CN105871847A - Intelligent substation network abnormal flow detection method - Google Patents
Intelligent substation network abnormal flow detection method Download PDFInfo
- Publication number
- CN105871847A CN105871847A CN201610202100.1A CN201610202100A CN105871847A CN 105871847 A CN105871847 A CN 105871847A CN 201610202100 A CN201610202100 A CN 201610202100A CN 105871847 A CN105871847 A CN 105871847A
- Authority
- CN
- China
- Prior art keywords
- message
- source
- flow
- information
- abnormal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
The invention discloses an intelligent substation network abnormal flow detection method. The method comprises the following steps: (1) configuring a mirroring port of a substation switch, and accessing a substation network through the mirroring port; (2) resolving a captured message; (3) performing statistics analysis on accumulated message information according to different source addresses, and judging whether abnormal flows exist in the source addresses or not; (4) performing statistics analysis on the accumulated message information according to different source/destination addresses, and judging whether abnormal flows exist between every pair of source/destination addresses or not; and (5) transmitting abnormal information to a remote scheduling system, storing the accumulated message information, returning to the step (2), and performing a new round of abnormal flow detection. A real-time and reliable substation network abnormal flow detection method is provided, and real-time reporting and alarm output of substation network abnormal flow information are realized finally.
Description
Technical field
The present invention relates to a kind of intelligent substation exception flow of network detection method, belong to the detection of intelligent grid information security
With defense technique field.
Background technology
Recently as the development of intelligent grid, the domestic construction promoting intelligent substation.Inside intelligent substation
Have employed the network structure of three layer of two net, real-time performance is all passed through in the various data interactions of equipment room.December in 2015 crow on the 23rd
Crane electrical network event on a large scale it is considered to be first hacker attacks cause electrical network paralyse event, this event makes industry control
Safety gets the attention.Inside intelligent substation, owing to connecting or mobile memory medium outside violation when O&M is debugged
Use, create various rogue program and be brought into the probability within transformer station.The structure of three layer of two net is built in saving
This, while facilitating device data transmission, also provide with offensive attack for propagating in substation network of various virus wooden horses
Convenience.But also lack the detection for Network anomalous behaviors and initiative type safeguard technology inside transformer station at present.
Owing to the propagation of various Deviant Behavioies (malicious attack, Virus, unauthorized access etc.) is required for utilizing with destruction
Network completes, so being the master effectively finding Network anomalous behaviors at present and defending to network flow monitoring and analysis
Want one of means.Transformer station formally builds up after putting into operation, and internal equipment is all fixing and the exchange of the data of equipment room is also
Metastable.Any equipment produces excessive flow or flow is too small can be seen as Traffic Anomaly, exists and causes transformer station
There is the possibility of safety problem in inside, needs to provide alarm output, in order to cause the concern of skilled addressee and carry out in time
The investigation of problem.
Summary of the invention
The deficiency existed for prior art, it is an object of the present invention to provide a kind of intelligent substation exception flow of network detection
Method, The present invention gives substation network abnormal flow recognition methods the most reliably, and it is different finally to realize substation network
The real-time report of normal flow information and alarm output.
To achieve these goals, the present invention is to realize by the following technical solutions:
A kind of intelligent substation exception flow of network detection method of the present invention, including following step:
(1) mirror port of configuration transformer station switch, for ensureing the copy of all network messages through switch
Can export from mirror port, access substation network by mirror port;
(2) resolve the message of capture, filter empty message, extract source and destination address and the length information of message, accumulative
The message information of a period of time;
(3) accumulative message information is carried out statistical analysis according to different source addresses, when obtaining each source address one section
Interior network traffic information, it is judged that whether each source address exists abnormal flow;
(4) accumulative message information is carried out statistical analysis according to different source/destination addresses, obtain every pair of source/destination
Network traffic information in a period of time between address, it is judged that whether there is abnormal flow between every pair of source/destination address;
(5) display abnormal flow information, and abnormal information is sent to remote dispatching system, the message letter that storage is accumulative
Breath, returns step (2), carries out new round abnormal traffic detection.
In step (2), the described message resolving capture specifically includes following step:
(2a) from the message that mirror port capture is complete, for ensureing the integrity of single message;
(2b) judge whether it is that Transmission Control Protocol controls message, the most whether be ACK confirmation message, FIN end message, RES reset
Message or SYN sync message, if it is, do not process this message to turn to step (2a), if it is not, then turn to step (2c);
(2c) from data message, following information is extracted: source address, destination address and message length;
(2d) message information extraction obtained preserves in the buffer, preserves the message information in a period of time Δ t1.
In step (3), the method carrying out statistical analysis according to different source addresses is as follows:
(3a) all messages of caching in step (2d) are grouped according to source address;
(3b) message length in cumulative each source address d a period of time Δ t1, calculates this source address d average discharge, meter
Calculation mode is:Wherein p be Δ t1 inner source address be the message of d, length is
Message length;
(3c) utilize each source address d message information in historical time Δ t, calculate this source address d flow theory value,
Calculation is: Tflowd=(∑ p.length)/(1000 × Δ t), p be Δ t inner source address be the message of d;
(3d) by each source address flow theory value, it is judged that the present flow rate of this source address is the most abnormal, if discontented
FootWherein λ is unusual determination coefficient, then illustrate that this flow is exception stream
Amount, is stored in the abnormal flow information of source address in abnormal flow memorizer.
In step (4), the method carrying out statistical analysis according to different source/destination addresses is as follows:
(4a) all messages of caching in step (2d) are grouped according to source/destination address;
(4b) message length in cumulative every couple of source/destination address d1, d2 a period of time Δ t1, calculates this source/destination
Location d1, the average discharge between d2, calculation is:Wherein p is Δ t1
Inner source address is d1 and destination address is the message of d2;
(4c) utilize every couple of source/destination address d1, the d2 message information in historical time Δ t, calculate this source/destination
Location flow theory value, calculation is: Tflowd1,d2=(∑ p.length)/(1000 × Δ t), p be Δ t inner source address be d1
And destination address is the message of d2;
(4d) by every pair of source/destination address flow theory value, it is judged that the present flow rate of this source/destination address is the most different
Often, if be unsatisfactory forThen illustrate that this flow is exception stream
Amount, is stored in abnormal flow information in abnormal flow memorizer.
In step (5), the method that described remote dispatching system processes abnormal information is as follows:
(5a) the abnormal flow information in abnormal flow memorizer is uploaded to corresponding remote dispatching system, for 220KV
And above transformer station is uploaded to province and adjusts, 110KV and following transformer station are adjusted with being uploaded to;
(5b) the accumulative message information of caching, in history message information memorizer, empties caching in storing step (2d);
(5c) return step (2), perform the work of new round abnormal traffic detection.
Present invention utilizes substation network closure and the fixed feature of equipment, by message capturing, packet parsing,
Traffic statistics and analysis, abnormal flow judge, abnormal information shows and reports this series of flow processs, give and become the most reliably
Power station exception flow of network recognition methods, and the real-time report finally realizing substation network abnormal flow information is defeated with alarm
Going out, auxiliary skilled addressee carries out substation information safety monitoring and analyzes work.
Accompanying drawing explanation
Fig. 1 is the Whole Work Flow figure of the present invention;
Fig. 2 is that network message resolves and thread scheduling flow chart;
Fig. 3 is source address abnormal traffic detection flow chart;
Fig. 4 is abnormal traffic detection flow chart between source/destination address.
Detailed description of the invention
For the technological means making the present invention realize, creation characteristic, reach purpose and be easy to understand with effect, below in conjunction with
Detailed description of the invention, is expanded on further the present invention.
As it is shown in figure 1, intelligent substation exception flow of network detection method, specifically include following steps:
Step (1): the mirror port of configuration transformer station switch, it is ensured that the copy of all network messages through switch
Can export from mirror port, access substation network by mirror port;
Step (2): exploitation java applet, starts two threads in program, the two thread performs always, and thread 1 is responsible for
The capture of message, resolve, filter, information retrieval work, message information is buffered in internal memory, thread 2 is responsible for scheduling in every 5 minutes
Once, it is responsible for performing step (3) to step (5).As in figure 2 it is shown, be Message processing flow chart, concrete Message processing step is such as
Under:
Step 2a: thread 1 captures message from mirror port, it is ensured that comprehensive and single message complete of capture message
Property;
Step 2b: thread 1 filters out the control message of the Transmission Control Protocol without content, including: ACK confirmation message, FIN terminate
Message, RES reset message, SYN sync message;
Step 2c: thread 1 extracts following information from message p: source address p.src, destination address p.dst, message length
p.length.It is IP address for the message of IP layer protocol, source address and destination address, for Mac layer protocol, source and destination
Location is Mac address;
Step 2d: thread 1 uses set S caching to extract the message information obtained, and thread 2 scheduling in every 5 minutes once, will collection
Close all messages in S to move to gather in S1, empty set S, perform step (3) to step (5);
Step (3): defined in java applet method, is responsible for carrying out accumulative message according to different source addresses
Statistical analysis, it is judged that whether each source address exists abnormal flow.As it is shown on figure 3, be source address analysis process figure, concrete analysis
Step is as follows:
Step 3a: all messages of caching in set S1 are grouped according to source address, obtain being grouped G1={d1,
d2……dn};
Step 3b: obtain certain each source address d from G1, by the message cumulative length of this source address d, calculates this source
Address d average dischargeComputing formula is:Wherein p ∈ S1 and
P.src=d, the unit of result of calculation is kbytes/s;
Step 3c: according to source address d history message information, calculates this source address d flow theory value Tflowd, computing formula
For: Tflowd=(∑ p.length)/(1000 × Δ t), report in time Δ t during wherein p is history message information data base
Literary composition, and p.src=d, the unit of result of calculation is kbytes/s.Δ t is set to nearest 3600 second.
Step 3d: by each source address d flow theory value, it is judged that the present flow rate of this source address d is the most abnormal, it is judged that
Abnormal foundation is:The abnormal flow information of source address d is stored in this locality
In abnormal information data base;
Step 3e: judge to be grouped whether G1 also has untreated address, if there being return step 3b to continue executing with, otherwise holds
Row step (4);
Step (4): defined in java applet method, is responsible for accumulative message according to different source and destination
Location carries out statistical analysis, it is judged that whether there is abnormal flow between every pair of source/destination address.As shown in Figure 4, it is source/destination
Location analysis process figure, concrete analysis step is as follows:
Step 4a: all messages of caching in set of steps S1 are grouped according to source/destination address;Obtain being grouped G2
={ d1d2,d2d1……didj, djdi};
Step 4b: according to the message cumulative length of each source/destination address, calculates this source/destination address d1, d2 mean flow
AmountComputing formula is:Wherein p ∈ S1 and p.src=d1,
P, dst=d2, the unit of result of calculation is kbytes/s;
Step 4c: according to source/destination address d1, d2 history message information, calculates this source/destination address d1, d2 flow reason
Opinion value Tflowd1,d2, computing formula is: Tflowd1,d2=(∑ p.length)/(1000 × Δ t), wherein p is history message letter
Message in time Δ t in breath data base, and p.src=d1, p.dst=d2, the unit of result of calculation is kbytes/s.Δt
It is set to nearest 3600 second.
Step 4d: by each source/destination address d1, d2 flow theory value, it is judged that this source/destination address d1, d2 work as
Front flow is the most abnormal, it is judged that according to being:By source/destination
The abnormal flow information of location d1, d2 is stored in local anomaly information data base;
Step 4e: judge to be grouped whether G2 also has untreated source/mesh address, if there being return step 4b to continue executing with,
Otherwise perform step (5);
Step (5): defined in java applet method, perform afterwards in step (3) and being finished of step (4)
The method.The method obtains the up-to-date abnormal flow information that in local anomaly information data base, step (3) and step (4) generate,
And it is uploaded to corresponding dispatching patcher, province is uploaded to for 220KV and above transformer station and adjusts, for 110KV and following power transformation
Station is adjusted with being uploaded to, and in the message information being saved in step 2d in caching S1 to history message information data base, and empties slow
Deposit S1.
The ultimate principle of the present invention and principal character and advantages of the present invention have more than been shown and described.The technology of the industry
Personnel, it should be appreciated that the present invention is not restricted to the described embodiments, simply illustrating this described in above-described embodiment and description
The principle of invention, without departing from the spirit and scope of the present invention, the present invention also has various changes and modifications, and these become
Change and improvement both falls within scope of the claimed invention.Claimed scope by appending claims and
Equivalent defines.
Claims (5)
1. an intelligent substation exception flow of network detection method, it is characterised in that include following step:
(1) mirror port of configuration transformer station switch, for ensureing that all copies through the network message of switch can
Enough from mirror port output, access substation network by mirror port;
(2) resolve the message of capture, filter empty message, extract source and destination address and the length information of message, add up one section
The message information of time;
(3) accumulative message information is carried out statistical analysis according to different source addresses, obtain in each source address a period of time
Network traffic information, it is judged that whether each source address exists abnormal flow;
(4) accumulative message information is carried out statistical analysis according to different source/destination addresses, obtain every pair of source/destination address
Between network traffic information in a period of time, it is judged that whether there is abnormal flow between every pair of source/destination address;
(5) display abnormal flow information, and abnormal information is sent to remote dispatching system, the message information that storage is accumulative, returns
Return step (2), carry out new round abnormal traffic detection.
Intelligent substation exception flow of network detection method the most according to claim 1, it is characterised in that in step (2),
The described message resolving capture specifically includes following step:
(2a) from the message that mirror port capture is complete, for ensureing the integrity of single message;
(2b) judge whether it is that Transmission Control Protocol controls message, the most whether be ACK confirmation message, FIN end message, RES reset message
Or SYN sync message, if it is, do not process this message to turn to step (2a), if it is not, then turn to step (2c);
(2c) from data message, following information is extracted: source address, destination address and message length;
(2d) message information extraction obtained preserves in the buffer, preserves the message information in a period of time Δ t1.
Intelligent substation exception flow of network detection method the most according to claim 2, it is characterised in that in step (3),
The method carrying out statistical analysis according to different source addresses is as follows:
(3a) all messages of caching in step (2d) are grouped according to source address;
(3b) message length in cumulative each source address d a period of time Δ t1, calculates this source address d average discharge, calculating side
Formula is:Wherein p be Δ t1 inner source address be the message of d, length is message
Length;
(3c) utilize each source address d message information in historical time Δ t, calculate this source address d flow theory value, calculate
Mode is: Tflowd=(∑ p.length)/(1000 × Δ t), p be Δ t inner source address be the message of d;
(3d) by each source address flow theory value, it is judged that the present flow rate of this source address is the most abnormal, if be unsatisfactory forWherein λ is unusual determination coefficient, then illustrate that this flow is abnormal flow,
The abnormal flow information of source address is stored in abnormal flow memorizer.
Intelligent substation exception flow of network detection method the most according to claim 3, it is characterised in that in step (4),
The method carrying out statistical analysis according to different source/destination addresses is as follows:
(4a) all messages of caching in step (2d) are grouped according to source/destination address;
(4b) message length in cumulative every couple of source/destination address d1, d2 a period of time Δ t1, calculates this source/destination address d1,
Average discharge between d2, calculation is:Wherein p is that Δ t1 is endogenous
Address is d1 and destination address is the message of d2;
(4c) utilize every couple of source/destination address d1, the d2 message information in historical time Δ t, calculate this source/destination address stream
Amount theoretical value, calculation is: Tflowd1,d2=(∑ p.length)/(1000 × Δ t), p be Δ t inner source address be d1 and mesh
The message that address is d2;
(4d) by every pair of source/destination address flow theory value, it is judged that the present flow rate of this source/destination address is the most abnormal, as
Fruit is unsatisfactory forThen illustrate that this flow is abnormal flow, by different
Normal flow information is stored in abnormal flow memorizer.
Intelligent substation exception flow of network detection method the most according to claim 4, it is characterised in that in step (5),
The method that described remote dispatching system processes abnormal information is as follows:
(5a) the abnormal flow information in abnormal flow memorizer is uploaded to corresponding remote dispatching system, for 220KV and with
On transformer station be uploaded to province adjust, 110KV and following transformer station are adjusted with being uploaded to;
(5b) the accumulative message information of caching, in history message information memorizer, empties caching in storing step (2d);
(5c) return step (2), perform the work of new round abnormal traffic detection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610202100.1A CN105871847B (en) | 2016-04-01 | 2016-04-01 | A kind of intelligent substation exception flow of network detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610202100.1A CN105871847B (en) | 2016-04-01 | 2016-04-01 | A kind of intelligent substation exception flow of network detection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105871847A true CN105871847A (en) | 2016-08-17 |
| CN105871847B CN105871847B (en) | 2018-11-30 |
Family
ID=56626708
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610202100.1A Active CN105871847B (en) | 2016-04-01 | 2016-04-01 | A kind of intelligent substation exception flow of network detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105871847B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302540A (en) * | 2016-10-14 | 2017-01-04 | 国网浙江省电力公司绍兴供电公司 | Communications network security detecting system based on substation information safety and method |
| CN106559261A (en) * | 2016-11-03 | 2017-04-05 | 国网江西省电力公司电力科学研究院 | A kind of substation network intrusion detection of feature based fingerprint and analysis method |
| CN107769993A (en) * | 2017-09-19 | 2018-03-06 | 广西电网有限责任公司电力科学研究院 | Towards the data traffic monitoring method of power network big data distributed system |
| CN108076019A (en) * | 2016-11-17 | 2018-05-25 | 北京金山云网络技术有限公司 | Anomalous traffic detection method and device based on traffic mirroring |
| CN109600258A (en) * | 2018-12-10 | 2019-04-09 | 英赛克科技(北京)有限公司 | Industrial protocol message accounting device and method |
| CN110213074A (en) * | 2019-03-07 | 2019-09-06 | 腾讯科技(深圳)有限公司 | The anomalous structure mthods, systems and devices of distributed protocol |
| CN111049843A (en) * | 2019-12-18 | 2020-04-21 | 国网浙江省电力有限公司宁波供电公司 | Intelligent substation network abnormal flow analysis method |
| CN112769867A (en) * | 2021-02-05 | 2021-05-07 | 国网福建省电力有限公司电力科学研究院 | Safety assessment method for transformer substation simulation equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050249214A1 (en) * | 2004-05-07 | 2005-11-10 | Tao Peng | System and process for managing network traffic |
| US7296093B1 (en) * | 2001-12-31 | 2007-11-13 | Ciphermax, Inc. | Network processor interface system |
| CN101132375A (en) * | 2007-09-28 | 2008-02-27 | 杭州华三通信技术有限公司 | Network flux statistical method and device |
| CN103457791A (en) * | 2013-08-19 | 2013-12-18 | 国家电网公司 | Self-diagnosis method of network sampling and control link of intelligent substation |
| CN104579818A (en) * | 2014-12-01 | 2015-04-29 | 国家电网公司 | Detection method of network anomaly message of intelligent substation |
-
2016
- 2016-04-01 CN CN201610202100.1A patent/CN105871847B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7296093B1 (en) * | 2001-12-31 | 2007-11-13 | Ciphermax, Inc. | Network processor interface system |
| US20050249214A1 (en) * | 2004-05-07 | 2005-11-10 | Tao Peng | System and process for managing network traffic |
| CN101132375A (en) * | 2007-09-28 | 2008-02-27 | 杭州华三通信技术有限公司 | Network flux statistical method and device |
| CN103457791A (en) * | 2013-08-19 | 2013-12-18 | 国家电网公司 | Self-diagnosis method of network sampling and control link of intelligent substation |
| CN104579818A (en) * | 2014-12-01 | 2015-04-29 | 国家电网公司 | Detection method of network anomaly message of intelligent substation |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302540A (en) * | 2016-10-14 | 2017-01-04 | 国网浙江省电力公司绍兴供电公司 | Communications network security detecting system based on substation information safety and method |
| CN106559261A (en) * | 2016-11-03 | 2017-04-05 | 国网江西省电力公司电力科学研究院 | A kind of substation network intrusion detection of feature based fingerprint and analysis method |
| CN108076019A (en) * | 2016-11-17 | 2018-05-25 | 北京金山云网络技术有限公司 | Anomalous traffic detection method and device based on traffic mirroring |
| CN108076019B (en) * | 2016-11-17 | 2021-04-09 | 北京金山云网络技术有限公司 | Abnormal flow detection method and device based on flow mirror image |
| CN107769993A (en) * | 2017-09-19 | 2018-03-06 | 广西电网有限责任公司电力科学研究院 | Towards the data traffic monitoring method of power network big data distributed system |
| CN109600258A (en) * | 2018-12-10 | 2019-04-09 | 英赛克科技(北京)有限公司 | Industrial protocol message accounting device and method |
| CN109600258B (en) * | 2018-12-10 | 2022-02-22 | 英赛克科技(北京)有限公司 | Industrial protocol message recording device and method |
| CN110213074A (en) * | 2019-03-07 | 2019-09-06 | 腾讯科技(深圳)有限公司 | The anomalous structure mthods, systems and devices of distributed protocol |
| CN110213074B (en) * | 2019-03-07 | 2022-03-11 | 腾讯科技(深圳)有限公司 | Distributed protocol exception construction method, system and device |
| CN111049843A (en) * | 2019-12-18 | 2020-04-21 | 国网浙江省电力有限公司宁波供电公司 | Intelligent substation network abnormal flow analysis method |
| CN112769867A (en) * | 2021-02-05 | 2021-05-07 | 国网福建省电力有限公司电力科学研究院 | Safety assessment method for transformer substation simulation equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105871847B (en) | 2018-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105871847A (en) | Intelligent substation network abnormal flow detection method | |
| US20180316719A1 (en) | Method for mitigation of cyber attacks on industrial control systems | |
| CN105429977B (en) | Deep packet inspection device abnormal flow monitoring method based on comentropy measurement | |
| KR100748246B1 (en) | Multi-step integrated security monitoring system and method using intrusion detection system log collection engine and traffic statistic generation engine | |
| CN109600363A (en) | A kind of internet-of-things terminal network portrait and abnormal network access behavioral value method | |
| CN104468631A (en) | Network intrusion identification method based on anomaly flow and black-white list library of IP terminal | |
| CN100518076C (en) | Journal accounting method and system | |
| CN110401624A (en) | The detection method and system of source net G system mutual message exception | |
| CN109391613A (en) | A kind of intelligent substation method for auditing safely based on SCD parsing | |
| CN106357685A (en) | Method and device for defending distributed denial of service attack | |
| Sun et al. | Network security technology of intelligent information terminal based on mobile internet of things | |
| CN105025011A (en) | A vehicle information security evaluation method | |
| CN103686737B (en) | Wireless sensor network intrusion tolerance method and system based on tree topology | |
| CN112235288A (en) | NDN network intrusion detection method based on GAN | |
| CN106209902A (en) | A kind of network safety system being applied to intellectual property operation platform and detection method | |
| CN113810362A (en) | Safety risk detection and disposal system and method thereof | |
| Xiong et al. | A vulnerability detecting method for Modbus-TCP based on smart fuzzing mechanism | |
| Zhou et al. | Research of network traffic anomaly detection model based on multilevel autoregression | |
| Suo et al. | Research on the application of honeypot technology in intrusion detection system | |
| CN107271133A (en) | A kind of dust storm monitoring system based on wireless sensor network | |
| CN102271331A (en) | Method and system for detecting reliability of service provider (SP) site | |
| CN109150920A (en) | A kind of attack detecting source tracing method based on software defined network | |
| CN103107907A (en) | Safe responding method based on event flow adding promotion pattern | |
| CN107277070A (en) | A kind of computer network instrument system of defense and intrusion prevention method | |
| CN108023884A (en) | A kind of encryption method of Networks and information security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |