CN117118745B - Network security dynamic early warning system based on deep learning - Google Patents
Network security dynamic early warning system based on deep learning Download PDFInfo
- Publication number
- CN117118745B CN117118745B CN202311360321.8A CN202311360321A CN117118745B CN 117118745 B CN117118745 B CN 117118745B CN 202311360321 A CN202311360321 A CN 202311360321A CN 117118745 B CN117118745 B CN 117118745B
- Authority
- CN
- China
- Prior art keywords
- network
- module
- deep learning
- early warning
- condition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013135 deep learning Methods 0.000 title claims abstract description 39
- 238000013178 mathematical model Methods 0.000 claims abstract description 29
- 238000000605 extraction Methods 0.000 claims abstract description 22
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 6
- 230000002159 abnormal effect Effects 0.000 claims description 5
- 230000000875 corresponding effect Effects 0.000 claims description 5
- 238000012544 monitoring process Methods 0.000 claims description 5
- 238000000034 method Methods 0.000 claims description 4
- 238000013528 artificial neural network Methods 0.000 claims description 3
- 238000013527 convolutional neural network Methods 0.000 claims description 3
- 230000002596 correlated effect Effects 0.000 claims description 3
- 125000004122 cyclic group Chemical group 0.000 claims description 3
- 238000007781 pre-processing Methods 0.000 claims description 3
- 239000000523 sample Substances 0.000 claims description 3
- 238000013136 deep learning model Methods 0.000 claims description 2
- 239000000284 extract Substances 0.000 claims description 2
- 238000005206 flow analysis Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 abstract description 10
- 230000007123 defense Effects 0.000 abstract description 5
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000001514 detection method Methods 0.000 abstract description 2
- 238000004458 analytical method Methods 0.000 description 5
- 238000011161 development Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 238000005336 cracking Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/044—Recurrent networks, e.g. Hopfield networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/0464—Convolutional networks [CNN, ConvNet]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/16—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Signal Processing (AREA)
- Artificial Intelligence (AREA)
- Computer Networks & Wireless Communication (AREA)
- Evolutionary Computation (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- General Physics & Mathematics (AREA)
- Molecular Biology (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of network security protection, and aims to solve the technical problem that the existing network defense means cannot adapt to changeable attack modes and cannot realize better network protection. The technical scheme disclosed by the invention is that the network security dynamic early warning system based on deep learning is characterized in that a feature extraction module is utilized to preprocess collected data, the features related to security threat are extracted, the extracted features are associated to obtain an associated mathematical model, then the associated mathematical model is trained by adopting a deep learning algorithm, and the associated features are learned and pattern-identified to obtain the mathematical model based on network security conditions and association conditions. The invention has the beneficial effects that the network environment can be monitored and analyzed in real time, the potential security threat can be automatically identified and the early warning can be sent out, the detection and identification capacity of the emerging network attack means can be improved and the network security risk can be reduced by applying the deep learning technology.
Description
Technical Field
The invention relates to the technical field of network safety protection, in particular to a network safety dynamic early warning system based on deep learning.
Background
With the continuous development of network technology and scale, network information security is a focus of common attention in countries around the world. Traditional network security defense technology mainly relies on rules and feature libraries, and is difficult to effectively detect and identify for emerging complex network attack means, and the disadvantages mainly comprise: on one hand, network illegal criminal activities such as information leakage, tampering, system intrusion and the like lack high-technology supervision means, and are not suitable for the development of network attack and defense technologies; on the other hand, the ubiquitous technology and management level of enterprises are limited, the network security protection capability is weak, and the website server becomes a 'disaster area' which is attacked.
The existing network attack technology has the following characteristics: with the continuous development of attack technology and the increasing of the number of loopholes, the traditional general loopholes assessment mode is more and more difficult to accurately reflect the danger level of the loopholes, and is mainly characterized in that the comprehensive score of part of high-risk loopholes is lower, and meanwhile, the phenomenon that the comprehensive score of part of low-risk loopholes is higher is also present. With the development of technologies such as big data analysis and threat information, a large number of new vulnerabilities, new attack modes and new utilization modes of old vulnerabilities are rapidly disclosed on the Internet. Meanwhile, new defense means also have influence on the utilization difficulty and utilization mode of the known loopholes. In general, the prior art still has difficulty in meeting the requirements of both attack and defense parties on real-time and accurate evaluation of attack success rate and attack income.
Disclosure of Invention
The invention aims to solve the problems and designs a network security dynamic early warning system based on deep learning.
The technical proposal for realizing the aim is that the network safety dynamic early warning system based on deep learning comprises a data acquisition module, a feature extraction module, a deep learning training module, an early warning module and a feedback module, and is characterized in that,
the data acquisition module is responsible for collecting network traffic data, security event information and related network data;
the feature extraction module is used for preprocessing the acquired data, extracting features related to security threat, and correlating the extracted features to obtain a correlated mathematical model;
the deep learning module trains an associated mathematical model by using a deep learning algorithm, learns and pattern-identifies the associated features, and further obtains the mathematical model based on the network security condition and the associated condition;
the early warning module judges the network security condition according to the output result of the mathematical model based on the network security condition and the association condition;
and the feedback module is responsible for recording the network security event and the early warning result which occur, archiving the data and forming a knowledge base.
The data acquisition module realizes real-time monitoring of network traffic by deploying data acquisition probes at key nodes of the network and transmits acquired data to the feature extraction module.
The feature extraction module extracting features related to security threats comprises: the method comprises the steps of network traffic characteristics, time sequence data, information abnormal browsing characteristics, password decoding operation, information traffic analysis operation and unauthorized data change, wherein the characteristics extraction module correlates the extracted characteristics related to the security threat according to the standards of passive threat, active threat and intentional threat.
The feature extraction module sets the association condition as G, the extracted feature as m and the identification value as L, and then establishes a feature association mathematical model related to the security threat as follows:
G=a 1 m 1 + a 2 m 2 + a 3 m 3 +……a n m n +L (1)
wherein a is 1 、a 2 、a 3 ……a n Is the occurrence coefficient.
And outputting a character string containing the characteristics and the identification values related to the security threat according to the change of the occurrence coefficient in the associated mathematical model by the association condition G, and transmitting the character string to the deep learning module.
The deep learning module trains the character strings output by the association condition G by adopting a convolutional neural network or a cyclic neural network to obtain a network security condition Y, and further obtains a mathematical model based on the network security condition Y and the association condition G:
Y = f(G, T)(2)
wherein f represents the relation between the association condition G and the network security condition Y, T is an early warning threshold value for judging whether the network security condition reaches an early warning level,
to further clarify the variables and parameters in the model, equation (2) can be expressed as follows:
Y =b 1 G 1 + b 2 G 2 + b 3 G 3 + ... + b n G n - T(3)
wherein b 1 ,b 2 ,b 3 , ...,b n Is the weight coefficient of the corresponding association status, G 1 , G 2 , G 3 ,... ,G n Is a code that associates condition G output strings in different time periods.
When the Y value output by the deep learning module is a positive value, the system has security threat, the early warning module is started, when the Y value output by the deep learning module is a negative value, the system has no threat, and the early warning module is not started.
And the early warning module sends out a signal of abnormal behavior or potential threat when the value of the received network security condition Y is positive, compares the value of Y with a preset early warning value, classifies the abnormal behavior or the potential threat according to the comparison condition, and classifies and disposes according to the classification.
The feedback module files the data and forms a knowledge base, and the deep learning module continuously perfects and optimizes the performance of the deep learning model through analysis of the historical data.
Compared with the prior art, the invention has the following beneficial effects:
1. according to the invention, the extracted features are associated by utilizing the feature extraction module to form a character string command formed by multiple data features, so that a dynamic monitoring effect of network data multi-feature linkage is formed, and then the association conditions of multiple time periods are trained by a deep learning technology to obtain a mathematical model based on network security conditions and association conditions, and the mathematical model can automatically identify and early warn network security threats, so that the defending efficiency is improved;
2. the invention monitors the characteristics of network flow and the like in real time and correlates the characteristics, so that the system has sensitivity and self-adaption capability to the emerging network attack means, and the accuracy and the rapidness of network early warning are further improved;
3. the invention can obviously improve the performance and accuracy of the early warning system through continuous learning and optimization of the feedback module, and is integrated with other network safety infrastructures to form a complete network safety protection system.
Drawings
FIG. 1 is a schematic flow diagram of a network security dynamic early warning system based on deep learning according to the present invention;
FIG. 2 is a dynamic early warning graph of embodiment 1 of the present invention.
Detailed Description
The present invention will be described in detail with reference to the accompanying drawings, as shown in fig. 1;
the network security dynamic early warning system based on deep learning comprises a data acquisition module, a feature extraction module, a deep learning training module, an early warning module and a feedback module, wherein the data acquisition module is responsible for collecting network traffic data, security event information and related network data; the feature extraction module is used for preprocessing the acquired data, extracting features related to security threat, and correlating the extracted features to obtain a correlated mathematical model; the deep learning module trains an associated mathematical model by using a deep learning algorithm, learns and pattern-identifies the associated features, and further obtains a mathematical model based on the network security condition and the associated condition; the early warning module judges the network security condition according to the output result of the mathematical model based on the network security condition and the association condition; the feedback module is responsible for recording the network security event and the early warning result which have occurred, archiving the data and forming a knowledge base.
The data acquisition module is used for realizing real-time monitoring of network flow in a mode of deploying data acquisition probes at key nodes of the network and transmitting acquired data to the feature extraction module.
The feature extraction module extracting features related to the security threat comprises: the method comprises the steps of network flow characteristics, time sequence data, information abnormal browsing characteristics, password decoding operation, information flow analysis operation and unauthorized data change, wherein a characteristic extraction module correlates extracted characteristics related to security threats according to passive threat, active threat and intentional threat standards; wherein, passive threat refers to: unauthorized disclosure of information without changing the system state, such as information theft, password cracking, information traffic analysis, etc., which threat does not result in any tampering with the information contained in the system, and the operation and state of the system are unchanged, but useful information may be stolen and used for illegal purposes; active threat refers to: intentional unauthorized changes to the state of the system, an unauthorized user inadvertently altering the routing table, is an example of an active threat, which may be security-related: intrusion, tampering information, charging and transmitting information, replay, etc.; intentional threats refer to: intentional, purposeful threats to computer systems can range from random detection with use of monitoring tools to elaborate attacks with special system knowledge. An intentional threat, if implemented, may be considered an attack, an artificial malicious attack, which is the greatest threat faced by computer networks.
The feature extraction module sets the association condition as G, the extracted feature as m and the identification value as L, and then establishes a feature association mathematical model related to the security threat as follows:
G=a 1 m 1 + a 2 m 2 + a 3 m 3 +……a n m n +L (1)
wherein a is 1 、a 2 、a 3 ……a n To generate coefficient a 1 、a 2 、a 3 ……a n The value of the occurrence coefficient a is determined according to the occurrence times of the extracted feature m in the set time period, and is 0 when the extracted feature does not occur in the set time period, and is 2 when the extracted feature occurs twice in the set time period; the value of the identification value L is (-1, 0 and 1), when the value of the identification value L is 0, the occurrence sequence and the frequency of the plurality of features m in the association condition G in the set time period are normal, when the value of the identification value L is 1, the occurrence sequence and the frequency of the plurality of features m in the association condition G in the set time period are normal, and when the value of the identification value L is-1, the occurrence sequence and the frequency of the plurality of features m in the association condition G in the set time period are abnormal.
The association condition G outputs a character string containing characteristics and identification values related to the security threat according to the change of the occurrence coefficient in the association mathematical model and transmits the character string to the deep learning module.
The deep learning module trains the character strings output by the association condition G by adopting a convolutional neural network or a cyclic neural network to obtain a network security condition Y, and further obtains a mathematical model based on the network security condition Y and the association condition G:
Y = f(G, T)(2)
wherein f represents the relation between the association condition G and the network security condition Y, T is an early warning threshold value for judging whether the network security condition reaches an early warning level,
to further clarify the variables and parameters in the model, equation (2) can be expressed as follows:
Y =b 1 G 1 + b 2 G 2 + b 3 G 3 + ... + b n G n - T(3)
wherein b 1 ,b 2 ,b 3 , ...,b n Is the weight coefficient of the corresponding association status, G 1 , G 2 , G 3 ,... ,G n Is a code of a character string outputted in association with the condition G in different periods of time.
In (3)b 1 G 1 + b 2 G 2 + b 3 G 3 + ... + b n G n When the value is larger than T, the Y value output by the deep learning module is positive, the system has security threat, the early warning module is started, and b in the formula (3) 1 G 1 + b 2 G 2 + b 3 G 3 + ... + b n G n And when the value is smaller than or equal to T, the Y value output by the deep learning module is a negative value, the system is not threatened, and the early warning module is not started.
And the early warning module sends out a signal of abnormal behavior or potential threat when the value of the received network security condition Y is positive, compares the value of Y with a preset early warning value, classifies the abnormal behavior or the potential threat according to the comparison condition, and classifies and disposes according to the classification.
Example 1:
as shown in fig. 2, the feature extraction module extracts features related to security threats including: network traffic characteristics (DATA), time Series DATA (TSDT), information anomaly browsing characteristics (IEB), cryptographic operations (CD), information traffic analysis operations (ITA), and Unauthorized DATA Changes (UDC); then a feature association mathematical model associated with the security threat is established as:
G 1 =5DATA + 2 TSDT + 2 IEB + 0CD+3TA+0 UDC +1
G 2 =3DATA + 1 TSDT + 0 IEB + 0CD+1TA+0 UDC +1
G 3 =2DATA + 1 TSDT + 1IEB + 0CD+1TA+0 UDC +1(1)
G 4 =6DATA + 4TSDT + 4 IEB + 0CD+2TA+0 UDC +1
G 5 =1DATA + 1TSDT + 0IEB + 0CD+1TA+0 UDC +1
since the time sequence of occurrence of a plurality of features in the feature-related mathematical model is normal and the frequency is higher than the set conventional parameters, G 1 、G 2 、G 3 、G 4 And G 5 The identification values L are 1, the occurrence sequence of a plurality of characteristics in the association condition G in a set time period is normal and the occurrence times are abnormal, and the method is characterized in that according to G 1 、G 2 、G 3 、G 4 And G 5 The output character string obtains a code of an expression state, wherein T is 552, and the code is then introduced into a mathematical model obtained through a deep learning module, and the specific contents are as follows:
Y =1x76+ 3x50 + 0.6x42 +0.3x95 + 0.5x33 - 552(3)
the Y value output by the deep learning module is a negative value, the system is not threatened, and the early warning module is not started.
It should be noted that, the features related to security threat extracted by the feature extraction module are not limited to the network traffic feature (DATA), time Series DATA (TSDT), information anomaly browsing feature (IEB), password deciphering operation (CD), information traffic analysis operation (ITA) and Unauthorized DATA Change (UDC) illustrated in embodiment 1, and the staff may increase the number of features according to the conditions of network structure factors, network protocol factors, regional factors, user factors, host factors, unit security policies and personnel factors, so as to improve the accuracy and adaptability of network dynamic protection, after the extracted features change, thecharacter string output by the association status G also changes, the corresponding codes also differ, and the corresponding threshold T also changes correspondingly.
The above technical solution only represents the preferred technical solution of the present invention, and some changes that may be made by those skilled in the art to some parts of the technical solution represent the principles of the present invention, and the technical solution falls within the scope of the present invention.
Claims (3)
1. The network safety dynamic early warning system based on deep learning comprises a data acquisition module, a feature extraction module, a deep learning module, an early warning module and a feedback module, and is characterized in that,
the data acquisition module is responsible for collecting network traffic data, security event information and related network data;
the feature extraction module is used for preprocessing the acquired data, extracting features related to security threat, and correlating the extracted features to obtain a correlated mathematical model;
the deep learning module trains an associated mathematical model by using a deep learning algorithm, learns and pattern-identifies the associated features, and further obtains the mathematical model based on the network security condition and the associated condition;
the early warning module judges the network security condition according to the output result of the mathematical model based on the network security condition and the association condition;
the feedback module is responsible for recording the network security event and the early warning result which occur, archiving the data and forming a knowledge base;
the data acquisition module realizes real-time monitoring of network traffic by deploying data acquisition probes at key nodes of the network and transmits acquired data to the feature extraction module, and the feature extraction module extracts features related to security threat, including: the method comprises the steps of network flow characteristics, time sequence data, information abnormal browsing characteristics, password decoding operation, information flow analysis operation and unauthorized data change, wherein a characteristic extraction module correlates extracted characteristics related to security threats according to passive threat, active threat and intentional threat standards;
the feature extraction module sets the association condition as G, the extracted feature as m, the identification value as L, and the L is used for identifying whether the occurrence sequence and the number of times of a plurality of features m in a set time period are normal, and then the feature association mathematical model related to the security threat is established as follows:
G=a 1 m 1 + a 2 m 2 + a 3 m 3 +……a n m n +L (1)
wherein a is 1 、a 2 、a 3 ……a n Is the occurrence coefficient;
the association condition G outputs a character string containing characteristics and identification values related to security threat according to the change of the occurrence coefficient in the association mathematical model and transmits the character string to the deep learning module, and the deep learning module trains the character string output by the association condition G by adopting a convolutional neural network or a cyclic neural network to obtain a network security condition Y, so as to obtain a mathematical model based on the network security condition Y and the association condition G:
Y = f(G, T)(2)
wherein f represents the relation between the association condition G and the network security condition Y, T is an early warning threshold value, and is used for judging whether the network security condition reaches an early warning level;
to further clarify the variables and parameters in the model, equation (2) is expressed as follows:
Y =b 1 G 1 + b 2 G 2 + b 3 G 3 + ... + b n G n - T(3)
wherein b 1 ,b 2 ,b 3 , ...,b n Is the weight coefficient of the corresponding association status, G 1 , G 2 , G 3 ,... ,G n Is the code of the associated condition G output character string in different time periods;
when the Y value output by the deep learning module is a positive value, the system has security threat, the early warning module is started, when the Y value output by the deep learning module is a negative value, the system has no threat, and the early warning module is not started.
2. The deep learning-based network security dynamic early warning system according to claim 1, wherein the early warning module sends out signals of abnormal behaviors or potential threats when receiving the value of the network security condition Y as positive, compares the value of Y with a preset early warning value, classifies the abnormal behaviors or potential threats according to the comparison condition, and classifies and disposes according to the classification.
3. The deep learning-based network security dynamic early warning system according to claim 2, wherein the feedback module files data and forms a knowledge base, and the deep learning module continuously perfects and optimizes the performance of the deep learning model by analyzing the historical data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311360321.8A CN117118745B (en) | 2023-10-20 | 2023-10-20 | Network security dynamic early warning system based on deep learning |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311360321.8A CN117118745B (en) | 2023-10-20 | 2023-10-20 | Network security dynamic early warning system based on deep learning |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117118745A CN117118745A (en) | 2023-11-24 |
| CN117118745B true CN117118745B (en) | 2024-01-05 |
Family
ID=88813112
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311360321.8A Active CN117118745B (en) | 2023-10-20 | 2023-10-20 | Network security dynamic early warning system based on deep learning |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117118745B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107547555A (en) * | 2017-09-11 | 2018-01-05 | 北京匠数科技有限公司 | A kind of web portal security monitoring method and device |
| CN108985361A (en) * | 2018-07-02 | 2018-12-11 | 北京金睛云华科技有限公司 | A kind of malicious traffic stream detection implementation method and device based on deep learning |
| CN109889476A (en) * | 2018-12-05 | 2019-06-14 | 国网冀北电力有限公司信息通信分公司 | A kind of network safety protection method and network security protection system |
| DE102019006356A1 (en) * | 2019-09-09 | 2021-03-11 | Endian Deutschland GmbH | System, process for the digital transformation of industrial systems |
| CN113688291A (en) * | 2021-08-24 | 2021-11-23 | 北京恒安嘉新安全技术有限公司 | Method and device for detecting abnormal behavior of streaming media network data |
| CN114422193A (en) * | 2021-12-23 | 2022-04-29 | 中国太平洋保险(集团)股份有限公司 | Botnet risk assessment method and device |
| CN115883236A (en) * | 2022-12-10 | 2023-03-31 | 国网福建省电力有限公司 | Power grid intelligent terminal cooperative attack monitoring system |
| WO2023142424A1 (en) * | 2022-01-25 | 2023-08-03 | 国网江苏省电力有限公司南京供电分公司 | Power financial service risk control method and system based on gru-lstm neural network |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6999884B2 (en) * | 2003-01-10 | 2006-02-14 | Oxford Biosignals Limited | Bearing anomaly detection and location |
-
2023
- 2023-10-20 CN CN202311360321.8A patent/CN117118745B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107547555A (en) * | 2017-09-11 | 2018-01-05 | 北京匠数科技有限公司 | A kind of web portal security monitoring method and device |
| CN108985361A (en) * | 2018-07-02 | 2018-12-11 | 北京金睛云华科技有限公司 | A kind of malicious traffic stream detection implementation method and device based on deep learning |
| CN109889476A (en) * | 2018-12-05 | 2019-06-14 | 国网冀北电力有限公司信息通信分公司 | A kind of network safety protection method and network security protection system |
| DE102019006356A1 (en) * | 2019-09-09 | 2021-03-11 | Endian Deutschland GmbH | System, process for the digital transformation of industrial systems |
| CN113688291A (en) * | 2021-08-24 | 2021-11-23 | 北京恒安嘉新安全技术有限公司 | Method and device for detecting abnormal behavior of streaming media network data |
| CN114422193A (en) * | 2021-12-23 | 2022-04-29 | 中国太平洋保险(集团)股份有限公司 | Botnet risk assessment method and device |
| WO2023142424A1 (en) * | 2022-01-25 | 2023-08-03 | 国网江苏省电力有限公司南京供电分公司 | Power financial service risk control method and system based on gru-lstm neural network |
| CN115883236A (en) * | 2022-12-10 | 2023-03-31 | 国网福建省电力有限公司 | Power grid intelligent terminal cooperative attack monitoring system |
Non-Patent Citations (4)
| Title |
|---|
| DeepGFL: Deep Feature Learning via Graph for Attack Detection on Flow-Based Network Traffic;Yepeng Yao等;2018 IEEE Military Communications Conference (MILCOM);全文 * |
| RBF神经网络用于发动机控制系统的故障诊断;李捷辉;江苏理工大学学报(05);全文 * |
| 基于机器学习算法的电力信息网络安全态势感知研究;张小飞等;电器与能效管理技术;参见第1-3节 * |
| 基于深度学习的恶意URL识别;陈康;付华峥;向勇;;计算机系统应用(06);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117118745A (en) | 2023-11-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yang et al. | Anomaly-based intrusion detection for SCADA systems | |
| CN101803337B (en) | Intrusion detection method and system | |
| Murali et al. | A survey on intrusion detection approaches | |
| Asif et al. | Network intrusion detection and its strategic importance | |
| Yu | A survey of anomaly intrusion detection techniques | |
| AU2020102142A4 (en) | Technique for multilayer protection from quantifiable vulnerabilities in industrial cyber physical system | |
| Stolfo et al. | Anomaly detection in computer security and an application to file system accesses | |
| Dhakar et al. | A novel data mining based hybrid intrusion detection framework | |
| CN110460611B (en) | Machine learning-based full-flow attack detection technology | |
| Bhati et al. | Intrusion detection technique using Coarse Gaussian SVM | |
| CN111784404B (en) | Abnormal asset identification method based on behavior variable prediction | |
| CN117478433A (en) | Network and information security dynamic early warning system | |
| Shahbaz Pervez et al. | A comparative analysis of artificial neural network technologies in intrusion detection systems | |
| CN117118745B (en) | Network security dynamic early warning system based on deep learning | |
| Agrawal et al. | A SURVEY ON ATTACKS AND APPROACHES OF INTRUSION DETECTION SYSTEMS. | |
| Zhao et al. | Research of intrusion detection system based on neural networks | |
| Nalavade et al. | Finding frequent itemsets using apriori algorithm to detect intrusions in large dataset | |
| Agrawal et al. | A review on various methods of intrusion detection system | |
| Abdel-Azim et al. | Performance analysis of artificial neural network intrusion detection systems | |
| Beng et al. | A comparative study of alert correlations for intrusion detection | |
| Liu et al. | Improved detection of user malicious behavior through log mining based on IHMM | |
| Ahmad et al. | Hybrid intrusion detection method to increase anomaly detection by using data mining techniques | |
| Deng et al. | Research on immune based adaptive intrusion detection system model | |
| Karthikeyan et al. | Classification Model for IDS Using Auto Cryptographic Denoising Technique. | |
| CN118200019A (en) | Network event safety monitoring method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |