[go: up one dir, main page]
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
5.3
2.5
Journals
Applied Sciences
Special Issues
State-of-the-Art of Network Attack Detection and Situation Awareness Analysis
applsci-logo
Submit to Special Issue Submit Abstract to Special Issue Review for Applied Sciences Propose a Special Issue

Journal Menu

Journal Menu

Journal Browser

Journal Browser
share announcement

State-of-the-Art of Network Attack Detection and Situation Awareness Analysis

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: 20 May 2025 | Viewed by 10962

Special Issue Editors

Dr. Zhaoquan Gu

E-Mail Website
Guest Editor
School of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), Shenzhen 518055, China
Interests: artificial intelligence security; cyber attack and defense; situation awareness analysis; big data analysis; intelligent connected vehicle; knowledge graph
Special Issues, Collections and Topics in MDPI journals
Dr. Cuiyun Gao

E-Mail Website
Guest Editor
Department of Computer Science and Technology, Harbin Institute of Technology, Shenzhen 518055, China
Interests: vulnerability detection; intelligent software engineering
Prof. Dr. Aiping Li

E-Mail
Guest Editor
School of Computer, National University of Defense Technology, Changsha 410073, China
Interests: big data; data mining; spatial databases; cyberspace security
Prof. Dr. Yong Ding

E-Mail Website
Guest Editor
Department of Computer and Information Security, Guangdong University of Science and Technology, Dongguan 523083, China
Interests: cryptography; mathematics; information security
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

The Special Issue aims to showcase the latest advancements in the field of network attack detection and situation awareness analysis. The information revolution has changed the way that we communicate throughout the world, and has drawn unprecedented attention to network security issues. The Special Issue seeks to explore innovative techniques, methodologies, and tools that enhance our ability to detect, analyze, and respond to network attacks effectively.

Authors are invited to contribute original research papers and conceptual articles addressing various aspects of network attack detection and situation awareness analysis for the comprehensive evaluation of various elements in the time and space environment of the overall network security. This may include topics such as intrusion detection systems, anomaly detection algorithms, AI-driven approaches, data visualization techniques, threat intelligence integration, and real-time monitoring solutions.

In this Special Issue, we welcome the submission of articles that explore cutting-edge research and recent advances in the field of network attack detection. Both theoretical and experimental studies are welcome, as well as comprehensive review and survey papers.

Prof. Dr. Zhaoquan Gu
Dr. Cuiyun Gao
Prof. Dr. Aiping Li
Prof. Dr. Yong Ding
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • network attack detection
  • situation awareness analysis
  • anomaly detection
  • intrusion detection systems
  • cyber threat analysis
  • network forensics
  • in-vehicle network security
  • cyber adversarial attacks and defenses
  • explainable artificial intelligence for network security

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue policies can be found here.

Published Papers (8 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

17 pages, 1075 KiB  
Article
Adaptive Ransomware Detection Using Similarity-Preserving Hashing
by Anas AlMajali, Adham Elmosalamy, Omar Safwat and Hassan Abouelela
Appl. Sci. 2024, 14(20), 9548; https://doi.org/10.3390/app14209548 - 19 Oct 2024
Viewed by 1361
Abstract
Crypto-ransomware is a type of ransomware that encrypts the victim’s files and demands a ransom to return the files. This type of attack has been on the rise in recent years, as it offers a lucrative business model for threat actors. Research into [...] Read more.
Crypto-ransomware is a type of ransomware that encrypts the victim’s files and demands a ransom to return the files. This type of attack has been on the rise in recent years, as it offers a lucrative business model for threat actors. Research into developing solutions for detecting and halting the spread of ransomware is vast, and it uses different approaches. Some approaches rely on analyzing system calls made via processes to detect malicious behavior, while other methods focus on the affected files by creating a file integrity monitor to detect rapid and abnormal changes in file hashes. In this paper, we present a novel approach that utilizes hashing and can accommodate large files and dynamically take into account the amount of change within each file. Mainly, our approach relies on dividing each file into partitions and then performing selective hashing on those partitions to rapidly detect encrypted partitions due to ransomware. Our new approach addresses the main weakness of a previous implementation that relies on hashing files, not file partitions. This new implementation strikes a balance between the detection time and false positives based on the partition size and the threshold of partition changes before issuing an alert. Full article
(This article belongs to the Special Issue State-of-the-Art of Network Attack Detection and Situation Awareness Analysis)
Show Figures

Figure 1

Figure 1
<p>Full hashing method.</p> Full article ">Figure 2
<p>FSH method.</p> Full article ">Figure 3
<p>SPH method.</p> Full article ">Figure 4
<p>Performance of full-hash algorithm.</p> Full article ">Figure 5
<p>Performance of file-selective hash.</p> Full article ">Figure 6
<p>Performance of SPH.</p> Full article ">Figure 7
<p>Comparing the algorithms in terms of the % of files saved.</p> Full article ">Figure 8
<p>Comparing the algorithms in terms of detection speed since infection.</p> Full article ">Figure 9
<p>Comparing the partition sizes in terms of the % of files saved.</p> Full article ">Figure 10
<p>CPU and memory utilization for SPH with 10MB partition size.</p> Full article ">
17 pages, 709 KiB  
Article
A Knowledge Graph-Based Consistency Detection Method for Network Security Policies
by Yaang Chen, Teng Hu, Fang Lou, Mingyong Yin, Tao Zeng, Guo Wu and Hao Wang
Appl. Sci. 2024, 14(18), 8415; https://doi.org/10.3390/app14188415 - 19 Sep 2024
Viewed by 1051
Abstract
Network security policy is regarded as a guideline for the use and management of the network environment, which usually formulates various requirements in the form of natural language. It can help network managers conduct standardized network attack detection and situation awareness analysis in [...] Read more.
Network security policy is regarded as a guideline for the use and management of the network environment, which usually formulates various requirements in the form of natural language. It can help network managers conduct standardized network attack detection and situation awareness analysis in the overall time and space environment of network security. However, in most cases, due to configuration updates or policy conflicts, there are often differences between the real network environment and network security policies. In this case, the consistency detection of network security policies is necessary. The previous consistency detection methods of security policies have some problems. Firstly, the detection direction is single, only focusing on formal reasoning methods to achieve logical consistency detection and solve problems. Secondly, the detection policy field is not comprehensive, focusing only on a certain type of problem in a certain field. Thirdly, there are numerous forms of data structures used for consistency detection, and it is difficult to unify the structured processing and analysis of rule library carriers and target information carriers. With the development of intelligent graph and data mining technology, the above problems have the possibility of optimization. This article proposes a new consistency detection approach for network security policy, which uses an intelligent graph database as a visual information carrier, which can widely connect detection information and achieve comprehensive detection across knowledge domains, physical devices, and detection methods. At the same time, it can also help users grasp the security associations with the real network environment based on the graph algorithm of the knowledge graph and intelligent reasoning. Furthermore, these actual network situations and knowledge bases can help managers improve policies more tailored to local conditions. This article also introduces the consistency detection process of typical cases of network security policies, demonstrating the practical details and effectiveness of this method. Full article
(This article belongs to the Special Issue State-of-the-Art of Network Attack Detection and Situation Awareness Analysis)
Show Figures

Figure 1

Figure 1
<p>Flowchart of the methodology for constructing a knowledge graph of network security policies.</p> Full article ">Figure 2
<p>Flowchart of the methodology for policy consistency detection based on knowledge graphs.</p> Full article ">Figure 3
<p>Case study of network information layer graph.</p> Full article ">Figure 4
<p>Case study of security knowledge layer graph.</p> Full article ">Figure 5
<p>Variation Images of Policy Detection Rate and Policy Coverage for Different Attribute Scale.</p> Full article ">Figure 6
<p>Attribute importance experiments for policies.</p> Full article ">
18 pages, 2994 KiB  
Article
RPKI Defense Capability Simulation Method Based on Container Virtualization
by Bo Yu, Xingyuan Liu and Xiaofeng Wang
Appl. Sci. 2024, 14(18), 8408; https://doi.org/10.3390/app14188408 - 18 Sep 2024
Viewed by 748
Abstract
As the main inter-domain routing protocol in today’s internet, the Border Gateway Protocol (BGP) faces serious security risks during actual usage. Research on BGP malicious attack methods requires a realistic network environment, and evaluation methods based on physical networks often suffer from high [...] Read more.
As the main inter-domain routing protocol in today’s internet, the Border Gateway Protocol (BGP) faces serious security risks during actual usage. Research on BGP malicious attack methods requires a realistic network environment, and evaluation methods based on physical networks often suffer from high costs and insufficient flexibility. Thus, we propose an efficient BGP simulated network deployment system based on a virtualization technology called the SOD–BGP. This system, combining cloud computing and virtualization technologies, creates a scalable, highly flexible basic network environment that allows for the automated simulation and evaluation of actual BGP prefix hijacking attack scenarios. A Resource Public Key Infrastructure (RPKI) simulation suite is introduced into the system, emulating a certificate issuance system, certificate storage, and a certificate synchronization verification mechanism, thus aligning the simulation environment with real-world usage scenarios. Finally, we propose a data collection and performance evaluation technique to evaluate BGP networks deploying RPKI under different attack scenarios and to explore the effectiveness of RPKI defense mechanisms at various deployment rates. A comparative analysis with other simulation techniques demonstrates that our approach achieves a balanced performance in terms of deployment speed, complexity, and RPKI integrity, providing a solid simulation technology foundation for large-scale BGP security defense strategies. Full article
(This article belongs to the Special Issue State-of-the-Art of Network Attack Detection and Situation Awareness Analysis)
Show Figures

Figure 1

Figure 1
<p>Cloud-based BGP simulation network attack–defense system architecture.</p> Full article ">Figure 2
<p>The simulation image construction process.</p> Full article ">Figure 3
<p>Simulation scenario construction process.</p> Full article ">Figure 4
<p>Implementation framework of data acquisition and analysis.</p> Full article ">Figure 5
<p>Integrated virtual–real network scene topology diagram.</p> Full article ">Figure 6
<p>Large-scale BGP simulation network experimental scenario.</p> Full article ">Figure 7
<p>Experimental results of prefix hijacking attacks in a large-scale simulation scenario. (<b>a</b>) Data plane hijacking rate; (<b>b</b>) Control plane routing jitter; (<b>c</b>) Collateral benefits from non-deploying ASes.</p> Full article ">Figure 8
<p>Comparison of the startup time and resource consumption of each simulation method. (<b>a</b>) Startup time of each simulation method; (<b>b</b>) CPU utilization of each simulation method; (<b>c</b>) Memory utilization of each simulation method.</p> Full article ">
19 pages, 1900 KiB  
Article
BVTED: A Specialized Bilingual (Chinese–English) Dataset for Vulnerability Triple Extraction Tasks
by Kai Liu, Yi Wang, Zhaoyun Ding, Aiping Li and Weiming Zhang
Appl. Sci. 2024, 14(16), 7310; https://doi.org/10.3390/app14167310 - 20 Aug 2024
Viewed by 1125
Abstract
Extracting knowledge from cyber threat intelligence is essential for understanding cyber threats and implementing proactive defense measures. However, there is a lack of open datasets in the Chinese cybersecurity field that support both entity and relation extraction tasks. This paper addresses this gap [...] Read more.
Extracting knowledge from cyber threat intelligence is essential for understanding cyber threats and implementing proactive defense measures. However, there is a lack of open datasets in the Chinese cybersecurity field that support both entity and relation extraction tasks. This paper addresses this gap by analyzing vulnerability description texts, which are standardized and knowledge-dense, to create a vulnerability knowledge ontology comprising 13 entities and 15 relations. We annotated 27,311 unique vulnerability description sentences from the China National Vulnerability Database, resulting in a dataset named BVTED for cybersecurity knowledge triple extraction tasks. BVTED contains 97,391 entities and 69,614 relations, with entities expressed in a mix of Chinese and English. To evaluate the dataset’s value, we trained five deep learning-based named entity recognition models, two relation extraction models, and two joint entity–relation extraction models on BVTED. Experimental results demonstrate that models trained on this dataset achieve excellent performance in vulnerability knowledge extraction tasks. This work enhances the extraction of cybersecurity knowledge triples from mixed Chinese and English threat intelligence corpora by providing a comprehensive ontology and a new dataset, significantly aiding in the mining, analysis and utilization of the knowledge embedded in cyber threat intelligence. Full article
(This article belongs to the Special Issue State-of-the-Art of Network Attack Detection and Situation Awareness Analysis)
Show Figures

Figure 1

Figure 1
<p>An ontology for vulnerability description in CNNVD.</p> Full article ">Figure 2
<p>An annotation example for a vulnerability description sentence.</p> Full article ">Figure 3
<p>Annotation example using “Colabeler”.</p> Full article ">Figure 4
<p>Data transfer for annotation. (<b>a</b>) Json format annotation for Chinese vulnerability sentence. (<b>b</b>) CoNLL format annotation for Chinese vulnerability sentence.</p> Full article ">Figure 5
<p>The frequency of each entity type.</p> Full article ">Figure 6
<p>Frequency of each relation type.</p> Full article ">
17 pages, 627 KiB  
Article
WCET Analysis Based on Micro-Architecture Modeling for Embedded System Security
by Meng Li, Kun Xiao, Yong Zhou and Dajun Huang
Appl. Sci. 2024, 14(16), 7277; https://doi.org/10.3390/app14167277 - 19 Aug 2024
Cited by 1 | Viewed by 937
Abstract
To ensure the timely execution of hard real-time applications, scheduling analysis techniques must consider safe upper bounds on the possible execution durations of tasks or runnables, which are referred to as Worst-Case Execution Times (WCET). Bounding WCET requires not only program path analysis [...] Read more.
To ensure the timely execution of hard real-time applications, scheduling analysis techniques must consider safe upper bounds on the possible execution durations of tasks or runnables, which are referred to as Worst-Case Execution Times (WCET). Bounding WCET requires not only program path analysis but also modeling the impact of micro-architectural features present in modern processors. In this paper, we model the ARMv8 ISA and micro-architecture including instruction cache, branch predictor, instruction prefetching strategies, out-of-order pipeline. We also consider the complex interactions between these features (e.g., cache misses caused by branch predictions and branch misses caused by instruction pipelines) and estimate the WCET of the program using the Implicit Path Enumeration Technique (IPET) static WCET analysis method. We compare the estimated WCET of benchmarks with the observed WCET on two ARMv8 boards. The ratio of estimated to observed WCET values for all benchmarks is greater than 1, demonstrating the security of the analysis. Full article
(This article belongs to the Special Issue State-of-the-Art of Network Attack Detection and Situation Awareness Analysis)
Show Figures

Figure 1

Figure 1
<p>A C program and its CFG.</p> Full article ">Figure 2
<p>Process of WCET analysis.</p> Full article ">Figure 3
<p>CFG and constraints of a program.</p> Full article ">Figure 4
<p>(<b>a</b>) CFG of a program. (<b>b</b>) Cache Table of a program. (<b>c</b>) CCG of a program.</p> Full article ">Figure 5
<p>CFG with HS information.</p> Full article ">Figure 6
<p>CCG with virtual nodes.</p> Full article ">Figure 7
<p>ARM assembly and its execution graph.</p> Full article ">Figure 8
<p>Process of implementing the ILP problem.</p> Full article ">Figure 9
<p>Estimated WCET of benchmarks.</p> Full article ">Figure 10
<p>WCET experimental data from the Raspberry Pi 4 Model B with Crotex-A75 processor.</p> Full article ">Figure 11
<p>WCET experimental data from the Firefly ROC-RK3568-PC-SE board with Crotex-A55 processor.</p> Full article ">
23 pages, 4029 KiB  
Article
Research on the Simulation Method of HTTP Traffic Based on GAN
by Chenglin Yang, Dongliang Xu and Xiao Ma
Appl. Sci. 2024, 14(5), 2121; https://doi.org/10.3390/app14052121 - 4 Mar 2024
Viewed by 1228
Abstract
Due to the increasing severity of network security issues, training corresponding detection models requires large datasets. In this work, we propose a novel method based on generative adversarial networks to synthesize network data traffic. We introduced a network traffic data normalization method based [...] Read more.
Due to the increasing severity of network security issues, training corresponding detection models requires large datasets. In this work, we propose a novel method based on generative adversarial networks to synthesize network data traffic. We introduced a network traffic data normalization method based on Gaussian mixture models (GMM), and for the first time, incorporated a generator based on the Swin Transformer structure into the field of network traffic generation. To further enhance the robustness of the model, we mapped real data through an AE (autoencoder) module and optimized the training results in the form of evolutionary algorithms. We validated the training results on four different datasets and introduced four additional models for comparative experiments in the experimental evaluation section. Our proposed SEGAN outperformed other state-of-the-art network traffic emulation methods. Full article
(This article belongs to the Special Issue State-of-the-Art of Network Attack Detection and Situation Awareness Analysis)
Show Figures

Figure 1

Figure 1
<p>The outputs during training varied depending on different scenarios. A GMM model with K = 3 to describe the data distribution. The pink line represents the modeling of three sub-models when x = −1.5, and the blue line represents the estimation of the probability density function by the GMM model.</p> Full article ">Figure 2
<p>The three mutation operators that the generator G receives given the discriminator D.</p> Full article ">Figure 3
<p>Structural demonstration of the W-MSA and SW-MSA in the Swin Transformer block.</p> Full article ">Figure 4
<p>The auxiliary generator trains the AE model used to reconstruct the data, different colors represent different module structures.</p> Full article ">Figure 5
<p>The GMM modeling effect of a certain feature was obtained for the experimental data, The blue curve represents the GMM density curve.</p> Full article ">Figure 6
<p>Mixed index label distribution of real data.</p> Full article ">Figure 7
<p>Figure (<b>a</b>) represents the overall structure of the generator, while figure (<b>b</b>) showcases the Swin Transformer module within it.</p> Full article ">Figure 8
<p>Discriminator architecture.</p> Full article ">Figure 9
<p>Classifier architecture.</p> Full article ">Figure 10
<p>Model overall architecture. In the EV algorithm, we trained the entire model by using the discriminator as the environment, and the role of multiple generators was to produce high-quality offspring individuals. The black arrows in the figure represent the generation path of the generator, while the red arrows represent the process of gradient backpropagation.</p> Full article ">Figure 11
<p>Comparison chart before and after packet processing. The red portion in the figure represents the main distribution range of the processed data.</p> Full article ">Figure 12
<p>The number of nodes and packets is displayed.</p> Full article ">
20 pages, 1976 KiB  
Article
Distributed Detection of Large-Scale Internet of Things Botnets Based on Graph Partitioning
by Kexiang Qian, Hongyu Yang, Ruyu Li, Weizhe Chen, Xi Luo and Lihua Yin
Appl. Sci. 2024, 14(4), 1615; https://doi.org/10.3390/app14041615 - 17 Feb 2024
Cited by 2 | Viewed by 1386
Abstract
With the rapid growth of IoT devices, the threat of botnets is becoming increasingly worrying. There are more and more intelligent detection solutions for botnets that have been proposed with the development of artificial intelligence. However, due to the current lack of computing [...] Read more.
With the rapid growth of IoT devices, the threat of botnets is becoming increasingly worrying. There are more and more intelligent detection solutions for botnets that have been proposed with the development of artificial intelligence. However, due to the current lack of computing power in IoT devices, these intelligent methods often cannot be well-applied to IoT devices. Based on the above situation, this paper proposes a distributed botnet detection method based on graph partitioning, efficiently detecting botnets using graph convolutional networks. In order to alleviate the wide range of IoT environments and the limited computing power of IoT devices, the algorithm named METIS is used to divide the network traffic structure graph into small graphs. To ensure robust information flow between nodes while preventing gradient explosion, diagonal enhancement is applied to refine the embedding representations at each layer, facilitating accurate botnet attack detection. Through comparative analysis with GATv2, GraphSAGE, and GCN across the C2, P2P, and Chord datasets, our method demonstrates superior performance in both accuracy and F1 score metrics. Moreover, an exploration into the effects of varying cluster numbers and depths revealed that six cluster levels yielded optimal results on the C2 dataset. This research significantly contributes to mitigating the IoT botnet threat, offering a scalable and effective solution for diverse IoT ecosystems. Full article
(This article belongs to the Special Issue State-of-the-Art of Network Attack Detection and Situation Awareness Analysis)
Show Figures

Figure 1

Figure 1
<p>Framework of botnet attack activity.</p> Full article ">Figure 2
<p>Centralized botnet.</p> Full article ">Figure 3
<p>Decentralized botnet.</p> Full article ">Figure 4
<p>Hybrid botnet.</p> Full article ">Figure 5
<p>Overview of our method.</p> Full article ">Figure 6
<p>Comparison of cluster and non-cluster methods on the C2 dataset.</p> Full article ">Figure 7
<p>Comparison of accuracy of different feature enhancement methods with different numbers of model layers in three datasets.</p> Full article ">Figure 8
<p>The loss curve of the model on the training set and the validation set of the P2P dataset.</p> Full article ">Figure 9
<p>Botnet topology, where orange nodes represent the critical nodes.</p> Full article ">
14 pages, 1643 KiB  
Article
Android Malware Detection Based on Hypergraph Neural Networks
by Dehua Zhang, Xiangbo Wu, Erlu He, Xiaobo Guo, Xiaopeng Yang, Ruibo Li and Hao Li
Appl. Sci. 2023, 13(23), 12629; https://doi.org/10.3390/app132312629 - 23 Nov 2023
Cited by 2 | Viewed by 1712
Abstract
Android has been the most widely used operating system for mobile phones over the past few years. Malicious attacks against android are a major privacy and security concern. Malware detection techniques for android applications are therefore significant. A class of methods using Function [...] Read more.
Android has been the most widely used operating system for mobile phones over the past few years. Malicious attacks against android are a major privacy and security concern. Malware detection techniques for android applications are therefore significant. A class of methods using Function Call Graphs (FCGs) for android malware detection has shown great potential. The relationships between functions are limited to simple binary relationships (i.e., graphs) in these methods. However, one function often calls several other functions to produce specific effects in android applications, which cannot be captured with FCGs. In this paper, we propose to formalize android malware detection as a hypergraph-level classification task. A hypergraph is a topology capable of portraying complex relationships between multiple vertices, which can better characterize the functional behavior of android applications. We model android applications using hypergraphs and extract the embedded features of android applications using hypergraph neural networks to represent the functional behavior of android applications. Hypergraph neural networks can encode high-order data correlation in a hypergraph structure for data representation learning. In experiments, we validate the gaining effect of hypergraphs on detection performance across two open-source android application datasets. Especially, HGNNP obtains the best classification performance of 91.10% on the Malnet-Tiny dataset and 97.1% on the Drebin dataset, which outperforms all baseline methods. Full article
(This article belongs to the Special Issue State-of-the-Art of Network Attack Detection and Situation Awareness Analysis)
Show Figures

Figure 1

Figure 1
<p>Examples of graph and hypergraph structures: (<b>a</b>) graph and (<b>b</b>) hypergraph.</p> Full article ">Figure 2
<p>K-order common hyperedge construction.</p> Full article ">Figure 3
<p>Framework of hypergraph malware detection.</p> Full article ">Figure 4
<p>Concatenation of Mini-Batch hypergraphs.</p> Full article ">
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-8
Back to TopTop