CN104378353A - Internet of things information security method based on Bayesian clustering - Google Patents
Internet of things information security method based on Bayesian clustering Download PDFInfo
- Publication number
- CN104378353A CN104378353A CN201410550028.2A CN201410550028A CN104378353A CN 104378353 A CN104378353 A CN 104378353A CN 201410550028 A CN201410550028 A CN 201410550028A CN 104378353 A CN104378353 A CN 104378353A
- Authority
- CN
- China
- Prior art keywords
- variable
- abnormal
- intrusion
- information security
- bayesian
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides an internet of things information security method based on Bayesian clustering, and relates to the technical field of information security. The method includes the steps of inferring and judging whether an intrusion event happens or not by measuring variable values A1, A2...An at any given moment, wherein all variables Ai represent the characteristics of different aspects of a system; assuming that each variable Ai has two values, namely, 1 and 0, wherein 1 represents abnormity, 0 represents normality, and I represents that the system is intruded and attacked at present; representing the abnormal reliability of each abnormal variable Ai as P(Ai=1/I), and representing the sensibility of each abnormal variable as P(Ai=1/I); obtaining the reliability of I according to the Bayesian theorem under the condition of each given variable Ai, and detecting and judging the probability of intrusion according to the values of various types of abnormity measurement, the prior probability of intrusion and the abnormity probabilities obtained through all types of measurement when intrusion happens. By means of the method, a program can automatically judge and determine the number of types as much as possible, and continuous and discrete attributes can be freely mixed.
Description
Technical field:
The present invention relates to field of information security technology, be specifically related to a kind of method of the Internet of Things information security based on Bayesian Clustering.
Background technology:
The development of computer network, information sharing is applied increasingly extensive and deeply, but the information of enterprise is transmitted on public network, may by illegal wiretapping, intercept, distort or destroy, and cause immeasurable loss.The network information security refers to that the data in the hardware of network system, software and system thereof are protected, and do not suffer by reason that is accidental or malice to destroy, change, to reveal, system can reliably be run continuously, and network service does not interrupt.
Computer network security should provide the ability of confidentiality, integrality and opposing denial of service, but due to the increase of on-line customer, a lot of system is subject to the attack of invader all more or less.These invaders utilize the defect attempt destruction system of operating system or application program.Tackle the attack of these invaders; all users can be required to confirm and verify oneself identity, and using strict access control mechanisms, protection can also be provided with various cryptography method to data; but this is not feasible, and access control and protection model itself also have problems.
Summary of the invention:
The object of this invention is to provide a kind of method of the Internet of Things information security based on Bayesian Clustering, it is according to given data, and program automatically judges to determine number of types as much as possible; Do not require special similarity measure, pause rule and clustering criteria; Freely can mix continuous print and discrete attribute.
In order to solve the problem existing for background technology, the present invention is by the following technical solutions: it is by when any given when based on Bayesian inference method for detecting abnormality, measures A1, A2 ..., whether An variate-value reasoning and judging has intrusion event to occur.Wherein each Ai variable represents aspect feature that system is different (as the activity quantity of magnetic disc i/o, or in system the number of page fault); Assuming that Ai variable has two values, 1 represents it is abnormal, and 0 represents normal.I represents that system is current and suffers Network Intrusion; The abnormal reliability of each exceptional variable Ai and sensitiveness are expressed as P (Ai=1/I) and P (Ai=1/I); Then under the condition of given each Ai, drawn the confidence level of I by Bayes' theorem, often plant the abnormal probability measured when occurring according to the various abnormal value of measurement, the prior probability of invasion and invasion, thus the probability judging invasion can be detected.
The present invention has following beneficial effect: it is according to given data, and program automatically judges to determine number of types as much as possible; Do not require special similarity measure, pause rule and clustering criteria; Freely can mix continuous print and discrete attribute.
Embodiment:
This embodiment is by the following technical solutions: it is by when any given when based on Bayesian inference method for detecting abnormality, measures A1, A2 ..., whether An variate-value reasoning and judging has intrusion event to occur.Wherein each Ai variable represents aspect feature that system is different (as the activity quantity of magnetic disc i/o, or in system the number of page fault); Assuming that Ai variable has two values, 1 represents it is abnormal, and 0 represents normal.I represents that system is current and suffers Network Intrusion; The abnormal reliability of each exceptional variable Ai and sensitiveness are expressed as P (Ai=1/I) and P (Ai=1/I); Then under the condition of given each Ai, drawn the confidence level of I by Bayes' theorem, often plant the abnormal probability measured when occurring according to the various abnormal value of measurement, the prior probability of invasion and invasion, thus the probability judging invasion can be detected.
Bayesian statistical analysis is combined prior information with sample information, among statistical inference.Comprehensive by Bayesian formula prior information and sample information, obtain posterior information.And the priori that the posterior information obtained can calculate as a new round, comprehensive with the sample information obtained further, the next posterior information asked.Along with this process continues, posterior information is more and more close to true value really.That is, the study mechanism of bayes method really to exist and effective.The process of this study is actually the process of an iteration, and data statistics worker this process verified is convergence, because obtain a posteriori distribution density like this have the upper bound, and monotonic increase.This means that it will converge on certain value.Along with increasing of sample, the impact of prior information weakens gradually, and the impact of sample information is by more and more significant.When sample is a lot, the estimation of prior distribution density is very little on the impact of result.In other words, prior distribution density can be estimated arbitrarily.But when sample is few, prior distribution density is estimated the fine or not impact on result is just larger.If prior distribution density can be estimated rightly, just can use a small amount of sample data, carry out iteration several times and just obtain satisfied result.
The present invention has following beneficial effect: it is according to given data, and program automatically judges to determine number of types as much as possible; Do not require special similarity measure, pause rule and clustering criteria; Freely can mix continuous print and discrete attribute.
Claims (1)
1. based on a method for the Internet of Things information security of Bayesian Clustering, it is characterized in that based on Bayesian inference method for detecting abnormality be by when any given when, measure A1, A2 ..., whether An variate-value reasoning and judging has intrusion event to occur.Wherein each Ai variable represents the aspect feature that system is different; Assuming that Ai variable has two values, 1 represents it is abnormal, and 0 represents normal.I represents that system is current and suffers Network Intrusion; The abnormal reliability of each exceptional variable Ai and sensitiveness are expressed as P (Ai=1/I) and P (Ai=1/I); Then under the condition of given each Ai, drawn the confidence level of I by Bayes' theorem, often plant the abnormal probability measured when occurring according to the various abnormal value of measurement, the prior probability of invasion and invasion, thus the probability judging invasion can be detected.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410550028.2A CN104378353A (en) | 2014-10-16 | 2014-10-16 | Internet of things information security method based on Bayesian clustering |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410550028.2A CN104378353A (en) | 2014-10-16 | 2014-10-16 | Internet of things information security method based on Bayesian clustering |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104378353A true CN104378353A (en) | 2015-02-25 |
Family
ID=52557010
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410550028.2A Pending CN104378353A (en) | 2014-10-16 | 2014-10-16 | Internet of things information security method based on Bayesian clustering |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104378353A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103338451A (en) * | 2013-06-24 | 2013-10-02 | 西安电子科技大学 | Method for detecting distributed malicious nodes in wireless sensor network |
| CN104008332A (en) * | 2014-04-30 | 2014-08-27 | 浪潮电子信息产业股份有限公司 | Intrusion detection system based on Android platform |
-
2014
- 2014-10-16 CN CN201410550028.2A patent/CN104378353A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103338451A (en) * | 2013-06-24 | 2013-10-02 | 西安电子科技大学 | Method for detecting distributed malicious nodes in wireless sensor network |
| CN104008332A (en) * | 2014-04-30 | 2014-08-27 | 浪潮电子信息产业股份有限公司 | Intrusion detection system based on Android platform |
Non-Patent Citations (1)
| Title |
|---|
| 卿斯汉等: "入侵检测技术研究综述", 《通信学报》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Rakas et al. | A review of research work on network-based scada intrusion detection systems | |
| Kholidy | Detecting impersonation attacks in cloud computing environments using a centric user profiling approach | |
| Xie et al. | Using Bayesian networks for cyber security analysis | |
| CN111953679A (en) | Intranet user behavior measurement method and network access control method based on zero trust | |
| Yang et al. | FARIMA model‐based communication traffic anomaly detection in intelligent electric power substations | |
| Cotroneo et al. | Automated root cause identification of security alerts: Evaluation in a SaaS Cloud | |
| CN107612927B (en) | Safety detection method for power dispatching automation system | |
| US20200244693A1 (en) | Systems and methods for cybersecurity risk assessment of users of a computer network | |
| Wang et al. | Cyber inference system for substation anomalies against alter-and-hide attacks | |
| Kim et al. | Smart seed selection-based effective black box fuzzing for IIoT protocol | |
| Kuznetsov et al. | Variance analysis of networks traffic for intrusion detection in smart grids | |
| US12113810B2 (en) | Autonomic incident response system | |
| CN108566307B (en) | Quantitative network security protection intensity evaluation method and system | |
| CN113422776A (en) | Active defense method and system for information network security | |
| Ramasubramanian et al. | Quickprop neural network ensemble forecasting framework for a database intrusion prediction system | |
| Papa et al. | A transfer function based intrusion detection system for SCADA systems | |
| Thiriet et al. | Some considerations on dependability issues and cyber-security of Cyber-Physical Systems | |
| CN104378353A (en) | Internet of things information security method based on Bayesian clustering | |
| Maynard et al. | Using Application Layer Metrics to Detect Advanced SCADA Attacks. | |
| WO2014060964A2 (en) | Method and system for detecting intrusion in networks and systems based on business-process specification | |
| Levonevskiy et al. | Network attacks detection using fuzzy logic | |
| Sabri et al. | Hybrid of rough set theory and artificial immune recognition system as a solution to decrease false alarm rate in intrusion detection system | |
| Kadam et al. | Various approaches for intrusion detection system: an overview | |
| CN113949539A (en) | Protection method for network security of KNS system of nuclear power plant and KNS system | |
| Pryshchepa et al. | Modern IT problems and ways to solve them |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150225 |
|
| WD01 | Invention patent application deemed withdrawn after publication |