CN105871847B - A kind of intelligent substation exception flow of network detection method - Google Patents
A kind of intelligent substation exception flow of network detection method Download PDFInfo
- Publication number
- CN105871847B CN105871847B CN201610202100.1A CN201610202100A CN105871847B CN 105871847 B CN105871847 B CN 105871847B CN 201610202100 A CN201610202100 A CN 201610202100A CN 105871847 B CN105871847 B CN 105871847B
- Authority
- CN
- China
- Prior art keywords
- message
- source
- flow
- information
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 20
- 230000002159 abnormal effect Effects 0.000 claims abstract description 46
- 238000000034 method Methods 0.000 claims abstract description 18
- 238000007619 statistical method Methods 0.000 claims abstract description 12
- 238000004364 calculation method Methods 0.000 claims description 10
- 239000000284 extract Substances 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000012790 confirmation Methods 0.000 claims description 3
- 235000013399 edible fruits Nutrition 0.000 claims 1
- 238000004458 analytical method Methods 0.000 description 7
- 230000002547 anomalous effect Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000001186 cumulative effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 206010033799 Paralysis Diseases 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 230000001902 propagating effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000003612 virological effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
The invention discloses a kind of intelligent substation exception flow of network detection methods, including following steps:(1) mirror port for configuring substation's interchanger, accesses substation network by mirror port;(2) message of parsing capture;(3) for statistical analysis according to different source addresses to accumulative message information, judge each source address with the presence or absence of abnormal flow;(4) for statistical analysis according to different source/destination addresses to accumulative message information, judge between each pair of source/destination address with the presence or absence of abnormal flow;(5) exception information is sent to remote dispatching system, stores accumulative message information, return step (2) carries out new round abnormal traffic detection.The present invention gives real-time reliable substation network abnormal flow recognition methods, and finally realize the real-time report and alarm output of substation network abnormal flow information.
Description
Technical field
The present invention relates to a kind of intelligent substation exception flow of network detection methods, belong to the detection of smart grid information security
With defense technique field.
Background technique
Recently as the development of smart grid, the country is promoting the construction of intelligent substation.Inside intelligent substation
The network structure netted using three layer two, the various data interactions of equipment room all pass through network implementations.On December 23rd, 2015 crow
The a wide range of event of Crane power grid, it is considered to be hacker attacks leads to power grid paralysis event for the first time in the world, which makes industry control
Safety is got the attention.Inside intelligent substation, violation when due to O&M debugging connects outside or mobile memory medium
Use, produce a possibility that various rogue programs are brought into inside substation.Three layer two net structure save construction at
This, while facilitating device data to transmit, also provides for various viral propagating in substation network for wooden horse with offensive attack
Convenience.But detection and the initiative type safeguard technology for Network anomalous behaviors are also lacked inside substation at present.
Since the propagation and destruction of various abnormal behaviours (malicious attack, Virus, unauthorized access etc.) require to utilize
Network is completed, so being to carry out effectively finding the master with defence at present to Network anomalous behaviors to network flow monitoring and analysis
Want one of means.Substation formally builds up put into operation after, internal equipment is fixed and the data exchange of equipment room is also
It is metastable.Any equipment generates that excessive flow or flow are too small to can be seen as Traffic Anomaly, and existing leads to substation
There is the possibility of safety problem in inside, needs to provide alarm output, to cause the concern of skilled addressee and to carry out in time
The investigation of problem.
Summary of the invention
In view of the deficienciess of the prior art, it is an object of the present invention to provide a kind of detections of intelligent substation exception flow of network
Method, The present invention gives real-time reliable substation network abnormal flow recognition methods, and finally realize that substation network is different
The real-time report and alarm output of normal flow information.
To achieve the goals above, the present invention is to realize by the following technical solutions:
A kind of intelligent substation exception flow of network detection method of the invention, including following steps:
(1) mirror port for configuring substation's interchanger, for guaranteeing the copy of all network messages by interchanger
It can be exported from mirror port, substation network is accessed by mirror port;
(2) message of parsing capture, filters empty message, extracts source and destination address and the length information of message, adds up
The message information of a period of time;
(3) for statistical analysis according to different source addresses to accumulative message information, when obtaining one section of each source address
Interior network traffic information judges each source address with the presence or absence of abnormal flow;
(4) for statistical analysis according to different source/destination addresses to accumulative message information, obtain each pair of source/destination
Network traffic information between address in a period of time judges between each pair of source/destination address with the presence or absence of abnormal flow;
(5) it shows abnormal flow information, and exception information is sent to remote dispatching system, store accumulative message letter
Breath, return step (2) carry out new round abnormal traffic detection.
In step (2), the message of the parsing capture specifically includes following steps:
(2a) captures complete message from mirror port, for guaranteeing the integrality of single message;
Whether (2b) judges whether it is Transmission Control Protocol control message, i.e., be ACK confirmation message, FIN end message, RES reset
Message or SYN sync message, if it is, not handling the message turns to step (2a), if it is not, then turning to step (2c);
(2c) extracts following information from data message:Source address, destination address and message length;
(2d) is saved obtained message information is extracted in the buffer, and saves the message information in a period of time Δ t1.
It is as follows according to different source addresses method for statistical analysis in step (3):
All messages cached in step (2d) are grouped by (3a) according to source address;
(3b) adds up message length of each source address d for a period of time in Δ t1, calculates source address d average flow rate, count
Calculation mode is:Wherein p is the message that Δ t1 inner source address is d, and length is
Message length;
The message information of (3c) using each source address d in historical time Δ t, calculates source address d flow theory value,
Calculation is:Tflowd=(∑ p.length)/(1000 × Δ t), p are the message that Δ t inner source address is d;
(3d) judges whether the present flow rate of the source address is abnormal, if discontented by each source address flow theory value
FootWherein λ is abnormal determination coefficient, then illustrates that the flow is exception stream
Amount, the abnormal flow information of source address is stored in abnormal flow memory.
It is as follows according to different source/destination addresses method for statistical analysis in step (4):
All messages cached in step (2d) are grouped by (4a) according to source/destination address;
(4b) adds up each pair of source/destination address d1, and the d2 message length in Δ t1 for a period of time calculates the source/destination
Average flow rate between location d1, d2, calculation are:Wherein p is Δ t1
The message that inner source address is d1 and destination address is d2;
(4c) utilizes each pair of source/destination address d1, and message information of the d2 in historical time Δ t calculates the source/destination
Location flow theory value, calculation are:Tflowd1,d2=(∑ p.length)/(1000 × Δ t), p are that Δ t inner source address is d1
And destination address is the message of d2;
(4d) judges whether the present flow rate of the source/destination address is different by each pair of source/destination address flow theory value
Often, if be unsatisfactory forThen illustrate that the flow is exception stream
Amount, abnormal flow information is stored in abnormal flow memory.
In step (5), the method for the remote dispatching system processing exception information is as follows:
Abnormal flow information in abnormal flow memory is uploaded to corresponding remote dispatching system by (5a), for 220KV
Or more substation be uploaded to province's tune, 110KV and substation below are adjusted with being uploaded to;
The accumulative message information cached in (5b) storing step (2d) empties the cache into history message information memory;
(5c) return step (2) executes the work of new round abnormal traffic detection.
Present invention utilizes substation network closure and the fixed feature of equipment, by message capturing, packet parsing,
Traffic statistics and analysis, abnormal flow judgement, exception information show and report a series of this process, give reliable in real time become
Power station exception flow of network recognition methods, and finally realize that the real-time report of substation network abnormal flow information and alarm are defeated
Out, auxiliary skilled addressee carries out substation information safety monitoring and analysis work.
Detailed description of the invention
Fig. 1 is Whole Work Flow figure of the invention;
Fig. 2 is network message parsing and thread scheduling flow chart;
Fig. 3 is source address abnormal traffic detection flow chart;
Fig. 4 abnormal traffic detection flow chart between source/destination address.
Specific embodiment
To be easy to understand the technical means, the creative features, the aims and the efficiencies achieved by the present invention, below with reference to
Specific embodiment, the present invention is further explained.
As shown in Figure 1, intelligent substation exception flow of network detection method, specifically comprises the following steps:
Step (1):The mirror port of substation's interchanger is configured, guarantees the copy of all network messages by interchanger
It can be exported from mirror port, substation network is accessed by mirror port;
Step (2):Java applet is developed, starts two threads in program, the two threads execute always, and thread 1 is responsible for
Capture, parsing, filtering, the information extraction work of message, in memory by message information caching, thread 2 is responsible for dispatching for every 5 minutes
Once, it is responsible for executing step (3) to step (5).As shown in Fig. 2, being Message processing flow chart, specific Message processing step is such as
Under:
Step 2a:Thread 1 captures message from mirror port, guarantees the complete of the comprehensive and single message of capture message
Property;
Step 2b:Thread 1 filters out the control message of the Transmission Control Protocol of no content, including:ACK confirmation message, FIN terminate
Message, RES reset message, SYN sync message;
Step 2c:Thread 1 extracts following information from message p:Source address p.src, destination address p.dst, message length
p.length.For the message of IP layer protocol, source address and destination address are IP address, for Mac layer protocol, source and destination
Location is the address Mac;
Step 2d:Thread 1 extracts obtained message information using set S caching, and scheduling in thread 2 every 5 minutes is primary, will collect
All messages closed in S are moved in set S1, empty set S, are executed step (3) to step (5);
Step (3):A method is defined in java applet, is responsible for carrying out accumulative message according to different source addresses
Statistical analysis judges each source address with the presence or absence of abnormal flow.As shown in figure 3, be source address analysis flow chart diagram, concrete analysis
Steps are as follows:
Step 3a:All messages cached in set S1 are grouped according to source address, obtain grouping G1={ d1,
d2……dn};
Step 3b:Some each source address d is obtained from G1, and the source is calculated by the message cumulative length of source address d
Address d average flow rateCalculation formula is:Wherein p ∈ S1 and
P.src=d, the unit of calculated result are kbytes/s;
Step 3c:According to source address d history message information, source address d flow theory value Tflow is calculatedd, calculation formula
For:Tflowd=(∑ p.length)/(1000 × Δ t), wherein p is the report in history message information database in time Δ t
Text, and p.src=d, the unit of calculated result are kbytes/s.Δ t is set as nearest 3600 seconds.
Step 3d:By each source address d flow theory value, judge whether the present flow rate of source address d is abnormal, judgement
Abnormal foundation is:The abnormal flow information of source address d is stored in local
In exception information database;
Step 3e:Judge to be grouped otherwise whether G1 holds there are also untreated address if there is return step 3b is continued to execute
Row step (4);
Step (4):A method is defined in java applet, is responsible for accumulative message according to different source and destination
Location is for statistical analysis, judges between each pair of source/destination address with the presence or absence of abnormal flow.As shown in figure 4, being source/destination
Location analysis flow chart diagram, steps are as follows for concrete analysis:
Step 4a:All messages cached in set of steps S1 are grouped according to source/destination address;Obtain grouping G2
={ d1d2,d2d1……didj, djdi};
Step 4b:According to the message cumulative length of each source/destination address, source/destination address d1, d2 mean flow is calculated
AmountCalculation formula is:Wherein p ∈ S1 and p.src=
D1, p, dst=d2, the unit of calculated result are kbytes/s;
Step 4c:According to source/destination address d1, d2 history message information, source/destination address d1, d2 flow reason is calculated
By value Tflowd1,d2, calculation formula is:Tflowd1,d2=(∑ p.length)/(1000 × Δ t), wherein p is history message letter
The message in database in time Δ t, and p.src=d1, p.dst=d2 are ceased, the unit of calculated result is kbytes/s.Δt
It is set as nearest 3600 seconds.
Step 4d:By each source/destination address d1, d2 flow theory value judges working as source/destination the address d1, d2
Whether preceding flow is abnormal, and judgment basis is:By source/destination
The abnormal flow information of address d1, d2 are stored in local anomaly information database;
Step 4e:Judge to be grouped the whether also untreated source/mesh address G2, if there is return step 4b is continued to execute,
It is no to then follow the steps (5);
Step (5):A method is defined in java applet, is executed later in step (3) and being finished for step (4)
This method.This method obtains the newest abnormal flow information that step (3) and step (4) generate in local anomaly information database,
And it is uploaded to corresponding scheduling system, province's tune is uploaded to for the substation of 220KV or more, for 110KV and power transformation below
Station is adjusted with being uploaded to, and is stored in the message information in step 2d in caching S1 into history message information database, and empty slow
Deposit S1.
The above shows and describes the basic principles and main features of the present invention and the advantages of the present invention.The technology of the industry
Personnel are it should be appreciated that the present invention is not limited to the above embodiments, and the above embodiments and description only describe this
The principle of invention, without departing from the spirit and scope of the present invention, various changes and improvements may be made to the invention, these changes
Change and improvement all fall within the protetion scope of the claimed invention.The claimed scope of the invention by appended claims and its
Equivalent thereof.
Claims (4)
1. a kind of intelligent substation exception flow of network detection method, which is characterized in that including following steps:
(1) mirror port for configuring substation's interchanger, for guaranteeing that the copy of all network messages by interchanger can
It is enough to be exported from mirror port, substation network is accessed by mirror port;
(2) message of parsing capture, filters empty message, extracts source and destination address and the length information of message, adds up one section
The message information of time;
(3) for statistical analysis according to different source addresses to accumulative message information, it is interior for a period of time to obtain each source address
Network traffic information, judge each source address with the presence or absence of abnormal flow;
(4) for statistical analysis according to different source/destination addresses to accumulative message information, obtain each pair of source/destination address
Between network traffic information in a period of time, judge between each pair of source/destination address with the presence or absence of abnormal flow;
(5) it shows abnormal flow information, and exception information is sent to remote dispatching system, store accumulative message information, return
It returns step (2), carries out new round abnormal traffic detection;
It is as follows according to different source addresses method for statistical analysis in step (3):
All messages cached in step (2d) are grouped by (3a) according to source address;
(3b) adds up message length of each source address d for a period of time in Δ t1, calculates source address d average flow rate, calculating side
Formula is:Wherein p is the message that Δ t1 inner source address is d, and length is message
Length;
The message information of (3c) using each source address d in historical time Δ t, calculates source address d flow theory value, calculates
Mode is:Tflowd=(∑ p.length)/(1000 × Δ t), p are the message that Δ t inner source address is d;
(3d) judges whether the present flow rate of the source address is abnormal, if be unsatisfactory for by each source address flow theory valueWherein λ is abnormal determination coefficient, then illustrates that the flow is abnormal flow,
The abnormal flow information of source address is stored in abnormal flow memory.
2. intelligent substation exception flow of network detection method according to claim 1, which is characterized in that in step (2),
The message of the parsing capture specifically includes following steps:
(2a) captures complete message from mirror port, for guaranteeing the integrality of single message;
Whether (2b) judges whether it is Transmission Control Protocol control message, i.e., be ACK confirmation message, FIN end message, RES reset message
Or SYN sync message, if it is, not handling the message turns to step (2a), if it is not, then turning to step (2c);
(2c) extracts following information from data message:Source address, destination address and message length;
(2d) is saved obtained message information is extracted in the buffer, and saves the message information in a period of time Δ t1.
3. intelligent substation exception flow of network detection method according to claim 1, which is characterized in that in step (4),
It is as follows according to different source/destination addresses method for statistical analysis:
All messages cached in step (2d) are grouped by (4a) according to source/destination address;
(4b) adds up each pair of source/destination address d1, and the d2 message length in Δ t1 for a period of time calculates source/destination address d1,
Average flow rate between d2, calculation are:Wherein p is that Δ t1 is endogenous
The message that address is d1 and destination address is d2;
(4c) utilizes each pair of source/destination address d1, and message information of the d2 in historical time Δ t calculates source/destination address stream
Theoretical value is measured, calculation is:Tflowd1,d2=(∑ p.length)/(1000 × Δ t), p are that Δ t inner source address is d1 and mesh
Address be d2 message;
(4d) judges whether the present flow rate of the source/destination address is abnormal, such as by each pair of source/destination address flow theory value
Fruit is unsatisfactory forThen illustrate that the flow is abnormal flow, it will be different
Normal flow information is stored in abnormal flow memory.
4. intelligent substation exception flow of network detection method according to claim 3, which is characterized in that in step (5),
The method of the remote dispatching system processing exception information is as follows:
Abnormal flow information in abnormal flow memory is uploaded to corresponding remote dispatching system by (5a), for 220KV and with
On substation be uploaded to province's tune, 110KV and substation below are adjusted with being uploaded to;
The accumulative message information cached in (5b) storing step (2d) empties the cache into history message information memory;
(5c) return step (2) executes the work of new round abnormal traffic detection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610202100.1A CN105871847B (en) | 2016-04-01 | 2016-04-01 | A kind of intelligent substation exception flow of network detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610202100.1A CN105871847B (en) | 2016-04-01 | 2016-04-01 | A kind of intelligent substation exception flow of network detection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105871847A CN105871847A (en) | 2016-08-17 |
| CN105871847B true CN105871847B (en) | 2018-11-30 |
Family
ID=56626708
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610202100.1A Active CN105871847B (en) | 2016-04-01 | 2016-04-01 | A kind of intelligent substation exception flow of network detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105871847B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302540A (en) * | 2016-10-14 | 2017-01-04 | 国网浙江省电力公司绍兴供电公司 | Communications network security detecting system based on substation information safety and method |
| CN106559261A (en) * | 2016-11-03 | 2017-04-05 | 国网江西省电力公司电力科学研究院 | A kind of substation network intrusion detection of feature based fingerprint and analysis method |
| CN108076019B (en) * | 2016-11-17 | 2021-04-09 | 北京金山云网络技术有限公司 | Abnormal flow detection method and device based on flow mirror image |
| CN107769993A (en) * | 2017-09-19 | 2018-03-06 | 广西电网有限责任公司电力科学研究院 | Towards the data traffic monitoring method of power network big data distributed system |
| CN109600258B (en) * | 2018-12-10 | 2022-02-22 | 英赛克科技(北京)有限公司 | Industrial protocol message recording device and method |
| CN110213074B (en) * | 2019-03-07 | 2022-03-11 | 腾讯科技(深圳)有限公司 | Distributed protocol exception construction method, system and device |
| CN111049843A (en) * | 2019-12-18 | 2020-04-21 | 国网浙江省电力有限公司宁波供电公司 | Intelligent substation network abnormal flow analysis method |
| CN112769867A (en) * | 2021-02-05 | 2021-05-07 | 国网福建省电力有限公司电力科学研究院 | Safety assessment method for transformer substation simulation equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7296093B1 (en) * | 2001-12-31 | 2007-11-13 | Ciphermax, Inc. | Network processor interface system |
| CN101132375A (en) * | 2007-09-28 | 2008-02-27 | 杭州华三通信技术有限公司 | Network flux statistical method and device |
| CN103457791A (en) * | 2013-08-19 | 2013-12-18 | 国家电网公司 | Self-diagnosis method of network sampling and control link of intelligent substation |
| CN104579818A (en) * | 2014-12-01 | 2015-04-29 | 国家电网公司 | Detection method of network anomaly message of intelligent substation |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050249214A1 (en) * | 2004-05-07 | 2005-11-10 | Tao Peng | System and process for managing network traffic |
-
2016
- 2016-04-01 CN CN201610202100.1A patent/CN105871847B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7296093B1 (en) * | 2001-12-31 | 2007-11-13 | Ciphermax, Inc. | Network processor interface system |
| CN101132375A (en) * | 2007-09-28 | 2008-02-27 | 杭州华三通信技术有限公司 | Network flux statistical method and device |
| CN103457791A (en) * | 2013-08-19 | 2013-12-18 | 国家电网公司 | Self-diagnosis method of network sampling and control link of intelligent substation |
| CN104579818A (en) * | 2014-12-01 | 2015-04-29 | 国家电网公司 | Detection method of network anomaly message of intelligent substation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105871847A (en) | 2016-08-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105871847B (en) | A kind of intelligent substation exception flow of network detection method | |
| CN100384153C (en) | Network performance analysis report system based on IPv6 and its implementing method | |
| KR100748246B1 (en) | Multi-step integrated security monitoring system and method using intrusion detection system log collection engine and traffic statistic generation engine | |
| CN105282169B (en) | Ddos attack method for early warning based on SDN controller threshold values and its system | |
| CN103428224B (en) | A kind of method and apparatus of intelligence defending DDoS (Distributed Denial of Service) attacks | |
| CN110401624A (en) | The detection method and system of source net G system mutual message exception | |
| CN109600363A (en) | A kind of internet-of-things terminal network portrait and abnormal network access behavioral value method | |
| CN107135093A (en) | A kind of Internet of Things intrusion detection method and detecting system based on finite automata | |
| CN104022999A (en) | Network data processing method and system based on protocol analysis | |
| CN100579003C (en) | Method and system for preventing TCP attack by utilizing network stream technology | |
| CN102638474B (en) | Application layer DDOS (distributed denial of service) attack and defense method | |
| CN103916387B (en) | A kind of method and system of protection DDOS attack | |
| CN106357685A (en) | Method and device for defending distributed denial of service attack | |
| CN104243408A (en) | Method, device and system for monitoring messages in domain name resolution service DNS system | |
| CN107016284A (en) | A kind of data communications equipment CPU front ends dynamic protection method and system | |
| CN108011894A (en) | Botnet detecting system and method under a kind of software defined network | |
| CN106027497A (en) | DDoS (Distributed Denial of Service) tracing and source end filtering method oriented to SDN (Software Defined Networking) and based on OpenFlow-DPM | |
| CN107135088A (en) | The method and apparatus that daily record is handled in cloud computing system | |
| CN106657145B (en) | A kind of database automatic discovering method based on communication protocol and SQL syntax | |
| CN109164776A (en) | A kind of distribution type data collection method towards industrial equipment | |
| CN109302323A (en) | A kind of interchanger dynamic monitoring system | |
| CN109150920A (en) | A kind of attack detecting source tracing method based on software defined network | |
| CN103107907A (en) | Safe responding method based on event flow adding promotion pattern | |
| CN107277070A (en) | A kind of computer network instrument system of defense and intrusion prevention method | |
| CN104917703B (en) | Defence line head of line blocking method and system based on SDN |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |