CN103618651A - Network abnormality detection method and system based on information entropy and sliding window - Google Patents
Network abnormality detection method and system based on information entropy and sliding window Download PDFInfo
- Publication number
- CN103618651A CN103618651A CN201310676371.7A CN201310676371A CN103618651A CN 103618651 A CN103618651 A CN 103618651A CN 201310676371 A CN201310676371 A CN 201310676371A CN 103618651 A CN103618651 A CN 103618651A
- Authority
- CN
- China
- Prior art keywords
- entropy
- window
- time
- time window
- comentropy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses network abnormality detection method and system based on information entropy and a sliding window. The method comprises the following steps: defining the size of a time window and a sliding distance of the time window; progressively calculating the entropy and the entropy ratio of each time window orderly according to the sliding window; judging that network abnormality occurs when data mutation is generated in the time window or does not accord with the previous law if the entropy of the time window is smaller than a given threshold or the entropy ratio is greater than the given threshold. By adopting the method and the system, an information entropy model and a sliding window technology are led in, so as to find out the problem of network abnormality; the network abnormity can be quickly found out, the model is simplified to a certain extent, and the network abnormality can be quickly found out.
Description
Technical field
The present invention relates to a kind of network anomaly detection method and system, particularly relate to a kind of network anomaly detection method and system based on comentropy and sliding window.
Background technology
The method of Network anomaly detection is mainly the method based on statistics at present, wherein mainly comprises following five kinds: 1) threshold detection technique.For example, detect the number of times of password mistake at short notice.2) average and standard deviation modelling technique.By average and the standard deviation of calculating parameter, set confidential interval, when measured value surpasses the scope of confidential interval, show to have abnormal.3) set up multivariate model.Its detection is to note abnormalities based on two or more parameters are carried out to correlation analysis.4) Markov model.Each of audit event is dissimilar as a state variable, use a state-transition matrix to describe state variation, it may be extremely to produce a little that the state matrix that probability is less shifts.5) time series models.Consider that order, the time of advent and value that a series of observations occur note abnormalities.
Yet above-mentioned network anomaly detection method all respectively has following shortcoming: the model of first method is comparatively simple, yet it cannot detect more abnormal behaviour type; For second method, because confidential interval need to artificially arrange by experience, therefore need failure and the experience of more number of times to generate believable confidential interval; The third method model is complicated, and result can along with parameter difference, tool has a greater change; Send out method for the 4th kind and be applicable to the situation that variable is continuous parameter, for being sampled as centrifugal pump, obtaining situation and cannot obtain effective result; The result of Lung biopsy depends on the size that time window arranges.
Summary of the invention
The deficiency existing for overcoming above-mentioned prior art, the present invention's object is to provide a kind of network anomaly detection method and system based on comentropy and sliding window, by comentropy model and sliding window technique introducing Network Abnormal are pinpointed the problems, discovering network is abnormal quickly, and also discovering network is abnormal fast to have simplified to a certain extent model.
For reaching above-mentioned and other object, the present invention proposes a kind of network anomaly detection method based on comentropy and sliding window, comprises the steps:
Further, step 2 also comprises the steps:
Step 2.1, the bit number x of interior each time point of window computing time
iwith normalized value z
i;
Step 2.2, according to bit number x
iwith normalized value z
icalculate z on each time point
iprobability p (z
i);
Step 2.3, according to z on each time point
iprobability p (z
i) computing time window at z
ion entropy and entropy ratio.
Further, in step 2.1, according to the bit number x of each time point in following formula window computing time
iwith normalized value z
i:
x
i=b
i-b
i-1;
Further, in step 2.2, according to following formula, calculate z on each time point
iprobability p (z
i):
Wherein
For average,
For variance.
Further, in step 2.3, according to following formula window computing time TW
kat z
ion entropy E (TW
k):
Further, in step 2.3, the entropy ratio of i time window is that the mean value of entropy of a front s window is divided by the entropy of i time window.
Further, this desired value is chosen the interfaces class in router administration information bank.
For achieving the above object, the present invention also provides a kind of Network anomaly detection system based on comentropy and sliding window, at least comprises:
Time window arranges module, for the sliding distance p of definition time window size n and time window;
Entropy and entropy ratio calculation module, go forward one by one successively and calculate entropy and the entropy ratio of each time window according to sliding window setting;
Judge module, according to calculating the entropy of time window or the comparative result of entropy ratio and given threshold value obtaining, judges whether to occur Network Abnormal.
Further, if calculate, the entropy of the time window obtaining is less than given threshold value or entropy ratio is greater than given threshold value, and this judge module judges in this time window has data sudden change or the situation of rule before that do not meet to occur, and Network Abnormal occurs.
Further, this entropy and the entropy ratio calculation module bit number x of each time point in computing time window first
iwith normalized value z
i, then according to the bit number x of each time point obtaining
iwith normalized value z
icalculate z on each time point
iprobability p (z
i), finally according to z
iprobability p (z
i) computing time window at z
ion entropy and entropy ratio.
Compared with prior art, a kind of network anomaly detection method based on comentropy and sliding window of the present invention is by pinpointing the problems comentropy model and sliding window technique introducing Network Abnormal, discovering network is abnormal quickly, and also discovering network is abnormal fast to have simplified to a certain extent model.
Accompanying drawing explanation
Fig. 1 is that the MIB interface class of certain catenet supply equipment business in preferred embodiment of the present invention records sectional drawing;
Fig. 2 sets gradually equal-sized time window schematic diagram in preferred embodiment of the present invention;
Fig. 3 be in preferred embodiment of the present invention sliding time window schematic diagram is set;
Fig. 4 is the flow chart of steps of a kind of network anomaly detection method based on comentropy and sliding window of the present invention;
Fig. 5 is the system architecture diagram of a kind of Network anomaly detection system based on comentropy and sliding window of the present invention
Fig. 6 carries out the entropy schematic diagram of 9 windows of abnormality detection with ifInOctets variable in the present invention's experiment 1;
Fig. 7 is IfInOctets and the IfInDiscards index ASSOCIATE STATISTICS schematic diagram of router gw2 mouth in the present invention's experiment 2;
Fig. 8 is entropy and the entropy ratio schematic diagram of each time window in 4320-4560 minute in the present invention's experiment 2.
Embodiment
Below, by specific instantiation accompanying drawings embodiments of the present invention, those skilled in the art can understand other advantage of the present invention and effect easily by content disclosed in the present specification.The present invention also can be implemented or be applied by other different instantiation, and the every details in this specification also can be based on different viewpoints and application, carries out various modifications and change not deviating under spirit of the present invention.
Before introducing the present invention, first data source and theory basis selected for the present invention and that gather are done an introduction:
(1) data source choosing and gathering
Router administration information bank (Management Information Base, abbreviation MIB) there are 11 class object data, comprise system essential information as system class or with protocol-dependent information as IP class and TCP class etc., due to the nonumeric type of these data and too strong with network application correlation, be not suitable as the abnormality detection of generality.
In the present invention, the interfaces class of choosing in router administration information bank MIB is index set, what the type identified is the information of network interface, as the quantity of the packet by interface etc., with concrete protocol-independent, therefore this class data target has the generality irrelevant with application, is applicable to the abnormality detection as the router of generality.Interfaces class mainly comprises 12 kinds of numeric type variable indexs, as shown in table 1 below:
Interfaces class leading indicator list in table 1.MIB
Object indications | ASN.1 coding | Data type | Object factory |
ifInOctets | 1.3.6.1.2.1.2.2.1.10 | Counter32 | Total bit number that interface is received |
ifInUcastPkts | 1.3.6.1.2.1.2.2.1.11 | Counter32 | The unicast packet number that interface is received |
ifInNUcastPkts | 1.3.6.1.2.1.2.2.1.12 | Counter32 | The non-unicast bag number that interface is received |
ifInDiscards | 1.3.6.1.2.1.2.2.1.13 | Counter32 | The bag number that interface is received and abandoned |
ifInErrors | 1.3.6.1.2.1.2.2.1.14 | Counter32 | The bag number of makeing mistakes that interface is received |
ifInUnknownProtos | 1.3.6.1.2.1.2.2.1.15 | Counter32 | The unknown protocol bag number that interface is received |
ifOutOctcts | 1.3.6.1.2.1.2.2.1.16 | Counter32 | Total bit number that interface sends out |
ifOutUcastPkts | 1.3.6.1.2.1.2.2.1.17 | Counter32 | The unicast packet number that interface sends out |
ifOutNUcastPkts | 1.3.6.1.2.1.2.2.1.18 | Counter32 | The non-unicast bag number that interface sends out |
ifOutDiscards | 1.3.6.1.2.1.2.2.1.19 | Counter32 | The bag number that the need that interface abandons transmit |
ifOutErrors | 1.3.6.1.2.1.2.2.1.20 | Counter32 | The bag number of makeing mistakes that interface cannot transmit |
ifOutQLcn | 1.3.6.1.2.1.2.2.1.21 | Unsigned32 | Transmit the length that bag is lined up |
In preferred embodiment of the present invention, data source is picked up from the real-time MIB data record that certain catenet equipment supplier provides, and within router every 2 minutes, all can upgrade MIB.For example, Fig. 1 is that in MIB, interfaces class records sectional drawing, as shown in Figure 1, total bit number (ifInOctets index) that 11: 44 Monday of August 4, interface was received is 828590480, and interface is received and the bag number (ifInDiscards index) that abandons is 0.
(2) technology path
In the ifInOctets index of take in MIB, carry out Network anomaly detection as example, establish time window TW
krepresentative from time point k to time point k+n(wherein window size be n, time point unit is minute) time period, time point i (i=k, k+1 ..., the ifInOctets desired value of k+n) locating (being total bit number that time point i place interface is received) is b
i, the bit number that interface receives at time point i is
x
i=b
i-b
i-1. (1)
For weighing time window TW
kinterior reception bit x
iuncertainty, can embody by its comentropy.Normalization x
i, order
Or
Wherein
can suppose z
iapproximate certain probability distribution of obeying, for example normal distribution, calculates z
idistribution probability
Due to p (z
i) interval be (0,1], so log (p (z
i))≤0 and with p (z
i) monotonic increase, E (TW
k) also with p (z
i) monotonic increase.Therefore, abnormal if the bit number that window interior receives occurs, z
ithe probability that meets normal distribution reduces, and entropy diminishes.Vice versa.
In order to reflect better the variation of network reception bit in nearly a period of time, can for example, by calculating for the previous period the mean entropy of (s time window before) and the ratio of current window entropy, reflect the variation of current entropy, the entropy ratio that defines i window is that the mean value of entropy of a front s window is divided by the entropy of i window, that is:
If entropy ratio ER is (TW
i) exceed given threshold value, in this time window, there is Network Abnormal.
Arranging of time window, there are two kinds of modes: the first is to choose successively equal-sized window (TW
1, TW
2... TW
m), calculate entropy or the entropy ratio of each window, as Fig. 2; Another mode, adopts sliding window technique, and to be previous time window form (being first kind of way when the p=n) to the individual time point of front slide p (p < n) to a rear time window.As Fig. 3.
Fig. 4 is the flow chart of steps of a kind of network anomaly detection method based on comentropy and sliding window of the present invention.As shown in Figure 4, a kind of network anomaly detection method based on comentropy and sliding window of the present invention, comprises the steps:
(1) according to aforementioned formula (1), the bit number x of each time point in (2) and (3) window computing time
iwith normalized value z
i;
(2) according to aforementioned formula (4), calculate z on each time point
iprobability p (z
i);
(3) according to aforementioned formula (5), (6) window computing time at z
ion entropy and entropy ratio.
Fig. 5 is the system architecture diagram of a kind of Network anomaly detection system based on comentropy and sliding window of the present invention.As shown in Figure 5, a kind of Network anomaly detection system based on comentropy and sliding window of the present invention, at least comprises that time window arranges module 501, entropy and entropy ratio calculation module 502 and judge module 503.
Wherein time window arranges module 501 for the sliding distance p of definition time window size n and time window; Entropy and entropy ratio calculation module 502 are gone forward one by one successively and are calculated entropy and the entropy ratio of each time window according to sliding window setting, and specifically, entropy and entropy ratio calculation module 502 be the bit number x of interior each time point of window computing time first
iwith normalized value z
i(according to formula (1), (2), (3)), then according to the bit number x of each time point obtaining
iwith normalized value z
icalculate z on each time point
iprobability p (z
i) (according to formula (4), finally according to z
iprobability p (z
i) computing time window at z
ion entropy and entropy ratio (according to formula (5), (6)); 503 entropy of time window or comparative results of entropy ratio and given threshold value that obtain according to calculating of judge module, judge whether to occur Network Abnormal, if calculate, the entropy of the time window obtaining is less than given threshold value or entropy ratio is greater than given threshold value, judge in this time window and have data sudden change or the situation of rule before that do not meet to occur, may occur abnormal.
Below will to the present invention's beneficial effect, carry out corresponding checking by several experiments.
With the ifInOctets index in MIB database, test, according to above-mentioned algorithm, tested the entropy in 9 time windows, wherein abscissa is time (unit for minute), ordinate is that z (t) represents ifInOctets desired value, and each window entropy calculates as Fig. 6.
As can be seen from Figure 6, the place that curve is milder, entropy is less, abnormal more likely generation, vice versa.
Y (t) expression for IfInDiscards(of integrated survey index IfInOctets (representing with x (t)) and index), total bit number that wherein IfInOctets indication interface is received, the bag number that IfInDiscards indication interface is received and abandoned, if z (t)=x (t)+α y (t), wherein α=3000 are weight.Fig. 7 is the statistical Butut to these data at router gw2 interface.
For Fig. 7 (c), establishing window size is 10, and sliding distance is 10, utilizes algorithm to calculate 4320-4560 minute each window entropy and entropy ratio is shown in Fig. 8.
In Fig. 8, the first row data are entropy of each time window, the entropy ratio of second each time window of behavior, and we adopt current window entropy and the ratio of the mean entropy of 12 windows (2 hours) before here.Can find out, time window [4410,4420] entropy and entropy ratio are respectively 2.7659e-008 and 6.2034, time window [4430,4440] entropy and entropy ratio are respectively 1.4009e-008 and 9.0558, time window [4440,4450] entropy and entropy ratio are respectively 1.7876e-008 and 5.7915, all far beyond the threshold value of setting in program.Therefore system is judged: 4410 minutes to 4450 minutes (with the window of circles mark), Network Abnormal detected in these 40 minutes.Clearly, this data exception also can obtain from Fig. 7 (c) in manual observation.
In sum, a kind of network anomaly detection method based on comentropy and sliding window of the present invention is by pinpointing the problems comentropy model and sliding window technique introducing Network Abnormal, discovering network is abnormal quickly, and also discovering network is abnormal fast to have simplified to a certain extent model.
Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not for limiting the present invention.Any those skilled in the art all can, under spirit of the present invention and category, modify and change above-described embodiment.Therefore, the scope of the present invention, should be as listed in claims.
Claims (10)
1. the network anomaly detection method based on comentropy and sliding window, comprises the steps:
Step 1, the sliding distance of definition time window size and time window;
Step 2, goes forward one by one successively and calculates entropy and the entropy ratio of each time window according to sliding window setting;
Step 3, if calculate, the entropy of the time window obtaining is less than given threshold value or entropy ratio is greater than given threshold value, judges in this time window and has data sudden change or the situation of rule before that do not meet to occur, and Network Abnormal occurs.
2. a kind of network anomaly detection method based on comentropy and sliding window as claimed in claim 1, is characterized in that, step 2 also comprises the steps:
Step 2.1, the bit number x of interior each time point of window computing time
iwith normalized value z
i;
Step 2.2, according to bit number x
iwith normalized value z
icalculate z on each time point
iprobability p (z
i);
Step 2.3, according to z on each time point
iprobability p (z
i) computing time window at z
ion entropy and entropy ratio.
3. a kind of network anomaly detection method based on comentropy and sliding window as claimed in claim 2, is characterized in that, in step 2.1, according to the bit number x of each time point in following formula window computing time
iwith normalized value z
i:
x
i=b
i-b
i-1;
6. a kind of network anomaly detection method based on comentropy and sliding window as claimed in claim 5, is characterized in that, in step 2.3, the entropy ratio of i time window is that the mean value of entropy of a front s window is divided by the entropy of i time window.
7. a kind of network anomaly detection method based on comentropy and sliding window as claimed in claim 6, is characterized in that: this desired value is chosen the interfaces class in router administration information bank.
8. the Network anomaly detection system based on comentropy and sliding window, at least comprises:
Time window arranges module, for the sliding distance p of definition time window size n and time window;
Entropy and entropy ratio calculation module, go forward one by one successively and calculate entropy and the entropy ratio of each time window according to sliding window setting;
Judge module, according to calculating the entropy of time window or the comparative result of entropy ratio and given threshold value obtaining, judges whether to occur Network Abnormal.
9. a kind of Network anomaly detection system based on comentropy and sliding window as claimed in claim 8, it is characterized in that: if calculate, the entropy of the time window obtaining is less than given threshold value or entropy ratio is greater than given threshold value, this judge module judges in this time window has data sudden change or the situation of rule before that do not meet to occur, and Network Abnormal occurs.
10. a kind of Network anomaly detection system based on comentropy and sliding window as claimed in claim 8, is characterized in that: this entropy and entropy ratio calculation module be the bit number x of interior each time point of window computing time first
iwith normalized value z
i, then according to the bit number x of each time point obtaining
iwith normalized value z
icalculate z on each time point
iprobability p (z
i), finally according to z
iprobability p (z
i) computing time window at z
ion entropy and entropy ratio.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310676371.7A CN103618651B (en) | 2013-12-11 | 2013-12-11 | It is a kind of based on comentropy and the network anomaly detection method and system of sliding window |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310676371.7A CN103618651B (en) | 2013-12-11 | 2013-12-11 | It is a kind of based on comentropy and the network anomaly detection method and system of sliding window |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103618651A true CN103618651A (en) | 2014-03-05 |
CN103618651B CN103618651B (en) | 2017-03-29 |
Family
ID=50169355
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310676371.7A Expired - Fee Related CN103618651B (en) | 2013-12-11 | 2013-12-11 | It is a kind of based on comentropy and the network anomaly detection method and system of sliding window |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103618651B (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103945442A (en) * | 2014-05-07 | 2014-07-23 | 东南大学 | System anomaly detection method based on linear prediction principle in mobile communication system |
CN104539489A (en) * | 2015-01-21 | 2015-04-22 | 清华大学 | Network flow abnormality detection method based on adjustable segmented Shannon entropy |
CN104539488A (en) * | 2015-01-21 | 2015-04-22 | 清华大学 | Network flow abnormity detection method based on adjustable sectional Tsallis entropy |
CN104618175A (en) * | 2014-12-19 | 2015-05-13 | 上海电机学院 | Network abnormity detection method |
CN105373620A (en) * | 2015-12-04 | 2016-03-02 | 中国电力科学研究院 | Mass battery data exception detection method and system for large-scale battery energy storage power stations |
CN105429977A (en) * | 2015-11-13 | 2016-03-23 | 武汉邮电科学研究院 | Method for monitoring abnormal flows of deep packet detection equipment based on information entropy measurement |
CN107683586A (en) * | 2015-06-04 | 2018-02-09 | 思科技术公司 | Method and apparatus for rare degree of the calculating in abnormality detection based on cell density |
CN110430805A (en) * | 2016-11-30 | 2019-11-08 | 利得高集团有限公司 | Improve the hemodynamic monitors of filtering function |
CN110798463A (en) * | 2019-10-25 | 2020-02-14 | 广州大学 | Network covert channel detection method and device based on information entropy |
CN111818037A (en) * | 2020-07-02 | 2020-10-23 | 上海工业控制安全创新科技有限公司 | Vehicle-mounted network flow abnormity detection defense method and system based on information entropy |
CN112131274A (en) * | 2020-09-22 | 2020-12-25 | 平安科技(深圳)有限公司 | Method, device and equipment for detecting time series abnormal points and readable storage medium |
CN112583808A (en) * | 2020-12-08 | 2021-03-30 | 国网湖南省电力有限公司 | Abnormal flow detection method for Internet of things equipment |
CN113660237A (en) * | 2021-08-10 | 2021-11-16 | 和中通信科技有限公司 | Industrial Internet data flow abnormity detection method based on dynamic sliding window, memory and processor |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102014031A (en) * | 2010-12-31 | 2011-04-13 | 湖南神州祥网科技有限公司 | Method and system for network flow anomaly detection |
CN103281293A (en) * | 2013-03-22 | 2013-09-04 | 南京江宁台湾农民创业园发展有限公司 | Network flow rate abnormity detection method based on multi-dimension layering relative entropy |
-
2013
- 2013-12-11 CN CN201310676371.7A patent/CN103618651B/en not_active Expired - Fee Related
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103945442A (en) * | 2014-05-07 | 2014-07-23 | 东南大学 | System anomaly detection method based on linear prediction principle in mobile communication system |
CN104618175A (en) * | 2014-12-19 | 2015-05-13 | 上海电机学院 | Network abnormity detection method |
CN104539489B (en) * | 2015-01-21 | 2017-12-29 | 清华大学 | Network flow abnormal detecting method based on adjustable segmentation Shannon entropys |
CN104539488A (en) * | 2015-01-21 | 2015-04-22 | 清华大学 | Network flow abnormity detection method based on adjustable sectional Tsallis entropy |
CN104539489A (en) * | 2015-01-21 | 2015-04-22 | 清华大学 | Network flow abnormality detection method based on adjustable segmented Shannon entropy |
CN107683586B (en) * | 2015-06-04 | 2021-07-20 | 思科技术公司 | Method and apparatus for calculating cell density based dilution for use in anomaly detection |
CN107683586A (en) * | 2015-06-04 | 2018-02-09 | 思科技术公司 | Method and apparatus for rare degree of the calculating in abnormality detection based on cell density |
CN105429977A (en) * | 2015-11-13 | 2016-03-23 | 武汉邮电科学研究院 | Method for monitoring abnormal flows of deep packet detection equipment based on information entropy measurement |
CN105429977B (en) * | 2015-11-13 | 2018-08-07 | 武汉邮电科学研究院 | Deep packet inspection device abnormal flow monitoring method based on comentropy measurement |
CN105373620A (en) * | 2015-12-04 | 2016-03-02 | 中国电力科学研究院 | Mass battery data exception detection method and system for large-scale battery energy storage power stations |
CN110430805A (en) * | 2016-11-30 | 2019-11-08 | 利得高集团有限公司 | Improve the hemodynamic monitors of filtering function |
US11382567B2 (en) | 2016-11-30 | 2022-07-12 | Lidco Group Plc | Haemodynamic monitor with improved filtering |
CN110430805B (en) * | 2016-11-30 | 2022-07-05 | 利得高集团有限公司 | Hemodynamics monitor with improved filtering function |
CN110798463A (en) * | 2019-10-25 | 2020-02-14 | 广州大学 | Network covert channel detection method and device based on information entropy |
CN110798463B (en) * | 2019-10-25 | 2022-01-18 | 广州大学 | Network covert channel detection method and device based on information entropy |
CN111818037A (en) * | 2020-07-02 | 2020-10-23 | 上海工业控制安全创新科技有限公司 | Vehicle-mounted network flow abnormity detection defense method and system based on information entropy |
CN112131274A (en) * | 2020-09-22 | 2020-12-25 | 平安科技(深圳)有限公司 | Method, device and equipment for detecting time series abnormal points and readable storage medium |
CN112131274B (en) * | 2020-09-22 | 2024-01-19 | 平安科技(深圳)有限公司 | Method, device, equipment and readable storage medium for detecting abnormal points of time sequence |
CN112583808A (en) * | 2020-12-08 | 2021-03-30 | 国网湖南省电力有限公司 | Abnormal flow detection method for Internet of things equipment |
CN112583808B (en) * | 2020-12-08 | 2022-01-07 | 国网湖南省电力有限公司 | Abnormal flow detection method for Internet of things equipment |
CN113660237A (en) * | 2021-08-10 | 2021-11-16 | 和中通信科技有限公司 | Industrial Internet data flow abnormity detection method based on dynamic sliding window, memory and processor |
Also Published As
Publication number | Publication date |
---|---|
CN103618651B (en) | 2017-03-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103618651A (en) | Network abnormality detection method and system based on information entropy and sliding window | |
CN101645884B (en) | Multi-measure network abnormity detection method based on relative entropy theory | |
CN105376260B (en) | A kind of exception flow of network monitoring system based on density peaks cluster | |
CN107092654A (en) | Based on Change in Mean detect alarm normally with abnormal deviation data examination method and device | |
CN105044759B (en) | A kind of state estimation of digital nuclear detector is with ensureing maintaining method and system | |
CN102818948B (en) | Synthetic diagnosing method based on fuzzy fault diagnosis and relevancy model diagnosis | |
CN104537034A (en) | Electric-transmission-and-transformation-equipment state monitoring data cleaning method based on time series analysis | |
US8903757B2 (en) | Proactive information technology infrastructure management | |
CN102520274B (en) | Method for forecasting service life of intermediate frequency log amplifier based on failure physics | |
CN106375339A (en) | Attack mode detection method based on event slide window | |
CN102098306A (en) | Network attack path analysis method based on incidence matrixes | |
EP3927000A1 (en) | Network element health status detection method and device | |
CN102055604A (en) | Fault location method and system thereof | |
CN104281779A (en) | Abnormal data judging and processing method and device | |
CN116541678B (en) | Pressure monitoring method and device for gas station safety pipeline | |
CN106059829A (en) | Hidden markov-based network utilization ratio sensing method | |
CN115277464A (en) | Cloud network change flow anomaly detection method based on multi-dimensional time series analysis | |
CN112380206B (en) | Diagnosis and repair method of traffic time sequence data | |
CN114295162A (en) | Environmental monitoring system based on data acquisition | |
CN117391373A (en) | Multi-dimensional data-based full-channel intelligent operation and maintenance management method and system | |
Mokashi et al. | Performance comparison of MSER-5 and N-Skart on the simulation start-up problem | |
Abidin et al. | Model selection and validation of extreme distribution by goodness-of-fit test based on conditional position | |
EP3113088A1 (en) | Energy intensity variability analysis | |
KR100449476B1 (en) | The hierarchical intrusion detection system and method unifying and resolving the misuses and anomalies of network | |
CN103310282A (en) | System and method for selecting safety-control model and safety-control system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170329 Termination date: 20191211 |