CN104935600A - Mobile ad hoc network intrusion detection method and device based on deep learning - Google Patents
Mobile ad hoc network intrusion detection method and device based on deep learning Download PDFInfo
- Publication number
- CN104935600A CN104935600A CN201510344393.2A CN201510344393A CN104935600A CN 104935600 A CN104935600 A CN 104935600A CN 201510344393 A CN201510344393 A CN 201510344393A CN 104935600 A CN104935600 A CN 104935600A
- Authority
- CN
- China
- Prior art keywords
- network
- module
- invasion
- deep neural
- mobile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a mobile ad hoc network intrusion detection method and device based on deep learning, relating to the field of wireless network safety. The device comprises a data acquisition module, a data fusion module, a preprocessing module, a storage module, an intrusion detection module and a response warning module. After fusion and redundancy elimination of captured wireless data packages, network behavior features are extracted and stored; after deep learning of the network behavior features, a deep neural network model expressing network behaviors is established; and to-be-detected network data is input into the deep neural network model, after intrusion is judged and recognized, response and warning are performed. According to the method, network behavior feature vectors which are detected and are considered to be abnormal are stored and are used for training the deep neutral network. When occurring again, the intrusion types can be detected and recognized. While the model training and detection efficiency are guaranteed, the detection accuracy is improved, and the safety of the mobile ad hoc network is further improved.
Description
Technical field
The present invention relates to mobile ad-hoc network field and degree of deep learning areas, the intrusion detection method especially in self-organizing network and equipment.
Background technology
Movable self-organization (Ad hoc) network and the difference being fixed with spider lines, cause intruding detection system (Intrusion Detection System, IDS) to face different problems in Ad hoc network.Ad hoc network adopts open wireless channel, without fixed router, makes it more easily be invaded.Ad hoc network, without static infrastructure, causes IDS can not good statistics, and the network characterization of collection is confined to specific range for wireless communication.Therefore, the problems faced of Intrusion Detection Technique in the urgent need to address in mobile ad-hoc network, and then the security protection system of network can be strengthened.
Degree of depth study shows good performance on the Machine Learning Problems of large data, multidimensional characteristic.The invasion existed in adhoc network is varied, needs to collect mass data, statistics multidimensional characteristic to analyze the behavior of ad hoc network, carries out intrusion detection.Degree of depth study is applied in the intrusion detection of ad hoc network, the advantage of deep neural network in machine learning, feature extraction can be played, for the behavior pattern recognition problem of this complexity of ad hoc network intrusion detection provides an effective way.
Notification number be CN101610516A, denomination of invention is disclose in the patent document of " intrusion detection method in self-organizing network and equipment " a kind of to be classified by network characterization based on information gain, adopt SVMs to screen optimal feature subset from grouping, judge the intrusion detection method whether network is invaded.But the method can only detect in network whether there is invasion, invasion type can not be identified, just a kind of abnormality detection technology; The method uses a kind of shallow-layer neural-network learning model, does not have the advantage of degree of depth study; In addition, the method does not relate to wireless monitor and packet capture.
Application number be 201310682813.9, denomination of invention is that " a kind of wireless sensor network intrusion detection algorithm based on neural net " discloses a kind of wireless sensor network IDS Framework, comprise misuse detection, abnormality detection and decision-making module, have chosen BP neural net, generalized regression nerve networks, carry out MATLAB emulation experiment based on the BP neural net of genetic algorithm optimization.This invention does not use deep neural network, and only carried out MATLAB emulation, the validity of algorithm in real network environment can not be described, not catch wireless self-organization network packet, do not relate to network characterization to extract, the intrusion detection in self-organizing network can not be directly applied to.
Summary of the invention
The technical problem to be solved in the present invention is, very complicated security threat is faced with for current ad hoc network, Intrusion Detection Technique for ad hoc network still lacks ripe achievement in research, the demand for security of ad hoc network can not be met well, intrusion detection method in a kind of mobile ad-hoc network is proposed, under the prerequisite ensureing model training and detection efficiency, Detection accuracy can be improved.
For solving the problems of the technologies described above, the present invention adopts following technical scheme:
Based on a mobile ad-hoc network intrusion detection method for degree of depth study, comprise the following steps:
1. from normal mobile ad-hoc network, catch wireless data packet, through data prediction, obtain normal behavior of the network characteristic data set, and be split as training set and the test set of normal behavior of the network feature; Multiple known invasion node is added in mobile ad-hoc network, wireless data packet is caught from the mobile ad-hoc network adding invasion node, through data prediction, obtain network intrusions behavioural characteristic data set, and be split as training set and the test set of network intrusions behavioural characteristic; Described wireless data packet comprises routing request packet, route replies bag, routing error bag and business data packet;
2. use the training of normal behavior of the network features training to practice deep neural network abnormality detection model, obtain the expression to normal behavior of the network; Use network intrusions behavioural characteristic training set training deep neural network Misuse Detection Model, obtain the expression to network intrusions behavior;
3. normal behavior of the network characteristic test collection MTD neural net abnormality detection model is used, according to the further adjustment model parameter of test result; Use network intrusions behavioural characteristic test set MTD neural net Misuse Detection Model, according to the further adjustment model parameter of test result;
4. during intrusion detection, one or more wireless monitor node catches wireless data packet in real time from mobile ad-hoc network, network behavior characteristic vector is obtained through data prediction, deep neural network abnormality detection model after network behavior characteristic vector input adjustment parameter is identified, deep neural network Misuse Detection Model after being judged as abnormal network behavior characteristic vector input adjustment parameter is identified, the recognition result of invasion type is judged;
If 5. recognition result meets known invasion type, then alarm shows such invasion; If recognition result does not meet known invasion type, then the network behavior characteristic vector of exception is stored as new network intrusion character vector, after deep neural network can identify the new network intrusion character vector stored, clustering algorithm is used to carry out class division to it, using the new network intrusion character vector after cluster as network intrusions behavioural characteristic training set training deep neural network Misuse Detection Model, when these invasion types occur again, just identification can be detected;
Complete the mobile ad-hoc network intrusion detection method based on degree of depth study.
Wherein, described data prediction specifically comprises the following steps:
(101) calculate the size of each wireless data packet captured, then carry out frame parsing respectively and extract the field representing wireless data Packet type;
(102) judge the type of each wireless data packet and each wireless data packet is classified;
(103) the network behavior characteristic vector of every class wireless data packet is extracted.
Wherein, the vector that described network behavior characteristic vector is made up of the element of multiple characterizing network performance, specifically comprises: the transmission and reception frequency of route request information, the transmission and reception frequency of route replies message and packet delivery ratio.
Wherein, described use normal behavior of the network features training training is practiced deep neural network abnormality detection model and is specifically comprised the following steps:
(201) model parameter of initialization deep neural network; The model parameter of described deep neural network comprises the neuron number of learning rate, the degree of depth and every one deck;
(202) by normal behavior of the network features training collection input deep neural network model, deep neural network model adjusts the connection weight between neuron automatically, obtains the abstract expression to training data.
Wherein, the Mathematical Modeling that described deep neural network abnormality detection model and deep neural network Misuse Detection Model adopt is deep neural network model; Described deep neural network is the Mathematical Modeling adopting degree of deep learning algorithm, is specially: degree of depth belief network or convolutional neural networks.
Wherein, 3. described step specifically comprises the following steps:
(301) by the deep neural network abnormality detection model after normal behavior of the network characteristic test collection and network intrusions behavioural characteristic test set input adjustment parameter, each characteristic vector in deep neural network abnormality detection Model Identification test set is normal or abnormal, counts and detects accuracy, rate of failing to report and rate of false alarm;
(302) be that abnormal characteristic vector input adjusts the deep neural network Misuse Detection Model after parameter by recognition result in (301), invasion type identified, counts recognition correct rate;
(303) if statistics does not reach goal-selling requirement, the parameter of percentage regulation neural net abnormality detection model and Misuse Detection Model, the parameter of re-training deep neural network abnormality detection model and Misuse Detection Model, until reach goal-selling requirement.
Based on a mobile ad-hoc network intrusion detection device for degree of depth study, comprising: data acquisition module, data fusion module, pretreatment module, memory module, intrusion detection module and response alarm module;
Described data acquisition module, according to the mobile ad-hoc network size that will detect, in mobile ad-hoc network, arrange one or more wireless monitor node, wireless data packet is wirelessly transmitted to data fusion module for the wireless data packet of catching in real time in mobile ad-hoc network; Described wireless data packet comprises routing request packet, route replies bag, routing error bag and business data packet;
Described data fusion module is used for the wireless data packet that the one or more wireless monitor points received are caught to merge, and sends or be wirelessly transmitted to pretreatment module after removing redundant information through cable;
Described pretreatment module is used for the data after to fusion and carries out frame dissection process, and extraction, statistics network behavioural characteristic, obtain network behavior characteristic vector, and network behavior characteristic vector is sent to memory module;
Described memory module comprises general memory block and new Intrusion Signatures memory block, for the network behavior obtained after preliminary treatment characteristic vector is stored in general memory block, and network behavior characteristic vector is sent to intrusion detection module;
Described intrusion detection module, invades for real-time Sampling network, and invasion message notice response alarm module also newly will be invaded network behavior characteristic storage in new Intrusion Signatures memory block;
If network intrusions detected and identify invasion type, then will invade message notice response alarm module; If network intrusions detected but do not identify invasion type, judge in network, to there is unknown invasion type, push-notification-answer alarm module, by the new invasion network behavior characteristic storage of correspondence in new Intrusion Signatures memory block, described invasion information comprises invasion type and invasion time of origin;
Described response alarm module is used for sending warning information after the notice receiving intrusion detection module; Described warning information comprises invasion type and invasion time of origin;
Described new Intrusion Signatures memory block is used for reaching after intrusion detection module can identify in the memory space of new invasion network behavior feature, and use clustering algorithm carries out class division to it, and the new invasion network behavior feature after cluster is sent to intrusion detection module.
Wherein, described intrusion detection module comprises abnormality detecting unit and misuse detecting unit,
Described abnormality detecting unit, for normal behaviour features training deep neural network Network Based, obtains the expression to normal behavior of the network, and Sampling network invasion in real time; Described normal behavior of the network characteristic vector is that the wireless data packet gathered from normal mobile ad-hoc network obtains after pretreatment module preliminary treatment;
Described misuse detecting unit, for intrusion behavior features training deep neural network Network Based, obtains the expression to network intrusions behavior, and identifies that then invasion type will invade message notice response alarm module; Described network intrusions behavioural characteristic obtains after pretreatment module preliminary treatment from adding the wireless data packet gathered the mobile ad-hoc network of known invasion node.
The present invention is relative to the advantage of background technology:
By adopting described intrusion detection method and equipment, deep neural network IDS Framework is built owing to adopting degree of deep learning art, the deep layer attribute of energy learning training data, obtain the feature representation to normal behavior of the network or intrusion behavior, so under the prerequisite ensureing model training and detection efficiency, Detection accuracy can be improved.
Accompanying drawing explanation
Fig. 1 is intrusion detection method flow chart of the present invention;
Fig. 2 is intrusion detection device block diagram of the present invention;
Fig. 3 is the training test process flow chart of intrusion detection in the embodiment of the present invention;
Fig. 4 is intrusion detection overhaul flow chart in the embodiment of the present invention.
In Fig. 2: 1. intrusion detection device, 2. data acquisition module (wireless monitor node), 3. data fusion module, 4. pretreatment module, 5. memory module, 6. intrusion detection module, 7. response alarm module, 8. mobile ad-hoc network, 9. network node.
Embodiment
The embodiment of the present invention provides a kind of based on the intrusion detection method in the mobile ad-hoc network of degree of depth study and equipment, under the prerequisite ensureing model training and detection efficiency, can improve Detection accuracy.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in detail.
As shown in Figure 1, a kind of mobile ad-hoc network intrusion detection method based on degree of depth study of the present invention comprises the following steps:
1. packet capture and preliminary treatment: catch mass data bag from normal mobile ad-hoc network, resolve through frame, judge data package size, extract the field of representative data Packet type, judge type of data packet, in the statistical unit time, the characteristic information such as transmission frequency, receive frequency, mean size, duration of the packet of each type, obtains normal behavior of the network characteristic data set, and it is split as training set and test set according to the ratio of 3:1; In mobile ad-hoc network, add multiple known invasion node respectively, catch mass data respectively, same to said process, obtain network intrusions behavioural characteristic data set, and be split as training set and test set; Described wireless data packet comprises routing request packet, route replies bag, routing error bag and business data packet;
2. the training of network behavior features training is used to practice deep neural network detection model: by normal behavior of the network features training collection input deep neural network abnormality detection model, model adjusts the connection weight between neuron automatically, obtains the expression to normal behavior of the network; By network intrusion character training set input deep neural network Misuse Detection Model, model adjusts the connection weight between neuron automatically, obtains the expression to network intrusions behavior;
Training process is specially:
(201) model parameter of initialization deep neural network; The model parameter of described deep neural network comprises the neuron number of learning rate, the degree of depth and every one deck;
(202) by network behavior features training collection input deep neural network model, deep neural network model adjusts the connection weight between neuron automatically, obtains the abstract expression to training data.
3. network behavior characteristic test collection MTD neural net detection model is used: by normal behavior of the network characteristic test collection input deep neural network abnormality detection model, test model Detection results, further adjustment model parameter (number of plies, neuron number, learning rate etc.); By network intrusions behavioural characteristic test set input deep neural network abnormality detection model, test model Detection results, further adjustment model parameter (number of plies, neuron number, learning rate etc.);
Test process is specially:
(301) by the deep neural network abnormality detection model after network behavior characteristic test collection and network intrusions behavioural characteristic test set input adjustment parameter, each characteristic vector in deep neural network abnormality detection Model Identification test set is normal or abnormal, counts and detects accuracy, rate of failing to report and rate of false alarm;
(302) be that abnormal characteristic vector input adjusts the deep neural network Misuse Detection Model after parameter by recognition result in (301), invasion type identified, counts recognition correct rate;
(303) if statistics does not reach goal-selling requirement, the parameter of percentage regulation neural net abnormality detection model and Misuse Detection Model, the parameter of re-training deep neural network abnormality detection model and Misuse Detection Model, until reach goal-selling requirement.
Embodiment: in embodiment of the present invention mobile ad-hoc network, to the training testing process of deep neural network intrusion detection as shown in Figure 3, intrusion detection flow process as shown in Figure 4 for intrusion detection method.
Such as, attack for mobile ad-hoc network routing layer, comprising: sequence number attack, the attack of mistake distance vector, black hole attack etc., wireless monitor node catches wireless data packet, through data fusion, preliminary treatment, extracts following characteristics set:
(1) RREQ Sent: the route request information bag sum that node sends;
(2) RREQ Received: the route request information bag sum that node receives;
(3) RREP Sent: the route replies message bag sum that node sends;
(4) RREP Received: the route replies message bag sum that node receives;
(5) RERR Sent: the routing error message bag sum that node sends;
(6) RERR Received: the routing error message bag sum that node receives;
(7) Data Sent: the business data packet sum that node sends;
(8) Data Received: the business data packet sum that node receives;
(9) Route Drop: the route bag sum that node abandons;
(10) Route Transmit: the route bag sum that node forwards;
(11) Data Drop: the business data packet sum that node abandons;
(12) Data Transmit: the business data packet sum that node forwards;
(13) Packet size: packet mean size;
(14) Active Node: live-vertex number.
The common network consisting behavioural characteristic vector of all features above, as the input of deep neural network.
The embodiment of the present invention adopts degree of depth belief network (Deep Belief Nets, DBN) modeling is carried out to training data, DBN is a kind of deep neural network model of comparative maturity, add one deck BP (Back Propagation) neural net by two-layer limited Boltzmann machine (Restricted Boltzmann Machine, RBM) to form.DBN is adopted to the mode of successively training, key trains RBM without supervision, according to the structure of RBM, can obtain formula (1) (2) (3) through deriving.In formula (1), T represents sample size, and v represents network characterization vector, i.e. the state vector of RBM visible layer; In formula (2), formula (3), v
irepresent visible layer i-th neuronic state, a
irepresent that visible layer i-th is neuronic biased, h
jrepresent a hidden layer jth neuronic state, b
jrepresent that hidden layer jth is individual neuronic biased; P (h|v, θ) is condition distribution; θ is parameter set { W, a, the b} of RBM; W is connection weight matrix.
A RBM is trained in fact to be exactly adjustment parameter set θ, with the training sample that matching is given, that is, the probability distribution represented by corresponding RBM under this parameter is consistent with training data as much as possible, mathematical expression can be described as the likelihood function that maximization formula (1) describes.
If Direct calculation formulas (1), process will be very complicated, and the embodiment of the present invention adopts the CD fast learning algorithm that computational efficiency is higher, and key step is:
(1) by the parameter set θ of RBM={ W, a, b} are initialized as smaller value, are split as by training data and comprise tens to the small lot data of up to a hundred samples;
(2) visual layers v is made
1equal first small lot sample batch 1;
(3) formula (2) is utilized to try to achieve h
1=sigmoid (b'+v
1w'); Formula (3) is utilized to obtain v
2=sigmoid (a'+h
1w), recycle formula (2) and try to achieve h
2=sigmoid (b'+v
2w');
(4) parameters upgrades according to formula (4) below; In formula (4), W is connection weight matrix, a is visible layer bias vector, b is hidden layer bias vector, η is learning rate;
a+η(v
1-v
2)→a (4)
b+η(h
1-h
2)→b
(5) v is made
1equal other small lot data respectively, repeat step (3) and step (4), obtain model parameter;
After two-layer RBM is completed without supervised training separately, label is added to training data, train BP neural net with having supervision.
4. during intrusion detection, one or more wireless monitor node catches wireless data packet in real time from mobile ad-hoc network, resolve through frame, judge data package size, extract the field of representative data Packet type, judge type of data packet, the transmission frequency of the packet of each type in the statistical unit time, receive frequency, mean size, the characteristic informations such as duration, obtain network behavior characteristic vector, deep neural network abnormality detection model after network behavior characteristic vector input adjustment parameter is identified, deep neural network Misuse Detection Model after being judged as abnormal network behavior characteristic vector input adjustment parameter is identified, the recognition result of invasion type is judged,
The vector that described network behavior characteristic vector is made up of the element of multiple characterizing network performance, specifically comprises: the transmission and reception frequency of route request information, the transmission and reception frequency of route replies message and packet delivery ratio.
If 5. recognition result meets known invasion type, then alarm shows such invasion; If recognition result does not meet known invasion type, then the network behavior characteristic vector of exception is stored as new network intrusion character vector, after deep neural network can identify the new network intrusion character vector stored, clustering algorithm is used to carry out class division to it, using the new network intrusion character vector after cluster as network intrusion character training set training deep neural network Misuse Detection Model, when these invasion types occur again, just identification can be detected;
Embodiment: the DBN model after training; the normal of network or intrusion behavior feature is preserved with the form of parameter set; thus establish the normal of mobile ad-hoc network or intrusion behavior model of cognition; in testing process with normal behaviour deviation comparatively macroreticular feature be just judged as exception, the network characterization higher with certain intrusion behavior matching degree is just judged as this invasion.After invasion being detected, equipment sends warning information to network management, then upgrades and detects journal file, continues next detection.
Complete the mobile ad-hoc network intrusion detection method based on degree of depth study.
As shown in Figure 2, a kind of mobile ad-hoc network intrusion detection device based on degree of depth study of the present invention comprises: data acquisition module, data fusion module, pretreatment module, memory module, intrusion detection module and response alarm module.
1. data acquisition module, in mobile ad-hoc network, arrange one or more wireless monitor node, monitoring network flow, catches wireless data packet, and the data wireless of catching is transferred to data fusion module, the fusion of complete paired data, removes redundant information;
The data that multiple monitoring point is caught are merged by 2. data fusion module, remove redundant information, the accuracy of guarantee information;
3. pretreatment module, judge data package size, extract the field of representative data Packet type, judge type of data packet, in the statistical unit time, the characteristic information such as transmission frequency, receive frequency, mean size, duration of the packet of each type, obtains network behavior characteristic vector;
4. memory module, comprises general memory block and new Intrusion Signatures memory block, the network behavior characteristic vector obtained after preliminary treatment is stored in general memory block, is convenient to next step and analyzes;
5. intrusion detection module, comprises abnormality detecting unit and misuse detecting unit, invades for real-time Sampling network, and invasion message notice response alarm module also newly will be invaded network behavior characteristic storage in new Intrusion Signatures memory block;
If network intrusions detected and identify invasion type, then will invade message notice response alarm module; If network intrusions detected but do not identify invasion type, judge in network, to there is unknown invasion type, push-notification-answer alarm module, by the new invasion network behavior characteristic storage of correspondence in new Intrusion Signatures memory block, described invasion information comprises invasion type and invasion time of origin;
Abnormality detecting unit, for normal behaviour features training deep neural network Network Based, obtains the expression to normal behavior of the network, and Sampling network invasion in real time; Described normal behavior of the network characteristic vector is that the wireless data packet gathered from normal mobile ad-hoc network obtains after pretreatment module preliminary treatment;
Misuse detecting unit, for intrusion behavior features training deep neural network Network Based, obtains the expression to network intrusions behavior, and identifies that then invasion type will invade message notice response alarm module; Described network intrusions behavioural characteristic obtains after pretreatment module preliminary treatment from adding the wireless data packet gathered the mobile ad-hoc network of known invasion node;
6. respond alarm module, after receiving the notice of intrusion detection module, send warning information; Described warning information comprises invasion type and invasion time of origin;
7. new Intrusion Signatures memory block, for reaching after intrusion detection module can identify in the memory space of new invasion network behavior feature, use clustering algorithm carries out class division to it, and the new invasion network behavior feature after cluster is sent to intrusion detection module.
Claims (8)
1., based on a mobile ad-hoc network intrusion detection method for degree of depth study, it is characterized in that, comprise the following steps:
1. from normal mobile ad-hoc network, catch wireless data packet, through data prediction, obtain normal behavior of the network characteristic data set, and be split as training set and the test set of normal behavior of the network feature; Multiple known invasion node is added in mobile ad-hoc network, wireless data packet is caught from the mobile ad-hoc network adding invasion node, through data prediction, obtain network intrusions behavioural characteristic data set, and be split as training set and the test set of network intrusions behavioural characteristic; Described wireless data packet comprises routing request packet, route replies bag, routing error bag and business data packet;
2. use the training of normal behavior of the network features training to practice deep neural network abnormality detection model, obtain the expression to normal behavior of the network; Use network intrusions behavioural characteristic training set training deep neural network Misuse Detection Model, obtain the expression to network intrusions behavior;
3. normal behavior of the network characteristic test collection MTD neural net abnormality detection model is used, according to the further adjustment model parameter of test result; Use network intrusions behavioural characteristic test set MTD neural net Misuse Detection Model, according to the further adjustment model parameter of test result;
4. during intrusion detection, one or more wireless monitor node catches wireless data packet in real time from mobile ad-hoc network, network behavior characteristic vector is obtained through data prediction, deep neural network abnormality detection model after network behavior characteristic vector input adjustment parameter is identified, deep neural network Misuse Detection Model after being judged as abnormal network behavior characteristic vector input adjustment parameter is identified, the recognition result of invasion type is judged;
If 5. recognition result meets known invasion type, then alarm shows such invasion; If recognition result does not meet known invasion type, then the network behavior characteristic vector of exception is stored as new network intrusion character vector, after deep neural network can identify the new network intrusion character vector stored, clustering algorithm is used to carry out class division to it, using the new network intrusion character vector after cluster as network intrusions behavioural characteristic training set training deep neural network Misuse Detection Model, when these invasion types occur again, just identification can be detected;
Complete the mobile ad-hoc network intrusion detection method based on degree of depth study.
2. a kind of mobile ad-hoc network intrusion detection method based on degree of depth study according to claim 1, is characterized in that: described data prediction specifically comprises the following steps:
(101) calculate the size of each wireless data packet captured, then carry out frame parsing respectively and extract the field representing wireless data Packet type;
(102) judge the type of each wireless data packet and each wireless data packet is classified;
(103) the network behavior characteristic vector of every class wireless data packet is extracted.
3. a kind of mobile ad-hoc network intrusion detection method based on degree of depth study according to claim 1 and 2, it is characterized in that: the vector that described network behavior characteristic vector is made up of the element of multiple characterizing network performance, specifically comprise: the transmission and reception frequency of route request information, the transmission and reception frequency of route replies message and packet delivery ratio.
4. a kind of mobile ad-hoc network intrusion detection method based on degree of depth study according to claim 1, is characterized in that: described use normal behavior of the network features training training is practiced deep neural network abnormality detection model and specifically comprised the following steps:
(201) model parameter of initialization deep neural network; The model parameter of described deep neural network comprises the neuron number of learning rate, the degree of depth and every one deck;
(202) by normal behavior of the network features training collection input deep neural network model, deep neural network model adjusts the connection weight between neuron automatically, obtains the abstract expression to training data.
5. a kind of mobile ad-hoc network intrusion detection method based on degree of depth study according to claim 1 or 4, is characterized in that: the Mathematical Modeling that described deep neural network abnormality detection model and deep neural network Misuse Detection Model adopt is deep neural network model; Described deep neural network is the Mathematical Modeling adopting degree of deep learning algorithm, is specially: degree of depth belief network or convolutional neural networks.
6. a kind of mobile ad-hoc network intrusion detection method based on degree of depth study according to claim 1, is characterized in that: 3. described step specifically comprises the following steps:
(301) by the deep neural network abnormality detection model after normal behavior of the network characteristic test collection and network intrusions behavioural characteristic test set input adjustment parameter, each characteristic vector in deep neural network abnormality detection Model Identification test set is normal or abnormal, counts and detects accuracy, rate of failing to report and rate of false alarm;
(302) be that abnormal characteristic vector input adjusts the deep neural network Misuse Detection Model after parameter by recognition result in (301), invasion type identified, counts recognition correct rate;
(303) if statistics does not reach goal-selling requirement, the parameter of percentage regulation neural net abnormality detection model and Misuse Detection Model, the parameter of re-training deep neural network abnormality detection model and Misuse Detection Model, until reach goal-selling requirement.
7. based on a mobile ad-hoc network intrusion detection device for degree of depth study, it is characterized in that comprising: data acquisition module, data fusion module, pretreatment module, memory module, intrusion detection module and response alarm module;
Described data acquisition module, according to the mobile ad-hoc network size that will detect, in mobile ad-hoc network, arrange one or more wireless monitor node, wireless data packet is wirelessly transmitted to data fusion module for the wireless data packet of catching in real time in mobile ad-hoc network; Described wireless data packet comprises routing request packet, route replies bag, routing error bag and business data packet;
Described data fusion module is used for the wireless data packet that the one or more wireless monitor points received are caught to merge, and sends or be wirelessly transmitted to pretreatment module after removing redundant information through cable;
Described pretreatment module is used for the data after to fusion and carries out frame dissection process, and extraction, statistics network behavioural characteristic, obtain network behavior characteristic vector, and network behavior characteristic vector is sent to memory module;
Described memory module comprises general memory block and new Intrusion Signatures memory block, for the network behavior obtained after preliminary treatment characteristic vector is stored in general memory block, and network behavior characteristic vector is sent to intrusion detection module;
Described intrusion detection module, invades for real-time Sampling network, and invasion message notice response alarm module also newly will be invaded network behavior characteristic storage in new Intrusion Signatures memory block;
If network intrusions detected and identify invasion type, then will invade message notice response alarm module; If network intrusions detected but do not identify invasion type, judge in network, to there is unknown invasion type, push-notification-answer alarm module, by the new invasion network behavior characteristic storage of correspondence in new Intrusion Signatures memory block, described invasion information comprises invasion type and invasion time of origin;
Described response alarm module is used for sending warning information after the notice receiving intrusion detection module; Described warning information comprises invasion type and invasion time of origin;
Described new Intrusion Signatures memory block is used for reaching after intrusion detection module can identify in the memory space of new invasion network behavior feature, and use clustering algorithm carries out class division to it, and the new invasion network behavior feature after cluster is sent to intrusion detection module.
8. a kind of mobile ad-hoc network intrusion detection device based on degree of depth study according to claim 7, is characterized in that: described intrusion detection module comprises abnormality detecting unit and misuse detecting unit,
Described abnormality detecting unit, for normal behaviour features training deep neural network Network Based, obtains the expression to normal behavior of the network, and Sampling network invasion in real time; Described normal behavior of the network characteristic vector is that the wireless data packet gathered from normal mobile ad-hoc network obtains after pretreatment module preliminary treatment;
Described misuse detecting unit, for intrusion behavior features training deep neural network Network Based, obtains the expression to network intrusions behavior, and identifies that then invasion type will invade message notice response alarm module; Described network intrusions behavioural characteristic obtains after pretreatment module preliminary treatment from adding the wireless data packet gathered the mobile ad-hoc network of known invasion node.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510344393.2A CN104935600B (en) | 2015-06-19 | 2015-06-19 | A kind of mobile ad-hoc network intrusion detection method and equipment based on deep learning |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510344393.2A CN104935600B (en) | 2015-06-19 | 2015-06-19 | A kind of mobile ad-hoc network intrusion detection method and equipment based on deep learning |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104935600A true CN104935600A (en) | 2015-09-23 |
CN104935600B CN104935600B (en) | 2019-03-22 |
Family
ID=54122572
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510344393.2A Active CN104935600B (en) | 2015-06-19 | 2015-06-19 | A kind of mobile ad-hoc network intrusion detection method and equipment based on deep learning |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104935600B (en) |
Cited By (60)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105471854A (en) * | 2015-11-18 | 2016-04-06 | 国网智能电网研究院 | Adaptive boundary abnormity detection method based on multistage strategies |
CN105577685A (en) * | 2016-01-25 | 2016-05-11 | 浙江海洋学院 | Intrusion detection independent analysis method and system in cloud calculation environment |
CN105915555A (en) * | 2016-06-29 | 2016-08-31 | 北京奇虎科技有限公司 | Method and system for detecting network anomalous behavior |
CN105933312A (en) * | 2016-04-21 | 2016-09-07 | 温州大学瓯江学院 | Identity detection method of cognitive wireless network based on BP neural network |
CN105959255A (en) * | 2016-01-08 | 2016-09-21 | 杭州迪普科技有限公司 | Intrusion message shunting method and device |
CN106327324A (en) * | 2016-08-23 | 2017-01-11 | 杭州同盾科技有限公司 | Network behavior characteristic rapid calculation method and system |
CN106453416A (en) * | 2016-12-01 | 2017-02-22 | 广东技术师范学院 | Detection method of distributed attack intrusion based on deep belief network |
CN106572493A (en) * | 2016-10-28 | 2017-04-19 | 南京华苏科技有限公司 | Abnormal value detection method and abnormal value detection system in LTE network |
CN106603531A (en) * | 2016-12-15 | 2017-04-26 | 中国科学院沈阳自动化研究所 | Automatic establishing method of intrusion detection model based on industrial control network and apparatus thereof |
CN106656981A (en) * | 2016-10-21 | 2017-05-10 | 东软集团股份有限公司 | Network intrusion detection method and device |
CN107070913A (en) * | 2017-04-07 | 2017-08-18 | 杭州安恒信息技术有限公司 | A kind of detection and means of defence and system based on webshell attacks |
CN107222867A (en) * | 2017-06-22 | 2017-09-29 | 刘诗楠 | Method, device and the wireless signal detection device of wireless signal detection |
CN107241358A (en) * | 2017-08-02 | 2017-10-10 | 重庆邮电大学 | A kind of smart home intrusion detection method based on deep learning |
CN107371175A (en) * | 2017-08-17 | 2017-11-21 | 东南大学 | A kind of self-organizing network fault detection method using cooperation prediction |
CN107819790A (en) * | 2017-12-08 | 2018-03-20 | 中盈优创资讯科技有限公司 | The recognition methods of attack message and device |
CN107889111A (en) * | 2016-09-30 | 2018-04-06 | 北京金山安全软件有限公司 | Crank call identification method and device based on deep neural network |
CN108011782A (en) * | 2017-12-06 | 2018-05-08 | 北京百度网讯科技有限公司 | Method and apparatus for pushing warning information |
CN108156142A (en) * | 2017-12-14 | 2018-06-12 | 哈尔滨理工大学 | Network inbreak detection method based on data mining |
CN108200008A (en) * | 2017-12-05 | 2018-06-22 | 阿里巴巴集团控股有限公司 | The recognition methods and device that abnormal data accesses |
CN108377240A (en) * | 2018-02-07 | 2018-08-07 | 平安科技(深圳)有限公司 | Exceptional interface detection method, device, computer equipment and storage medium |
CN108684043A (en) * | 2018-05-15 | 2018-10-19 | 南京邮电大学 | The abnormal user detection method of deep neural network based on minimum risk |
CN108712404A (en) * | 2018-05-04 | 2018-10-26 | 重庆邮电大学 | A kind of Internet of Things intrusion detection method based on machine learning |
CN108809974A (en) * | 2018-06-07 | 2018-11-13 | 深圳先进技术研究院 | A kind of Network Abnormal recognition detection method and device |
CN108809948A (en) * | 2018-05-21 | 2018-11-13 | 中国科学院信息工程研究所 | A kind of abnormal network connecting detection method based on deep learning |
CN108924090A (en) * | 2018-06-04 | 2018-11-30 | 上海交通大学 | A kind of shadowsocks flow rate testing methods based on convolutional neural networks |
CN109067773A (en) * | 2018-09-10 | 2018-12-21 | 成都信息工程大学 | A kind of vehicle-mounted CAN network inbreak detection method neural network based and system |
CN109272118A (en) * | 2018-08-10 | 2019-01-25 | 北京达佳互联信息技术有限公司 | Data training method, device, equipment and storage medium |
CN109391700A (en) * | 2018-12-12 | 2019-02-26 | 北京华清信安科技有限公司 | Internet of Things safe cloud platform based on depth traffic aware |
CN109391624A (en) * | 2018-11-14 | 2019-02-26 | 国家电网有限公司 | A kind of terminal access data exception detection method and device based on machine learning |
CN109474497A (en) * | 2018-12-19 | 2019-03-15 | 四川艾贝斯科技发展有限公司 | A kind of reliable network maintenance terminal deep learning algorithm |
CN109547254A (en) * | 2018-11-28 | 2019-03-29 | 湖北文理学院 | A kind of intrusion detection method, device, electronic equipment and storage medium |
CN109639662A (en) * | 2018-12-06 | 2019-04-16 | 中国民航大学 | Onboard networks intrusion detection method based on deep learning |
CN109698836A (en) * | 2019-02-01 | 2019-04-30 | 重庆邮电大学 | A kind of method for wireless lan intrusion detection and system based on deep learning |
CN109753992A (en) * | 2018-12-10 | 2019-05-14 | 南京师范大学 | The unsupervised domain for generating confrontation network based on condition adapts to image classification method |
CN109787958A (en) * | 2018-12-15 | 2019-05-21 | 深圳先进技术研究院 | Network flow real-time detection method and detection terminal, computer readable storage medium |
CN109891436A (en) * | 2016-10-24 | 2019-06-14 | Lg 电子株式会社 | Security system and its control method based on deep learning neural network |
CN109890027A (en) * | 2019-03-20 | 2019-06-14 | 上海连尚网络科技有限公司 | For determining the method and apparatus of the security risk information of target wireless access points |
CN109960929A (en) * | 2019-03-20 | 2019-07-02 | 西北大学 | A kind of zero sample intrusion detection method based on regression model |
CN109995601A (en) * | 2017-12-29 | 2019-07-09 | ***通信集团上海有限公司 | A kind of network flow identification method and device |
CN110070857A (en) * | 2019-04-25 | 2019-07-30 | 北京梧桐车联科技有限责任公司 | The model parameter method of adjustment and device, speech ciphering equipment of voice wake-up model |
CN110086776A (en) * | 2019-03-22 | 2019-08-02 | 国网河南省电力公司经济技术研究院 | Intelligent substation Network Intrusion Detection System and detection method based on deep learning |
CN110086767A (en) * | 2019-03-11 | 2019-08-02 | 中国电子科技集团公司电子科学研究院 | A kind of hybrid intrusion detection system and method |
CN110213287A (en) * | 2019-06-12 | 2019-09-06 | 北京理工大学 | A kind of double mode invasion detecting device based on ensemble machine learning algorithm |
CN110262467A (en) * | 2019-07-15 | 2019-09-20 | 北京工业大学 | Industrial control system Network Intrusion and clue based on deep learning find method |
CN110401955A (en) * | 2019-09-06 | 2019-11-01 | 江门职业技术学院 | A kind of mobile network's malicious node detection method and system |
CN111049828A (en) * | 2019-12-13 | 2020-04-21 | 国网浙江省电力有限公司信息通信分公司 | Network attack detection and response method and system |
CN111224998A (en) * | 2020-01-21 | 2020-06-02 | 福州大学 | Botnet identification method based on extreme learning machine |
CN111274216A (en) * | 2020-01-09 | 2020-06-12 | 腾讯科技(深圳)有限公司 | Wireless local area network identification method, wireless local area network identification device, storage medium and electronic equipment |
CN111614659A (en) * | 2020-05-19 | 2020-09-01 | 杭州英视信息科技有限公司 | Distributed detection method for unknown network flow |
CN108055276B (en) * | 2017-12-25 | 2020-10-20 | 南京南邮信息产业技术研究院有限公司 | Intrusion detection real-time analysis system for big data application platform |
CN111817844A (en) * | 2020-07-20 | 2020-10-23 | 西安电子科技大学 | Double-link wireless ad hoc network and security defense method in emergency scene |
WO2021068513A1 (en) * | 2019-10-12 | 2021-04-15 | 平安科技(深圳)有限公司 | Abnormal object recognition method and apparatus, medium, and electronic device |
CN112714446A (en) * | 2020-12-31 | 2021-04-27 | 中国电子科技集团公司第七研究所 | Cooperative intrusion sensing method based on edge intelligence |
CN113065127A (en) * | 2021-02-24 | 2021-07-02 | 山东英信计算机技术有限公司 | Database protection method, system and medium |
CN114465769A (en) * | 2021-12-28 | 2022-05-10 | 尚承科技股份有限公司 | Network equipment, processing system and method for learning network behavior characteristics |
CN114553468A (en) * | 2022-01-04 | 2022-05-27 | 国网浙江省电力有限公司金华供电公司 | Three-level network intrusion detection method based on feature intersection and ensemble learning |
WO2022134911A1 (en) * | 2020-12-21 | 2022-06-30 | 中兴通讯股份有限公司 | Diagnosis method and apparatus, and terminal and storage medium |
CN115604018A (en) * | 2022-11-02 | 2023-01-13 | 广东网安科技有限公司(Cn) | Network security monitoring method, system, equipment and storage medium |
CN115650460A (en) * | 2022-12-14 | 2023-01-31 | 鹏凯环境科技股份有限公司 | Sewage treatment device and method with online monitoring function |
CN117439820A (en) * | 2023-12-20 | 2024-01-23 | 国家电网有限公司客户服务中心 | Network intrusion detection method capable of dynamically adjusting threshold |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040028000A1 (en) * | 2002-08-12 | 2004-02-12 | Harris Corporation | Mobile ad-hoc network with intrusion detection features and related methods |
CN1477811A (en) * | 2003-07-11 | 2004-02-25 | 北京邮电大学 | Formalized description method of network infection behaviour and normal behaviour |
CN1649311A (en) * | 2005-03-23 | 2005-08-03 | 北京首信科技有限公司 | Detecting system and method for user behaviour abnormal based on machine study |
CN101399672A (en) * | 2008-10-17 | 2009-04-01 | 章毅 | Intrusion detection method for fusion of multiple neutral networks |
CN101610516A (en) * | 2009-08-04 | 2009-12-23 | 华为技术有限公司 | Intrusion detection method in the self-organizing network and equipment |
CN103023927A (en) * | 2013-01-10 | 2013-04-03 | 西南大学 | Method and system for intrusion detection based on non-negative matrix factorization under sparse representation |
CN103729678A (en) * | 2013-12-12 | 2014-04-16 | 中国科学院信息工程研究所 | Navy detection method and system based on improved DBN model |
-
2015
- 2015-06-19 CN CN201510344393.2A patent/CN104935600B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040028000A1 (en) * | 2002-08-12 | 2004-02-12 | Harris Corporation | Mobile ad-hoc network with intrusion detection features and related methods |
CN1477811A (en) * | 2003-07-11 | 2004-02-25 | 北京邮电大学 | Formalized description method of network infection behaviour and normal behaviour |
CN1649311A (en) * | 2005-03-23 | 2005-08-03 | 北京首信科技有限公司 | Detecting system and method for user behaviour abnormal based on machine study |
CN101399672A (en) * | 2008-10-17 | 2009-04-01 | 章毅 | Intrusion detection method for fusion of multiple neutral networks |
CN101610516A (en) * | 2009-08-04 | 2009-12-23 | 华为技术有限公司 | Intrusion detection method in the self-organizing network and equipment |
CN103023927A (en) * | 2013-01-10 | 2013-04-03 | 西南大学 | Method and system for intrusion detection based on non-negative matrix factorization under sparse representation |
CN103729678A (en) * | 2013-12-12 | 2014-04-16 | 中国科学院信息工程研究所 | Navy detection method and system based on improved DBN model |
Non-Patent Citations (1)
Title |
---|
徐东辉等: "一种基于DBN的网络入侵检测算法", 《上海电力学院学报》 * |
Cited By (92)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105471854A (en) * | 2015-11-18 | 2016-04-06 | 国网智能电网研究院 | Adaptive boundary abnormity detection method based on multistage strategies |
CN105471854B (en) * | 2015-11-18 | 2019-06-28 | 国网智能电网研究院 | A kind of adaptive boundary method for detecting abnormality based on multistage strategy |
CN105959255A (en) * | 2016-01-08 | 2016-09-21 | 杭州迪普科技有限公司 | Intrusion message shunting method and device |
CN105577685A (en) * | 2016-01-25 | 2016-05-11 | 浙江海洋学院 | Intrusion detection independent analysis method and system in cloud calculation environment |
CN105933312A (en) * | 2016-04-21 | 2016-09-07 | 温州大学瓯江学院 | Identity detection method of cognitive wireless network based on BP neural network |
CN105915555A (en) * | 2016-06-29 | 2016-08-31 | 北京奇虎科技有限公司 | Method and system for detecting network anomalous behavior |
CN105915555B (en) * | 2016-06-29 | 2020-02-18 | 北京奇虎科技有限公司 | Method and system for detecting network abnormal behavior |
CN106327324A (en) * | 2016-08-23 | 2017-01-11 | 杭州同盾科技有限公司 | Network behavior characteristic rapid calculation method and system |
CN107889111A (en) * | 2016-09-30 | 2018-04-06 | 北京金山安全软件有限公司 | Crank call identification method and device based on deep neural network |
CN106656981A (en) * | 2016-10-21 | 2017-05-10 | 东软集团股份有限公司 | Network intrusion detection method and device |
CN106656981B (en) * | 2016-10-21 | 2020-04-28 | 东软集团股份有限公司 | Network intrusion detection method and device |
CN109891436A (en) * | 2016-10-24 | 2019-06-14 | Lg 电子株式会社 | Security system and its control method based on deep learning neural network |
CN106572493A (en) * | 2016-10-28 | 2017-04-19 | 南京华苏科技有限公司 | Abnormal value detection method and abnormal value detection system in LTE network |
US11057788B2 (en) | 2016-10-28 | 2021-07-06 | Nanjing Howso Technology Co., Ltd | Method and system for abnormal value detection in LTE network |
CN106572493B (en) * | 2016-10-28 | 2018-07-06 | 南京华苏科技有限公司 | Rejecting outliers method and system in LTE network |
CN106453416A (en) * | 2016-12-01 | 2017-02-22 | 广东技术师范学院 | Detection method of distributed attack intrusion based on deep belief network |
CN106603531A (en) * | 2016-12-15 | 2017-04-26 | 中国科学院沈阳自动化研究所 | Automatic establishing method of intrusion detection model based on industrial control network and apparatus thereof |
WO2018107631A1 (en) * | 2016-12-15 | 2018-06-21 | 中国科学院沈阳自动化研究所 | Automatic establishing method and apparatus for intrusion detection model based on industrial control network |
CN107070913A (en) * | 2017-04-07 | 2017-08-18 | 杭州安恒信息技术有限公司 | A kind of detection and means of defence and system based on webshell attacks |
CN107070913B (en) * | 2017-04-07 | 2020-04-28 | 杭州安恒信息技术股份有限公司 | Webshell attack-based detection and protection method and system |
CN107222867A (en) * | 2017-06-22 | 2017-09-29 | 刘诗楠 | Method, device and the wireless signal detection device of wireless signal detection |
CN107241358A (en) * | 2017-08-02 | 2017-10-10 | 重庆邮电大学 | A kind of smart home intrusion detection method based on deep learning |
CN107371175B (en) * | 2017-08-17 | 2020-02-18 | 东南大学 | Self-organizing network fault detection method using cooperative prediction |
CN107371175A (en) * | 2017-08-17 | 2017-11-21 | 东南大学 | A kind of self-organizing network fault detection method using cooperation prediction |
TWI734038B (en) * | 2017-12-05 | 2021-07-21 | 開曼群島商創新先進技術有限公司 | Method and device for identifying abnormal data access |
CN108200008A (en) * | 2017-12-05 | 2018-06-22 | 阿里巴巴集团控股有限公司 | The recognition methods and device that abnormal data accesses |
WO2019109741A1 (en) * | 2017-12-05 | 2019-06-13 | 阿里巴巴集团控股有限公司 | Abnormal data access identification method and apparatus |
CN108011782B (en) * | 2017-12-06 | 2020-10-16 | 北京百度网讯科技有限公司 | Method and device for pushing alarm information |
CN108011782A (en) * | 2017-12-06 | 2018-05-08 | 北京百度网讯科技有限公司 | Method and apparatus for pushing warning information |
CN107819790A (en) * | 2017-12-08 | 2018-03-20 | 中盈优创资讯科技有限公司 | The recognition methods of attack message and device |
CN108156142A (en) * | 2017-12-14 | 2018-06-12 | 哈尔滨理工大学 | Network inbreak detection method based on data mining |
CN108055276B (en) * | 2017-12-25 | 2020-10-20 | 南京南邮信息产业技术研究院有限公司 | Intrusion detection real-time analysis system for big data application platform |
CN109995601B (en) * | 2017-12-29 | 2020-12-01 | ***通信集团上海有限公司 | Network traffic identification method and device |
CN109995601A (en) * | 2017-12-29 | 2019-07-09 | ***通信集团上海有限公司 | A kind of network flow identification method and device |
CN108377240A (en) * | 2018-02-07 | 2018-08-07 | 平安科技(深圳)有限公司 | Exceptional interface detection method, device, computer equipment and storage medium |
CN108712404A (en) * | 2018-05-04 | 2018-10-26 | 重庆邮电大学 | A kind of Internet of Things intrusion detection method based on machine learning |
CN108712404B (en) * | 2018-05-04 | 2020-11-06 | 重庆邮电大学 | Internet of things intrusion detection method based on machine learning |
CN108684043B (en) * | 2018-05-15 | 2021-09-28 | 南京邮电大学 | Abnormal user detection method of deep neural network based on minimum risk |
CN108684043A (en) * | 2018-05-15 | 2018-10-19 | 南京邮电大学 | The abnormal user detection method of deep neural network based on minimum risk |
CN108809948A (en) * | 2018-05-21 | 2018-11-13 | 中国科学院信息工程研究所 | A kind of abnormal network connecting detection method based on deep learning |
CN108809948B (en) * | 2018-05-21 | 2020-07-10 | 中国科学院信息工程研究所 | Abnormal network connection detection method based on deep learning |
CN108924090A (en) * | 2018-06-04 | 2018-11-30 | 上海交通大学 | A kind of shadowsocks flow rate testing methods based on convolutional neural networks |
CN108924090B (en) * | 2018-06-04 | 2020-12-11 | 上海交通大学 | Method for detecting traffics of shadowsocks based on convolutional neural network |
CN108809974A (en) * | 2018-06-07 | 2018-11-13 | 深圳先进技术研究院 | A kind of Network Abnormal recognition detection method and device |
CN109272118A (en) * | 2018-08-10 | 2019-01-25 | 北京达佳互联信息技术有限公司 | Data training method, device, equipment and storage medium |
CN109067773A (en) * | 2018-09-10 | 2018-12-21 | 成都信息工程大学 | A kind of vehicle-mounted CAN network inbreak detection method neural network based and system |
CN109067773B (en) * | 2018-09-10 | 2020-10-27 | 成都信息工程大学 | Vehicle-mounted CAN network intrusion detection method and system based on neural network |
CN109391624A (en) * | 2018-11-14 | 2019-02-26 | 国家电网有限公司 | A kind of terminal access data exception detection method and device based on machine learning |
CN109547254B (en) * | 2018-11-28 | 2022-03-15 | 湖北文理学院 | Intrusion detection method and device, electronic equipment and storage medium |
CN109547254A (en) * | 2018-11-28 | 2019-03-29 | 湖北文理学院 | A kind of intrusion detection method, device, electronic equipment and storage medium |
CN109639662A (en) * | 2018-12-06 | 2019-04-16 | 中国民航大学 | Onboard networks intrusion detection method based on deep learning |
CN109753992A (en) * | 2018-12-10 | 2019-05-14 | 南京师范大学 | The unsupervised domain for generating confrontation network based on condition adapts to image classification method |
CN109391700B (en) * | 2018-12-12 | 2021-04-09 | 北京华清信安科技有限公司 | Internet of things security cloud platform based on depth flow sensing |
CN109391700A (en) * | 2018-12-12 | 2019-02-26 | 北京华清信安科技有限公司 | Internet of Things safe cloud platform based on depth traffic aware |
CN109787958A (en) * | 2018-12-15 | 2019-05-21 | 深圳先进技术研究院 | Network flow real-time detection method and detection terminal, computer readable storage medium |
CN109787958B (en) * | 2018-12-15 | 2021-05-25 | 深圳先进技术研究院 | Network flow real-time detection method, detection terminal and computer readable storage medium |
CN109474497A (en) * | 2018-12-19 | 2019-03-15 | 四川艾贝斯科技发展有限公司 | A kind of reliable network maintenance terminal deep learning algorithm |
CN109698836A (en) * | 2019-02-01 | 2019-04-30 | 重庆邮电大学 | A kind of method for wireless lan intrusion detection and system based on deep learning |
CN110086767A (en) * | 2019-03-11 | 2019-08-02 | 中国电子科技集团公司电子科学研究院 | A kind of hybrid intrusion detection system and method |
CN109960929A (en) * | 2019-03-20 | 2019-07-02 | 西北大学 | A kind of zero sample intrusion detection method based on regression model |
CN109890027A (en) * | 2019-03-20 | 2019-06-14 | 上海连尚网络科技有限公司 | For determining the method and apparatus of the security risk information of target wireless access points |
CN109960929B (en) * | 2019-03-20 | 2023-06-02 | 西北大学 | Regression model-based zero sample intrusion detection method |
CN110086776A (en) * | 2019-03-22 | 2019-08-02 | 国网河南省电力公司经济技术研究院 | Intelligent substation Network Intrusion Detection System and detection method based on deep learning |
CN110070857A (en) * | 2019-04-25 | 2019-07-30 | 北京梧桐车联科技有限责任公司 | The model parameter method of adjustment and device, speech ciphering equipment of voice wake-up model |
CN110070857B (en) * | 2019-04-25 | 2021-11-23 | 北京梧桐车联科技有限责任公司 | Model parameter adjusting method and device of voice awakening model and voice equipment |
CN110213287A (en) * | 2019-06-12 | 2019-09-06 | 北京理工大学 | A kind of double mode invasion detecting device based on ensemble machine learning algorithm |
CN110213287B (en) * | 2019-06-12 | 2020-07-10 | 北京理工大学 | Dual-mode intrusion detection device based on integrated machine learning algorithm |
CN110262467A (en) * | 2019-07-15 | 2019-09-20 | 北京工业大学 | Industrial control system Network Intrusion and clue based on deep learning find method |
CN110401955A (en) * | 2019-09-06 | 2019-11-01 | 江门职业技术学院 | A kind of mobile network's malicious node detection method and system |
WO2021068513A1 (en) * | 2019-10-12 | 2021-04-15 | 平安科技(深圳)有限公司 | Abnormal object recognition method and apparatus, medium, and electronic device |
CN111049828B (en) * | 2019-12-13 | 2021-05-07 | 国网浙江省电力有限公司信息通信分公司 | Network attack detection and response method and system |
CN111049828A (en) * | 2019-12-13 | 2020-04-21 | 国网浙江省电力有限公司信息通信分公司 | Network attack detection and response method and system |
CN111274216B (en) * | 2020-01-09 | 2023-05-23 | 腾讯科技(深圳)有限公司 | Identification method and identification device of wireless local area network, storage medium and electronic equipment |
CN111274216A (en) * | 2020-01-09 | 2020-06-12 | 腾讯科技(深圳)有限公司 | Wireless local area network identification method, wireless local area network identification device, storage medium and electronic equipment |
CN111224998B (en) * | 2020-01-21 | 2020-12-25 | 福州大学 | Botnet identification method based on extreme learning machine |
CN111224998A (en) * | 2020-01-21 | 2020-06-02 | 福州大学 | Botnet identification method based on extreme learning machine |
CN111614659A (en) * | 2020-05-19 | 2020-09-01 | 杭州英视信息科技有限公司 | Distributed detection method for unknown network flow |
CN111614659B (en) * | 2020-05-19 | 2022-09-23 | 杭州英视信息科技有限公司 | Distributed detection method for unknown network flow |
CN111817844B (en) * | 2020-07-20 | 2021-06-25 | 西安电子科技大学 | Double-link wireless ad hoc network and security defense method in emergency scene |
CN111817844A (en) * | 2020-07-20 | 2020-10-23 | 西安电子科技大学 | Double-link wireless ad hoc network and security defense method in emergency scene |
WO2022134911A1 (en) * | 2020-12-21 | 2022-06-30 | 中兴通讯股份有限公司 | Diagnosis method and apparatus, and terminal and storage medium |
CN112714446B (en) * | 2020-12-31 | 2023-05-02 | 中国电子科技集团公司第七研究所 | Collaborative intrusion sensing method based on edge intelligence |
CN112714446A (en) * | 2020-12-31 | 2021-04-27 | 中国电子科技集团公司第七研究所 | Cooperative intrusion sensing method based on edge intelligence |
CN113065127B (en) * | 2021-02-24 | 2022-09-20 | 山东英信计算机技术有限公司 | Database protection method, system and medium |
CN113065127A (en) * | 2021-02-24 | 2021-07-02 | 山东英信计算机技术有限公司 | Database protection method, system and medium |
CN114465769A (en) * | 2021-12-28 | 2022-05-10 | 尚承科技股份有限公司 | Network equipment, processing system and method for learning network behavior characteristics |
CN114465769B (en) * | 2021-12-28 | 2024-03-15 | 尚承科技股份有限公司 | Network equipment, processing system and method for learning network behavior characteristics |
CN114553468A (en) * | 2022-01-04 | 2022-05-27 | 国网浙江省电力有限公司金华供电公司 | Three-level network intrusion detection method based on feature intersection and ensemble learning |
CN115604018A (en) * | 2022-11-02 | 2023-01-13 | 广东网安科技有限公司(Cn) | Network security monitoring method, system, equipment and storage medium |
CN115650460A (en) * | 2022-12-14 | 2023-01-31 | 鹏凯环境科技股份有限公司 | Sewage treatment device and method with online monitoring function |
CN117439820A (en) * | 2023-12-20 | 2024-01-23 | 国家电网有限公司客户服务中心 | Network intrusion detection method capable of dynamically adjusting threshold |
CN117439820B (en) * | 2023-12-20 | 2024-03-19 | 国家电网有限公司客户服务中心 | Network intrusion detection method capable of dynamically adjusting threshold |
Also Published As
Publication number | Publication date |
---|---|
CN104935600B (en) | 2019-03-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104935600A (en) | Mobile ad hoc network intrusion detection method and device based on deep learning | |
CN109698836B (en) | Wireless local area network intrusion detection method and system based on deep learning | |
CN103581186B (en) | A kind of network security situational awareness method and system | |
CN107040517B (en) | Cognitive intrusion detection method oriented to cloud computing environment | |
Cheng et al. | Multi-scale LSTM model for BGP anomaly classification | |
CN107241358B (en) | Smart home intrusion detection method based on deep learning | |
CN102789593B (en) | Intrusion detection method based on incremental GHSOM (Growing Hierarchical Self-organizing Maps) neural network | |
US20170032130A1 (en) | Pre-cognitive security information and event management | |
CN108040073A (en) | Malicious attack detection method based on deep learning in information physical traffic system | |
Huang et al. | Network traffic anomaly detection based on growing hierarchical SOM | |
CN105577685A (en) | Intrusion detection independent analysis method and system in cloud calculation environment | |
CN107872460A (en) | A kind of wireless sense network dos attack lightweight detection method based on random forest | |
Shitharth et al. | An enriched RPCO-BCNN mechanisms for attack detection and classification in SCADA systems | |
CN112367303B (en) | Distributed self-learning abnormal flow collaborative detection method and system | |
Anil et al. | A hybrid method based on genetic algorithm, self-organised feature map, and support vector machine for better network anomaly detection | |
Tan et al. | An intrusion detection method based on DBN in ad hoc networks | |
CN111970259B (en) | Network intrusion detection method and alarm system based on deep learning | |
KR20190076479A (en) | Apparatus and method for analyzing feature of impersonation attack using deep running in wireless wi-fi network | |
Shitharth et al. | A new probabilistic relevancy classification (PRC) based intrusion detection system (IDS) for SCADA network | |
CN112532652A (en) | Attack behavior portrait device and method based on multi-source data | |
Laha et al. | How can machine learning impact on wireless network and IoT?–A survey | |
CN110365625B (en) | Internet of things security detection method and device and storage medium | |
Sun et al. | Detection and classification of network events in LAN using CNN | |
Ageyev et al. | Traffic Abnormality Detection ML-based Method for IoT | |
Tran | Network anomaly detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |