CN113868647A - Network unknown threat detection method based on feature extension CNN - Google Patents

Network unknown threat detection method based on feature extension CNN Download PDF

Info

Publication number
CN113868647A
CN113868647A CN202111033151.3A CN202111033151A CN113868647A CN 113868647 A CN113868647 A CN 113868647A CN 202111033151 A CN202111033151 A CN 202111033151A CN 113868647 A CN113868647 A CN 113868647A
Authority
CN
China
Prior art keywords
cnn
feature
data
layer
model
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111033151.3A
Other languages
Chinese (zh)
Inventor
许艳萍
章霞
裘振亮
陈政
仇建
叶挺聪
张桦
吴以凡
张灵均
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dianzi University
Original Assignee
Hangzhou Dianzi University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dianzi University filed Critical Hangzhou Dianzi University
Priority to CN202111033151.3A priority Critical patent/CN113868647A/en
Publication of CN113868647A publication Critical patent/CN113868647A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2411Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on the proximity to a decision surface, e.g. support vector machines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2415Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on parametric or probabilistic models, e.g. based on likelihood ratio or false acceptance rate versus a false rejection rate
    • G06F18/24155Bayesian classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/243Classification techniques relating to the number of classes
    • G06F18/24323Tree-organised classifiers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Evolutionary Biology (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Biomedical Technology (AREA)
  • Probability & Statistics with Applications (AREA)
  • Virology (AREA)
  • Image Analysis (AREA)

Abstract

The invention discloses a network unknown threat detection method based on a feature expansion CNN (convolutional neural network). A feature expansion CNN model is constructed aiming at the characteristic that a plurality of network unknown threats and known threats come from the same family and are similar to sample features, and at first, the convolution operation is carried out on original data in each layer of the CNN network to obtain a primary feature map; performing linear random operation on the native feature map to obtain an extended feature map; and finally, combining the two data to obtain the expanded reconstruction data of the original data, wherein the dimensionality of the expanded reconstruction data is lower than that of the original data, and the dimension reduction expanded reconstruction of the data is realized. And then, constructing a safety data classification model based on a shallow machine learning algorithm to realize the detection of unknown threats in the network safety big data. The method for detecting the unknown threat of the network based on the feature extension CNN generates the extension reconstruction features, not only realizes dimension reduction, but also expands the data representation of the unknown threat, realizes high-precision detection of the unknown threat and reduces the calculation complexity.

Description

Network unknown threat detection method based on feature extension CNN
Technical Field
The invention belongs to the technical field of data analysis, relates to network security big data analysis and modeling, and particularly relates to a network unknown threat detection method based on feature extension CNN.
Background
The network security attacks and guards act like a game of catching rats by cats, and hackers and network criminals continuously try various hidden and novel attack means to grab more benefits, such as stealing data, controlling hosts, strangling money, and the like. These new attack patterns, however, have not been created by the sky. Cyber criminals typically find an existing malware and then make some minor adjustments to modify it into a new malware that meets the needs, or even discover and exploit a 0day vulnerability to avoid detection by security software. Most of these new malware function as old, often treating viruses with similar functions as a family. Since many malicious codes come from the same family, unknown attack detections that are not known for a while can be detected based on the known patterns and features of cyber attacks we know.
Currently, all major antivirus vendors are moving towards machine learning methods in an attempt to keep up with the changing hazardous environment. However, with over 100 million new malware released each day, traditional machine learning methods have been inadequate for this task. When deep learning makes breakthrough progress on tasks such as image classification, target detection and scene recognition, the strong data learning capability and the expandable advantage of deep learning are paid attention to security researchers, so that the improvement of the malicious software detection capability by using a new deep learning technology becomes an important aspect of network security detection.
The deep learning techniques include a variety of algorithms, such as Convolutional Neural Networks (CNNs), Recurrent Neural Networks (RNNs), antagonistic neural networks (GANs), etc., wherein the CNN algorithms utilize nonlinear operations of convolutional layers to learn and re-characterize data features, and utilize compression operations of pooling layers to reduce the dimensionality of the data features, and thus, the CNN algorithms can be used to process and re-construct network security data. The CNN network basic structure comprises an input layer, a convolution layer, a full-connection layer and an output layer, wherein the convolution operation of the convolution layer uses a plurality of convolution kernels to translate on an input data vector for inner product operation to obtain a corresponding characteristic diagram. Different convolution kernels of the same layer are used for extracting features of different modes, and convolution kernels of different layers are used for extracting features of different levels. For unknown threats from the same family as known threats, there is similarity in sample characteristics. The CNN network can be used for extracting sample characteristics, a primary characteristic diagram is obtained after CNN convolution operation and is used for representing that known network threat data carries out random linear expansion on the primary characteristic diagram to obtain an expanded characteristic diagram, and the expanded characteristic diagram and the primary characteristic diagram have certain similarity and difference and can be used for representing unknown threats.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a network unknown threat detection method based on feature expansion CNN, which utilizes the characteristic that threats of the same family have certain similarity on sample features, uses a feature expansion CNN model, respectively uses a primary feature map and an expansion feature map to represent the known threat and the unknown threat, generates expansion reconstruction features for classification detection, improves the detection precision and reduces the calculation complexity.
A network unknown threat detection method based on feature extension CNN specifically comprises the following steps:
the method comprises the following steps: building a data set
And (3) dividing the original data set into a training set and a testing set according to the class label of the data, wherein samples in the training set and samples in the testing set are threat attack samples from the same family and different types. Samples in the training set are considered known threats and samples in the testing set are considered unknown threats.
Step two: constructing and training feature extension CNN model
Based on a basic CNN algorithm, a feature extension CNN algorithm model is constructed for extending, reconstructing and reducing dimensions of an input data set, and the model comprises an input layer, L convolutional layers, L pooling layers, a full connection layer, a data connection layer and a Softmax layer.
On the basis of the CNN model, a feature expansion CNN algorithm model is constructed for expanding, reconstructing and reducing dimensions of an input data set. The feature expansion CNN algorithm model linearly and randomly expands the native feature map output by the convolutional layer to obtain an expanded convolution map, and then the native feature map and the expanded convolution map are merged and input to the next layer of the network.
And the input layer is used for inputting the training set X.
The convolutional layer contains a number of convolutional kernels. Firstly, inputting a training set into a convolution layer, and obtaining a native characteristic diagram through convolution operation and nonlinear activation operation of the training set and the convolution kernel. And then, linearly and randomly expanding the native feature map to obtain an expanded convolution map, and then combining the native feature map and the expanded convolution map to form a whole feature map.
And the pooling layer performs down-sampling operation on all characteristic graphs output by the convolutional layer by adopting a maximum pooling mode, and obtains a pooling matrix through nonlinear activation operation.
And the full connection layer performs global convolution on the pooled matrix output by the last pooled layer by adopting global convolution to obtain a plurality of groups of expanded reconstruction matrices. The dimension of the output reconstruction matrix can be set in the full connection layer, and if the dimension of the output reconstruction matrix is less than that of the original data, dimension reduction of the data can be realized.
And the data connection layer connects a plurality of groups of extended reconstruction matrixes output by the full connection layer to obtain a group of reconstruction characteristics.
And the input of the Softmax layer is connected with the output of the data connection layer, the type of the reconstructed data is judged, the reconstructed data is compared with the original data, and the loss of the data is calculated.
The feature extended CNN model is trained several times until the loss goes towards 0.
In the training iteration process of the feature extension CNN model, an Adam optimization function is adopted to optimize the Loss function Loss of the model to the minimum value. When the feature expansion CNN model training is finished, the data dimension obtained by the model training finished output from the full connection layer is smaller than the dimension of the original data, and the dimension of the expansion reconstruction matrix is lower than that of the original data matrix, namely, the feature expansion CNN model realizes the dimension reduction of the reconstruction matrix to the original matrix.
Preferably, the number of times of cyclic training of the feature extension CNN model is 1000.
Step three: constructing and training classification model based on shallow learning
And inputting the reconstruction characteristics output by the full connection layer in the step two into a safety data classification model to obtain a predicted sample class label. And setting a performance target, comparing the predicted sample class label with the real class label, and calculating the performance of the classification model according to the confusion matrix evaluation index. When the performance of the classification model does not reach the preset target, returning to the step three, and retraining and optimizing the feature expansion CNN model; and when the performance of the classification model reaches a preset target, the next step is carried out.
Preferably, the shallow machine learning algorithm is a support vector machine, a decision tree, a linear regression, or na iotave bayes.
Preferably, the performance of the classification model includes a correct rate, an accurate rate and a call-back rate of the classification model.
Step four: unknown threat detection
Inputting a test data set containing unknown data into the feature expansion CNN model trained and optimized in the second step to obtain the reconstruction features of the test data set, then inputting the test data set into the shallow learning classification model trained and optimized in the third step to obtain the prediction categories of the test data set, and identifying the threat samples to realize the detection of the unknown threat data in the test set.
The invention has the following beneficial effects:
(1) according to the 1D structure of input data, a feature extension CNN model based on 1D-CNN is constructed, wherein a convolution kernel and pooling sampling both adopt 1D matrix patterns, compared with a 2D-CNN model in the prior art, the operation of the 1D-CNN network is simplified, the operation amount is correspondingly reduced, and the operation efficiency of the model can be improved;
(2) in the feature extended CNN model convolution layer, the calculation of the feature map comprises two modes, one mode is a direct convolution method, and the convolution operation is adopted to carry out convolution operation on original data to obtain a primary feature map; the other method is an extended characteristic method, which adopts linear random operation on the original characteristic diagram to obtain an extended characteristic diagram, and then combines the two to obtain all the characteristic diagrams. The extended feature map is derived from the native feature map, namely the extended feature map contains the information of the original data and the extended information, and the characteristics of the extended feature map are similar to those of unknown network attacks which are homologous with known network attacks, so that the extended feature map can be used for characterizing the characteristic information of the unknown threat attacks.
(3) In the feature extension CNN model operation process, the feature graph calculation comprises two modes: the direct convolution method and the extended feature method, wherein the extended feature method is to directly perform random number multiplication operation on the native feature map, and does not perform complex convolution multiplication operation like the direct convolution method, so that the feature extended CNN model can reduce the computational complexity and model parameters compared with the basic CNN model which needs the convolution operation in all.
(4) Through the convolution operation of the feature expansion CNN, the pooling operation and the convolution operation of the full connection layer, the dimensionality of the reconstruction features can be controlled, when the dimensionality is lower than the dimensionality of the original data, the dimensionality reduction of the data is achieved, and the performance of the reconstruction data based on shallow machine learning classification is improved.
Drawings
Fig. 1 is a flowchart of a network unknown threat detection method based on feature extended CNN.
Detailed Description
The invention is further explained below with reference to the drawings;
as shown in fig. 1, a method for detecting unknown threats in a network based on feature extension CNN includes model construction and training optimization, and the specific process is as follows:
the method comprises the following steps: building a data set
Performing One-hot coding on the originally collected safety data to construct a training set X and a testing set X with the size of N X Dtest,X=(x1,x2,…,xn,…xN) Where N is the number of samples of the dataset and D represents the dataset dimension; and Y is a real class label set corresponding to the training set X. And regarding the samples in the training set as known data, and regarding the samples in the testing set as unknown data, wherein the known data and the unknown data come from the same family of the network threats.
Step two: constructing and training feature extension CNN model
Based on a basic CNN algorithm, a feature extension CNN algorithm model is constructed for reconstructing and reducing dimensions of an input data set, and the model comprises an input layer, L convolutional layers, L pooling layers, a full connection layer, a data connection layer and a Softmax layer.
And the input layer is used for inputting the training set X.
The convolutional layer, wherein the l (1) < th > is<L is less than or equal to L) convolution layers are connected with the first pooling layer after passing through a nonlinear activation function ReLU (-); when l > 1, the convolutional layer input is connected to the output of the input layer, and when l > 1, the convolutional layer input is connected to the output of the l-1 th pooling layer via the nonlinear activation function ReLU (). And M convolution kernels are arranged on each convolution layer, the convolution kernel length of the first convolution layer is K, and the convolution kernel lengths of the other convolution layers are K/2. Suppose that the m (0) th layer of the first layer<M ≦ M) convolution kernels represented as
Figure BDA0003246156760000041
The mth convolution kernel of the l-th layer is represented as
Figure BDA0003246156760000042
And performing convolution operation on the data input into the convolution layer and M convolution kernels to obtain M characteristic diagram matrixes, and obtaining M nonlinear mapping characteristic diagram matrixes through a nonlinear activation function ReLU (·). Assuming the output of the convolutional layer as a feature map
Figure BDA0003246156760000043
Including native feature maps
Figure BDA0003246156760000044
And extended convolution map
Figure BDA0003246156760000045
The calculation is as follows:
Figure BDA0003246156760000051
Figure BDA0003246156760000052
Figure BDA0003246156760000053
where conv1D (-) represents a convolution function,
Figure BDA0003246156760000054
indicating the offset. random (a) represents a value range of (0, a)]Is a matrix joining function.
And the output of the L-th pooling layer is connected with the input of the full-connection layer after passing through the nonlinear activation function ReLU (-). The pooling layer adopts a maximum pooling mode and uses a pooling matrix Pl mThe m-th nonlinear mapping feature matrix for the output of the l-th convolutional layer
Figure BDA0003246156760000055
Is carried out bySampling, and obtaining the mth pooled nonlinear mapping characteristic matrix through a nonlinear activation function ReLU (·)
Figure BDA0003246156760000056
Figure BDA0003246156760000057
Where maxporoling (. circle.) represents the maximum pooling function.
The full connection layer adopts convolution kernel for the mth pooling mapping characteristic matrix output by the lth pooling layer
Figure BDA0003246156760000058
Carrying out global convolution operation to realize nonlinear change of the characteristic space; outputting the L-th pooling layer
Figure BDA0003246156760000059
Obtaining a reconstruction matrix X 'through a nonlinear activation function ReLU (-) after global convolution'm. The dimension of the output reconstruction matrix can be set to D' at this level.
Figure BDA00032461567600000510
The data connection layer is used for reconstructing a data reconstruction matrix X obtained by the operation of each convolution kernel of the Lth convolution layer and each pooling filter of the Lth pooling layerm' performing connection to obtain a set of reconstruction matrix X ', with dimension D ':
X′=concatenate(Xm′), (6)
inputting the obtained output reconstruction matrix X ' of the feature expansion CNN into the softmax layer to obtain a sample type label Y ' in the predicted reconstruction feature matrix X ':
Y′=softmax(X′). (7)
comparing the predicted sample class label Y' with the real class label Y, defining the Loss function Loss of the feature extended CNN model based on the cross entropy Loss function,
Loss=crossentropy(Y,Y′), (8)
wherein, crossentryprop (-) represents the cross-entropy loss function.
The cyclic training feature extends the CNN model 1000 times. In the training iteration process of the feature expansion CNN model, the Loss function Loss of the model is continuously optimized by adopting an Adam optimization function until the Loss function Loss tends to 0. And when the training of the feature extension CNN model is finished, outputting the feature extension CNN model from the full connection layer, and obtaining a reconstruction feature matrix X ' with the size of NxD ' after the training of the feature extension CNN model is finished, wherein D ' is less than or equal to D, and the dimension of the reconstruction matrix is lower than that of the original data matrix, namely the feature extension CNN model realizes the dimension reduction of the reconstruction matrix to the original matrix.
Step three: constructing and training classification model based on shallow learning
And (4) constructing a safety data classification model based on a support vector machine, a decision tree, linear regression and other shallow machine learning algorithms, and inputting the reconstructed feature matrix X 'obtained in the step two into the safety data classification model to obtain a predicted sample class label Y'.
And setting a performance target, comparing the predicted sample class label Y' with the real class label Y, and calculating the performance of the classification model according to the confusion matrix evaluation index, wherein the performance comprises the accuracy, precision and call-back rate of the classification model. When the performance of the classification model does not reach the preset target, returning to the step two, and retraining and optimizing the feature expansion CNN model; and when the performance of the classification model reaches a preset target, the next step is carried out.
Step four: unknown threat detection
Test data set X containing unknown datatestInputting the data into the feature extension CNN model trained and optimized in the step two to obtain a test data set XtestOf reconstructed feature matrix X'testThen inputting the data into a shallow learning classification model trained and optimized in the third step to obtain a test data set XtestOf prediction category Y'testAnd identifying the threat samples, namely realizing the detection of the unknown threat data in the test set.
Step five: experimental verification
According to the steps, the public data set is input into a threat detection model based on deep learning and shallow learning, the model is trained and tested, and the effectiveness of the method is verified.

Claims (8)

1. A network unknown threat detection method based on feature extension CNN is characterized in that: the method comprises the following steps:
the method comprises the following steps: building a data set
Dividing an original data set into a training set and a testing set according to class labels of data, wherein samples in the training set and samples in the testing set are threat attack samples from the same family and different types; taking the samples in the training set as known threats and taking the samples in the testing set as unknown threats;
step two: constructing and training feature extension CNN model
On the basis of the CNN model, a feature expansion CNN algorithm model is constructed for expanding, reconstructing and reducing dimensions of an input data set; the feature expansion CNN algorithm model linearly and randomly expands the native feature map output by the convolutional layer to obtain an expanded convolution map, and then the native feature map and the expanded convolution map are merged and input to the next layer of the network; performing cyclic training on the feature extension CNN model until the loss tends to 0;
step three: constructing and training classification model based on shallow learning
Inputting the reconstruction characteristics output by the full connection layer in the step two into a safety data classification model to obtain a predicted sample class label; setting a performance target, comparing the predicted sample class label with the real class label, and calculating the performance of the classification model according to the confusion matrix evaluation index; when the performance of the classification model does not reach the preset target, returning to the step three, and retraining and optimizing the feature expansion CNN model; when the performance of the classification model reaches a preset target, entering the next step;
step four: unknown threat detection
Inputting a test data set containing unknown data into the feature expansion CNN model trained and optimized in the second step to obtain the reconstruction features of the test data set, then inputting the test data set into the shallow learning classification model trained and optimized in the third step to obtain the prediction categories of the test data set, and identifying the threat samples to realize the detection of the unknown threat data in the test set.
2. The method for detecting unknown threats in a network based on feature extension (CNN) as claimed in claim 1, wherein: and after One-hot coding is carried out on the original data set, the original data set is divided into a training set and a testing set according to the class label of the data.
3. The method for detecting unknown threats in a network based on feature extension (CNN) as claimed in claim 1, wherein: the characteristic extension CNN model sequentially comprises an input layer, L groups of convolutional layers and pooling layers, a full connection layer, a data connection layer and a Softmax layer;
the input layer is used for inputting the training set X; obtaining a native feature map by the convolutional layer through convolution operation and nonlinear activation operation, then obtaining an extended convolution map by linearly and randomly expanding the native feature map, merging the native feature map and the extended convolution map, and outputting all feature maps; the pooling layer performs down-sampling operation and nonlinear activation operation on all feature maps in a maximum pooling mode, and outputs a pooling matrix; the full connection layer adopts global convolution, and the pooled matrix output by the last pooled layer is subjected to global convolution to obtain a plurality of groups of expanded reconstruction matrices; the data connection layer connects a plurality of groups of extended reconstruction matrixes output by the full connection layer to obtain a group of reconstruction characteristics; and the Softmax layer judges the type of the reconstruction data through the reconstruction characteristics, compares the type of the reconstruction data with the original data, and calculates the loss of the data.
4. The method according to claim 3, wherein the method for detecting unknown threats in the network based on the feature extension CNN comprises: the dimensionality of the output reconstruction matrix is set in the fully-connected layer.
5. The method for detecting unknown threats in a network based on feature extension (CNN) as claimed in claim 1, wherein: in the training iteration process of the feature extension CNN model, an Adam optimization function is adopted to optimize the Loss function Loss of the model to the minimum value.
6. The method for detecting unknown threats in a network based on feature extension (CNN) as claimed in claim 1, wherein: the number of times of cyclic training of the feature extended CNN model was 1000.
7. The method for detecting unknown threats in a network based on feature extension (CNN) as claimed in claim 1, wherein: the shallow machine learning algorithm is a support vector machine, a decision tree, linear regression or naive Bayes.
8. The method for detecting unknown threats in a network based on feature extension (CNN) as claimed in claim 1, wherein: the performance of the classification model comprises the accuracy rate, the precision rate and the call-back rate of the classification model.
CN202111033151.3A 2021-09-03 2021-09-03 Network unknown threat detection method based on feature extension CNN Pending CN113868647A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111033151.3A CN113868647A (en) 2021-09-03 2021-09-03 Network unknown threat detection method based on feature extension CNN

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111033151.3A CN113868647A (en) 2021-09-03 2021-09-03 Network unknown threat detection method based on feature extension CNN

Publications (1)

Publication Number Publication Date
CN113868647A true CN113868647A (en) 2021-12-31

Family

ID=78989560

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111033151.3A Pending CN113868647A (en) 2021-09-03 2021-09-03 Network unknown threat detection method based on feature extension CNN

Country Status (1)

Country Link
CN (1) CN113868647A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114513374A (en) * 2022-04-21 2022-05-17 浙江御安信息技术有限公司 Network security threat identification method and system based on artificial intelligence
CN115695027A (en) * 2022-11-04 2023-02-03 中国电子科技集团公司第十五研究所 Original network flow threat detection method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114513374A (en) * 2022-04-21 2022-05-17 浙江御安信息技术有限公司 Network security threat identification method and system based on artificial intelligence
CN114513374B (en) * 2022-04-21 2022-07-12 浙江御安信息技术有限公司 Network security threat identification method and system based on artificial intelligence
CN115695027A (en) * 2022-11-04 2023-02-03 中国电子科技集团公司第十五研究所 Original network flow threat detection method and device

Similar Documents

Publication Publication Date Title
CN108718310B (en) Deep learning-based multilevel attack feature extraction and malicious behavior identification method
CN110298663B (en) Fraud transaction detection method based on sequence wide and deep learning
CN109829420B (en) Hyperspectral image feature selection method based on improved ant lion optimization algorithm
CN112087420B (en) Network killing chain detection method, prediction method and system
CN110704840A (en) Convolutional neural network CNN-based malicious software detection method
CN110298235B (en) Hyperspectral anomaly detection method and system based on manifold constraint self-coding network
CN106899440B (en) Network intrusion detection method and system for cloud computing
CN111783442A (en) Intrusion detection method, device, server and storage medium
CN113297572B (en) Deep learning sample-level anti-attack defense method and device based on neuron activation mode
CN113868647A (en) Network unknown threat detection method based on feature extension CNN
CN113806746B (en) Malicious code detection method based on improved CNN (CNN) network
CN113159264B (en) Intrusion detection method, system, equipment and readable storage medium
CN113839926B (en) Method, system and device for modeling intrusion detection system based on characteristic selection of wolf algorithm
CN114692156B (en) Memory segment malicious code intrusion detection method, system, storage medium and equipment
CN111382438A (en) Malicious software detection method based on multi-scale convolutional neural network
CN112164426A (en) Drug small molecule target activity prediction method and device based on TextCNN
CN113901448A (en) Intrusion detection method based on convolutional neural network and lightweight gradient elevator
CN115987552A (en) Network intrusion detection method based on deep learning
CN114037145B (en) Network security situation prediction method and system
Vallabhaneni et al. Protecting the Cybersecurity Network Using Lotus Effect Optimization Algorithm Based SDL Model
CN116432184A (en) Malicious software detection method based on semantic analysis and bidirectional coding characterization
CN115114484A (en) Abnormal event detection method and device, computer equipment and storage medium
CN112711032B (en) Radar target detection method and system based on graph data and GCN
CN117134969A (en) Intrusion detection algorithm based on diffusion generation countermeasure network and improved white whale optimization
CN116886398A (en) Internet of things intrusion detection method based on feature selection and integrated learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination