CN109787958B - Network flow real-time detection method, detection terminal and computer readable storage medium - Google Patents

Network flow real-time detection method, detection terminal and computer readable storage medium Download PDF

Info

Publication number
CN109787958B
CN109787958B CN201811537156.8A CN201811537156A CN109787958B CN 109787958 B CN109787958 B CN 109787958B CN 201811537156 A CN201811537156 A CN 201811537156A CN 109787958 B CN109787958 B CN 109787958B
Authority
CN
China
Prior art keywords
data
network
prediction function
network traffic
classifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811537156.8A
Other languages
Chinese (zh)
Other versions
CN109787958A (en
Inventor
叶可江
纪书鉴
须成忠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Institute of Advanced Technology of CAS
Original Assignee
Shenzhen Institute of Advanced Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Institute of Advanced Technology of CAS filed Critical Shenzhen Institute of Advanced Technology of CAS
Priority to CN201811537156.8A priority Critical patent/CN109787958B/en
Publication of CN109787958A publication Critical patent/CN109787958A/en
Application granted granted Critical
Publication of CN109787958B publication Critical patent/CN109787958B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a real-time network flow detection method, a detection terminal and a computer readable storage medium, wherein the detection method comprises the following steps: s10, preprocessing the arrived network flow data to obtain new flow data; s20, selecting the characteristics of the new flow data to generate the data characteristics of the new flow data, and generating a network flow data set according to the data characteristics; and S30, combining the hedging learning algorithm and the deep neural network to generate a prediction function, importing the network traffic data set into the prediction function, and updating the prediction function in real time. The invention has better expansibility and memory utility for anomaly detection, and can effectively adapt to data flow, thereby reducing cost and improving the detection rate of network flow anomaly.

Description

Network flow real-time detection method, detection terminal and computer readable storage medium
Technical Field
The invention belongs to the technical field of network flow abnormity detection, and particularly relates to a deep learning-based network flow real-time detection method, a detection terminal and a computer-readable storage medium.
Background
Nowadays, network traffic anomaly detection and subsequent analysis are already important for network and security management. The network flow abnormity detection is taken as an effective network protection means, can detect unknown network attack behaviors, provides important support for network situation perception, and is paid more and more attention by researchers in recent years. The network flow anomaly detection method mainly comprises a detection method based on characterization behavior matching, an anomaly detection method based on statistics, an anomaly detection method based on machine learning, an anomaly detection method based on data mining and an anomaly detection method based on the traditional neural network
The detection method based on the characterization behavior matching is to select by using a rule feature library and search a pattern matched with abnormal features in network traffic data to detect the abnormality. The anomaly detection method based on statistics is to use a time series statistical analysis method to detect the behavior anomaly by collecting network traffic data in a period of time, and the detection method does not need to know the characteristics of the anomaly in advance. The method based on machine learning emphasizes the model trained based on the information of the previous data set to improve the performance of the recognition system, and the anomaly detection method uses common machine learning methods such as Bayesian network, principal component analysis, hidden Markov and the like. The anomaly detection method based on data mining is to mine anomalies from a large amount of network flow audit data and identify network anomaly conditions. The anomaly detection method based on the traditional neural network comprises two stages of model training and anomaly detection, wherein the first stage is to train a classification model according to a labeled training data set, and the second stage is to classify network traffic data by taking the neural network model trained from the first stage as the classification model so as to finish anomaly detection.
Network traffic is a high-speed dynamic data stream, and online real-time detection is required for continuously and rapidly arriving original data. The above-described anomaly detection methods have certain limitations and disadvantages. The anomaly detection method based on the characterization behavior matching has the disadvantages that the detection result is classified and matched according to the feature database, the unknown anomaly type cannot be detected, and the feature database needs to be updated continuously. The anomaly detection method based on statistics, the anomaly detection method based on machine learning and the anomaly detection method based on data mining are all established on the basis of learning a historical data set, the detection result is greatly influenced by historical data and is difficult to reflect the behavior characteristics of the current network flow, and the time space complexity of the detection algorithm is high and is easily influenced by the limitation of system resources such as a memory and the like. The anomaly detection method based on the traditional neural network has the defects that the model capacity complexity is not flexibly set, and the dynamic network data flow is difficult to adapt.
Disclosure of Invention
In view of the above, the invention provides a deep learning-based network traffic real-time detection method and a detection terminal, so as to solve certain limitations and deficiencies of an anomaly detection method in the prior art; the abnormity detection method based on the characterization behavior matching has the defects that the detection result is classified and matched according to the characteristic database, the unknown abnormal type cannot be detected, and the characteristic database needs to be continuously updated; the anomaly detection method based on statistics, the anomaly detection method based on machine learning and the anomaly detection method based on data mining are all established on the basis of learning a historical data set, the detection result is greatly influenced by historical data and is difficult to reflect the behavior characteristics of the current network flow, and the time space complexity of the detection algorithm is high and is easily influenced by the limitation of system resources such as a memory and the like; the anomaly detection method based on the traditional neural network has the defects that the model capacity complexity is not flexibly set, and the dynamic network data flow is difficult to adapt.
The invention provides a network flow real-time detection method based on deep learning, which comprises the following steps: step S10, preprocessing the arriving network flow data to obtain new flow data; step S20, selecting the characteristics of the new flow data to generate the data characteristics of the new flow data, and generating a network flow data set according to the data characteristics; step S30, combining the hedge learning algorithm and the deep neural network to generate a prediction function, importing the network traffic data set into the prediction function and updating the prediction function in real time, outputting a traffic sequence of the new network traffic by the prediction function, returning a corresponding network event type according to the traffic sequence, and judging whether the received network traffic data is abnormal according to the network event type.
In an embodiment of the present invention, the step S10 includes: step S11, respectively reading a training data set and a testing data set in the network traffic data; and step S12, carrying out standardization processing on the network traffic data, cleaning lost or wrong data, and generating new traffic data after deleting irrelevant data.
In an embodiment of the present invention, the step S20 includes: step S21, performing dimensionality reduction on a training data set and a testing data set in the new flow data by using a principal component analysis method, and removing redundant data to form a data feature set; step S22, creating the data feature of the new traffic data according to the original data set of the network traffic data; and step S23, producing the network traffic data set according to the data characteristics.
In an embodiment of the present invention, the network traffic data set is: d { (x)1,y1),(x2,y2),(x3,y3),...,(xn,yn) }; wherein x isnIs a feature vector of the new traffic data, and xn=[x1,x2,x3,...,xn]T,x1,x2,x3,...,xnRepresenting a flow data characteristic; y isnE {0, 1, 2.., n } is xnThe category labels of (1) respectively indicate the categories to which the network traffic belongs.
In an embodiment of the invention, in the step S30, the deep neural network includes an L-layer hidden layer; the prediction function of the deep neural network comprises a classifier f(L)
In an embodiment of the present invention, the step S3 includes the steps of: will be determined by the classifier parameter θ(L)And corresponding classifier features h(L)Parameterizing to obtain each classifier f(L)(ii) a Each classifier f(L)The weighting results in a prediction function f (x) of the decision result.
In an embodiment of the present invention, the prediction function f (x) is: f (x) ΣLa(L)f(L)
Figure BDA0001907171420000031
h(0)X; wherein, a(L)Is the weight parameter of the classifier; h is(L)Is a classifier feature; theta(L)And w(L)Are classifier parameters.
In an embodiment of the present invention, the loss function of the prediction function is:
Figure BDA0001907171420000032
and L is the number of hidden layers.
In an embodiment of the present inventionIn step S3, the step of generating a prediction function by combining the hedge learning algorithm and the deep neural network, importing the network traffic data set into the prediction function, and updating the prediction function in real time includes: step S31, initializing the classifier f of each hidden layer(L)And the weight parameter a of the classifier(L)
Figure BDA0001907171420000041
Setting a smooth rate parameter, wherein the smooth rate parameter beta belongs to (0, 1); step S32, receiving the network traffic data set D { (x) in sequence1,y1),(x2,y2),(x3,y3),...,(xn,yn) X in (b) }tAs an input instance and importing the prediction function yt=Ft(xt)=∑Lat (L)ft (L)(ii) a At this time, the loss of the prediction function is
Figure BDA0001907171420000042
xtIs x1,x2,……,xnOne of the data; step S33, updating the parameter theta of the classifier according to the calculation result of the prediction function(L)And w(L)And updating the weight parameter a(L)(ii) a Wherein the content of the first and second substances,
Figure BDA0001907171420000043
Figure BDA0001907171420000044
wherein, eta is a smoothing parameter,
Figure BDA0001907171420000045
calculating a sign for the gradient; step S34, repeating step S32 and step S33 to obtain a flow sequence of the continuous output of the prediction function, returning a corresponding network event type according to the flow sequence, and judging the received network flow data according to the network event typeWhether it is abnormal.
The invention also provides a terminal device comprising a memory, a processor and a computer program stored in the memory and operable on the processor, wherein the processor implements the steps of the method when executing the computer program.
The invention also provides a computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method as described above.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
under large-scale high-speed network traffic data, the method can enable abnormality detection to have better expansibility and memory utility through a hedging learning algorithm and a deep neural network type for the sequentially arriving network traffic data, and can effectively adapt to data flow so as to reduce cost and further improve the detection rate of network traffic abnormality.
The neural network judgment can be updated and supplemented in real time under a high-speed network flow data stream, and the network structure can be gradually expanded and complicated along with the data; the characteristics of network flow can be combined, so that the neural network structure learns the classification model in the data flow arriving in sequence, and the method has higher expandability and memory resource utilization, thereby improving the accuracy of anomaly detection and the flexibility of the detection model.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic flow chart of a deep learning-based network traffic real-time detection method according to the present invention.
Fig. 2 is a block diagram illustrating a detailed flow of step S10 according to an embodiment of the present invention.
Fig. 3 is a block diagram illustrating a detailed flow of step S20 according to an embodiment of the present invention.
Fig. 4 is a block diagram illustrating a detailed flow of step S30 according to an embodiment of the present invention.
Fig. 5 is a schematic diagram showing a framework structure of the deep neural network according to the present invention.
Fig. 6 is a schematic diagram of a terminal device according to an embodiment of the present invention.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
In order to explain the technical means of the present invention, the following description will be given by way of specific examples.
Network traffic is a high-speed dynamic data stream, and online real-time detection is required for continuously and rapidly arriving original data. The invention combines the excellent performance of the deep learning technology in the aspect of feature expression, provides a self-adaptive neural network framework, and can train a good deep neural network in a high-speed arriving sequential network data stream by matching with a hedging learning algorithm. And the deep neural network can automatically convert to a deeper model gradually from the shallow network as the training data stream arrives and share a priori knowledge of the shallow network to learn more complex assumptions. The characteristics of network data flow and the characteristics of a hedge learning algorithm and deep learning can be combined, and the flexibility and the accuracy of detection can be improved in the aspect of network flow abnormity detection.
As shown in fig. 1 to 5, fig. 1 is a schematic block diagram illustrating a process of a deep learning-based network traffic real-time detection method according to the present invention. Fig. 2 is a block diagram illustrating a detailed flow of step S10 according to an embodiment of the present invention. Fig. 3 is a block diagram illustrating a detailed flow of step S20 according to an embodiment of the present invention. Fig. 4 is a block diagram illustrating a detailed flow of step S30 according to an embodiment of the present invention. Fig. 5 is a schematic diagram showing a framework structure of the deep neural network according to the present invention. The invention provides a network flow real-time detection method based on deep learning, which comprises the following steps:
step S10, preprocessing the arriving network flow data to obtain new flow data; in one embodiment, the step S10 includes: step S11, respectively reading a training data set and a testing data set in the network traffic data; and step S12, carrying out standardization processing on the network traffic data, cleaning lost or wrong data, and generating new traffic data after deleting irrelevant data.
Step S20, selecting the characteristics of the new flow data to generate the data characteristics of the new flow data, and generating a network flow data set according to the data characteristics; the step S20 includes: step S21, performing dimensionality reduction on a training data set and a testing data set in the new flow data by using a principal component analysis method, and removing redundant data to form a data feature set; step S22, creating the data feature of the new traffic data according to the original data set of the network traffic data; and step S23, producing the network traffic data set according to the data characteristics.
Step S30, combining the hedge learning algorithm and the deep neural network to generate a prediction function, importing the network traffic data set into the prediction function and updating the prediction function in real time, outputting a traffic sequence of the new network traffic by the prediction function, returning a corresponding network event type according to the traffic sequence, and judging whether the received network traffic data is abnormal according to the network event type.
The method for analyzing the network large-flow data through the deep learning method to identify the intrusion behavior is an important means, and in view of the strong feature expression capability of the deep learning, the deep neural network can obtain higher detection rate and accuracy rate in detection compared with the traditional machine learning detection algorithm.
The deep neural network is based on an online learning mode, and the problems of small gradient and gradually reduced feature reuse in the deep neural network are solved. And a plurality of hyper-parameters needing to be adjusted and covariates inside the training process can be obtained along with the expansion of the data flow.
The deep neural network structure is based on high-speed network flow data to learn a discriminant model, can start from a shallow network and convert into a complex network model along with the inflow of data, and the shallow data is shared, and the discriminant model has higher convergence.
Typically, the network traffic data set is:
D={(x1,y1),(x2,y2),(x3,y3),...,(xn,yn)};
wherein x isnIs a feature vector of the new traffic data, and xn=[x1,x2,x3,...,xn]TFeature vector xnIs a column vector, T is the mathematical sign of the transpose of this column vector, x1,x2,x3,...,xnRepresenting a flow data characteristic; y isn(ynE {0, 1, 2.., n }) is xnThe category labels of (1) respectively indicate the categories to which the network traffic belongs.
Further, in the step S30, the deep neural network includes an L-layer hidden layer; the prediction function of the deep neural network comprises a classifier f(L)
The deep neural network structure is matched with a hedging learning algorithm, and parameters of all hidden layers can be adjusted by applying back propagation from a single trained data sample in a high-speed network flow data stream.
In one embodiment, the step S3 includes the steps of:
will be determined by the classifier parameter θ(L)And corresponding classifier features h(L)Parameterizing to obtain each classifier f(L)
Each classifierf(L)The weighting results in a prediction function f (x) of the decision result.
Wherein the prediction function F (x) is:
F(x)=∑La(L)f(L)
Figure BDA0001907171420000071
Figure BDA0001907171420000072
h(0)=x;
wherein, a(L)Is the weight parameter of the classifier; h is(L)Is a classifier feature; theta(L)And w(L)Are classifier parameters. In this case, the loss function of the prediction function is:
Figure BDA0001907171420000073
and L is the number of hidden layers.
In order to fuse the deep neural network and the hedge learning algorithm well, the step S3 of combining the hedge learning algorithm and the deep neural network to generate a prediction function, and the step of importing the network traffic data set into the prediction function and updating the prediction function in real time includes:
step S31, initializing the classifier f of each hidden layer(L)And the weight parameter a of the classifier(L)
Figure BDA0001907171420000081
Setting a smooth rate parameter, wherein the smooth rate parameter beta belongs to (0, 1);
step S32, receiving the network traffic data set D { (x) in sequence1,y1),(x2,y2),(x3,y3),...,(xn,yn) X in (b) }tAs an input instance and importing the prediction function yt=Ft(xt)=∑Lat (L)ft (L)(ii) a At this time, the loss of the prediction function is
Figure BDA0001907171420000082
xtIs x1,x2,……,xnOne of the data;
step S33, updating the parameter theta of the classifier according to the calculation result of the prediction function(L)And w(L)And updating the weight parameter a(L)(ii) a Wherein the content of the first and second substances,
Figure BDA0001907171420000083
wherein, eta is a smoothing parameter,
Figure BDA0001907171420000084
calculating a sign for the gradient;
and S34, repeating the steps S32 and S33 to obtain a flow sequence of the continuous output of the prediction function, returning a corresponding network event type according to the flow sequence, and judging whether the received network flow data is abnormal or not according to the network event type.
The invention also provides a terminal device comprising a memory, a processor and a computer program stored in the memory and operable on the processor, wherein the processor implements the steps of the method when executing the computer program. Fig. 6 is a schematic diagram of a terminal device according to an embodiment of the present invention. As shown in fig. 6, the embodiment/terminal device 1 includes: a processor 10, a memory 11 and a computer program 12 stored in said memory 11 and executable on said processor 10.
The processor 10, when executing the computer program 12, implements the steps in the various software development method embodiments described above, such as the steps S10-S30 shown in fig. 1.
The terminal device 1 may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The terminal 1 device may include, but is not limited to, a processor 10, a memory 11. The Processor 10 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The memory 11 may be an internal storage unit of the terminal device 1, such as a hard disk or a memory of the terminal device 1. The memory 11 may also be an external storage device of the terminal device 1, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the terminal device. Further, the memory 11 may also include both an internal storage unit and an external storage device of the terminal device 1. The memory 11 is used for storing the computer program and other programs and data required by the terminal device. The memory 11 may also be used for temporarily storing data that has been output or is to be output
The invention also provides a computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method as described above.
In summary, the network traffic real-time detection method and the network traffic real-time detection system based on deep learning of the present invention can make the anomaly detection have better expansibility and memory utility by the hedging learning algorithm and the deep neural network type for the sequentially arriving network traffic data under large-scale high-speed network traffic data, and can effectively adapt to the data flow, thereby reducing the cost and further improving the detection rate of network traffic anomaly. The neural network judgment can be updated and supplemented in real time under a high-speed network flow data stream, and the network structure can be gradually expanded and complicated along with the data; the characteristics of network flow can be combined, so that the neural network structure learns the classification model in the data flow arriving in sequence, and the method has higher expandability and memory resource utilization, thereby improving the accuracy of anomaly detection and the flexibility of the detection model.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.

Claims (7)

1. A network flow real-time detection method based on deep learning is characterized by comprising the following steps:
step S10, preprocessing the arriving network flow data to obtain new flow data;
step S20, selecting the characteristics of the new flow data to generate the data characteristics of the new flow data, and generating a network flow data set according to the data characteristics;
step S30, combining an hedging learning algorithm and a deep neural network to generate a prediction function, importing the network traffic data set into the prediction function and updating the prediction function in real time, outputting a traffic sequence of the new network traffic by the prediction function, returning a corresponding network event type according to the traffic sequence, and judging whether the received network traffic data is abnormal according to the network event type;
the step S30 includes the steps of:
will be determined by the classifier parameter θ(L)And corresponding classifier features h(L)Parameterizing to obtain each classifier f(L)
Each classifier f(L)Obtaining a prediction function F (x) of a judgment result after weighting;
the prediction function F (x) is:
F(x)=∑La(L)f(L)
Figure FDA0003007038110000011
Figure FDA0003007038110000012
h(0)=x;
wherein, a(L)Is the weight parameter of the classifier; h is(L)Is a classifier feature; theta(L)And w(L)Is a classifier parameter; in this case, the loss function of the prediction function is:
Figure FDA0003007038110000013
l is the number of hidden layers;
in step S30, the step of generating a prediction function by combining the hedge learning algorithm and the deep neural network, importing the network traffic data set into the prediction function, and updating the prediction function in real time includes:
step S31, initializing the classifier f of each hidden layer(L)And the weight parameter a of the classifier(L)
Figure FDA0003007038110000021
Setting a smooth rate parameter, wherein the smooth rate parameter beta belongs to (0, 1);
step S32, receiving the network traffic data set D { (x) in sequence1,y1),(x2,y2),(x3,y3),...,(xn,yn) X in (b) }tAs an input instance and importing the prediction function yt=Ft(xt)=∑Lat (L)ft (L)(ii) a At this time, the loss of the prediction function is
Figure FDA0003007038110000022
xtIs x1,x2… …, xn;
step S33, updating the parameter theta of the classifier according to the calculation result of the prediction function(L)And w(L)And updating the weight parameter a(L)(ii) a Wherein the content of the first and second substances,
Figure FDA0003007038110000023
Figure FDA0003007038110000024
wherein, eta is a smoothing parameter,
Figure FDA0003007038110000025
calculating a sign for the gradient;
and S34, repeating the steps S32 and S33 to obtain a flow sequence of the continuous output of the prediction function, returning a corresponding network event type according to the flow sequence, and judging whether the received network flow data is abnormal or not according to the network event type.
2. The method for detecting network traffic based on deep learning in real time as claimed in claim 1, wherein the step S10 includes:
step S11, respectively reading a training data set and a testing data set in the network traffic data;
and step S12, carrying out standardization processing on the network traffic data, cleaning lost or wrong data, and generating new traffic data after deleting irrelevant data.
3. The method for detecting network traffic based on deep learning in real time as claimed in claim 2, wherein the step S20 includes:
step S21, performing dimensionality reduction on a training data set and a testing data set in the new flow data by using a principal component analysis method, and removing redundant data to form a data feature set;
step S22, creating the data feature of the new traffic data according to the original data set of the network traffic data;
and step S23, producing the network traffic data set according to the data characteristics.
4. The deep learning based network traffic real-time detection method according to claim 3, wherein the network traffic data set is:
D={(x1,y1),(x2,y2),(x3,y3),...,(xn,yn)};
wherein x isnIs a feature vector of the new traffic data, and xn=[x1,x2,x3,...,xn]T,x1,x2,x3,...,xnRepresenting a flow data characteristic; y isnE {0, 1, 2.., n } is xnThe category labels of (1) respectively indicate the categories to which the network traffic belongs.
5. The deep learning based network traffic real-time detection method according to claim 4, wherein in the step S30, the deep neural network comprises an L-layer hidden layer;
the prediction function of the deep neural network comprises a classifier f(L)
6. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 5 when executing the computer program.
7. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 5.
CN201811537156.8A 2018-12-15 2018-12-15 Network flow real-time detection method, detection terminal and computer readable storage medium Active CN109787958B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811537156.8A CN109787958B (en) 2018-12-15 2018-12-15 Network flow real-time detection method, detection terminal and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811537156.8A CN109787958B (en) 2018-12-15 2018-12-15 Network flow real-time detection method, detection terminal and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN109787958A CN109787958A (en) 2019-05-21
CN109787958B true CN109787958B (en) 2021-05-25

Family

ID=66497073

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811537156.8A Active CN109787958B (en) 2018-12-15 2018-12-15 Network flow real-time detection method, detection terminal and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN109787958B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110365650A (en) * 2019-06-17 2019-10-22 五邑大学 A kind of industry internet risk monitoring method, system, device and storage medium
CN110650153B (en) * 2019-10-14 2021-04-23 北京理工大学 Industrial control network intrusion detection method based on focus loss deep neural network
CN113762299A (en) * 2020-06-28 2021-12-07 北京沃东天骏信息技术有限公司 Abnormal flow detection method and device
CN114124420A (en) * 2020-08-28 2022-03-01 哈尔滨理工大学 Network flow abnormity detection method based on deep neural network

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104935600A (en) * 2015-06-19 2015-09-23 中国电子科技集团公司第五十四研究所 Mobile ad hoc network intrusion detection method and device based on deep learning
CN106570597A (en) * 2016-11-14 2017-04-19 广州大学 Content popularity prediction method based on depth learning under SDN architecture
CN107124320A (en) * 2017-06-30 2017-09-01 北京金山安全软件有限公司 Traffic data monitoring method and device and server
CN107682216A (en) * 2017-09-01 2018-02-09 南京南瑞集团公司 A kind of network traffics protocol recognition method based on deep learning
CN108173708A (en) * 2017-12-18 2018-06-15 北京天融信网络安全技术有限公司 Anomalous traffic detection method, device and storage medium based on incremental learning
CN108200030A (en) * 2017-12-27 2018-06-22 深信服科技股份有限公司 Detection method, system, device and the computer readable storage medium of malicious traffic stream

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104935600A (en) * 2015-06-19 2015-09-23 中国电子科技集团公司第五十四研究所 Mobile ad hoc network intrusion detection method and device based on deep learning
CN106570597A (en) * 2016-11-14 2017-04-19 广州大学 Content popularity prediction method based on depth learning under SDN architecture
CN107124320A (en) * 2017-06-30 2017-09-01 北京金山安全软件有限公司 Traffic data monitoring method and device and server
CN107682216A (en) * 2017-09-01 2018-02-09 南京南瑞集团公司 A kind of network traffics protocol recognition method based on deep learning
CN108173708A (en) * 2017-12-18 2018-06-15 北京天融信网络安全技术有限公司 Anomalous traffic detection method, device and storage medium based on incremental learning
CN108200030A (en) * 2017-12-27 2018-06-22 深信服科技股份有限公司 Detection method, system, device and the computer readable storage medium of malicious traffic stream

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于深度学习的入侵检测技术研究;蔡洪民,王庆香;《网络安全技术与应用》;20171130(第11期);第62-64页 *

Also Published As

Publication number Publication date
CN109787958A (en) 2019-05-21

Similar Documents

Publication Publication Date Title
CN109787958B (en) Network flow real-time detection method, detection terminal and computer readable storage medium
US10528841B2 (en) Method, system, electronic device, and medium for classifying license plates based on deep learning
CN105426356B (en) A kind of target information recognition methods and device
US20180307998A1 (en) Using machine learning regression to estimate time for completing application lifecycle management work item
CN110232373A (en) Face cluster method, apparatus, equipment and storage medium
Shuai et al. Toward achieving robust low-level and high-level scene parsing
Taesiri et al. Visual correspondence-based explanations improve AI robustness and human-AI team accuracy
JP2022014776A (en) Activity detection device, activity detection system, and activity detection method
CN109345133B (en) Review method based on big data and deep learning and robot system
CN106537423A (en) Adaptive featurization as service
CN110781970A (en) Method, device and equipment for generating classifier and storage medium
Zhang et al. An intrusion detection method based on stacked sparse autoencoder and improved gaussian mixture model
CN106778252B (en) Intrusion detection method based on rough set theory and WAODE algorithm
CN115481694B (en) Data enhancement method, device and equipment for training sample set and storage medium
JP7225874B2 (en) Model output program, model output method and model output device
CN116935368A (en) Deep learning model training method, text line detection method, device and equipment
CN115204322B (en) Behavior link abnormity identification method and device
CN116342906A (en) Cross-domain small sample image recognition method and system
CN115098681A (en) Open service intention detection method based on supervised contrast learning
CN112632284A (en) Information extraction method and system for unlabeled text data set
Zhang et al. Robustprophet: Time series anomaly detection method
CN117009883B (en) Object classification model construction method, object classification method, device and equipment
Li et al. An outlier detection method and its application to multicore-chip power estimation
Zhang et al. Adaptive Learning for Weakly Labeled Streams
CN117688387B (en) Reservoir classification model training and classifying method, related equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant