CN117424740A - Intelligent network equipment service host safety management system based on deep learning - Google Patents
Intelligent network equipment service host safety management system based on deep learning Download PDFInfo
- Publication number
- CN117424740A CN117424740A CN202311437817.0A CN202311437817A CN117424740A CN 117424740 A CN117424740 A CN 117424740A CN 202311437817 A CN202311437817 A CN 202311437817A CN 117424740 A CN117424740 A CN 117424740A
- Authority
- CN
- China
- Prior art keywords
- module
- network
- deep learning
- sub
- adaptive
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013135 deep learning Methods 0.000 title claims abstract description 99
- 230000006399 behavior Effects 0.000 claims abstract description 111
- 238000004458 analytical method Methods 0.000 claims abstract description 81
- 238000012544 monitoring process Methods 0.000 claims abstract description 35
- 238000001514 detection method Methods 0.000 claims abstract description 27
- 238000013136 deep learning model Methods 0.000 claims abstract description 18
- 238000012549 training Methods 0.000 claims abstract description 17
- 238000012502 risk assessment Methods 0.000 claims abstract description 11
- 238000004088 simulation Methods 0.000 claims abstract description 9
- 239000003623 enhancer Substances 0.000 claims abstract description 7
- 238000007726 management method Methods 0.000 claims description 68
- 230000003044 adaptive effect Effects 0.000 claims description 29
- 238000000034 method Methods 0.000 claims description 28
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 16
- 230000002159 abnormal effect Effects 0.000 claims description 15
- 238000004891 communication Methods 0.000 claims description 14
- 238000005516 engineering process Methods 0.000 claims description 14
- 230000004044 response Effects 0.000 claims description 14
- 238000012795 verification Methods 0.000 claims description 14
- 230000008451 emotion Effects 0.000 claims description 13
- 238000000605 extraction Methods 0.000 claims description 13
- 238000011217 control strategy Methods 0.000 claims description 8
- 230000006870 function Effects 0.000 claims description 7
- 230000004927 fusion Effects 0.000 claims description 7
- 230000004224 protection Effects 0.000 claims description 7
- 230000009471 action Effects 0.000 claims description 6
- 238000007405 data analysis Methods 0.000 claims description 6
- 238000007689 inspection Methods 0.000 claims description 6
- 238000003062 neural network model Methods 0.000 claims description 6
- 230000001965 increasing effect Effects 0.000 claims description 5
- 210000004556 brain Anatomy 0.000 claims description 4
- 230000002708 enhancing effect Effects 0.000 claims description 4
- 238000011084 recovery Methods 0.000 claims description 4
- 230000008649 adaptation response Effects 0.000 claims description 3
- 230000035945 sensitivity Effects 0.000 claims description 3
- 230000000694 effects Effects 0.000 description 6
- 238000013528 artificial neural network Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000013459 approach Methods 0.000 description 3
- 238000007477 logistic regression Methods 0.000 description 3
- 210000002569 neuron Anatomy 0.000 description 3
- 230000004913 activation Effects 0.000 description 2
- 238000013527 convolutional neural network Methods 0.000 description 2
- 238000003066 decision tree Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000000513 principal component analysis Methods 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 238000013526 transfer learning Methods 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 244000035744 Hura crepitans Species 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000002547 anomalous effect Effects 0.000 description 1
- 230000008485 antagonism Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013501 data transformation Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000002245 particle Substances 0.000 description 1
- 238000003909 pattern recognition Methods 0.000 description 1
- 230000000306 recurrent effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012706 support-vector machine Methods 0.000 description 1
- 238000012731 temporal analysis Methods 0.000 description 1
- 238000000700 time series analysis Methods 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/213—Feature extraction, e.g. by transforming the feature space; Summarisation; Mappings, e.g. subspace methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/213—Feature extraction, e.g. by transforming the feature space; Summarisation; Mappings, e.g. subspace methods
- G06F18/2135—Feature extraction, e.g. by transforming the feature space; Summarisation; Mappings, e.g. subspace methods based on approximation criteria, e.g. principal component analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
- G06F18/2415—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on parametric or probabilistic models, e.g. based on likelihood ratio or false acceptance rate versus a false rejection rate
- G06F18/24155—Bayesian classification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/243—Classification techniques relating to the number of classes
- G06F18/24323—Tree-organised classifiers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/25—Fusion techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/042—Knowledge-based neural networks; Logical representations of neural networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/044—Recurrent networks, e.g. Hopfield networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/044—Recurrent networks, e.g. Hopfield networks
- G06N3/0442—Recurrent networks, e.g. Hopfield networks characterised by memory or gating, e.g. long short-term memory [LSTM] or gated recurrent units [GRU]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/0464—Convolutional networks [CNN, ConvNet]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/0475—Generative networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
- G06N3/094—Adversarial learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- General Engineering & Computer Science (AREA)
- Evolutionary Computation (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Molecular Biology (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Health & Medical Sciences (AREA)
- Evolutionary Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Probability & Statistics with Applications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an intelligent network equipment service host safety management system based on deep learning, which relates to the technical field of network safety systems and comprises a self-adaptive deep learning model training module, a data enhancer module, a model fine adjustment sub-module, a multi-dimensional network flow monitoring module, a deep packet detection sub-module, a device behavior analysis sub-module, a context-aware safety event identification module, a space-time context analysis sub-module, a user behavior modeling sub-module, a strategy recommendation execution module, a real-time risk assessment sub-module and a strategy simulation sub-module.
Description
Technical Field
The invention relates to the technical field of network security systems, in particular to an intelligent network equipment service host security management system based on deep learning.
Background
With the rapid development of the internet and the advancement of digital transformation, network security has become an important issue that various organizations and individuals must face. Conventional network security policies and approaches tend to be safeguarded based on fixed rules and known threat features, but as attack approaches become diverse and complex, these conventional approaches have been difficult to address current network security challenges.
An increasing network threat: in recent years, the number and complexity of network attacks have increased dramatically. From the luxo software to DDoS attacks, from social engineering to zero-day vulnerabilities, attackers continue to employ new technologies and strategies to bypass traditional security protections.
Dynamically changing network environment: in modern network environments, devices, applications, and services are constantly changing and updating. This makes the structure and traffic pattern of the network very complex, and conventional rule-based security policies are difficult to accommodate for this dynamic variation.
Big data and AI rise: with the development of big data technology, organizations and individuals are able to collect and process large amounts of network data. Meanwhile, artificial intelligence and deep learning technology are widely applied in the field of network security, and new possibilities are provided for network security analysis and decision making.
Against the background, we propose this technical solution, aiming at solving the following technical problems:
real-time network traffic monitoring is combined with deep learning: through the deep learning technology, network traffic can be more accurately identified and classified, and potential malicious behaviors can be timely found.
Training an adaptive model: in order to cope with dynamic changes of network environment, our system can automatically adjust and train the model according to real-time data, and ensure that the model always keeps high accuracy.
Context-aware security event identification: by considering the contextual information of network events, our system is able to more accurately identify true security threats, reducing false positives and false negatives.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides an intelligent network equipment service host safety management system based on deep learning, which solves the following problems:
1. real-time network traffic monitoring is combined with deep learning: through the deep learning technology, network traffic can be more accurately identified and classified, and potential malicious behaviors can be timely found.
2. Training an adaptive model: in order to cope with dynamic changes of network environment, our system can automatically adjust and train the model according to real-time data, and ensure that the model always keeps high accuracy.
3. Context-aware security event identification: by considering the contextual information of network events, our system is able to more accurately identify true security threats, reducing false positives and false negatives.
Technical proposal
In order to achieve the above purpose, the invention is realized by the following technical scheme: an intelligent network equipment service host safety management system based on deep learning comprises the following parts:
the self-adaptive deep learning model training module adopts a generation countermeasure network (GAN) structure for generating a network attack sample for enhancing the robustness of the model; the module further comprises:
a data enhancer module: the diversity of training data is increased by utilizing a data expansion technology;
model fine tuning submodule: the method is used for fine tuning the model by using a small amount of new data and adapting to a new environment;
the multi-dimensional network flow monitoring module is used for monitoring the traditional network flow and monitoring the communication mode, frequency and time sequence mode among the devices; the module further comprises:
deep packet inspection submodule: the method comprises the steps of acquiring the content of a network data packet, and identifying potential malicious behaviors and abnormal modes;
device behavior analysis sub-module: the device is used for performing deep learning analysis on the communication behavior of the device and identifying whether the device is infected by malicious software or controlled by a hacker;
the context-aware security event recognition module is used for carrying out security event recognition by combining user behaviors, equipment states and network environments; the module further comprises:
a space-time context analysis sub-module: the method comprises the steps of reading the time and place of occurrence of an event and the relation with other events, and carrying out event identification;
user behavior modeling module: the method comprises the steps of performing deep learning modeling on user behaviors, and identifying whether a user is performing malicious behaviors or is deceptively performed;
the strategy recommendation execution module recommends the optimal safety strategy according to the real-time situation; the module further comprises:
real-time risk assessment sub-module: according to the current network state and threat information, evaluating the security risk of the network in real time;
policy simulation sub-module: simulating and executing a security policy in the virtual environment;
preferably, the service host security management system further comprises: a deep learning identity verification module;
the deep learning identity verification module comprises:
the dynamic network topology identification module captures equipment and service changes in the network in real time and automatically updates the network topology; the module further comprises:
device fingerprint identification sub-module: analyzing the communication behavior, protocol and characteristics of the equipment through a deep learning algorithm, and identifying the type and function of the equipment;
service dependency analysis sub-module: through carrying out deep learning analysis on network traffic, identifying the dependency relationship between services;
the self-adaptive threat information collection module dynamically adjusts the collection strategy of threat information according to the current network environment and threat situation; the module further comprises:
threat intelligence source assessment submodule: the reliability and timeliness of threat information sources are evaluated through a deep learning algorithm;
threat information fusion sub-module: fusing threat intelligence from different sources;
the real-time user emotion state monitoring module is used for analyzing the emotion state of the user, adjusting the safety strategy and internally arranging brain wave mode analysis and deep learning emotion analysis algorithms.
Preferably, the host security management system further includes a deep learning identity verification module, the deep learning identity verification module includes:
the self-adaptive flow control module dynamically adjusts the flow control strategy according to the network state and the security strategy; the module further comprises:
flow classification sub-module: classifying network traffic through a deep learning algorithm, and identifying normal traffic, malicious traffic and unknown traffic;
traffic priority adjustment sub-module: dynamically adjusting the priority of the flow according to the classification result and the security policy of the flow;
the self-adaptive intrusion detection module dynamically adjusts an intrusion detection strategy according to the network environment and the threat situation; the module further comprises:
a pattern matching sub-module: performing pattern matching on network traffic through a deep learning algorithm, and identifying a known attack pattern;
an anomaly detection sub-module: performing anomaly detection on network traffic through a deep learning algorithm, and identifying an unknown attack mode;
an adaptive deep learning model for continuous learning and model updating, the adaptive deep learning model being used to dynamically adjust to the biometric characteristics and changes of a user.
Preferably, the host security management system further comprises an adaptive access control module, and the adaptive access control module dynamically adjusts an access control policy according to user behaviors and a network environment; the module further comprises:
user behavior analysis sub-module: analyzing the access behaviors of the user through a deep learning algorithm, and identifying normal and abnormal access modes;
an access right adjustment sub-module: dynamically adjusting the access rights of the user according to the result of the user behavior analysis;
the self-adaptive data protection module can dynamically adjust a data protection strategy according to the sensitivity and the access mode of the data; the module further comprises:
a data classification sub-module: classifying the data through a deep learning algorithm, and identifying sensitive data and non-sensitive data;
and a data encryption sub-module: and dynamically selecting a proper encryption algorithm according to the classification result of the data.
Preferably, the host security management system further comprises an adaptive threat response module, wherein the adaptive threat response module dynamically adjusts a threat response strategy according to the severity of the threat and the network environment; the module further comprises:
threat assessment sub-module: evaluating the severity of the threat through a deep learning algorithm;
and responding to the strategy selection submodule: dynamically selecting a proper response strategy according to the threat assessment result;
the self-adaptive log management module can dynamically adjust log collection and analysis strategies according to network states and security strategies; the module further comprises:
a log classification sub-module: classifying the logs by a deep learning algorithm, and identifying key logs and non-key logs;
a log analysis sub-module: and carrying out deep analysis on the classified logs to identify potential security threats.
Preferably, the host security management system further comprises an adaptive flow monitoring module, and the adaptive flow monitoring module dynamically adjusts a flow monitoring strategy according to the characteristics and the behavior mode of the network flow; the module further comprises:
and a flow characteristic extraction sub-module: extracting characteristics of network traffic through a deep learning algorithm, and identifying normal and abnormal traffic modes;
flow behavior analysis sub-module: the method is used for carrying out deep analysis on the extracted flow characteristics and detecting network attack or abnormal behaviors in real time;
and the self-adaptive flow control module dynamically adjusts the network flow control strategy according to the flow behavior analysis result.
Preferably, the host security management system further comprises an adaptive device identification module, and the adaptive device identification module dynamically adjusts a device identification policy according to characteristics and a behavior mode of the network device; the module further comprises:
and the equipment characteristic extraction submodule: extracting the characteristics of the network equipment through a deep learning algorithm;
device behavior analysis sub-module: deep analysis is carried out on the extracted equipment characteristics, and abnormal behaviors or potential threats of the equipment are detected in real time;
and the self-adaptive device management module can dynamically adjust the device management strategy according to the device behavior analysis result.
Preferably, the host security management system further comprises an adaptive threat prediction module, wherein the adaptive threat prediction module adopts a deep learning algorithm to learn past network attacks and abnormal behavior data and predicts possible threats and attacks in the future; the module further comprises:
historical data analysis submodule: analyzing historical network attack and abnormal behavior data, and extracting key features;
threat prediction sub-module: based on the result of the historical data analysis, predicting future threats and attacks by using a deep neural network model;
and the prediction result feedback module is used for automatically adjusting the security policy of the system according to the threat prediction result.
Preferably, the host security management system further comprises a self-adaptive user behavior analysis module, wherein the self-adaptive user behavior analysis module monitors and analyzes the network behavior of the user in real time through a deep learning algorithm, and identifies abnormal or malicious user behaviors; the module further comprises:
and a user behavior characteristic extraction sub-module: extracting characteristics of network behavior data of a user;
abnormal behavior detection sub-module: based on the extracted user behavior characteristics, detecting abnormal or malicious user behaviors in real time by using a deep learning model;
and the user behavior management module automatically executes a corresponding security policy according to the result of the user behavior analysis.
Preferably, the host security management system further includes an adaptive traffic monitoring and management module, which uses a deep learning algorithm to monitor and analyze network traffic in real time, for identifying potential DDoS attacks, botnet traffic, or other malicious traffic. The module further comprises:
and a flow characteristic extraction sub-module: deep analysis is carried out on the data packets entering and exiting the network, and key flow characteristics are extracted;
malicious traffic detection submodule: based on the extracted flow characteristics, detecting and classifying malicious flows in real time by using a deep neural network model;
traffic management sub-module: according to the malicious flow detection result, automatically executing a corresponding flow management strategy;
adaptive response and recovery module: the module can automatically take responsive action when the system detects malicious traffic or attacks.
Advantageous effects
The invention provides an intelligent network equipment service host safety management system based on deep learning. The beneficial effects are as follows:
1. according to the invention, the real-time network flow monitoring and the deep learning are combined, and the network data packet is captured in real time and classified by using the deep learning model, so that the system can timely identify potential malicious flow and attack behaviors, the network safety is improved, the dependence on a network manager is reduced, and the network safety management is more automatic.
2. According to the self-adaptive model training method, the accuracy of the model is improved, the system can conduct fine adjustment on the model according to the network data captured in real time, the model is enabled to be more suitable for the current network environment and threat, the model is guaranteed to still have high accuracy when facing new attack means and strategies, and therefore the overall safety of the network is improved.
3. The context-aware security event recognition enhances event analysis, and by considering the time-space relationship and user behavior of the events, the system can more accurately recognize real security events and reduce false alarm and missing report, thereby not only improving the accuracy of event recognition, but also providing more detailed and useful event information for network administrators and helping them to better understand and cope with security events.
4. The strategy simulation and the real-time risk assessment ensure the effectiveness of the strategy, and before the safety strategy is deployed, the system simulates the execution strategy in the virtual environment and predicts the effect of the strategy, so that the deployed strategy is ensured to be effective, the potential risk caused by strategy errors is reduced, and in addition, the real-time risk assessment provides immediate network safety condition feedback for network administrators, so that the network administrators can make more intelligent decisions.
Detailed Description
The technical solutions of the embodiments of the present invention will be clearly and completely described below in conjunction with the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
First embodiment:
the intelligent network equipment service host safety management system based on deep learning adopts a series of advanced technologies to ensure the safety of the network. Firstly, an adaptive deep learning model training module in the system generates a network attack sample by adopting a generation countermeasure network (GAN) structure, so that the robustness of the model is enhanced. The data enhancer module increases the diversity of training data through a data expansion technology, and the model fine adjustment sub-module carries out fine adjustment on the model by using a small amount of new data so as to adapt to the new environment. In addition, the multidimensional network flow monitoring module monitors the traditional network flow, the deep packet inspection sub-module acquires network data packet content and identifies potential malicious behaviors, and the equipment behavior analysis sub-module analyzes the communication behaviors of the equipment and judges whether the equipment is infected by malicious software or not.
On the basis, the context-aware security event recognition module performs security event recognition in combination with user behavior, device state and network environment. The time-space context analysis submodule reads the time and place of occurrence of the event and carries out event identification on the relationship with other events, and the user behavior modeling submodule carries out deep learning modeling on the user behavior to judge whether the user carries out malicious behavior or is deception. The policy recommendation execution module recommends the optimal security policy according to the real-time situation, the real-time risk assessment sub-module assesses the security risk of the network according to the current network state and threat information, and the policy simulation sub-module simulates and executes the security policy in the virtual environment.
Finally, the host safety management system also comprises a deep learning identity verification module, and the dynamic network topology identification module captures equipment and service changes in the network in real time and automatically updates the network topology. The device fingerprint recognition submodule analyzes the communication behavior, protocol and characteristics of the device through a deep learning algorithm and recognizes the type and function of the device. The service dependency analysis sub-module identifies the dependency relationship between services through deep learning analysis of network traffic. In addition, the self-adaptive threat information collection module dynamically adjusts the threat information collection strategy according to the current network environment and the threat situation, the threat information source evaluation sub-module evaluates the reliability and timeliness of the threat information source, and the threat information fusion sub-module fuses the threat information from different sources.
An intelligent network equipment service host safety management system based on deep learning comprises the following parts: an adaptive deep learning model training module,
data expansion technology such as random rotation, clipping, noise injection, etc. There are no specific formulas, but a variety of data transformation techniques are involved. By applying various stochastic transformations to the raw data, more training samples can be generated, enhancing the generalization ability of the model. Model fine tuning submodule, algorithm Transfer Learning. Using a pre-trained model as a basis, and then performing fine tuning on new data to adapt to new tasks or environments, adopting a generated countermeasure network (GAN) structure for generating a network attack sample for enhancing the robustness of the model; the module further comprises: a data enhancer module: the diversity of training data is increased by utilizing a data expansion technology; model fine tuning submodule: the method is used for fine tuning the model by using a small amount of new data and adapting to a new environment; the multi-dimensional network flow monitoring module is used for monitoring the traditional network flow and monitoring the communication mode, frequency and time sequence mode among the devices; the module further comprises: deep packet inspection submodule: the method comprises the steps of acquiring the content of a network data packet, and identifying potential malicious behaviors and abnormal modes; device behavior analysis sub-module: the device is used for performing deep learning analysis on the communication behavior of the device and identifying whether the device is infected by malicious software or controlled by a hacker;
the multi-dimensional network flow monitoring module comprises a deep packet detection sub-module and a deep learning classifier.
Formula f (x) =σ (wx+b),
where σ is the activation function. Deep learning classification is performed on the network data packet content to identify potentially malicious behavior. Is provided with
By analyzing the communication sequence of the device, it can be identified whether the device is infected with malware. The context-aware security event recognition module is used for carrying out security event recognition by combining user behaviors, equipment states and network environments; the module further comprises: a space-time context analysis sub-module: the method comprises the steps of reading the time and place of occurrence of an event and the relation with other events, and carrying out event identification; user behavior modeling module: the method comprises the steps of performing deep learning modeling on user behaviors, and identifying whether a user is performing malicious behaviors or is deceptively performed; the strategy recommendation execution module recommends the optimal safety strategy according to the real-time situation; the module further comprises: real-time risk assessment sub-module: according to the current network state and threat information, evaluating the security risk of the network in real time; policy simulation sub-module: simulating and executing a security policy in the virtual environment; the service host security management system further includes: a deep learning identity verification module; the deep learning identity verification module comprises: the dynamic network topology identification module captures equipment and service changes in the network in real time and automatically updates the network topology; the module further comprises: device fingerprint identification sub-module: analyzing the communication behavior, protocol and characteristics of the equipment through a deep learning algorithm, and identifying the type and function of the equipment; service dependency analysis sub-module: through carrying out deep learning analysis on network traffic, identifying the dependency relationship between services; the self-adaptive threat information collection module dynamically adjusts the collection strategy of threat information according to the current network environment and threat situation; the module further comprises: threat intelligence source assessment submodule: the reliability and timeliness of threat information sources are evaluated through a deep learning algorithm; threat information fusion sub-module: fusing threat intelligence from different sources; the real-time user emotion state monitoring module is used for analyzing the emotion state of the user, adjusting the safety strategy and internally arranging brain wave mode analysis and deep learning emotion analysis algorithms. The host safety management system also comprises a deep learning identity verification module, wherein the deep learning identity verification module comprises: the self-adaptive flow control module dynamically adjusts the flow control strategy according to the network state and the security strategy; the module further comprises: flow classification sub-module: classifying network traffic through a deep learning algorithm, and identifying normal traffic, malicious traffic and unknown traffic; traffic priority adjustment sub-module: dynamically adjusting the priority of the flow according to the classification result and the security policy of the flow; the self-adaptive intrusion detection module dynamically adjusts an intrusion detection strategy according to the network environment and the threat situation; the module further comprises: a pattern matching sub-module: performing pattern matching on network traffic through a deep learning algorithm, and identifying a known attack pattern; an anomaly detection sub-module: performing anomaly detection on network traffic through a deep learning algorithm, and identifying an unknown attack mode; the adaptive deep learning model is used for continuous learning and model updating, and is used for dynamically adjusting the biological characteristics and changes of the adaptive user. The host safety management system further comprises an adaptive access control module, and the adaptive access control module dynamically adjusts an access control strategy according to user behaviors and a network environment; the module further comprises: user behavior analysis sub-module: analyzing the access behaviors of the user through a deep learning algorithm, and identifying normal and abnormal access modes; an access right adjustment sub-module: dynamically adjusting the access rights of the user according to the result of the user behavior analysis; the self-adaptive data protection module can dynamically adjust a data protection strategy according to the sensitivity and the access mode of the data; the module further comprises: a data classification sub-module: classifying the data through a deep learning algorithm, and identifying sensitive data and non-sensitive data; and a data encryption sub-module: and dynamically selecting a proper encryption algorithm according to the classification result of the data. The host security management system further comprises a self-adaptive threat response module, wherein the self-adaptive threat response module dynamically adjusts a threat response strategy according to the severity of the threat and the network environment; the module further comprises: threat assessment sub-module: evaluating the severity of the threat through a deep learning algorithm; and responding to the strategy selection submodule: dynamically selecting a proper response strategy according to the threat assessment result; the self-adaptive log management module can dynamically adjust log collection and analysis strategies according to network states and security strategies; the module further comprises: a log classification sub-module: classifying the logs by a deep learning algorithm, and identifying key logs and non-key logs; a log analysis sub-module: and carrying out deep analysis on the classified logs to identify potential security threats. The host safety management system further comprises a self-adaptive flow monitoring module, and the self-adaptive flow monitoring module dynamically adjusts a flow monitoring strategy according to the characteristics and the behavior mode of the network flow; the module further comprises: and a flow characteristic extraction sub-module: extracting characteristics of network traffic through a deep learning algorithm, and identifying normal and abnormal traffic modes; flow behavior analysis sub-module: the method is used for carrying out deep analysis on the extracted flow characteristics and detecting network attack or abnormal behaviors in real time; and the self-adaptive flow control module dynamically adjusts the network flow control strategy according to the flow behavior analysis result. The host safety management system further comprises a self-adaptive equipment identification module, and the self-adaptive equipment identification module dynamically adjusts equipment identification strategies according to the characteristics and the behavior modes of the network equipment; the module further comprises: and the equipment characteristic extraction submodule: extracting the characteristics of the network equipment through a deep learning algorithm; device behavior analysis sub-module: deep analysis is carried out on the extracted equipment characteristics, and abnormal behaviors or potential threats of the equipment are detected in real time; and the self-adaptive device management module can dynamically adjust the device management strategy according to the device behavior analysis result. The host security management system further comprises a self-adaptive threat prediction module, wherein the self-adaptive threat prediction module adopts a deep learning algorithm to learn past network attacks and abnormal behavior data and predicts possible threats and attacks in the future; the module further comprises: historical data analysis submodule: analyzing historical network attack and abnormal behavior data, and extracting key features; threat prediction sub-module: based on the result of the historical data analysis, predicting future threats and attacks by using a deep neural network model; and the prediction result feedback module is used for automatically adjusting the security policy of the system according to the threat prediction result. The host safety management system further comprises a self-adaptive user behavior analysis module, wherein the self-adaptive user behavior analysis module monitors and analyzes the network behavior of the user in real time through a deep learning algorithm, and identifies abnormal or malicious user behaviors; the module further comprises: and a user behavior characteristic extraction sub-module: extracting characteristics of network behavior data of a user; abnormal behavior detection sub-module: based on the extracted user behavior characteristics, detecting abnormal or malicious user behaviors in real time by using a deep learning model; and the user behavior management module automatically executes a corresponding security policy according to the result of the user behavior analysis. The host security management system further comprises an adaptive traffic monitoring and management module which uses a deep learning algorithm to monitor and analyze network traffic in real time for identifying potential DDoS attacks, botnet traffic or other malicious traffic. The module further comprises: and a flow characteristic extraction sub-module: deep analysis is carried out on the data packets entering and exiting the network, and key flow characteristics are extracted; malicious traffic detection submodule: based on the extracted flow characteristics, detecting and classifying malicious flows in real time by using a deep neural network model; traffic management sub-module: according to the malicious flow detection result, automatically executing a corresponding flow management strategy; adaptive response and recovery module: the module can automatically take responsive action when the system detects malicious traffic or attacks.
3. And the context-aware security event identification module comprises a space-time context analysis submodule and a correlation rule learning submodule, wherein the correlation rule learning submodule or the frequent pattern mining submodule can be used for more accurately identifying the security event by analyzing the space-time relation of the event. User behavior modeling submodule
Behavior pattern recognition, such as hidden Markov models. Transition and emission probabilities of HMMs.
By modeling the behavior sequence of the user, it is possible to identify whether malicious or abnormal behavior exists.
The strategy recommendation execution module is used for carrying out real-time risk assessment on the sub-module:
risk scoring algorithms such as logistic regression or decision trees.
The formula of logistic regression is
And calculating the real-time risk score of the network according to the current network state and threat information. And simulating a virtual environment by a strategy simulation sub-module.
There is no specific formula but it involves the creation of a simulated environment and the execution of policies.
The security policy is simulated in the virtual environment to predict its effectiveness.
The self-adaptive deep learning model training module:
an antagonism network (GAN) structure is generated using a generator and a arbiter. The generator attempts to create dummy data that looks like real data, while the arbiter attempts to distinguish between real and dummy data. In this way, the model may generate more samples of network attacks.
The data enhancer module uses rotation, scaling, clipping, etc. techniques to increase the diversity of the training data.
And the model fine tuning sub-module uses a transfer learning technology to carry out fine tuning on new data by a pre-trained model.
A multi-dimensional network traffic monitoring module:
deep packet inspection sub-module uses a deep learning model, such as Convolutional Neural Network (CNN), to analyze the content of network data packets.
And the device behavior analysis submodule is used for analyzing the communication behavior of the device by using a Recurrent Neural Network (RNN) or a long-short-time memory network (LSTM).
A context-aware security event identification module:
a temporal-spatial context analysis sub-module analyzes a temporal-spatial context of an event using time-series analysis and Geographic Information System (GIS) techniques.
The user behavior modeling sub-module models user behavior using a self-encoder or a variant self-encoder.
The strategy recommendation execution module:
the real-time risk assessment sub-module uses a bayesian network or decision tree to assess the security risk of the network.
And the strategy simulation sub-module simulates and executes the security strategy in the sandbox environment to ensure that no negative influence is caused.
Deep learning identity verification module:
a dynamic network topology identification module captures device and service changes in a network using a Graph Neural Network (GNN).
The device fingerprint identification sub-module uses feature engineering and clustering algorithms to identify the type and function of the device.
The self-adaptive threat information collection module is used for:
the threat intelligence source assessment sub-module uses a reputation scoring system to assess the reliability of threat intelligence sources.
Threat intelligence fusion sub-module, fusion of threat intelligence from different sources using data fusion techniques such as Kalman filters or particle filters.
And the real-time user emotion state monitoring module is used for analyzing the emotion state of the user by using an emotion analysis technology and combining brain wave pattern analysis and deep learning emotion analysis algorithm.
And the self-adaptive flow monitoring and management module is as follows:
flow feature extraction sub-module extracting key flow features using feature selection techniques such as Principal Component Analysis (PCA) or t-SNE.
Malicious traffic detection sub-module using anomaly detection algorithms, such as isolated forests or a class of SVMs, to detect malicious traffic.
And the self-adaptive response and recovery module automatically takes response measures according to the detected malicious traffic or attack by using a decision support system and expert system technology.
Specific embodiment II:
the technical content is further disclosed as follows:
generation of countermeasure network (GAN)
The formula:the explanation is that GAN consists of two parts: a generator (G) and a discriminator (D). The generator attempts to produce a false data sample and the above formula describes this countermeasure relationship, where D (x) is the arbiter's pre-prediction of the true data xMeasuring, and G (z) is the depth of birth neural network (DNN)
Formula f (x) =σ (wx+b)
The explanation is that a neuron model, where f (x) is the output of the neuron, σ is the activation function, W is the weight, b is biased in a deep neural network, and a plurality of such neuron layers crowned constitute a complex model.
Abnormality detection
The formula:
interpretation that this is a logistic regression model for classifying problems. In anomaly detection, it can be used to predict whether network traffic or user behavior is anomalous. Where S (x) is the anomaly probability for a given input x,
third embodiment:
the further disclosed technical scheme is as follows:
SP1, initializing system configuration and parameters;
sp1.1, loading a pre-trained deep learning model;
sp1.2 sets a network flow monitoring parameter;
SP2, starting multidimensional network traffic monitoring;
sp2.1 captures real-time network data packets;
sp2.2 uses the deep packet inspection submodule to classify the data packet;
SP3, performing self-adaptive deep learning model training on the captured network data packet;
sp3.1 uses a data enhancer module to expand the original data;
sp3.2 fine-tunes the pre-trained model using a model fine-tuning sub-module;
SP4, analyzing equipment behaviors;
sp4.1, analyzing the communication sequence of the equipment;
sp4.2 uses a sequence model (e.g., LSTM) to identify potential malicious behavior;
SP5, carrying out context-aware security event identification;
sp5.1 uses a space-time context analysis sub-module to analyze the space-time relationship of events;
sp5.2 uses the user behavior to build the module of the mould to model and analyze the user behavior;
SP6, performing real-time risk assessment on the identified security event;
sp6.1 calculates a real-time risk score of the network using a real-time risk assessment submodule;
SP7, performing strategy recommendation according to the risk score;
sp7.1 uses a strategy simulation sub-module to simulate and execute recommended security strategies in a virtual environment;
sp7.2 predicts the effect of policy enforcement;
SP8, executing recommended security policies;
sp8.1 deploys and implements recommended policies in the actual environment;
sp8.2 monitors the effect of policy enforcement;
SP9, feeding back and adjusting according to the executing effect of the strategy;
sp9.1 if the strategy is good, continuing to monitor;
sp9.2 if the strategy effect is bad, returning to SP3 for model training and adjustment;
SP10, periodically updating and maintaining the system;
sp10.1 periodically checks the running state of the system;
sp10.2 updates the model and policies to accommodate new threats and environments.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a reference structure" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. The intelligent network equipment service host computer safety management system based on deep learning is characterized in that: comprises the following parts:
the self-adaptive deep learning model training module adopts a generation countermeasure network (GAN) structure for generating a network attack sample for enhancing the robustness of the model; the module further comprises:
a data enhancer module: the diversity of training data is increased by utilizing a data expansion technology;
model fine tuning submodule: the method is used for fine tuning the model by using a small amount of new data and adapting to a new environment;
the multi-dimensional network flow monitoring module is used for monitoring the traditional network flow and monitoring the communication mode, frequency and time sequence mode among the devices; the module further comprises:
deep packet inspection submodule: the method comprises the steps of acquiring the content of a network data packet, and identifying potential malicious behaviors and abnormal modes;
device behavior analysis sub-module: the device is used for performing deep learning analysis on the communication behavior of the device and identifying whether the device is infected by malicious software or controlled by a hacker;
the context-aware security event recognition module is used for carrying out security event recognition by combining user behaviors, equipment states and network environments; the module further comprises:
a space-time context analysis sub-module: the method comprises the steps of reading the time and place of occurrence of an event and the relation with other events, and carrying out event identification;
user behavior modeling module: the method comprises the steps of performing deep learning modeling on user behaviors, and identifying whether a user is performing malicious behaviors or is deceptively performed;
the strategy recommendation execution module recommends the optimal safety strategy according to the real-time situation; the module further comprises:
real-time risk assessment sub-module: according to the current network state and threat information, evaluating the security risk of the network in real time;
policy simulation sub-module: the security policy is enforced in a virtual environment.
2. The intelligent network equipment service host safety management system based on deep learning of claim 1, characterized in that: the service host security management system further includes: a deep learning identity verification module;
the deep learning identity verification module comprises:
the dynamic network topology identification module captures equipment and service changes in the network in real time and automatically updates the network topology; the module further comprises:
device fingerprint identification sub-module: analyzing the communication behavior, protocol and characteristics of the equipment through a deep learning algorithm, and identifying the type and function of the equipment;
service dependency analysis sub-module: through carrying out deep learning analysis on network traffic, identifying the dependency relationship between services;
the self-adaptive threat information collection module dynamically adjusts the collection strategy of threat information according to the current network environment and threat situation; the module further comprises:
threat intelligence source assessment submodule: the reliability and timeliness of threat information sources are evaluated through a deep learning algorithm;
threat information fusion sub-module: fusing threat intelligence from different sources;
the real-time user emotion state monitoring module is used for analyzing the emotion state of the user, adjusting the safety strategy and internally arranging brain wave mode analysis and deep learning emotion analysis algorithms.
3. The intelligent network equipment service host safety management system based on deep learning of claim 1, characterized in that: the host safety management system also comprises a deep learning identity verification module, wherein the deep learning identity verification module comprises:
the self-adaptive flow control module dynamically adjusts the flow control strategy according to the network state and the security strategy; the module further comprises:
flow classification sub-module: classifying network traffic through a deep learning algorithm, and identifying normal traffic, malicious traffic and unknown traffic;
traffic priority adjustment sub-module: dynamically adjusting the priority of the flow according to the classification result and the security policy of the flow;
the self-adaptive intrusion detection module dynamically adjusts an intrusion detection strategy according to the network environment and the threat situation; the module further comprises:
a pattern matching sub-module: performing pattern matching on network traffic through a deep learning algorithm, and identifying a known attack pattern;
an anomaly detection sub-module: performing anomaly detection on network traffic through a deep learning algorithm, and identifying an unknown attack mode;
an adaptive deep learning model for continuous learning and model updating, the adaptive deep learning model being used to dynamically adjust to the biometric characteristics and changes of a user.
4. The deep learning-based intelligent network device service hosting security management system of claim 1, wherein: the host security management system further comprises an adaptive access control module, wherein the adaptive access control module dynamically adjusts an access control strategy according to user behaviors and a network environment; the module further comprises:
user behavior analysis sub-module: analyzing the access behaviors of the user through a deep learning algorithm, and identifying normal and abnormal access modes;
an access right adjustment sub-module: dynamically adjusting the access rights of the user according to the result of the user behavior analysis;
the self-adaptive data protection module can dynamically adjust a data protection strategy according to the sensitivity and the access mode of the data; the module further comprises:
a data classification sub-module: classifying the data through a deep learning algorithm, and identifying sensitive data and non-sensitive data;
and a data encryption sub-module: and dynamically selecting a proper encryption algorithm according to the classification result of the data.
5. The deep learning-based intelligent network device service hosting security management system of claim 1, wherein: the host security management system further comprises an adaptive threat response module, wherein the adaptive threat response module dynamically adjusts a threat response strategy according to the severity of the threat and the network environment; the module further comprises:
threat assessment sub-module: evaluating the severity of the threat through a deep learning algorithm;
and responding to the strategy selection submodule: dynamically selecting a proper response strategy according to the threat assessment result;
the self-adaptive log management module can dynamically adjust log collection and analysis strategies according to network states and security strategies; the module further comprises:
a log classification sub-module: classifying the logs by a deep learning algorithm, and identifying key logs and non-key logs;
a log analysis sub-module: and carrying out deep analysis on the classified logs to identify potential security threats.
6. The deep learning-based intelligent network device service hosting security management system of claim 1, wherein: the host safety management system further comprises a self-adaptive flow monitoring module, wherein the self-adaptive flow monitoring module dynamically adjusts a flow monitoring strategy according to the characteristics and the behavior mode of the network flow; the module further comprises:
and a flow characteristic extraction sub-module: extracting characteristics of network traffic through a deep learning algorithm, and identifying normal and abnormal traffic modes;
flow behavior analysis sub-module: the method is used for carrying out deep analysis on the extracted flow characteristics and detecting network attack or abnormal behaviors in real time;
and the self-adaptive flow control module dynamically adjusts the network flow control strategy according to the flow behavior analysis result.
7. The deep learning-based intelligent network device service hosting security management system of claim 1, wherein: the host safety management system further comprises a self-adaptive equipment identification module, wherein the self-adaptive equipment identification module dynamically adjusts equipment identification strategies according to the characteristics and the behavior mode of the network equipment; the module further comprises:
and the equipment characteristic extraction submodule: extracting the characteristics of the network equipment through a deep learning algorithm;
device behavior analysis sub-module: deep analysis is carried out on the extracted equipment characteristics, and abnormal behaviors or potential threats of the equipment are detected in real time;
and the self-adaptive device management module can dynamically adjust the device management strategy according to the device behavior analysis result.
8. The deep learning-based intelligent network device service hosting security management system of claim 1, wherein: the host security management system further comprises a self-adaptive threat prediction module, wherein the self-adaptive threat prediction module adopts a deep learning algorithm to learn past network attacks and abnormal behavior data and predicts possible threats and attacks in the future; the module further comprises:
historical data analysis submodule: analyzing historical network attack and abnormal behavior data, and extracting key features;
threat prediction sub-module: based on the result of the historical data analysis, predicting future threats and attacks by using a deep neural network model;
and the prediction result feedback module is used for automatically adjusting the security policy of the system according to the threat prediction result.
9. The deep learning-based intelligent network device service hosting security management system of claim 1, wherein: the host safety management system further comprises a self-adaptive user behavior analysis module, wherein the self-adaptive user behavior analysis module monitors and analyzes network behaviors of a user in real time through a deep learning algorithm and identifies abnormal or malicious user behaviors; the module further comprises:
and a user behavior characteristic extraction sub-module: extracting characteristics of network behavior data of a user;
abnormal behavior detection sub-module: based on the extracted user behavior characteristics, detecting abnormal or malicious user behaviors in real time by using a deep learning model;
and the user behavior management module automatically executes a corresponding security policy according to the result of the user behavior analysis.
10. The deep learning-based intelligent network device service hosting security management system of claim 1, wherein: the host security management system further comprises an adaptive traffic monitoring and management module which monitors and analyzes network traffic in real time by using a deep learning algorithm for identifying potential DDoS attacks, botnet traffic or other malicious traffic. The module further comprises:
and a flow characteristic extraction sub-module: deep analysis is carried out on the data packets entering and exiting the network, and key flow characteristics are extracted;
malicious traffic detection submodule: based on the extracted flow characteristics, detecting and classifying malicious flows in real time by using a deep neural network model;
traffic management sub-module: according to the malicious flow detection result, automatically executing a corresponding flow management strategy;
adaptive response and recovery module: the module can automatically take responsive action when the system detects malicious traffic or attacks.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311437817.0A CN117424740A (en) | 2023-11-01 | 2023-11-01 | Intelligent network equipment service host safety management system based on deep learning |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311437817.0A CN117424740A (en) | 2023-11-01 | 2023-11-01 | Intelligent network equipment service host safety management system based on deep learning |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117424740A true CN117424740A (en) | 2024-01-19 |
Family
ID=89526203
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311437817.0A Pending CN117424740A (en) | 2023-11-01 | 2023-11-01 | Intelligent network equipment service host safety management system based on deep learning |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117424740A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117611015A (en) * | 2024-01-22 | 2024-02-27 | 衡水烨通建设工程有限公司 | Real-time monitoring system for quality of building engineering |
| CN117834311A (en) * | 2024-03-06 | 2024-04-05 | 成都工业职业技术学院 | Malicious behavior identification system for network security |
| CN118018332A (en) * | 2024-04-09 | 2024-05-10 | 山东慧贝行信息技术有限公司 | Machine learning-based network data leakage early warning system and method thereof |
| CN118157994A (en) * | 2024-05-10 | 2024-06-07 | 福建依时利软件股份有限公司 | Campus security Internet of things sensing system and method based on AI algorithm |
| CN118353667A (en) * | 2024-04-22 | 2024-07-16 | 云仓库(广东)信息科技有限公司 | Network security early warning method and system based on deep learning |
| CN118432854A (en) * | 2024-03-29 | 2024-08-02 | 北京绿百顺科技有限公司 | Network encapsulation detection system and method |
| CN118509266A (en) * | 2024-07-22 | 2024-08-16 | 四川云互未来科技有限公司 | Network traffic data mining method and system based on artificial intelligence |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101814368B1 (en) * | 2017-07-27 | 2018-01-04 | 김재춘 | Information security network integrated management system using big data and artificial intelligence, and a method thereof |
| CN112202726A (en) * | 2020-09-10 | 2021-01-08 | 西安交通大学 | System anomaly detection method based on context sensing |
| CN116319061A (en) * | 2023-04-18 | 2023-06-23 | 天津市职业大学 | Intelligent control network system |
| CN116662989A (en) * | 2023-08-01 | 2023-08-29 | 深圳奥联信息安全技术有限公司 | Security data analysis method and system |
-
2023
- 2023-11-01 CN CN202311437817.0A patent/CN117424740A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101814368B1 (en) * | 2017-07-27 | 2018-01-04 | 김재춘 | Information security network integrated management system using big data and artificial intelligence, and a method thereof |
| CN112202726A (en) * | 2020-09-10 | 2021-01-08 | 西安交通大学 | System anomaly detection method based on context sensing |
| CN116319061A (en) * | 2023-04-18 | 2023-06-23 | 天津市职业大学 | Intelligent control network system |
| CN116662989A (en) * | 2023-08-01 | 2023-08-29 | 深圳奥联信息安全技术有限公司 | Security data analysis method and system |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117611015A (en) * | 2024-01-22 | 2024-02-27 | 衡水烨通建设工程有限公司 | Real-time monitoring system for quality of building engineering |
| CN117611015B (en) * | 2024-01-22 | 2024-03-29 | 衡水烨通建设工程有限公司 | Real-time monitoring system for quality of building engineering |
| CN117834311A (en) * | 2024-03-06 | 2024-04-05 | 成都工业职业技术学院 | Malicious behavior identification system for network security |
| CN117834311B (en) * | 2024-03-06 | 2024-05-14 | 成都工业职业技术学院 | Malicious behavior identification system for network security |
| CN118432854A (en) * | 2024-03-29 | 2024-08-02 | 北京绿百顺科技有限公司 | Network encapsulation detection system and method |
| CN118018332A (en) * | 2024-04-09 | 2024-05-10 | 山东慧贝行信息技术有限公司 | Machine learning-based network data leakage early warning system and method thereof |
| CN118018332B (en) * | 2024-04-09 | 2024-07-30 | 山东慧贝行信息技术有限公司 | Machine learning-based network data leakage early warning system and method thereof |
| CN118353667A (en) * | 2024-04-22 | 2024-07-16 | 云仓库(广东)信息科技有限公司 | Network security early warning method and system based on deep learning |
| CN118157994A (en) * | 2024-05-10 | 2024-06-07 | 福建依时利软件股份有限公司 | Campus security Internet of things sensing system and method based on AI algorithm |
| CN118509266A (en) * | 2024-07-22 | 2024-08-16 | 四川云互未来科技有限公司 | Network traffic data mining method and system based on artificial intelligence |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ullah et al. | Intelligent intrusion detection system for Apache web server empowered with machine learning approaches | |
| CN117424740A (en) | Intelligent network equipment service host safety management system based on deep learning | |
| Subbiah et al. | Intrusion detection technique in wireless sensor network using grid search random forest with Boruta feature selection algorithm | |
| Khanday et al. | Implementation of intrusion detection model for DDoS attacks in Lightweight IoT Networks | |
| Azam et al. | Comparative analysis of intrusion detection systems and machine learning based model analysis through decision tree | |
| Süzen | Developing a multi-level intrusion detection system using hybrid-DBN | |
| Khalaf et al. | An adaptive protection of flooding attacks model for complex network environments | |
| Repalle et al. | Intrusion detection system using ai and machine learning algorithm | |
| Farahani | Feature Selection Based on Cross‐Correlation for the Intrusion Detection System | |
| Ahanger et al. | An effective intrusion detection system using supervised machine learning techniques | |
| Soniya et al. | Intrusion detection system: Classification and techniques | |
| Naz et al. | Ensemble learning-based IDS for sensors telemetry data in IoT networks | |
| Chapaneri et al. | Multi-level Gaussian mixture modeling for detection of malicious network traffic | |
| Shankar et al. | Deep analysis of risks and recent trends towards network intrusion detection system | |
| CN118138361A (en) | Security policy making method and system based on autonomously evolutionary agent | |
| Samha et al. | Intrusion detection system using hybrid convolutional neural network | |
| Daihes et al. | MORTON: detection of malicious routines in large-scale DNS traffic | |
| Parhizkari | Anomaly detection in intrusion detection systems | |
| Abdullahi et al. | Comparison and investigation of AI-based approaches for cyberattack detection in cyber-physical systems | |
| Mehta et al. | Threat prediction using ensemble learning algorithm to provide end-point security | |
| Abhale et al. | Deep learning algorithmic approach for operational anomaly based intrusion detection system in wireless sensor networks | |
| Chandak et al. | DDoS attack detection in smart home applications | |
| Udayakumar et al. | Machine Learning Based Intrusion Detection System | |
| Rajendiran et al. | Trustworthy-Based Authentication Model with Intrusion Detection for IoT-Enabled Networks with Deep Learning Algorithm. | |
| Pakmehr et al. | DDoS attack detection techniques in IoT networks: a survey |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |