CN114553481A - Network attack event prediction and optimal active defense strategy selection system - Google Patents
Network attack event prediction and optimal active defense strategy selection system Download PDFInfo
- Publication number
- CN114553481A CN114553481A CN202210049295.6A CN202210049295A CN114553481A CN 114553481 A CN114553481 A CN 114553481A CN 202210049295 A CN202210049295 A CN 202210049295A CN 114553481 A CN114553481 A CN 114553481A
- Authority
- CN
- China
- Prior art keywords
- network
- attack
- event
- events
- network attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a network attack event prediction and optimal active defense strategy selection system, which reasonably predicts the possible future attacks of a network by using an HMM (hidden Markov model) method when the current network is attacked, and then uses the optimal active defense strategy selection system to realize the efficient and accurate prediction of the attacks suffered by the network. And the optimal strategy is applied to ensure the security of the network space before the network attack is suffered. In the process that the network is attacked, the states of both sides of the network attack and defense can be modeled by using a prediction method of an HMM model, and the method has good practical guiding significance. The active defense method is used for defense before attack, so that the attack suffered by the network can be greatly reduced, and the method has the advantages of being not negligible for practical application.
Description
Technical Field
The implementation of the invention relates to the field of network attack and defense and the protection of network space security, and mainly relates to a prediction system and an optimal active defense strategy selection system of an HMM (hidden Markov model).
Background
In the current information era, the network information technology developed at a high speed not only promotes the production and the revolution of the society and creates a brand new space for human life, but also greatly changes the ways of the human beings to perceive and modify the world. At present, network information technology is widely applied to various fields of human society, and a network environment is developed to a ubiquitous network space from a simple internet. With the close combination with the real world, the network space presents unprecedented vitality and vitality, and powerfully promotes the development and progress of the information age society. However, the network space is like a double-edged sword, which faces serious security threats and challenges while promoting social and economic prosperity and national abundance, and the current network security situation is increasingly severe. Therefore, it is necessary to have responsibility for many challenges in the field of network space security, so as to enhance the network defense and deterrent capabilities and ensure the network space security. The high-speed popularization of the internet and the mobile internet makes the access of the common public to the network easier, and people are easy to be greatly damaged by network attack due to lack of network security awareness while enjoying the convenience of the internet.
The real state in the network is difficult to describe in the existing network attack and defense process, the HMM prediction method can well construct the real state of the network according to the known attack and defense state, and the problem can be solved more effectively. Secondly, the traditional security detection tool is generally deployed at a specific position of an entrance and an exit of an enterprise and a service system, and cannot be applied to the current super-large-scale network environment, and each detection point is independent from each other, data is shared independently, and an attack event is usually evaluated according to a detection result of a certain detection point, so that the detection effect of the attack event is poor. At present, network attacks are usually defended after the attacks are suffered, the network safety cannot be effectively guaranteed, an optimal strategy selection system for active defense can effectively defend according to the attacks appearing in the network, and the stable and safe operation of the network environment is guaranteed.
Disclosure of Invention
The invention provides a system for acquiring a network attack event by using a distributed dense network system and then selecting by using a prediction method of an HMM (hidden Markov model) and an optimal defense strategy. For the possible attacks to be suffered by the network in the future, the possible attacks are reasonably predicted by using an HMM method, then an optimal strategy selection system for active defense is used, so that the attacks to be suffered by the network can be efficiently and reliably predicted, and the optimal strategy is used for guaranteeing the network space security before the network attacks are suffered. In the process that the network is attacked, the HMM model method is more in line with the actual situation of network attack and defense, and has better practical guiding significance. The active defense method is used for defense before attack, can greatly defend the attack suffered by the network, and has the advantages of being not negligible for practical application.
In order to solve the technical problems, the invention adopts the following technical scheme:
in the first aspect, the invention adopts a method for detecting and classifying network attack events, mainly uses a distributed dense network system, and the distributed dense network system is composed of a plurality of dense network systems. The method comprises the following steps:
capturing a network attack event;
performing feature matching on the network attack event according to a social engineering knowledge base and the existing attack classification standard;
the optional network attack events are:
if the attacker characteristics included in the event characteristics belong to a target attacker characteristic set included in a social engineering knowledge base, determining that the network attack event is a social engineering attack event; otherwise, carrying out the next matching.
According to the existing attack classification standard, the network attack events are classified into active attack events and passive attack events according to attack characteristics.
Matching network attack events;
and classifying the state of the network attack event according to a matching result, and classifying the network attack event into a social engineering attack event, wherein the active attack event comprises (tampering information, forging and refusing service) and the passive attack event comprises (flow analysis and eavesdropping).
Then matching is carried out according to the characteristics, and the method is subdivided into a tampered message, counterfeiting, service flow analysis refusing and wiretapping.
The detection rule set at least comprises: and (4) tampering the message, forging, rejecting service flow analysis and eavesdropping.
And updating the database content in real time according to the matching type, so that the next matching can be better carried out.
In a second aspect, the present invention provides an HMM model-based capability for predicting cyber attack events, applied to a prediction system, including:
the acquisition module is used for acquiring a network attack event;
the matching module is used for matching the social engineering knowledge base with the existing attacks; the classification standard is hit, and the characteristic matching is carried out on the network attack event;
and the classification module is used for classifying the states of the network attack events according to the matching result, and classifying the network attack events into social engineering attack events, wherein the active attack events such as (message tampering, counterfeiting and service denial) passive attack events such as (flow analysis and eavesdropping).
And the prediction module predicts the types of the network attack events which are possibly generated according to the known state set by using the classified network attack events.
In a third aspect, the present invention further provides an HMM-based optimal active defense strategy selection system, which is characterized by comprising: the system comprises a dense network arrangement system, a controller, an event analysis system, a data processing system, a data storage system, a strategy selection system and an arithmetic unit system;
a honeynet system for performing the method of detecting a cyber attack event according to any one of claims and transmitting the detected cyber attack event to a controller; the controller sends an instruction to the system after processing, and then the distributed dense network system is arranged.
The controller is used for storing the network attack events sent by each honeynet system to the data storage system and issuing event analysis instructions corresponding to the social engineering attack events and the existing attack classification standards to the event analysis system; and issuing the strategy selection system instruction to select the optimal defense strategy.
And the event analysis system is used for performing correlation analysis on each social engineering attack event matched with the current event analysis instruction and the existing attack classification standard, and updating a social engineering knowledge base and the existing attack classification standard in the data storage system according to the correlation analysis result. The event types in the storage and system are classified into social engineering attack events, active attack events such as (message tampering, counterfeiting and service denial) passive attack events such as (flow analysis and interception).
The data processing system is used for carrying out systematic data processing on the network attack events stored in the data storage system, and is divided into an observation sequence-O, a state sequence-I, an initial state probability-pi, a state transition matrix-A and an observation probability matrix-B according to the existing data types, and then modeling analysis is carried out by using an HMM model. And issuing an instruction to an arithmetic unit system for calculation.
And the arithmetic unit system is used for receiving the instruction distributed by the data processing system to carry out operation, and can predict a hidden state set, namely the type of the possible event attack according to the operation result. And issuing an instruction to the controller. All states attacked in the network are formed by the hidden state set and the existing attack event state set, and defense is performed by adopting an active defense method according to the state set, so that the network security is guaranteed.
The strategy selection system is used for receiving instructions of the control system, all states which are attacked in the network are formed by the hidden state set and the existing attack event state set, and the optimal strategy is selected according to the state set for defense so as to guarantee the network security. The strategy selection system comprises effective protection methods such as a dense network arrangement system and a firewall.
The distributed dense network system is formed by a plurality of dense network systems.
In a fourth aspect, the present invention provides a policy selection system, where the policy selection system includes:
a system of multiple processors or multiple memories;
a storage device for storing a plurality of programs or a program set composed of a plurality of programs;
when a plurality of programs are executed by the processor, the processor set is enabled to realize the optimal strategy selection method provided by the invention.
According to the technical scheme of the implementation of the invention, the secret network system is used for acquiring a network attack event; performing characteristic matching on the network attack event according to a social engineering library and the existing attack classification standard; and classifying the captured network attack event states according to the matching result, and classifying the captured network attack event states into social engineering attack events, wherein the active attack events such as (message tampering, counterfeiting and service denial) passive attack events such as (flow analysis and eavesdropping). The problem that a traditional classification monitoring method in the prior art cannot effectively classify the network attack events is solved, and the network attack events can be efficiently and accurately detected and classified. Then, a data processing system is used according to the attack events to carry out state division on the obtained network attack events, the network attack events are divided into an observation sequence-O, a state sequence-I, an initial state probability-pi, a state transition matrix-A and an observation probability matrix-B according to the existing data types, then an HMM model is constructed, an arithmetic operator system is used for carrying out state solution, and according to the operation result, a hidden state set can be predicted, namely the type of the event attack can possibly occur. And issuing an instruction to the controller. All states attacked in the network are formed by the hidden state set and the existing attack event state set, and defense is performed by adopting an active defense method according to the state set, so that the network security is guaranteed. All states attacked in the network are formed by the hidden state set and the existing attack event state set, and an optimal strategy is selected according to the state set to defend, so that the network security is guaranteed. The strategy selection system comprises effective protection methods such as a dense network arrangement system, a firewall and the like. The network attack incident can be explained and prevented more clearly, and the method has practical significance.
Drawings
Fig. 1 is a flowchart of a method for detecting and classifying network attack events according to a first embodiment of the present invention;
FIG. 2 is a comprehensive flowchart of an HMM model-based prediction method and strategy selection according to a second embodiment of the present invention;
FIG. 3 is a flow chart of modules in the second embodiment of the present invention;
FIG. 4 is a schematic structural diagram of an operating system according to a third embodiment of the present invention;
fig. 5 is a schematic structural diagram of a distributed dense network system in the fourth embodiment of the present invention;
Detailed Description
In order to more clearly illustrate the prior art, the present invention is further described in detail below with reference to the accompanying drawings and examples. The specific embodiments described herein are merely illustrative of the invention and are not to be construed as limiting the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures. For those skilled in the art, the related work can be done according to these figures.
Example one
As shown in fig. 1, a flowchart of a method for detecting and classifying network attack events according to a first embodiment of the present invention;
the embodiment can be applied to the detection situation of the network attack event. Then, classification can be carried out according to the classification standard of the network attack event, and finally, the database system is updated in real time. The module may be implemented by a combination of software and hardware. As shown in fig. 1, the steps are as follows:
The distributed dense network system is essentially formed by combining a plurality of honeynet systems, the honeynet system is a technology for inducing cheating by attack, an attacker is induced to attack the distributed dense network system by arranging hosts and information which are used as baits, so that a network attack event can be obtained, the network attack event is captured and analyzed, a method used by the attacker is known, the dense network system induces the network attack, resources of the network attack can be consumed, and the network security is protected.
In the embodiment of the invention, the distributed secret network system is composed of a plurality of secret network systems, the plurality of distributed secret network systems are deployed in a large area, and the plurality of secret network systems are deployed in different areas to jointly form the distributed secret network system, so that the detection range of network events is expanded, and the capability of detecting network attack events is improved.
In the embodiment of the invention, the dense network system is a real computer system and is arranged in the virtual machine of the computer at the specified position, so that the damage to the dense network system and the real computer are avoided.
And 102, performing feature matching on the network attack event according to the social database and the attack classification standard.
And 103, dividing the network attack event into an active attack event, a passive attack event and a social engineering attack event according to the matching result.
Step 104 updates the database in real time based on the characteristics of the event, which allows for quicker matching of the next time.
According to the technical scheme, the network attack event is captured by the dense network system, the characteristics of the network attack event are matched according to the social database and the attack classification standard, the network attack event is divided into an active attack event, a passive attack event and a social engineering attack event according to the matching result, and the database system is updated in real time according to the characteristics of the events. The multi-cycle system can solve the problem of insufficient detection of the existing network attacks, updates the database system in real time, can more rapidly classify the network attack events, and provides a good basis for efficiently and accurately predicting the attack of the network events in the next step.
Example two
Fig. 2 is a schematic flow chart and structure diagram of an HMM-based detection method and an optimal policy selection system based on active defense in the second embodiment of the present invention. The present embodiment can be implemented by a combination of software and hardware, integrated into an integral system, and deployed where necessary. As shown in fig. 2:
in the flow chart of the embodiment of the invention, a dense network system is arranged in the whole network to obtain a network attack event;
performing characteristic matching on the network attack event according to a social engineering library and the existing attack classification standard;
and classifying the captured network attack event states according to the matching result, and classifying the captured network attack event states into social engineering attack events, wherein the active attack events such as (message tampering, counterfeiting and service denial) passive attack events such as (flow analysis and eavesdropping). The problem that a traditional classification monitoring method in the prior art cannot effectively classify the network attack events is solved, and the network attack events can be efficiently and accurately detected and classified.
Then, a data processing system is used according to the attack events to carry out state division on the obtained network attack events, the network attack events are divided into an observation sequence-O, a state sequence-I, an initial state probability-pi, a state transition matrix-A and an observation probability matrix-B according to the existing data types, then an HMM model is constructed, an arithmetic operator system is used for carrying out state solution, and according to the operation result, a hidden state set can be predicted, namely the type of the event attack can possibly occur.
And issuing an instruction to the controller. All states attacked in the network are formed by the hidden state set and the existing attack event state set, and defense is performed by adopting an active defense method according to the state set, so that the network security is guaranteed. All states attacked in the network are formed by the hidden state set and the existing attack event state set, and an optimal strategy is selected according to the state set to defend so as to guarantee the network security. The strategy selection system comprises effective protection methods such as a dense network arrangement system, a firewall and the like. The network attack incident can be explained and prevented more clearly, and the method has practical significance.
FIG. 3 is an overall system flow block diagram: the system comprises six modules, namely an acquisition module, a matching module, a classification module, a data processing module, an HMM prediction module and a strategy selection module.
An obtaining module 301, configured to obtain a network attack event;
the matching module 302 is used for performing feature matching on the network attack event according to the social database and the attack classification standard;
the classification module 303 is used for classifying the network attack events into active attack events, passive attack events and social engineering attack events according to the matching result;
the data processing module 304 performs data modeling processing according to the event characteristics of the classified events, performs state division on the obtained network attack events, divides the obtained network attack events into an observation sequence, namely an O state sequence, an I initial state probability, a pi state transition matrix, an A observation probability matrix and a B according to the existing data types, and then constructs a model of the HMM.
The HMM prediction module 305 performs state solution on the HMM model using an operator system, and according to the operation result, can predict a hidden state set, that is, a type of event attack that may occur.
The strategy selection module 306, the hidden state set and the existing attack event state set constitute all states attacked in the network, and an optimal strategy is selected according to the state set for defense, so that the network security is guaranteed. The strategy selection system comprises effective protection methods such as a dense network arrangement system, a firewall and the like.
EXAMPLE III
Fig. 4 is a contact state diagram of the data processing module system, the database system and the secure network system in the third embodiment of the present invention. The present embodiment describes the configuration of the data processing module in detail.
And the data storage system 401 is used for storing the network attack event of the network attack.
And the event analysis system 402 is configured to perform association analysis on the type of the obtained network attack event matching, and update, according to an analysis result, features corresponding to the social database and the event type in the database system in real time.
The prediction analysis system 403 predicts a network attack event that may occur according to the designation issued by the controller.
The arithmetic unit system 404 is configured to receive an instruction issued by the data processing system to perform an operation, predict a hidden state set according to an operation result, that is, predict a type of an event attack that may occur, and then issue the instruction to the controller.
The distributed dense network system 405 is arranged in the whole network and is used for acquiring network attack events.
The data processing system 407 is used for performing systematic data processing on the network attack events stored in the data storage system, and is divided into an observation sequence, namely an O state sequence, an I initial state probability, a pi state transition matrix, an A observation probability matrix and a B according to the existing data types, and then modeling analysis is performed by using a model of an HMM. Sending an instruction to an arithmetic unit system for calculation
And the controller 408 is configured to store the network attack event acquired by the secure network system 405 in the data storage system 401, and issue an instruction to the event analysis system, the data processing system.
In the embodiment of the invention, the event analysis system 401 adds markers of active attack, passive attack and social engineering attack to various network attack events in the data storage system 401.
In the embodiment of the present invention, the controller 408 is a control center of the whole module, and is connected to each module to issue or receive instructions to each system.
Example four
Fig. 5 is an overall structural diagram of a distributed dense network system in the fourth embodiment of the present invention. Fig. 5 shows an embodiment of a dense network system, which provides event acquisition for the entire module. The dense network system is composed of a plurality of such systems, and a plurality of such dense network systems are arranged in the whole network to form a distributed dense network system.
As shown in fig. 5, a dense network system 501 is represented in the form of various components. The dense network system comprises: a plurality of processing units 505, a storage 509, a memory unit 510, a controller 507, various I/O interfaces 504, external devices 502, a display device 503, a network adapter 506, and a database system 508.
A secure networking system includes a variety of computer system-readable media that can be any available media that can be accessed by the secure networking system and includes both volatile and nonvolatile media, removable and non-removable media.
The honeynet system may communicate with one or more external devices 502 (e.g., keyboard, pointing device), etc., and may also communicate with one or more devices (e.g., network card) that enable a user to communicate with the honeynet system device, and the dense network system to communicate with one or more other computing devices. Such communication may be through input/output (I/O) interfaces 504.
The invention provides a prediction method based on an HMM (hidden Markov model) and a system for selecting an optimal defense strategy, which are used for reasonably predicting possible attacks by using the HMM method when the current network is attacked, then, an optimal strategy selection system mainly based on active defense is used for realizing the efficient and accurate prediction of the attacks suffered by the network, and the optimal strategy is used for ensuring the network space security before the network is attacked. In the process that the network is attacked, the method of applying the HMM model better accords with the actual situation of network attack and defense, and has better practical guiding significance. The active defense method is used for defense before attack, so that the attack suffered by the network can be greatly reduced, and the method has the advantages of being not negligible for practical application.
Finally, it is important to note that the above is only a preferred embodiment of the present invention, and is only used for illustrating the technical principle of the present invention. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Although the present invention has been described in more detail by the above embodiments, the invention is not limited to the above embodiments, but may include other equivalent embodiments without departing from the spirit of the invention, and the scope of the invention is determined by the scope of the appended claims. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present invention are included in the protection scope of the present invention.
Claims (7)
1. A network attack event prediction and optimal active defense strategy selection system is mainly applied to network attack event prediction and strategy selection and comprises the following steps:
capturing a network attack event;
according to the type of the network attack, performing feature matching on the captured network attack event and the existing network attack event type;
and determining whether the captured network attack event is a specific type of attack according to the matching result, wherein the finally selected optimal strategy selection method is obtained according to event prediction.
2. The network attack event prediction and optimal active defense strategy selection system according to claim 1, characterized in that the system is based on a social engineering library and existing attack classification criteria;
determining whether the detected network attack event is a specific type of attack according to the matching result; for example, according to the matching, the captured network attack event state is classified into social engineering attack events, active attack events such as (message tampering, counterfeiting and service denial) passive attack events such as (traffic analysis and eavesdropping).
3. The method of claim 2, wherein after the classification of the network attack event is completed using existing classification criteria, the newly emerging signatures update the database system in real time to make subsequent matching quicker.
4. The system of claim 3, wherein the distributed dense network system is comprised of a plurality of dense network systems.
5. The system for predicting the network attack event and selecting the optimal active defense strategy according to the claim 1 is characterized in that the real state in the network is difficult to describe in the current network attack and defense process, and the real state of the network can be constructed according to the known attack and defense states by using the HMM (hidden Markov model) prediction method, so that the problem of the real state of the network can be well solved. Which comprises the following steps:
the acquisition module is used for acquiring a network attack event;
the matching module is used for carrying out feature matching on the network attack event according to a social engineering knowledge base and the existing attack classification standard;
the classification module is used for classifying the states of the network attack events according to the matching result, and classifying the network attack events into social engineering attack events, wherein the active attack events such as (message tampering, counterfeiting and service denial) passive attack events such as (flow analysis and eavesdropping);
the data processing module is used for systematizing data processing of the network attack events stored in the data storage system;
the prediction module predicts the types of the network attack events which are possibly generated according to the known state set by the classified network attack events;
the strategy selection module is used for receiving an instruction of a control system, all states which are attacked in the network are formed by the hidden state set and the existing attack event state set, and the optimal strategy is selected according to the state set for defense.
6. The system of claim 2, comprising: a dense network system, a controller, an event analysis system, a data processing system, a data storage system, a strategy selection system, an arithmetic unit system and the like are arranged;
the honeynet system for performing the method for detecting the network attack event according to any one of claims 1 to 4 and transmitting the detected network attack event to the controller;
the controller is used for storing the network attack events sent by each honeynet system to the data storage system and issuing event analysis instructions corresponding to the social engineering attack events and the existing attack classification standards to the event analysis system; issuing a policy selection system instruction to select an optimal defense policy;
the event analysis system is used for performing correlation analysis on each social engineering attack event matched with the current event analysis instruction and the existing attack classification standard, and updating a social engineering knowledge base and the existing attack classification standard in the data storage system according to the correlation analysis result; classifying event types in a storage and system into social engineering attack events, wherein active attack events such as (message tampering, counterfeiting and service denial) and passive attack events such as (flow analysis and eavesdropping);
the data processing system is used for carrying out systematic data processing on the network attack events stored in the data storage system, and is divided into an observation sequence-O, a state sequence-I, an initial state probability-pi, a state transition matrix-A and an observation probability matrix-B according to the existing data types, and then modeling analysis is carried out by using a model of an HMM;
the arithmetic system is used for receiving an instruction distributed by the data processing system to carry out operation, and predicting a hidden state set, namely the type of event attack possibly occurs according to an operation result; issuing an instruction to a controller, wherein all states attacked in the network are formed by a hidden state set and a current attack event state set, and defense is performed by adopting an active defense method according to the state set so as to ensure the network security;
the strategy selection system is used for receiving instructions of the control system, all states which are attacked in the network are formed by the hidden state set and the existing attack event state set, and the optimal strategy is selected according to the state set for defense so as to guarantee the network security. The strategy selection system comprises effective protection methods such as a dense network arrangement system and a firewall.
7. The system of claim 5, wherein the policy selection system issues commands via the control system according to the state set calculated by the operator, each event has an optimal policy selection corresponding thereto, and the policy selection is performed before a future attack event occurs to perform defense.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210049295.6A CN114553481A (en) | 2022-01-17 | 2022-01-17 | Network attack event prediction and optimal active defense strategy selection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210049295.6A CN114553481A (en) | 2022-01-17 | 2022-01-17 | Network attack event prediction and optimal active defense strategy selection system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114553481A true CN114553481A (en) | 2022-05-27 |
Family
ID=81672393
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210049295.6A Pending CN114553481A (en) | 2022-01-17 | 2022-01-17 | Network attack event prediction and optimal active defense strategy selection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114553481A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115967548A (en) * | 2022-12-04 | 2023-04-14 | 广州魔番网络科技有限公司 | Safety protection index optimization method based on big data information safety and artificial intelligence system |
| CN116996310A (en) * | 2023-08-15 | 2023-11-03 | 广东中山网传媒信息科技有限公司 | Active defense-based server network security protection method |
| CN117354028A (en) * | 2023-10-30 | 2024-01-05 | 国网江苏省电力有限公司电力科学研究院 | Charging pile cluster network attack detection system and method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080010225A1 (en) * | 2006-05-23 | 2008-01-10 | Gonsalves Paul G | Security system for and method of detecting and responding to cyber attacks on large network systems |
| CN107241352A (en) * | 2017-07-17 | 2017-10-10 | 浙江鹏信信息科技股份有限公司 | A kind of net security accident classificaiton and Forecasting Methodology and system |
| CN110535878A (en) * | 2019-09-23 | 2019-12-03 | 电子科技大学 | A kind of threat detection method based on sequence of events |
| CN111709028A (en) * | 2020-04-21 | 2020-09-25 | 中国科学院信息工程研究所 | Network security state evaluation and attack prediction method |
| CN111859374A (en) * | 2020-07-20 | 2020-10-30 | 恒安嘉新(北京)科技股份公司 | Method, device and system for detecting social engineering attack event |
-
2022
- 2022-01-17 CN CN202210049295.6A patent/CN114553481A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080010225A1 (en) * | 2006-05-23 | 2008-01-10 | Gonsalves Paul G | Security system for and method of detecting and responding to cyber attacks on large network systems |
| CN107241352A (en) * | 2017-07-17 | 2017-10-10 | 浙江鹏信信息科技股份有限公司 | A kind of net security accident classificaiton and Forecasting Methodology and system |
| CN110535878A (en) * | 2019-09-23 | 2019-12-03 | 电子科技大学 | A kind of threat detection method based on sequence of events |
| CN111709028A (en) * | 2020-04-21 | 2020-09-25 | 中国科学院信息工程研究所 | Network security state evaluation and attack prediction method |
| CN111859374A (en) * | 2020-07-20 | 2020-10-30 | 恒安嘉新(北京)科技股份公司 | Method, device and system for detecting social engineering attack event |
Non-Patent Citations (2)
| Title |
|---|
| TIMOTHY CHADZA: "Contemporary Sequential Network Attacks Prediction using Hidden Markov Model", 《IEEEXPLORE》 * |
| 任午令;赵翠文;姜国新;DAVID MAIMON;THEODORE WILSON;BERTRAND SOBESTO;: "基于攻击行为预测的网络防御策略", 浙江大学学报(工学版), no. 12 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115967548A (en) * | 2022-12-04 | 2023-04-14 | 广州魔番网络科技有限公司 | Safety protection index optimization method based on big data information safety and artificial intelligence system |
| CN115967548B (en) * | 2022-12-04 | 2024-04-09 | 深圳市众志天成科技有限公司 | Safety protection index optimization method based on big data information safety and artificial intelligence system |
| CN116996310A (en) * | 2023-08-15 | 2023-11-03 | 广东中山网传媒信息科技有限公司 | Active defense-based server network security protection method |
| CN116996310B (en) * | 2023-08-15 | 2024-04-23 | 广东中山网传媒信息科技有限公司 | Active defense-based server network security protection method and device |
| CN117354028A (en) * | 2023-10-30 | 2024-01-05 | 国网江苏省电力有限公司电力科学研究院 | Charging pile cluster network attack detection system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Manoharan et al. | Revolutionizing Cybersecurity: Unleashing the Power of Artificial Intelligence and Machine Learning for Next-Generation Threat Detection | |
| CN114553481A (en) | Network attack event prediction and optimal active defense strategy selection system | |
| Lin et al. | Internet of things intrusion detection model and algorithm based on cloud computing and multi-feature extraction extreme learning machine | |
| CN103733590B (en) | Compiler for regular expressions | |
| CN103999089B (en) | For the system and method for scanning computer leak in a network environment | |
| CN110213226B (en) | Network attack scene reconstruction method and system based on risk full-factor identification association | |
| CN112351031B (en) | Method and device for generating attack behavior portraits, electronic equipment and storage medium | |
| CN105009132A (en) | Event correlation based on confidence factor | |
| CN112887268B (en) | Network security guarantee method and system based on comprehensive detection and identification | |
| CN115486026A (en) | Quantum computing machine learning of security threats | |
| Muhati et al. | Asynchronous advantage actor-critic (a3c) learning for cognitive network security | |
| CN112925805A (en) | Big data intelligent analysis application method based on network security | |
| Ruggeri et al. | An innovative blockchain-based orchestrator for osmotic computing | |
| Eid et al. | IIoT network intrusion detection using machine learning | |
| Hu et al. | Detecting cryptojacking traffic based on network behavior features | |
| CN117933999A (en) | Network asset risk identification method, system, equipment and storage medium | |
| CN114244588B (en) | Big data analysis interception method and information interception system applying artificial intelligence analysis | |
| Vamvoudakis et al. | Formulating cyber-security as convex optimization problems | |
| WO2023113750A1 (en) | Explainable deep learning based web application firewall method and system thereof | |
| CN115827379A (en) | Abnormal process detection method, device, equipment and medium | |
| Mghames et al. | Intrusion detection system for detecting distributed denial of service attacks using machine learning algorithms | |
| Shukla et al. | A detection approach for IoT traffic-based DDoS attacks | |
| CN113569236A (en) | Internet of things terminal safety monitoring protection method and system | |
| KR102592624B1 (en) | Threat hunting system and method for against social issue-based advanced persistent threat using artificial intelligence | |
| CN112989349B (en) | Virus detection method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |