CN106559416A - A kind of wireless sense network intrusion detection method based on SVM - Google Patents
A kind of wireless sense network intrusion detection method based on SVM Download PDFInfo
- Publication number
- CN106559416A CN106559416A CN201610943016.5A CN201610943016A CN106559416A CN 106559416 A CN106559416 A CN 106559416A CN 201610943016 A CN201610943016 A CN 201610943016A CN 106559416 A CN106559416 A CN 106559416A
- Authority
- CN
- China
- Prior art keywords
- network
- wireless sense
- intrusion detection
- svm
- sample
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
- H04L43/103—Active monitoring, e.g. heartbeat, ping or trace-route with adaptive polling, i.e. dynamically adapting the polling rate
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of wireless sense network intrusion detection method based on SVM, first by setting up the discharge model of wireless sense network come the flow rate mode of descriptive system network, traffic characteristic parameter is extracted from network traffic data bag according to the discharge model, and traffic characteristic parameter is normalized;SVM, the flow rate mode of learning system network are trained by above-mentioned traffic characteristic parameter;Online intrusion detection is carried out using trained SVM;This wireless sense network intrusion detection method that the present invention is provided, wireless sense network running state parameter is extracted using Model of network traffic, without carrying out deep analysis to network message, only need to extract a small amount of characteristic parameter, real-time intrusion detection is capable of achieving, and can be universally used in the intrusion detection of cycle polling type and event flip-over type wireless sense network;While practicality is ensured, drastically increase verification and measurement ratio, reduce rate of false alarm.
Description
Technical field
The invention belongs to wireless sense network Protective Information Security Techniques field, more particularly, to it is a kind of based on support to
The wireless sense network intrusion detection method of amount machine.
Background technology
With the fast development of Radio Transmission Technology, low power processor and embedding assembly technology, radio sensing network
Obtain increasingly being widely applied;Due to wireless sense network sensor more be deployed in unattended environment, be subject to
The network attack of malice.Intruding detection system as a kind of intelligence system that can be actively discovered and attack and provide warning information,
Can be used as the second defence line of system.
For the intrusion detection prior art of wireless sense network, for example application for a patent for invention (CN201510606829.0),
《Chongqing Mail and Telephones Unvi's journal (natural science edition)》1st phase paper in 2016《Wireless sense network intrusion detection based on comentropy
Genetic algorithm》, it is to be parsed by the header information to all messages, then extracts network characterization and detect attack;It is this kind of
Method with normal work, but can be understood because accounting in the wireless sense network of extensive, big data quantity when network size is less
Cannot be used with excessive system resource.In order to reduce the electric quantity consumption of sensor, increasing wireless sense network as far as possible
The communication pattern of event triggering is employed, sensor does not send data at ordinary times, just to cluster only when particular event is detected
Head node transmission information;Compared to the mode of operation of periodicity poll, event triggering can bring more uncertain factors to network,
So that in system network traffics have it is sudden;How to detect in existing cycle polling has the isomerous environment of event triggering again and attack
It is a huge challenge to hit.
The content of the invention
For the disadvantages described above or Improvement requirement of prior art, the invention provides a kind of based on the wireless of SVM
Sensor Network intrusion detection method, its object is to improve and in the isomerous environment that existing cycle polling has event to trigger again detects and attack
The verification and measurement ratio for hitting, reduces rate of false alarm.
For achieving the above object, according to one aspect of the present invention, there is provided a kind of wireless biography based on SVM
Sense net intrusion detection method, comprises the steps:
(1) discharge model of wireless sense network is set up, stream is extracted from network traffic data bag according to the discharge model
Measure feature parameter, and the traffic characteristic parameter is normalized;Wherein, discharge model is used for descriptive system network
Flow rate mode;
(2) by using above-mentioned traffic characteristic parameter training SVM come the flow rate mode of learning system network;
(3) online intrusion detection is carried out using trained SVM.
Preferably, the above-mentioned wireless sense network intrusion detection method based on SVM, its step (1) is including following son
Step:
(1.1) flow rate mode of each sensor in wireless sense network is described using ON/OFF models;
Wherein, ON/OFF models include an ON state and an OFF state, when sensor is in data transfer phase
When, belong to ON states;When no data transfer on sensor, in OFF state;
(1.2) using following traffic characteristic parameter describing the traffic characteristic of each sensor node in detail:
The average duration of ON states;
The average duration of OFF state;
λON:Average message transmission rate under ON states;
TIAT:Average time interval under ON states between two packets;
nON:Packet transmission total amount average under ON states;
k:Message transmission rate;
λb:What in the unit interval, cluster head was received comes from the number of the ON states of sensor node;
The data burst degree of sensor node;
(1.3) network packet is gathered, traffic characteristic is extracted according to above-mentioned ON/OFF models from the network packet
Parameter;
According to above-mentioned traffic characteristic parameter construction feature collection
And come from proper network or from the network under by attack state according to network packet, by feature set point
For proper set SetNOr attack collection SetA;
(1.4) obtain proper set SetNThe mean μ of each each dimension of vectoriAnd variances sigmai;
And each vector that proper set and attack are concentrated is normalized using below equation:
Wherein, xiRefer to i-th parameter in vector.
Preferably, the above-mentioned wireless sense network intrusion detection method based on SVM, its step (2) is including following son
Step:
(2.1) from attack collection SetAWith proper set SetNIn N/2 sample of each random choose, constitute sample set { (x1, y1),
(x2, y2) ..., (xN, yN)};
Wherein, xjRefer to j-th traffic characteristic sample, yj∈ { -1 ,+1 }, -1 represents the sample to belong to proper set ,+1 table
Show that the sample belongs to attack collection;Sample size when N refers to training SVM every time in required training set;Can 50~
100 values;
(2.2) sample set is adopted to obtain hyperplane according to minor function:
The function meets:
Wherein:W refers to the normal vector of hyperplane, wTRefer to the transposed vector of w;C is positive number constant, for controlling
WithBetween relative effect;ξkRefer to slack variable;B refers to hyperplane deviant;K refers to sample in training set
Index value;
ykIt is the labelling in training set;Φ () is the mapping from the input space to high-dimensional feature space;
(2.3) seek cost function maximum to solve the convex quadratic programming of SVM by using Suzanne Lenglen number of days multiplication
Problem, obtains the normal vector w and side-play amount b of SVM Optimal Separating Hyperplane;Specially:
The function meets:
Wherein, K (xm, xn)=<Φ(xm), Φ (xn)>It is kernel function;
xmAnd xnRefer to the sample in training set;ymAnd ynThe mark value of sample in training set is referred to, is that -1 expression is normal,
Represent for+1 and attack;αmAnd αnRefer to Lagrangian number multiplying factor;
(2.4) from attack collection SetAThe N number of sample of middle random choose constitutes first and attacks collection, from proper set SetNIn choose at random
N number of sample is selected to constitute the first proper set;
(2.5) the institute's directed quantity attacked first in collection and the first proper set is current according to wherein each vector distance respectively
The distance of hyperplane is arranged according to ascending order;First is come apart from the nearest vector of hyperplane, come finally apart from farthest;
(2.6) attack from first and in collection and the first proper set, respectively select N/2 vectorial composing training collection SetT;
Picking rule is:Often select one it is vectorial when, with the probability of a% randomly select in front d% data one it is vectorial,
With the probability of d% randomly select in rear a% data one it is vectorial;
(2.7) with training set SetTUsed as sample set, repeat step (2.2)~(2.3) update hyperplane;
(2.8) repeat step (2.5)~(2.8), until reaching default frequency of training, obtain hyperplane method vector wf,
Side-play amount bf;
In the present invention, in the case of step (2) processes lack of balance data set using above-mentioned dynamic optimal subset choosing method
SVM training problem, select near the training sample of Optimal Separating Hyperplane, support vector to train support by active
Vector machine, can greatly improve the training speed of SVM, and on its final classification without impact.
Preferably, the above-mentioned wireless sense network intrusion detection method based on SVM, in its step (2.6), a takes
95, d take 5.
Preferably, the above-mentioned wireless sense network intrusion detection method based on SVM, its step (3) is including following son
Step:
(3.1) network packet is captured from the wireless sense network of operation, extract flow special from the network packet
Levy parameter and constitute input vector x;
(3.2) pretreatment is normalized to x according to the method for step (1.4);
(3.3) determine whether to meet wfx+bf≤0;If so, then it is judged to proper network flow;If it is not, being then judged to network
Attack.
Preferably, the above-mentioned wireless sense network intrusion detection method based on SVM, in its step (3.1), uses
The method gathered data bag of sliding time window is reducing the impact of noise data.
What the present invention was improved has considered wireless sensing based on the wireless sense network intrusion detection method of SVM
The each side factor such as the network topology structure of net, communication pattern, training sample be unbalanced, fast and effeciently detecting system can meet with
The network attack received;In general, by the contemplated above technical scheme of the present invention compared with prior art, can obtain down
Row beneficial effect:
(1) the wireless sense network intrusion detection method based on SVM that the present invention is provided, using machine learning side
Method carries out wireless sense network intrusion detection, and the data volume of required attack sample is little;And existing mode identification method is based on sample
The enough premises of this quantity, only when sample size tends to infinity, its performance is just guaranteed;And the present invention adopt
Support vector machine is not required to substantial amounts of sample and is obtained with grader of good performance, and the algorithm complex of SVM compared with
Low, speed is fast, in line service without impact, it is adaptable to online intrusion detection;
(2) the wireless sense network intrusion detection method based on SVM that the present invention is provided, polling order is regarded as
Thus cycle polling and event triggering are all unified into event flip-over type communication mode, are adopted by the event that one occurrence frequency is fixed
The flow rate mode of each sensor in wireless sense network is described with ON/OFF models;Wireless biography more accurately can be described
The flow rate mode of sense net;
(3) the wireless sense network intrusion detection method based on SVM that the present invention is provided, using ON/OFF models
The flow rate mode of wireless sense network is accurately described, and wireless sensing Running State is extracted using the Model of network traffic
Parameter, without the need for carrying out deep analysis to network message, it is only necessary to extract a small amount of characteristic parameter, you can realize invasion inspection in real time
Survey;
Prior art describes the flow rate mode of wireless sense network using Poisson process, as Poisson process can not describe net
Burst flow in network and enough characteristic parameters cannot be extracted carry out comprehensive describing system running status;Comparatively, this
The isomery working environment that bright method is applied to event triggering with cycle polling and deposits, ensures height by accurate discharge model
Verification and measurement ratio and low rate of false alarm;
(4) present invention provide the wireless sense network intrusion detection method based on SVM, to it is existing support to
The training method of amount machine is improved, and the support in the case of lack of balance data set is processed by the method that dynamic optimal subset is chosen
Vector machine training problem, is selected near the training sample of Optimal Separating Hyperplane, support vector, training SVM by active
Process, due to the sample near hyperplane for final training result has main contributions, therefore using the present invention's
Method overcomes the defect that the training set of lack of balance causes to train the hyperplane of gained to be partial to proper set;And obtain after training
Hyperplane is with the hyperplane obtained using whole training datas closely;In the case that in training set, attack sample is very few
Still ideal classifying quality can be obtained, the training speed of SVM is greatly improved, and then is improve invasion
The real-time of detection.
Description of the drawings
Fig. 1 is the schematic flow sheet of the wireless sense network intrusion detection method based on SVM that embodiment is provided;
Fig. 2 is the ON/OFF discharge model schematic diagrams set up in embodiment.
Specific embodiment
In order that the objects, technical solutions and advantages of the present invention become more apparent, it is below in conjunction with drawings and Examples, right
The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the present invention, and
It is not used in the restriction present invention.As long as additionally, technical characteristic involved in invention described below each embodiment
Do not constitute conflict each other can just be mutually combined.
The wireless sense network intrusion detection method based on SVM that the present invention is provided, is built to wireless sense network first
Vertical discharge model is with accurate description grid traffic behavior;By means of the discharge model, the less spy of scale can be extracted
Levy parameter set effectively describing system running status;Then using this feature parameter set as input vector collection, using support vector
Machine carrys out the flow rate mode of learning system;SVM Optimal Separating Hyperplane after using training carries out online intrusion detection.
The wireless sense network intrusion detection method based on SVM that embodiment is provided, its flow process is as shown in figure 1, bag
Include two stages of off-line learning and on-line checking;In the off-line learning stage, using the substantial amounts of traffic characteristic of ON/OFF model extractions
And SVM is trained, obtain the parameter of SVM Optimal Separating Hyperplane;The on-line monitoring stage is then using in off-line learning
The Optimal Separating Hyperplane that stage obtains is carrying out online intrusion detection, specific as follows:
Step 1:Data traffic bag in capture network, according to the discharge model for being proposed, extracts required characteristic parameter,
Then pretreatment is normalized, concrete step includes:
Step 1.1:Network flow data is obtained using the method for sliding time window, by calculating flow in the time period
The average of characteristic parameter is reducing noise jamming;
Step 1.2:Using the ON/OFF discharge models for event flip-over type wireless sense network shown in Fig. 2 to describe it is
System network;
In the model, as long as event occurs, either event triggering or cycle polling type sensor, that is, produce one
Individual ON states, sensor to leader cluster node transmission data, enter OFF state after completing data transfer in the state;Foundation
The model, extracts necessary flow characteristic parameter, including:
The average duration of ON states;
The average duration of OFF state;
λON:Average message transmission rate under ON states;
TIAT:Average time interval under ON states between two packets;
nON:Packet transmission total amount average under ON states;
k:Message transmission rate;
λb:What in the unit interval, cluster head was received comes from the number of the ON states of sensor node;
The data burst degree of sensor node;
Step 1.3:8 feature constructions according to being extracted enter the vector shown in formula (1),
And come from proper network or from the network under by attack state according to network packet, by feature set point
For proper set SetNOr attack collection SetA;
Step 1.4:Calculate SetNThe average and variance of middle each dimension of vector, is expressed as μiAnd σi.Then to SetNWith
SetAIn each vector pretreatment is normalized using formula (2);
Wherein, i represents the index value of feature in vector x;
Step 2:Using training sample set acquired in step 1, SVM is trained;Comprise the following steps that:
Step 2.1:Using the hyperplane that SVM is calculated with following formula (3)~(6);
Above-mentioned function meets:
Above-mentioned function meets:
Wherein:W is the normal vector of hyperplane;
wTRefer to the transposed vector of w;
B is hyperplane deviant;
ykIt is the labelling in training set;
Φ () is the mapping from the input space to high-dimensional feature space;
C is a positive number constant, for controllingWithBetween relative effect;
ξkIt is slack variable;
K(xm, xn)=<Φ(xm), Φ (xn)>It is kernel function;
xmAnd xnRefer to the sample in training set;
ymAnd ynRefer to the mark value of sample in training set;In embodiment, represent normal with -1, attack is represented with+1;
αmAnd αnRefer to Lagrangian number multiplying factor;
Step 2.2:Collect Set from attackingASet is constituted from the N number of sample of random choose, from proper set SetNMiddle random choose N
Individual vector constitutes set;
Step 2.3:Two set that step (2.2) is constituted currently are obtained according to each of which vector distance respectively
The distance of hyperplane is according to ascending order arrangement institute directed quantity;
Step 2.4:N/2 vectorial, composing training collection is picked out respectively in two set from after step (2.3) sequence
SetT;In embodiment, picking rule is:When selection one is vectorial every time, randomly selected in front 5% data with 95% probability
One is vectorial, with 5% probability randomly select in rear 95% data one it is vectorial;
Step 2.5:According to above-mentioned formula (3)-(6), using SetTTraining SVM, updates hyperplane;
Step 2.6:Repeat step (2.2)~(2.5), until reaching default frequency of training, obtain hyperplane method vector
wf, side-play amount bf;In embodiment, for one based on the monolayer wireless sense network for clustering, default iterationses are 5, that is, repeat
Step (2.2)~(2.5) totally 5 times, in each iteration, default SVM frequency of training is 50 times;
Step 3:The SVM that training is obtained is used for online intrusion detection;In system operation, enter online
Invading detection includes following sub-step:
Step 3.1:Network packet is captured from the wireless sense network of operation, all streams defined in extraction step 1.2
Measure feature parameter, constitutes input vector x;In embodiment, packet is obtained using sliding time window and reduce noise data
Impact;
Step 3.2:Pretreatment is normalized to x using formula (2);
Step 3.3:Calculate wfx+bf;If wfx+bf≤ 0, then it is judgement proper network flow;If wfx+bf> 0, then judge
For network attack.
The iterationses and each iteration of adjusting training SVM in the said method that embodiment is provided, can be passed through
The size of middle training set carrys out adjusting training speed.
As it will be easily appreciated by one skilled in the art that the foregoing is only presently preferred embodiments of the present invention, not to
The present invention, all any modification, equivalent and improvement made within the spirit and principles in the present invention etc. are limited, all should be included
Within protection scope of the present invention.
Claims (7)
1. a kind of wireless sense network intrusion detection method based on SVM, it is characterised in that comprise the steps:
(1) discharge model of wireless sense network is set up, flow is extracted from network traffic data bag according to the discharge model special
Parameter is levied, and the traffic characteristic parameter is normalized;Wherein, the discharge model is used for descriptive system network
Flow rate mode;
(2) by using the traffic characteristic parameter training SVM come the flow rate mode of learning system network;
(3) online intrusion detection is carried out using trained SVM.
2. wireless sense network intrusion detection method as claimed in claim 1, it is characterised in that the step (1) is including as follows
Sub-step:
(1.1) flow rate mode of each sensor in wireless sense network is described using ON/OFF models;
(1.2) using following traffic characteristic parameter describing the traffic characteristic of each sensor node in detail:
The average duration of ON states;
The average duration of OFF state;
λON:Average message transmission rate under ON states;
TIAT:Average time interval under ON states between two packets;
nON:Packet transmission total amount average under ON states;
k:Message transmission rate;
λb:What in the unit interval, cluster head was received comes from the number of the ON states of sensor node;
The data burst degree of sensor node;
(1.3) network packet is gathered, traffic characteristic parameter is extracted from the network packet according to the ON/OFF models,
According to the traffic characteristic parameter construction feature collection
And come from proper network or from the network under by attack state according to network packet, feature set is just divided into
Often collect SetNOr attack collection SetA;
(1.4) obtain proper set SetNThe mean μ of each each dimension of vectoriAnd variances sigmai;
And each vector that proper set and attack are concentrated is normalized using below equation:
Wherein, xiRefer to i-th parameter in vector.
3. wireless sense network intrusion detection method as claimed in claim 2, it is characterised in that the step (2) is including as follows
Sub-step:
(2.1) from attack collection SetAWith proper set SetNIn N/2 sample of each random choose, constitute sample set { (x1, y1), (x2,
y2) ..., (xN, yN)};
Wherein, xjRefer to j-th traffic characteristic sample, yjWith -1, ∈ { -1 ,+1 }, represents that the sample belongs to proper set, is represented with+1
The sample belongs to attack collection;Sample size when N refers to training SVM every time in required training set;
(2.2) hyperplane is obtained according to minor function:
Above-mentioned function meets:
Wherein, w refers to the normal vector of hyperplane, wTRefer to the transposed vector of w;C is positive number constant, for controllingWithBetween relative effect;ξkRefer to slack variable;B refers to hyperplane deviant;K refers to the index of sample in training set
Value;ykIt is the labelling in training set;Φ () refers to the mapping from the input space to high-dimensional feature space;
(2.3) convex quadratic programming for seeking cost function maximum to solve SVM by using Suzanne Lenglen number of days multiplication is asked
Topic, obtains the normal vector w and side-play amount b of SVM Optimal Separating Hyperplane, specially:
Above-mentioned function meets:
Wherein, K (xm, xn)=<Ф(xm), Ф (xn)>It is kernel function;
xmAnd xnRefer to the sample in training set;ymAnd ynRefer to the mark value of sample in training set;αmAnd αnRefer to Lagrange
Number multiplying factor;
(2.4) from attack collection SetAThe N number of sample of middle random choose constitutes first and attacks collection, from proper set SetNMiddle random choose is N number of
Sample constitutes the first proper set;
(2.5) the institute's directed quantity attacked described first in collection and the first proper set is current according to wherein each vector distance respectively
The distance of hyperplane is arranged according to ascending order;
(2.6) attack from described first and in collection and the first proper set, respectively select N/2 vectorial composing training collection SetT;
(2.7) with training set SetTUsed as sample set, repeat step (2.2)~(2.3) update hyperplane;
(2.8) repeat step (2.5)~(2.8), until reaching default frequency of training, obtain hyperplane method vector wf, side-play amount
bf。
4. wireless sense network intrusion detection method as claimed in claim 3, it is characterised in that select in the step (2.6)
The vectorial rule of composing training collection is:When selecting some vectorial, one is randomly selected with the probability of a% in front d% data
Vector, with the probability of d% randomly select in rear a% data one it is vectorial.
5. wireless sense network intrusion detection method as claimed in claim 4, it is characterised in that a takes 95, d and takes 5.
6. wireless sense network intrusion detection method as claimed in claim 1 or 2, it is characterised in that the step (3) include as
Lower sub-step:
(3.1) network packet is captured from the wireless sense network of operation, traffic characteristic ginseng is extracted from the network packet
Number constitutes input vector x;
(3.2) pretreatment is normalized to x according to the method for step (1.4);
(3.3) determine whether to meet ωfx+bf≤0;If so, then it is judged to proper network flow;If it is not, being then judged to that network is attacked
Hit.
7. wireless sense network intrusion detection method as claimed in claim 6, it is characterised in that in the step (3.1), adopts
Sliding time window is obtaining packet to reduce the impact of noise data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610943016.5A CN106559416B (en) | 2016-10-26 | 2016-10-26 | A kind of wireless sense network intrusion detection method based on SVM |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610943016.5A CN106559416B (en) | 2016-10-26 | 2016-10-26 | A kind of wireless sense network intrusion detection method based on SVM |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106559416A true CN106559416A (en) | 2017-04-05 |
CN106559416B CN106559416B (en) | 2018-01-26 |
Family
ID=58443479
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610943016.5A Active CN106559416B (en) | 2016-10-26 | 2016-10-26 | A kind of wireless sense network intrusion detection method based on SVM |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106559416B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108093406A (en) * | 2017-11-29 | 2018-05-29 | 重庆邮电大学 | A kind of wireless sense network intrusion detection method based on integrated study |
CN109918900A (en) * | 2019-01-28 | 2019-06-21 | 深圳市赛梅斯凯科技有限公司 | Sensor attack detection method, device, equipment and computer readable storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101557327A (en) * | 2009-03-20 | 2009-10-14 | 扬州永信计算机有限公司 | Intrusion detection method based on support vector machine (SVM) |
CN102291392A (en) * | 2011-07-22 | 2011-12-21 | 中国电力科学研究院 | Hybrid intrusion detection method based on bagging algorithm |
CN102420723A (en) * | 2011-12-14 | 2012-04-18 | 南京邮电大学 | Anomaly detection method for various kinds of intrusion |
-
2016
- 2016-10-26 CN CN201610943016.5A patent/CN106559416B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101557327A (en) * | 2009-03-20 | 2009-10-14 | 扬州永信计算机有限公司 | Intrusion detection method based on support vector machine (SVM) |
CN102291392A (en) * | 2011-07-22 | 2011-12-21 | 中国电力科学研究院 | Hybrid intrusion detection method based on bagging algorithm |
CN102420723A (en) * | 2011-12-14 | 2012-04-18 | 南京邮电大学 | Anomaly detection method for various kinds of intrusion |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108093406A (en) * | 2017-11-29 | 2018-05-29 | 重庆邮电大学 | A kind of wireless sense network intrusion detection method based on integrated study |
CN108093406B (en) * | 2017-11-29 | 2021-02-02 | 重庆邮电大学 | Wireless sensor network intrusion detection method based on ensemble learning |
CN109918900A (en) * | 2019-01-28 | 2019-06-21 | 深圳市赛梅斯凯科技有限公司 | Sensor attack detection method, device, equipment and computer readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN106559416B (en) | 2018-01-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110011999B (en) | IPv6 network DDoS attack detection system and method based on deep learning | |
CN109600363B (en) | Internet of things terminal network portrait and abnormal network access behavior detection method | |
CN103581186B (en) | A kind of network security situational awareness method and system | |
CN102647292B (en) | Intrusion detecting method based on semi-supervised neural network | |
CN106131017B (en) | Cloud computing information security visualization system based on trust computing | |
CN104935600A (en) | Mobile ad hoc network intrusion detection method and device based on deep learning | |
CN106878995A (en) | A kind of wireless sensor network Exception Type discrimination method based on perception data | |
CN103532949B (en) | Self adaptation wooden horse communication behavior detection method based on dynamical feedback | |
CN112788066B (en) | Abnormal flow detection method and system for Internet of things equipment and storage medium | |
CN106713371A (en) | Fast Flux botnet detection method based on DNS anomaly mining | |
CN105577685A (en) | Intrusion detection independent analysis method and system in cloud calculation environment | |
CN102789593A (en) | Intrusion detection method based on incremental GHSOM (Growing Hierarchical Self-organizing Maps) neural network | |
CN106604267A (en) | Dynamic self-adapting wireless sensor network invasion detection intelligence algorithm | |
CN103152222B (en) | A kind of Intrusion Detection based on host group character detects speed and becomes the method for attacking domain name | |
CN109257749B (en) | Dynamic topology-oriented wireless sensor network self-adaptive layered intrusion detection method | |
CN109670302B (en) | SVM-based classification method for false data injection attacks | |
CN106685984A (en) | Network threat analysis system and method based on data pocket capture technology | |
CN108494802A (en) | Key message infrastructure security based on artificial intelligence threatens Active Defending System Against | |
CN109688154B (en) | Network intrusion detection model establishing method and network intrusion detection method | |
CN108347442B (en) | The method and system of interest packet extensive aggression are detected in content center network | |
CN103338451A (en) | Method for detecting distributed malicious nodes in wireless sensor network | |
Rahman et al. | PHY/MAC layer attack detection system using neuro-fuzzy algorithm for IoT network | |
CN106559416A (en) | A kind of wireless sense network intrusion detection method based on SVM | |
CN111314910A (en) | Novel wireless sensor network abnormal data detection method for mapping isolation forest | |
CN101594352B (en) | Classifying fusion intrusion detection method based on novel discovery and window function |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |