discloses a network node path reduction and prediction method based on a Markov chain, which comprises the following specific steps:
s1, calculating an attack path probability statistical table; analyzing network nodes passed by the beacon before entering the network node from the beacon received by the attacked network node to obtain a network node path formed by the network nodes passed by the beacon, establishing a Markov chain state transfer matrix of the nodes in the network node path, carrying out probability statistics on the connection of every two nodes in the network node path based on the Markov chain state transfer matrix, and establishing an attack path probability statistical table.
S2, establishing an attack path matrix; and selecting the Markov chain characteristic according to the sequence characteristic of the network nodes contained in the beacon detected by the current network node, determining the establishment principle of the attack path reduction matrix, and calculating the attack path reduction matrix.
S3, restoring the network node path; and extracting nodes corresponding to all non-zero data in the attack path restoration matrix, thereby restoring the current network node path.
S4, predicting a network node path; and predicting the occurrence probability of connecting from one node to the next node in the attack paths based on the probability of each attack path in the attack path restoration matrix.
The step S1 of establishing an attack path probability statistical table based on the markov chain state transition matrix includes:
s11, extracting and analyzing the beacon; and on the attacked network node, capturing, identifying and analyzing the beacon in the network node flow by using flow analysis software, and extracting the information of the network node flowing through the beacon.
S12, associating the network nodes through which the beacons flow; and associating the corresponding network nodes according to the sequence of the information of the network nodes flowing through the extracted beacons, so as to extract and obtain a complete beacon flowing path which comprises the network node path of the attacked network node.
S13, carrying out probability statistics on the connection of every two nodes in the network node path; and calculating the occurrence probability of each extracted beacon in all beacons when the traffic of each beacon flowing through one network node in the path flows to the next network node, namely the two network nodes are connected, and counting the probability of the connection of each two nodes.
The step S13 specifically includes:
numbering network nodes flowing through in the beacon according to the sequence of the flowing time, wherein the number of the network nodes flowing through in the beacon is N; note that the event of the traffic flow of the ith network node to the jth network node is ei,jIt also means that a node path e exists from the ith network node to the jth nodei,jThen node path ei,jThe calculation process of the occurrence probability of (2) is as follows:
traversing all the detected beacons and the connection conditions among the network nodes flowing through the beacons, and counting the node paths ei,jNumber of occurrences Ci,j(ii) a Calculating the set of all the occurring flows flowing into the ith nodeSimplifying the data of the generated flow set by an extreme method, wherein the process is as follows:
thereby obtaining a node path ei,jNormalized value of occurrence probability of (1H'i,j,HjRepresenting the set of all occurring traffic flowing into the jth node.
S14, establishing an attack path probability statistical table according with the Markov chain state transition characteristic according to the probability statistically obtained in the step S13, wherein the row directory and the column target in the tableAll are node numbers, data H'i,jFilling the corresponding spaces of the node i and the node j in the table. Note that if event ei,jIf not, the (i, j) data in the table is not filled.
The step S2 specifically includes:
s21, screening the characteristics of the Markov chain; and analyzing the Markov chain state transition matrix established in the step S1, and selecting the Markov characteristics applicable to the matrix, wherein the Markov chain characteristics specifically comprise interoperability, periodicity, transient state, constant return, ergodicity or absorption state.
S22, according to the Markov character selected in the step S21, the establishment principle of the attack path reduction matrix is determined. The establishment principle of the attack path restoration matrix comprises that the sum of each row element is 1, and the sum of each column element is 1.
S23, according to the establishment principle of the attack path reduction matrix, the data missing in the attack path probability statistical table is completed, the data item which is not in accordance with the establishment principle of the attack path reduction matrix in the attack path probability statistical table is optimized and adjusted, and according to the Markov chain state transition matrix, the attack path reduction matrix P is established, wherein the ith row and jth column elements in P are | Pi,j|,1≤i≤N,1≤j≤N,pi,jRepresents a node path ei,jThe probability of the occurrence of the event is,and the optimization adjustment is carried out on the data items which do not conform to the establishment principle of the attack path reduction matrix in the attack path probability statistical table, and the optimization adjustment comprises the normalization treatment on the elements of which the summation of a certain row or a certain column is not 1.
The step S3 specifically includes: and selecting elements with values larger than 0 in the attack path restoration matrix according to the column, and sequentially connecting the nodes corresponding to the elements according to the row so as to restore the current network node path. Recording a set of all elements with values larger than zero in a j column of an attack path reduction matrix as nos (j), wherein j is more than or equal to 1 and less than or equal to N, recording ANY element in the set as ANY (nos (j)), namely ANY (nos (j)) epsilon nos (j), and simultaneously satisfying the condition ANY (nos (j)) greater than 0, and recording a reduced current network node path as: ANY (nodes (1)) → ANY (nodes (2)) → … → ANY (nodes (n)), and the symbol → indicates that the network node from which it is ahead flows to the network node from which it is behind.
The step S4 specifically includes:
and S41, predicting the next node of the network node path, and selecting the node corresponding to the maximum value element of the current network node in the next column of the attack path restoration matrix according to the attack path restoration matrix as the next node of the predicted network node path. Recording j (j) of the current NODE in the j-th column of the attack path reduction matrix, recording as NODE (j),1 ≦ j ≦ N, belonging to the set nos (j), wherein the next NODE of the predicted network NODE path is located in the j + 1-th column of the attack path reduction matrix, recording as NODE (j +1), the NODE (j +1) belongs to the N + 1-th column of the attack path reduction matrix, and 1 ≦ j ≦ N, then the probability that the next NODE appears in the i-th row and the j + 1-th column of the attack path reduction matrix is represented as p'i,j+1The calculation method comprises the following steps:
wherein p isi,j+1>0,pi,j+1And the probability that the current node appears in the ith row and the (j +1) th column of the attack path reduction matrix is represented, and i is more than or equal to 1 and less than or equal to N.
And S42, constructing an attack path restoration matrix, and establishing an attack path prediction matrix according to the attack path restoration matrix. And selecting the network node with the maximum probability in each column of the attack path restoration matrix as the network node predicted by the network node path in the current column of the attack path prediction matrix, wherein the path formed by the network nodes is the predicted network node path. Constructing an attack path reduction matrix, wherein the expression of the attack path reduction matrix P' is as follows:
and S43, comparing the network node path predicted in the step S42 with the actually detected network node path for verification, and evaluating the effect of the network node path restoration and prediction method.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present application shall be included in the scope of the claims of the present application.
Claims (6)
1. A network node path reduction and prediction method based on a Markov chain is characterized by comprising the following specific steps:
s1, calculating an attack path probability statistical table; analyzing network nodes passed by the beacon before entering the network node from the beacon received by the attacked network node to obtain a network node path formed by the network nodes passed by the beacon, establishing a Markov chain state transfer matrix of the nodes in the network node path, carrying out probability statistics on the connection of every two nodes in the network node path based on the Markov chain state transfer matrix, and establishing an attack path probability statistical table;
s2, establishing an attack path matrix; selecting Markov chain characteristics according to the sequence characteristics of the network nodes contained in the beacon detected by the current network node, determining the establishment principle of an attack path reduction matrix, and calculating the attack path reduction matrix;
s3, restoring the network node path; extracting nodes corresponding to all non-zero data in the attack path restoration matrix so as to restore the current network node path;
s4, predicting a network node path; and predicting the occurrence probability of connecting from one node to the next node in the attack paths based on the probability of each attack path in the attack path restoration matrix.
2. The markov chain-based network node path restoration and prediction method of claim 1, wherein the specific steps comprise:
the step S1 of establishing an attack path probability statistical table based on the markov chain state transition matrix includes:
s11, extracting and analyzing the beacon; on the attacked network node, using flow analysis software to capture, identify and analyze the beacon in the network node flow, and extracting the information of the network node flowing through the beacon;
s12, associating the network nodes through which the beacons flow; associating corresponding network nodes according to the sequence of the information of the network nodes flowing through the extracted beacons, so as to extract and obtain a complete beacon flowing path which comprises the network node path of the attacked network node;
s13, carrying out probability statistics on the connection of every two nodes in the network node path; calculating the occurrence probability of an event that each extracted beacon from all beacons flows to the next network node through the traffic of one network node in the path, namely the connection between the two network nodes, and counting the probability of the connection between each two nodes;
s14, according to the probability obtained by statistics in step S13, establishing an attack path probability statistical table in accordance with Markov chain state transition characteristics, wherein the row directory and column targets in the table are node numbers, and data H is processedi′,jFilling the corresponding spaces of the node i and the node j in the table.
3. The Markov chain-based network node path restoration and prediction method of claim 2,
the step S13 specifically includes:
numbering network nodes flowing through in the beacon according to the sequence of the flowing time, wherein the number of the network nodes flowing through in the beacon is N; note the ith network sectionThe event that the point's traffic flows to the jth network node is ei,jIt also means that a node path e exists from the ith network node to the jth nodei,jThen node path ei,jThe calculation process of the occurrence probability of (2) is as follows:
traversing all the detected beacons and the connection conditions among the network nodes flowing through the beacons, and counting the node paths ei,jNumber of occurrences Ci,j(ii) a Calculating the set of all the occurring flows flowing into the ith nodeSimplifying the data of the generated flow set by an extreme method, wherein the process is as follows:
thereby obtaining a node path ei,jNormalized value of occurrence probability of (1H'i,j,HjRepresenting the set of all occurring traffic flowing into the jth node.
4. The Markov chain-based network node path restoration and prediction method of claim 1,
the step S2 specifically includes:
s21, screening the characteristics of the Markov chain; analyzing the Markov chain state transition matrix established in the step S1, and selecting a Markov characteristic suitable for the matrix, wherein the Markov chain characteristic specifically comprises interoperability, periodicity, transient state, constant return, ergodicity or absorption state;
s22, determining the establishment principle of the attack path reduction matrix according to the Markov characteristic selected in the step S21;
s23, according to the established principle of the attack path reduction matrix, the missing data in the attack path probability statistical table is completed, and the number which does not accord with the established principle of the attack path reduction matrix in the attack path probability statistical tableOptimizing and adjusting according to the items, and establishing an attack path reduction matrix P according to the Markov chain state transition matrix, wherein the ith row and jth column elements in P are | Pi,j|,1≤i≤N,1≤j≤N,pi,jRepresents a node path ei,jThe probability of the occurrence of the event is,
5. the Markov chain-based network node path restoration and prediction method of claim 1,
the step S3 specifically includes: selecting elements with values larger than 0 in the attack path reduction matrix according to the column, and sequentially connecting nodes corresponding to the elements according to the row so as to reduce the current network node path; recording a set of all elements with values larger than zero in a j column of an attack path reduction matrix as nos (j), wherein j is more than or equal to 1 and less than or equal to N, recording ANY element in the set as ANY (nos (j)), namely ANY (nos (j)) epsilon nos (j), and simultaneously satisfying the condition ANY (nos (j)) greater than 0, and recording a reduced current network node path as: ANY (nodes (1)) → ANY (nodes (2)) → … → ANY (nodes (n)), and the symbol → indicates that the network node from which it is ahead flows to the network node from which it is behind.
6. The Markov chain-based network node path restoration and prediction method of claim 1,
the step S4 specifically includes:
s41, predicting the next node of the network node path, and selecting the node corresponding to the maximum value element of the current network node in the next column of the attack path restoration matrix according to the attack path restoration matrix as the next node of the predicted network node path; recording the j column of the current node in the attack path reduction matrix, recording as NODE (j), where j is more than or equal to 1 and less than or equal to N, which belongs to the set nodes (j), and predicting the obtainedThe next NODE of the network NODE path is located in the j +1 th column of the attack path restoration matrix and is marked as NODE (j +1), NODE (j +1) belongs to NODEs (j +1), j is more than or equal to 1 and less than or equal to N, and then the probability that the next NODE appears in the ith row and the j +1 th column in the attack path restoration matrix is represented as p'i,j+1The calculation method comprises the following steps:
wherein p isi,j+1>0,pi,j+1Representing the probability that the current node appears in the ith row and the (j +1) th column of the attack path reduction matrix, wherein i is more than or equal to 1 and is less than or equal to N;
s42, constructing an attack path reduction matrix, and establishing an attack path prediction matrix according to the attack path reduction matrix; selecting the network node with the maximum probability in each column of the attack path restoration matrix as the network node predicted by the network node path in the current column of the attack path prediction matrix, wherein the path formed by the network nodes is the predicted network node path; constructing an attack path reduction matrix, wherein the expression of the attack path reduction matrix P' is as follows:
and S43, comparing the network node path predicted in the step S42 with the actually detected network node path for verification, and evaluating the effect of the network node path restoration and prediction method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111415179.3A CN114189364B (en) | 2021-11-25 | 2021-11-25 | Network node path reduction and prediction method based on Markov chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111415179.3A CN114189364B (en) | 2021-11-25 | 2021-11-25 | Network node path reduction and prediction method based on Markov chain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114189364A true CN114189364A (en) | 2022-03-15 |
CN114189364B CN114189364B (en) | 2022-09-16 |
Family
ID=80602607
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111415179.3A Active CN114189364B (en) | 2021-11-25 | 2021-11-25 | Network node path reduction and prediction method based on Markov chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114189364B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115021983A (en) * | 2022-05-20 | 2022-09-06 | 北京信息科技大学 | Penetration path determination method and system based on absorption Markov chain |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108418843A (en) * | 2018-06-11 | 2018-08-17 | 中国人民解放军战略支援部队信息工程大学 | Network attack target identification method based on attack graph and system |
US20200211350A1 (en) * | 2018-12-27 | 2020-07-02 | Logistics and Supply Chain MultiTech R&D Centre Limited | System and Method for Attack Detection in Wireless Beacon Systems |
CN113486334A (en) * | 2021-05-25 | 2021-10-08 | 新华三信息安全技术有限公司 | Network attack prediction method and device, electronic equipment and storage medium |
-
2021
- 2021-11-25 CN CN202111415179.3A patent/CN114189364B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108418843A (en) * | 2018-06-11 | 2018-08-17 | 中国人民解放军战略支援部队信息工程大学 | Network attack target identification method based on attack graph and system |
US20200211350A1 (en) * | 2018-12-27 | 2020-07-02 | Logistics and Supply Chain MultiTech R&D Centre Limited | System and Method for Attack Detection in Wireless Beacon Systems |
CN113486334A (en) * | 2021-05-25 | 2021-10-08 | 新华三信息安全技术有限公司 | Network attack prediction method and device, electronic equipment and storage medium |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115021983A (en) * | 2022-05-20 | 2022-09-06 | 北京信息科技大学 | Penetration path determination method and system based on absorption Markov chain |
Also Published As
Publication number | Publication date |
---|---|
CN114189364B (en) | 2022-09-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112420187B (en) | Medical disease analysis method based on migratory federal learning | |
CN108595655B (en) | Abnormal user detection method based on session feature similarity fuzzy clustering | |
Chen et al. | DAD-MCNN: DDoS attack detection via multi-channel CNN | |
CN109977895B (en) | Wild animal video target detection method based on multi-feature map fusion | |
CN107483473B (en) | Low-speed denial of service attack data flow detection method in cloud environment | |
CN102420723A (en) | Anomaly detection method for various kinds of intrusion | |
CN111461784B (en) | Multi-model fusion-based fraud detection method | |
CN109767225B (en) | Network payment fraud detection method based on self-learning sliding time window | |
CN114189364B (en) | Network node path reduction and prediction method based on Markov chain | |
CN116186759A (en) | Sensitive data identification and desensitization method for privacy calculation | |
CN112367303A (en) | Distributed self-learning abnormal flow cooperative detection method and system | |
CN113516228A (en) | Network anomaly detection method based on deep neural network | |
CN114723003A (en) | Event sequence prediction method based on time sequence convolution and relational modeling | |
CN110351303B (en) | DDoS feature extraction method and device | |
CN111224998A (en) | Botnet identification method based on extreme learning machine | |
CN110851450A (en) | Accompanying vehicle instant discovery method based on incremental calculation | |
CN116545679A (en) | Industrial situation security basic framework and network attack behavior feature analysis method | |
CN115913992A (en) | Anonymous network traffic classification method based on small sample machine learning | |
CN115987599A (en) | Malicious encrypted flow detection method and system based on multi-level attention mechanism | |
CN112052336B (en) | Traffic emergency identification method and system based on social network platform information | |
CN110909254B (en) | Method and system for predicting question popularity of question-answering community based on deep learning model | |
CN113850483A (en) | Enterprise credit risk rating system | |
CN111586052A (en) | Multi-level-based crowd sourcing contract abnormal transaction identification method and identification system | |
CN113935023A (en) | Database abnormal behavior detection method and device | |
WO2020024448A1 (en) | Group performance grade identification method, device, storage medium, and computer apparatus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |