CN103795723B - Distributed type internet-of-things safety situation awareness method - Google Patents
Distributed type internet-of-things safety situation awareness method Download PDFInfo
- Publication number
- CN103795723B CN103795723B CN201410040847.2A CN201410040847A CN103795723B CN 103795723 B CN103795723 B CN 103795723B CN 201410040847 A CN201410040847 A CN 201410040847A CN 103795723 B CN103795723 B CN 103795723B
- Authority
- CN
- China
- Prior art keywords
- data
- feature
- training
- information
- sample
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a distributed type internet-of-things safety situation awareness method. The distributed type internet-of-things safety situation awareness method includes the steps that event features are extracted from the internet of things through tools and are combined into corresponding feature sets according to the sequence, the feature sets obtained in the first step are subjected to feature reduction through principal component analysis, the features having been subjected to feature reduction are subjected to machine learning through the Help-Training algorithm, information needing sensing is input into a machine learning engine, security event types serve as output and are mapped to a specific situation value, a time threshold value is set, information interaction is carried out between nodes according to fixed time intervals, and when time is up, training data sets are sent to adjacent sensing nodes by the nodes through the distance vector algorithm. In the method, principal component analysis is adopted to carry out feature reduction on the security event attribute features and reduce the number of attribute feature dimensions, data training is carried out on the attribute features having been subjected to feature reduction through the increment self-learning method, and therefore system training time is shortened, and system generalization ability is improved.
Description
Technical field
The present invention relates to computer network security field, particularly relate to a kind of distributed Internet of Things security postures sense
Perception method.
Background technology
Continuous development with computer technology and the continuous popularization of application, the quick sensing of network safety event becomes
The particularly important problem facing for network technician, the research of many related network safe practices also reaches its maturity.
A kind of network security situation awareness technology to network safe state detection monitoring as network manager, is also current information peace
One of full study hotspot.Carry out this research, the emergency response capability of raising network system, alleviation network attack are made
The tools such as the harm becoming, the intrusion behavior finding potential malice are of great significance.But the growth due to network size, network
Security incident feature mainly includes at following 4 points:The scale of construction is huge(volume), wide variety(variety), value density low
(value), quick process(velocity).Due to this several big feature, security postures generate needs the multiple network of comprehensive analysis
Security factor, such as system vulnerability etc., and more than Network Intrusion, network situation awareness feature high-dimensional.
The development of network situation awareness all carries to machine learning in terms of research direction, evaluation metricses and key technology etc.
New demand and challenge are gone out, the quantity of training example is very big, converges a large amount of security date sets daily.In addition, it is more next
More equipment includes sensor, and the data persistently recording observation can be used as training data, and such data set can be easily
Ground reaches hundreds of TB, input data high-dimensional.Principal component analysiss(PCA)Exactly manage originally numerous variables, group again
It is combined into one group of new aggregate variable being independent of each other to replace primal variable, from multiple variables, comprehensively obtain a few generation
Table variable is so as to most information of original variable can be represented and orthogonal.Processing method is exactly by original change
Amount does linear combination, as new aggregate variable, if first linear combination chosen is that first aggregate variable is designated as
F1, naturally wish that it reflects the information of primal variable as much as possible, " information " is measured with variance here, and that is, variance is bigger, F1
The information comprising is more, therefore selected in all of linear combination F1Should be that variance is maximum, therefore referred to as first is main
Composition.If first principal component is not enough to represent the information of N number of variable originally, consider further that second linear combination F of selection2, claim F2
For Second principal component, the P main constituent that the rest may be inferred can construct third and fourth ....Using the feature after yojan
Practise and can greatly reduce learning time and resources occupation rate in the case of ensureing accuracy, improve system response time.
With the development of data collection techniques, the samples that acquisition does not mark in a large number are relatively easy, and mark sample and need
Want arduous manual labour.Obviously, only using a small amount of mark sample, that is, supervised learning mode, that study training are adopted
Model is often difficult to stronger generalization ability;In addition, if only using a small amount of mark sample, and abandon use and do not mark in a large number
If sample, then waste substantial amounts of data.Semi-supervised self-training learning method(Semi-supervised training
Learning method, SSTLM)Exactly study and how to comprehensively utilize identified data and a large amount of non-mark data on a small quantity, obtain
There is the Learning machine of superperformance and generalization ability.The basic thought of semi-supervised learning is known one mark sample setNo mark sample set with oneExpect that training obtains one
Pattern functionSample x can be predicted with it marks y.HereIt isDimensional vector,For
SampleMark, L is the mark number of samples that comprised of sample,For not marking the sample number that sample is comprised.Semi-supervised
In study, voluntarily using not marking sample, whole process is automatically performed learner, is based only upon learner itself to unlabeled data
It is labeled.
Information exchange between system only exchanges training information with adjacent system node.If logical between two nodes
Letter only need to be through a router, then this two nodes are adjacent, do not exchange information between non-conterminous node.Exchange
Information is the full detail of the new perception of present node, i.e. the increment information of oneself.By arranging time threshold, node is according to fixation
Event interactive information, such as every 1 hour, node is according to receiving the information of adjacent node with the newly features training storehouse of oneself.Letter
Breath interaction technique can reduce the quantity of node diagnostic data, increases the real-time of system.
Content of the invention
The present invention is in order to solve existing security postures cognitive method resources occupation rate height, between process time length, system
Cannot real time interaction information the problems such as, propose a kind of distributed Internet of Things security postures cognitive method, this method adopt main composition
Analysis yojan security incident attribute character, reduces attribute character dimension, adopts increment self study side to the attribute character after yojan
Method carries out data training, thus reducing the systematic training time, improves the generalization ability of system.
The technical solution adopted in the present invention is:A kind of distributed Internet of Things security postures cognitive method, described method
Comprise the following steps:
Step 1, feature extraction:By system operation daily record, hole scanner, intruding detection system SNORT, VDS,
FireWall or the water flow collection device being embedded in switch and router extract affair character, by extracted from Internet of Things
Feature is combined as corresponding characteristic set in order,;
Step 2, feature reduction:Feature reduction is carried out to the characteristic set obtaining in step one using PCA;
Step 3, machine learning:Machine learning is carried out to the feature after yojan using Help-Training algorithm;
Step 4, Situation Awareness:The information input machine learning engine that will perceive, is output as security incident type, will pacify
Total event Type mapping is a concrete situation value;
Step 5, information exchange:One time threshold of setting, node according to fixed time interval interactive information, when
Between reach after, node adopts distance vector algorithms to send training dataset to neighbouring sensing node.
Described feature reduction comprises the following steps:
Step 201, data normalization, the characteristic set obtaining in setting procedure 1 is X, the p dimension attribute characteristic number of X it is believed that
Breath, the data information battle array of n sample is:
, wherein,, using formula, whereinData is standardized, its
In,,, wherein,;
Step 202, calculating data sample correlation matrix are it is assumed that still being represented with X after primitive character collective standard, sharp
Use formulaCalculate data sample correlation matrix, wherein correlation coefficient, wherein,;
Step 203, the eigenvalue of calculating correlation matrix RWith corresponding characteristic vector;
Step 204, using PCA select main constituent, using formula contribution rate=Calculate each main one-tenth
Divide the proportion accounting for whole variances, the main constituent quantity that wherein p obtains for principal component analysiss, according to k before the size selection of contribution rate
Individual main constituent, using formula Obtain
Each main constituent, wherein,Orthogonal,,Variance be more thanVariance be more thanVariance, the like,.
Described Help-Training algorithm specifically includes:
Set the sample set of a small amount of mark, the sample set that do not mark in a large number, create data set, data
CollectionIt is initially empty, never mark sample setMiddle spin data is added toIn, use marked sample setInstruction
Practise Main classification deviceWith auxiliary grader, create a data set, it is initialized as sky, use
RightIn data be predicted, select confidence level highestIndividual data is added toIn, useRightIn data be labeled, to data set, re -training Main classification deviceWith auxiliary grader.
Described information exchange specifically includes:
When step 401, time threshold are 0, node sends increment perception information by the way of broadcast, and arranges its route
Distance is 1, subtracts 1 when packet is through router by the route distance of solicited message, and increment perception information route distance is 0
When, router abandons this packet automatically;
Step 402, node re-start machine learning according to the incremental data receiving and existing data.This
Bright beneficial effect:
1st, multiple security tools are utilized to extract network safety event attribute character, by existing system security log, leak
Scanning tools, IDS, VDS (Virus Detection System), FireWall, Netflow (are embedded in switch and road
Water flow collection device by device) etc. method extract security incident feature, the safety information of complete perception system, improve safe thing
The objectivity of part perception, increases security incident perception accuracy;
2nd, adopt the method yojan intrinsic dimensionality of mathematics dimensionality reduction, in order to solve existing attribute character analysis method feature redundancy
Degree is high and fails to make full use of the problem of complementary relationship between feature, based on principal component analytical method(PCA)Feature selected by analysis it
Between complementarity, by merging, complementary characteristic is combined together, a kind of intrinsic dimensionality reduction method is provided, will numerous genus originally
Property feature, reconfigure to replace primal variable for one group of new aggregate variable being independent of each other, comprehensive from multiple variables be
A few representative variable is so as to most information of original variable can be represented and orthogonal, reduce system initial
The change time, improve system operation and detection efficiency;
3rd, increment type self-learning method is adopted to improve the accuracy rate of method, in order to make full use of mark and the number not marked
According to using semi-supervised self-training learning method(Semi-supervised training learning method, SSTLM)Comprehensive
Close using identified data on a small quantity and a large amount of non-mark data, obtain the Learning machine with superperformance and generalization ability.With
The method that the multiple learning algorithm of Shi Caiyong combines, improves the accuracy rate of study.Avoid using supervised learning mode, make to train
Learning model be difficult to stronger generalization ability, in addition, not only using a small amount of mark sample, and using not marking sample in a large number
If this, take full advantage of the data not marked in a large number;
4th, adopt distributed deployment scheme to increase the collaborative of system, sensory perceptual system be deployed in different network nodes,
One time threshold of setting, after the time reaches, node sends training dataset to neighbouring sensing node, to realize different sections
The real-time update of point training dataset is it is ensured that the synchronicity of training dataset.
Brief description
Fig. 1 is the structured flowchart of the present invention;
Fig. 2 is the structured flowchart of Help-Training algorithm of the present invention.
Specific embodiment
As illustrated, a kind of distributed Internet of Things security postures cognitive method, described method comprises the following steps:
Step 1, feature extraction:By system operation daily record, hole scanner, intruding detection system SNORT, VDS,
FireWall or the water flow collection device being embedded in switch and router extract affair character, by extracted from Internet of Things
Feature is combined as corresponding characteristic set in order,;
Step 2, feature reduction:Feature reduction is carried out to the characteristic set obtaining in step one using PCA;
Step 3, machine learning:Machine learning is carried out to the feature after yojan using Help-Training algorithm;
Step 4, Situation Awareness:The information input machine learning engine that will perceive, is output as security incident type, will pacify
Total event Type mapping is a concrete situation value;
Step 5, information exchange:One time threshold of setting, node according to fixed time interval interactive information, when
Between reach after, node adopts distance vector algorithms to send training dataset to neighbouring sensing node.
(1)Feature extraction
" dimension disaster " is to hinder internet security Situation Awareness method(SSAM)Application and actual huge obstacle, higher-dimension
The input vector of number can bring huge operand, and this necessarily makes feature set training method lose real-time.The mesh of feature reduction
Be to identify important feature for merging, delete and very little affected on fusion results or does not substantially have influential
Feature.Its essence is exactly to find the subset of an input feature vector, and the feature in this subset is larger on fusion results impact
Characteristic set.Feature extracting method is described as follows:
By system operation daily record, hole scanner, intruding detection system SNORT, VDS (Virus Detection
System), the instrument such as FireWall, Netflow (being embedded in the water flow collection device in switch and router) extracts event
Feature, obtains corresponding characteristic set.The feature extracted is combined as feature set X in order, obtains the P dimension of security incident X
Attribute character data message.
Individual characteristic variable,The data information battle array of individual sample is:
Wherein:
(2), feature reduction
1), data normalization
Wherein
2), calculate sample correlation coefficient matrix
For convenience of it is assumed that still using after initial data standardizationRepresent, then the phase relation of the data after normalized process
Number is:
3), calculate correlation matrix R eigenvalueWith corresponding characteristic vector
4), select main composition
Principal component analysiss can obtainIndividual main constituent, but, the variance due to each main constituent is successively decreased, and comprises
Quantity of information is also successively decrease, so during actual analysis, generally not choosingIndividual main constituent, but added up according to each main constituent
Before the size of contribution rate is chosenIndividual main constituent, here contribution rate just refer to that the variance of certain main constituent accounts for the ratio of whole variances
Weight, actual namely certain eigenvalue accounts for the proportion that All Eigenvalues add up to.I.e.:
Contribution rate=
Contribution rate is bigger, illustrates that the information of the original variable that this main constituent is comprised is stronger.Main constituent numberSelection,
Mainly determined according to the accumulation contribution rate of main constituent, typically require contribution rate of accumulative total to reach more than 80% or selected characteristic
Before value is more than 1Individual main composition, such guarantee aggregate variable can include most information of original variable.
By obtainThe following linear transformation of composition of individual characteristic vector, that is,
It is abbreviated as:
Model is required to meet following condition:
①Orthogonal(,)
②Variance be more thanVariance be more thanVariance, the like
③
Then, claimFor first principal component,For Second principal component, the rest may be inferred, hasIndividual main constituent.Main one-tenth
Divide and be principal component again.HereWe are referred to as main constituent coefficient.
Above-mentioned model can be expressed in matrix as:
, wherein
;
Referred to as main constituent coefficient matrix, can be obtained the coefficient of each main constituent, main constituent can be written by main constituent matrix table
Expression formula.By training dataset substitute into main composition expression formula can in the hope of feature reduction after data set.
(3), feature set study
In self-training learning process, the sample training with having mark on a small quantity goes out a preliminary classification device IC first
(Initial Classifier), is then labeled to not marking sample with IC, finally selects confidence level highest not mark
Sample is added in mark sample set, and then re -training updates grader IC, to improve the Generalization Capability of grader with this.
In Help-Training learning process, the sample training with having mark on a small quantity goes out a Main classification device MC first
(Main Classifier) and auxiliary grader AC (Auxiliary Classifier), with auxiliary grader AC to not marking sample
It is predicted, selects confidence level highest k sample, then with Main classification device MC, kind judging is carried out to this k sample.Then
The sample having marked has been added in the mark corresponding classification of sample.Produce change if there are mark sample set, then again
Training Main classification device MC and auxiliary grader AC, is finally classified using MC.
Help-Training algorithm
Input:A small amount of data set having marked, the data set that do not mark in a large number, algorithm iteration number of timesAlgorithm
Implementation procedure:
1st, initialization data set, and Main classification device MC, auxiliary grader AC
Create data set, it is initially empty, from unlabeled data collectionMiddle selection data is added toIn, with marking
Note sample setTrain Main classification device MC and auxiliary grader AC.
2nd, repeat procedure below M time
Create a data set, it is initialized as sky, with AC pairIn data be predicted, select confidence level
HighIndividual data is added toIn, with MC pairIn data be labeled, to data set, re -training master
Grader MC and auxiliary grader AC,
From unlabeled data collectionMiddle selection data is added toIn.
(4), event perception
Perception information is inputted study engine, is output as security incident type, security incident Type mapping is a tool
Figure's gesture value.We fall into 5 types security incident, and Normal is normal, dos attack, Probe TCP, R2L attack and U2R
Attack, this five kinds of attack types are mapped to a system security postures value according to its extent of injury by us(Security
Situational values, SSV).For normal linkage record, SSV is made to be 0.9;Dos attack is to make system resource exhaustion
And cannot be a kind of attack meanses of other users offer normal service, make SSV be 0.1;Probe refers to computer network
Or server is scanned, SSV is made to be 0.7;It is that long-distance user obtains main frame access rights that R2L attacks, and makes SSV be 0.5;U2R
Obtain administrator right for local user, make SSV be 0.3.
(5), information exchange
Information exchange between system only exchanges perception information with adjacent system node.This method adopts distance vector to calculate
Method, if the communication between two nodes only need to be through a router, then this two nodes are adjacent, non-conterminous section
Information is not exchanged between point.The information exchanging is the full detail of the new perception of present node, i.e. the increment information of oneself.By setting
Put time threshold, node is according to fixed time interval interactive information.Information exchange scheme is as follows:
1st, when time threshold is 0, node sends increment perception information by the way of broadcast, and arranges its route distance
For 1, when packet is through router, the route distance of this solicited message is subtracted 1.When increment perception information route distance is 0,
Router abandons this packet automatically.
2nd, node re-starts machine learning according to the incremental data receiving and existing data.
Neatly the data transfer after analysis can be given other on-line system assemblies, transmission data is come using XML format,
Therefore it is with good expansibility.
Claims (4)
1. a kind of distributed Internet of Things security postures cognitive method it is characterised in that:Described method comprises the following steps:
Step 1, feature extraction:By system operation daily record, hole scanner, intruding detection system SNORT, VDS,
FireWall or the water flow collection device being embedded in switch and router extract affair character, by extracted from Internet of Things
Feature is combined as corresponding characteristic set in order;
Step 2, feature reduction:Feature reduction is carried out to the characteristic set obtaining in step 1 using PCA;
Step 3, machine learning:Machine learning is carried out to the feature after yojan using Help-Training algorithm;
Step 4, Situation Awareness:The information input machine learning engine that will perceive, is output as security incident type, by safe thing
Part Type mapping is a concrete situation value;
Step 5, information exchange:One time threshold of setting, node, according to fixed time interval interactive information, reaches in the time
Afterwards, node adopts distance vector algorithms to send training dataset to neighbouring sensing node.
2. as claimed in claim 1 a kind of distributed Internet of Things security postures cognitive method it is characterised in that:Described feature
Yojan comprises the following steps:
Step 201, data normalization, the characteristic set obtaining in setting procedure 1 is X, the p dimension attribute characteristic information of X, the data information battle array of n sample is:
, wherein,, using formula, whereinData is standardized, its
In,,, wherein,;
Step 202, calculating data sample correlation matrix are it is assumed that still represented with X after primitive character collective standard, using public affairs
FormulaCalculate data sample correlation matrix, wherein correlation coefficient, wherein,;
Step 203, the eigenvalue of calculating correlation matrix RWith corresponding characteristic vector;
Step 204, using PCA select main constituent, using formula contribution rate=Calculate each main constituent to account for
All proportion of variance, the main constituent quantity that wherein p obtains for principal component analysiss, according to k master before the size selection of contribution rate
Composition, using formula Obtain each
Main constituent, wherein,Orthogonal,,Variance be more than's
Variance is more thanVariance, the like,.
3. as claimed in claim 1 a kind of distributed Internet of Things security postures cognitive method it is characterised in that:Described
Help-Training algorithm specifically includes:
Set the sample set of a small amount of mark, the sample set that do not mark in a large number, create data set, data setIt is initially empty, never mark sample setMiddle spin data is added toIn, use marked sample setTraining
Go out Main classification deviceWith auxiliary grader, create a data set, it is initialized as sky, useRightIn data be predicted, select confidence level highestIndividual data is added toIn, useRight
In data be labeled, to data set, re -training Main classification deviceWith auxiliary grader.
4. as claimed in claim 1 a kind of distributed Internet of Things security postures cognitive method it is characterised in that:Described information
Interaction specifically includes:
When step 401, time threshold are 0, node sends increment perception information by the way of broadcast, and arranges its route distance
For 1, when packet is through router, the route distance of solicited message is subtracted 1, when increment perception information route distance is 0, road
This packet is automatically abandoned by device;
Step 402, node re-start machine learning according to the incremental data receiving and existing data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410040847.2A CN103795723B (en) | 2014-01-28 | 2014-01-28 | Distributed type internet-of-things safety situation awareness method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410040847.2A CN103795723B (en) | 2014-01-28 | 2014-01-28 | Distributed type internet-of-things safety situation awareness method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103795723A CN103795723A (en) | 2014-05-14 |
| CN103795723B true CN103795723B (en) | 2017-02-15 |
Family
ID=50671009
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410040847.2A Active CN103795723B (en) | 2014-01-28 | 2014-01-28 | Distributed type internet-of-things safety situation awareness method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103795723B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP4311167A1 (en) * | 2022-07-21 | 2024-01-24 | Rockwell Automation Technologies, Inc. | Systems and methods for artificial intelligence-based security policy development |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104486141B (en) * | 2014-11-26 | 2018-10-23 | 国家电网公司 | A kind of network security situation prediction method that wrong report is adaptive |
| CN106161426A (en) * | 2016-06-08 | 2016-11-23 | 北京工业大学 | A kind of vulnerability scanning method being applied to industry Internet of Things |
| CN105897517A (en) * | 2016-06-20 | 2016-08-24 | 广东电网有限责任公司信息中心 | Network traffic abnormality detection method based on SVM (Support Vector Machine) |
| CN108256536B (en) * | 2016-12-28 | 2021-10-29 | 全球能源互联网研究院 | Power network situation perception method and device based on geographical position relation |
| US10178131B2 (en) | 2017-01-23 | 2019-01-08 | Cisco Technology, Inc. | Entity identification for enclave segmentation in a network |
| CN107046534A (en) * | 2017-03-24 | 2017-08-15 | 厦门卓讯信息技术有限公司 | A kind of network safety situation model training method, recognition methods and identifying device |
| TWI637280B (en) | 2017-05-16 | 2018-10-01 | 緯創資通股份有限公司 | Monitoring method based on internet of things, fog computing terminal and internet of things system |
| CN109598120A (en) * | 2018-11-15 | 2019-04-09 | 中国科学院计算机网络信息中心 | Security postures intelligent analysis method, device and the storage medium of mobile terminal |
| CN110135196B (en) * | 2019-05-10 | 2020-07-17 | 内蒙古工业大学 | Data fusion tamper-proof method based on input data compression representation correlation analysis |
| CN110830287B (en) * | 2019-09-27 | 2021-11-16 | 西北大学 | Internet of things environment situation sensing method based on supervised learning |
| CN112637084B (en) * | 2020-12-10 | 2022-09-23 | 中山职业技术学院 | Distributed network flow novelty detection method and classifier |
| CN113010884B (en) * | 2021-02-23 | 2022-08-26 | 重庆邮电大学 | Real-time feature filtering method in intrusion detection system |
| CN113051619B (en) * | 2021-04-30 | 2023-03-03 | 河南科技大学 | K-anonymity-based traditional Chinese medicine prescription data privacy protection method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098180A (en) * | 2011-02-17 | 2011-06-15 | 华北电力大学 | Network security situational awareness method |
| CN102542818A (en) * | 2012-01-13 | 2012-07-04 | 吉林大学 | Organic-calculation-based coordination control method for traffic signal of zone boundary |
-
2014
- 2014-01-28 CN CN201410040847.2A patent/CN103795723B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098180A (en) * | 2011-02-17 | 2011-06-15 | 华北电力大学 | Network security situational awareness method |
| CN102542818A (en) * | 2012-01-13 | 2012-07-04 | 吉林大学 | Organic-calculation-based coordination control method for traffic signal of zone boundary |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP4311167A1 (en) * | 2022-07-21 | 2024-01-24 | Rockwell Automation Technologies, Inc. | Systems and methods for artificial intelligence-based security policy development |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103795723A (en) | 2014-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103795723B (en) | Distributed type internet-of-things safety situation awareness method | |
| CN107566376A (en) | One kind threatens information generation method, apparatus and system | |
| CN106131017B (en) | Cloud computing information security visualization system based on trust computing | |
| CN110380896A (en) | Network security situation awareness model and method based on attack graph | |
| CN107665191A (en) | Private protocol message format inference method based on extended prefix tree | |
| CN106850333A (en) | A kind of network equipment recognition methods and system based on feedback cluster | |
| CN103581186A (en) | Network security situation awareness method and system | |
| CN105897714A (en) | Botnet detection method based on DNS (Domain Name System) flow characteristics | |
| CN108768986A (en) | A kind of encryption traffic classification method and server, computer readable storage medium | |
| CN104486141A (en) | Misdeclaration self-adapting network safety situation predication method | |
| CN110677430B (en) | User risk degree evaluation method and system based on log data of network security equipment | |
| CN107092929A (en) | Criminal offense case association string and method and system based on clustering technique | |
| CN103136358B (en) | A kind of method of Automatic Extraction forum data | |
| TW200849917A (en) | Detecting method of network invasion | |
| CN105654144A (en) | Social network body constructing method based on machine learning | |
| CN109359686A (en) | A kind of user's portrait method and system based on Campus Network Traffic | |
| CN109905288A (en) | A kind of application service classification method and device | |
| CN113269228B (en) | Method, device and system for training graph network classification model and electronic equipment | |
| CN102999638A (en) | Phishing website detection method excavated based on network group | |
| EP4088171A1 (en) | System and method to dynamically generate a set of api endpoints | |
| CN107612911A (en) | Method based on the infected main frame of DNS flow detections and C&C servers | |
| CN107154923A (en) | A kind of network inbreak detection method based on the very fast learning machine of multilayer | |
| CN105871861B (en) | A kind of intrusion detection method of self study protocol rule | |
| CN110505202A (en) | A kind of attack tissue discovery method and system | |
| CN116662282B (en) | Service data processing sharing system based on multidimensional data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20191106 Address after: Room 407, building 3-2, science and Technology Park, Luoyang National University, No. 2 Penglai Road, Jianxi District, Luoyang District, China (Henan) pilot free trade zone 471000 Patentee after: Henan zhuodoo Information Technology Co., Ltd. Address before: 471000 Xiyuan Road, Jianxi District, Henan, No. 48, No. Patentee before: Henan University of Science and Technology |
|
| TR01 | Transfer of patent right |