[go: up one dir, main page]

CN118264425A - An attack-aware detection method based on threat modeling based on machine learning - Google Patents

An attack-aware detection method based on threat modeling based on machine learning Download PDF

Info

Publication number
CN118264425A
CN118264425A CN202211686570.1A CN202211686570A CN118264425A CN 118264425 A CN118264425 A CN 118264425A CN 202211686570 A CN202211686570 A CN 202211686570A CN 118264425 A CN118264425 A CN 118264425A
Authority
CN
China
Prior art keywords
machine learning
data
detection method
threat
attack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211686570.1A
Other languages
Chinese (zh)
Inventor
张照庭
邹尚礼
宋波
方冬茹
吴庆文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Eshore Technology Co Ltd
Original Assignee
Guangdong Eshore Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Eshore Technology Co Ltd filed Critical Guangdong Eshore Technology Co Ltd
Priority to CN202211686570.1A priority Critical patent/CN118264425A/en
Publication of CN118264425A publication Critical patent/CN118264425A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Mathematical Physics (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明提供一种基于机器学习进行威胁建模的攻击感知检测方法。所述基于机器学习进行威胁建模的攻击感知检测方法包括:机器学习建模,所述机器学习建模包括以下步骤:步骤一.采用nPrint表示法,对抓取的网络流量数据进行表示以及编码,使得数据结构统一规范;步骤二.针对数据结构各部分设置变量参数,而nPrint数据表示法能规范表示任何数据包而不丢失。本发明提供的基于机器学习进行威胁建模的攻击感知检测方法可以加强数据分析,感知威胁,同时通过对各种类型的数据包检测,机器学习能够不断地完善相应的数据模型,它实现了随着时间的推移,越来越强大精准的优点。

The present invention provides an attack perception detection method based on machine learning for threat modeling. The attack perception detection method based on machine learning for threat modeling includes: machine learning modeling, and the machine learning modeling includes the following steps: Step 1. Use nPrint representation to represent and encode the captured network traffic data so that the data structure is unified and standardized; Step 2. Set variable parameters for each part of the data structure, and the nPrint data representation can standardize any data packet without loss. The attack perception detection method based on machine learning for threat modeling provided by the present invention can strengthen data analysis and perceive threats. At the same time, by detecting various types of data packets, machine learning can continuously improve the corresponding data model, which achieves the advantages of becoming more and more powerful and accurate over time.

Description

一种基于机器学习进行威胁建模的攻击感知检测方法An attack-aware detection method based on threat modeling based on machine learning

技术领域Technical Field

本发明属于网络安全技术领域,尤其涉及一种基于机器学习进行威胁建模的攻击感知检测方法。The present invention belongs to the field of network security technology, and in particular relates to an attack perception detection method based on machine learning for threat modeling.

背景技术Background technique

市场上的威胁检测方法,往往是根据最新的漏洞情况,通过静态的手段,不断地打补丁,进行检测最新的可能存在的威胁。The threat detection methods on the market often use static means to continuously apply patches and detect the latest possible threats based on the latest vulnerability situations.

经检索,相关技术中,公开了一种基于机器学习进行物联网威胁检测的方法,用于实现对物联网设备的威胁检测,包括以下步骤:在物联网环境中采集流量数据;对采集到的流量数据进行特征处理;将处理过的流量数据用于机器学习模型训练;将训练好的模型部署到物联网环境设备中,用于威胁检测及识别。本发明的方法通过使用机器学习已知的攻击类型,实现及时发现物联网设备遭受的已知及未知攻击的威胁,且可使机器不断学习新的攻击类型,并及时发现威胁,以便采取安全防护措施,从而减少损失。After searching, the related art discloses a method for IoT threat detection based on machine learning, which is used to realize threat detection of IoT devices, including the following steps: collecting traffic data in the IoT environment; performing feature processing on the collected traffic data; using the processed traffic data for machine learning model training; deploying the trained model to the IoT environment equipment for threat detection and identification. The method of the present invention uses machine learning to learn known attack types, so as to timely discover the threats of known and unknown attacks suffered by IoT devices, and enables the machine to continuously learn new attack types and timely discover threats so as to take security measures, thereby reducing losses.

经检索,相关技术中,公开了一种基于网络安全态势感知的网络风险评估方法,包括数据采集平台基于威胁潜伏探针、EDR进行数据的收集;大数据分析平台采用用户和实体行为分析、威胁建模及机器学习技术,将特征检测和行为检测相结合,对所述数据进行分析并接收威胁情报;大数据分析平台根据对所述数据的分析结果以及接收到的威胁情报进行网络风险评估,并将网络风险评估结果发送至告警及控制中心;能够有效解决目前网络安全事件分析难度大,安全威胁处理陷入困局,网络攻击越来越复杂,安全问题难以检测的问题。After searching, the relevant technologies disclose a network risk assessment method based on network security situation awareness, including a data collection platform that collects data based on threat latent probes and EDR; a big data analysis platform that uses user and entity behavior analysis, threat modeling and machine learning technology to combine feature detection and behavior detection to analyze the data and receive threat intelligence; the big data analysis platform conducts network risk assessment based on the analysis results of the data and the received threat intelligence, and sends the network risk assessment results to the alarm and control center; it can effectively solve the current problems of difficulty in analyzing network security incidents, difficulties in handling security threats, increasingly complex network attacks, and difficulty in detecting security issues.

但是,有些厂商因为产品的可持续研发能力不足,导致产品的效能逐渐满足不了需求。However, due to insufficient sustainable product R&D capabilities, some manufacturers’ product performance is gradually failing to meet demand.

因此,有必要提供一种新的基于机器学习进行威胁建模的攻击感知检测方法解决上述技术问题。Therefore, it is necessary to provide a new attack perception detection method based on threat modeling by machine learning to solve the above technical problems.

发明内容Summary of the invention

本发明解决的技术问题是提供一种可以加强数据分析,感知威胁,同时通过对各种类型的数据包检测,机器学习能够不断地完善相应的数据模型,它实现了随着时间的推移,越来越强大精准的基于机器学习进行威胁建模的攻击感知检测方法。The technical problem solved by the present invention is to provide a method that can enhance data analysis and perceive threats. At the same time, through the detection of various types of data packets, machine learning can continuously improve the corresponding data model. It realizes an attack perception detection method based on machine learning for threat modeling that becomes more and more powerful and accurate over time.

为解决上述技术问题,本发明提供的基于机器学习进行威胁建模的攻击感知检测方法包括:机器学习建模,所述机器学习建模包括以下步骤:In order to solve the above technical problems, the present invention provides an attack perception detection method based on machine learning for threat modeling, which includes: machine learning modeling, wherein the machine learning modeling includes the following steps:

步骤一.采用nPrint表示法,对抓取的网络流量数据进行表示以及编码,使得数据结构统一规范;Step 1. Use nPrint representation to represent and encode the captured network traffic data so that the data structure is unified and standardized;

步骤二.针对数据结构各部分设置变量参数,而nPrint数据表示法能规范表示任何数据包而不丢失,其规范处在于能用相同数量的特征表示,每个特征具有相同的意义;Step 2. Set variable parameters for each part of the data structure, and the nPrint data representation method can standardize any data packet without loss. Its standardization lies in that it can be represented by the same number of features, and each feature has the same meaning;

步骤三.根据上述特征,用模型参数变量表示,抓取流量数据进行分析,并且赋值,使其可以使用python的包模块nPrintML;Step 3. Based on the above characteristics, the model parameter variables are used to capture the traffic data for analysis and assign values so that it can use the python package module nPrintML;

步骤四.sklearn采用基线模型通过拟合方法进行训练;Step 4. sklearn uses the baseline model for training through the fitting method;

步骤五.通过大量的流量包数据,提炼出多个威胁模型;Step 5. Extract multiple threat models from a large amount of traffic packet data;

步骤六.对数据包进行分析。Step 6. Analyze the data packet.

作为本发明的进一步方案,所述数据包的分析包括以下步骤:As a further solution of the present invention, the analysis of the data packet comprises the following steps:

S1.安装nprint,实时收集流量,分离解析各种数据包,再把各种数据包转换为机器学习可用的nprint数据表示;S1. Install nprint, collect traffic in real time, separate and parse various data packets, and then convert various data packets into nprint data representations that can be used for machine learning;

S2.调用python的nPrintML包模块,为数据包生成标准指纹;S2. Call the python nPrintML package module to generate a standard fingerprint for the data packet;

S3.启动sklearn进行训练和调参;S3. Start sklearn for training and parameter adjustment;

S4.采用基于SelectFromModel和LassoCV的特征选择方法,加载nPrintml数据包,找到其特征,从得分最高的模型特征中选择;S4. Use the feature selection method based on SelectFromModel and LassoCV to load the nPrintml data package, find its features, and select from the model features with the highest score;

S5.不断地进行模型训练,用此模型去尝试对比恶意流量包和正常数据包每个位置上数据位表示的不同点和相同点;S5. Continuously train the model and use the model to try to compare the differences and similarities between the data bits at each position of the malicious traffic packet and the normal data packet;

S6.评估检测结果,设置预测结果阈值,如果某一次结果达到阈值,则实时报警,发送手机短信;S6. Evaluate the test results and set the prediction result threshold. If a result reaches the threshold, a real-time alarm is issued and a text message is sent.

S7.通过云服务商提供的短信API接口,获取AccessKey ID和AccessKey Secret,接入服务商提供的api,把报警信息通过短信的方式发送给管理员。S7. Obtain AccessKey ID and AccessKey Secret through the SMS API interface provided by the cloud service provider, access the API provided by the service provider, and send the alarm information to the administrator via SMS.

作为本发明的进一步方案,所述分离解析各种数据包其目的是将数据包中的请求协议、请求头、请求体和ip参数值分离出去。As a further solution of the present invention, the purpose of separating and parsing various data packets is to separate the request protocol, request header, request body and IP parameter value in the data packets.

作为本发明的进一步方案,所述S3中各种数据包包括TCP报文、ICMP报文和UDP报文数据包。As a further solution of the present invention, the various data packets in S3 include TCP packets, ICMP packets and UDP packets.

作为本发明的进一步方案,所述通过机器学习建模对各种类型的数据包进行检测,机器学习建模能够不断的完善相应的数据模型。As a further solution of the present invention, various types of data packets are detected through machine learning modeling, and machine learning modeling can continuously improve the corresponding data model.

作为本发明的进一步方案,所述机器学习的方式为规则学习,所述规则学习的算法由“IF···THEN···”的形式规则集合组成。As a further solution of the present invention, the machine learning method is rule learning, and the rule learning algorithm is composed of a set of rules in the form of "IF···THEN···".

作为本发明的进一步方案,所述算法是利用最大的FOIL信息增益准则启发式的选择“属性-值”对,用序列覆盖策略增长规则,并采用重复增量剪枝误差减小算法搜索得到合适的假设。As a further solution of the present invention, the algorithm uses the maximum FOIL information gain criterion to heuristically select "attribute-value" pairs, uses a sequence covering strategy to grow rules, and uses a repeated incremental pruning error reduction algorithm to search for appropriate hypotheses.

作为本发明的进一步方案,所述FOIL信息增益定义为:As a further solution of the present invention, the FOIL information gain is defined as:

其中,L为文字,R为规则,PR和NR分别为规则R的正负样本约束个数,PR+L和NR+L分别为增加文字L后规则的正负样本约束个数。Where L is the text, R is the rule, PR and NR are the number of positive and negative sample constraints of rule R, PR+L and NR+L are the number of positive and negative sample constraints of the rule after adding the text L.

与相关技术相比较,本发明提供的基于机器学习进行威胁建模的攻击感知检测方法具有如下有益效果:Compared with related technologies, the attack perception detection method based on threat modeling based on machine learning provided by the present invention has the following beneficial effects:

1、本发明基于机器学习进行威胁建模来感知攻击的方法,使用时,只需要根据自身经验,以及最新漏洞的相关信息,给本方法中的威胁模型设置对应的参数,就可以加强数据分析,感知威胁,同时通过对各种类型的数据包检测,机器学习能够不断地完善相应的数据模型,它实现了随着时间的推移,越来越强大精准。1. The method of the present invention is based on machine learning to perform threat modeling to perceive attacks. When using it, you only need to set corresponding parameters for the threat model in this method according to your own experience and relevant information of the latest vulnerabilities, so as to enhance data analysis and perceive threats. At the same time, through the detection of various types of data packets, machine learning can continuously improve the corresponding data model, which becomes more and more powerful and accurate over time.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了便于本领域技术人员理解,下面结合附图对本发明作进一步的说明。In order to facilitate understanding by those skilled in the art, the present invention is further described below with reference to the accompanying drawings.

图1为本发明中数据包的分析流程图;Fig. 1 is a flow chart of the analysis of a data packet in the present invention;

图2为本发明中恶意流量包和正常数据包对比示意图。FIG. 2 is a schematic diagram showing a comparison between malicious traffic packets and normal data packets in the present invention.

具体实施方式Detailed ways

请结合参阅图1和图2,其中,图1为本发明中数据包的分析流程图;图2为本发明中恶意流量包和正常数据包对比示意图。基于机器学习进行威胁建模的攻击感知检测方法包括:机器学习建模,所述机器学习建模包括以下步骤:Please refer to Figures 1 and 2, wherein Figure 1 is a flowchart of the analysis of data packets in the present invention; Figure 2 is a schematic diagram of the comparison of malicious traffic packets and normal data packets in the present invention. The attack perception detection method based on machine learning threat modeling includes: machine learning modeling, and the machine learning modeling includes the following steps:

步骤一.采用nPrint表示法,对抓取的网络流量数据进行表示以及编码,使得数据结构统一规范;Step 1. Use nPrint representation to represent and encode the captured network traffic data so that the data structure is unified and standardized;

步骤二.针对数据结构各部分设置变量参数,而nPrint数据表示法能规范表示任何数据包而不丢失,其规范处在于能用相同数量的特征表示,每个特征具有相同的意义;Step 2. Set variable parameters for each part of the data structure, and the nPrint data representation method can standardize any data packet without loss. Its standardization lies in that it can be represented by the same number of features, and each feature has the same meaning;

步骤三.根据上述特征,用模型参数变量表示,抓取流量数据进行分析,并且赋值,使其可以使用python的包模块nPrintML;Step 3. Based on the above characteristics, the model parameter variables are used to capture the traffic data for analysis and assign values so that it can use the python package module nPrintML;

步骤四.sklearn采用基线模型通过拟合方法进行训练;Step 4. sklearn uses the baseline model for training through the fitting method;

步骤五.通过大量的流量包数据,提炼出多个威胁模型;Step 5. Extract multiple threat models from a large amount of traffic packet data;

步骤六.对数据包进行分析。Step 6. Analyze the data packet.

2、根据权利要求1所述的基于机器学习进行威胁建模的攻击感知检测方法,其特征在于:所述数据包的分析包括以下步骤:2. The attack perception detection method based on machine learning for threat modeling according to claim 1, characterized in that the analysis of the data packet comprises the following steps:

S1.安装nprint,实时收集流量,分离解析各种数据包,再把各种数据包转换为机器学习可用的nprint数据表示;S1. Install nprint, collect traffic in real time, separate and parse various data packets, and then convert various data packets into nprint data representations that can be used for machine learning;

S2.调用python的nPrintML包模块,为数据包生成标准指纹;S2. Call the python nPrintML package module to generate a standard fingerprint for the data packet;

S3.启动sklearn进行训练和调参;S3. Start sklearn for training and parameter adjustment;

S4.采用基于SelectFromModel和LassoCV的特征选择方法,加载nPrintml数据包,找到其特征,从得分最高的模型特征中选择;S4. Use the feature selection method based on SelectFromModel and LassoCV to load the nPrintml data package, find its features, and select from the model features with the highest score;

S5.不断地进行模型训练,用此模型去尝试对比恶意流量包和正常数据包每个位置上数据位表示的不同点和相同点(如图2所示,所述图中以上两条数据的TCP和PayLoad有所不同);S5. Continuously train the model and use the model to try to compare the differences and similarities between the data bits at each position of the malicious traffic packet and the normal data packet (as shown in FIG. 2 , the TCP and PayLoad of the above two pieces of data are different in the figure);

S6.评估检测结果,设置预测结果阈值,如果某一次结果达到阈值,则实时报警,发送手机短信;S6. Evaluate the test results and set the prediction result threshold. If a result reaches the threshold, a real-time alarm is issued and a text message is sent.

S7.通过云服务商提供的短信API接口,获取AccessKey ID和AccessKey Secret,接入服务商提供的api,把报警信息通过短信的方式发送给管理员。S7. Obtain AccessKey ID and AccessKey Secret through the SMS API interface provided by the cloud service provider, access the API provided by the service provider, and send the alarm information to the administrator via SMS.

所述分离解析各种数据包其目的是将数据包中的请求协议、请求头、请求体和ip参数值分离出去。The purpose of separating and parsing various data packets is to separate the request protocol, request header, request body and IP parameter value in the data packet.

所述S3中各种数据包包括TCP报文、ICMP报文和UDP报文数据包。The various data packets in S3 include TCP packets, ICMP packets and UDP packets.

所述通过机器学习建模对各种类型的数据包进行检测,机器学习建模能够不断的完善相应的数据模型。The various types of data packets are detected through machine learning modeling, and machine learning modeling can continuously improve the corresponding data models.

所述机器学习的方式为规则学习,所述规则学习的算法由“IF···THEN···”的形式规则集合组成。The machine learning method is rule learning, and the rule learning algorithm consists of a set of rules in the form of "IF···THEN···".

所述算法是利用最大的FOIL信息增益准则启发式的选择“属性-值”对,用序列覆盖策略增长规则,并采用重复增量剪枝误差减小算法搜索得到合适的假设。The algorithm uses the maximum FOIL information gain criterion to heuristically select "attribute-value" pairs, uses a sequence covering strategy to grow rules, and uses a repeated incremental pruning error reduction algorithm to search for appropriate hypotheses.

所述FOIL信息增益定义为:The FOIL information gain is defined as:

其中,L为文字,R为规则,PR和NR分别为规则R的正负样本约束个数,PR+L和NR+L分别为增加文字L后规则的正负样本约束个数。Where L is the text, R is the rule, PR and NR are the number of positive and negative sample constraints of rule R, PR+L and NR+L are the number of positive and negative sample constraints of the rule after adding the text L.

基于机器学习进行威胁建模来感知攻击的方法,使用时,只需要根据自身经验,以及最新漏洞的相关信息,给本方法中的威胁模型设置对应的参数,就可以加强数据分析,感知威胁,同时通过对各种类型的数据包检测,机器学习能够不断地完善相应的数据模型,它实现了随着时间的推移,越来越强大精准。This method uses machine learning to perform threat modeling to perceive attacks. When using it, you only need to set corresponding parameters for the threat model in this method based on your own experience and relevant information on the latest vulnerabilities. This can enhance data analysis and perceive threats. At the same time, through the detection of various types of data packets, machine learning can continuously improve the corresponding data model, making it more powerful and accurate over time.

以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,根据本发明的技术方案及其发明构思加以等同替换或改变,都应涵盖在本发明的保护范围之内。The above description is only a preferred specific implementation manner of the present invention, but the protection scope of the present invention is not limited thereto. Any technician familiar with the technical field can make equivalent replacements or changes according to the technical scheme and inventive concept of the present invention within the technical scope disclosed by the present invention, which should be covered by the protection scope of the present invention.

Claims (8)

1. An attack perception detection method for threat modeling based on machine learning, which is characterized by comprising the following steps:
machine learning modeling, the machine learning modeling comprising the steps of:
Adopting nPrint representation method to represent and encode the grabbed network flow data so as to unify and normalize the data structure;
Setting variable parameters for each part of the data structure, wherein nPrint data representation method can represent any data packet without loss in a standard way, and the standard is that the data packet can be represented by the same number of characteristics, and each characteristic has the same meaning;
according to the characteristics, the flow data are grabbed and analyzed by using the model parameter variable representation, and the assignment is carried out, so that the flow data can be used by using a python packet module nPrintML;
sklearn training by adopting a baseline model through a fitting method;
fifthly, extracting a plurality of threat models through a large amount of flow packet data;
and step six, analyzing the data packet.
2. The attack awareness detection method for threat modeling based on machine learning of claim 1, wherein: the analysis of the data packet comprises the following steps:
S1, installing nprint, collecting flow in real time, separating and analyzing various data packets, and converting the various data packets into nprint data representation usable by machine learning;
S2, calling a nPrintML packet module of python to generate a standard fingerprint for the data packet;
s3, starting sklearn to perform training and parameter adjustment;
S4, loading nPrintml data packets by adopting a feature selection method based on SelectFromModel and LassoCV, finding the features of the data packets, and selecting from model features with highest scores;
S5, continuously performing model training, and using the model to try to compare different points and the same points represented by data bits at each position of the malicious traffic packet and the normal data packet;
S6, evaluating the detection result, setting a prediction result threshold value, and if a certain result reaches the threshold value, alarming in real time and sending a mobile phone short message;
S7, acquiring ACCESSKEY ID and ACCESSKEY SECRET through a short message API interface provided by a cloud service provider, accessing an API provided by the service provider, and sending alarm information to an administrator in a short message mode.
3. The attack awareness detection method for threat modeling based on machine learning of claim 2, wherein: the purpose of the separation and analysis of various data packets is to separate out the request protocol, the request header, the request body and the ip parameter values in the data packets.
4. The attack awareness detection method for threat modeling based on machine learning of claim 2, wherein: and the various data packets in the S3 comprise TCP (transmission control protocol) messages, ICMP messages and UDP (user datagram protocol) message data packets.
5. The attack awareness detection method for threat modeling based on machine learning of claim 1, wherein: the various types of data packets are detected through machine learning modeling, and the machine learning modeling can continuously perfect corresponding data models.
6. The attack awareness detection method for threat modeling based on machine learning of claim 1, wherein: the machine learning mode is rule learning, and the algorithm of the rule learning consists of a form rule set of IF.
7. The attack awareness detection method for threat modeling based on machine learning of claim 1, wherein: the algorithm selects an attribute-value pair by utilizing the maximum FOIL information gain rule heuristic, covers a strategy growth rule by using a sequence, and searches by adopting a repeated increment pruning error reduction algorithm to obtain a proper hypothesis.
8. The attack awareness detection method for threat modeling based on machine learning of claim 1, wherein: the FOIL information gain is defined as:
Wherein L is a word, R is a rule, P R and N R are respectively the positive and negative sample constraint numbers of the rule R, and P R+L and N R+L are respectively the positive and negative sample constraint numbers of the rule after the word L is added.
CN202211686570.1A 2022-12-27 2022-12-27 An attack-aware detection method based on threat modeling based on machine learning Pending CN118264425A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211686570.1A CN118264425A (en) 2022-12-27 2022-12-27 An attack-aware detection method based on threat modeling based on machine learning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211686570.1A CN118264425A (en) 2022-12-27 2022-12-27 An attack-aware detection method based on threat modeling based on machine learning

Publications (1)

Publication Number Publication Date
CN118264425A true CN118264425A (en) 2024-06-28

Family

ID=91600952

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211686570.1A Pending CN118264425A (en) 2022-12-27 2022-12-27 An attack-aware detection method based on threat modeling based on machine learning

Country Status (1)

Country Link
CN (1) CN118264425A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110113348A (en) * 2019-05-14 2019-08-09 四川长虹电器股份有限公司 A method of Internet of Things threat detection is carried out based on machine learning
US20190394215A1 (en) * 2018-06-21 2019-12-26 Electronics And Telecommunications Research Institute Method and apparatus for detecting cyber threats using deep neural network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190394215A1 (en) * 2018-06-21 2019-12-26 Electronics And Telecommunications Research Institute Method and apparatus for detecting cyber threats using deep neural network
CN110113348A (en) * 2019-05-14 2019-08-09 四川长虹电器股份有限公司 A method of Internet of Things threat detection is carried out based on machine learning

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
ANDYZENG24: "《数据挖掘之分类-基于规则的分类器》", pages 1 - 3, Retrieved from the Internet <URL:https:www.cnblogs.com/zengzhihua/p/5458373.html> *
绿盟科技研究通讯: "《基于机器学习的自动化网络流量分析》", Retrieved from the Internet <URL:https://cloud.tencent.com/developer/article/1981073> *

Similar Documents

Publication Publication Date Title
CN111935170B (en) Network abnormal flow detection method, device and equipment
CN111277587A (en) Malicious encrypted traffic detection method and system based on behavior analysis
CN111277570A (en) Data security monitoring method and device, electronic equipment and readable medium
CN109284606A (en) Data flow anomaly detection system based on empirical characteristics and convolutional neural network
CN111818049B (en) Botnet flow detection method and system based on Markov model
US20240323208A1 (en) Systems and methods for detecting anomalous behavior in internet-of-things (iot) devices
CN112291213A (en) Abnormal flow analysis method and device based on intelligent terminal
CN113765846A (en) Intelligent detection and response method and device for network abnormal behavior and electronic equipment
CN116405261A (en) Malicious traffic detection method, system and storage medium based on deep learning
CN110868404A (en) Industrial control equipment automatic identification method based on TCP/IP fingerprint
CN112565229A (en) Hidden channel detection method and device
CN114244691A (en) Video service fault positioning method and device and electronic equipment
CN120263505A (en) Traffic anomaly detection and network security reinforcement method for full data center
CN118802295A (en) User identification method, device, equipment, medium and product
Li et al. FusionTC: Encrypted App Traffic Classification Using Decision‐Level Multimodal Fusion Learning of Flow Sequence
US12039422B2 (en) Method and apparatus for generating application identification model
CN111291078B (en) Domain name matching detection method and device
CN118264425A (en) An attack-aware detection method based on threat modeling based on machine learning
CN113542222A (en) Zero-day multi-step threat identification method based on dual-domain VAE
CN116260613B (en) DOS attack detection method based on spectrum physical characteristics in photoelectric fusion network
Christopoulou et al. User terminals as attackers: An open dataset analysis of DDoS attacks in 5G networks
CN117278245A (en) Data collection methods, devices and storage media for Internet simulation scenarios
CN116415188A (en) A detection method capable of identifying abnormal encrypted traffic, electronic equipment, and media
Meghdouri Machine learning for network traffic analysis: Feature spaces and model optimization
CN116232671A (en) Threat defense method and system for power Internet of things access terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination