CN104935600A - Mobile ad hoc network intrusion detection method and device based on deep learning - Google Patents

Mobile ad hoc network intrusion detection method and device based on deep learning Download PDF

Info

Publication number
CN104935600A
CN104935600A CN201510344393.2A CN201510344393A CN104935600A CN 104935600 A CN104935600 A CN 104935600A CN 201510344393 A CN201510344393 A CN 201510344393A CN 104935600 A CN104935600 A CN 104935600A
Authority
CN
China
Prior art keywords
network
module
invasion
deep neural
mobile
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510344393.2A
Other languages
Chinese (zh)
Other versions
CN104935600B (en
Inventor
吴巍
黄炜
张林杰
贾哲
庄杰
***
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 54 Research Institute
Original Assignee
CETC 54 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 54 Research Institute filed Critical CETC 54 Research Institute
Priority to CN201510344393.2A priority Critical patent/CN104935600B/en
Publication of CN104935600A publication Critical patent/CN104935600A/en
Application granted granted Critical
Publication of CN104935600B publication Critical patent/CN104935600B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a mobile ad hoc network intrusion detection method and device based on deep learning, relating to the field of wireless network safety. The device comprises a data acquisition module, a data fusion module, a preprocessing module, a storage module, an intrusion detection module and a response warning module. After fusion and redundancy elimination of captured wireless data packages, network behavior features are extracted and stored; after deep learning of the network behavior features, a deep neural network model expressing network behaviors is established; and to-be-detected network data is input into the deep neural network model, after intrusion is judged and recognized, response and warning are performed. According to the method, network behavior feature vectors which are detected and are considered to be abnormal are stored and are used for training the deep neutral network. When occurring again, the intrusion types can be detected and recognized. While the model training and detection efficiency are guaranteed, the detection accuracy is improved, and the safety of the mobile ad hoc network is further improved.

Description

A kind of mobile ad-hoc network intrusion detection method based on degree of depth study and equipment
Technical field
The present invention relates to mobile ad-hoc network field and degree of deep learning areas, the intrusion detection method especially in self-organizing network and equipment.
Background technology
Movable self-organization (Ad hoc) network and the difference being fixed with spider lines, cause intruding detection system (Intrusion Detection System, IDS) to face different problems in Ad hoc network.Ad hoc network adopts open wireless channel, without fixed router, makes it more easily be invaded.Ad hoc network, without static infrastructure, causes IDS can not good statistics, and the network characterization of collection is confined to specific range for wireless communication.Therefore, the problems faced of Intrusion Detection Technique in the urgent need to address in mobile ad-hoc network, and then the security protection system of network can be strengthened.
Degree of depth study shows good performance on the Machine Learning Problems of large data, multidimensional characteristic.The invasion existed in adhoc network is varied, needs to collect mass data, statistics multidimensional characteristic to analyze the behavior of ad hoc network, carries out intrusion detection.Degree of depth study is applied in the intrusion detection of ad hoc network, the advantage of deep neural network in machine learning, feature extraction can be played, for the behavior pattern recognition problem of this complexity of ad hoc network intrusion detection provides an effective way.
Notification number be CN101610516A, denomination of invention is disclose in the patent document of " intrusion detection method in self-organizing network and equipment " a kind of to be classified by network characterization based on information gain, adopt SVMs to screen optimal feature subset from grouping, judge the intrusion detection method whether network is invaded.But the method can only detect in network whether there is invasion, invasion type can not be identified, just a kind of abnormality detection technology; The method uses a kind of shallow-layer neural-network learning model, does not have the advantage of degree of depth study; In addition, the method does not relate to wireless monitor and packet capture.
Application number be 201310682813.9, denomination of invention is that " a kind of wireless sensor network intrusion detection algorithm based on neural net " discloses a kind of wireless sensor network IDS Framework, comprise misuse detection, abnormality detection and decision-making module, have chosen BP neural net, generalized regression nerve networks, carry out MATLAB emulation experiment based on the BP neural net of genetic algorithm optimization.This invention does not use deep neural network, and only carried out MATLAB emulation, the validity of algorithm in real network environment can not be described, not catch wireless self-organization network packet, do not relate to network characterization to extract, the intrusion detection in self-organizing network can not be directly applied to.
Summary of the invention
The technical problem to be solved in the present invention is, very complicated security threat is faced with for current ad hoc network, Intrusion Detection Technique for ad hoc network still lacks ripe achievement in research, the demand for security of ad hoc network can not be met well, intrusion detection method in a kind of mobile ad-hoc network is proposed, under the prerequisite ensureing model training and detection efficiency, Detection accuracy can be improved.
For solving the problems of the technologies described above, the present invention adopts following technical scheme:
Based on a mobile ad-hoc network intrusion detection method for degree of depth study, comprise the following steps:
1. from normal mobile ad-hoc network, catch wireless data packet, through data prediction, obtain normal behavior of the network characteristic data set, and be split as training set and the test set of normal behavior of the network feature; Multiple known invasion node is added in mobile ad-hoc network, wireless data packet is caught from the mobile ad-hoc network adding invasion node, through data prediction, obtain network intrusions behavioural characteristic data set, and be split as training set and the test set of network intrusions behavioural characteristic; Described wireless data packet comprises routing request packet, route replies bag, routing error bag and business data packet;
2. use the training of normal behavior of the network features training to practice deep neural network abnormality detection model, obtain the expression to normal behavior of the network; Use network intrusions behavioural characteristic training set training deep neural network Misuse Detection Model, obtain the expression to network intrusions behavior;
3. normal behavior of the network characteristic test collection MTD neural net abnormality detection model is used, according to the further adjustment model parameter of test result; Use network intrusions behavioural characteristic test set MTD neural net Misuse Detection Model, according to the further adjustment model parameter of test result;
4. during intrusion detection, one or more wireless monitor node catches wireless data packet in real time from mobile ad-hoc network, network behavior characteristic vector is obtained through data prediction, deep neural network abnormality detection model after network behavior characteristic vector input adjustment parameter is identified, deep neural network Misuse Detection Model after being judged as abnormal network behavior characteristic vector input adjustment parameter is identified, the recognition result of invasion type is judged;
If 5. recognition result meets known invasion type, then alarm shows such invasion; If recognition result does not meet known invasion type, then the network behavior characteristic vector of exception is stored as new network intrusion character vector, after deep neural network can identify the new network intrusion character vector stored, clustering algorithm is used to carry out class division to it, using the new network intrusion character vector after cluster as network intrusions behavioural characteristic training set training deep neural network Misuse Detection Model, when these invasion types occur again, just identification can be detected;
Complete the mobile ad-hoc network intrusion detection method based on degree of depth study.
Wherein, described data prediction specifically comprises the following steps:
(101) calculate the size of each wireless data packet captured, then carry out frame parsing respectively and extract the field representing wireless data Packet type;
(102) judge the type of each wireless data packet and each wireless data packet is classified;
(103) the network behavior characteristic vector of every class wireless data packet is extracted.
Wherein, the vector that described network behavior characteristic vector is made up of the element of multiple characterizing network performance, specifically comprises: the transmission and reception frequency of route request information, the transmission and reception frequency of route replies message and packet delivery ratio.
Wherein, described use normal behavior of the network features training training is practiced deep neural network abnormality detection model and is specifically comprised the following steps:
(201) model parameter of initialization deep neural network; The model parameter of described deep neural network comprises the neuron number of learning rate, the degree of depth and every one deck;
(202) by normal behavior of the network features training collection input deep neural network model, deep neural network model adjusts the connection weight between neuron automatically, obtains the abstract expression to training data.
Wherein, the Mathematical Modeling that described deep neural network abnormality detection model and deep neural network Misuse Detection Model adopt is deep neural network model; Described deep neural network is the Mathematical Modeling adopting degree of deep learning algorithm, is specially: degree of depth belief network or convolutional neural networks.
Wherein, 3. described step specifically comprises the following steps:
(301) by the deep neural network abnormality detection model after normal behavior of the network characteristic test collection and network intrusions behavioural characteristic test set input adjustment parameter, each characteristic vector in deep neural network abnormality detection Model Identification test set is normal or abnormal, counts and detects accuracy, rate of failing to report and rate of false alarm;
(302) be that abnormal characteristic vector input adjusts the deep neural network Misuse Detection Model after parameter by recognition result in (301), invasion type identified, counts recognition correct rate;
(303) if statistics does not reach goal-selling requirement, the parameter of percentage regulation neural net abnormality detection model and Misuse Detection Model, the parameter of re-training deep neural network abnormality detection model and Misuse Detection Model, until reach goal-selling requirement.
Based on a mobile ad-hoc network intrusion detection device for degree of depth study, comprising: data acquisition module, data fusion module, pretreatment module, memory module, intrusion detection module and response alarm module;
Described data acquisition module, according to the mobile ad-hoc network size that will detect, in mobile ad-hoc network, arrange one or more wireless monitor node, wireless data packet is wirelessly transmitted to data fusion module for the wireless data packet of catching in real time in mobile ad-hoc network; Described wireless data packet comprises routing request packet, route replies bag, routing error bag and business data packet;
Described data fusion module is used for the wireless data packet that the one or more wireless monitor points received are caught to merge, and sends or be wirelessly transmitted to pretreatment module after removing redundant information through cable;
Described pretreatment module is used for the data after to fusion and carries out frame dissection process, and extraction, statistics network behavioural characteristic, obtain network behavior characteristic vector, and network behavior characteristic vector is sent to memory module;
Described memory module comprises general memory block and new Intrusion Signatures memory block, for the network behavior obtained after preliminary treatment characteristic vector is stored in general memory block, and network behavior characteristic vector is sent to intrusion detection module;
Described intrusion detection module, invades for real-time Sampling network, and invasion message notice response alarm module also newly will be invaded network behavior characteristic storage in new Intrusion Signatures memory block;
If network intrusions detected and identify invasion type, then will invade message notice response alarm module; If network intrusions detected but do not identify invasion type, judge in network, to there is unknown invasion type, push-notification-answer alarm module, by the new invasion network behavior characteristic storage of correspondence in new Intrusion Signatures memory block, described invasion information comprises invasion type and invasion time of origin;
Described response alarm module is used for sending warning information after the notice receiving intrusion detection module; Described warning information comprises invasion type and invasion time of origin;
Described new Intrusion Signatures memory block is used for reaching after intrusion detection module can identify in the memory space of new invasion network behavior feature, and use clustering algorithm carries out class division to it, and the new invasion network behavior feature after cluster is sent to intrusion detection module.
Wherein, described intrusion detection module comprises abnormality detecting unit and misuse detecting unit,
Described abnormality detecting unit, for normal behaviour features training deep neural network Network Based, obtains the expression to normal behavior of the network, and Sampling network invasion in real time; Described normal behavior of the network characteristic vector is that the wireless data packet gathered from normal mobile ad-hoc network obtains after pretreatment module preliminary treatment;
Described misuse detecting unit, for intrusion behavior features training deep neural network Network Based, obtains the expression to network intrusions behavior, and identifies that then invasion type will invade message notice response alarm module; Described network intrusions behavioural characteristic obtains after pretreatment module preliminary treatment from adding the wireless data packet gathered the mobile ad-hoc network of known invasion node.
The present invention is relative to the advantage of background technology:
By adopting described intrusion detection method and equipment, deep neural network IDS Framework is built owing to adopting degree of deep learning art, the deep layer attribute of energy learning training data, obtain the feature representation to normal behavior of the network or intrusion behavior, so under the prerequisite ensureing model training and detection efficiency, Detection accuracy can be improved.
Accompanying drawing explanation
Fig. 1 is intrusion detection method flow chart of the present invention;
Fig. 2 is intrusion detection device block diagram of the present invention;
Fig. 3 is the training test process flow chart of intrusion detection in the embodiment of the present invention;
Fig. 4 is intrusion detection overhaul flow chart in the embodiment of the present invention.
In Fig. 2: 1. intrusion detection device, 2. data acquisition module (wireless monitor node), 3. data fusion module, 4. pretreatment module, 5. memory module, 6. intrusion detection module, 7. response alarm module, 8. mobile ad-hoc network, 9. network node.
Embodiment
The embodiment of the present invention provides a kind of based on the intrusion detection method in the mobile ad-hoc network of degree of depth study and equipment, under the prerequisite ensureing model training and detection efficiency, can improve Detection accuracy.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in detail.
As shown in Figure 1, a kind of mobile ad-hoc network intrusion detection method based on degree of depth study of the present invention comprises the following steps:
1. packet capture and preliminary treatment: catch mass data bag from normal mobile ad-hoc network, resolve through frame, judge data package size, extract the field of representative data Packet type, judge type of data packet, in the statistical unit time, the characteristic information such as transmission frequency, receive frequency, mean size, duration of the packet of each type, obtains normal behavior of the network characteristic data set, and it is split as training set and test set according to the ratio of 3:1; In mobile ad-hoc network, add multiple known invasion node respectively, catch mass data respectively, same to said process, obtain network intrusions behavioural characteristic data set, and be split as training set and test set; Described wireless data packet comprises routing request packet, route replies bag, routing error bag and business data packet;
2. the training of network behavior features training is used to practice deep neural network detection model: by normal behavior of the network features training collection input deep neural network abnormality detection model, model adjusts the connection weight between neuron automatically, obtains the expression to normal behavior of the network; By network intrusion character training set input deep neural network Misuse Detection Model, model adjusts the connection weight between neuron automatically, obtains the expression to network intrusions behavior;
Training process is specially:
(201) model parameter of initialization deep neural network; The model parameter of described deep neural network comprises the neuron number of learning rate, the degree of depth and every one deck;
(202) by network behavior features training collection input deep neural network model, deep neural network model adjusts the connection weight between neuron automatically, obtains the abstract expression to training data.
3. network behavior characteristic test collection MTD neural net detection model is used: by normal behavior of the network characteristic test collection input deep neural network abnormality detection model, test model Detection results, further adjustment model parameter (number of plies, neuron number, learning rate etc.); By network intrusions behavioural characteristic test set input deep neural network abnormality detection model, test model Detection results, further adjustment model parameter (number of plies, neuron number, learning rate etc.);
Test process is specially:
(301) by the deep neural network abnormality detection model after network behavior characteristic test collection and network intrusions behavioural characteristic test set input adjustment parameter, each characteristic vector in deep neural network abnormality detection Model Identification test set is normal or abnormal, counts and detects accuracy, rate of failing to report and rate of false alarm;
(302) be that abnormal characteristic vector input adjusts the deep neural network Misuse Detection Model after parameter by recognition result in (301), invasion type identified, counts recognition correct rate;
(303) if statistics does not reach goal-selling requirement, the parameter of percentage regulation neural net abnormality detection model and Misuse Detection Model, the parameter of re-training deep neural network abnormality detection model and Misuse Detection Model, until reach goal-selling requirement.
Embodiment: in embodiment of the present invention mobile ad-hoc network, to the training testing process of deep neural network intrusion detection as shown in Figure 3, intrusion detection flow process as shown in Figure 4 for intrusion detection method.
Such as, attack for mobile ad-hoc network routing layer, comprising: sequence number attack, the attack of mistake distance vector, black hole attack etc., wireless monitor node catches wireless data packet, through data fusion, preliminary treatment, extracts following characteristics set:
(1) RREQ Sent: the route request information bag sum that node sends;
(2) RREQ Received: the route request information bag sum that node receives;
(3) RREP Sent: the route replies message bag sum that node sends;
(4) RREP Received: the route replies message bag sum that node receives;
(5) RERR Sent: the routing error message bag sum that node sends;
(6) RERR Received: the routing error message bag sum that node receives;
(7) Data Sent: the business data packet sum that node sends;
(8) Data Received: the business data packet sum that node receives;
(9) Route Drop: the route bag sum that node abandons;
(10) Route Transmit: the route bag sum that node forwards;
(11) Data Drop: the business data packet sum that node abandons;
(12) Data Transmit: the business data packet sum that node forwards;
(13) Packet size: packet mean size;
(14) Active Node: live-vertex number.
The common network consisting behavioural characteristic vector of all features above, as the input of deep neural network.
The embodiment of the present invention adopts degree of depth belief network (Deep Belief Nets, DBN) modeling is carried out to training data, DBN is a kind of deep neural network model of comparative maturity, add one deck BP (Back Propagation) neural net by two-layer limited Boltzmann machine (Restricted Boltzmann Machine, RBM) to form.DBN is adopted to the mode of successively training, key trains RBM without supervision, according to the structure of RBM, can obtain formula (1) (2) (3) through deriving.In formula (1), T represents sample size, and v represents network characterization vector, i.e. the state vector of RBM visible layer; In formula (2), formula (3), v irepresent visible layer i-th neuronic state, a irepresent that visible layer i-th is neuronic biased, h jrepresent a hidden layer jth neuronic state, b jrepresent that hidden layer jth is individual neuronic biased; P (h|v, θ) is condition distribution; θ is parameter set { W, a, the b} of RBM; W is connection weight matrix.
L ( θ ) = l o g Π t = 1 T P ( v ( t ) | θ ) = Σ t = 1 T log P ( v ( t ) | θ ) - - - ( 1 )
P ( h j = 1 | v , θ ) = s i g m o i d ( b j + Σ i v i w i j ) - - - ( 2 )
P ( v i = 1 | h , θ ) = s i g m o i d ( a i + Σ j w i j h j ) - - - ( 3 )
A RBM is trained in fact to be exactly adjustment parameter set θ, with the training sample that matching is given, that is, the probability distribution represented by corresponding RBM under this parameter is consistent with training data as much as possible, mathematical expression can be described as the likelihood function that maximization formula (1) describes.
If Direct calculation formulas (1), process will be very complicated, and the embodiment of the present invention adopts the CD fast learning algorithm that computational efficiency is higher, and key step is:
(1) by the parameter set θ of RBM={ W, a, b} are initialized as smaller value, are split as by training data and comprise tens to the small lot data of up to a hundred samples;
(2) visual layers v is made 1equal first small lot sample batch 1;
(3) formula (2) is utilized to try to achieve h 1=sigmoid (b'+v 1w'); Formula (3) is utilized to obtain v 2=sigmoid (a'+h 1w), recycle formula (2) and try to achieve h 2=sigmoid (b'+v 2w');
(4) parameters upgrades according to formula (4) below; In formula (4), W is connection weight matrix, a is visible layer bias vector, b is hidden layer bias vector, η is learning rate;
W + η ( h 1 · v 1 T - h 2 · v 2 T ) → W
a+η(v 1-v 2)→a (4)
b+η(h 1-h 2)→b
(5) v is made 1equal other small lot data respectively, repeat step (3) and step (4), obtain model parameter;
After two-layer RBM is completed without supervised training separately, label is added to training data, train BP neural net with having supervision.
4. during intrusion detection, one or more wireless monitor node catches wireless data packet in real time from mobile ad-hoc network, resolve through frame, judge data package size, extract the field of representative data Packet type, judge type of data packet, the transmission frequency of the packet of each type in the statistical unit time, receive frequency, mean size, the characteristic informations such as duration, obtain network behavior characteristic vector, deep neural network abnormality detection model after network behavior characteristic vector input adjustment parameter is identified, deep neural network Misuse Detection Model after being judged as abnormal network behavior characteristic vector input adjustment parameter is identified, the recognition result of invasion type is judged,
The vector that described network behavior characteristic vector is made up of the element of multiple characterizing network performance, specifically comprises: the transmission and reception frequency of route request information, the transmission and reception frequency of route replies message and packet delivery ratio.
If 5. recognition result meets known invasion type, then alarm shows such invasion; If recognition result does not meet known invasion type, then the network behavior characteristic vector of exception is stored as new network intrusion character vector, after deep neural network can identify the new network intrusion character vector stored, clustering algorithm is used to carry out class division to it, using the new network intrusion character vector after cluster as network intrusion character training set training deep neural network Misuse Detection Model, when these invasion types occur again, just identification can be detected;
Embodiment: the DBN model after training; the normal of network or intrusion behavior feature is preserved with the form of parameter set; thus establish the normal of mobile ad-hoc network or intrusion behavior model of cognition; in testing process with normal behaviour deviation comparatively macroreticular feature be just judged as exception, the network characterization higher with certain intrusion behavior matching degree is just judged as this invasion.After invasion being detected, equipment sends warning information to network management, then upgrades and detects journal file, continues next detection.
Complete the mobile ad-hoc network intrusion detection method based on degree of depth study.
As shown in Figure 2, a kind of mobile ad-hoc network intrusion detection device based on degree of depth study of the present invention comprises: data acquisition module, data fusion module, pretreatment module, memory module, intrusion detection module and response alarm module.
1. data acquisition module, in mobile ad-hoc network, arrange one or more wireless monitor node, monitoring network flow, catches wireless data packet, and the data wireless of catching is transferred to data fusion module, the fusion of complete paired data, removes redundant information;
The data that multiple monitoring point is caught are merged by 2. data fusion module, remove redundant information, the accuracy of guarantee information;
3. pretreatment module, judge data package size, extract the field of representative data Packet type, judge type of data packet, in the statistical unit time, the characteristic information such as transmission frequency, receive frequency, mean size, duration of the packet of each type, obtains network behavior characteristic vector;
4. memory module, comprises general memory block and new Intrusion Signatures memory block, the network behavior characteristic vector obtained after preliminary treatment is stored in general memory block, is convenient to next step and analyzes;
5. intrusion detection module, comprises abnormality detecting unit and misuse detecting unit, invades for real-time Sampling network, and invasion message notice response alarm module also newly will be invaded network behavior characteristic storage in new Intrusion Signatures memory block;
If network intrusions detected and identify invasion type, then will invade message notice response alarm module; If network intrusions detected but do not identify invasion type, judge in network, to there is unknown invasion type, push-notification-answer alarm module, by the new invasion network behavior characteristic storage of correspondence in new Intrusion Signatures memory block, described invasion information comprises invasion type and invasion time of origin;
Abnormality detecting unit, for normal behaviour features training deep neural network Network Based, obtains the expression to normal behavior of the network, and Sampling network invasion in real time; Described normal behavior of the network characteristic vector is that the wireless data packet gathered from normal mobile ad-hoc network obtains after pretreatment module preliminary treatment;
Misuse detecting unit, for intrusion behavior features training deep neural network Network Based, obtains the expression to network intrusions behavior, and identifies that then invasion type will invade message notice response alarm module; Described network intrusions behavioural characteristic obtains after pretreatment module preliminary treatment from adding the wireless data packet gathered the mobile ad-hoc network of known invasion node;
6. respond alarm module, after receiving the notice of intrusion detection module, send warning information; Described warning information comprises invasion type and invasion time of origin;
7. new Intrusion Signatures memory block, for reaching after intrusion detection module can identify in the memory space of new invasion network behavior feature, use clustering algorithm carries out class division to it, and the new invasion network behavior feature after cluster is sent to intrusion detection module.

Claims (8)

1., based on a mobile ad-hoc network intrusion detection method for degree of depth study, it is characterized in that, comprise the following steps:
1. from normal mobile ad-hoc network, catch wireless data packet, through data prediction, obtain normal behavior of the network characteristic data set, and be split as training set and the test set of normal behavior of the network feature; Multiple known invasion node is added in mobile ad-hoc network, wireless data packet is caught from the mobile ad-hoc network adding invasion node, through data prediction, obtain network intrusions behavioural characteristic data set, and be split as training set and the test set of network intrusions behavioural characteristic; Described wireless data packet comprises routing request packet, route replies bag, routing error bag and business data packet;
2. use the training of normal behavior of the network features training to practice deep neural network abnormality detection model, obtain the expression to normal behavior of the network; Use network intrusions behavioural characteristic training set training deep neural network Misuse Detection Model, obtain the expression to network intrusions behavior;
3. normal behavior of the network characteristic test collection MTD neural net abnormality detection model is used, according to the further adjustment model parameter of test result; Use network intrusions behavioural characteristic test set MTD neural net Misuse Detection Model, according to the further adjustment model parameter of test result;
4. during intrusion detection, one or more wireless monitor node catches wireless data packet in real time from mobile ad-hoc network, network behavior characteristic vector is obtained through data prediction, deep neural network abnormality detection model after network behavior characteristic vector input adjustment parameter is identified, deep neural network Misuse Detection Model after being judged as abnormal network behavior characteristic vector input adjustment parameter is identified, the recognition result of invasion type is judged;
If 5. recognition result meets known invasion type, then alarm shows such invasion; If recognition result does not meet known invasion type, then the network behavior characteristic vector of exception is stored as new network intrusion character vector, after deep neural network can identify the new network intrusion character vector stored, clustering algorithm is used to carry out class division to it, using the new network intrusion character vector after cluster as network intrusions behavioural characteristic training set training deep neural network Misuse Detection Model, when these invasion types occur again, just identification can be detected;
Complete the mobile ad-hoc network intrusion detection method based on degree of depth study.
2. a kind of mobile ad-hoc network intrusion detection method based on degree of depth study according to claim 1, is characterized in that: described data prediction specifically comprises the following steps:
(101) calculate the size of each wireless data packet captured, then carry out frame parsing respectively and extract the field representing wireless data Packet type;
(102) judge the type of each wireless data packet and each wireless data packet is classified;
(103) the network behavior characteristic vector of every class wireless data packet is extracted.
3. a kind of mobile ad-hoc network intrusion detection method based on degree of depth study according to claim 1 and 2, it is characterized in that: the vector that described network behavior characteristic vector is made up of the element of multiple characterizing network performance, specifically comprise: the transmission and reception frequency of route request information, the transmission and reception frequency of route replies message and packet delivery ratio.
4. a kind of mobile ad-hoc network intrusion detection method based on degree of depth study according to claim 1, is characterized in that: described use normal behavior of the network features training training is practiced deep neural network abnormality detection model and specifically comprised the following steps:
(201) model parameter of initialization deep neural network; The model parameter of described deep neural network comprises the neuron number of learning rate, the degree of depth and every one deck;
(202) by normal behavior of the network features training collection input deep neural network model, deep neural network model adjusts the connection weight between neuron automatically, obtains the abstract expression to training data.
5. a kind of mobile ad-hoc network intrusion detection method based on degree of depth study according to claim 1 or 4, is characterized in that: the Mathematical Modeling that described deep neural network abnormality detection model and deep neural network Misuse Detection Model adopt is deep neural network model; Described deep neural network is the Mathematical Modeling adopting degree of deep learning algorithm, is specially: degree of depth belief network or convolutional neural networks.
6. a kind of mobile ad-hoc network intrusion detection method based on degree of depth study according to claim 1, is characterized in that: 3. described step specifically comprises the following steps:
(301) by the deep neural network abnormality detection model after normal behavior of the network characteristic test collection and network intrusions behavioural characteristic test set input adjustment parameter, each characteristic vector in deep neural network abnormality detection Model Identification test set is normal or abnormal, counts and detects accuracy, rate of failing to report and rate of false alarm;
(302) be that abnormal characteristic vector input adjusts the deep neural network Misuse Detection Model after parameter by recognition result in (301), invasion type identified, counts recognition correct rate;
(303) if statistics does not reach goal-selling requirement, the parameter of percentage regulation neural net abnormality detection model and Misuse Detection Model, the parameter of re-training deep neural network abnormality detection model and Misuse Detection Model, until reach goal-selling requirement.
7. based on a mobile ad-hoc network intrusion detection device for degree of depth study, it is characterized in that comprising: data acquisition module, data fusion module, pretreatment module, memory module, intrusion detection module and response alarm module;
Described data acquisition module, according to the mobile ad-hoc network size that will detect, in mobile ad-hoc network, arrange one or more wireless monitor node, wireless data packet is wirelessly transmitted to data fusion module for the wireless data packet of catching in real time in mobile ad-hoc network; Described wireless data packet comprises routing request packet, route replies bag, routing error bag and business data packet;
Described data fusion module is used for the wireless data packet that the one or more wireless monitor points received are caught to merge, and sends or be wirelessly transmitted to pretreatment module after removing redundant information through cable;
Described pretreatment module is used for the data after to fusion and carries out frame dissection process, and extraction, statistics network behavioural characteristic, obtain network behavior characteristic vector, and network behavior characteristic vector is sent to memory module;
Described memory module comprises general memory block and new Intrusion Signatures memory block, for the network behavior obtained after preliminary treatment characteristic vector is stored in general memory block, and network behavior characteristic vector is sent to intrusion detection module;
Described intrusion detection module, invades for real-time Sampling network, and invasion message notice response alarm module also newly will be invaded network behavior characteristic storage in new Intrusion Signatures memory block;
If network intrusions detected and identify invasion type, then will invade message notice response alarm module; If network intrusions detected but do not identify invasion type, judge in network, to there is unknown invasion type, push-notification-answer alarm module, by the new invasion network behavior characteristic storage of correspondence in new Intrusion Signatures memory block, described invasion information comprises invasion type and invasion time of origin;
Described response alarm module is used for sending warning information after the notice receiving intrusion detection module; Described warning information comprises invasion type and invasion time of origin;
Described new Intrusion Signatures memory block is used for reaching after intrusion detection module can identify in the memory space of new invasion network behavior feature, and use clustering algorithm carries out class division to it, and the new invasion network behavior feature after cluster is sent to intrusion detection module.
8. a kind of mobile ad-hoc network intrusion detection device based on degree of depth study according to claim 7, is characterized in that: described intrusion detection module comprises abnormality detecting unit and misuse detecting unit,
Described abnormality detecting unit, for normal behaviour features training deep neural network Network Based, obtains the expression to normal behavior of the network, and Sampling network invasion in real time; Described normal behavior of the network characteristic vector is that the wireless data packet gathered from normal mobile ad-hoc network obtains after pretreatment module preliminary treatment;
Described misuse detecting unit, for intrusion behavior features training deep neural network Network Based, obtains the expression to network intrusions behavior, and identifies that then invasion type will invade message notice response alarm module; Described network intrusions behavioural characteristic obtains after pretreatment module preliminary treatment from adding the wireless data packet gathered the mobile ad-hoc network of known invasion node.
CN201510344393.2A 2015-06-19 2015-06-19 A kind of mobile ad-hoc network intrusion detection method and equipment based on deep learning Active CN104935600B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510344393.2A CN104935600B (en) 2015-06-19 2015-06-19 A kind of mobile ad-hoc network intrusion detection method and equipment based on deep learning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510344393.2A CN104935600B (en) 2015-06-19 2015-06-19 A kind of mobile ad-hoc network intrusion detection method and equipment based on deep learning

Publications (2)

Publication Number Publication Date
CN104935600A true CN104935600A (en) 2015-09-23
CN104935600B CN104935600B (en) 2019-03-22

Family

ID=54122572

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510344393.2A Active CN104935600B (en) 2015-06-19 2015-06-19 A kind of mobile ad-hoc network intrusion detection method and equipment based on deep learning

Country Status (1)

Country Link
CN (1) CN104935600B (en)

Cited By (60)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471854A (en) * 2015-11-18 2016-04-06 国网智能电网研究院 Adaptive boundary abnormity detection method based on multistage strategies
CN105577685A (en) * 2016-01-25 2016-05-11 浙江海洋学院 Intrusion detection independent analysis method and system in cloud calculation environment
CN105915555A (en) * 2016-06-29 2016-08-31 北京奇虎科技有限公司 Method and system for detecting network anomalous behavior
CN105933312A (en) * 2016-04-21 2016-09-07 温州大学瓯江学院 Identity detection method of cognitive wireless network based on BP neural network
CN105959255A (en) * 2016-01-08 2016-09-21 杭州迪普科技有限公司 Intrusion message shunting method and device
CN106327324A (en) * 2016-08-23 2017-01-11 杭州同盾科技有限公司 Network behavior characteristic rapid calculation method and system
CN106453416A (en) * 2016-12-01 2017-02-22 广东技术师范学院 Detection method of distributed attack intrusion based on deep belief network
CN106572493A (en) * 2016-10-28 2017-04-19 南京华苏科技有限公司 Abnormal value detection method and abnormal value detection system in LTE network
CN106603531A (en) * 2016-12-15 2017-04-26 中国科学院沈阳自动化研究所 Automatic establishing method of intrusion detection model based on industrial control network and apparatus thereof
CN106656981A (en) * 2016-10-21 2017-05-10 东软集团股份有限公司 Network intrusion detection method and device
CN107070913A (en) * 2017-04-07 2017-08-18 杭州安恒信息技术有限公司 A kind of detection and means of defence and system based on webshell attacks
CN107222867A (en) * 2017-06-22 2017-09-29 刘诗楠 Method, device and the wireless signal detection device of wireless signal detection
CN107241358A (en) * 2017-08-02 2017-10-10 重庆邮电大学 A kind of smart home intrusion detection method based on deep learning
CN107371175A (en) * 2017-08-17 2017-11-21 东南大学 A kind of self-organizing network fault detection method using cooperation prediction
CN107819790A (en) * 2017-12-08 2018-03-20 中盈优创资讯科技有限公司 The recognition methods of attack message and device
CN107889111A (en) * 2016-09-30 2018-04-06 北京金山安全软件有限公司 Crank call identification method and device based on deep neural network
CN108011782A (en) * 2017-12-06 2018-05-08 北京百度网讯科技有限公司 Method and apparatus for pushing warning information
CN108156142A (en) * 2017-12-14 2018-06-12 哈尔滨理工大学 Network inbreak detection method based on data mining
CN108200008A (en) * 2017-12-05 2018-06-22 阿里巴巴集团控股有限公司 The recognition methods and device that abnormal data accesses
CN108377240A (en) * 2018-02-07 2018-08-07 平安科技(深圳)有限公司 Exceptional interface detection method, device, computer equipment and storage medium
CN108684043A (en) * 2018-05-15 2018-10-19 南京邮电大学 The abnormal user detection method of deep neural network based on minimum risk
CN108712404A (en) * 2018-05-04 2018-10-26 重庆邮电大学 A kind of Internet of Things intrusion detection method based on machine learning
CN108809974A (en) * 2018-06-07 2018-11-13 深圳先进技术研究院 A kind of Network Abnormal recognition detection method and device
CN108809948A (en) * 2018-05-21 2018-11-13 中国科学院信息工程研究所 A kind of abnormal network connecting detection method based on deep learning
CN108924090A (en) * 2018-06-04 2018-11-30 上海交通大学 A kind of shadowsocks flow rate testing methods based on convolutional neural networks
CN109067773A (en) * 2018-09-10 2018-12-21 成都信息工程大学 A kind of vehicle-mounted CAN network inbreak detection method neural network based and system
CN109272118A (en) * 2018-08-10 2019-01-25 北京达佳互联信息技术有限公司 Data training method, device, equipment and storage medium
CN109391700A (en) * 2018-12-12 2019-02-26 北京华清信安科技有限公司 Internet of Things safe cloud platform based on depth traffic aware
CN109391624A (en) * 2018-11-14 2019-02-26 国家电网有限公司 A kind of terminal access data exception detection method and device based on machine learning
CN109474497A (en) * 2018-12-19 2019-03-15 四川艾贝斯科技发展有限公司 A kind of reliable network maintenance terminal deep learning algorithm
CN109547254A (en) * 2018-11-28 2019-03-29 湖北文理学院 A kind of intrusion detection method, device, electronic equipment and storage medium
CN109639662A (en) * 2018-12-06 2019-04-16 中国民航大学 Onboard networks intrusion detection method based on deep learning
CN109698836A (en) * 2019-02-01 2019-04-30 重庆邮电大学 A kind of method for wireless lan intrusion detection and system based on deep learning
CN109753992A (en) * 2018-12-10 2019-05-14 南京师范大学 The unsupervised domain for generating confrontation network based on condition adapts to image classification method
CN109787958A (en) * 2018-12-15 2019-05-21 深圳先进技术研究院 Network flow real-time detection method and detection terminal, computer readable storage medium
CN109891436A (en) * 2016-10-24 2019-06-14 Lg 电子株式会社 Security system and its control method based on deep learning neural network
CN109890027A (en) * 2019-03-20 2019-06-14 上海连尚网络科技有限公司 For determining the method and apparatus of the security risk information of target wireless access points
CN109960929A (en) * 2019-03-20 2019-07-02 西北大学 A kind of zero sample intrusion detection method based on regression model
CN109995601A (en) * 2017-12-29 2019-07-09 ***通信集团上海有限公司 A kind of network flow identification method and device
CN110070857A (en) * 2019-04-25 2019-07-30 北京梧桐车联科技有限责任公司 The model parameter method of adjustment and device, speech ciphering equipment of voice wake-up model
CN110086776A (en) * 2019-03-22 2019-08-02 国网河南省电力公司经济技术研究院 Intelligent substation Network Intrusion Detection System and detection method based on deep learning
CN110086767A (en) * 2019-03-11 2019-08-02 中国电子科技集团公司电子科学研究院 A kind of hybrid intrusion detection system and method
CN110213287A (en) * 2019-06-12 2019-09-06 北京理工大学 A kind of double mode invasion detecting device based on ensemble machine learning algorithm
CN110262467A (en) * 2019-07-15 2019-09-20 北京工业大学 Industrial control system Network Intrusion and clue based on deep learning find method
CN110401955A (en) * 2019-09-06 2019-11-01 江门职业技术学院 A kind of mobile network's malicious node detection method and system
CN111049828A (en) * 2019-12-13 2020-04-21 国网浙江省电力有限公司信息通信分公司 Network attack detection and response method and system
CN111224998A (en) * 2020-01-21 2020-06-02 福州大学 Botnet identification method based on extreme learning machine
CN111274216A (en) * 2020-01-09 2020-06-12 腾讯科技(深圳)有限公司 Wireless local area network identification method, wireless local area network identification device, storage medium and electronic equipment
CN111614659A (en) * 2020-05-19 2020-09-01 杭州英视信息科技有限公司 Distributed detection method for unknown network flow
CN108055276B (en) * 2017-12-25 2020-10-20 南京南邮信息产业技术研究院有限公司 Intrusion detection real-time analysis system for big data application platform
CN111817844A (en) * 2020-07-20 2020-10-23 西安电子科技大学 Double-link wireless ad hoc network and security defense method in emergency scene
WO2021068513A1 (en) * 2019-10-12 2021-04-15 平安科技(深圳)有限公司 Abnormal object recognition method and apparatus, medium, and electronic device
CN112714446A (en) * 2020-12-31 2021-04-27 中国电子科技集团公司第七研究所 Cooperative intrusion sensing method based on edge intelligence
CN113065127A (en) * 2021-02-24 2021-07-02 山东英信计算机技术有限公司 Database protection method, system and medium
CN114465769A (en) * 2021-12-28 2022-05-10 尚承科技股份有限公司 Network equipment, processing system and method for learning network behavior characteristics
CN114553468A (en) * 2022-01-04 2022-05-27 国网浙江省电力有限公司金华供电公司 Three-level network intrusion detection method based on feature intersection and ensemble learning
WO2022134911A1 (en) * 2020-12-21 2022-06-30 中兴通讯股份有限公司 Diagnosis method and apparatus, and terminal and storage medium
CN115604018A (en) * 2022-11-02 2023-01-13 广东网安科技有限公司(Cn) Network security monitoring method, system, equipment and storage medium
CN115650460A (en) * 2022-12-14 2023-01-31 鹏凯环境科技股份有限公司 Sewage treatment device and method with online monitoring function
CN117439820A (en) * 2023-12-20 2024-01-23 国家电网有限公司客户服务中心 Network intrusion detection method capable of dynamically adjusting threshold

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040028000A1 (en) * 2002-08-12 2004-02-12 Harris Corporation Mobile ad-hoc network with intrusion detection features and related methods
CN1477811A (en) * 2003-07-11 2004-02-25 北京邮电大学 Formalized description method of network infection behaviour and normal behaviour
CN1649311A (en) * 2005-03-23 2005-08-03 北京首信科技有限公司 Detecting system and method for user behaviour abnormal based on machine study
CN101399672A (en) * 2008-10-17 2009-04-01 章毅 Intrusion detection method for fusion of multiple neutral networks
CN101610516A (en) * 2009-08-04 2009-12-23 华为技术有限公司 Intrusion detection method in the self-organizing network and equipment
CN103023927A (en) * 2013-01-10 2013-04-03 西南大学 Method and system for intrusion detection based on non-negative matrix factorization under sparse representation
CN103729678A (en) * 2013-12-12 2014-04-16 中国科学院信息工程研究所 Navy detection method and system based on improved DBN model

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040028000A1 (en) * 2002-08-12 2004-02-12 Harris Corporation Mobile ad-hoc network with intrusion detection features and related methods
CN1477811A (en) * 2003-07-11 2004-02-25 北京邮电大学 Formalized description method of network infection behaviour and normal behaviour
CN1649311A (en) * 2005-03-23 2005-08-03 北京首信科技有限公司 Detecting system and method for user behaviour abnormal based on machine study
CN101399672A (en) * 2008-10-17 2009-04-01 章毅 Intrusion detection method for fusion of multiple neutral networks
CN101610516A (en) * 2009-08-04 2009-12-23 华为技术有限公司 Intrusion detection method in the self-organizing network and equipment
CN103023927A (en) * 2013-01-10 2013-04-03 西南大学 Method and system for intrusion detection based on non-negative matrix factorization under sparse representation
CN103729678A (en) * 2013-12-12 2014-04-16 中国科学院信息工程研究所 Navy detection method and system based on improved DBN model

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
徐东辉等: "一种基于DBN的网络入侵检测算法", 《上海电力学院学报》 *

Cited By (92)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471854A (en) * 2015-11-18 2016-04-06 国网智能电网研究院 Adaptive boundary abnormity detection method based on multistage strategies
CN105471854B (en) * 2015-11-18 2019-06-28 国网智能电网研究院 A kind of adaptive boundary method for detecting abnormality based on multistage strategy
CN105959255A (en) * 2016-01-08 2016-09-21 杭州迪普科技有限公司 Intrusion message shunting method and device
CN105577685A (en) * 2016-01-25 2016-05-11 浙江海洋学院 Intrusion detection independent analysis method and system in cloud calculation environment
CN105933312A (en) * 2016-04-21 2016-09-07 温州大学瓯江学院 Identity detection method of cognitive wireless network based on BP neural network
CN105915555A (en) * 2016-06-29 2016-08-31 北京奇虎科技有限公司 Method and system for detecting network anomalous behavior
CN105915555B (en) * 2016-06-29 2020-02-18 北京奇虎科技有限公司 Method and system for detecting network abnormal behavior
CN106327324A (en) * 2016-08-23 2017-01-11 杭州同盾科技有限公司 Network behavior characteristic rapid calculation method and system
CN107889111A (en) * 2016-09-30 2018-04-06 北京金山安全软件有限公司 Crank call identification method and device based on deep neural network
CN106656981A (en) * 2016-10-21 2017-05-10 东软集团股份有限公司 Network intrusion detection method and device
CN106656981B (en) * 2016-10-21 2020-04-28 东软集团股份有限公司 Network intrusion detection method and device
CN109891436A (en) * 2016-10-24 2019-06-14 Lg 电子株式会社 Security system and its control method based on deep learning neural network
CN106572493A (en) * 2016-10-28 2017-04-19 南京华苏科技有限公司 Abnormal value detection method and abnormal value detection system in LTE network
US11057788B2 (en) 2016-10-28 2021-07-06 Nanjing Howso Technology Co., Ltd Method and system for abnormal value detection in LTE network
CN106572493B (en) * 2016-10-28 2018-07-06 南京华苏科技有限公司 Rejecting outliers method and system in LTE network
CN106453416A (en) * 2016-12-01 2017-02-22 广东技术师范学院 Detection method of distributed attack intrusion based on deep belief network
CN106603531A (en) * 2016-12-15 2017-04-26 中国科学院沈阳自动化研究所 Automatic establishing method of intrusion detection model based on industrial control network and apparatus thereof
WO2018107631A1 (en) * 2016-12-15 2018-06-21 中国科学院沈阳自动化研究所 Automatic establishing method and apparatus for intrusion detection model based on industrial control network
CN107070913A (en) * 2017-04-07 2017-08-18 杭州安恒信息技术有限公司 A kind of detection and means of defence and system based on webshell attacks
CN107070913B (en) * 2017-04-07 2020-04-28 杭州安恒信息技术股份有限公司 Webshell attack-based detection and protection method and system
CN107222867A (en) * 2017-06-22 2017-09-29 刘诗楠 Method, device and the wireless signal detection device of wireless signal detection
CN107241358A (en) * 2017-08-02 2017-10-10 重庆邮电大学 A kind of smart home intrusion detection method based on deep learning
CN107371175B (en) * 2017-08-17 2020-02-18 东南大学 Self-organizing network fault detection method using cooperative prediction
CN107371175A (en) * 2017-08-17 2017-11-21 东南大学 A kind of self-organizing network fault detection method using cooperation prediction
TWI734038B (en) * 2017-12-05 2021-07-21 開曼群島商創新先進技術有限公司 Method and device for identifying abnormal data access
CN108200008A (en) * 2017-12-05 2018-06-22 阿里巴巴集团控股有限公司 The recognition methods and device that abnormal data accesses
WO2019109741A1 (en) * 2017-12-05 2019-06-13 阿里巴巴集团控股有限公司 Abnormal data access identification method and apparatus
CN108011782B (en) * 2017-12-06 2020-10-16 北京百度网讯科技有限公司 Method and device for pushing alarm information
CN108011782A (en) * 2017-12-06 2018-05-08 北京百度网讯科技有限公司 Method and apparatus for pushing warning information
CN107819790A (en) * 2017-12-08 2018-03-20 中盈优创资讯科技有限公司 The recognition methods of attack message and device
CN108156142A (en) * 2017-12-14 2018-06-12 哈尔滨理工大学 Network inbreak detection method based on data mining
CN108055276B (en) * 2017-12-25 2020-10-20 南京南邮信息产业技术研究院有限公司 Intrusion detection real-time analysis system for big data application platform
CN109995601B (en) * 2017-12-29 2020-12-01 ***通信集团上海有限公司 Network traffic identification method and device
CN109995601A (en) * 2017-12-29 2019-07-09 ***通信集团上海有限公司 A kind of network flow identification method and device
CN108377240A (en) * 2018-02-07 2018-08-07 平安科技(深圳)有限公司 Exceptional interface detection method, device, computer equipment and storage medium
CN108712404A (en) * 2018-05-04 2018-10-26 重庆邮电大学 A kind of Internet of Things intrusion detection method based on machine learning
CN108712404B (en) * 2018-05-04 2020-11-06 重庆邮电大学 Internet of things intrusion detection method based on machine learning
CN108684043B (en) * 2018-05-15 2021-09-28 南京邮电大学 Abnormal user detection method of deep neural network based on minimum risk
CN108684043A (en) * 2018-05-15 2018-10-19 南京邮电大学 The abnormal user detection method of deep neural network based on minimum risk
CN108809948A (en) * 2018-05-21 2018-11-13 中国科学院信息工程研究所 A kind of abnormal network connecting detection method based on deep learning
CN108809948B (en) * 2018-05-21 2020-07-10 中国科学院信息工程研究所 Abnormal network connection detection method based on deep learning
CN108924090A (en) * 2018-06-04 2018-11-30 上海交通大学 A kind of shadowsocks flow rate testing methods based on convolutional neural networks
CN108924090B (en) * 2018-06-04 2020-12-11 上海交通大学 Method for detecting traffics of shadowsocks based on convolutional neural network
CN108809974A (en) * 2018-06-07 2018-11-13 深圳先进技术研究院 A kind of Network Abnormal recognition detection method and device
CN109272118A (en) * 2018-08-10 2019-01-25 北京达佳互联信息技术有限公司 Data training method, device, equipment and storage medium
CN109067773A (en) * 2018-09-10 2018-12-21 成都信息工程大学 A kind of vehicle-mounted CAN network inbreak detection method neural network based and system
CN109067773B (en) * 2018-09-10 2020-10-27 成都信息工程大学 Vehicle-mounted CAN network intrusion detection method and system based on neural network
CN109391624A (en) * 2018-11-14 2019-02-26 国家电网有限公司 A kind of terminal access data exception detection method and device based on machine learning
CN109547254B (en) * 2018-11-28 2022-03-15 湖北文理学院 Intrusion detection method and device, electronic equipment and storage medium
CN109547254A (en) * 2018-11-28 2019-03-29 湖北文理学院 A kind of intrusion detection method, device, electronic equipment and storage medium
CN109639662A (en) * 2018-12-06 2019-04-16 中国民航大学 Onboard networks intrusion detection method based on deep learning
CN109753992A (en) * 2018-12-10 2019-05-14 南京师范大学 The unsupervised domain for generating confrontation network based on condition adapts to image classification method
CN109391700B (en) * 2018-12-12 2021-04-09 北京华清信安科技有限公司 Internet of things security cloud platform based on depth flow sensing
CN109391700A (en) * 2018-12-12 2019-02-26 北京华清信安科技有限公司 Internet of Things safe cloud platform based on depth traffic aware
CN109787958A (en) * 2018-12-15 2019-05-21 深圳先进技术研究院 Network flow real-time detection method and detection terminal, computer readable storage medium
CN109787958B (en) * 2018-12-15 2021-05-25 深圳先进技术研究院 Network flow real-time detection method, detection terminal and computer readable storage medium
CN109474497A (en) * 2018-12-19 2019-03-15 四川艾贝斯科技发展有限公司 A kind of reliable network maintenance terminal deep learning algorithm
CN109698836A (en) * 2019-02-01 2019-04-30 重庆邮电大学 A kind of method for wireless lan intrusion detection and system based on deep learning
CN110086767A (en) * 2019-03-11 2019-08-02 中国电子科技集团公司电子科学研究院 A kind of hybrid intrusion detection system and method
CN109960929A (en) * 2019-03-20 2019-07-02 西北大学 A kind of zero sample intrusion detection method based on regression model
CN109890027A (en) * 2019-03-20 2019-06-14 上海连尚网络科技有限公司 For determining the method and apparatus of the security risk information of target wireless access points
CN109960929B (en) * 2019-03-20 2023-06-02 西北大学 Regression model-based zero sample intrusion detection method
CN110086776A (en) * 2019-03-22 2019-08-02 国网河南省电力公司经济技术研究院 Intelligent substation Network Intrusion Detection System and detection method based on deep learning
CN110070857A (en) * 2019-04-25 2019-07-30 北京梧桐车联科技有限责任公司 The model parameter method of adjustment and device, speech ciphering equipment of voice wake-up model
CN110070857B (en) * 2019-04-25 2021-11-23 北京梧桐车联科技有限责任公司 Model parameter adjusting method and device of voice awakening model and voice equipment
CN110213287A (en) * 2019-06-12 2019-09-06 北京理工大学 A kind of double mode invasion detecting device based on ensemble machine learning algorithm
CN110213287B (en) * 2019-06-12 2020-07-10 北京理工大学 Dual-mode intrusion detection device based on integrated machine learning algorithm
CN110262467A (en) * 2019-07-15 2019-09-20 北京工业大学 Industrial control system Network Intrusion and clue based on deep learning find method
CN110401955A (en) * 2019-09-06 2019-11-01 江门职业技术学院 A kind of mobile network's malicious node detection method and system
WO2021068513A1 (en) * 2019-10-12 2021-04-15 平安科技(深圳)有限公司 Abnormal object recognition method and apparatus, medium, and electronic device
CN111049828B (en) * 2019-12-13 2021-05-07 国网浙江省电力有限公司信息通信分公司 Network attack detection and response method and system
CN111049828A (en) * 2019-12-13 2020-04-21 国网浙江省电力有限公司信息通信分公司 Network attack detection and response method and system
CN111274216B (en) * 2020-01-09 2023-05-23 腾讯科技(深圳)有限公司 Identification method and identification device of wireless local area network, storage medium and electronic equipment
CN111274216A (en) * 2020-01-09 2020-06-12 腾讯科技(深圳)有限公司 Wireless local area network identification method, wireless local area network identification device, storage medium and electronic equipment
CN111224998B (en) * 2020-01-21 2020-12-25 福州大学 Botnet identification method based on extreme learning machine
CN111224998A (en) * 2020-01-21 2020-06-02 福州大学 Botnet identification method based on extreme learning machine
CN111614659A (en) * 2020-05-19 2020-09-01 杭州英视信息科技有限公司 Distributed detection method for unknown network flow
CN111614659B (en) * 2020-05-19 2022-09-23 杭州英视信息科技有限公司 Distributed detection method for unknown network flow
CN111817844B (en) * 2020-07-20 2021-06-25 西安电子科技大学 Double-link wireless ad hoc network and security defense method in emergency scene
CN111817844A (en) * 2020-07-20 2020-10-23 西安电子科技大学 Double-link wireless ad hoc network and security defense method in emergency scene
WO2022134911A1 (en) * 2020-12-21 2022-06-30 中兴通讯股份有限公司 Diagnosis method and apparatus, and terminal and storage medium
CN112714446B (en) * 2020-12-31 2023-05-02 中国电子科技集团公司第七研究所 Collaborative intrusion sensing method based on edge intelligence
CN112714446A (en) * 2020-12-31 2021-04-27 中国电子科技集团公司第七研究所 Cooperative intrusion sensing method based on edge intelligence
CN113065127B (en) * 2021-02-24 2022-09-20 山东英信计算机技术有限公司 Database protection method, system and medium
CN113065127A (en) * 2021-02-24 2021-07-02 山东英信计算机技术有限公司 Database protection method, system and medium
CN114465769A (en) * 2021-12-28 2022-05-10 尚承科技股份有限公司 Network equipment, processing system and method for learning network behavior characteristics
CN114465769B (en) * 2021-12-28 2024-03-15 尚承科技股份有限公司 Network equipment, processing system and method for learning network behavior characteristics
CN114553468A (en) * 2022-01-04 2022-05-27 国网浙江省电力有限公司金华供电公司 Three-level network intrusion detection method based on feature intersection and ensemble learning
CN115604018A (en) * 2022-11-02 2023-01-13 广东网安科技有限公司(Cn) Network security monitoring method, system, equipment and storage medium
CN115650460A (en) * 2022-12-14 2023-01-31 鹏凯环境科技股份有限公司 Sewage treatment device and method with online monitoring function
CN117439820A (en) * 2023-12-20 2024-01-23 国家电网有限公司客户服务中心 Network intrusion detection method capable of dynamically adjusting threshold
CN117439820B (en) * 2023-12-20 2024-03-19 国家电网有限公司客户服务中心 Network intrusion detection method capable of dynamically adjusting threshold

Also Published As

Publication number Publication date
CN104935600B (en) 2019-03-22

Similar Documents

Publication Publication Date Title
CN104935600A (en) Mobile ad hoc network intrusion detection method and device based on deep learning
CN109698836B (en) Wireless local area network intrusion detection method and system based on deep learning
CN103581186B (en) A kind of network security situational awareness method and system
CN107040517B (en) Cognitive intrusion detection method oriented to cloud computing environment
Cheng et al. Multi-scale LSTM model for BGP anomaly classification
CN107241358B (en) Smart home intrusion detection method based on deep learning
CN102789593B (en) Intrusion detection method based on incremental GHSOM (Growing Hierarchical Self-organizing Maps) neural network
US20170032130A1 (en) Pre-cognitive security information and event management
CN108040073A (en) Malicious attack detection method based on deep learning in information physical traffic system
Huang et al. Network traffic anomaly detection based on growing hierarchical SOM
CN105577685A (en) Intrusion detection independent analysis method and system in cloud calculation environment
CN107872460A (en) A kind of wireless sense network dos attack lightweight detection method based on random forest
Shitharth et al. An enriched RPCO-BCNN mechanisms for attack detection and classification in SCADA systems
CN112367303B (en) Distributed self-learning abnormal flow collaborative detection method and system
Anil et al. A hybrid method based on genetic algorithm, self-organised feature map, and support vector machine for better network anomaly detection
Tan et al. An intrusion detection method based on DBN in ad hoc networks
CN111970259B (en) Network intrusion detection method and alarm system based on deep learning
KR20190076479A (en) Apparatus and method for analyzing feature of impersonation attack using deep running in wireless wi-fi network
Shitharth et al. A new probabilistic relevancy classification (PRC) based intrusion detection system (IDS) for SCADA network
CN112532652A (en) Attack behavior portrait device and method based on multi-source data
Laha et al. How can machine learning impact on wireless network and IoT?–A survey
CN110365625B (en) Internet of things security detection method and device and storage medium
Sun et al. Detection and classification of network events in LAN using CNN
Ageyev et al. Traffic Abnormality Detection ML-based Method for IoT
Tran Network anomaly detection

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant