CN117424740A - Intelligent network equipment service host safety management system based on deep learning - Google Patents

Intelligent network equipment service host safety management system based on deep learning Download PDF

Info

Publication number
CN117424740A
CN117424740A CN202311437817.0A CN202311437817A CN117424740A CN 117424740 A CN117424740 A CN 117424740A CN 202311437817 A CN202311437817 A CN 202311437817A CN 117424740 A CN117424740 A CN 117424740A
Authority
CN
China
Prior art keywords
module
network
deep learning
sub
adaptive
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311437817.0A
Other languages
Chinese (zh)
Inventor
李洋斌
周沅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Yihai Information Technology Co ltd
Original Assignee
Shanghai Yihai Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Yihai Information Technology Co ltd filed Critical Shanghai Yihai Information Technology Co ltd
Priority to CN202311437817.0A priority Critical patent/CN117424740A/en
Publication of CN117424740A publication Critical patent/CN117424740A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/213Feature extraction, e.g. by transforming the feature space; Summarisation; Mappings, e.g. subspace methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/213Feature extraction, e.g. by transforming the feature space; Summarisation; Mappings, e.g. subspace methods
    • G06F18/2135Feature extraction, e.g. by transforming the feature space; Summarisation; Mappings, e.g. subspace methods based on approximation criteria, e.g. principal component analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2415Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on parametric or probabilistic models, e.g. based on likelihood ratio or false acceptance rate versus a false rejection rate
    • G06F18/24155Bayesian classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/243Classification techniques relating to the number of classes
    • G06F18/24323Tree-organised classifiers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/25Fusion techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/042Knowledge-based neural networks; Logical representations of neural networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks
    • G06N3/0442Recurrent networks, e.g. Hopfield networks characterised by memory or gating, e.g. long short-term memory [LSTM] or gated recurrent units [GRU]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/0464Convolutional networks [CNN, ConvNet]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/0475Generative networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/094Adversarial learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Evolutionary Computation (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Software Systems (AREA)
  • Mathematical Physics (AREA)
  • Molecular Biology (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Evolutionary Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Probability & Statistics with Applications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides an intelligent network equipment service host safety management system based on deep learning, which relates to the technical field of network safety systems and comprises a self-adaptive deep learning model training module, a data enhancer module, a model fine adjustment sub-module, a multi-dimensional network flow monitoring module, a deep packet detection sub-module, a device behavior analysis sub-module, a context-aware safety event identification module, a space-time context analysis sub-module, a user behavior modeling sub-module, a strategy recommendation execution module, a real-time risk assessment sub-module and a strategy simulation sub-module.

Description

Intelligent network equipment service host safety management system based on deep learning
Technical Field
The invention relates to the technical field of network security systems, in particular to an intelligent network equipment service host security management system based on deep learning.
Background
With the rapid development of the internet and the advancement of digital transformation, network security has become an important issue that various organizations and individuals must face. Conventional network security policies and approaches tend to be safeguarded based on fixed rules and known threat features, but as attack approaches become diverse and complex, these conventional approaches have been difficult to address current network security challenges.
An increasing network threat: in recent years, the number and complexity of network attacks have increased dramatically. From the luxo software to DDoS attacks, from social engineering to zero-day vulnerabilities, attackers continue to employ new technologies and strategies to bypass traditional security protections.
Dynamically changing network environment: in modern network environments, devices, applications, and services are constantly changing and updating. This makes the structure and traffic pattern of the network very complex, and conventional rule-based security policies are difficult to accommodate for this dynamic variation.
Big data and AI rise: with the development of big data technology, organizations and individuals are able to collect and process large amounts of network data. Meanwhile, artificial intelligence and deep learning technology are widely applied in the field of network security, and new possibilities are provided for network security analysis and decision making.
Against the background, we propose this technical solution, aiming at solving the following technical problems:
real-time network traffic monitoring is combined with deep learning: through the deep learning technology, network traffic can be more accurately identified and classified, and potential malicious behaviors can be timely found.
Training an adaptive model: in order to cope with dynamic changes of network environment, our system can automatically adjust and train the model according to real-time data, and ensure that the model always keeps high accuracy.
Context-aware security event identification: by considering the contextual information of network events, our system is able to more accurately identify true security threats, reducing false positives and false negatives.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides an intelligent network equipment service host safety management system based on deep learning, which solves the following problems:
1. real-time network traffic monitoring is combined with deep learning: through the deep learning technology, network traffic can be more accurately identified and classified, and potential malicious behaviors can be timely found.
2. Training an adaptive model: in order to cope with dynamic changes of network environment, our system can automatically adjust and train the model according to real-time data, and ensure that the model always keeps high accuracy.
3. Context-aware security event identification: by considering the contextual information of network events, our system is able to more accurately identify true security threats, reducing false positives and false negatives.
Technical proposal
In order to achieve the above purpose, the invention is realized by the following technical scheme: an intelligent network equipment service host safety management system based on deep learning comprises the following parts:
the self-adaptive deep learning model training module adopts a generation countermeasure network (GAN) structure for generating a network attack sample for enhancing the robustness of the model; the module further comprises:
a data enhancer module: the diversity of training data is increased by utilizing a data expansion technology;
model fine tuning submodule: the method is used for fine tuning the model by using a small amount of new data and adapting to a new environment;
the multi-dimensional network flow monitoring module is used for monitoring the traditional network flow and monitoring the communication mode, frequency and time sequence mode among the devices; the module further comprises:
deep packet inspection submodule: the method comprises the steps of acquiring the content of a network data packet, and identifying potential malicious behaviors and abnormal modes;
device behavior analysis sub-module: the device is used for performing deep learning analysis on the communication behavior of the device and identifying whether the device is infected by malicious software or controlled by a hacker;
the context-aware security event recognition module is used for carrying out security event recognition by combining user behaviors, equipment states and network environments; the module further comprises:
a space-time context analysis sub-module: the method comprises the steps of reading the time and place of occurrence of an event and the relation with other events, and carrying out event identification;
user behavior modeling module: the method comprises the steps of performing deep learning modeling on user behaviors, and identifying whether a user is performing malicious behaviors or is deceptively performed;
the strategy recommendation execution module recommends the optimal safety strategy according to the real-time situation; the module further comprises:
real-time risk assessment sub-module: according to the current network state and threat information, evaluating the security risk of the network in real time;
policy simulation sub-module: simulating and executing a security policy in the virtual environment;
preferably, the service host security management system further comprises: a deep learning identity verification module;
the deep learning identity verification module comprises:
the dynamic network topology identification module captures equipment and service changes in the network in real time and automatically updates the network topology; the module further comprises:
device fingerprint identification sub-module: analyzing the communication behavior, protocol and characteristics of the equipment through a deep learning algorithm, and identifying the type and function of the equipment;
service dependency analysis sub-module: through carrying out deep learning analysis on network traffic, identifying the dependency relationship between services;
the self-adaptive threat information collection module dynamically adjusts the collection strategy of threat information according to the current network environment and threat situation; the module further comprises:
threat intelligence source assessment submodule: the reliability and timeliness of threat information sources are evaluated through a deep learning algorithm;
threat information fusion sub-module: fusing threat intelligence from different sources;
the real-time user emotion state monitoring module is used for analyzing the emotion state of the user, adjusting the safety strategy and internally arranging brain wave mode analysis and deep learning emotion analysis algorithms.
Preferably, the host security management system further includes a deep learning identity verification module, the deep learning identity verification module includes:
the self-adaptive flow control module dynamically adjusts the flow control strategy according to the network state and the security strategy; the module further comprises:
flow classification sub-module: classifying network traffic through a deep learning algorithm, and identifying normal traffic, malicious traffic and unknown traffic;
traffic priority adjustment sub-module: dynamically adjusting the priority of the flow according to the classification result and the security policy of the flow;
the self-adaptive intrusion detection module dynamically adjusts an intrusion detection strategy according to the network environment and the threat situation; the module further comprises:
a pattern matching sub-module: performing pattern matching on network traffic through a deep learning algorithm, and identifying a known attack pattern;
an anomaly detection sub-module: performing anomaly detection on network traffic through a deep learning algorithm, and identifying an unknown attack mode;
an adaptive deep learning model for continuous learning and model updating, the adaptive deep learning model being used to dynamically adjust to the biometric characteristics and changes of a user.
Preferably, the host security management system further comprises an adaptive access control module, and the adaptive access control module dynamically adjusts an access control policy according to user behaviors and a network environment; the module further comprises:
user behavior analysis sub-module: analyzing the access behaviors of the user through a deep learning algorithm, and identifying normal and abnormal access modes;
an access right adjustment sub-module: dynamically adjusting the access rights of the user according to the result of the user behavior analysis;
the self-adaptive data protection module can dynamically adjust a data protection strategy according to the sensitivity and the access mode of the data; the module further comprises:
a data classification sub-module: classifying the data through a deep learning algorithm, and identifying sensitive data and non-sensitive data;
and a data encryption sub-module: and dynamically selecting a proper encryption algorithm according to the classification result of the data.
Preferably, the host security management system further comprises an adaptive threat response module, wherein the adaptive threat response module dynamically adjusts a threat response strategy according to the severity of the threat and the network environment; the module further comprises:
threat assessment sub-module: evaluating the severity of the threat through a deep learning algorithm;
and responding to the strategy selection submodule: dynamically selecting a proper response strategy according to the threat assessment result;
the self-adaptive log management module can dynamically adjust log collection and analysis strategies according to network states and security strategies; the module further comprises:
a log classification sub-module: classifying the logs by a deep learning algorithm, and identifying key logs and non-key logs;
a log analysis sub-module: and carrying out deep analysis on the classified logs to identify potential security threats.
Preferably, the host security management system further comprises an adaptive flow monitoring module, and the adaptive flow monitoring module dynamically adjusts a flow monitoring strategy according to the characteristics and the behavior mode of the network flow; the module further comprises:
and a flow characteristic extraction sub-module: extracting characteristics of network traffic through a deep learning algorithm, and identifying normal and abnormal traffic modes;
flow behavior analysis sub-module: the method is used for carrying out deep analysis on the extracted flow characteristics and detecting network attack or abnormal behaviors in real time;
and the self-adaptive flow control module dynamically adjusts the network flow control strategy according to the flow behavior analysis result.
Preferably, the host security management system further comprises an adaptive device identification module, and the adaptive device identification module dynamically adjusts a device identification policy according to characteristics and a behavior mode of the network device; the module further comprises:
and the equipment characteristic extraction submodule: extracting the characteristics of the network equipment through a deep learning algorithm;
device behavior analysis sub-module: deep analysis is carried out on the extracted equipment characteristics, and abnormal behaviors or potential threats of the equipment are detected in real time;
and the self-adaptive device management module can dynamically adjust the device management strategy according to the device behavior analysis result.
Preferably, the host security management system further comprises an adaptive threat prediction module, wherein the adaptive threat prediction module adopts a deep learning algorithm to learn past network attacks and abnormal behavior data and predicts possible threats and attacks in the future; the module further comprises:
historical data analysis submodule: analyzing historical network attack and abnormal behavior data, and extracting key features;
threat prediction sub-module: based on the result of the historical data analysis, predicting future threats and attacks by using a deep neural network model;
and the prediction result feedback module is used for automatically adjusting the security policy of the system according to the threat prediction result.
Preferably, the host security management system further comprises a self-adaptive user behavior analysis module, wherein the self-adaptive user behavior analysis module monitors and analyzes the network behavior of the user in real time through a deep learning algorithm, and identifies abnormal or malicious user behaviors; the module further comprises:
and a user behavior characteristic extraction sub-module: extracting characteristics of network behavior data of a user;
abnormal behavior detection sub-module: based on the extracted user behavior characteristics, detecting abnormal or malicious user behaviors in real time by using a deep learning model;
and the user behavior management module automatically executes a corresponding security policy according to the result of the user behavior analysis.
Preferably, the host security management system further includes an adaptive traffic monitoring and management module, which uses a deep learning algorithm to monitor and analyze network traffic in real time, for identifying potential DDoS attacks, botnet traffic, or other malicious traffic. The module further comprises:
and a flow characteristic extraction sub-module: deep analysis is carried out on the data packets entering and exiting the network, and key flow characteristics are extracted;
malicious traffic detection submodule: based on the extracted flow characteristics, detecting and classifying malicious flows in real time by using a deep neural network model;
traffic management sub-module: according to the malicious flow detection result, automatically executing a corresponding flow management strategy;
adaptive response and recovery module: the module can automatically take responsive action when the system detects malicious traffic or attacks.
Advantageous effects
The invention provides an intelligent network equipment service host safety management system based on deep learning. The beneficial effects are as follows:
1. according to the invention, the real-time network flow monitoring and the deep learning are combined, and the network data packet is captured in real time and classified by using the deep learning model, so that the system can timely identify potential malicious flow and attack behaviors, the network safety is improved, the dependence on a network manager is reduced, and the network safety management is more automatic.
2. According to the self-adaptive model training method, the accuracy of the model is improved, the system can conduct fine adjustment on the model according to the network data captured in real time, the model is enabled to be more suitable for the current network environment and threat, the model is guaranteed to still have high accuracy when facing new attack means and strategies, and therefore the overall safety of the network is improved.
3. The context-aware security event recognition enhances event analysis, and by considering the time-space relationship and user behavior of the events, the system can more accurately recognize real security events and reduce false alarm and missing report, thereby not only improving the accuracy of event recognition, but also providing more detailed and useful event information for network administrators and helping them to better understand and cope with security events.
4. The strategy simulation and the real-time risk assessment ensure the effectiveness of the strategy, and before the safety strategy is deployed, the system simulates the execution strategy in the virtual environment and predicts the effect of the strategy, so that the deployed strategy is ensured to be effective, the potential risk caused by strategy errors is reduced, and in addition, the real-time risk assessment provides immediate network safety condition feedback for network administrators, so that the network administrators can make more intelligent decisions.
Detailed Description
The technical solutions of the embodiments of the present invention will be clearly and completely described below in conjunction with the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
First embodiment:
the intelligent network equipment service host safety management system based on deep learning adopts a series of advanced technologies to ensure the safety of the network. Firstly, an adaptive deep learning model training module in the system generates a network attack sample by adopting a generation countermeasure network (GAN) structure, so that the robustness of the model is enhanced. The data enhancer module increases the diversity of training data through a data expansion technology, and the model fine adjustment sub-module carries out fine adjustment on the model by using a small amount of new data so as to adapt to the new environment. In addition, the multidimensional network flow monitoring module monitors the traditional network flow, the deep packet inspection sub-module acquires network data packet content and identifies potential malicious behaviors, and the equipment behavior analysis sub-module analyzes the communication behaviors of the equipment and judges whether the equipment is infected by malicious software or not.
On the basis, the context-aware security event recognition module performs security event recognition in combination with user behavior, device state and network environment. The time-space context analysis submodule reads the time and place of occurrence of the event and carries out event identification on the relationship with other events, and the user behavior modeling submodule carries out deep learning modeling on the user behavior to judge whether the user carries out malicious behavior or is deception. The policy recommendation execution module recommends the optimal security policy according to the real-time situation, the real-time risk assessment sub-module assesses the security risk of the network according to the current network state and threat information, and the policy simulation sub-module simulates and executes the security policy in the virtual environment.
Finally, the host safety management system also comprises a deep learning identity verification module, and the dynamic network topology identification module captures equipment and service changes in the network in real time and automatically updates the network topology. The device fingerprint recognition submodule analyzes the communication behavior, protocol and characteristics of the device through a deep learning algorithm and recognizes the type and function of the device. The service dependency analysis sub-module identifies the dependency relationship between services through deep learning analysis of network traffic. In addition, the self-adaptive threat information collection module dynamically adjusts the threat information collection strategy according to the current network environment and the threat situation, the threat information source evaluation sub-module evaluates the reliability and timeliness of the threat information source, and the threat information fusion sub-module fuses the threat information from different sources.
An intelligent network equipment service host safety management system based on deep learning comprises the following parts: an adaptive deep learning model training module,
data expansion technology such as random rotation, clipping, noise injection, etc. There are no specific formulas, but a variety of data transformation techniques are involved. By applying various stochastic transformations to the raw data, more training samples can be generated, enhancing the generalization ability of the model. Model fine tuning submodule, algorithm Transfer Learning. Using a pre-trained model as a basis, and then performing fine tuning on new data to adapt to new tasks or environments, adopting a generated countermeasure network (GAN) structure for generating a network attack sample for enhancing the robustness of the model; the module further comprises: a data enhancer module: the diversity of training data is increased by utilizing a data expansion technology; model fine tuning submodule: the method is used for fine tuning the model by using a small amount of new data and adapting to a new environment; the multi-dimensional network flow monitoring module is used for monitoring the traditional network flow and monitoring the communication mode, frequency and time sequence mode among the devices; the module further comprises: deep packet inspection submodule: the method comprises the steps of acquiring the content of a network data packet, and identifying potential malicious behaviors and abnormal modes; device behavior analysis sub-module: the device is used for performing deep learning analysis on the communication behavior of the device and identifying whether the device is infected by malicious software or controlled by a hacker;
the multi-dimensional network flow monitoring module comprises a deep packet detection sub-module and a deep learning classifier.
Formula f (x) =σ (wx+b),
where σ is the activation function. Deep learning classification is performed on the network data packet content to identify potentially malicious behavior. Is provided with
By analyzing the communication sequence of the device, it can be identified whether the device is infected with malware. The context-aware security event recognition module is used for carrying out security event recognition by combining user behaviors, equipment states and network environments; the module further comprises: a space-time context analysis sub-module: the method comprises the steps of reading the time and place of occurrence of an event and the relation with other events, and carrying out event identification; user behavior modeling module: the method comprises the steps of performing deep learning modeling on user behaviors, and identifying whether a user is performing malicious behaviors or is deceptively performed; the strategy recommendation execution module recommends the optimal safety strategy according to the real-time situation; the module further comprises: real-time risk assessment sub-module: according to the current network state and threat information, evaluating the security risk of the network in real time; policy simulation sub-module: simulating and executing a security policy in the virtual environment; the service host security management system further includes: a deep learning identity verification module; the deep learning identity verification module comprises: the dynamic network topology identification module captures equipment and service changes in the network in real time and automatically updates the network topology; the module further comprises: device fingerprint identification sub-module: analyzing the communication behavior, protocol and characteristics of the equipment through a deep learning algorithm, and identifying the type and function of the equipment; service dependency analysis sub-module: through carrying out deep learning analysis on network traffic, identifying the dependency relationship between services; the self-adaptive threat information collection module dynamically adjusts the collection strategy of threat information according to the current network environment and threat situation; the module further comprises: threat intelligence source assessment submodule: the reliability and timeliness of threat information sources are evaluated through a deep learning algorithm; threat information fusion sub-module: fusing threat intelligence from different sources; the real-time user emotion state monitoring module is used for analyzing the emotion state of the user, adjusting the safety strategy and internally arranging brain wave mode analysis and deep learning emotion analysis algorithms. The host safety management system also comprises a deep learning identity verification module, wherein the deep learning identity verification module comprises: the self-adaptive flow control module dynamically adjusts the flow control strategy according to the network state and the security strategy; the module further comprises: flow classification sub-module: classifying network traffic through a deep learning algorithm, and identifying normal traffic, malicious traffic and unknown traffic; traffic priority adjustment sub-module: dynamically adjusting the priority of the flow according to the classification result and the security policy of the flow; the self-adaptive intrusion detection module dynamically adjusts an intrusion detection strategy according to the network environment and the threat situation; the module further comprises: a pattern matching sub-module: performing pattern matching on network traffic through a deep learning algorithm, and identifying a known attack pattern; an anomaly detection sub-module: performing anomaly detection on network traffic through a deep learning algorithm, and identifying an unknown attack mode; the adaptive deep learning model is used for continuous learning and model updating, and is used for dynamically adjusting the biological characteristics and changes of the adaptive user. The host safety management system further comprises an adaptive access control module, and the adaptive access control module dynamically adjusts an access control strategy according to user behaviors and a network environment; the module further comprises: user behavior analysis sub-module: analyzing the access behaviors of the user through a deep learning algorithm, and identifying normal and abnormal access modes; an access right adjustment sub-module: dynamically adjusting the access rights of the user according to the result of the user behavior analysis; the self-adaptive data protection module can dynamically adjust a data protection strategy according to the sensitivity and the access mode of the data; the module further comprises: a data classification sub-module: classifying the data through a deep learning algorithm, and identifying sensitive data and non-sensitive data; and a data encryption sub-module: and dynamically selecting a proper encryption algorithm according to the classification result of the data. The host security management system further comprises a self-adaptive threat response module, wherein the self-adaptive threat response module dynamically adjusts a threat response strategy according to the severity of the threat and the network environment; the module further comprises: threat assessment sub-module: evaluating the severity of the threat through a deep learning algorithm; and responding to the strategy selection submodule: dynamically selecting a proper response strategy according to the threat assessment result; the self-adaptive log management module can dynamically adjust log collection and analysis strategies according to network states and security strategies; the module further comprises: a log classification sub-module: classifying the logs by a deep learning algorithm, and identifying key logs and non-key logs; a log analysis sub-module: and carrying out deep analysis on the classified logs to identify potential security threats. The host safety management system further comprises a self-adaptive flow monitoring module, and the self-adaptive flow monitoring module dynamically adjusts a flow monitoring strategy according to the characteristics and the behavior mode of the network flow; the module further comprises: and a flow characteristic extraction sub-module: extracting characteristics of network traffic through a deep learning algorithm, and identifying normal and abnormal traffic modes; flow behavior analysis sub-module: the method is used for carrying out deep analysis on the extracted flow characteristics and detecting network attack or abnormal behaviors in real time; and the self-adaptive flow control module dynamically adjusts the network flow control strategy according to the flow behavior analysis result. The host safety management system further comprises a self-adaptive equipment identification module, and the self-adaptive equipment identification module dynamically adjusts equipment identification strategies according to the characteristics and the behavior modes of the network equipment; the module further comprises: and the equipment characteristic extraction submodule: extracting the characteristics of the network equipment through a deep learning algorithm; device behavior analysis sub-module: deep analysis is carried out on the extracted equipment characteristics, and abnormal behaviors or potential threats of the equipment are detected in real time; and the self-adaptive device management module can dynamically adjust the device management strategy according to the device behavior analysis result. The host security management system further comprises a self-adaptive threat prediction module, wherein the self-adaptive threat prediction module adopts a deep learning algorithm to learn past network attacks and abnormal behavior data and predicts possible threats and attacks in the future; the module further comprises: historical data analysis submodule: analyzing historical network attack and abnormal behavior data, and extracting key features; threat prediction sub-module: based on the result of the historical data analysis, predicting future threats and attacks by using a deep neural network model; and the prediction result feedback module is used for automatically adjusting the security policy of the system according to the threat prediction result. The host safety management system further comprises a self-adaptive user behavior analysis module, wherein the self-adaptive user behavior analysis module monitors and analyzes the network behavior of the user in real time through a deep learning algorithm, and identifies abnormal or malicious user behaviors; the module further comprises: and a user behavior characteristic extraction sub-module: extracting characteristics of network behavior data of a user; abnormal behavior detection sub-module: based on the extracted user behavior characteristics, detecting abnormal or malicious user behaviors in real time by using a deep learning model; and the user behavior management module automatically executes a corresponding security policy according to the result of the user behavior analysis. The host security management system further comprises an adaptive traffic monitoring and management module which uses a deep learning algorithm to monitor and analyze network traffic in real time for identifying potential DDoS attacks, botnet traffic or other malicious traffic. The module further comprises: and a flow characteristic extraction sub-module: deep analysis is carried out on the data packets entering and exiting the network, and key flow characteristics are extracted; malicious traffic detection submodule: based on the extracted flow characteristics, detecting and classifying malicious flows in real time by using a deep neural network model; traffic management sub-module: according to the malicious flow detection result, automatically executing a corresponding flow management strategy; adaptive response and recovery module: the module can automatically take responsive action when the system detects malicious traffic or attacks.
3. And the context-aware security event identification module comprises a space-time context analysis submodule and a correlation rule learning submodule, wherein the correlation rule learning submodule or the frequent pattern mining submodule can be used for more accurately identifying the security event by analyzing the space-time relation of the event. User behavior modeling submodule
Behavior pattern recognition, such as hidden Markov models. Transition and emission probabilities of HMMs.
By modeling the behavior sequence of the user, it is possible to identify whether malicious or abnormal behavior exists.
The strategy recommendation execution module is used for carrying out real-time risk assessment on the sub-module:
risk scoring algorithms such as logistic regression or decision trees.
The formula of logistic regression is
And calculating the real-time risk score of the network according to the current network state and threat information. And simulating a virtual environment by a strategy simulation sub-module.
There is no specific formula but it involves the creation of a simulated environment and the execution of policies.
The security policy is simulated in the virtual environment to predict its effectiveness.
The self-adaptive deep learning model training module:
an antagonism network (GAN) structure is generated using a generator and a arbiter. The generator attempts to create dummy data that looks like real data, while the arbiter attempts to distinguish between real and dummy data. In this way, the model may generate more samples of network attacks.
The data enhancer module uses rotation, scaling, clipping, etc. techniques to increase the diversity of the training data.
And the model fine tuning sub-module uses a transfer learning technology to carry out fine tuning on new data by a pre-trained model.
A multi-dimensional network traffic monitoring module:
deep packet inspection sub-module uses a deep learning model, such as Convolutional Neural Network (CNN), to analyze the content of network data packets.
And the device behavior analysis submodule is used for analyzing the communication behavior of the device by using a Recurrent Neural Network (RNN) or a long-short-time memory network (LSTM).
A context-aware security event identification module:
a temporal-spatial context analysis sub-module analyzes a temporal-spatial context of an event using time-series analysis and Geographic Information System (GIS) techniques.
The user behavior modeling sub-module models user behavior using a self-encoder or a variant self-encoder.
The strategy recommendation execution module:
the real-time risk assessment sub-module uses a bayesian network or decision tree to assess the security risk of the network.
And the strategy simulation sub-module simulates and executes the security strategy in the sandbox environment to ensure that no negative influence is caused.
Deep learning identity verification module:
a dynamic network topology identification module captures device and service changes in a network using a Graph Neural Network (GNN).
The device fingerprint identification sub-module uses feature engineering and clustering algorithms to identify the type and function of the device.
The self-adaptive threat information collection module is used for:
the threat intelligence source assessment sub-module uses a reputation scoring system to assess the reliability of threat intelligence sources.
Threat intelligence fusion sub-module, fusion of threat intelligence from different sources using data fusion techniques such as Kalman filters or particle filters.
And the real-time user emotion state monitoring module is used for analyzing the emotion state of the user by using an emotion analysis technology and combining brain wave pattern analysis and deep learning emotion analysis algorithm.
And the self-adaptive flow monitoring and management module is as follows:
flow feature extraction sub-module extracting key flow features using feature selection techniques such as Principal Component Analysis (PCA) or t-SNE.
Malicious traffic detection sub-module using anomaly detection algorithms, such as isolated forests or a class of SVMs, to detect malicious traffic.
And the self-adaptive response and recovery module automatically takes response measures according to the detected malicious traffic or attack by using a decision support system and expert system technology.
Specific embodiment II:
the technical content is further disclosed as follows:
generation of countermeasure network (GAN)
The formula:the explanation is that GAN consists of two parts: a generator (G) and a discriminator (D). The generator attempts to produce a false data sample and the above formula describes this countermeasure relationship, where D (x) is the arbiter's pre-prediction of the true data xMeasuring, and G (z) is the depth of birth neural network (DNN)
Formula f (x) =σ (wx+b)
The explanation is that a neuron model, where f (x) is the output of the neuron, σ is the activation function, W is the weight, b is biased in a deep neural network, and a plurality of such neuron layers crowned constitute a complex model.
Abnormality detection
The formula:
interpretation that this is a logistic regression model for classifying problems. In anomaly detection, it can be used to predict whether network traffic or user behavior is anomalous. Where S (x) is the anomaly probability for a given input x,
third embodiment:
the further disclosed technical scheme is as follows:
SP1, initializing system configuration and parameters;
sp1.1, loading a pre-trained deep learning model;
sp1.2 sets a network flow monitoring parameter;
SP2, starting multidimensional network traffic monitoring;
sp2.1 captures real-time network data packets;
sp2.2 uses the deep packet inspection submodule to classify the data packet;
SP3, performing self-adaptive deep learning model training on the captured network data packet;
sp3.1 uses a data enhancer module to expand the original data;
sp3.2 fine-tunes the pre-trained model using a model fine-tuning sub-module;
SP4, analyzing equipment behaviors;
sp4.1, analyzing the communication sequence of the equipment;
sp4.2 uses a sequence model (e.g., LSTM) to identify potential malicious behavior;
SP5, carrying out context-aware security event identification;
sp5.1 uses a space-time context analysis sub-module to analyze the space-time relationship of events;
sp5.2 uses the user behavior to build the module of the mould to model and analyze the user behavior;
SP6, performing real-time risk assessment on the identified security event;
sp6.1 calculates a real-time risk score of the network using a real-time risk assessment submodule;
SP7, performing strategy recommendation according to the risk score;
sp7.1 uses a strategy simulation sub-module to simulate and execute recommended security strategies in a virtual environment;
sp7.2 predicts the effect of policy enforcement;
SP8, executing recommended security policies;
sp8.1 deploys and implements recommended policies in the actual environment;
sp8.2 monitors the effect of policy enforcement;
SP9, feeding back and adjusting according to the executing effect of the strategy;
sp9.1 if the strategy is good, continuing to monitor;
sp9.2 if the strategy effect is bad, returning to SP3 for model training and adjustment;
SP10, periodically updating and maintaining the system;
sp10.1 periodically checks the running state of the system;
sp10.2 updates the model and policies to accommodate new threats and environments.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a reference structure" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (10)

1. The intelligent network equipment service host computer safety management system based on deep learning is characterized in that: comprises the following parts:
the self-adaptive deep learning model training module adopts a generation countermeasure network (GAN) structure for generating a network attack sample for enhancing the robustness of the model; the module further comprises:
a data enhancer module: the diversity of training data is increased by utilizing a data expansion technology;
model fine tuning submodule: the method is used for fine tuning the model by using a small amount of new data and adapting to a new environment;
the multi-dimensional network flow monitoring module is used for monitoring the traditional network flow and monitoring the communication mode, frequency and time sequence mode among the devices; the module further comprises:
deep packet inspection submodule: the method comprises the steps of acquiring the content of a network data packet, and identifying potential malicious behaviors and abnormal modes;
device behavior analysis sub-module: the device is used for performing deep learning analysis on the communication behavior of the device and identifying whether the device is infected by malicious software or controlled by a hacker;
the context-aware security event recognition module is used for carrying out security event recognition by combining user behaviors, equipment states and network environments; the module further comprises:
a space-time context analysis sub-module: the method comprises the steps of reading the time and place of occurrence of an event and the relation with other events, and carrying out event identification;
user behavior modeling module: the method comprises the steps of performing deep learning modeling on user behaviors, and identifying whether a user is performing malicious behaviors or is deceptively performed;
the strategy recommendation execution module recommends the optimal safety strategy according to the real-time situation; the module further comprises:
real-time risk assessment sub-module: according to the current network state and threat information, evaluating the security risk of the network in real time;
policy simulation sub-module: the security policy is enforced in a virtual environment.
2. The intelligent network equipment service host safety management system based on deep learning of claim 1, characterized in that: the service host security management system further includes: a deep learning identity verification module;
the deep learning identity verification module comprises:
the dynamic network topology identification module captures equipment and service changes in the network in real time and automatically updates the network topology; the module further comprises:
device fingerprint identification sub-module: analyzing the communication behavior, protocol and characteristics of the equipment through a deep learning algorithm, and identifying the type and function of the equipment;
service dependency analysis sub-module: through carrying out deep learning analysis on network traffic, identifying the dependency relationship between services;
the self-adaptive threat information collection module dynamically adjusts the collection strategy of threat information according to the current network environment and threat situation; the module further comprises:
threat intelligence source assessment submodule: the reliability and timeliness of threat information sources are evaluated through a deep learning algorithm;
threat information fusion sub-module: fusing threat intelligence from different sources;
the real-time user emotion state monitoring module is used for analyzing the emotion state of the user, adjusting the safety strategy and internally arranging brain wave mode analysis and deep learning emotion analysis algorithms.
3. The intelligent network equipment service host safety management system based on deep learning of claim 1, characterized in that: the host safety management system also comprises a deep learning identity verification module, wherein the deep learning identity verification module comprises:
the self-adaptive flow control module dynamically adjusts the flow control strategy according to the network state and the security strategy; the module further comprises:
flow classification sub-module: classifying network traffic through a deep learning algorithm, and identifying normal traffic, malicious traffic and unknown traffic;
traffic priority adjustment sub-module: dynamically adjusting the priority of the flow according to the classification result and the security policy of the flow;
the self-adaptive intrusion detection module dynamically adjusts an intrusion detection strategy according to the network environment and the threat situation; the module further comprises:
a pattern matching sub-module: performing pattern matching on network traffic through a deep learning algorithm, and identifying a known attack pattern;
an anomaly detection sub-module: performing anomaly detection on network traffic through a deep learning algorithm, and identifying an unknown attack mode;
an adaptive deep learning model for continuous learning and model updating, the adaptive deep learning model being used to dynamically adjust to the biometric characteristics and changes of a user.
4. The deep learning-based intelligent network device service hosting security management system of claim 1, wherein: the host security management system further comprises an adaptive access control module, wherein the adaptive access control module dynamically adjusts an access control strategy according to user behaviors and a network environment; the module further comprises:
user behavior analysis sub-module: analyzing the access behaviors of the user through a deep learning algorithm, and identifying normal and abnormal access modes;
an access right adjustment sub-module: dynamically adjusting the access rights of the user according to the result of the user behavior analysis;
the self-adaptive data protection module can dynamically adjust a data protection strategy according to the sensitivity and the access mode of the data; the module further comprises:
a data classification sub-module: classifying the data through a deep learning algorithm, and identifying sensitive data and non-sensitive data;
and a data encryption sub-module: and dynamically selecting a proper encryption algorithm according to the classification result of the data.
5. The deep learning-based intelligent network device service hosting security management system of claim 1, wherein: the host security management system further comprises an adaptive threat response module, wherein the adaptive threat response module dynamically adjusts a threat response strategy according to the severity of the threat and the network environment; the module further comprises:
threat assessment sub-module: evaluating the severity of the threat through a deep learning algorithm;
and responding to the strategy selection submodule: dynamically selecting a proper response strategy according to the threat assessment result;
the self-adaptive log management module can dynamically adjust log collection and analysis strategies according to network states and security strategies; the module further comprises:
a log classification sub-module: classifying the logs by a deep learning algorithm, and identifying key logs and non-key logs;
a log analysis sub-module: and carrying out deep analysis on the classified logs to identify potential security threats.
6. The deep learning-based intelligent network device service hosting security management system of claim 1, wherein: the host safety management system further comprises a self-adaptive flow monitoring module, wherein the self-adaptive flow monitoring module dynamically adjusts a flow monitoring strategy according to the characteristics and the behavior mode of the network flow; the module further comprises:
and a flow characteristic extraction sub-module: extracting characteristics of network traffic through a deep learning algorithm, and identifying normal and abnormal traffic modes;
flow behavior analysis sub-module: the method is used for carrying out deep analysis on the extracted flow characteristics and detecting network attack or abnormal behaviors in real time;
and the self-adaptive flow control module dynamically adjusts the network flow control strategy according to the flow behavior analysis result.
7. The deep learning-based intelligent network device service hosting security management system of claim 1, wherein: the host safety management system further comprises a self-adaptive equipment identification module, wherein the self-adaptive equipment identification module dynamically adjusts equipment identification strategies according to the characteristics and the behavior mode of the network equipment; the module further comprises:
and the equipment characteristic extraction submodule: extracting the characteristics of the network equipment through a deep learning algorithm;
device behavior analysis sub-module: deep analysis is carried out on the extracted equipment characteristics, and abnormal behaviors or potential threats of the equipment are detected in real time;
and the self-adaptive device management module can dynamically adjust the device management strategy according to the device behavior analysis result.
8. The deep learning-based intelligent network device service hosting security management system of claim 1, wherein: the host security management system further comprises a self-adaptive threat prediction module, wherein the self-adaptive threat prediction module adopts a deep learning algorithm to learn past network attacks and abnormal behavior data and predicts possible threats and attacks in the future; the module further comprises:
historical data analysis submodule: analyzing historical network attack and abnormal behavior data, and extracting key features;
threat prediction sub-module: based on the result of the historical data analysis, predicting future threats and attacks by using a deep neural network model;
and the prediction result feedback module is used for automatically adjusting the security policy of the system according to the threat prediction result.
9. The deep learning-based intelligent network device service hosting security management system of claim 1, wherein: the host safety management system further comprises a self-adaptive user behavior analysis module, wherein the self-adaptive user behavior analysis module monitors and analyzes network behaviors of a user in real time through a deep learning algorithm and identifies abnormal or malicious user behaviors; the module further comprises:
and a user behavior characteristic extraction sub-module: extracting characteristics of network behavior data of a user;
abnormal behavior detection sub-module: based on the extracted user behavior characteristics, detecting abnormal or malicious user behaviors in real time by using a deep learning model;
and the user behavior management module automatically executes a corresponding security policy according to the result of the user behavior analysis.
10. The deep learning-based intelligent network device service hosting security management system of claim 1, wherein: the host security management system further comprises an adaptive traffic monitoring and management module which monitors and analyzes network traffic in real time by using a deep learning algorithm for identifying potential DDoS attacks, botnet traffic or other malicious traffic. The module further comprises:
and a flow characteristic extraction sub-module: deep analysis is carried out on the data packets entering and exiting the network, and key flow characteristics are extracted;
malicious traffic detection submodule: based on the extracted flow characteristics, detecting and classifying malicious flows in real time by using a deep neural network model;
traffic management sub-module: according to the malicious flow detection result, automatically executing a corresponding flow management strategy;
adaptive response and recovery module: the module can automatically take responsive action when the system detects malicious traffic or attacks.
CN202311437817.0A 2023-11-01 2023-11-01 Intelligent network equipment service host safety management system based on deep learning Pending CN117424740A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311437817.0A CN117424740A (en) 2023-11-01 2023-11-01 Intelligent network equipment service host safety management system based on deep learning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311437817.0A CN117424740A (en) 2023-11-01 2023-11-01 Intelligent network equipment service host safety management system based on deep learning

Publications (1)

Publication Number Publication Date
CN117424740A true CN117424740A (en) 2024-01-19

Family

ID=89526203

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311437817.0A Pending CN117424740A (en) 2023-11-01 2023-11-01 Intelligent network equipment service host safety management system based on deep learning

Country Status (1)

Country Link
CN (1) CN117424740A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117611015A (en) * 2024-01-22 2024-02-27 衡水烨通建设工程有限公司 Real-time monitoring system for quality of building engineering
CN117834311A (en) * 2024-03-06 2024-04-05 成都工业职业技术学院 Malicious behavior identification system for network security
CN118018332A (en) * 2024-04-09 2024-05-10 山东慧贝行信息技术有限公司 Machine learning-based network data leakage early warning system and method thereof
CN118157994A (en) * 2024-05-10 2024-06-07 福建依时利软件股份有限公司 Campus security Internet of things sensing system and method based on AI algorithm
CN118353667A (en) * 2024-04-22 2024-07-16 云仓库(广东)信息科技有限公司 Network security early warning method and system based on deep learning
CN118432854A (en) * 2024-03-29 2024-08-02 北京绿百顺科技有限公司 Network encapsulation detection system and method
CN118509266A (en) * 2024-07-22 2024-08-16 四川云互未来科技有限公司 Network traffic data mining method and system based on artificial intelligence

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101814368B1 (en) * 2017-07-27 2018-01-04 김재춘 Information security network integrated management system using big data and artificial intelligence, and a method thereof
CN112202726A (en) * 2020-09-10 2021-01-08 西安交通大学 System anomaly detection method based on context sensing
CN116319061A (en) * 2023-04-18 2023-06-23 天津市职业大学 Intelligent control network system
CN116662989A (en) * 2023-08-01 2023-08-29 深圳奥联信息安全技术有限公司 Security data analysis method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101814368B1 (en) * 2017-07-27 2018-01-04 김재춘 Information security network integrated management system using big data and artificial intelligence, and a method thereof
CN112202726A (en) * 2020-09-10 2021-01-08 西安交通大学 System anomaly detection method based on context sensing
CN116319061A (en) * 2023-04-18 2023-06-23 天津市职业大学 Intelligent control network system
CN116662989A (en) * 2023-08-01 2023-08-29 深圳奥联信息安全技术有限公司 Security data analysis method and system

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117611015A (en) * 2024-01-22 2024-02-27 衡水烨通建设工程有限公司 Real-time monitoring system for quality of building engineering
CN117611015B (en) * 2024-01-22 2024-03-29 衡水烨通建设工程有限公司 Real-time monitoring system for quality of building engineering
CN117834311A (en) * 2024-03-06 2024-04-05 成都工业职业技术学院 Malicious behavior identification system for network security
CN117834311B (en) * 2024-03-06 2024-05-14 成都工业职业技术学院 Malicious behavior identification system for network security
CN118432854A (en) * 2024-03-29 2024-08-02 北京绿百顺科技有限公司 Network encapsulation detection system and method
CN118018332A (en) * 2024-04-09 2024-05-10 山东慧贝行信息技术有限公司 Machine learning-based network data leakage early warning system and method thereof
CN118018332B (en) * 2024-04-09 2024-07-30 山东慧贝行信息技术有限公司 Machine learning-based network data leakage early warning system and method thereof
CN118353667A (en) * 2024-04-22 2024-07-16 云仓库(广东)信息科技有限公司 Network security early warning method and system based on deep learning
CN118157994A (en) * 2024-05-10 2024-06-07 福建依时利软件股份有限公司 Campus security Internet of things sensing system and method based on AI algorithm
CN118509266A (en) * 2024-07-22 2024-08-16 四川云互未来科技有限公司 Network traffic data mining method and system based on artificial intelligence

Similar Documents

Publication Publication Date Title
Ullah et al. Intelligent intrusion detection system for Apache web server empowered with machine learning approaches
CN117424740A (en) Intelligent network equipment service host safety management system based on deep learning
Subbiah et al. Intrusion detection technique in wireless sensor network using grid search random forest with Boruta feature selection algorithm
Khanday et al. Implementation of intrusion detection model for DDoS attacks in Lightweight IoT Networks
Azam et al. Comparative analysis of intrusion detection systems and machine learning based model analysis through decision tree
Süzen Developing a multi-level intrusion detection system using hybrid-DBN
Khalaf et al. An adaptive protection of flooding attacks model for complex network environments
Repalle et al. Intrusion detection system using ai and machine learning algorithm
Farahani Feature Selection Based on Cross‐Correlation for the Intrusion Detection System
Ahanger et al. An effective intrusion detection system using supervised machine learning techniques
Soniya et al. Intrusion detection system: Classification and techniques
Naz et al. Ensemble learning-based IDS for sensors telemetry data in IoT networks
Chapaneri et al. Multi-level Gaussian mixture modeling for detection of malicious network traffic
Shankar et al. Deep analysis of risks and recent trends towards network intrusion detection system
CN118138361A (en) Security policy making method and system based on autonomously evolutionary agent
Samha et al. Intrusion detection system using hybrid convolutional neural network
Daihes et al. MORTON: detection of malicious routines in large-scale DNS traffic
Parhizkari Anomaly detection in intrusion detection systems
Abdullahi et al. Comparison and investigation of AI-based approaches for cyberattack detection in cyber-physical systems
Mehta et al. Threat prediction using ensemble learning algorithm to provide end-point security
Abhale et al. Deep learning algorithmic approach for operational anomaly based intrusion detection system in wireless sensor networks
Chandak et al. DDoS attack detection in smart home applications
Udayakumar et al. Machine Learning Based Intrusion Detection System
Rajendiran et al. Trustworthy-Based Authentication Model with Intrusion Detection for IoT-Enabled Networks with Deep Learning Algorithm.
Pakmehr et al. DDoS attack detection techniques in IoT networks: a survey

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination