CN1567853A - Network safety risk detection system and method - Google Patents
Network safety risk detection system and method Download PDFInfo
- Publication number
- CN1567853A CN1567853A CN 200410022160 CN200410022160A CN1567853A CN 1567853 A CN1567853 A CN 1567853A CN 200410022160 CN200410022160 CN 200410022160 CN 200410022160 A CN200410022160 A CN 200410022160A CN 1567853 A CN1567853 A CN 1567853A
- Authority
- CN
- China
- Prior art keywords
- immunocyte
- network
- antigen
- risk
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000001514 detection method Methods 0.000 title claims description 21
- 230000000694 effects Effects 0.000 claims abstract description 13
- 238000012544 monitoring process Methods 0.000 claims abstract description 8
- 239000000427 antigen Substances 0.000 claims description 60
- 108091007433 antigens Proteins 0.000 claims description 56
- 102000036639 antigens Human genes 0.000 claims description 56
- 230000035800 maturation Effects 0.000 claims description 31
- 230000036039 immunity Effects 0.000 claims description 30
- 108090000623 proteins and genes Proteins 0.000 claims description 23
- 206010036590 Premature baby Diseases 0.000 claims description 15
- 239000008280 blood Substances 0.000 claims description 13
- 210000004369 blood Anatomy 0.000 claims description 13
- 238000012502 risk assessment Methods 0.000 claims description 12
- 238000000605 extraction Methods 0.000 claims description 3
- 238000011156 evaluation Methods 0.000 abstract description 12
- 210000000987 immune system Anatomy 0.000 abstract description 5
- 230000008569 process Effects 0.000 description 11
- 230000008878 coupling Effects 0.000 description 6
- 238000010168 coupling process Methods 0.000 description 6
- 238000005859 coupling reaction Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000008859 change Effects 0.000 description 4
- 230000002776 aggregation Effects 0.000 description 3
- 238000004220 aggregation Methods 0.000 description 3
- 238000012217 deletion Methods 0.000 description 3
- 230000037430 deletion Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000000638 stimulation Effects 0.000 description 3
- 230000000890 antigenic effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000009545 invasion Effects 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 241000282326 Felis catus Species 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000030833 cell death Effects 0.000 description 1
- 238000010367 cloning Methods 0.000 description 1
- 230000034994 death Effects 0.000 description 1
- 230000002068 genetic effect Effects 0.000 description 1
- 230000035772 mutation Effects 0.000 description 1
- 244000052769 pathogen Species 0.000 description 1
- 230000001717 pathogenic effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000002255 vaccination Methods 0.000 description 1
- 229960005486 vaccine Drugs 0.000 description 1
Images
Landscapes
- Medicines Containing Antibodies Or Antigens For Use As Internal Diagnostic Agents (AREA)
Abstract
The invention discloses a network safety risk detecting system and method, simulating the function of immunocytes in human immune system to real-timely monitor large-scale network activities, and according to the antibody concentration of the immunocytes, evaluating some attack risk and the whole risk that host computer are faced with, some attack risk that the whole network is face with and the whole risk that the whole network is faced with. It can makes real-time and quantitative risk evaluation on the network safety, and can learn by itself as detecting and monitoring the network so as to in time find new network attacking mode, and has a wide application prospect.
Description
Technical field
The present invention relates to a kind of network security risk detection technique, belong to information security field.
Background technology
Traditional network security technology (as fire compartment wall etc.) is mainly based on Passive Defence, the attack that system is being suffered lacks real-time network security risk evaluation, thereby the defence policies of situation adjustment in real time oneself such as intensity of also just can not be targetedly initiatively being attacked according to current network and risk class.Real-time network security risk detects positive network security technology is had great importance.Traditional network security assessment means comprise mainly that to methods such as IDS sample analysis, manual evaluation and security audits thereof these methods lack real-time, can not quantitatively calculate, and have significant limitation.
The Chinese patent publication number is the application case of CN1412714A, by the method that analog hacker is attacked, to carried out the scanning of security breaches and hidden danger by check system, submits Risk Assessment Report to, and proposes corresponding adjustment measure.This method can only be carried out risk assessment to network security before assault, can not carry out real-time network security risk evaluation in assault, and can not detect existing mutation of attacking, and adaptive capacity is relatively poor.
Summary of the invention
The present invention proposes a kind of real-time network security risk detection system and method, can carry out real-time, quantitative risk assessment to network security, and to network measuring and when monitoring, can self-teaching, in time find new network attack pattern.
The corresponding relation that the present invention invades intensity according to the variation and the pathogen of AC among the human immune system proposes.
Network security risk detection system of the present invention, is made up of the risk evaluation module of network the risk evaluation module of main frame the intrusion detection module.Corresponding with the human immune system, the network activity of definition antigen for detecting is the proper network activity from body in the system, and non-is unusual network activity from body.Also defined immunocyte in the system, the functional module of immunocyte for network activity is detected in real time, antibody (being used for detecting the detection of antigens device) is present in the immunocyte, is used to detect antigen.Immunocyte is divided into memory immunocyte and maturation immunity cell, the maturation immunity cell is also not by the immunocyte of antigenic activation (not matching the antigen that specifies number in the regular hour), and the memory immunocyte is to be evolved and come by the maturation immunity cell that is activated.In system's running, immunocyte detects the antigen (network activity feature) of being offered (feature extraction is carried out in network activity) by antigen and obtaining.Immunocyte is subjected to antigenic stimulus (with the antigen coupling) and the enough affinity (the coupling number surpasses given threshold value) of accumulative total, this cell will be by clone (produce more multiclass like immunocyte to tackle more dead cat), this cell corresponding antibody concentration will improve simultaneously, immunocyte continues to be activated (suffering continuous attack), and then its AC will increase constantly.The immunocyte AC will keep in a hold period, if be not activated in the AC hold period, then corresponding antibodies concentration will decay to 0, can assess network security risk according to the AC of memory immunocyte like this.
Before describing in detail, some nouns that at first use in the define system, symbol and some formula:
(1) antigen set: establish antigen set A g={<a, b〉| a ∈ D ∧ b ∈ ψ ∧ | a|=l ∧ a=APCs (b) }, wherein gather D={0,1}
lL is normal natural number, set ψ is the IP bag set of online transmission, antigen in the similar immune system of APCs (b) is offered, and b carries out feature extraction to the IP bag: extracting length is the epitope (characteristic value) of the binary string (mainly being made up of the binary string of web transactions features such as source, purpose IP address, port numbers, protocol type, protocol status) of l as initial IP packet.
(2) from body and non-ly gather:, non-from body set Noself Ag from body S set elf Ag from body.Self ∪ Noself=Ag is arranged, Self ∩ Noself=Φ.To element x ∈ Ag arbitrarily, definition belongs to operator ∈ from body
APCsAnd
As follows:
(3) immunocyte set: definition immunocyte set B=<d, p, age, count〉| d ∈ D, p ∈ R, age, count ∈ N}, wherein d is an antibody, p is an AC, age is the antibody age, and count is the antigen number that antibody matches, and R is a set of real numbers, and N is the nature manifold.Immunocyte is divided into maturation immunity cell T again
bWith memory immunocyte M
b, i.e. B=M
b∪ T
b, and M
b∩ T
b=Φ.
(4) affinity (affinity) computing function f
R_con(x, y): r position (r-contiguous bits) adaptation function is continuously adopted in suggestion, and computing formula is seen formula (2):
In addition, the affinity computing function also can adopt other functions, for example computing functions such as hamming distance, Euler's distance.
(5) prematurity immunocyte set: definition prematurity immunocyte set I
b=<d, age〉| d ∈ D, age ∈ N).
(6) antibody gene storehouse: definition antibody gene storehouse Agd D, the antibody gene storehouse is mainly used in the antibody gene of the new prematurity immunocyte of generation in the marrow model.
(7) definition memory immunocyte M
bIn Consanguinity relation:
Consanguinity={<x,y>|x,y∈M
b∧f
r_con(x.d,y.d)=1} (3)
(8) blood relation's class and maximum blood relation's class: establish and gather X M arbitrarily
b, to x arbitrarily, y ∈ X has<x y〉and ∈ Consanguinity, claim that X be the blood relation's class by the Consanguinity generation.In addition, if X is the blood relation's class that is produced by Consanguinity, and M
bAny element among the-X all not with X in element exist and to concern Consanguinity, claim that then X is maximum blood relation's class.
(9) maximum blood relation's class is: establish π={ A
1, A
2..., A
n,
Make M
b' in the institute
There is maximum blood relation's class set to be combined into
Then
Be A
lBe M
b' in have arbitrary maximum blood relation's class of maximum elements, and
Claim that so π is M
bIn maximum
Blood relation's class system.
In order to further specify principle of the present invention and feature, be described in detail below in conjunction with accompanying drawing.Fig. 1 is the system assumption diagram of system
Fig. 1 has shown the distribution (establish in protected network total K platform main frame) of whole system in network: intrusion detection module and the risk evaluation module of main frame is distributed on each main frame in the whole network is distributed on the risk assessment central server the risk evaluation module of network.The intrusion detection module detects the network activity of main frame, risk evaluation module to main frame is carried out risk assessment according to the AC of remembering immunocyte on the main frame to main frame, and the risk evaluation module of network is carried out risk assessment according to the AC of remembering immunocyte in the whole network to network.
Fig. 2 is the workflow diagram of intrusion detection module
The network invasion monitoring process is as follows:
(1) from the real network data flow, obtain the IP packet, extract the characteristic information (as information such as IP address, port numbers and agreements) of IP bag, constituting length is the binary string of l, regularly puts into set A g as antigen.
(2) antigen set A g is gathered M by the memory immunocyte
bDetect, from Ag, delete for non-antigen being detected, if the memory immunocyte detects from body just from M from body by the memory immunocyte
bMiddle deletion.
(3) with antigen set A g by maturation immunity cell aggregation T
bDetect, being that non-antigen from body is deleted from Ag by the maturation immunity cell detection, will being activated and joining memory immunocyte set M if the maturation immunity cell detects the antigen of some in certain cycle
bIn, if the maturation immunity cell is not activated in certain cycle or detects from body just from M
bMiddle deletion.
(4) the prematurity immunocyte is tolerated (deletion with from the cell of body sets match), successfully will join maturation immunity cell aggregation T if the prematurity immunocyte tolerates
bIn, otherwise will be dead.
(5) the prematurity immunocyte of generation some joins prematurity immunocyte set I
bIn, the antibody of newborn prematurity immunocyte generally is divided into several sections: a part of completely random produces (guaranteeing the diversity of antibody), another part antibody gene is by the gene code in the antibody gene storehouse, and Methods for Coding can adopt genetic operator etc.
(6) return (2).
In the network invasion monitoring process, the detailed process that the antigen set changes is described by equation (4)-(9).
Ag
Self(t)=Ag(t)-Ag
Nonself(t) (7)
Wherein δ is the update cycle of antigen set A g, and promptly every δ cycle Ag is all replaced by new antigen, Ag
NewBe the new antigen of collecting between twice antigen upgrades, Ag
Nonself(t) the non-self-antigen that is detected constantly for t.Q
Ag(t) for t constantly with a certain maturation immunity cell coupling but fail to make this immunocyte to be accumulated to the antigen of enough affinity.f
Check(y, x) (y ∈ B, x ∈ Ag) simulation immunocyte is to the classification effect of antigen: if immunocyte has mated antigen, and antigen belongs to Self (t-1), and promptly detecting one once was that antigen from body then returns 2; If the coupling but do not belong to Self (t-1), promptly detect a non-self-antigen and then return 1; If do not mate, then this antigen is known self-antigen, returns 0.f
CostimulationSimulate immune collaborative stimulation, indication works as whether pro-antigen is self-antigen, and external signal can be replying of system manager etc.
In real network environment, because the existence of security breaches after network security manager's mending-leakage, is considered to normal network activity meeting in the past and is under an embargo.In addition, As time goes on, the network manager may open more port for better service is provided, and more service is provided, and in other words, former forbidden network activity is allowed to now.Here introduce the problem that a network normal activity (from body) dynamically develops in time.Usually, for t constantly from the body set, for a last moment in the body set, remove the element that morphs, add simultaneously t newly-increased constantly from element of volume, can describe with equation (10)-(13) from the dynamic change of body set.
Self
New(t)=y|y be t increase newly constantly from the body string (12)
B(t)=M
b(t)∪T
b(t), t≥0 (13)
The antibody gene storehouse is mainly used in the gene that generates new prematurity immunocyte antibody, and the evolution situation in antibody gene storehouse can be described with equation (14)-(16).
D wherein
i∈ D (i=1 ..., k) be initial antibody gene storehouse, Agd
NewThe gene (detecting a kind of new attack first) of cell clone body during (t) for t moment immunocyte primary response, Agd
Dead(t) memory immunocyte (detecting an antigen that is proved to be from the body) gene that makes a mistake sure constantly for t.Agd
New(t) as the superiority inheritance gene it is added the antibody gene storehouse, be beneficial to when generating new antibody gene, might generate more outstanding antibody gene by evolvement methods such as legacy operators; And Agd
Dead(t) then be As time goes on to have adapted to the gene current network needs, mistake, that need eliminate.
Fig. 3 is the self-tolerance procedure chart of prematurity immunocyte
Newly-generated prematurity immunocyte does not match from body in the given tolerance phase and just changes the maturation immunity cell into.If the prematurity immunocyte is interim having matched from body of tolerance, will be dead.
Equation (17)-(20) are described the tolerance process of prematurity immunocyte in detail.
I
maturation(t)={x|x∈I
tolerance(t)∧x.age>α} (19)
I
New(t)={ y
1, y
2..., y
ξ(20) I wherein
Tolerance(t) be that Self (t-1) experience is once tolerated the remaining immunocyte in back, α 〉=1 (constant) simulation tolerance phase, I
Maturation(t) go through α immunocyte that tolerates the after date maturation constantly for t.I
New(t) the new prematurity immunocyte that produces constantly for t.
Fig. 4 is the procedure chart of maturation immunity cell detection antigen
The process of maturation immunity cell detection antigen is as follows:
(1) antibody and the antigen in the maturation immunity cell mates, if do not match, this antigen enters the detection of next round, otherwise changes (2).
(2) judge whether the antigen match belongs to from the body set, if belong to then change (3), otherwise commentaries on classics (4).
(3) if determine that through collaborative the stimulation this antigen be from body, then this maturation immunity cell death simultaneously this antigen enter the detection of next round, otherwise commentaries on classics (4).
(4) delete this antigen.
(5) whether the coupling number of judging this maturation immunity cell surpasses certain threshold value beta, if surpass then this maturation immunity cell is cloned, is translated into the memory immunocyte and sends to other main frames in the network.
Equation (21)-(32) are described the testing process of maturation immunity cell in detail.
T
b′(t)=T
b″(t)-P(t)∪T
b(t) (22)
T
b″(t)={y|y∈B∧(y.d=x.d,y.p=x.p,y.age=x.age,y.count=x.count+1,x∈P(t))} (23)
T
b″(t)={y|y∈B∧(y.d=x.d,y.p=x.p,y.age=x.age+1,
(25)
y.count=x.count,x∈T
b(t-1))}
T
new(t)={y|y∈B∧(y.d=x.d,y.p=0,y.age=0,y.count=0,x∈I
maturation(t))} (26)
T
clone(t)={x|x∈T
b(t),x.count≥β} (28)
X ' ∈ T wherein
b, x
i' .d=f
Variation(x), x
i' .p=0, x
i' .age=0, x
i' .count=0
f
Variation(x)=and d ', d ' ∈ D wherein, x.d ≠ d ', f
R_con(x.d, d ')=1 (31)
Family (x)={ y|y ∈ B (t-1) ∧ x ≠ y ∧ f
R_con(x.d, y.d)=1} (32) T wherein
New(t) be the t immunocyte of the new maturation that produces from marrow constantly, T
Clone_new(t) immunocyte that newly produces for cell clone (going through variation, self-tolerance process, shown in equation 27,30), T
Clone(t) for will evolving constantly, t is the cell aggregation of memory immunocyte, T
Dead(t) for t constantly since in cell life cycle (λ) be not accumulated to the dead cell of enough affinity (β).
Fig. 5 detects the process of antigen for the memory immunocyte
The process that the memory immunocyte detects antigen is as follows:
(1) memory immunocyte and antigen mate, if do not match, give maturation immunity cell coupling, otherwise change (2).
(2) judge whether the antigen match belongs to from the body set, if belong to then change (3), otherwise commentaries on classics (4).
(3) if determine that through collaborative the stimulation this antigen be from body, then should the death of memory immunocyte and give the maturation immunity cell detection this antigen, otherwise commentaries on classics (4).
(4) delete this antigen, this memory immunocyte is cloned and increased the AC of this memory immunocyte.
Equation (33)-(41) are described the testing process of memory immunocyte in detail.
M
b′(t)=M
b″(t)∪M
clone′(t) (34)
y.age=x.age+1,y.count=x.count,x∈M
b(t-1)-M
clone(t))}
M
clone′(t)={x|x∈M
b∧y∈M
clone(t)∧(x.d=y.d,
(37)
x.p=η+y.p,x.age=0,x.count=y.count+1}
M
new(t)={x|x∈M
b∧y∈T
clone(t)∧(x.d=y.d,x.p=η,x.age=0,x.count=y.count)} (39)
T
other_machine_clone(t)={x|x∈M
b∧y∈T′
other_machine_clone(t)
(40)
∧(x.d=y.d,x.p=0,x.age=0,x.count=0)}
Wherein K is the main frame number in the current network
(41)
K is the numbering of this machine, T
Clonei i(t) be the T of i platform main frame
Clone(t) M wherein
New(t) be the new memory immunocyte that produces, M
Dead(t) for having mated a memory immunocyte that is proved to be from the antigen of body.T '
Other_machine_clone(t) be t maturation immunity cell clone body set (not containing the clone who remembers immunocyte) constantly in the Computer Immune System of other machines in the t moment network, when ripe immunocyte is met antigen generation clone (detecting a new network attack), this cell clone is sent in the network on the every other machine simultaneously, so that being possessed, other machines resists the ability that similar antigen is attacked, T
Other_machine_clone(t) simulated the process (similar vaccination) of accepting vaccine from other machines.η (>0) is a constant.λ ' is the hold period of memory immunocyte AC, if promptly should memory immunocyte in λ ' cycle time cloning more not, then its corresponding antibody concentration will decay until 0.
Fig. 6 is the risk evaluation module flow chart to main frame
To main frame k (the risk assessment process of 1≤k≤K) is as follows:
(1) computation host is remembered immunocyte set M constantly at t
b(t) maximum blood relation's class is π (t)={ A
1(t), A
2(t) ..., A
n(t) }, promptly the memory immunocyte is classified.
(2) main frame is attacked by the n class, appoints and gets A
iThe antibody A of the arbitrary element (t)
i Gene(t) feature of attacking as the i class, i=1,2 ..., n.
(3) each class is attacked calculating
I=1 wherein, 2 ..., n, α
i(0≤α
i≤ 1) shows in the main frame
The i class is attacked A
i Gene(t) danger.
(4) according to attack
iValue specifically assess main frame k and face the risk size that the i class is attacked constantly at t.
(5) basis
Value specifically assess main frame k faces the risk of all attacks constantly at t size.
Fig. 7 is the risk evaluation module flow chart to network
Risk assessment process to whole network is as follows:
(1) calculates whole network in t memory immunocyte set constantly
In maximum blood relation's class system
∏ (t)={ C
1(t), C
2(t) ..., C
m(t) }, promptly immunocyte is classified M
b k(t) be that main frame k gathers at t memory immunocyte constantly,
(2) whole network is attacked by the m class, appoints and gets C
iThe antibody C of the arbitrary element (t)
i Gene(t) feature of attacking as the i class, i=1,2 ..., m.
(3) each class is attacked calculating
I=1 wherein, 2 ..., m,
α
l(0≤α
l≤ 1) shows that the i class is attacked G in the network
i Gene(t) danger, β
k(0≤β
k≤ 1) is the importance of main frame k in network.
(4) according to attack
iThe whole network of the concrete assessment of value face the size of the risk that the i class attacks constantly at t.
(5) basis
The whole network of the concrete assessment of value face the size of the risk of all attacks constantly at t.
Claims (6)
1. network security risk detection system and method is characterized in that the step based on the network monitoring of immunity; Step to the risk assessment of main frame; Step to the risk assessment of network.
2. described network security risk detection system of claim 1 and method is characterized in that may further comprise the steps based on the step of the network monitoring of immunity:
The step that antigen is offered (feature extraction) is carried out in network activity;
The step that the antigen set is dynamically developed;
From the dynamic step that develops of body set;
The step of the evolution in antibody gene storehouse;
The memory immunocyte detects the step of antigen;
The step of maturation immunity cell detection antigen;
The step of prematurity immunocyte self-tolerance;
Immunocyte clone's step;
The step that the immunocyte AC changes.
3. the step of the described network monitoring based on immunity of claim 2 is characterized in that immunocyte clone's step may further comprise the steps:
The maturation immunity cell detects the step that the antigen of some is cloned in preset time;
Send it in other main frames in the network step during the maturation immunity cell clone as the memory immunocyte in other main frames;
The memory immunocyte detects the step that antigen is cloned;
Clone's immunocyte is through the step of variation and self-tolerance.
4. the step of the described network monitoring based on immunity of claim 2 is characterized in that the step that the immunocyte AC changes may further comprise the steps:
Maturation immunity cell antibody concentration is 0 step;
During the maturation immunity cell clone, improve the step of AC;
When the memory immunocyte detects antigen once more in certain cycle, the step that its AC continues to increase;
When the memory immunocyte does not detect antigen once more in certain cycle, the step that its AC is decayed.
5. described network security risk detection system of claim 1 and method is characterized in that the step of the risk assessment of main frame be may further comprise the steps:
The step of the memory immunocyte on the main frame being classified according to the method for maximum blood relation's class system;
Judge the attack type that main frame has suffered and the step of feature according to every class memory immunocyte;
Face the step of the risk of corresponding attack according to every class memory immunocyte AC assessment main frame;
The step of the overall risk that faces according to memory immunocyte AC all on main frame assessment main frame.
6. described network security risk detection system of claim 1 and method is characterized in that the step of the risk assessment of network be may further comprise the steps:
The step of the memory immunocyte in the network being classified according to the method for maximum blood relation's class system;
Judge the attack type that network has suffered and the step of feature according to every class memory immunocyte;
Assess the step of the risk of the corresponding attack of network faces according to every class memory immunocyte AC;
Assess the step of the overall risk of network faces according to memory immunocyte ACs all in the network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200410022160 CN1246996C (en) | 2004-03-29 | 2004-03-29 | Network safety risk detection system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200410022160 CN1246996C (en) | 2004-03-29 | 2004-03-29 | Network safety risk detection system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1567853A true CN1567853A (en) | 2005-01-19 |
| CN1246996C CN1246996C (en) | 2006-03-22 |
Family
ID=34479933
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200410022160 Expired - Fee Related CN1246996C (en) | 2004-03-29 | 2004-03-29 | Network safety risk detection system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1246996C (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101227288B (en) * | 2008-01-29 | 2010-06-02 | 四川大学 | Method for evaluating hazardness of network attack |
| CN101753381B (en) * | 2009-12-25 | 2012-10-10 | 华中科技大学 | Method for detecting network attack behaviors |
| CN102801739A (en) * | 2012-08-25 | 2012-11-28 | 乐山师范学院 | Network risk determining and evidence obtaining method based on cloud computing environment |
| CN116032567A (en) * | 2022-12-13 | 2023-04-28 | 四川大学 | Method, device, equipment and storage medium for describing risk of unknown network threat |
| CN116055108A (en) * | 2022-12-13 | 2023-05-02 | 四川大学 | Risk control method, device, equipment and storage medium for unknown network threat |
-
2004
- 2004-03-29 CN CN 200410022160 patent/CN1246996C/en not_active Expired - Fee Related
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101227288B (en) * | 2008-01-29 | 2010-06-02 | 四川大学 | Method for evaluating hazardness of network attack |
| CN101753381B (en) * | 2009-12-25 | 2012-10-10 | 华中科技大学 | Method for detecting network attack behaviors |
| CN102801739A (en) * | 2012-08-25 | 2012-11-28 | 乐山师范学院 | Network risk determining and evidence obtaining method based on cloud computing environment |
| CN116032567A (en) * | 2022-12-13 | 2023-04-28 | 四川大学 | Method, device, equipment and storage medium for describing risk of unknown network threat |
| CN116055108A (en) * | 2022-12-13 | 2023-05-02 | 四川大学 | Risk control method, device, equipment and storage medium for unknown network threat |
| CN116032567B (en) * | 2022-12-13 | 2024-02-20 | 四川大学 | Method, device, equipment and storage medium for describing risk of unknown network threat |
| CN116055108B (en) * | 2022-12-13 | 2024-02-20 | 四川大学 | Risk control method, device, equipment and storage medium for unknown network threat |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1246996C (en) | 2006-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110647765B (en) | Privacy protection method and system based on knowledge migration under collaborative learning framework | |
| CN1848765A (en) | Network intruding danger estimating method based on immunity | |
| Altwegg et al. | Nestboxes and immigration drive the growth of an urban Peregrine Falcon Falco peregrinus population | |
| CN101299691B (en) | Method for detecting dynamic gridding instruction based on artificial immunity | |
| CN108200030A (en) | Detection method, system, device and the computer readable storage medium of malicious traffic stream | |
| CN103957205A (en) | Trojan horse detection method based on terminal traffic | |
| CN106796639A (en) | For the data mining algorithm of credible performing environment | |
| CN104901847B (en) | A kind of social networks corpse account detection method and device | |
| CN1246996C (en) | Network safety risk detection system and method | |
| Northrup et al. | Environmental dynamics and anthropogenic development alter philopatry and space‐use in a North American cervid | |
| Arruda et al. | Estimation of time-dependent reproduction numbers for porcine reproductive and respiratory syndrome across different regions and production systems of the US | |
| CN109583056A (en) | A kind of network-combination yarn tool performance appraisal procedure and system based on emulation platform | |
| CN110493262A (en) | It is a kind of to improve the network attack detecting method classified and system | |
| CN109241062A (en) | A kind of generation method and device of government data catalogue | |
| US20160197943A1 (en) | System and Method for Profiling System Attacker | |
| Edge et al. | A retrovirus inspired algorithm for virus detection & optimization | |
| Bradhurst et al. | Development of a transboundary model of livestock disease in Europe | |
| CN1246993C (en) | Network security intrusion detecting system and method | |
| CN103593610A (en) | Spyware self-adaptation induction and detection method based on artificial immunity | |
| CN110458511A (en) | Building castoff process control method and system based on technology of Internet of things | |
| CN1764122A (en) | Route between fields abnormity detecting method based on multi view | |
| De Benedictis et al. | Phylogenetic analysis of rabies viruses from Burkina Faso, 2007 | |
| CN207408784U (en) | Chicken cultivation intelligent monitor system based on Internet of Things | |
| CN1819530A (en) | Network information system tolerant invading method | |
| Wahlström et al. | Demonstrating freedom from Mycobacterium bovis infection in Swedish farmed deer using non-survey data sources |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: SICHUAN GREAT TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: SICHUAN UNIVERSITY Effective date: 20100513 |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 610065 NO.24, SOUTH 1ST SECTION, 1ST RING ROAD, CHENGDU CITY, SICHUAN PROVINCE TO: 610041 2/F, COMPLEX BUILDING (FACING THE STREET), CHENGDU KEHUA MIDDLE ROAD PRIMARY SCHOOL, NO.2, CHANGSHOU ROAD, WUHOU DISTRICT, CHENGDU CITY |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20100513 Address after: 610041, Wuhou District, Changshou Road, Chengdu No. 2 Chengdu KELONG Road Primary School Street building two floor Patentee after: Sichuan Gerite Technology Co., Ltd. Address before: 610065 Sichuan, Chengdu, South Ring Road, No. 1, No. 24 Patentee before: Sichuan University |
|
| ASS | Succession or assignment of patent right |
Owner name: CHENGDU GLOBAL CAPSHEAF TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: SICHUAN GREAT TECHNOLOGY CO., LTD. Effective date: 20130401 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20130401 Address after: 610000 C-411 Asia Pacific Plaza, KELONG North Road, Sichuan, Chengdu Patentee after: Chengdu century summit Technology Co., Ltd. Address before: 610000, Sichuan, Wuhou District, Changshou Road, Chengdu No. 2 Chengdu KELONG Road Primary School Street building two floor Patentee before: Sichuan Gerite Technology Co., Ltd. |
|
| DD01 | Delivery of document by public notice |
Addressee: Wang Zhengtao Document name: Notification of Passing Examination on Formalities |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20060322 Termination date: 20180329 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |