公开(公告)号：US09148439B2

公开(公告)日：2015-09-29

申请号：US14201942

申请日：2014-03-10

Applicant: Macau University of Science and Technology

Inventor： Chi Tin Hon ,  Jia Hua Xu

IPC: G06F21/55 ,  H04L29/06 ,  H04L12/24 ,  H04L12/26

CPC classification number: H04L63/1408 ,  G06F21/55 ,  G06F21/552 ,  H04L41/147 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/20

Abstract: A method of detecting an internet attack against a computing device is disclosed. The method of detecting an internet attack against a computing device comprising the steps of receiving a plurality of incoming network packets; extracting a plurality of incoming feature packets based on the plurality of incoming network packets; predicting a predicted incoming feature packet based on the plurality of incoming feature packets; obtaining a first classification data based on one of the incoming feature packets using a first classifier; obtaining a second classification data based on the predicted incoming feature packet by using a second classifier; and performing at least one remedy action if the first classification data or the second classification data identifies the internet intrusion attack; wherein each of the plurality of incoming feature packets and the predicted incoming feature packet comprise a plurality of incoming features and a plurality of predicted features respectively.

Abstract translation: 公开了一种检测针对计算设备的因特网攻击的方法。 一种检测针对计算设备的因特网攻击的方法，包括以下步骤：接收多个传入网络分组; 基于所述多个传入网络分组来提取多个输入特征分组; 基于所述多个输入特征分组来预测预测的进入特征分组; 使用第一分类器基于所述输入特征分组之一获得第一分类数据; 通过使用第二分类器基于预测的进入特征分组获得第二分类数据; 以及如果所述第一分类数据或所述第二分类数据识别所述互联网入侵攻击，则执行至少一种补救措施; 其中所述多个输入特征分组和所述预测输入特征分组中的每一个分别包括多个输入特征和多个预测特征。

公开(公告)号：US09298913B2

公开(公告)日：2016-03-29

申请号：US14201939

申请日：2014-03-10

Applicant: Macau University of Science and Technology

Inventor： Chi Tin Hon ,  Jia Hua Xu

IPC: G06F9/00 ,  G06F21/55 ,  H04L29/06

CPC classification number: G06F21/55 ,  G06F21/554 ,  G06F2221/034 ,  H04L63/1408 ,  H04L63/1425

Abstract: A method of detecting network intrusion based on improved support vector machine is disclosed. The method comprises the steps of identifying a plurality of features; computing information gain of each of the features; selecting a pre-determined number of features based on the computed information gain and augmenting that set of pre-determined number of features with special features to form a set of selected features; and classifying a network connection based on the selected features using support vector machine. In order to achieve better detection accuracy, cross-validation and grid-search are applied to select the radial basis function for the support vector machine.

Abstract translation: 公开了一种基于改进的支持向量机检测网络入侵的方法。 该方法包括识别多个特征的步骤; 计算每个特征的信息增益; 基于所计算的信息增益来选择预定数量的特征，并且增加具有特殊特征的预定数量的特征的集合以形成所选特征的集合; 并使用支持向量机根据所选择的特征对网络连接进行分类。 为了实现更好的检测精度，应用交叉验证和网格搜索来选择支持向量机的径向基函数。