CN114330487A - Wireless network security situation assessment method based on BIPMU - Google Patents
Wireless network security situation assessment method based on BIPMU Download PDFInfo
- Publication number
- CN114330487A CN114330487A CN202111382821.2A CN202111382821A CN114330487A CN 114330487 A CN114330487 A CN 114330487A CN 202111382821 A CN202111382821 A CN 202111382821A CN 114330487 A CN114330487 A CN 114330487A
- Authority
- CN
- China
- Prior art keywords
- bipmu
- network security
- training
- wireless network
- nssa
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of network security, in particular to a BIPMU-based wireless network security situation assessment method, which constructs a training model through a bidirectional simple memory unit, performs characteristic learning and characterization of time sequence data and provides theoretical analysis.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a wireless network security situation assessment method based on a BIPMU.
Background
Currently, research on Network security assessment (NSSA) is greatly advanced. The existing NSSA method mainly comprises an evaluation method based on mathematical statistics, an evaluation method based on knowledge reasoning and an evaluation method based on machine learning. However, with the continuous development of wireless network technology and the increase of network domain security events, the evaluation data set presents the characteristics of large scale and high dimension. Furthermore, evaluating data sets tends to be time-sequential, which presents challenges to existing NSSA methods.
Due to the rapid development of wireless networks, their data often appears as large-scale, high-dimensional data. Therefore, the existing mathematical statistics method is often subjected to large-scale and complex calculation when applied to the current NSSA, and the accuracy of evaluation is reduced. Meanwhile, the large scale of the data and the complexity of the data influence the judgment of expert experience. This makes knowledge inference methods increasingly unwieldy when applied to current NSSA. Although, conventional machine learning methods may alleviate the above problems to some extent. However, with the advent of the 5G era, the size of network traffic data has increased on a geometric scale. Traditional machine learning approaches also encounter bottlenecks in current NSSA.
The deep neural network has good characterization capability on high-dimensional complex data, and the existing deep neural network NSSA method is mostly based on a Back Propagation Neural Network (BPNN) method and achieves better effect. However, they do not take into account that existing network traffic data is generally highly time-ordered. Meanwhile, existing recurrent neural networks, such as Gated Recurrent Units (GRUs), often have difficulty in effectively handling short-term and long-term potential connections between data.
Disclosure of Invention
The invention aims to provide a wireless network security situation assessment method based on a BIPMU, and aims to solve the technical problem that the existing method based on statistical analysis, knowledge reasoning and common machine learning cannot effectively perform feature learning and characterization, and more accurately and effectively assess the current network state.
In order to achieve the above object, the present invention provides a wireless network security situation assessment method based on a bipmc, which comprises the following steps:
constructing an evaluation data set;
dividing the evaluation data set into a training set and a test set, and inputting the training set into a training model for training;
inputting the evaluation elements of the test set into a trained training model to obtain a situation value;
and comparing the situation value with the true value, and verifying the validity of the model.
The evaluation data set is constructed by an original network traffic data set through a self-scaling index system after initialization and preprocessing.
The self-calibration index system is generally constructed by the user, can be constructed by methods such as AHP and the like, does not need specific standards, and always takes the setting of the user as the standard.
The training model is a recurrent neural network constructed based on bidirectional reduced memory units and comprises two different reduced memory units.
Wherein, the training period of the training model for cyclic training needs to be specified in input.
The situation value is divided into different ranges according to the value of the network security situation value, wherein the different ranges comprise security, low risk, moderate risk, high risk and emergency.
According to the BIPMU-based wireless network security situation assessment method, the training model is constructed through the bidirectional simple memory unit, the characteristic learning and characterization of the time sequence data are carried out, theoretical analysis is provided, compared with the traditional recurrent neural network, the method not only considers the information transmitted in the past, but also considers the information transmitted in the future, the potential relation between the short-term dependence and the long-term dependence of the time sequence data is comprehensively and effectively managed, meanwhile, the network security state is analyzed and judged through obtaining relevant network security factors, and the effectiveness of network security situation assessment is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a wireless network security situation assessment method based on a bipur unit according to the present invention.
FIG. 2 is a schematic diagram of a simplified memory unit (PMU) model.
FIG. 3 is a schematic diagram of a bidirectional reduced memory unit (BIPMU) model.
Fig. 4 is a schematic structural diagram of an NSSA model based on a bipucm according to the present invention.
FIG. 5 is a graph comparing loss values of different methods of experiments according to embodiments of the present invention.
Fig. 6 is a comparison graph of the evaluation effect of different algorithms under the macro-average of the embodiment of the invention.
Fig. 7 is a comparison graph of evaluation results of different algorithms under weighted average according to the embodiment of the present invention.
FIG. 8 is a line graph of the fit of the estimated values to the true values for an embodiment of the present invention.
FIG. 9 is a graph comparing the efficiency of different evaluation methods in an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
Referring to fig. 1, the present invention provides a wireless network security situation assessment method based on a bipmc, which includes the following steps:
s1: constructing an evaluation data set;
s2: dividing the evaluation data set into a training set and a test set, and inputting the training set into a training model for training;
s3: inputting the evaluation elements of the test set into a trained training model to obtain a situation value;
s4: and comparing the situation value with the true value, and verifying the validity of the model.
And the evaluation data set is constructed by an index system after the initialization and the pretreatment are carried out on the original network traffic data set.
The training model is a recurrent neural network constructed based on bidirectional reduced memory units and comprises two different reduced memory units.
The training period of the training model for cyclic training needs to be specified at the time of input.
The situation value is divided into different ranges according to the value of the network security situation value, wherein the ranges comprise security, low risk, moderate risk, high risk and emergency.
Furthermore, the invention will be described by combining the basic structure and specific embodiment of a bidirectional simplified memory unit (BIPMU):
1. simple memory unit (PMU)
Before describing the BIPMU, the PMU will be described. PMUs are recurrent neural networks modified from Gated Recurrent Units (GRUs). Unlike the GRU, which has two gate structures, the PMU has only one gate structure, the cell gate, as shown in fig. 1. There are fewer parameters. Compared to GRUs, PMUs can better manage the potential link between short-term and long-term dependencies. Therefore, the PMU can achieve better effect when training the time series data.
Referring to FIG. 2, in FIG. 2, U is usedtIndicating long-term and short-term dependencies of the cell gates, the reset gate and the update gate control data in place of the GRU. The PMU forward propagation learning method is as follows:
first, UtFrom the current input state XtAnd hidden state h of the previous nodet-1Determining:
Ut=σ(Wu·[ht-1,xt]) (1)
second, a candidate set for recording the current state
Can be expressed as:
third, htThe update formula of (2) is as follows:
2. bidirectional simple memory unit (BIPMU)
In general, a recurrent neural network predicts future output at a next time from information of time-series data at a previous time. However, the output at the present time is often related not only to the state information at the previous time but also to the state information at the future time. Therefore, a new bi-directional recurrent neural network bipmc is proposed, as shown in fig. 3. Different from the original bidirectional circulation neural networks such as BIGRU, the BIPMU has fewer parameters and higher efficiency. At the same time, since the PMU can effectively manage the potential link between short-term and long-term dependencies, the bimucm has a better effect in processing time-series data.
In FIG. 3, h'iAnd hiRepresenting current time information output by two different PMUs. XiRepresenting the input. The current PMU output can be seen, such as Y0The device consists of two parts: h isb0And hf0. Wherein h isb0Output of PMU representing learning future state information, hf0Represents the output of a PMU that learns past state information. This enables the bipmc to learn the past and future information comprehensively and then get the output at the current time. The output process of the BIPMU combined with the full connection layer is as follows:
first, concatenate the current state information of two different PMUs:
hti=cat(hbi,hfi) (4)
secondly, the current state of the splicing is transmitted to a full connection layer to obtain an output Yi:
Yi=softmax(Wo·hti) (5)
3. System model based on BIPMU
Referring to fig. 4, in particular, the present invention proposes a new bidirectional recurrent neural network, called BIPMU, and then uses BIPMU as the main implementation method of NSSA. Compared with other deep neural networks, the BIPMU can not only take the state information at the previous moment as the basis of current output, but also take the state information at the future moment as the basis of current output. In addition, the BIPMU has the advantages of PMU. Compared with other recurrent neural networks such as bidirectional gated recurrent units (BIGRUs), the method can better manage potential connection between short-term dependence and long-term dependence of time-series data, and has fewer parameters. This allows better performance of the proposed BIPMU based NSSA model.
4. Temporal complexity analysis
The time complexity is one of important indexes for measuring the quality of an algorithm, and due to the requirement of a subsequent comparison experiment, the time complexity of PMU, BPNN and DAE is analyzed and compared. As shown in Table 1
Before calculating the time complexity of the BIPMU, the dimension of input data is assumed to be m, and the dimension of a hidden layer of the BIPMU is assumed to be n. The time complexity of the BIPMU will then be calculated because one BIPMU consists of two different PMUs, as shown in fig. 3. Therefore, the total number of PMUs is calculated. First, U is calculated according to formula (1)tThe number of operations of (d) can be expressed as T (n × m + n)2+ n). Next, according to the formula (2), calculation is made
The number of operations of (d) is T (n × m +2 × n)2+ n). Thirdly, according to the formula (3), htThe number of operations of (a) is T (n)2+2 xn). Finally, the total number of PMUs is T (2 Xnxm +4 Xn)2+4 Xn) and time complexity of O (n)2). Therefore, the total operation times of the BIPMU can be known as T (2 × (2 a)n×m+4×n2+4 × n)). Overall, the temporal complexity is O (n)2)。
In general, the BPNN consists of multiple fully connected layers, and the total number of operations can be considered as the sum of the number of operations between network layers. Assuming that the output dimension is l, and k is the number of hidden layers, the operation times of the input layer can be regarded as T (m × n), the remaining hidden layer operations can be regarded as T (n × n), and the output layer can be regarded as T (n × l). Thus, the total number of operations of the BPNN can be viewed as T (m × n + k (n × n) + n × l) with a temporal complexity of O (n)2) In addition, the total number of operations and time complexity of the fully connected layer based DAE is the same as BPNN.
TABLE 1 temporal complexity contrast
The invention also carries out comparative analysis by experiments through specific examples.
5. Experimental Environment and data set
All experiments were performed on a desktop computer equipped with an AMD Ryzen 53500X 6 core CPU, operating frequency of 3.60GHz, NVIDIA GeForce GTX 2060 SUPER display card and 16G memory. The desktop computer is loaded with a Windows 10 operating system, a CUDA10.0 driver and a cuDNN7.4.2 driver.
In the simulation experiments, the data set used was the UNSW-NB15 data set created by the australian network security centre using the IXIA perfect storm tool. The IXIA perfect storm tool supports over 245 application protocols and more than 35,000 malicious attacks, simulating millions of real-world end-user environments, for generating large-scale network traffic data. This is a common data set for network intrusion detection that is currently recognized in the field of network security.
The IXIA traffic generator is configured with three virtual servers. Servers 1 and 3 are configured to propagate traffic normally, while server 2 creates abnormal/malicious activity in the network traffic. The server is connected with the host through two routers, and the two routers are connected with the firewall equipment. The UNSW-NB15 dataset captured network traffic in packets twice, once 15 hours and once 16 hours, using the tcpdump5 tool using the method shown in the topological graph. Total capture 100GB of network traffic, 2540044 pieces of data are stored in 4 csv files.
The UNSW-NB15 data set covers 9 modern and common cyber attacks. Each record consists of 47 different features and 2 tags, for a total of 300,000 exception records. As shown in table 2.
TABLE 2 UNSW-NB15 dataset
As shown in table 2, the data set covers 9 different attack categories, the detailed categories are as follows:
(1) analyzing the intrusion method of penetrating the web application through e-mail, web, script, port, etc.;
(2) a back door, namely an intrusion method for evaluating the computer or the data thereof by bypassing a system security mechanism through a technical principle;
(3) dos: intentionally attacking a network protocol to realize defects or directly using brute force to exhaust the resources of an attacked object, thereby realizing the attack that a target network cannot use services or resources;
(4) vulnerability exploitation, namely, the attack of an attacker on the information of security vulnerabilities in an operating system or software;
(5) a type of attack in which an attacker provides a large number of random numbers to a program or network to cause it to close;
(6) the attribute method comprises the following steps: resolving conflicts using a hash function regardless of password configuration;
(7) a detection method: attacks, also known as probes, for collecting computer information;
(8) the Shellcode is used for controlling the attack mode of the attacked host by an attacker through a shell command and a small amount of codes;
(9) worm: worm attack, a virus attack that replicates to a controlling host without any manipulation.
For experimental convenience, statistics were made on the UNSW-15NB dataset every 10 minutes. UNSW-15NB was processed using the evaluation index, and 144 situation values were generated as experimental samples. The first 100 were used as training sets and the last 44 as test sets. In addition, the value range of the network security situation value is 0-10. Thus, a state value of 0-2 is stated to indicate safety, a state value of 3-4 indicates low risk, a state value of 5-6 indicates medium risk, a state value of 7-8 indicates high risk, and a state value greater than 8 indicates an emergency.
6. Experimental standards
In this experiment, Accuracy, Precision, Recall and F1_ score were used to evaluate the effectiveness of our NSSA method. Some of these concepts are defined as follows:
true Positive (TP): TP indicates that a positive sample is evaluated as a positive sample;
false Positive (FP): FP indicates that negative samples are evaluated as positive samples;
true Negative (TN): TN indicates that negative samples are evaluated as negative samples;
false Negative (FN): FN indicates that positive samples are evaluated as negative samples.
The confusion matrix for TP, FP, TN, FN is shown in Table 3.
TABLE 3 confusion matrix
Accuracy: the number of correctly identified samples is a proportion of the total number of samples.
Precision: the proportion of actual positive samples in the number of identified positive samples.
Recall: the percentage of positive cases in the sample that are predicted to be correct.
F1_ score: it considers both Precision and Recall of the classification models.
Macroscopic averaging: this method takes into account that small samples also play an important role in the total sample. Precision, Recall, and F1_ score were calculated for each class on each confusion matrix, and then the average was calculated.
Weighted average: this approach takes into account the imbalance of each sample class. Precision, Recall, and F1_ score for each category on each confusion matrix are first calculated, and then the weighted average is calculated.
7. Analysis of model fitness
The degrees of model fit of the BIPMU-based NSSA evaluation method, PMU-based NSSA evaluation method, AEDNN-based NSSA evaluation method, and GA-BP-based NSSA evaluation method were compared by loss values, as shown in fig. 5.
As shown in fig. 5, the BIPMU-based NSSA evaluation method performs better in terms of loss value reduction, and the reduction rate has better advantages than the other three methods. From table 4 we can also see that the final loss value of the BIPMU based NSSA evaluation method is minimal, followed by the PMU based NSSA evaluation method. This demonstrates that the BIPMU-based NSSA evaluation method has better model fitness than the other three methods. In our analysis, this is because the BIPMU-based NSSA evaluation method and the PMU-based NSSA evaluation method take into account the timing of the data set, as compared to the other two methods. Meanwhile, the NSSA evaluation method based on the BIPMU also considers information to be transmitted in the future compared with the NSSA evaluation method based on the PMU.
TABLE 4 loss values
8. Evaluation of effectiveness
The effectiveness of the BIPMU-based NSSA evaluation method, PMU-based NSSA evaluation method, AEDNN-based NSSA evaluation method, and GA-BP-based NSSA evaluation method were compared. Meanwhile, in the evaluation process, although the threat data is small in proportion, the importance of the threat data cannot be ignored. Precision, Recall and F1_ score will therefore be calculated using the macro-average and the weighted average, respectively. The experimental results of the macroaveraging calculation are shown in fig. 6.
FIG. 6 evaluates the performance of four different NSSA methods from Accuracy, Precision, Recall, and F1_ score. Under the calculation of the macroscopic averaging method, the NSSA evaluation method based on the BIPMU has the best effect in all aspects. This is because the GA-BP based NSSA evaluation method and the AEDNN based NSSA evaluation method do not consider the chronological order of the data sets. The output of the PMU-based NSSA estimation method at the current time refers only to information transmitted at a past time, and does not take into account information transmitted at a future time.
FIG. 7 shows the evaluation of four different methods Precision, Recall and F1_ score under the weighted average calculation. It can be seen that the BIPMU based NSSA estimation method still has the best effect under the weighted average calculation method.
9. Evaluation of degree of fitting
Referring to fig. 8, a line graph is used to show the fit between the evaluation results and the actual results of the four methods.
As can be seen from fig. 8, when the number of samples is 2, 13, 31, and 33, the network evaluation situation value fluctuates greatly, which indicates that the network threats in the present four time periods are all strong. The third sample presented a warning of a "medium risk" level, indicating that the network for that time period is facing a higher level of threat of attack and that corresponding security measures should be taken during that time period. The samples No. 12 and No. 31 show warning of high-risk level, which indicates that the network state is very dangerous at the moment, and safety personnel should be sent to the network for timely rescue in the period of time. According to the fitting degree of the evaluation curve and the real curve, the evaluation scene value obtained by the method is consistent with the real scene value. Of the other three evaluation methods, the PMU-based NSSA evaluation method was made wrong once, the AEDNN-based NSSA evaluation method and the GA-BP-based NSSA evaluation method were made wrong twice.
It is clear from the above results and reasons that the BIPMU-based NSSA estimation method is more suitable for the current network environment.
10. Efficiency analysis
In the above four methods, the GA algorithm introduces a new iteration cycle due to the GA-BP evaluation method. Therefore, under the same conditions, the computation amount is often much higher than that of other neural networks. So in this context we only compare the efficiency of NSSA based on bilpmu, PMU and AEDNN, as shown in fig. 9.
As can be seen from fig. 9, the operation time of the NSSA evaluation method based on the pmum is the longest, the operation time of the NSSA evaluation method based on the AEDNN is the next to the operation time of the NSSA evaluation method based on the PMU is the shortest. The total number of AEDNN operations can be calculated as T (2 × (m × n + n) before2+ n × l)), the time complexity is O (n)2). Although the total number of operations of the AEDNN is less than that of the PMU, the period of the training process is greater than that of the other two methods because the AEDNN is composed of DAE and DNN. Thus, the run time of AEDNN is higher than PMU.
Comparing the total number of operations with the time complexity, it can be seen that the BIPMU has the same time complexity as PMU and AEDNN, although the total number of operations is higher. As can be seen from the experimental comparison, although the NSSA evaluation method based on BIPME has the longest run time, the run time difference is not great compared to the other two evaluation methods. Meanwhile, the NSSA evaluation method based on the BIPMU greatly improves the overall performance of situation evaluation.
In summary, in a large-scale complex network environment, the network data presents the characteristics of high dimension, diversity and randomness. This renders the performance and efficiency of existing NSSA methods inadequate. The invention provides a BIPMU-based NSSA method. Specifically, firstly, a novel bidirectional recurrent neural network bipmc is proposed. NSSA is then achieved by the bipmc. The performance of NSSA is effectively improved by using BIPMU. Finally, the proposed BIPMU-based NSSA method is implemented using a simulation model and provides experimental analysis. The experimental results show that compared with the existing NSSA method, the evaluation performance is obviously improved.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (5)
1. A wireless network security situation assessment method based on BIPMU is characterized by comprising the following steps:
constructing an evaluation data set;
dividing the evaluation data set into a training set and a test set, and inputting the training set into a training model for training;
inputting the evaluation elements of the test set into a trained training model to obtain a situation value;
and comparing the situation value with the true value, and verifying the validity of the model.
2. The BIPMU-based wireless network security situation assessment method of claim 1, wherein,
the evaluation data set is constructed through a self-scaling index system after the initialization and the pretreatment are carried out on the original network traffic data set.
3. The BIPMU-based wireless network security situation assessment method of claim 1, wherein,
the training model is a recurrent neural network constructed based on bidirectional reduced memory units and comprises two different reduced memory units.
4. The BIPMU-based wireless network security situation assessment method of claim 1, wherein,
the training period of the training model for cyclic training needs to be specified at the time of input.
5. The BIPMU-based wireless network security situation assessment method of claim 1, wherein,
the situation value is divided into different ranges according to the value of the network security situation value, wherein the ranges comprise security, low risk, moderate risk, high risk and emergency.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111382821.2A CN114330487A (en) | 2021-11-22 | 2021-11-22 | Wireless network security situation assessment method based on BIPMU |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111382821.2A CN114330487A (en) | 2021-11-22 | 2021-11-22 | Wireless network security situation assessment method based on BIPMU |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114330487A true CN114330487A (en) | 2022-04-12 |
Family
ID=81047231
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111382821.2A Pending CN114330487A (en) | 2021-11-22 | 2021-11-22 | Wireless network security situation assessment method based on BIPMU |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114330487A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115021987A (en) * | 2022-05-24 | 2022-09-06 | 桂林电子科技大学 | Internet of things intrusion detection method based on ARN |
| CN115021973A (en) * | 2022-05-11 | 2022-09-06 | 桂林电子科技大学 | Novel intrusion detection method based on SGRU |
| CN115022194A (en) * | 2022-05-24 | 2022-09-06 | 桂林电子科技大学 | Network security situation prediction method based on SA-GRU |
-
2021
- 2021-11-22 CN CN202111382821.2A patent/CN114330487A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115021973A (en) * | 2022-05-11 | 2022-09-06 | 桂林电子科技大学 | Novel intrusion detection method based on SGRU |
| CN115021973B (en) * | 2022-05-11 | 2024-04-05 | 桂林电子科技大学 | Novel intrusion detection method based on SGRU |
| CN115021987A (en) * | 2022-05-24 | 2022-09-06 | 桂林电子科技大学 | Internet of things intrusion detection method based on ARN |
| CN115022194A (en) * | 2022-05-24 | 2022-09-06 | 桂林电子科技大学 | Network security situation prediction method based on SA-GRU |
| CN115022194B (en) * | 2022-05-24 | 2023-09-26 | 桂林电子科技大学 | Network security situation prediction method based on SA-GRU |
| CN115021987B (en) * | 2022-05-24 | 2024-04-05 | 桂林电子科技大学 | ARN-based Internet of things intrusion detection method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112165485B (en) | Intelligent prediction method for large-scale network security situation | |
| Hu et al. | A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection | |
| Bansal et al. | A comparative analysis of machine learning techniques for botnet detection | |
| Palmieri et al. | A distributed approach to network anomaly detection based on independent component analysis | |
| CN114330487A (en) | Wireless network security situation assessment method based on BIPMU | |
| Rigaki | Adversarial deep learning against intrusion detection classifiers | |
| Yuan et al. | Ada: Adaptive deep log anomaly detector | |
| Yu et al. | Improving the quality of alerts and predicting intruder’s next goal with Hidden Colored Petri-Net | |
| CN111669384A (en) | Malicious flow detection method integrating deep neural network and hierarchical attention mechanism | |
| Oreški et al. | Genetic algorithm and artificial neural network for network forensic analytics | |
| Cannady | Applying CMAC-based online learning to intrusion detection | |
| Marchetti et al. | Identification of correlated network intrusion alerts | |
| CN111669385A (en) | Malicious traffic monitoring system fusing deep neural network and hierarchical attention mechanism | |
| CN114531283B (en) | Method, system, storage medium and terminal for measuring robustness of intrusion detection model | |
| Ramasubramanian et al. | A genetic-algorithm based neural network short-term forecasting framework for database intrusion prediction system | |
| CN113780382A (en) | AE and PMU-based high-efficiency network security situation assessment method | |
| Tao et al. | An efficient network security situation assessment method based on AE and PMU | |
| Liu et al. | A BIPMU-based network security situation assessment method for wireless network | |
| CN111784404B (en) | Abnormal asset identification method based on behavior variable prediction | |
| Zhao et al. | A hybrid ranking approach to estimate vulnerability for dynamic attacks | |
| Dehkordi et al. | Retracted: A Novel Distributed Denial of Service (DDoS) Detection Method in Software Defined Networks | |
| Abdallah et al. | An Optimal Framework for SDN Based on Deep Neural Network | |
| Al Mallah et al. | On the initial behavior monitoring issues in federated learning | |
| Banadaki et al. | Design of intrusion detection systems on the internet of things infrastructure using machine learning algorithms | |
| CN114006744A (en) | LSTM-based power monitoring system network security situation prediction method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |