CN115865486B - Network intrusion detection method and system based on multi-layer perception convolutional neural network - Google Patents
Network intrusion detection method and system based on multi-layer perception convolutional neural network Download PDFInfo
- Publication number
- CN115865486B CN115865486B CN202211519273.8A CN202211519273A CN115865486B CN 115865486 B CN115865486 B CN 115865486B CN 202211519273 A CN202211519273 A CN 202211519273A CN 115865486 B CN115865486 B CN 115865486B
- Authority
- CN
- China
- Prior art keywords
- network
- layer
- intrusion detection
- convolutional neural
- neural network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 62
- 238000013527 convolutional neural network Methods 0.000 title claims abstract description 45
- 230000008447 perception Effects 0.000 title claims abstract description 34
- 230000004927 fusion Effects 0.000 claims abstract description 31
- 238000012549 training Methods 0.000 claims abstract description 26
- 238000000034 method Methods 0.000 claims abstract description 25
- 238000005070 sampling Methods 0.000 claims abstract description 8
- 238000011176 pooling Methods 0.000 claims description 13
- 238000004140 cleaning Methods 0.000 claims description 5
- 230000006870 function Effects 0.000 claims description 4
- 230000011218 segmentation Effects 0.000 claims description 3
- 238000012800 visualization Methods 0.000 claims description 3
- 238000007781 pre-processing Methods 0.000 claims description 2
- 238000000605 extraction Methods 0.000 abstract description 4
- 238000010801 machine learning Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 3
- 239000000284 extract Substances 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000002474 experimental method Methods 0.000 description 2
- 239000000047 product Substances 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000052 comparative effect Effects 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000007637 random forest analysis Methods 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 238000012706 support-vector machine Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Abstract
The invention discloses a network intrusion detection method and system based on a multi-layer perception convolutional neural network, comprising the following steps: acquiring network flow data in a network environment to be tested; classifying the network flow data by adopting the trained network intrusion detection model to obtain a recognition result of whether network intrusion exists or not; the network intrusion detection model is constructed based on a multi-layer perception convolutional neural network, and the training process comprises the following steps: and extracting feature graphs of different scales output by each layer of perception convolution layer from the training sample set, up-sampling and bilinear interpolation on the feature graphs of different scales to obtain feature graphs of uniform scales, and carrying out serial fusion on the feature graphs of uniform scales to obtain multi-scale fusion features, wherein the network intrusion detection model is trained according to the multi-scale fusion features and classification labels of the training sample set. The feature extraction capability and the perception capability are improved, and the accuracy of the network traffic classification problem is improved.
Description
Technical Field
The invention relates to the technical field of network intrusion detection, in particular to a network intrusion detection method and system based on a multi-layer perception convolutional neural network.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
Network intrusion is a act that attempts to break the integrity, confidentiality, or availability of computer and network system resources. The traditional operating system reinforcement technology, firewall isolation technology and the like are static security defense technologies, lack active reaction to the daily and monthly attack means in the network environment, and cannot meet the requirement of the existing system on security.
Network intrusion detection refers to the detection of an intrusion or attempt to intrude into a system by operating on behavior, security log or audit data or other information available on the network, and is a network security technique that actively protects itself from attacks. As a reasonable supplement to the firewall, the network intrusion detection technology can help the system to cope with network attacks, expand the security management capability of a system administrator and improve the integrity of a network security infrastructure. Network intrusion detection is typically modeled as a two-classification problem of traffic, i.e., discriminating whether network traffic is normal or abnormal.
With the rise of machine learning, the machine learning method has been widely applied to network intrusion detection, and has also made a new breakthrough in network intrusion detection, such as support vector machines, random forests, artificial neural networks, fuzzy logic, etc., to achieve good effects. However, these methods often require manual feature extraction when applied, which acts as a classifier and belongs to shallow learning.
Along with diversification, complicacy and maximization of intrusion data, the effectiveness of the traditional machine learning method for detecting the intrusion behavior of network intrusion detection is gradually reduced, and how to better cope with data processing and feature learning, improve the capability of a network intrusion detection model and the like become the problems to be solved urgently.
Disclosure of Invention
In order to solve the problems, the invention provides a network intrusion detection method and system based on a multi-layer perception convolutional neural network, which uses a perception convolutional layer comprising a multi-layer perceptron to replace a convolutional layer in a traditional convolutional neural network, so as to improve the feature extraction capability of each layer, improve the perception capability of features through multi-scale feature fusion, and improve the accuracy of network flow classification problems.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
in a first aspect, the present invention provides a network intrusion detection method based on a multi-layer perceptual convolutional neural network, including:
acquiring network flow data in a network environment to be tested;
classifying the network flow data by adopting the trained network intrusion detection model to obtain a recognition result of whether network intrusion exists or not;
the network intrusion detection model is constructed based on a multi-layer perception convolutional neural network, and the training process comprises the following steps: and extracting feature graphs of different scales output by each layer of perception convolution layer from the training sample set, up-sampling and bilinear interpolation on the feature graphs of different scales to obtain feature graphs of uniform scales, and carrying out serial fusion on the feature graphs of uniform scales to obtain multi-scale fusion features, wherein the network intrusion detection model is trained according to the multi-scale fusion features and classification labels of the training sample set.
As an alternative embodiment, the multi-layer perceptual convolutional neural network comprises four perceptual convolutional layers, four pooling layers, a multi-scale feature fusion layer, and a softmax classifier.
As an alternative embodiment, each perceptual convolution layer comprises four two-dimensional convolutions with convolution kernel sizes 5*5, 5*5, 3*3, 3*3, respectively; the first three layers of the four pooling layers are the largest pooling layers, and the fourth layer is the global average pooling layer.
As an alternative implementation manner, the multi-scale feature fusion layer fuses the feature graphs with uniform scale in series through a Concat function.
Alternatively, the acquired network traffic data is preprocessed and converted into IDX format prior to classification and identification.
As an alternative embodiment, the pretreatment process includes: and carrying out flow segmentation, repeated flow cleaning, length unification and visualization on the network flow data to obtain a gray picture, and converting the gray picture into an IDX file.
In an alternative embodiment, in the length unification process, if the length of the network traffic data is greater than the set byte, the part exceeding the set byte is intercepted, and if the length is less than the set byte, zero padding is performed later.
In a second aspect, the present invention provides a network intrusion detection system based on a multi-layer perceptual convolutional neural network, comprising:
the data acquisition module is configured to acquire network traffic data in a network environment to be tested;
the intrusion detection module is configured to classify the network flow data by adopting the trained network intrusion detection model to obtain a recognition result of whether network intrusion exists or not;
the network intrusion detection model is constructed based on a multi-layer perception convolutional neural network, and the training process comprises the following steps: and extracting feature graphs of different scales output by each layer of perception convolution layer from the training sample set, up-sampling and bilinear interpolation on the feature graphs of different scales to obtain feature graphs of uniform scales, and carrying out serial fusion on the feature graphs of uniform scales to obtain multi-scale fusion features, wherein the network intrusion detection model is trained according to the multi-scale fusion features and classification labels of the training sample set.
In a third aspect, the invention provides an electronic device comprising a memory and a processor and computer instructions stored on the memory and running on the processor, which when executed by the processor, perform the method of the first aspect.
In a fourth aspect, the present invention provides a computer readable storage medium storing computer instructions which, when executed by a processor, perform the method of the first aspect.
Compared with the prior art, the invention has the beneficial effects that:
the invention provides a network intrusion detection method and system based on a multi-layer sensing convolutional neural network, which are based on the combination of the multi-layer sensing convolutional neural network (Multilayer Perceptron Convolutional Neural Network, MLP_CNN) and multi-scale feature fusion, and automatically extract features through deep learning, so that the problem that the traditional machine learning needs to manually design and extract features is solved, the detection efficiency is improved, and the defects of high false alarm rate and poor self-adaptability (namely difficult to find novel attacks) are overcome.
The invention provides a network intrusion detection method and system based on a multi-layer perception convolutional neural network, which uses an MLPConv layer containing a multi-layer perceptron as a nonlinear function approximator to replace a convolutional layer in the traditional convolutional neural network, so that the feature extraction capacity of each layer is improved, the perception capacity of features is improved through multi-scale feature fusion, the problem that the extracted features are required to be manually designed in machine learning is effectively solved, and the accuracy of the flow classification problem is improved.
Additional aspects of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention.
Fig. 1 is a flowchart of a network intrusion detection method based on a multi-layer perceptual convolutional neural network according to embodiment 1 of the present invention;
fig. 2 is a diagram of a network intrusion detection model constructed based on a multi-layer perceptual convolutional neural network according to embodiment 1 of the present invention.
Detailed Description
The invention is further described below with reference to the drawings and examples.
It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the invention. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present invention. As used herein, unless the context clearly indicates otherwise, the singular forms also are intended to include the plural forms, and furthermore, it is to be understood that the terms "comprises" and "comprising" and any variations thereof are intended to cover non-exclusive inclusions, such as, for example, processes, methods, systems, products or devices that comprise a series of steps or units, are not necessarily limited to those steps or units that are expressly listed, but may include other steps or units that are not expressly listed or inherent to such processes, methods, products or devices.
Embodiments of the invention and features of the embodiments may be combined with each other without conflict.
Example 1
The embodiment provides a network intrusion detection method based on a multi-layer perceptive convolutional neural network, as shown in fig. 1, including:
acquiring network flow data in a network environment to be tested;
classifying the network flow data by adopting the trained network intrusion detection model to obtain a recognition result of whether network intrusion exists or not;
the network intrusion detection model is constructed based on a multi-layer perception convolutional neural network, and the training process comprises the following steps: and extracting feature graphs of different scales output by each layer of perception convolution layer from the training sample set, up-sampling and bilinear interpolation on the feature graphs of different scales to obtain feature graphs of uniform scales, and carrying out serial fusion on the feature graphs of uniform scales to obtain multi-scale fusion features, wherein the network intrusion detection model is trained according to the multi-scale fusion features and classification labels of the training sample set.
In the embodiment, network original flow data is collected in advance and stored in a form of a pcap packet, wherein the network original flow data comprises network normal access data and network attack data, and corresponding labels are added to the network normal access data and the network attack data to form a training sample set;
it can be understood that all network traffic data is acquired in legal applications based on compliance with legal regulations.
In this embodiment, preprocessing is performed on the collected network original traffic data and converting the network original traffic data into an IDX format; specifically:
(1) Flow segmentation, namely segmenting one piece of collected network original flow data into a plurality of flow data, and outputting the flow data in a session+all layers;
(2) Flow cleaning, namely deleting data packets without an application layer during cleaning, and simultaneously, only one repeated file is required to be reserved because repeated files with identical contents can cause deviation to training;
it should be noted that, for the training sample set, after cleaning is completed, the training sample set is divided into a training set and a testing set according to the ratio of 7:3;
(3) The cleaned file is processed according to 784 bytes in a unified length, if the file length is greater than 784 bytes, the file is intercepted, and if the file length is less than 784 bytes, 0 is added at the back;
(4) Carrying out visualization processing on the file with uniform length, namely converting the file into a gray picture;
it can be appreciated that this step is optional, and for ease of analysis, the cleaned file may also be directly converted to IDX format;
(5) Converting the gray level picture into an IDX file, and inputting the IDX file into a network intrusion detection model.
In the embodiment, the network intrusion detection model is constructed based on a multi-layer sensing convolutional neural network, and multi-scale feature fusion is combined; the multi-layer perception convolutional neural network is based on a convolutional neural network, and an original traditional convolutional layer (Convolutional layer) is changed into an MLPConv layer (Multilayer Perceptron Convolutional layer) combined with a multi-layer perceptron MLP;
as shown in fig. 2, the multi-layer perceptual convolutional neural network includes: four MLPConv layers, four pooling layers, a multi-scale feature fusion layer, and a softmax classifier;
wherein each MLPConv layer comprises four two-dimensional convolutions with convolution kernel sizes 5*5, 5*5, 3*3, 3*3, respectively; the first three layers of four pooling layers are the largest pooling layers, and the fourth layer is a global average pooling layer; finally, a back propagation algorithm is adopted to adjust parameters of the network intrusion detection model; the structural parameters of the multi-layer perceptual convolutional neural network are shown in table 1:
TABLE 1 structural parameters of a Multi-layer perceptive convolutional neural network
In this embodiment, the network intrusion detection model performs the following processing on the preprocessed network traffic data:
extracting feature graphs of different scales output by each layer of MLPConv, up-sampling the feature graphs of different scales output by different layers, unifying the feature graphs of different scales to the same scale through bilinear interpolation, and carrying out serial fusion on the feature graphs of the same scale of different layers through a Concat function to obtain a final multi-scale fusion feature; and finally, classifying by a Softmax classifier and outputting classification results, wherein the classification results comprise network intrusion and no network intrusion.
According to the embodiment, the low-level features and the high-level features are fused, so that the flow space detail feature information representation capability of the low-level network can be reserved, the semantic information representation capability of the high-level network for the flow can also be reserved, and the accuracy of the flow classification result is improved.
The comparison experiment proves that the comparison experiment result is shown in table 2, compared with other intrusion detection models, the detection method of the embodiment not only obtains better effect on the overall detection rate, but also has lower false alarm rate. Compared with the prior art, the detection method of the embodiment achieves good effects when processing network traffic with high dimensionality, nonlinearity and large data volume, automatically extracts the characteristics through an algorithm, omits the step of manually designing and extracting the characteristics, greatly reduces the workload, and achieves good effects when being applied to real network traffic data.
Table 2 comparative experimental results
Example 2
The embodiment provides a network intrusion detection system based on a multi-layer perception convolutional neural network, which comprises:
the data acquisition module is configured to acquire network traffic data in a network environment to be tested;
the intrusion detection module is configured to classify the network flow data by adopting the trained network intrusion detection model to obtain a recognition result of whether network intrusion exists or not;
the network intrusion detection model is constructed based on a multi-layer perception convolutional neural network, and the training process comprises the following steps: and extracting feature graphs of different scales output by each layer of perception convolution layer from the training sample set, up-sampling and bilinear interpolation on the feature graphs of different scales to obtain feature graphs of uniform scales, and carrying out serial fusion on the feature graphs of uniform scales to obtain multi-scale fusion features, wherein the network intrusion detection model is trained according to the multi-scale fusion features and classification labels of the training sample set.
It should be noted that the above modules correspond to the steps described in embodiment 1, and the above modules are the same as examples and application scenarios implemented by the corresponding steps, but are not limited to those disclosed in embodiment 1. It should be noted that the modules described above may be implemented as part of a system in a computer system, such as a set of computer-executable instructions.
In further embodiments, there is also provided:
an electronic device comprising a memory and a processor and computer instructions stored on the memory and running on the processor, which when executed by the processor, perform the method described in embodiment 1. For brevity, the description is omitted here.
It should be understood that in this embodiment, the processor may be a central processing unit CPU, and the processor may also be other general purpose processors, digital signal processors DSP, application specific integrated circuits ASIC, off-the-shelf programmable gate array FPGA or other programmable logic device, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory may include read only memory and random access memory and provide instructions and data to the processor, and a portion of the memory may also include non-volatile random access memory. For example, the memory may also store information of the device type.
A computer readable storage medium storing computer instructions which, when executed by a processor, perform the method described in embodiment 1.
The method in embodiment 1 may be directly embodied as a hardware processor executing or executed with a combination of hardware and software modules in the processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method. To avoid repetition, a detailed description is not provided herein.
Those of ordinary skill in the art will appreciate that the elements of the various examples described in connection with the present embodiments, i.e., the algorithm steps, can be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
While the foregoing description of the embodiments of the present invention has been presented in conjunction with the drawings, it should be understood that it is not intended to limit the scope of the invention, but rather, it is intended to cover all modifications or variations within the scope of the invention as defined by the claims of the present invention.
Claims (9)
1. The network intrusion detection method based on the multi-layer perception convolutional neural network is characterized by comprising the following steps of:
acquiring network flow data in a network environment to be tested;
classifying the network flow data by adopting the trained network intrusion detection model to obtain a recognition result of whether network intrusion exists or not;
the network intrusion detection model is constructed based on a multi-layer perception convolutional neural network, and the training process comprises the following steps: extracting feature graphs of different scales output by each layer of perception convolution layer from a training sample set, up-sampling and bilinear interpolation are carried out on the feature graphs of different scales to obtain feature graphs of uniform scales, the feature graphs of uniform scales are connected in series and fused to obtain multi-scale fusion features, and the network intrusion detection model is trained according to the multi-scale fusion features and classification labels of the training sample set;
the multi-layer perception convolutional neural network is based on the convolutional neural network, and an original traditional convolutional layer is changed into be combined with a multi-layer perceptron MLP, and the multi-layer perception convolutional neural network comprises four perception convolutional layers, four pooling layers, a multi-scale feature fusion layer and a softmax classifier.
2. The network intrusion detection method based on a multi-layer perceptual convolutional neural network of claim 1, wherein each perceptual convolutional layer comprises four two-dimensional convolutions, the convolution kernel sizes being 5*5, 5*5, 3*3, 3*3, respectively; the first three layers of the four pooling layers are the largest pooling layers, and the fourth layer is the global average pooling layer.
3. The network intrusion detection method based on the multi-layer perceptual convolutional neural network of claim 1, wherein the multi-scale feature fusion layer fuses feature graphs of uniform scale in series through a Concat function.
4. The network intrusion detection method based on a multi-layer perceptive convolutional neural network of claim 1, wherein the acquired network traffic data is preprocessed and converted into IDX format prior to classification and identification.
5. The network intrusion detection method based on a multi-layer perceptive convolutional neural network of claim 4, wherein the preprocessing process comprises: and carrying out flow segmentation, repeated flow cleaning, length unification and visualization on the network flow data to obtain a gray picture, and converting the gray picture into an IDX file.
6. The network intrusion detection method based on the multi-layer perceptive convolutional neural network according to claim 5, wherein in the length unification process, if the length of the network traffic data is greater than a set byte, the part exceeding the set byte is intercepted, and if the length is less than the set byte, the part is zero-padded later.
7. The network intrusion detection system based on the multi-layer perception convolutional neural network is characterized by comprising:
the data acquisition module is configured to acquire network traffic data in a network environment to be tested;
the intrusion detection module is configured to classify the network flow data by adopting the trained network intrusion detection model to obtain a recognition result of whether network intrusion exists or not;
the network intrusion detection model is constructed based on a multi-layer perception convolutional neural network, and the training process comprises the following steps: extracting feature graphs of different scales output by each layer of perception convolution layer from a training sample set, up-sampling and bilinear interpolation are carried out on the feature graphs of different scales to obtain feature graphs of uniform scales, the feature graphs of uniform scales are connected in series and fused to obtain multi-scale fusion features, and the network intrusion detection model is trained according to the multi-scale fusion features and classification labels of the training sample set;
the multi-layer perception convolutional neural network is based on the convolutional neural network, and an original traditional convolutional layer is changed into be combined with a multi-layer perceptron MLP, and the multi-layer perception convolutional neural network comprises four perception convolutional layers, four pooling layers, a multi-scale feature fusion layer and a softmax classifier.
8. An electronic device comprising a memory and a processor and computer instructions stored on the memory and running on the processor, which when executed by the processor, perform the method of any one of claims 1-6.
9. A computer readable storage medium storing computer instructions which, when executed by a processor, perform the method of any of claims 1-6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211519273.8A CN115865486B (en) | 2022-11-30 | 2022-11-30 | Network intrusion detection method and system based on multi-layer perception convolutional neural network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211519273.8A CN115865486B (en) | 2022-11-30 | 2022-11-30 | Network intrusion detection method and system based on multi-layer perception convolutional neural network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115865486A CN115865486A (en) | 2023-03-28 |
CN115865486B true CN115865486B (en) | 2024-04-09 |
Family
ID=85668209
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211519273.8A Active CN115865486B (en) | 2022-11-30 | 2022-11-30 | Network intrusion detection method and system based on multi-layer perception convolutional neural network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115865486B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116582301B (en) * | 2023-04-17 | 2024-02-02 | 华中科技大学 | Industrial control network abnormal flow detection method, system and computer readable storage medium based on Laplacian pyramid |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107070943A (en) * | 2017-05-05 | 2017-08-18 | 兰州理工大学 | Industry internet intrusion detection method based on traffic characteristic figure and perception Hash |
CN110351244A (en) * | 2019-06-11 | 2019-10-18 | 山东大学 | A kind of network inbreak detection method and system based on multireel product neural network fusion |
CN112839034A (en) * | 2020-12-29 | 2021-05-25 | 湖北大学 | Network intrusion detection method based on CNN-GRU hierarchical neural network |
CN113572742A (en) * | 2021-07-02 | 2021-10-29 | 燕山大学 | Network intrusion detection method based on deep learning |
CN114157513A (en) * | 2022-02-07 | 2022-03-08 | 南京理工大学 | Vehicle networking intrusion detection method and equipment based on improved convolutional neural network |
-
2022
- 2022-11-30 CN CN202211519273.8A patent/CN115865486B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107070943A (en) * | 2017-05-05 | 2017-08-18 | 兰州理工大学 | Industry internet intrusion detection method based on traffic characteristic figure and perception Hash |
CN110351244A (en) * | 2019-06-11 | 2019-10-18 | 山东大学 | A kind of network inbreak detection method and system based on multireel product neural network fusion |
CN112839034A (en) * | 2020-12-29 | 2021-05-25 | 湖北大学 | Network intrusion detection method based on CNN-GRU hierarchical neural network |
CN113572742A (en) * | 2021-07-02 | 2021-10-29 | 燕山大学 | Network intrusion detection method based on deep learning |
CN114157513A (en) * | 2022-02-07 | 2022-03-08 | 南京理工大学 | Vehicle networking intrusion detection method and equipment based on improved convolutional neural network |
Also Published As
Publication number | Publication date |
---|---|
CN115865486A (en) | 2023-03-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111917740B (en) | Abnormal flow alarm log detection method, device, equipment and medium | |
CN112003870A (en) | Network encryption traffic identification method and device based on deep learning | |
CN112333706B (en) | Internet of things equipment anomaly detection method and device, computing equipment and storage medium | |
CN110647896B (en) | Phishing page identification method based on logo image and related equipment | |
CN110245714B (en) | Image recognition method and device and electronic equipment | |
CN115865486B (en) | Network intrusion detection method and system based on multi-layer perception convolutional neural network | |
CN111177779B (en) | Database auditing method, device, electronic equipment and computer storage medium | |
CN112235314A (en) | Network flow detection method, device and equipment | |
CN112884121A (en) | Traffic identification method based on generation of confrontation deep convolutional network | |
CN110868419A (en) | Method and device for detecting WEB backdoor attack event and electronic equipment | |
CN114422271B (en) | Data processing method, device, equipment and readable storage medium | |
CN110647895A (en) | Phishing page identification method based on login frame image and related equipment | |
Yujie et al. | End-to-end android malware classification based on pure traffic images | |
Rumez et al. | Anomaly detection for automotive diagnostic applications based on N-grams | |
CN116127400B (en) | Sensitive data identification system, method and storage medium based on heterogeneous computation | |
CN112866279A (en) | Webpage security detection method, device, equipment and medium | |
CN115314268B (en) | Malicious encryption traffic detection method and system based on traffic fingerprint and behavior | |
CN115695002A (en) | Traffic intrusion detection method, apparatus, device, storage medium, and program product | |
CN114039765A (en) | Safety management and control method and device for power distribution Internet of things and electronic equipment | |
CN114398887A (en) | Text classification method and device and electronic equipment | |
CN114241253A (en) | Model training method, system, server and storage medium for illegal content identification | |
CN113888760A (en) | Violation information monitoring method, device, equipment and medium based on software application | |
CN115437813A (en) | Application program log analysis method and device | |
CN115996133B (en) | Industrial control network behavior detection method and related device | |
CN115150165B (en) | Flow identification method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |