CN114978708A - Honeypot data-based graph neural network attack intention prediction method - Google Patents
Honeypot data-based graph neural network attack intention prediction method Download PDFInfo
- Publication number
- CN114978708A CN114978708A CN202210572484.1A CN202210572484A CN114978708A CN 114978708 A CN114978708 A CN 114978708A CN 202210572484 A CN202210572484 A CN 202210572484A CN 114978708 A CN114978708 A CN 114978708A
- Authority
- CN
- China
- Prior art keywords
- network
- attack
- data
- honeypot
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013528 artificial neural network Methods 0.000 title claims abstract description 41
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000012545 processing Methods 0.000 claims abstract description 7
- 230000002776 aggregation Effects 0.000 claims abstract description 4
- 238000004220 aggregation Methods 0.000 claims abstract description 4
- 238000001514 detection method Methods 0.000 claims description 23
- 238000012544 monitoring process Methods 0.000 claims description 12
- 238000004458 analytical method Methods 0.000 claims description 10
- 230000006399 behavior Effects 0.000 claims description 6
- 238000007405 data analysis Methods 0.000 claims description 6
- 235000012907 honey Nutrition 0.000 claims description 6
- 238000012549 training Methods 0.000 claims description 6
- 238000013481 data capture Methods 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 claims description 5
- 238000000605 extraction Methods 0.000 claims description 5
- 230000000694 effects Effects 0.000 claims description 4
- 230000002159 abnormal effect Effects 0.000 claims description 3
- 238000004140 cleaning Methods 0.000 claims description 3
- 230000002708 enhancing effect Effects 0.000 claims description 3
- 230000009545 invasion Effects 0.000 claims description 3
- 230000001960 triggered effect Effects 0.000 claims description 3
- 230000007123 defense Effects 0.000 abstract description 4
- 238000010276 construction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000033001 locomotion Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/147—Network analysis or design for predicting network behaviour
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Molecular Biology (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Evolutionary Computation (AREA)
- Biophysics (AREA)
- Biomedical Technology (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Health & Medical Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the field of honeypots, in particular to a honeypot data-based method for predicting attack intention by a neural network, which comprises the following steps: s1, deploying honeypots and a plurality of groups of network sniffing nodes in the network, and binding the network sniffing nodes with the honeypots; s2, collecting and recording network attack information by the honeypot; s3, processing the network attack information data as a time sequence to obtain the time sequence of the network attack information data; s4, constructing a network situation map model; s5, designing a network situation map model updating algorithm; and S6, on the basis of the constructed network situation map model, carrying out aggregation of map information by adopting a map neural network, analyzing the relevance of attack events, and predicting attack intentions. The method can effectively predict the intention of the network countermeasure, has certain guiding significance on network attack defense, and has convenient prediction and high prediction precision.
Description
Technical Field
The invention relates to the field of honeypots, in particular to a method for predicting attack intention based on a honeypot data graph neural network.
Background
With the development of information technology, network devices have gone into thousands of households, the information technology provides convenience for people and simultaneously solves a large number of problems of hacker attacks, and the network attacks may cause a large amount of losses of users, so that the network attack prediction method is particularly important for prediction and prevention of the network attacks. The traditional prediction method is usually based on a specific mathematical prediction model, the prediction model needs to reach all factors influencing the result, and the final result is calculated in a simulation mode according to different weights and transfer relations, wherein each influencing factor and the weight in the model depend on the subjective experience of experts, but the factors influencing the network are more and are difficult to accurately express, the analysis effect on complex nonlinear prediction data is not ideal, and the prediction precision is low.
Disclosure of Invention
The invention aims to provide a honeypot data-based graph neural network attack intention prediction method which is convenient for predicting network attacks and has high prediction precision aiming at the problems in the background art.
On one hand, the invention provides a honeypot data-based method for predicting attack intention by a neural network, which comprises the following steps:
s1, deploying honeypots and a plurality of groups of network sniffing nodes in the network, and binding the network sniffing nodes with the honeypots;
s2, collecting and recording network attack information by the honeypot, and extracting the characteristics of the network attack information to be used as network attack information data;
s3, processing the network attack information data as a time sequence to obtain the time sequence of the network attack information data, and establishing a training sample set of the neural network of the graph according to the obtained time sequence of the network attack information data;
s4, training a sample set by using a sample of the graph neural network, wherein the sample is network attack information data, and modeling the network security situation at any time through the graph neural network to construct a network situation map model;
s5, designing a network situation map model updating algorithm;
and S6, on the basis of the constructed network situation map model, carrying out aggregation of map information by adopting a map neural network, analyzing the relevance of attack events, predicting the attack intention through the analysis of the obtained average clustering coefficient, wherein the output of the network situation map model is the prediction result of the network suffering from the attack.
Preferably, in S1, a logic module and a function module are configured in the honeypot, the logic module is used to trigger intrusion detection, and the function module is used to record all operations after a hacker has intruded into the honeypot.
Preferably, the logic module comprises a data control unit, a data capture unit and a data analysis unit; the data control unit is used for controlling the activities of an attacker for accessing the honey net host computer, so that the attacker cannot attack and damage other host computers on the Internet by taking the honey net host computer as a springboard; the data capturing unit comprises network flow data capturing and capturing of system behaviors on the entity honeypots, the capturing of the network flow data is combined with a network intrusion detection system, detection rules of relevant sensitive information are configured, and the network flow is recorded immediately when the intrusion detection rules are triggered; the data analysis unit stores the collected network data and the entity honeypot system behavior data in a database based on a data capture technology.
Preferably, the function module comprises a host monitoring unit, an intrusion detection unit and an attack analysis unit; the host monitoring unit is used for monitoring all operations after a hacker invades the honeypot system and knowing the purpose of hacker invasion; the intrusion detection unit is used for accurately detecting an attack means for a hacker to intrude into the honeypot and recording the intrusion process of the hacker in detail; the attack analysis unit is used for analyzing data obtained by the host monitoring unit and the intrusion detection unit.
Preferably, in S2, the feature extraction of the network attack information includes the following steps: s21, carrying out validity check on the network attack information data, and eliminating the network attack information data with the information entropy lower than a set threshold; s22, cleaning the network attack information data, completing missing values, removing abnormal values and normalizing to improve the quality of the network attack information data; s23, enhancing the network attack information data after processing; and S24, extracting the features of the enhanced network attack information data.
Preferably, in S2, the network attack information feature is extracted to extract an attack technique, an attack path, an attack target, an attack frequency, and an attack source feature.
Preferably, in S5, the network situation map model is updated in real time based on the real-time network attack information data time series.
On the other hand, the invention provides a honeypot data-based graph neural network attack prediction intention system of a honeypot data-based graph neural network attack intention prediction method, which comprises a network sniffing module, a honeypot module, a network situation map model construction module, a network situation map model updating module and a network attack prediction result output module; the network sniffing module is used for setting a plurality of network sniffing nodes and is bound with the honeypot module; the honeypot module is used for collecting network attack information data; the network situation map model building module builds a model of the network situation map model by modeling the network security situation at any time through the map neural network; the network situation map model updating module updates the network situation map model in real time; and the network tool prediction result output module is used for obtaining a network attack prediction result according to the data obtained by the network sniffing module and the honeypot module and by combining a network situation map model.
Compared with the prior art, the invention has the following beneficial technical effects: the network attack prediction method has the advantages that the network countermeasure can be effectively predicted intensely, certain guiding significance is provided for network attack defense, attack data can be conveniently collected in real time through the network sniffing nodes and the honeypots, prediction is convenient, and in addition, the network attack prediction precision is improved by combining situation prediction and graph neural network prediction based on time sequences.
Drawings
FIG. 1 is a schematic structural diagram of an embodiment of the present invention;
FIG. 2 is a schematic view of a honeypot;
FIG. 3 is a flow chart of network attack information feature extraction;
fig. 4 is a block diagram illustrating a neural network predicted attack intention system.
Detailed Description
Example one
As shown in FIG. 1, the invention provides a honeypot data-based graph neural network attack intention prediction method, which comprises the following steps:
s1, deploying honeypots and a plurality of groups of network sniffing nodes in the network, and binding the network sniffing nodes with the honeypots;
s2, collecting and recording network attack information by the honeypot, and extracting the characteristics of the network attack information to be used as network attack information data; extracting network attack information characteristics into attack methods, attack paths, attack targets, attack frequencies and attack source characteristics;
s3, processing the network attack information data as a time sequence to obtain the time sequence of the network attack information data, and establishing a training sample set of the neural network of the graph according to the obtained time sequence of the network attack information data;
s4, training a sample set by using a sample of the graph neural network, wherein the sample is network attack information data, and modeling the network security situation at any time through the graph neural network to construct a network situation map model;
s5, designing a network situation map model updating algorithm; the network situation map model is updated in real time based on the real-time network attack information data time sequence;
and S6, on the basis of the constructed network situation map model, carrying out aggregation of map information by adopting a map neural network, analyzing the relevance of attack events, predicting the attack intention through the analysis of the obtained average clustering coefficient, wherein the output of the network situation map model is the prediction result of the network suffering from the attack.
The network attack prediction method and the network attack prediction device can effectively predict network countermeasures, have certain guiding significance on network attack defense, are convenient to acquire attack data in real time through the network sniffing nodes and the honeypots, are convenient to predict, and are combined with situation prediction and graph neural network prediction based on time sequences to improve network attack prediction accuracy.
Example two
As shown in fig. 2, compared to the first embodiment, in S1, the method for predicting attack intention based on honeypot data in the present invention includes configuring logic modules and function modules in honeypot, where the logic modules are used to trigger intrusion detection, and the function modules are used to record all operations after a hacker has invaded honeypot. The logic module comprises a data control unit, a data capturing unit and a data analysis unit; the data control unit is used for controlling the movement of an attacker for accessing the honey net host computer, so that the attacker cannot attack and damage other host computers on the Internet by taking the honey net host computer as a springboard; the data capturing unit comprises network flow data capturing and capturing of system behaviors on the entity honeypots, the capturing of the network flow data is combined with a network intrusion detection system, detection rules of relevant sensitive information are configured, and the network flow is recorded immediately when the intrusion detection rules are triggered; the data analysis unit stores the collected network data and the entity honeypot system behavior data in a database based on a data capture technology. The functional module comprises a host monitoring unit, an intrusion detection unit and an attack analysis unit; the host monitoring unit is used for monitoring all operations after a hacker invades the honeypot system and knowing the purpose of hacker invasion; the intrusion detection unit is used for accurately detecting an attack means for a hacker to intrude into the honeypot and recording the intrusion process of the hacker in detail; the attack analysis unit is used for analyzing data obtained by the host monitoring unit and the intrusion detection unit.
In the embodiment, the honeypot triggers intrusion detection through the logic module and the functional module, records all operations after hackers invade the honeypot, sets the intrusion detection rule, and ensures that valuable data are recorded in the honeypot.
EXAMPLE III
As shown in fig. 3, compared to the first embodiment, in the method for predicting attack intention by using a neural network based on honeypot data according to the present invention, in S2, the feature extraction of the cyber attack information includes the following steps: s21, carrying out validity check on the network attack information data, and eliminating the network attack information data with the information entropy lower than a set threshold; s22, cleaning the network attack information data, completing missing values, removing abnormal values and normalizing to improve the quality of the network attack information data; s23, enhancing the network attack information data after processing; and S24, extracting the features of the enhanced network attack information data. And the network attack information data is processed and enhanced, so that the data effectiveness is improved conveniently.
Example four
As shown in fig. 4, the system for predicting the attack intention of the neural network based on the embodiment of the honeypot data-based method for predicting the attack intention of the neural network comprises a network sniffing module, a honeypot module, a network situation map model construction module, a network situation map model updating module and a network attack prediction result output module; the network sniffing module is used for setting a plurality of network sniffing nodes and is bound with the honeypot module; the honeypot module is used for collecting network attack information data; the network situation map model building module builds a model of the network situation map by modeling the network security situation at any time through a map neural network; the network situation map model updating module updates the network situation map model in real time; and the network tool prediction result output module is used for obtaining a network attack prediction result according to the data obtained by the network sniffing module and the honeypot module and by combining a network situation map model.
The network attack prediction method and the network attack prediction device can effectively predict network countermeasures, have certain guiding significance on network attack defense, are convenient to acquire attack data in real time through the network sniffing nodes and the honeypots, are convenient to predict, and are combined with situation prediction and graph neural network prediction based on time sequences to improve network attack prediction accuracy.
The embodiments of the present invention have been described in detail with reference to the drawings, but the present invention is not limited thereto, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention.
Claims (8)
1. A honeypot data-based method for predicting attack intention by a neural network is characterized by comprising the following steps:
s1, deploying honeypots and a plurality of groups of network sniffing nodes in the network, and binding the network sniffing nodes with the honeypots;
s2, collecting and recording network attack information by the honeypot, and extracting the characteristics of the network attack information to be used as network attack information data;
s3, processing the network attack information data as a time sequence to obtain the time sequence of the network attack information data, and establishing a training sample set of the neural network of the graph according to the obtained time sequence of the network attack information data;
s4, training a sample set by using a sample of the graph neural network, wherein the sample is network attack information data, and modeling the network security situation at any time through the graph neural network to construct a network situation map model;
s5, designing a network situation map model updating algorithm;
and S6, on the basis of the constructed network situation map model, carrying out aggregation of map information by adopting a map neural network, analyzing the relevance of attack events, predicting the attack intention through the analysis of the obtained average clustering coefficient, wherein the output of the network situation map model is the prediction result of the network suffering from the attack.
2. The honeypot data-based graph neural network prediction attack intention method as claimed in claim 1, wherein in S1, a logic module and a function module are configured in the honeypot, the logic module is used for triggering intrusion detection, and the function module is used for recording all operations after a hacker invades the honeypot.
3. The honeypot data-based graph neural network prediction attack intention method according to claim 2, wherein the logic module comprises a data control unit, a data capture unit and a data analysis unit; the data control unit is used for controlling the activities of an attacker for accessing the honey net host computer, so that the attacker cannot attack and damage other host computers on the Internet by taking the honey net host computer as a springboard; the data capturing unit comprises network flow data capturing and capturing of system behaviors on the entity honeypots, the capturing of the network flow data is combined with a network intrusion detection system, detection rules of relevant sensitive information are configured, and the network flow is recorded immediately when the intrusion detection rules are triggered; the data analysis unit stores the collected network data and the entity honeypot system behavior data in a database based on a data capture technology.
4. The honeypot data-based graph neural network attack intention prediction method according to claim 2, wherein the functional modules comprise a host monitoring unit, an intrusion detection unit and an attack analysis unit; the host monitoring unit is used for monitoring all operations after a hacker invades the honeypot system and knowing the purpose of hacker invasion; the intrusion detection unit is used for accurately detecting an attack means for a hacker to intrude into the honeypot and recording the intrusion process of the hacker in detail; the attack analysis unit is used for analyzing data obtained by the host monitoring unit and the intrusion detection unit.
5. The honeypot data-based graph neural network prediction attack intention method according to claim 1, wherein in S2, the feature extraction of the cyber attack information comprises the following steps: s21, carrying out validity check on the network attack information data, and eliminating the network attack information data with the information entropy lower than a set threshold; s22, cleaning the network attack information data, completing missing values, removing abnormal values and normalizing to improve the quality of the network attack information data; s23, enhancing the network attack information data after processing; and S24, extracting the features of the enhanced network attack information data.
6. The honeypot data-based graph neural network attack intention prediction method according to claim 1, wherein in S2, the network attack information features are extracted as extraction attack techniques, attack paths, attack targets, attack frequencies and attack source features.
7. The honeypot data-based graph neural network prediction attack intention method as claimed in claim 1, wherein in S5, the network situation graph model is updated in real time based on real-time network attack information data time series.
8. The honeypot data-based graph neural network prediction attack intention system of the honeypot data-based graph neural network prediction attack intention method is characterized by comprising a network sniffing module, a honeypot module, a network situation map model building module, a network situation map model updating module and a network attack prediction result output module; the network sniffing module is used for setting a plurality of network sniffing nodes and is bound with the honeypot module; the honeypot module is used for collecting network attack information data; the network situation map model building module builds a model of the network situation map by modeling the network security situation at any time through a map neural network; the network situation map model updating module updates the network situation map model in real time; and the network tool prediction result output module is used for obtaining a network attack prediction result according to the data obtained by the network sniffing module and the honeypot module and by combining a network situation map model.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210572484.1A CN114978708A (en) | 2022-05-25 | 2022-05-25 | Honeypot data-based graph neural network attack intention prediction method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210572484.1A CN114978708A (en) | 2022-05-25 | 2022-05-25 | Honeypot data-based graph neural network attack intention prediction method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114978708A true CN114978708A (en) | 2022-08-30 |
Family
ID=82955375
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210572484.1A Pending CN114978708A (en) | 2022-05-25 | 2022-05-25 | Honeypot data-based graph neural network attack intention prediction method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114978708A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101567887A (en) * | 2008-12-25 | 2009-10-28 | 中国人民解放军总参谋部第五十四研究所 | Vulnerability simulation overload honeypot method |
| CN103607399A (en) * | 2013-11-25 | 2014-02-26 | 中国人民解放军理工大学 | Special IP network safety monitor system and method based on hidden network |
| CN106789214A (en) * | 2016-12-12 | 2017-05-31 | 广东工业大学 | It is a kind of based on the just remaining pair network situation awareness method and device of string algorithm |
| GB201821192D0 (en) * | 2018-12-24 | 2019-02-06 | Nanolayers Res Computing Limited | A computer-implemented method of training a graph neural network |
| CN112182564A (en) * | 2020-08-20 | 2021-01-05 | 东北大学 | Industrial control honeypot interaction system based on time series prediction |
| CN112422537A (en) * | 2020-11-06 | 2021-02-26 | 广州锦行网络科技有限公司 | Behavior prediction method of network attack knowledge graph generated based on honeypot actual combat |
| CN114021140A (en) * | 2021-10-20 | 2022-02-08 | 深圳融安网络科技有限公司 | Method and device for predicting network security situation and computer readable storage medium |
| CN114037145A (en) * | 2021-11-05 | 2022-02-11 | 河北师范大学 | Network security situation prediction method and system |
-
2022
- 2022-05-25 CN CN202210572484.1A patent/CN114978708A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101567887A (en) * | 2008-12-25 | 2009-10-28 | 中国人民解放军总参谋部第五十四研究所 | Vulnerability simulation overload honeypot method |
| CN103607399A (en) * | 2013-11-25 | 2014-02-26 | 中国人民解放军理工大学 | Special IP network safety monitor system and method based on hidden network |
| CN106789214A (en) * | 2016-12-12 | 2017-05-31 | 广东工业大学 | It is a kind of based on the just remaining pair network situation awareness method and device of string algorithm |
| GB201821192D0 (en) * | 2018-12-24 | 2019-02-06 | Nanolayers Res Computing Limited | A computer-implemented method of training a graph neural network |
| CN112182564A (en) * | 2020-08-20 | 2021-01-05 | 东北大学 | Industrial control honeypot interaction system based on time series prediction |
| CN112422537A (en) * | 2020-11-06 | 2021-02-26 | 广州锦行网络科技有限公司 | Behavior prediction method of network attack knowledge graph generated based on honeypot actual combat |
| CN114021140A (en) * | 2021-10-20 | 2022-02-08 | 深圳融安网络科技有限公司 | Method and device for predicting network security situation and computer readable storage medium |
| CN114037145A (en) * | 2021-11-05 | 2022-02-11 | 河北师范大学 | Network security situation prediction method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Binbusayyis et al. | Identifying and benchmarking key features for cyber intrusion detection: An ensemble approach | |
| Manzoor et al. | A feature reduced intrusion detection system using ANN classifier | |
| JP6201614B2 (en) | Log analysis apparatus, method and program | |
| CN108718310A (en) | Multi-level attack signatures generation based on deep learning and malicious act recognition methods | |
| Niu et al. | Identifying APT malware domain based on mobile DNS logging | |
| CN105471882A (en) | Behavior characteristics-based network attack detection method and device | |
| KS et al. | An artificial neural network based intrusion detection system and classification of attacks | |
| Novikov et al. | Anomaly detection based intrusion detection | |
| CN111818102B (en) | Defense efficiency evaluation method applied to network target range | |
| CN112491860A (en) | Industrial control network-oriented collaborative intrusion detection method | |
| CN115795330A (en) | Medical information anomaly detection method and system based on AI algorithm | |
| CN116996286A (en) | Network attack and security vulnerability management framework platform based on big data analysis | |
| Eldos et al. | On the KDD'99 Dataset: Statistical Analysis for Feature Selection | |
| Fu et al. | APT attack situation assessment model based on optimized BP neural network | |
| Kajal et al. | A hybrid approach for cyber security: improved intrusion detection system using Ann-Svm | |
| Mallikarjunan et al. | Real time attacker behavior pattern discovery and profiling using fuzzy rules | |
| CN114978708A (en) | Honeypot data-based graph neural network attack intention prediction method | |
| CN114006744B (en) | LSTM-based power monitoring system network security situation prediction method and system | |
| CN116319065A (en) | Threat situation analysis method and system applied to business operation and maintenance | |
| CN110737890A (en) | internal threat detection system and method based on heterogeneous time sequence event embedding learning | |
| CN112751863B (en) | Attack behavior analysis method and device | |
| CN115801366A (en) | Attack detection method and device, electronic equipment and computer readable storage medium | |
| Nocera et al. | A user behavior analytics (uba)-based solution using lstm neural network to mitigate ddos attack in fog and cloud environment | |
| Huang et al. | Application of type-2 fuzzy logic to rule-based intrusion alert correlation detection | |
| Dayanandam et al. | Regression algorithms for efficient detection and prediction of DDoS attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220830 |
|
| RJ01 | Rejection of invention patent application after publication |