[go: up one dir, main page]

CN119128901A - An information security cloud computing platform based on intelligent computing center - Google Patents

An information security cloud computing platform based on intelligent computing center Download PDF

Info

Publication number
CN119128901A
CN119128901A CN202411118203.0A CN202411118203A CN119128901A CN 119128901 A CN119128901 A CN 119128901A CN 202411118203 A CN202411118203 A CN 202411118203A CN 119128901 A CN119128901 A CN 119128901A
Authority
CN
China
Prior art keywords
security
data
threat
module
response
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411118203.0A
Other languages
Chinese (zh)
Inventor
吕小龙
林英华
梁启伦
吴国良
殷帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Runxun Data Communication Co ltd
Original Assignee
Shenzhen Runxun Data Communication Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Runxun Data Communication Co ltd filed Critical Shenzhen Runxun Data Communication Co ltd
Priority to CN202411118203.0A priority Critical patent/CN119128901A/en
Publication of CN119128901A publication Critical patent/CN119128901A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to the technical field of information security, in particular to an information security cloud computing platform based on an intelligent computing center, which comprises a user identity and access control module, a self-adaptive threat detection module, a data protection and backup module, a virtualization and resource management module, an edge computing cooperative security module and a security event management module, wherein the user identity and access control module performs identity verification and management, the self-adaptive threat detection module automatically analyzes and identifies novel security threats, the data protection and backup module encrypts stored and transmitted data, the virtualization and resource management module manages and monitors the security state of a virtual machine, the edge computing cooperative security module deploys a security agent at an edge node, and the security event management module records the security event of the platform. The invention improves the accuracy and the real-time performance of threat detection and response and ensures the efficient and safe operation of the platform.

Description

Information security cloud computing platform based on intelligent computing center
Technical Field
The invention relates to the technical field of information security, in particular to an information security cloud computing platform based on an intelligent computing center.
Background
With the rapid development of cloud computing technology, the application of cloud computing platforms in various industries is more and more widespread, however, the information security problem under the cloud computing environment is also increasingly prominent, and becomes an important factor for restricting the further development of cloud computing, the cloud computing platforms generally relate to sensitive data and business operations of a large number of users, once security events occur, huge losses are caused to the users and the platforms, so how to construct an efficient and safe information security cloud computing platform is a problem to be solved in the current cloud computing field.
The existing cloud computing platform has many defects in the aspect of information security, firstly, a user identity authentication and access control mechanism is single and is easy to bypass or attack, unauthorized access and data leakage are caused, secondly, the existing threat detection technology mainly depends on a traditional rule matching and statistical analysis method, is difficult to cope with complex and changeable novel security threats, the detection accuracy and the response speed are insufficient, in addition, the traditional centralized security management mode is easy to cause system bottlenecks, data transmission and processing delay are large, real-time and efficient security detection and response cannot be realized, the prior art lacks effective utilization of distributed security detection and edge calculation, and the overall security and management efficiency are to be improved.
The invention aims to provide an information security cloud computing platform based on an intelligent computing center, which improves the overall security and response efficiency of a system, solves a plurality of defects in the prior art, and remarkably improves the information security management level of the cloud computing platform.
Disclosure of Invention
Based on the above purpose, the invention provides an information security cloud computing platform based on an intelligent computing center.
An information security cloud computing platform based on an intelligent computing center comprises a user identity and access control module, a self-adaptive threat detection module, a data protection and backup module, a virtualization and resource management module, an edge computing cooperative security module and a security event management module, wherein the user identity and access control module is used for detecting the self-adaptive threat;
the user identity and access control module performs identity verification and management on a user accessing the platform;
The self-adaptive threat detection module automatically analyzes and identifies novel security threats and provides threat detection and response, and the self-adaptive threat detection module specifically comprises:
collecting safety monitoring data in real time, wherein the safety monitoring data comprises network flow, operation logs and user behavior data;
Extracting threat features from the collected safety monitoring data;
threat identification, namely constructing a threat detection model based on the extracted threat features, and identifying and classifying security threats through the threat detection model;
threat response, namely automatically generating a response strategy according to a threat identification result and executing the response strategy;
the data protection and backup module encrypts the stored and transmitted data and periodically backs up the user data;
The virtualization and resource management module is used for managing and monitoring the safety state of the virtual machine, and scheduling and managing the computing resources of the intelligent computing center;
The edge computing cooperative security module deploys a security agent at an edge node, and distributed security detection and response are carried out by utilizing edge computing resources;
the security event management module records and analyzes security events of the platform and provides security logs.
Further, the user identity and access control module includes:
a multi-factor authentication mechanism, which combines the authentication means of using passwords, short message authentication, fingerprint recognition, facial recognition or iris recognition;
role and authority management, namely dynamically distributing access authorities according to roles and authority levels of users;
Real-time monitoring and log recording, namely monitoring the access behavior of a user in real time and recording an access log;
the security policy application, which applies a predefined security policy and dynamically adjusts the access control rule according to the identity and the access behavior of the user;
and (3) identity management and verification, namely periodically verifying and updating the identity information of the user, and carrying out identity verification and authentication management on the user.
Further, the feature extraction includes:
Data preprocessing, namely cleaning, normalizing and dimension reducing the collected safety monitoring data to eliminate noise and redundant information;
Time sequence analysis, namely performing time sequence analysis on network traffic and user behavior data, and calculating traffic characteristics and behavior patterns by using a sliding window technology;
frequency domain analysis, namely performing frequency domain analysis on the operation log, and extracting frequency characteristics by using Fast Fourier Transform (FFT);
the statistical feature extraction, namely calculating basic statistical features of the safety monitoring data, including mean, standard deviation, skewness and kurtosis;
High-dimensional feature mapping-mapping high-dimensional features to low-dimensional space using Principal Component Analysis (PCA).
Further, the threat detection model employs a Convolutional Neural Network (CNN) model, the Convolutional Neural Network (CNN) model comprising:
data preprocessing, namely normalizing and standardizing the collected safety monitoring data;
multi-scale convolution, namely adopting multi-scale convolution kernels (convolution kernels with different sizes) to carry out convolution operation, wherein a calculation formula is as follows:
small scale convolution kernel: ;
large scale convolution kernel: ;
Wherein, AndThe sizes of the small-scale and large-scale convolution kernels respectively,For the convolution kernel weights,In order for the offset to be a function of,Is convolution output;
Attention mechanism, namely introducing an attention mechanism, weighting the output of the convolution layer, and calculating the formula as follows:
;
Wherein, As a score of the importance of a feature,In order for the attention to be weighted,AndThe width and the height of the feature map respectively;
;
Wherein, For the output characteristics of the convolutional layer,Is a weighted feature;
And the pooling layer adopts a strategy of combining maximum pooling and average pooling, and the calculation formula is as follows:
;
;
Wherein, For the purpose of pooling the window size,The output of the maximum pooling and the average pooling respectively;
Flattening the characteristic diagram output by the pooling layer, inputting the characteristic diagram into the full-connection layer for classification, wherein the calculation formula is as follows:
;
Wherein, For the output of the flattened pooling layer,For the full connection layer weight,In order for the offset to be a function of,In order to output the output of the device,Is the activation function (softmax).
Further, the threat response includes:
Threat assessment, namely assessing the severity of the threat according to a threat identification result, determining the threat level, and adopting a calculation formula:
;
Wherein, Is a threat score that is a function of the threat,Is the firstThe weight of the individual features is determined,Is the firstThe values of the individual characteristics are used to determine,Is the feature number;
and selecting a response strategy from a predefined response strategy library based on the threat level, wherein the calculation formula is as follows:
;
Wherein, In order to select a response strategy to be used,In response to the set of policies,To select policies under a given threat scoreProbability of (2);
generating a strategy, namely generating response operation including blocking, isolating, alarming and logging according to the selected response strategy;
Policy enforcement-the execution of generated response operations by the automation script and security tool.
Further, the virtualization and resource management module includes:
The virtual machine safety monitoring, namely monitoring the running state, the network flow and the operation log of the virtual machine in real time through an integrated safety agent, detecting abnormal behaviors and potential threats, wherein the calculation formula is as follows:
;
Wherein, To score the security of the virtual machine,Is the firstThe weight of the individual monitored parameters is determined,Is the firstThe values of the individual monitoring parameters are used,To monitor the number of parameters;
the resource utilization monitoring comprises the steps of monitoring the resource utilization conditions of the virtual machine and the physical host in real time, wherein the resource utilization conditions comprise CPU utilization rate, memory utilization amount, storage utilization rate and network bandwidth utilization condition, and the calculation formula is as follows:
;
Wherein, In order to have used the amount of resources,Is the total resource amount;
Dynamic resource scheduling, namely dynamically adjusting the resource allocation and scheduling strategy of the virtual machine according to the real-time resource utilization monitoring result;
the security policy application, which is to automatically apply or adjust the security policy according to the security monitoring result of the virtual machine, including network isolation, access control and patch management;
and the automation management tool is used for executing configuration, migration and backup operation of the virtual machine.
Further, the edge computing cooperative security module includes:
Edge security agent deployment, namely deploying lightweight security agents on each edge node, and taking charge of local data acquisition and preliminary analysis;
Distributed data processing, namely performing distributed processing on locally acquired data by utilizing computing resources of edge nodes;
performing real-time security detection including intrusion detection, abnormal behavior analysis and malicious activity recognition through a security agent of the edge node;
And the cooperative response is that the edge node independently or cooperatively executes a safety response strategy according to the safety detection result, wherein the safety response strategy comprises blocking suspicious traffic, isolating infected equipment and sending an alarm to a central server.
Further, the edge security proxy deployment includes:
the lightweight security agent deployment, namely deploying the lightweight security agent on each edge node, wherein the lightweight security agent runs on the edge equipment and monitors network traffic, operation logs and user behavior data, and the calculation formula is as follows:
;
Wherein, For a data set acquired by an edge node,Is the firstData points;
preliminary data analysis, namely, carrying out preliminary analysis on the collected data by a lightweight security agent, and identifying abnormal behaviors and potential threats based on an abnormality detection algorithm of statistical analysis, wherein the method specifically comprises the following steps of:
;
;
Wherein, As a mean value of the data set,Is the standard deviation of the two-dimensional image,Is the firstA data point is provided for each of the data points,Number of data points;
;
Wherein, Is the firstAbnormal scores for data points;
If it is Then considerIs abnormal data;
and (3) edge data aggregation, namely aggregating and transmitting the result of the primary data analysis to a central server for analysis and response, wherein the calculation formula is as follows:
;
Wherein, For the aggregate anomaly score sum of the edge nodes,Is the number of outlier data points.
Further, the distributed data processing includes:
dividing a locally acquired data set into a plurality of data blocks, wherein the calculation formula is as follows:
;
Wherein, For a data set acquired by an edge node,Is the firstA data point is provided for each of the data points,Is the firstThe number of data blocks in a block of data,The number of the fragments;
parallel processing, namely parallel processing is carried out on the divided data blocks by utilizing the computing resources of the edge nodes, wherein the computing formula is as follows:
;
Wherein, Is the firstThe result of the processing of the individual data blocks,In order to process the function,Is the firstA number of data blocks;
and (3) aggregating the processing results of the data blocks to form an integral processing result, wherein the calculation formula is as follows:
;
Wherein, As a result of the overall processing,Is the firstThe result of the processing of the individual data blocks,Is the number of slices.
Further, the security detection includes:
Intrusion detection, namely identifying intrusion behaviors by analyzing network flow and operation logs, wherein a calculation formula is as follows:
;
;
Wherein, As the raw data is to be processed,Is the mean value of the two values,Is the standard deviation of the two-dimensional image,For the data to be normalized,Is a known intrusion signature pattern;
abnormal behavior analysis, namely identifying abnormal behaviors and potential threats by analyzing user behavior data and based on an abnormal detection algorithm of statistical analysis;
malicious activity recognition by analyzing the oplogs and network traffic, malicious activity is recognized using a naive bayes classifier.
The invention has the beneficial effects that:
The invention constructs a comprehensive, intelligent and efficient information security management system by integrating the user identity and access control module, the self-adaptive threat detection module, the data protection and backup module, the virtualization and resource management module, the edge computing cooperative security module and the security event management module.
The invention can carry out multi-factor authentication, role and authority management, real-time monitoring and log recording and dynamic adjustment of security policy on the user through the cooperative work of the user identity, the access control module and the self-adaptive threat detection module, effectively prevents unauthorized access and data leakage, and simultaneously, the self-adaptive threat detection module utilizes advanced convolutional neural network model and improved algorithm through the steps of data collection, feature extraction, threat identification, threat response and the like, thereby improving the identification capability and detection accuracy of complex threat features, enhancing the attention of important features and providing a rapid and accurate threat coping policy.
According to the invention, the lightweight security agent is deployed at each edge node, the edge computing resources are utilized to perform distributed data processing and real-time security detection, the distributed security detection and response are realized through intrusion detection, abnormal behavior analysis and malicious activity recognition, and the virtualization and resource management module ensures the efficient utilization and load balance of resources by dynamically adjusting the resource allocation and scheduling strategy, so that the system performance is improved, the resource waste is reduced, and the system stability and response capability are enhanced.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only of the invention and that other drawings can be obtained from them without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a platform function module according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an adaptive threat detection module according to an embodiment of the invention.
Detailed Description
The present invention will be further described in detail with reference to specific embodiments in order to make the objects, technical solutions and advantages of the present invention more apparent.
It is to be noted that unless otherwise defined, technical or scientific terms used herein should be taken in a general sense as understood by one of ordinary skill in the art to which the present invention belongs. The terms "first," "second," and the like, as used herein, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", etc. are used merely to indicate relative positional relationships, which may also be changed when the absolute position of the object to be described is changed.
1-2, An information security cloud computing platform based on an intelligent computing center comprises a user identity and access control module, a self-adaptive threat detection module, a data protection and backup module, a virtualization and resource management module, an edge computing cooperative security module and a security event management module, wherein the user identity and access control module is used for detecting a self-adaptive threat;
The user identity and access control module performs identity verification and management on a user accessing the platform, unauthorized access is prevented, and the uniqueness and safety of the user identity are ensured;
the self-adaptive threat detection module automatically analyzes and identifies novel security threats and provides threat detection and response, and the self-adaptive threat detection module specifically comprises:
collecting safety monitoring data in real time, wherein the safety monitoring data comprises network flow, operation logs and user behavior data;
Extracting threat features from the collected safety monitoring data;
threat identification, namely constructing a threat detection model based on the extracted threat features, and identifying and classifying security threats through the threat detection model;
threat response, namely automatically generating a response strategy according to a threat identification result and executing the response strategy;
The data protection and backup module encrypts the stored and transmitted data and periodically backs up the user data, so that the leakage and loss of the data in the transmission process are prevented;
The virtualization and resource management module manages and monitors the safety state of the virtual machine, schedules and manages the computing resources of the intelligent computing center, and ensures the efficient utilization and safety isolation of the resources;
the edge computing cooperative security module deploys security agents at edge nodes, and distributed security detection and response are carried out by utilizing edge computing resources, so that instantaneity and processing efficiency are improved;
The security event management module records and analyzes the security event of the platform, provides a security log, and ensures the coordinated operation of all modules;
Through the content, comprehensive management and protection of user identities, data, virtual machines and security events are realized, efficient threat detection and response, data transmission security, efficient resource utilization and real-time security detection are provided, efficient and safe operation of a platform is ensured, the information security problem in the prior art is effectively solved, and the method has high innovation and practical value.
The user identity and access control module comprises:
A multi-factor authentication mechanism, which combines the identity authentication means of using passwords, short message authentication, fingerprint recognition, facial recognition or iris recognition to ensure the uniqueness and the safety of the user identity;
role and authority management, namely dynamically distributing access authorities according to the roles and authority levels of users, ensuring that only authorized users can access specific resources and execute specific operations;
Real-time monitoring and log recording, namely monitoring access behaviors of users in real time, recording access logs, and timely finding and responding to abnormal access behaviors;
the security policy application is to apply a predefined security policy, dynamically adjust the access control rule according to the user identity and the access behavior, and prevent unauthorized access and data disclosure;
The identity management and verification comprises periodically verifying and updating the identity information of the user, ensuring the validity and accuracy of the identity of the user, and carrying out identity verification and authentication management on the user;
Through the content, the uniqueness and the safety of the user identity can be effectively ensured, unauthorized access and data leakage are prevented, dynamic access control and compliance management are realized, and the overall safety and the management efficiency of the platform are improved.
The feature extraction includes:
Data preprocessing, namely cleaning, normalizing and dimension reducing the collected safety monitoring data, eliminating noise and redundant information, and ensuring the data quality;
Time sequence analysis, namely performing time sequence analysis on network traffic and user behavior data, calculating traffic characteristics and behavior patterns by using a sliding window technology, wherein a calculation formula is as follows:
;
Wherein, As the raw data in the time series,As a mean value within the sliding window,For the standard deviation within the sliding window,Is normalized data;
frequency domain analysis, namely performing frequency domain analysis on the operation log, extracting frequency characteristics by using Fast Fourier Transform (FFT), wherein the calculation formula is as follows:
;
Wherein, In the case of a time-domain signal,As a signal in the frequency domain,For the number of points of the data,Is frequency;
the statistical feature extraction, namely calculating basic statistical features of safety monitoring data, including mean value, standard deviation, skewness and kurtosis, wherein a calculation formula is as follows:
Mean value of ;
Standard deviation of;
Degree of deviation;
Kurtosis degree;
Wherein, As a function of the data points,Is the mean value of the two values,Is the standard deviation of the two-dimensional image,Counting the number of the data points;
high-dimensional feature mapping, namely mapping the high-dimensional features into a low-dimensional space by using Principal Component Analysis (PCA), so that subsequent analysis is facilitated, wherein the calculation formula is as follows:
;
Wherein, In order to reduce the data after the dimension,As a matrix of raw data,Is a feature vector matrix;
by the method, threat features can be efficiently extracted from the safety monitoring data, accurate feature input is provided for threat identification and response, and the accuracy and response speed of threat detection are remarkably improved.
The threat detection model employs a Convolutional Neural Network (CNN) model, which includes:
And (3) data preprocessing, namely carrying out normalization and standardization processing on the collected safety monitoring data to reduce the influence of noise and data deviation on model training, wherein a calculation formula is as follows:
;
Wherein, As the raw data is to be processed,AndRespectively the minimum and maximum values of the data,Is normalized data;
;
Wherein, As the raw data is to be processed,Is the mean value of the two values,Is the standard deviation of the two-dimensional image,Is normalized data;
multi-scale convolution, namely, adopting multi-scale convolution kernels (convolution kernels with different sizes) to carry out convolution operation so as to capture the features with different scales and improve the recognition capability of threat features, wherein a calculation formula is as follows:
small scale convolution kernel: ;
large scale convolution kernel: ;
Wherein, AndThe sizes of the small-scale and large-scale convolution kernels respectively,For the convolution kernel weights,In order for the offset to be a function of,Is convolution output;
Attention mechanism, namely introducing an attention mechanism, weighting the output of the convolution layer to highlight important characteristics and improve the detection accuracy of the model, wherein a calculation formula is as follows:
;
Wherein, As a score of the importance of a feature,In order for the attention to be weighted,AndThe width and the height of the feature map respectively;
;
Wherein, For the output characteristics of the convolutional layer,Is a weighted feature;
And the pooling layer adopts a strategy of combining maximum pooling and average pooling so as to reserve important characteristics and reduce data dimension, wherein the calculation formula is as follows:
;
;
Wherein, For the purpose of pooling the window size,The output of the maximum pooling and the average pooling respectively;
Flattening the characteristic diagram output by the pooling layer, inputting the characteristic diagram into the full-connection layer for classification, wherein the calculation formula is as follows:
;
Wherein, For the output of the flattened pooling layer,For the full connection layer weight,In order for the offset to be a function of,In order to output the output of the device,Is an activation function (softmax);
through the content, the safety monitoring data can be processed and analyzed better, the recognition capability and detection accuracy of the model to complex threat features are improved, the attention to important features is enhanced, the data dimension is reduced, and the calculation efficiency is improved, so that more accurate and efficient threat detection and response capability is provided.
The threat response includes:
Threat assessment, namely assessing the severity of the threat according to a threat identification result, determining the threat level, and adopting a calculation formula:
;
Wherein, Is a threat score that is a function of the threat,Is the firstThe weight of the individual features is determined,Is the firstThe values of the individual characteristics are used to determine,Is the feature number;
and selecting a response strategy from a predefined response strategy library based on the threat level, wherein the calculation formula is as follows:
;
Wherein, In order to select a response strategy to be used,In response to the set of policies,To select policies under a given threat scoreProbability of (2);
generating a strategy, namely generating response operation including blocking, isolating, alarming and logging according to the selected response strategy;
executing the strategy, namely executing the generated response operation through an automation script and a security tool;
Through the content, an effective response strategy can be automatically generated and executed according to the threat identification result, so that rapid and accurate threat response is realized, the safety and stability of the platform are improved, the human intervention and response time are reduced, and the timely treatment of various security threats and the continuous protection of the system are ensured.
The virtualization and resource management module comprises:
The virtual machine safety monitoring, namely monitoring the running state, the network flow and the operation log of the virtual machine in real time through an integrated safety agent, detecting abnormal behaviors and potential threats, wherein the calculation formula is as follows:
;
Wherein, To score the security of the virtual machine,Is the firstThe weight of the individual monitored parameters is determined,Is the firstThe values of the individual monitoring parameters are used,To monitor the number of parameters;
The resource utilization monitoring comprises the steps of monitoring the resource utilization conditions of the virtual machine and the physical host in real time, wherein the resource utilization conditions comprise CPU utilization rate, memory utilization amount, storage utilization rate and network bandwidth utilization condition, so that the high-efficiency utilization and load balance of the resources are ensured, and the calculation formula is as follows:
;
Wherein, In order to have used the amount of resources,Is the total resource amount;
Dynamic resource scheduling, namely dynamically adjusting resource allocation and scheduling strategies of the virtual machine according to the real-time resource utilization monitoring result, optimizing the resource utilization rate and reducing resource waste;
The security policy application, which is to automatically apply or adjust the security policy according to the security monitoring result of the virtual machine, including network isolation, access control and patch management, so as to ensure the security of the virtual machine;
the automatic management tool is used for executing configuration, migration and backup operations of the virtual machine, so that the management flow is simplified, and the management efficiency is improved;
Through the above, the resource allocation and scheduling strategy can be dynamically adjusted, the efficient utilization and load balancing of the resources are ensured, the load balancing is realized by automatically increasing or reducing the resource allocation and migrating the virtual machine, the system performance is improved, the resource waste is reduced, the stability and the response capability of the system are enhanced, the management flow is simplified, and the overall management efficiency is improved.
The edge computing cooperative security module includes:
Edge security agent deployment, namely deploying lightweight security agents on each edge node, and taking charge of local data acquisition and preliminary analysis;
The distributed data processing is carried out by utilizing the computing resources of the edge nodes to carry out distributed processing on locally acquired data, so that the pressure of data transmission to a central server is reduced, and the response speed is improved;
performing real-time security detection including intrusion detection, abnormal behavior analysis and malicious activity recognition through a security agent of the edge node;
The cooperative response is that the edge node executes a safety response strategy independently or cooperatively with the adjacent edge node according to the safety detection result, and the safety response strategy comprises blocking suspicious traffic, isolating infected equipment and sending an alarm to a central server;
through the content, the security agent can be deployed at the edge node, distributed security detection and response are performed by utilizing the edge computing resources, and the security and response efficiency of the whole system are improved.
The edge security agent deployment includes:
the lightweight security agent deployment, namely deploying the lightweight security agent on each edge node, wherein the lightweight security agent runs on the edge equipment and monitors network traffic, operation logs and user behavior data, and the calculation formula is as follows:
;
Wherein, For a data set acquired by an edge node,Is the firstData points;
preliminary data analysis, namely, carrying out preliminary analysis on the collected data by a lightweight security agent, and identifying abnormal behaviors and potential threats based on an abnormality detection algorithm of statistical analysis, wherein the method specifically comprises the following steps of:
;
;
Wherein, As a mean value of the data set,Is the standard deviation of the two-dimensional image,Is the firstA data point is provided for each of the data points,Number of data points;
;
Wherein, Is the firstAbnormal scores for data points;
If it is Then considerIs abnormal data;
and (3) edge data aggregation, namely aggregating and transmitting the result of the primary data analysis to a central server for analysis and response, wherein the calculation formula is as follows:
;
Wherein, For the aggregate anomaly score sum of the edge nodes,Is the number of outlier data points;
by the method, the lightweight security agents can be effectively deployed on the edge nodes, local data acquisition and preliminary analysis can be performed, and security threats can be timely found and dealt with.
The distributed data processing includes:
Dividing a locally acquired data set into a plurality of data blocks so as to be convenient for parallel processing on edge nodes, wherein the calculation formula is as follows:
;
Wherein, For a data set acquired by an edge node,Is the firstA data point is provided for each of the data points,Is the firstThe number of data blocks in a block of data,The number of the fragments;
Parallel processing, namely parallel processing is carried out on the divided data blocks by utilizing the computing resources of the edge nodes, so that the processing efficiency and the response speed are improved, and the computing formula is as follows:
;
Wherein, Is the firstThe result of the processing of the individual data blocks,In order to process the function,Is the firstA number of data blocks;
and (3) aggregating the processing results of the data blocks to form an integral processing result, wherein the calculation formula is as follows:
;
Wherein, As a result of the overall processing,Is the firstThe result of the processing of the individual data blocks,The number of the fragments;
Through the content, the efficiency and the response speed of data processing are improved, the pressure of data transmission to a central server is reduced, the real-time performance and the reliability of the system are ensured, and meanwhile, the effective integration of the processing results of all edge nodes is ensured, so that the safety and the management efficiency of the whole system are improved.
Processing functionThe method specifically comprises the following steps:
data preprocessing, namely carrying out normalization and denoising treatment on the data, wherein the calculation formula is as follows:
;
Wherein, For the data to be normalized,As the raw data is to be processed,AndRespectively minimum and maximum values in the data set;
Extracting key features in the extracted data, including mean value, standard deviation and kurtosis, wherein the calculation formula is as follows:
;
;
;
And (3) performing preliminary analysis, namely classifying or performing cluster analysis on the data by using K-means clusters, wherein the calculation formula is as follows:
;
Wherein, For the purpose of clustering the objective functions,As the number of clusters to be clustered,Is the firstThe center of the individual clusters is the center of the cluster,Is the normalized data point.
The security detection includes:
Intrusion detection, namely identifying intrusion behaviors by analyzing network flow and operation logs, wherein a calculation formula is as follows:
;
;
Wherein, As the raw data is to be processed,Is the mean value of the two values,Is the standard deviation of the two-dimensional image,For the data to be normalized,Is a known intrusion signature pattern;
abnormal behavior analysis, namely identifying abnormal behaviors and potential threats by analyzing user behavior data and based on an abnormal detection algorithm of statistical analysis;
Malicious activity identification, namely identifying malicious activity by analyzing operation logs and network traffic and using a naive Bayesian classifier;
the naive bayes classifier includes:
posterior probability calculation: ;
Wherein, For a category (malicious or normal),As a feature vector of the object set,For the posterior probability of the probability of a posterior,For the purpose of likelihood,Is a priori probability;
Naive bayes hypothesis: ;
Wherein, Is characterized byIs the feature number;
Classification decision: ;
Wherein, Is a predicted category;
Through the above, real-time security detection can be realized, potential invasion, abnormal behaviors and malicious activities can be identified and responded in time, the distributed detection method improves the overall security and response efficiency of the system, reduces the burden of a central server, and ensures the real-time performance and accuracy of data processing.
It will be appreciated by persons skilled in the art that the above discussion of any embodiment is merely exemplary and is not intended to imply that the scope of the invention is limited to these examples, that combinations of technical features in the above embodiments or in different embodiments may also be implemented in any order, and that many other variations of the different aspects of the invention as described above exist, which are not provided in detail for the sake of brevity.

Claims (10)

1.一种基于智算中心的信息安全云计算平台,其特征在于,包括用户身份与访问控制模块、自适应威胁检测模块、数据保护与备份模块、虚拟化与资源管理模块、边缘计算协同安全模块以及安全事件管理模块,其中;1. An information security cloud computing platform based on an intelligent computing center, characterized by comprising a user identity and access control module, an adaptive threat detection module, a data protection and backup module, a virtualization and resource management module, an edge computing collaborative security module, and a security event management module, wherein; 所述用户身份与访问控制模块对访问平台的用户进行身份验证和管理;The user identity and access control module authenticates and manages users who access the platform; 所述自适应威胁检测模块自动分析和识别新型安全威胁,提供威胁检测和响应,具体包括:The adaptive threat detection module automatically analyzes and identifies new security threats and provides threat detection and response, specifically including: 数据收集:实时收集安全监控数据,包括网络流量、操作日志和用户行为数据;Data collection: real-time collection of security monitoring data, including network traffic, operation logs, and user behavior data; 特征提取:从收集的安全监控数据中提取威胁特征;Feature extraction: extract threat features from collected security monitoring data; 威胁识别:基于提取的威胁特征,构建威胁检测模型,并通过威胁检测模型识别和分类安全威胁;Threat identification: Based on the extracted threat features, a threat detection model is constructed, and security threats are identified and classified through the threat detection model; 威胁响应:根据威胁识别的结果自动生成响应策略并执行;Threat response: Automatically generate and execute response strategies based on threat identification results; 所述数据保护与备份模块对存储和传输的数据进行加密,并定期备份用户数据;The data protection and backup module encrypts the stored and transmitted data and regularly backs up user data; 所述虚拟化与资源管理模块管理和监控虚拟机的安全状态,调度和管理智算中心的计算资源;The virtualization and resource management module manages and monitors the security status of virtual machines, and schedules and manages the computing resources of the intelligent computing center; 所述边缘计算协同安全模块在边缘节点部署安全代理,利用边缘计算资源进行分布式安全检测和响应;The edge computing collaborative security module deploys security agents on edge nodes and uses edge computing resources to perform distributed security detection and response; 所述安全事件管理模块记录平台的安全事件,提供安全日志。The security event management module records the security events of the platform and provides a security log. 2.根据权利要求1所述的一种基于智算中心的信息安全云计算平台,其特征在于,所述用户身份与访问控制模块包括:2. According to the information security cloud computing platform based on the intelligent computing center of claim 1, it is characterized in that the user identity and access control module comprises: 多因子认证机制:结合使用密码、短信验证、指纹识别、面部识别或虹膜识别的身份验证手段;Multi-factor authentication mechanism: a combination of password, SMS verification, fingerprint recognition, facial recognition or iris recognition; 角色与权限管理:根据用户的角色和权限等级,动态分配访问权限;Role and permission management: dynamically assign access rights based on the user's role and permission level; 实时监控与日志记录:实时监控用户的访问行为,记录访问日志;Real-time monitoring and logging: real-time monitoring of user access behavior and recording of access logs; 安全策略应用:应用预定义的安全策略,根据用户身份和访问行为动态调整访问控制规则;Security policy application: Apply predefined security policies and dynamically adjust access control rules based on user identity and access behavior; 身份管理与审核:定期审核和更新用户身份信息,并对用户进行身份验证和认证管理。Identity management and audit: Regularly review and update user identity information, and perform identity verification and authentication management for users. 3.根据权利要求1所述的一种基于智算中心的信息安全云计算平台,其特征在于,所述特征提取包括:3. The information security cloud computing platform based on the intelligent computing center according to claim 1, characterized in that the feature extraction comprises: 数据预处理:对收集的安全监控数据进行清洗、归一化和降维处理,消除噪声和冗余信息;Data preprocessing: Clean, normalize and reduce the dimension of the collected security monitoring data to eliminate noise and redundant information; 时间序列分析:对网络流量和用户行为数据进行时间序列分析,使用滑动窗口技术计算流量特征和行为模式;Time series analysis: Perform time series analysis on network traffic and user behavior data, and use sliding window technology to calculate traffic characteristics and behavior patterns; 频域分析:对操作日志进行频域分析,使用快速傅里叶变换提取频率特征;Frequency domain analysis: Perform frequency domain analysis on the operation log and use fast Fourier transform to extract frequency features; 统计特征提取:计算安全监控数据的基本统计特征,包括均值、标准差、偏度和峰度;Statistical feature extraction: Calculate the basic statistical features of security monitoring data, including mean, standard deviation, skewness and kurtosis; 高维特征映射:使用主成分分析将高维特征映射到低维空间。High-dimensional feature mapping: Use principal component analysis to map high-dimensional features to low-dimensional space. 4.根据权利要求3所述的一种基于智算中心的信息安全云计算平台,其特征在于,所述威胁检测模型采用卷积神经网络模型,所述卷积神经网络模型包括:4. The information security cloud computing platform based on the intelligent computing center according to claim 3, characterized in that the threat detection model adopts a convolutional neural network model, and the convolutional neural network model includes: 数据预处理:对收集的安全监控数据进行归一化和标准化处理;Data preprocessing: normalize and standardize the collected security monitoring data; 多尺度卷积:采用多尺度卷积核进行卷积操作,计算公式为:Multi-scale convolution: Use multi-scale convolution kernels for convolution operation, and the calculation formula is: 小尺度卷积核:Small-scale convolution kernel: ; 大尺度卷积核:Large-scale convolution kernel: ; 其中,分别为小尺度和大尺度卷积核的大小,为卷积核权重,为偏置,为卷积输出;in, and are the sizes of small-scale and large-scale convolution kernels, respectively. is the convolution kernel weight, is the bias, is the convolution output; 注意力机制:引入注意力机制,对卷积层的输出进行加权,计算公式为:Attention mechanism: The attention mechanism is introduced to weight the output of the convolutional layer. The calculation formula is: ; 其中,为特征的重要性得分,为注意力权重,分别为特征图的宽度和高度;in, is the importance score of the feature, is the attention weight, and are the width and height of the feature map respectively; ; 其中,为卷积层输出特征,为加权后的特征;in, is the output feature of the convolutional layer, is the weighted feature; 池化层:采用最大池化和平均池化相结合的策略,计算公式为:Pooling layer: A strategy combining maximum pooling and average pooling is adopted, and the calculation formula is: ; ; 其中,为池化窗口大小,分别为最大池化和平均池化的输出;in, is the pooling window size, They are the outputs of maximum pooling and average pooling respectively; 全连接层与输出:将池化层输出的特征图展平,输入到全连接层进行分类,计算公式为:Fully connected layer and output: Flatten the feature map output by the pooling layer and input it into the fully connected layer for classification. The calculation formula is: ; 其中,为展平后的池化层输出,为全连接层权重,为偏置,为输出,为激活函数。in, is the flattened pooling layer output, is the weight of the fully connected layer, is the bias, For output, is the activation function. 5.根据权利要求4所述的一种基于智算中心的信息安全云计算平台,其特征在于,所述威胁响应包括:5. The information security cloud computing platform based on the intelligent computing center according to claim 4, characterized in that the threat response includes: 威胁评估:根据威胁识别结果,对威胁的严重性进行评估,确定威胁等级,计算公式为:Threat assessment: Based on the threat identification results, the severity of the threat is assessed and the threat level is determined. The calculation formula is: ; 其中,是威胁评分,为第个特征的权重,为第个特征的值,为特征数;in, is the threat score, For the The weight of the feature, For the The value of the feature, is the characteristic number; 策略选择:基于威胁等级,从预定义的响应策略库中选择响应策略,计算公式为:Strategy selection: Based on the threat level, a response strategy is selected from the predefined response strategy library. The calculation formula is: ; 其中,为选择的响应策略,为响应策略集合,为在给定威胁评分下选择策略的概率;in, For the selected response strategy, To respond to the strategy set, To select a strategy for a given threat score The probability of 策略生成:根据选择的响应策略,生成响应操作,包括阻断、隔离、告警以及日志记录;Strategy generation: Generate response actions based on the selected response strategy, including blocking, isolation, alarming, and logging; 策略执行:通过自动化脚本和安全工具执行生成的响应操作。Policy enforcement: Execute generated response actions through automated scripts and security tools. 6.根据权利要求1所述的一种基于智算中心的信息安全云计算平台,其特征在于,所述虚拟化与资源管理模块包括:6. The information security cloud computing platform based on the intelligent computing center according to claim 1, characterized in that the virtualization and resource management module comprises: 虚拟机安全监控:通过集成的安全代理实时监控虚拟机的运行状态、网络流量和操作日志,检测异常行为和潜在威胁,计算公式为:Virtual machine security monitoring: The integrated security agent monitors the virtual machine's operating status, network traffic, and operation logs in real time to detect abnormal behaviors and potential threats. The calculation formula is: ; 其中,为虚拟机的安全评分,为第个监控参数的权重,为第个监控参数的值,为监控参数的数量;in, Assign a security score to the virtual machine. For the The weight of the monitoring parameters, For the The value of the monitoring parameter, is the number of monitoring parameters; 资源利用监控:实时监控虚拟机和物理主机的资源使用情况,包括CPU使用率、内存使用量、存储利用率和网络带宽使用情况,计算公式为:Resource utilization monitoring: Real-time monitoring of virtual machine and physical host resource usage, including CPU usage, memory usage, storage utilization, and network bandwidth usage. The calculation formula is: ; 其中,为已使用资源量,为总资源量;in, is the amount of resources used, is the total resources; 动态资源调度:根据实时资源利用监控的结果,动态调整虚拟机的资源分配和调度策略;Dynamic resource scheduling: Dynamically adjust the resource allocation and scheduling strategy of virtual machines based on the results of real-time resource utilization monitoring; 安全策略应用:根据虚拟机的安全监控的结果,自动应用或调整安全策略,包括网络隔离、访问控制和补丁管理;Security policy application: Automatically apply or adjust security policies based on the results of virtual machine security monitoring, including network isolation, access control, and patch management; 自动化管理工具:使用自动化管理工具执行虚拟机的配置、迁移和备份操作。Automated management tools: Use automated management tools to perform virtual machine configuration, migration, and backup operations. 7.根据权利要求1所述的一种基于智算中心的信息安全云计算平台,其特征在于,所述边缘计算协同安全模块包括:7. The information security cloud computing platform based on the intelligent computing center according to claim 1, characterized in that the edge computing collaborative security module comprises: 边缘安全代理部署:在各边缘节点上部署轻量级安全代理,负责本地数据的采集和初步分析;Edge security agent deployment: Deploy lightweight security agents on each edge node to collect and perform preliminary analysis of local data. 分布式数据处理:利用边缘节点的计算资源,对本地采集的数据进行分布式处理;Distributed data processing: Utilize the computing resources of edge nodes to perform distributed processing on locally collected data; 安全检测:通过边缘节点的安全代理,进行实时安全检测,包括入侵检测、异常行为分析和恶意活动识别;Security detection: Real-time security detection is performed through security agents at edge nodes, including intrusion detection, abnormal behavior analysis, and malicious activity identification; 协同响应:根据安全检测的结果,边缘节点独立或协同相邻边缘节点执行安全响应策略,包括阻断可疑流量、隔离受感染设备和发送告警至中心服务器。Collaborative response: Based on the results of security detection, edge nodes independently or in collaboration with adjacent edge nodes execute security response strategies, including blocking suspicious traffic, isolating infected devices, and sending alarms to the central server. 8.根据权利要求7所述的一种基于智算中心的信息安全云计算平台,其特征在于,所述边缘安全代理部署包括:8. The information security cloud computing platform based on the intelligent computing center according to claim 7, characterized in that the edge security agent deployment includes: 轻量级安全代理部署:在每个边缘节点上部署轻量级安全代理,轻量级安全代理运行在边缘设备上,监控网络流量、操作日志和用户行为数据,计算公式为:Lightweight security agent deployment: A lightweight security agent is deployed on each edge node. The lightweight security agent runs on the edge device and monitors network traffic, operation logs, and user behavior data. The calculation formula is: ; 其中,为边缘节点采集的数据集,为第个数据点;in, The dataset collected for edge nodes, For the data points; 初步数据分析:轻量级安全代理对采集的数据进行初步分析,基于统计分析的异常检测算法识别异常行为和潜在威胁,具体包括:Preliminary data analysis: The lightweight security agent performs preliminary analysis on the collected data and uses anomaly detection algorithms based on statistical analysis to identify abnormal behaviors and potential threats, including: ; ; 其中,为数据集的均值,为标准差,为第个数据点,为数据点的数量;in, is the mean of the data set, is the standard deviation, For the data points, is the number of data points; ; 其中,为第个数据点的异常分数;in, For the Anomaly score for each data point; ,则认为是异常数据;like , then it is believed that It is abnormal data; 边缘数据聚合:将初步数据分析的结果聚合并发送到中心服务器进行分析和响应,计算公式为:Edge data aggregation: Aggregate the results of preliminary data analysis and send them to the central server for analysis and response. The calculation formula is: ; 其中,为边缘节点聚合的异常分数总和,为异常数据点的数量。in, is the sum of anomaly scores aggregated from edge nodes, is the number of abnormal data points. 9.根据权利要求8所述的一种基于智算中心的信息安全云计算平台,其特征在于,所述分布式数据处理包括:9. The information security cloud computing platform based on the intelligent computing center according to claim 8, characterized in that the distributed data processing includes: 数据分片:将本地采集的数据集划分成多个数据块,计算公式为:Data sharding: Divide the locally collected data set into multiple data blocks. The calculation formula is: ; 其中,为边缘节点采集的数据集,为第个数据点,为第个数据块,为分片数量;in, The dataset collected for edge nodes, For the data points, For the data blocks, is the number of shards; 并行处理:利用边缘节点的计算资源,对划分后的数据块进行并行处理,计算公式为:Parallel processing: Use the computing resources of edge nodes to process the divided data blocks in parallel. The calculation formula is: ; 其中,为第个数据块的处理结果,为处理函数,为第个数据块;in, For the The processing result of each data block is For the processing function, For the data blocks; 结果聚合:将各个数据块的处理结果进行聚合,形成整体的处理结果,计算公式为:Result aggregation: Aggregate the processing results of each data block to form the overall processing result. The calculation formula is: ; 其中,为整体处理结果,为第个数据块的处理结果,为分片数量。in, For the overall processing results, For the The processing result of each data block is is the number of shards. 10.根据权利要求9所述的一种基于智算中心的信息安全云计算平台,其特征在于,所述安全检测包括:10. The information security cloud computing platform based on the intelligent computing center according to claim 9, characterized in that the security detection includes: 入侵检测:通过分析网络流量和操作日志,识别入侵行为,计算公式为:Intrusion detection: Identify intrusion behaviors by analyzing network traffic and operation logs. The calculation formula is: ; ; 其中,为原始数据,为均值,为标准差,为归一化后的数据,为已知的入侵特征模式;in, is the original data, is the mean, is the standard deviation, is the normalized data, is a known intrusion characteristic pattern; 异常行为分析:通过分析用户行为数据,基于统计分析的异常检测算法识别异常行为和潜在威胁;Abnormal behavior analysis: By analyzing user behavior data, anomaly detection algorithms based on statistical analysis can identify abnormal behaviors and potential threats; 恶意活动识别:通过分析操作日志和网络流量,使用朴素贝叶斯分类器识别恶意活动。Malicious activity identification: By analyzing operation logs and network traffic, malicious activities are identified using a naive Bayes classifier.
CN202411118203.0A 2024-08-15 2024-08-15 An information security cloud computing platform based on intelligent computing center Pending CN119128901A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411118203.0A CN119128901A (en) 2024-08-15 2024-08-15 An information security cloud computing platform based on intelligent computing center

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411118203.0A CN119128901A (en) 2024-08-15 2024-08-15 An information security cloud computing platform based on intelligent computing center

Publications (1)

Publication Number Publication Date
CN119128901A true CN119128901A (en) 2024-12-13

Family

ID=93769797

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411118203.0A Pending CN119128901A (en) 2024-08-15 2024-08-15 An information security cloud computing platform based on intelligent computing center

Country Status (1)

Country Link
CN (1) CN119128901A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119402293A (en) * 2024-12-31 2025-02-07 深圳润迅数据通信有限公司 Network security early warning method and system based on edge intelligent data center

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119402293A (en) * 2024-12-31 2025-02-07 深圳润迅数据通信有限公司 Network security early warning method and system based on edge intelligent data center
CN119402293B (en) * 2024-12-31 2025-04-11 深圳润迅数据通信有限公司 Network security early warning method and system based on edge intelligent data center

Similar Documents

Publication Publication Date Title
Deshpande et al. HIDS: A host based intrusion detection system for cloud computing environment
Garg et al. Statistical vertical reduction‐based data abridging technique for big network traffic dataset
Zhe et al. DoS attack detection model of smart grid based on machine learning method
EP3465515B1 (en) Classifying transactions at network accessible storage
Ullah et al. A filter-based feature selection model for anomaly-based intrusion detection systems
CN118260158A (en) Cloud computing service operation and maintenance management platform
Liu et al. Mltracer: Malicious logins detection system via graph neural network
CN117811764A (en) Zero trust network construction method and system
CN119128901A (en) An information security cloud computing platform based on intelligent computing center
CN117807590B (en) Information security prediction and monitoring system and method based on artificial intelligence
CN118869267A (en) An adaptive zero-trust network assessment method and system based on edge computing
CN118381672B (en) Data security dynamic protection method and system based on artificial intelligence
Somwang et al. Computer network security based on support vector machine approach
CN119339464A (en) Remote control and authority management system for smart locks of power facilities
Fernando et al. Network attacks identification using consistency based feature selection and self organizing maps
CN111475380A (en) Log analysis method and device
RU180789U1 (en) DEVICE OF INFORMATION SECURITY AUDIT IN AUTOMATED SYSTEMS
CN117640432B (en) Operation and maintenance monitoring method for distributed data center
Umathe et al. Artificial Intelligence based Anomaly detection in Distributed energy resources for Smart Grid
CN117932233A (en) User behavior model fine-tuning method, system and medium based on similar abnormal behavior
Vijayalakshmi et al. Detection of man in the middle attack in 5G IOT using machine learning
CN117376010A (en) Network security method and system based on intelligent network
Jingyi et al. ELM network intrusion detection model based on SLPP feature extraction
Zhu et al. Research of intrusion detection based on support vector machine
Arivardhini et al. A Hybrid Classifier Approach for Network Intrusion Detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination