CN114978777B - Multi-field scene threat fusion assessment method based on network object - Google Patents
Multi-field scene threat fusion assessment method based on network object Download PDFInfo
- Publication number
- CN114978777B CN114978777B CN202210914127.9A CN202210914127A CN114978777B CN 114978777 B CN114978777 B CN 114978777B CN 202210914127 A CN202210914127 A CN 202210914127A CN 114978777 B CN114978777 B CN 114978777B
- Authority
- CN
- China
- Prior art keywords
- threat
- score
- class
- analysis model
- subclass
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Abstract
The invention discloses a multi-field scene threat fusion assessment method based on a network object, and belongs to the technical field of log threat analysis. The method comprises the following steps: respectively establishing threat analysis model sets facing different threat scenes of an object in different safety fields, dividing the threat analysis model sets into a major class, a minor class and a threat analysis model according to the coverage range of the threat scenes, and respectively calculating the scores of the models based on the weight and the triggering frequency of the models; respectively calculating the score of each subclass based on the score of the model and combining the upper limit weight of the subclass to which the score belongs; respectively calculating the scores of all the major classes based on the scores of all the minor classes and combining the upper limit weights of the major classes to which the minor classes belong; a composite score for the object is calculated based on the broad category scores. The invention unifies standard threat analysis models for different analysis services in different security fields, and can realize comprehensive risk evaluation of network objects in the analysis services in multiple scenes.
Description
Technical Field
The invention relates to the field of log threat analysis, in particular to a multi-field scene threat fusion assessment method based on a network object.
Background
At present, the subdivision field of the network security field forms standardization, and mainly comprises eight directions including network security, host security, web security, mobile security, big data security, cloud computing security, internet of things security and industrial Internet security. The network defense technology formed around the above direction mainly includes technologies such as firewall, intrusion detection, internet behavior management, flow analysis, vulnerability analysis, identity authentication, authority control, data management and the like. Each technology or security product can form relatively independent multiple detection log results, such as firewall logs, web login logs, abnormal behavior logs and APT attack logs. For different types of logs, the current big data analysis system integrates multiple data, so that the working efficiency of data analysis and data query is improved, but the complex scene service is difficult to realize. And then, a compromise method is adopted, different analysis models are used for analyzing the service data, relatively independent service results are formed, and various service data are respectively presented by using product means such as threat situation and the like.
In fact, network attacks are usually discontinuous, and the higher the attack latency, the more accurate the attack target and the richer the attack means used, and one attack may involve attack events in multiple fields such as network security, host security, web security, and the like, if the attack content of each field is considered independently. The relevance among various fields may be weakened, and finally, the detection capability of high-harm attack events is weakened due to lower harm degree and the like.
For example, patent CN114285630A in the prior art discloses a security domain risk warning method, system, apparatus and readable storage medium, and specifically discloses that the method includes: acquiring a threat data source of a target security domain; judging the danger level of each network threat in the target security domain by using a preset danger level division rule according to a threat data source; counting the total number of alarms of the target security domain and the number of alarms triggered in the same type of security domain with the same type of the target security domain within a preset time range; obtaining the average alarm number of the similar security domains by utilizing the alarm number of the similar security domains; and obtaining the score of the target security domain by using a security domain score calculation formula, the average alarm quantity, the total alarm quantity and the grade weight corresponding to the risk grade.
Therefore, the following disadvantages exist in the prior art:
aiming at the same attack event, the service data generated in multiple fields are relatively independent, and a set of standard threat assessment method is lacked to assess the attack event. Therefore, a method is needed to integrate threat data of multiple fields again based on simple business analysis of each independent field, and evaluate the damage degree of a multi-scenario attack event by a more effective method.
Disclosure of Invention
The invention aims to solve the problems in the prior art, and provides a multi-field scene threat fusion assessment method based on a network object, which can integrate threat data of multiple fields again on the basis that simple service analysis is completed in each independent field at present, and assess the damage degree of a multi-scene attack event by using a more effective method.
In order to achieve the above object, the technical solution of the present invention is as follows:
a multi-field scene threat fusion assessment method based on network objects comprises the following steps:
s1, respectively establishing threat analysis model sets facing different threat scenes of an object in different security fields, dividing the threat analysis model sets into a large class, a small class attached to the large class and a threat analysis model attached to the small class according to the coverage range of the threat scenes, and determining the upper limit weight distribution of the large class, the upper limit weight distribution of the small class and the weight distribution of the threat analysis model in the threat scenes;
s2, traversing all threat analysis models of the object, traversing the subclasses from the major classes, and traversing the threat analysis models from the minor classes;
s3, respectively calculating the threat degree score of each threat analysis model based on the weight distribution and the triggering frequency of the hit threat analysis model;
s4, obtaining the threat degree score of each subclass by combining the upper limit weight of the subclass to which each threat analysis model belongs based on the threat degree score of the threat analysis model;
s5, based on the threat degree scores of the subclasses, respectively calculating the threat degree score of each major class by combining the upper limit weight of the major class to which each subclass belongs;
s6, calculating to obtain a comprehensive threat degree score of the object based on the threat degree scores of the large classes;
and S7, judging the threat degree of the object by setting threshold ranges of different risk states based on the comprehensive score.
In step S3, the threat degree score model _ trigger _ score of each threat analysis model is calculated according to the following formulai,j,k:
Wherein, model _ trigger _ timesi,j,kRepresenting the triggering frequency of an attached threat analysis model k (k =1, 2.., n) under a large class i (i =1, 2...., l) attached to a small class j (j =1, 2...., m); model _ scorei,j,kRepresenting the weight of the threat analysis model k.
Further, in step S4, a threat degree score subclas _ trigger _ score of each subclass is calculated according to the following formulai,j:
Wherein, the subclass _ limit _ scorei,jRepresents the upper bound weight of the subclass j to which the major class i is attached; model _ trigger _ scorei,j,kA threat level score for the threat analysis model k under the subclass j to which the major class i belongs is represented.
Further, in step S5, the threat degree score class _ trigger _ score of each large class is calculated according to the following formulai:
Wherein class _ limit _ scorei Represents the upper bound weight of the large class i, subclass _ trigger _ scorei,jRepresenting the threat level score of the subclass j to which the major class i belongs.
Further, in step S6, the composite score object _ score of the object is calculated according to the following formula:
wherein class _ trigger _ scoreiRepresenting a threat level score for a large class i.
Furthermore, the upper weight and the score of the threat analysis model weight of different threat scenes in different security fields are determined according to actual application scenes.
In summary, the invention has the following advantages:
1. the invention realizes the unification of different analysis services in different security fields through the established standard threat analysis model, and the evaluation algorithm based on the threat analysis model can realize the comprehensive risk evaluation of network objects in the analysis services in multiple scenes;
2. the method strengthens the relevance among various fields, improves the detection capability of the highly-harmful attack event, and can more effectively evaluate the danger degree of the multi-scenario attack event;
3. the fusion calculation mode of the invention is based on the threat analysis model, realizes the unified calculation of the threat data in different security fields or different scenes by using the threat data description of the network object, and obtains the integral threat assessment score of the network object in multiple fields;
4. in the method, the consistency of threat analysis and calculation logic is strengthened by using a standard calculation formula; the calculation method is simple and easy to understand, is tightly combined with the actual security service and the analysis scene, can clearly describe the threat degree of the network object in different fields or different scenes, and provides effective data support in the threat analysis in multi-scene attack events.
Drawings
FIG. 1 is a process for constructing a set of threat analysis models in accordance with the present invention;
FIG. 2 is a flow chart of the composite score calculation and threat assessment process according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to examples, but the embodiments of the present invention are not limited thereto.
Example 1
The embodiment provides a multi-field scene threat fusion assessment method based on a network object, as shown in fig. 1-2, unification of different analysis services of the network object in different security fields is realized through an established standard threat analysis model set, and comprehensive risk assessment of the network object in the analysis services in multiple scenes can be realized based on an assessment algorithm of the threat analysis model set.
The network object referred by the method is a general name of the participant of the network communication and the abstract network relationship. Participants in network communications such as: IP object, domain name object, file object, mailbox object; abstract network relationships are collectively referred to as: IP session object, service object. Non-network objects such as: and (4) performing credit threat fusion assessment in the bank field. The method is also suitable for threat fusion assessment of non-network objects, such as credit threat degree fusion assessment of banking industry.
The network objects are derived from the required services in various security fields, including network security, host security, web security, mobile security, big data security, cloud computing security, internet of things security, and industrial internet security. Including and not limited to IP, domain name, file, mailbox, account, session, company, asset, etc.
The network object generates threat records in different security fields through detection technology, and the data comprises a threat source, the threat records, threat triggering time and the like. For example, the IP object generates a threat record in abnormal flow detection of network security, and accesses a sensitive file in host security to generate the threat record. The threat log data will generate the association data as an object threat description.
Based on the threat record data, a threat analysis model is established, wherein the threat analysis model refers to computing logic for carrying out threat analysis on network service data in a single field and producing corresponding threat records, and the computing logic comprises and is not limited to feature matching, blacklist matching, statistical threshold values and AI analysis.
The scene to which the threat analysis model belongs is classified into attack and defense types of the effect of the threat analysis model in the actual network security service. Such as: information collection, exploit, blast attack, phishing attack, DDos attack, APT attack.
The method comprises the steps of respectively establishing threat analysis model sets facing different threat scenes of network objects in different security fields, dividing the threat analysis model sets into large classes, small classes attached to the large classes and threat analysis models attached to the small classes according to the coverage range of the threat scenes, and determining the upper limit weight distribution of the large classes, the upper limit weight distribution of the small classes and the weight distribution of the threat analysis models in the threat scenes. A set of threat analysis models as shown in table 1 below, comprising: the method comprises the following steps of providing a threat scenario major class model _ class, a threat scenario major class attached subclass model _ subclass, an upper limit weight class _ limit _ score of the threat scenario major class, an upper limit weight subclass _ limit _ score of the threat scenario major class attached subclass, a threat analysis model attached to the threat scenario minor class, a threat analysis model triggering frequency model _ trigger _ time and a weight model _ score of the threat analysis model.
The upper limit weight refers to the maximum influence degree that the threat large class or the threat small class of the network object can reach in the overall threat assessment of the network object. Since the scores of the threat major classes or minor classes are calculated and accumulated by a plurality of minor classes and the attached model or a plurality of attached models, only representing the influence degree of the attached minor classes or models in the classes and not representing the whole influence degree of the attached minor classes or models on the network objects, the upper limit weight is required to endow the whole influence degree of the attached minor classes or models.
Model weights refer to the degree of influence of the threat analysis model itself in the subclass to which the model belongs.
The upper limit weight and the model weight value can be adjusted according to the service condition so as to meet the actual service requirement.
Table 1 lists two different threat scenarios, namely, a blasting attack and a phishing attack, where the two threat scenarios respectively correspond to two major classes in a threat analysis model, each major class corresponds to a plurality of minor classes, and each minor class corresponds to a plurality of models.
TABLE 1 example set of threat analysis models
Based on the threat analysis model set established in the steps, the threat fusion assessment method comprises the following steps:
firstly, traversing all threat analysis model sets established by objects in different threat scenes in different security fields, traversing subclasses from a large class and traversing threat analysis models from a small class.
Then, based on the weight distribution and the triggering frequency of the hit threat analysis model, the threat degree score model _ trigger _ score of the threat analysis model k under the subclass j attached to the major class i is respectively calculated according to the following formulai,j,k:
Wherein model _ trigger _ timesi,j,kRepresenting the triggering frequency of an attached threat analysis model k (k =1, 2.., n) under a large class i (i =1, 2...., l) attached to a small class j (j =1, 2...., m); model _ scorei,j,kRepresenting the weight of the threat analysis model k.
Based on the threat degree score of the threat analysis model k, combining the upper limit weight of the subclass j to which each threat analysis model k belongs, and respectively calculating the threat degree score of the subclass j under the major class i, namely subclass _ trigger _ scorei,j The calculation formula is as follows:
wherein, the subclass _ limit _ scorei,jIndicating the upper bound weight of the subclass j to which the major class i is attached.
Based on the threat degree scores of the subclasses j, combining the upper limit weights of the large classes i to which the subclasses j belong, and respectively calculating the threat degree scores of the large classes i according to the following formulai:
Wherein class _ limit _ scoreiRepresenting the upper bound weight of the large class i.
Based on the threat level scores of the large class i, a threat level composite score object _ score of the object is calculated according to the following formula:
and finally, judging the threat degree of the object by setting threshold ranges of different risk states based on the comprehensive score.
The expressions (2) to (4) are all self-increment operations, the variable in the expression is initially assigned to 0, and the calculation result of the previous time is assigned to the variable in the expression in each subsequent calculation until all the projects participating in the calculation are traversed.
Example 2
The method for evaluating fusion of multiple domain scene threats based on network objects is described in the following by specific embodiments. Taking two different threat scenarios of the object in the same security field as an example, threat analysis models are respectively established for the two threat scenarios.
A threat scene I is divided into a threat main class 1, an attached subclass 1 and an attached subclass 2 are arranged under the threat main class 1, an attached threat analysis model 1 (with the weight being 0.3 and the triggering frequency being 100 times) and a threat analysis model 2 (with the weight being 0.4 and the triggering frequency being 1 time) are arranged under the subclass 1, and an attached threat analysis model 1 (with the weight being 0.3 and the triggering frequency being 100 times) is arranged under the subclass 2.
The threat scene two is divided into a threat major class 2, an affiliated subclass 1 is arranged under the major class 2, and an affiliated threat analysis model 1 (the weight is 0.3, the triggering frequency is 100 times), a threat analysis model 2 (the weight is 0.4, the triggering frequency is 1 time) and a threat analysis model 3 (the weight is 0.5, and the triggering frequency is 2 times) are arranged under the subclass 1.
The following is the calculation flow:
the method comprises the following steps of firstly, calculating the threat degree score of each hit threat analysis model by combining the weight score and the triggering frequency of the threat analysis model:
-calculating scores for threat analysis model 1 and threat analysis model 2 under subclass 1:
threat analysis model 1 = 0.3/(1 + math. Exp (-100 × e)) = 0.3;
threat analysis model 2= 0.4/(1 + math. Exp (-1 + e)) = 0.3752;
-calculating the score of the threat analysis model 1 under subclass 2 under subclass 1:
threat analysis model 1 = 0.3/(1 + math. Exp (-100 × e)) = 0.3;
-calculating the scores of the threat analysis model 1, the threat analysis model 2 and the threat analysis model 3 under subclass 1 under subclass 2:
threat analysis model 1 = 0.3/(1 + math. Exp (-100 × e)) = 0.3;
threat analysis model 2= 0.4/(1 + math. Exp (-1 + e)) = 0.3752;
threat analysis model 3 = 0.5/(1 + math. Exp (-2 × e)) = 0.4978;
secondly, respectively calculating the threat degree score of each subclass according to the score of the threat analysis model and the weight of the subclass to which the threat analysis model belongs;
-calculating the scores of subclass 1 and subclass 2 under subclass 1:
subclass 1 score =0 (initial value)
1. Subclass 1 score + = (1-subclass 1 score) × subclass 1 weight = (1-0) × 0.3 = 0.09;
2. subclass 1 score + = (1-0.09) × 0.3 × 0.3752 = 0.1924;
subclass 2 score =0 (initial value)
1. Subclass 2 score + = (1-subclass 2 score) × subclass 2 weight = (1-0) × 0.4 × 0.3 = 0.12 for threat analysis model 1;
-calculating the score for subclass 1 under subclass 2:
subclass 1 score =0 (initial value)
1. Subclass 1 score + = (1-subclass 1 score) × subclass 1 weight = (1-0) × 0.4 × 0.3 = 0.12 for threat analysis model 1 score;
2. subclass 1 score + = (1-0.12) × 0.4 × 0.3752 = 0.252;
3. subclass 1 score + = (1-0.252) × 0.4 × 0.4978= 0.4;
thirdly, respectively calculating the threat degree score of each major category according to the calculation results of the minor categories and the weights of the major categories to which the minor categories belong;
calculating a broad class 1 score
Class 1 score =0
1. Major 1 score + = (1-major 1 score) × major 1 weight = (1-0) × 0.4 × 0.1924 = 0.07696;
2. major 1 score + = (1-major 1 score) × major 1 weight = (1-0.07696) × 0.4 × 0.12 = 0.121;
calculating a class 2 score
Large class 2 score =0
1. Major class 2 score + = (1-major class 2 score) × major class 2 weight × minor class 1 score = (1-0) × 0.8 × 0.4 = 0.32;
fourthly, calculating the comprehensive score of the object:
total score =0 (initial value)
1. Total score + = (1-total score) × major class 1 score = (1-0) × 0.121 = 0.121;
2. total score + = (1-total score) × major class 2 score = (1-0.121) × 0.32=0.402.
And fifthly, judging high risk, medium risk, low risk and harmlessness based on the comprehensive score (object _ score) of the network object. Threshold value ranges of various risk states can be set, for example, the high-risk setting score is more than or equal to 85 points, the medium-risk setting score is more than or equal to 60 points and less than 85 points, the low-risk setting score is more than or equal to 10 points and less than 60 points, and the harmless setting score is less than 10 points.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and any simple modifications and equivalent variations of the above embodiment according to the technical spirit of the present invention are within the scope of the present invention.
Claims (2)
1. A multi-field scene threat fusion assessment method based on network objects comprises the following steps:
s1, respectively establishing threat analysis model sets facing different threat scenes of an object in different security fields, dividing the threat analysis model sets into a large class, a small class attached to the large class and a threat analysis model attached to the small class according to the coverage range of the threat scenes, and determining the upper limit weight distribution of the large class, the upper limit weight distribution of the small class and the weight distribution of the threat analysis model in the threat scenes;
s2, traversing all threat analysis model sets of the object, traversing subclasses from a large class and traversing threat analysis models from a small class;
s3, respectively calculating the threat degree score of each threat analysis model based on the weight distribution and the triggering frequency of the hit threat analysis model;
s4, obtaining the threat degree score of each subclass by combining the upper limit weight of the subclass to which each threat analysis model belongs based on the threat degree score of the threat analysis model;
s5, based on the threat degree scores of the subclasses, combining the upper limit weight of the major classes to which each subclass belongs, and respectively calculating the threat degree scores of each major class;
s6, calculating to obtain a comprehensive threat degree score of the object based on the threat degree scores of the large classes;
s7, judging the threat degree of the object by setting threshold ranges of different risk states based on the comprehensive score;
in step S3, the threat degree score model _ trigger _ score of each threat analysis model is calculated according to the following formulai,j,k:
Wherein model _ trigger _ timesi,j,kRepresenting the trigger frequency of an attached threat analysis model k (k =1, 2.. Multidot., n) under a large class i (i =1, 2.. Multidot., l) attached to a small class j (j =1, 2.. Multidot., m); model _ scorei,j,kA weight representing a threat analysis model k; l, m and n are enumerated values;
in step S4, calculating and obtaining the threat degree score of each subclass, namely, subclass _ trigger _ score according to the following formulai,j:
Wherein, the subclass _ limit _ scorei,jRepresents the upper bound weight of the subclass j to which the major class i belongs; model _ trigger _ scorei,j,kA threat level score representing a threat analysis model k under a subclass j to which the major class i belongs;
in step S5, calculating and obtaining the threat degree score class _ trigger _ score of each large class according to the following formulai:
Wherein class _ limit _ scorei Represents the upper bound weight of the large class i, subclass _ trigger _ scorei,jA threat level score representing a subclass j to which the major class i belongs;
in step S6, the composite score object _ score of the object is calculated as follows:
wherein class _ trigger _ scoreiRepresenting a threat level score for a large class i.
2. The method for fusion assessment of threats in multiple fields based on network objects according to claim 1, wherein scores of upper weights and threat analysis model weights of different threat scenarios in different security fields are determined according to actual application scenarios.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210914127.9A CN114978777B (en) | 2022-08-01 | 2022-08-01 | Multi-field scene threat fusion assessment method based on network object |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210914127.9A CN114978777B (en) | 2022-08-01 | 2022-08-01 | Multi-field scene threat fusion assessment method based on network object |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114978777A CN114978777A (en) | 2022-08-30 |
| CN114978777B true CN114978777B (en) | 2022-11-01 |
Family
ID=82969152
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210914127.9A Active CN114978777B (en) | 2022-08-01 | 2022-08-01 | Multi-field scene threat fusion assessment method based on network object |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114978777B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106960269A (en) * | 2017-02-24 | 2017-07-18 | 浙江鹏信信息科技股份有限公司 | Safe emergence treating method and system based on analytic hierarchy process (AHP) |
| CN114239728A (en) * | 2021-12-17 | 2022-03-25 | 中国航空研究院 | Multi-domain battlefield situation assessment and threat ranking method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190095821A1 (en) * | 2017-09-27 | 2019-03-28 | Johnson Controls Technology Company | Building risk analysis system with expiry time prediction for threats |
| US20210216928A1 (en) * | 2020-01-13 | 2021-07-15 | Johnson Controls Technology Company | Systems and methods for dynamic risk analysis |
-
2022
- 2022-08-01 CN CN202210914127.9A patent/CN114978777B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106960269A (en) * | 2017-02-24 | 2017-07-18 | 浙江鹏信信息科技股份有限公司 | Safe emergence treating method and system based on analytic hierarchy process (AHP) |
| CN114239728A (en) * | 2021-12-17 | 2022-03-25 | 中国航空研究院 | Multi-domain battlefield situation assessment and threat ranking method |
Non-Patent Citations (1)
| Title |
|---|
| 基于前景理论的空战目标威胁评估;奚之飞等;《兵工学报》;20200615(第06期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114978777A (en) | 2022-08-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sreeram et al. | HTTP flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm | |
| Shamsolmoali et al. | Statistical-based filtering system against DDOS attacks in cloud computing | |
| CN107579956B (en) | User behavior detection method and device | |
| Yu et al. | Information theory based detection against network behavior mimicking DDoS attacks | |
| CN104836702B (en) | Mainframe network unusual checking and sorting technique under a kind of large traffic environment | |
| CN111193719A (en) | Network intrusion protection system | |
| Sherazi et al. | DDoS attack detection: A key enabler for sustainable communication in internet of vehicles | |
| CN111507597A (en) | Network information security risk assessment model and method | |
| CN109194680A (en) | A kind of network attack identification method, device and equipment | |
| Amini et al. | A survey on Botnet: Classification, detection and defense | |
| Yu et al. | A general cloud firewall framework with dynamic resource allocation | |
| CN112422513B (en) | Anomaly detection and attack initiator analysis system based on network traffic message | |
| Saed et al. | Detection of man in the middle attack using machine learning | |
| Shamsolmoali et al. | C2DF: High rate DDOS filtering method in cloud computing | |
| Khan et al. | Towards augmented proactive cyberthreat intelligence | |
| Sultana et al. | Detecting and preventing ip spoofing and local area network denial (land) attack for cloud computing with the modification of hop count filtering (hcf) mechanism | |
| CN114978777B (en) | Multi-field scene threat fusion assessment method based on network object | |
| CN115080554A (en) | Warning method and system based on multi-dimensional data collision analysis | |
| Lalropuia et al. | Game theoretic modeling of economic denial of sustainability (EDoS) attack in cloud computing | |
| Ramprasath et al. | Virtual Guard Against DDoS Attack for IoT Network Using Supervised Learning Method | |
| Mathew et al. | Genetic algorithm based layered detection and defense of HTTP botnet | |
| Honda et al. | Detection of novel-type brute force attacks used ephemeral springboard ips as camouflage | |
| Zhang et al. | Network attack intention recognition based on signaling game model and Netlogo simulation | |
| CN117478433B (en) | Network and information security dynamic early warning system | |
| Andhare et al. | Mitigating Denial-of-Service Attacks Using Genetic Approach |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |