CN116366309A - Network intrusion detection method for unbalanced network flow data - Google Patents
Network intrusion detection method for unbalanced network flow data Download PDFInfo
- Publication number
- CN116366309A CN116366309A CN202310231492.4A CN202310231492A CN116366309A CN 116366309 A CN116366309 A CN 116366309A CN 202310231492 A CN202310231492 A CN 202310231492A CN 116366309 A CN116366309 A CN 116366309A
- Authority
- CN
- China
- Prior art keywords
- network
- data
- features
- model
- intrusion detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 46
- 238000013527 convolutional neural network Methods 0.000 claims abstract description 21
- 238000003062 neural network model Methods 0.000 claims abstract description 13
- 230000015654 memory Effects 0.000 claims abstract description 10
- 238000010606 normalization Methods 0.000 claims abstract description 8
- 230000006870 function Effects 0.000 claims description 17
- 238000012549 training Methods 0.000 claims description 13
- 238000000034 method Methods 0.000 claims description 9
- 238000007477 logistic regression Methods 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 6
- 239000011159 matrix material Substances 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 claims description 4
- 238000013507 mapping Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 4
- 230000002159 abnormal effect Effects 0.000 claims description 3
- 230000004913 activation Effects 0.000 claims description 3
- 238000000605 extraction Methods 0.000 claims description 3
- 230000008447 perception Effects 0.000 claims description 3
- 238000011176 pooling Methods 0.000 claims description 3
- 238000012163 sequencing technique Methods 0.000 claims description 3
- 230000006399 behavior Effects 0.000 claims description 2
- 238000005065 mining Methods 0.000 claims description 2
- 238000007781 pre-processing Methods 0.000 claims description 2
- 230000001737 promoting effect Effects 0.000 claims description 2
- 238000010801 machine learning Methods 0.000 abstract description 6
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000003066 decision tree Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000007637 random forest analysis Methods 0.000 description 2
- 238000012706 support-vector machine Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000007635 classification algorithm Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000007787 long-term memory Effects 0.000 description 1
- 238000003909 pattern recognition Methods 0.000 description 1
- 230000035755 proliferation Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000006403 short-term memory Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network intrusion detection method for unbalanced network flow data, which specifically comprises the following steps: s1, acquiring a LITNET-2020 data set from a realistic academic network, and eliminating redundant zero value features; s2, constructing a model dataset by the removed residual features, and performing numerical value normalization operation on the model dataset; s3, counting positive and negative sample data volumes, and adjusting the weight ratio of normal and attack sample data volumes; s4, the model data set is input into a neural network model formed by combining a Convolutional Neural Network (CNN) and a long-short-term memory network (LSTM) after the dimension is adjusted, and then a low-dimension feature vector representation is formed; s5, taking the abstract features as input data of a classifier to obtain a network intrusion detection result. The invention can enhance the performance of network intrusion detection, overcome the limitation of traditional machine learning, and remarkably improve the accuracy and the robustness of attack detection.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network intrusion detection method aiming at unbalanced network flow data.
Background
The world's development is increasingly dependent on communication networks, computers and applications. Network intrusion often results in data leakage and unsafe people's privacy. Network Intrusion Detection Systems (IDS) are considered as a viable method of protecting target networks. However, most of the existing network intrusion detection researches have problems, which cannot effectively protect the target, including using outdated data sets, adopting the traditional learning method, relying on manual or semi-manual acquisition of statistical features, and cannot solve the problem of less sample data. Intrusion detection systems aim to protect information and communication systems in networks by preventing unauthorized network access, providing availability, confidentiality and integrity for data transmitted in networked computers, and most importantly, being able to detect known and unknown attacks and threats with high accuracy and minimal false positive rates, but the massive real network data and traditional machine learning methods are inefficient and have not been adapted to emerging complex attacks, still a technical problem that is urgently needed to be solved by today's intrusion detection and network security.
The current machine learning algorithm is generally used for solving the problems of regression, classification and clustering, is used for solving the problems of complexity, pattern recognition, search engines and machine translation, and is mainly applied to network intrusion detection to enhance the detection capability of a system and make up the problems of poor adaptability, high false alarm rate and high false alarm rate of the traditional intrusion detection system. However, with the diversity of attack categories and the proliferation of network traffic, conventional machine learning such as Support Vector Machines (SVMs), random Forests (RFs), decision Trees (DTs) and the like is difficult to meet the network expansion requirements under the large data requirements. The network intrusion detection systems based on the advantages of automatic feature engineering, such as convolutional neural networks and long-term and short-term memory networks, can obtain better performance when processing big data. Meanwhile, the problem of unbalanced class is also limited to the development of an intrusion detection system while the network traffic is increased, wherein the data-based method is widely applied because of the advantages of no dependence on algorithms, simplicity in operation and the like.
Although the current deep learning method has good prospect and is effective, the method still has the problems of detection errors, low detection rate of attack before empty and high false positive rate of few attacks. In addition, under the condition that network flow data grows exponentially, the problem of data unbalance is not fully studied, the time and space expenditure brought by the existing solution is too large, and the problem of data distribution marginalization cannot be overcome, so that the boundary of classification samples is blurred, the number of positive and negative samples of a data set is balanced, and the classification difficulty of a classification algorithm is sometimes increased.
Disclosure of Invention
The invention mainly solves the technical problem of providing a network intrusion detection method for unbalanced network traffic data, which can solve the problem of unbalanced network attack data, which occurs when the network technology is developed continuously and the data volume is rapidly increased, the focus loss function can dynamically adjust the weight according to the number of samples, and a neural network model combined by a Convolutional Neural Network (CNN) and a long-short-period memory network (LSTM) can automatically extract abstract features from stream attributes, data packet attributes and stream data packets, thereby overcoming the limitation of traditional machine learning and obviously improving the accuracy and robustness of attack detection.
In order to achieve the above purpose, the invention adopts the following technical scheme: a network intrusion detection method for unbalanced network flow data specifically comprises the following steps:
s1, acquiring a LITNET-2020 data set from a real academic network, downloading the LITNET-2020 data set at a dataset LITNET official website, eliminating redundant zero value features, and promoting the application of a big data technology in network anomaly detection by massive data from the real network;
s2, constructing a model dataset by the removed residual features, and performing numerical value normalization operation on the model dataset;
s3, counting positive and negative sample data, adjusting the weight ratio of normal and attack sample data, increasing the weight ratio of a few attack samples, and reducing the weight ratio of more normal samples;
s4, constructing a neural network model combining a Convolutional Neural Network (CNN) and a long-short-term memory network (LSTM), inputting a model data set into the neural network model combining the Convolutional Neural Network (CNN) and the long-short-term memory network (LSTM) after the dimension is adjusted, and performing iterative training, wherein the neural network model can automatically extract abstract features from stream attributes, data packet attributes and stream data packets to form low-dimensional feature vector representation;
s5, classifying the network traffic by using a Softmax logistic regression function, and taking the abstract features as input data of a classifier to obtain a network intrusion detection result.
Preferably, the network traffic data set in step S1 is a network traffic data set from the real world acquired from the dataset.
Preferably, the data preprocessing step in step S2 is as follows:
step 2.1: performing pretreatment of mapping character type characteristics into numerical values through One-Hot coding;
step 2.2: carrying out standardization and normalization operation on important characteristics of IP, ports, transmission bytes, transmission packets and autonomous systems;
step 2.3: counting IP, ports, interfaces and autonomous system information in the past five thousands of flow windows by sequencing the starting time of flow transmission and the ending time of flow reception, and expanding new features which can be used for feature extraction;
step 2.4: and D, converting the data dimension, namely converting the one-dimensional features in the model dataset constructed by the residual features after being removed in the step S2 into a two-dimensional feature matrix for model identification.
Preferably, in the step S3, the weight proportion adjustment adopts a focus loss function, in a real network environment, the number of normal and abnormal categories is greatly different, the model training result tends to a plurality of categories, so that the final training result has a fitting phenomenon, focus loss is proposed, in order to solve the problem of unbalanced sample distribution, and the calculation process of focus loss Focal loss is as follows:
L focal loss = - αy(1 - y ′ ) γ log y ′ - (1 - α) (1 - y) y ′ γ log (1 - y ′) (1);
in the formula (1), y is an actual category; y' is a category predictive value; the parameter alpha is used for balancing the influence of positive and negative samples on the loss value; gamma is a rate-adjustable parameter that adjusts the de-weighted samples.
Preferably, the neural network model of the combination of the Convolutional Neural Network (CNN) and the long-short-term memory network (LSTM) in the step S4 is composed of an input layer, a first convolutional layer, a second convolutional layer, a reconstruction layer, a first LSTM layer, a second LSTM layer and an output layer, the input layer receives a two-dimensional feature matrix selected by the model dataset in the step S2 through chi-square detection features, the first convolutional layer and the second convolutional layer perform comprehensive operation on local perception features at a higher level, so as to obtain global information of the features, and the convolutional layer uses a nonlinear activation function Relu and a maximum pooling operation; reconstructing the features into one-dimensional data which can be identified by an LSTM layer through a reconstruction layer after two convolution operations; the first LSTM layer and the second LSTM layer are used to process time series data, mining S2 model dataset time series related features.
Preferably, in the step S5, a logistic regression function Softmax is used to convert the prediction result of the samples in the dataset into classification probability, and the probability of the positive and negative samples is converted to obtain the classification result.
The invention has the beneficial effects that: the invention provides a network intrusion detection method aiming at unbalanced network flow data, which firstly adopts LITNET-2020 data set from the real world acquired from a dataset network, provides reliable data source for the intrusion detection method, and provides guarantee for the reliability and practicability of an intrusion detection system; then, carrying out numerical value and normalization pretreatment on the characteristics in the data set to form a model data set, determining the number of positive and negative samples, and adjusting the weight ratio of the positive and negative samples according to the focus loss function without complex weight mapping so as to solve the problem of sample imbalance; after the data subjected to feature dimension conversion is transmitted to a neural network model combined by a Convolutional Neural Network (CNN) and a long-short-term memory network (LSTM), iterative training is carried out, and the CNN-LSTM model can automatically extract abstract features from stream attributes, data packet attributes and stream data packets; classifying by using a logistic regression function Softmax to obtain a classification result;
the data set from the real network provides data support for model training, and the training result according to the data set can be directly used for deployment of the real network intrusion detection system; the weight proportion adjustment adopts a focus loss function, solves the problem of uneven class distribution in the model dataset according to the weights of the normal sample and the attack sample, and finally adopts a CNN-LSTM model to extract higher-level features. The invention can enhance the performance of network intrusion detection, overcome the limitation of traditional machine learning, and remarkably improve the accuracy and the robustness of attack detection.
Drawings
FIG. 1 is a flow chart of a network intrusion detection method for unbalanced network traffic data according to a preferred embodiment of the present invention;
FIG. 2 is a block diagram of a network intrusion detection method for unbalanced network traffic data according to a preferred embodiment of the present invention;
fig. 3 is a system configuration diagram of a network intrusion detection method for unbalanced network traffic data according to a preferred embodiment of the present invention.
Detailed Description
The technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings.
Referring to fig. 1, 2 and 3, an embodiment of the present invention includes:
the invention discloses a network intrusion detection method for unbalanced network flow data, which comprises the following steps:
s1, acquiring a LITNET-2020 data set from a real academic network, eliminating redundant zero-value features and nonsensical features in an original data set, and facilitating application of a big data technology in network anomaly detection by massive data from the real network. The data set is a new annotated network benchmark data set obtained from a real world academic network, 85 network flow characteristics and 12 attack types of the data set are described and analyzed, and a large number of the latest network flow data sets are used for reflecting the real behaviors of network nodes;
s2, constructing a model dataset by the removed residual features, and performing numerical value normalization operation on the model dataset;
performing pretreatment of mapping character type characteristics into numerical values through One-Hot coding;
performing standardization and normalization operation on important features;
counting IP, ports, interfaces and autonomous system information in the past five thousands of flow windows by sequencing the starting and ending time of flow records, and expanding new features which can be used for feature extraction;
data dimension conversion, namely converting one-dimensional features in an original model data set into a two-dimensional feature matrix for model identification;
s3, counting the data quantity of positive and negative samples, adjusting corresponding weight proportion, increasing the weight ratio of few samples, and reducing the weight ratio of more samples;
in the step S3, the weight proportion adjustment mainly adopts a focus loss function, the quantity of normal and abnormal categories in a real network environment is greatly different, the model training result tends to a plurality of categories, and the final training result is over-fitted. The Focal loss Focal loss is proposed to solve the problem of unbalanced sample distribution, and the Focal loss is calculated by the following steps:
L focal loss =-αy(1-y′) γ log y′-(1-α)(1-y)y′ γ log(1-y′)
finally, through calculation and test, the weight ratio of positive and negative samples is 0.03:0.97, i.e. the degree of attention of the positive and negative samples during model training.
S4, constructing a neural network model of a Convolutional Neural Network (CNN) and long-short-term memory network (LSTM) combination, inputting a model data set into the CNN-LSTM neural network model after dimension adjustment, and performing iterative training, wherein the CNN-LSTM network can automatically extract abstract features from stream attributes, data packet attributes and stream data packets;
the CNN-LSTM model in the step S4 is composed of an input layer, a first convolution layer, a second convolution layer, a reconstruction layer, a first LSTM layer, a second LSTM layer and an output layer. The input layer receives a two-dimensional feature matrix selected by the original data through chi-square detection features; the first convolution layer and the second convolution layer perform comprehensive operation on local perception features at a higher level so as to obtain global information of the features, and the convolution layers use a nonlinear activation function Relu and maximum pooling operation; reconstructing the features into one-dimensional data which can be identified by an LSTM layer through a reconstruction layer after two convolution operations; the first LSTM layer and the second LSTM layer are used for processing time series data, and can mine traffic time series related characteristics;
finally, the CNN-LSTM network initialization parameters are set to have a learning rate of 0.01, EPOCHS=30, batch_size=50 through calculation and testing
S5, classifying the network traffic by using a logistic regression function Softmax, and taking the abstract features as input data of a classifier to obtain a network intrusion detection result;
in step S5, the logistic regression function Softmax function converts the prediction result of the samples in the dataset into classification probability, and converts the probability of the positive and negative samples to obtain the classification result.
Finally, it should be noted that: the foregoing description is only illustrative of the preferred embodiments of the present invention, and although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described, or equivalents may be substituted for elements thereof, and any modifications, equivalents, improvements or changes may be made without departing from the spirit and principles of the present invention.
Claims (6)
1. A network intrusion detection method for unbalanced network flow data is characterized by comprising the following steps:
s1, acquiring a LITNET-2020 data set from a real academic network, downloading the LITNET-2020 data set at a dataset LITNET official website, eliminating redundant zero value features, and promoting the application of a big data technology in network anomaly detection by massive data from the real network;
s2, constructing a model dataset by the removed residual features, and performing numerical value normalization operation on the model dataset;
s3, counting positive and negative sample data, adjusting the weight ratio of normal and attack sample data, increasing the weight ratio of a few attack samples, and reducing the weight ratio of more normal samples;
s4, constructing a neural network model combining a Convolutional Neural Network (CNN) and a long-short-term memory network (LSTM), inputting a model data set into the neural network model combining the Convolutional Neural Network (CNN) and the long-short-term memory network (LSTM) after the dimension is adjusted, and performing iterative training, wherein the neural network model can automatically extract abstract features from stream attributes, data packet attributes and stream data packets to form low-dimensional feature vector representation;
s5, classifying the network traffic by using a Softmax logistic regression function, and taking the abstract features as input data of a classifier to obtain a network intrusion detection result.
2. The network intrusion detection method for unbalanced network traffic data according to claim 1, wherein the network traffic data set in the step S1 is a LITNET-2020 data set from the real world acquired from a dataset.litnet, and the LITNET-2020 data set is a new annotated network benchmark data set obtained from an academic network in the real world, and 85 network flow characteristics and 12 attack types of the data set are described and analyzed, and a large number of the latest network traffic data sets are used to reflect the real behavior of the network node.
3. The network intrusion detection method for unbalanced network traffic data according to claim 1, wherein the data preprocessing step in step S2 is:
step 2.1: performing pretreatment of mapping character type characteristics into numerical values through One-Hot coding;
step 2.2: carrying out standardization and normalization operation on important characteristics of IP, ports, transmission bytes, transmission packets and autonomous systems;
step 2.3: counting IP, ports, interfaces and autonomous system information in the past five thousands of flow windows by sequencing the starting time of flow transmission and the ending time of flow reception, and expanding new features which can be used for feature extraction;
step 2.4: and D, converting the data dimension, namely converting the one-dimensional features in the model dataset constructed by the residual features after being removed in the step S2 into a two-dimensional feature matrix for model identification.
4. A network intrusion detection method for unbalanced network traffic data according to claim 1, wherein,
in the step S3, the weight proportion adjustment adopts a focus loss function, in a real network environment, the number of normal and abnormal categories is greatly different, the model training result tends to a plurality of categories, the final training result is over-fitted, and the focus loss is proposed, so as to solve the problem of unbalanced sample distribution, and the calculation process of the focus loss Focal loss is as follows:
L focalloss = - αy(1 - y ′ ) γ log y ′ - (1 - α) (1 - y) y ′ γ log (1 - y ′) (1);
in the formula (1), y is an actual category; y' is a category predictive value; the parameter alpha is used for balancing the influence of positive and negative samples on the loss value; gamma is a rate-adjustable parameter that adjusts the de-weighted samples.
5. A network intrusion detection method for unbalanced network traffic data according to claim 1, wherein,
the neural network model of the combination of the Convolutional Neural Network (CNN) and the long-short-term memory network (LSTM) in the step S4 consists of an input layer, a first convolutional layer, a second convolutional layer, a reconstruction layer, a first LSTM layer, a second LSTM layer and an output layer, wherein the input layer receives a two-dimensional feature matrix selected by a model data set in the step S2 through chi-square detection features, and the first convolutional layer and the second convolutional layer comprehensively operate local perception features at a higher level so as to obtain global information of the features, and the convolutional layer uses a nonlinear activation function Relu and maximum pooling operation; reconstructing the features into one-dimensional data which can be identified by an LSTM layer through a reconstruction layer after two convolution operations; the first LSTM layer and the second LSTM layer are used to process time series data, mining S2 model dataset time series related features.
6. The network intrusion detection method for unbalanced network traffic data according to claim 1, wherein in the step S5, a logistic regression function Softmax is used to convert the prediction result of the samples in the data set into classification probability, and the probability of the positive and negative samples is converted to obtain the classification result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310231492.4A CN116366309A (en) | 2023-03-10 | 2023-03-10 | Network intrusion detection method for unbalanced network flow data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310231492.4A CN116366309A (en) | 2023-03-10 | 2023-03-10 | Network intrusion detection method for unbalanced network flow data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116366309A true CN116366309A (en) | 2023-06-30 |
Family
ID=86906095
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310231492.4A Pending CN116366309A (en) | 2023-03-10 | 2023-03-10 | Network intrusion detection method for unbalanced network flow data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116366309A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116633803A (en) * | 2023-07-24 | 2023-08-22 | 四川众力佳华信息技术有限公司 | Novel network flow combined prediction model |
| CN117354056A (en) * | 2023-12-04 | 2024-01-05 | 中国西安卫星测控中心 | Network intrusion detection method based on convolutional neural network and integrated learning algorithm |
| CN117768225A (en) * | 2023-12-28 | 2024-03-26 | 长春大学 | Method for constructing network intrusion detection system model based on DCNN-LSTM technology |
-
2023
- 2023-03-10 CN CN202310231492.4A patent/CN116366309A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116633803A (en) * | 2023-07-24 | 2023-08-22 | 四川众力佳华信息技术有限公司 | Novel network flow combined prediction model |
| CN116633803B (en) * | 2023-07-24 | 2023-10-20 | 四川众力佳华信息技术有限公司 | Novel network flow combined prediction model |
| CN117354056A (en) * | 2023-12-04 | 2024-01-05 | 中国西安卫星测控中心 | Network intrusion detection method based on convolutional neural network and integrated learning algorithm |
| CN117354056B (en) * | 2023-12-04 | 2024-02-13 | 中国西安卫星测控中心 | Network intrusion detection method based on convolutional neural network and integrated learning algorithm |
| CN117768225A (en) * | 2023-12-28 | 2024-03-26 | 长春大学 | Method for constructing network intrusion detection system model based on DCNN-LSTM technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116366309A (en) | Network intrusion detection method for unbalanced network flow data | |
| CN109450842B (en) | Network malicious behavior recognition method based on neural network | |
| CN111428231B (en) | Safety processing method, device and equipment based on user behaviors | |
| Al-Marri et al. | Federated mimic learning for privacy preserving intrusion detection | |
| CN112491796B (en) | Intrusion detection and semantic decision tree quantitative interpretation method based on convolutional neural network | |
| Liu et al. | An intrusion detection model with hierarchical attention mechanism | |
| CN112866023B (en) | Network detection method, model training method, device, equipment and storage medium | |
| CN108449342A (en) | Malicious requests detection method and device | |
| CN112910859B (en) | Internet of things equipment monitoring and early warning method based on C5.0 decision tree and time sequence analysis | |
| CN110557382A (en) | Malicious domain name detection method and system by utilizing domain name co-occurrence relation | |
| CN109922065B (en) | Quick identification method for malicious website | |
| CN109660518B (en) | Communication data detection method and device of network and machine-readable storage medium | |
| CN110378430B (en) | Network intrusion detection method and system based on multi-model fusion | |
| CN111866024A (en) | Network encryption traffic identification method and device | |
| CN117473571B (en) | Data information security processing method and system | |
| CN111367908A (en) | Incremental intrusion detection method and system based on security assessment mechanism | |
| CN117892102B (en) | Intrusion behavior detection method, system, equipment and medium based on active learning | |
| Agrawal et al. | Autoencoder for Design of Mitigation Model for DDOS Attacks via M‐DBNN | |
| Harbola et al. | Improved intrusion detection in DDoS applying feature selection using rank & score of attributes in KDD-99 data set | |
| Fan et al. | AutoIoT: Automatically updated IoT device identification with semi-supervised learning | |
| CN116502171B (en) | Network security information dynamic detection system based on big data analysis algorithm | |
| Wan et al. | DevTag: A benchmark for fingerprinting IoT devices | |
| CN115622810B (en) | Business application identification system and method based on machine learning algorithm | |
| CN116827656A (en) | Network information safety protection system and method thereof | |
| CN116738369A (en) | Traffic data classification method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |