CN106559416A - A kind of wireless sense network intrusion detection method based on SVM - Google Patents

A kind of wireless sense network intrusion detection method based on SVM Download PDF

Info

Publication number
CN106559416A
CN106559416A CN201610943016.5A CN201610943016A CN106559416A CN 106559416 A CN106559416 A CN 106559416A CN 201610943016 A CN201610943016 A CN 201610943016A CN 106559416 A CN106559416 A CN 106559416A
Authority
CN
China
Prior art keywords
network
wireless sense
intrusion detection
svm
sample
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610943016.5A
Other languages
Chinese (zh)
Other versions
CN106559416B (en
Inventor
周纯杰
黄开兴
彭源
秦元庆
涂伟勋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN201610943016.5A priority Critical patent/CN106559416B/en
Publication of CN106559416A publication Critical patent/CN106559416A/en
Application granted granted Critical
Publication of CN106559416B publication Critical patent/CN106559416B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • H04L43/103Active monitoring, e.g. heartbeat, ping or trace-route with adaptive polling, i.e. dynamically adapting the polling rate
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of wireless sense network intrusion detection method based on SVM, first by setting up the discharge model of wireless sense network come the flow rate mode of descriptive system network, traffic characteristic parameter is extracted from network traffic data bag according to the discharge model, and traffic characteristic parameter is normalized;SVM, the flow rate mode of learning system network are trained by above-mentioned traffic characteristic parameter;Online intrusion detection is carried out using trained SVM;This wireless sense network intrusion detection method that the present invention is provided, wireless sense network running state parameter is extracted using Model of network traffic, without carrying out deep analysis to network message, only need to extract a small amount of characteristic parameter, real-time intrusion detection is capable of achieving, and can be universally used in the intrusion detection of cycle polling type and event flip-over type wireless sense network;While practicality is ensured, drastically increase verification and measurement ratio, reduce rate of false alarm.

Description

A kind of wireless sense network intrusion detection method based on SVM
Technical field
The invention belongs to wireless sense network Protective Information Security Techniques field, more particularly, to it is a kind of based on support to The wireless sense network intrusion detection method of amount machine.
Background technology
With the fast development of Radio Transmission Technology, low power processor and embedding assembly technology, radio sensing network Obtain increasingly being widely applied;Due to wireless sense network sensor more be deployed in unattended environment, be subject to The network attack of malice.Intruding detection system as a kind of intelligence system that can be actively discovered and attack and provide warning information, Can be used as the second defence line of system.
For the intrusion detection prior art of wireless sense network, for example application for a patent for invention (CN201510606829.0), 《Chongqing Mail and Telephones Unvi's journal (natural science edition)》1st phase paper in 2016《Wireless sense network intrusion detection based on comentropy Genetic algorithm》, it is to be parsed by the header information to all messages, then extracts network characterization and detect attack;It is this kind of Method with normal work, but can be understood because accounting in the wireless sense network of extensive, big data quantity when network size is less Cannot be used with excessive system resource.In order to reduce the electric quantity consumption of sensor, increasing wireless sense network as far as possible The communication pattern of event triggering is employed, sensor does not send data at ordinary times, just to cluster only when particular event is detected Head node transmission information;Compared to the mode of operation of periodicity poll, event triggering can bring more uncertain factors to network, So that in system network traffics have it is sudden;How to detect in existing cycle polling has the isomerous environment of event triggering again and attack It is a huge challenge to hit.
The content of the invention
For the disadvantages described above or Improvement requirement of prior art, the invention provides a kind of based on the wireless of SVM Sensor Network intrusion detection method, its object is to improve and in the isomerous environment that existing cycle polling has event to trigger again detects and attack The verification and measurement ratio for hitting, reduces rate of false alarm.
For achieving the above object, according to one aspect of the present invention, there is provided a kind of wireless biography based on SVM Sense net intrusion detection method, comprises the steps:
(1) discharge model of wireless sense network is set up, stream is extracted from network traffic data bag according to the discharge model Measure feature parameter, and the traffic characteristic parameter is normalized;Wherein, discharge model is used for descriptive system network Flow rate mode;
(2) by using above-mentioned traffic characteristic parameter training SVM come the flow rate mode of learning system network;
(3) online intrusion detection is carried out using trained SVM.
Preferably, the above-mentioned wireless sense network intrusion detection method based on SVM, its step (1) is including following son Step:
(1.1) flow rate mode of each sensor in wireless sense network is described using ON/OFF models;
Wherein, ON/OFF models include an ON state and an OFF state, when sensor is in data transfer phase When, belong to ON states;When no data transfer on sensor, in OFF state;
(1.2) using following traffic characteristic parameter describing the traffic characteristic of each sensor node in detail:
The average duration of ON states;
The average duration of OFF state;
λON:Average message transmission rate under ON states;
TIAT:Average time interval under ON states between two packets;
nON:Packet transmission total amount average under ON states;
k:Message transmission rate;
λb:What in the unit interval, cluster head was received comes from the number of the ON states of sensor node;
The data burst degree of sensor node;
(1.3) network packet is gathered, traffic characteristic is extracted according to above-mentioned ON/OFF models from the network packet Parameter;
According to above-mentioned traffic characteristic parameter construction feature collection
And come from proper network or from the network under by attack state according to network packet, by feature set point For proper set SetNOr attack collection SetA
(1.4) obtain proper set SetNThe mean μ of each each dimension of vectoriAnd variances sigmai
And each vector that proper set and attack are concentrated is normalized using below equation:
Wherein, xiRefer to i-th parameter in vector.
Preferably, the above-mentioned wireless sense network intrusion detection method based on SVM, its step (2) is including following son Step:
(2.1) from attack collection SetAWith proper set SetNIn N/2 sample of each random choose, constitute sample set { (x1, y1), (x2, y2) ..., (xN, yN)};
Wherein, xjRefer to j-th traffic characteristic sample, yj∈ { -1 ,+1 }, -1 represents the sample to belong to proper set ,+1 table Show that the sample belongs to attack collection;Sample size when N refers to training SVM every time in required training set;Can 50~ 100 values;
(2.2) sample set is adopted to obtain hyperplane according to minor function:
The function meets:
Wherein:W refers to the normal vector of hyperplane, wTRefer to the transposed vector of w;C is positive number constant, for controlling WithBetween relative effect;ξkRefer to slack variable;B refers to hyperplane deviant;K refers to sample in training set Index value;
ykIt is the labelling in training set;Φ () is the mapping from the input space to high-dimensional feature space;
(2.3) seek cost function maximum to solve the convex quadratic programming of SVM by using Suzanne Lenglen number of days multiplication Problem, obtains the normal vector w and side-play amount b of SVM Optimal Separating Hyperplane;Specially:
The function meets:
Wherein, K (xm, xn)=<Φ(xm), Φ (xn)>It is kernel function;
xmAnd xnRefer to the sample in training set;ymAnd ynThe mark value of sample in training set is referred to, is that -1 expression is normal, Represent for+1 and attack;αmAnd αnRefer to Lagrangian number multiplying factor;
(2.4) from attack collection SetAThe N number of sample of middle random choose constitutes first and attacks collection, from proper set SetNIn choose at random N number of sample is selected to constitute the first proper set;
(2.5) the institute's directed quantity attacked first in collection and the first proper set is current according to wherein each vector distance respectively The distance of hyperplane is arranged according to ascending order;First is come apart from the nearest vector of hyperplane, come finally apart from farthest;
(2.6) attack from first and in collection and the first proper set, respectively select N/2 vectorial composing training collection SetT
Picking rule is:Often select one it is vectorial when, with the probability of a% randomly select in front d% data one it is vectorial, With the probability of d% randomly select in rear a% data one it is vectorial;
(2.7) with training set SetTUsed as sample set, repeat step (2.2)~(2.3) update hyperplane;
(2.8) repeat step (2.5)~(2.8), until reaching default frequency of training, obtain hyperplane method vector wf, Side-play amount bf
In the present invention, in the case of step (2) processes lack of balance data set using above-mentioned dynamic optimal subset choosing method SVM training problem, select near the training sample of Optimal Separating Hyperplane, support vector to train support by active Vector machine, can greatly improve the training speed of SVM, and on its final classification without impact.
Preferably, the above-mentioned wireless sense network intrusion detection method based on SVM, in its step (2.6), a takes 95, d take 5.
Preferably, the above-mentioned wireless sense network intrusion detection method based on SVM, its step (3) is including following son Step:
(3.1) network packet is captured from the wireless sense network of operation, extract flow special from the network packet Levy parameter and constitute input vector x;
(3.2) pretreatment is normalized to x according to the method for step (1.4);
(3.3) determine whether to meet wfx+bf≤0;If so, then it is judged to proper network flow;If it is not, being then judged to network Attack.
Preferably, the above-mentioned wireless sense network intrusion detection method based on SVM, in its step (3.1), uses The method gathered data bag of sliding time window is reducing the impact of noise data.
What the present invention was improved has considered wireless sensing based on the wireless sense network intrusion detection method of SVM The each side factor such as the network topology structure of net, communication pattern, training sample be unbalanced, fast and effeciently detecting system can meet with The network attack received;In general, by the contemplated above technical scheme of the present invention compared with prior art, can obtain down Row beneficial effect:
(1) the wireless sense network intrusion detection method based on SVM that the present invention is provided, using machine learning side Method carries out wireless sense network intrusion detection, and the data volume of required attack sample is little;And existing mode identification method is based on sample The enough premises of this quantity, only when sample size tends to infinity, its performance is just guaranteed;And the present invention adopt Support vector machine is not required to substantial amounts of sample and is obtained with grader of good performance, and the algorithm complex of SVM compared with Low, speed is fast, in line service without impact, it is adaptable to online intrusion detection;
(2) the wireless sense network intrusion detection method based on SVM that the present invention is provided, polling order is regarded as Thus cycle polling and event triggering are all unified into event flip-over type communication mode, are adopted by the event that one occurrence frequency is fixed The flow rate mode of each sensor in wireless sense network is described with ON/OFF models;Wireless biography more accurately can be described The flow rate mode of sense net;
(3) the wireless sense network intrusion detection method based on SVM that the present invention is provided, using ON/OFF models The flow rate mode of wireless sense network is accurately described, and wireless sensing Running State is extracted using the Model of network traffic Parameter, without the need for carrying out deep analysis to network message, it is only necessary to extract a small amount of characteristic parameter, you can realize invasion inspection in real time Survey;
Prior art describes the flow rate mode of wireless sense network using Poisson process, as Poisson process can not describe net Burst flow in network and enough characteristic parameters cannot be extracted carry out comprehensive describing system running status;Comparatively, this The isomery working environment that bright method is applied to event triggering with cycle polling and deposits, ensures height by accurate discharge model Verification and measurement ratio and low rate of false alarm;
(4) present invention provide the wireless sense network intrusion detection method based on SVM, to it is existing support to The training method of amount machine is improved, and the support in the case of lack of balance data set is processed by the method that dynamic optimal subset is chosen Vector machine training problem, is selected near the training sample of Optimal Separating Hyperplane, support vector, training SVM by active Process, due to the sample near hyperplane for final training result has main contributions, therefore using the present invention's Method overcomes the defect that the training set of lack of balance causes to train the hyperplane of gained to be partial to proper set;And obtain after training Hyperplane is with the hyperplane obtained using whole training datas closely;In the case that in training set, attack sample is very few Still ideal classifying quality can be obtained, the training speed of SVM is greatly improved, and then is improve invasion The real-time of detection.
Description of the drawings
Fig. 1 is the schematic flow sheet of the wireless sense network intrusion detection method based on SVM that embodiment is provided;
Fig. 2 is the ON/OFF discharge model schematic diagrams set up in embodiment.
Specific embodiment
In order that the objects, technical solutions and advantages of the present invention become more apparent, it is below in conjunction with drawings and Examples, right The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the present invention, and It is not used in the restriction present invention.As long as additionally, technical characteristic involved in invention described below each embodiment Do not constitute conflict each other can just be mutually combined.
The wireless sense network intrusion detection method based on SVM that the present invention is provided, is built to wireless sense network first Vertical discharge model is with accurate description grid traffic behavior;By means of the discharge model, the less spy of scale can be extracted Levy parameter set effectively describing system running status;Then using this feature parameter set as input vector collection, using support vector Machine carrys out the flow rate mode of learning system;SVM Optimal Separating Hyperplane after using training carries out online intrusion detection.
The wireless sense network intrusion detection method based on SVM that embodiment is provided, its flow process is as shown in figure 1, bag Include two stages of off-line learning and on-line checking;In the off-line learning stage, using the substantial amounts of traffic characteristic of ON/OFF model extractions And SVM is trained, obtain the parameter of SVM Optimal Separating Hyperplane;The on-line monitoring stage is then using in off-line learning The Optimal Separating Hyperplane that stage obtains is carrying out online intrusion detection, specific as follows:
Step 1:Data traffic bag in capture network, according to the discharge model for being proposed, extracts required characteristic parameter, Then pretreatment is normalized, concrete step includes:
Step 1.1:Network flow data is obtained using the method for sliding time window, by calculating flow in the time period The average of characteristic parameter is reducing noise jamming;
Step 1.2:Using the ON/OFF discharge models for event flip-over type wireless sense network shown in Fig. 2 to describe it is System network;
In the model, as long as event occurs, either event triggering or cycle polling type sensor, that is, produce one Individual ON states, sensor to leader cluster node transmission data, enter OFF state after completing data transfer in the state;Foundation The model, extracts necessary flow characteristic parameter, including:
The average duration of ON states;
The average duration of OFF state;
λON:Average message transmission rate under ON states;
TIAT:Average time interval under ON states between two packets;
nON:Packet transmission total amount average under ON states;
k:Message transmission rate;
λb:What in the unit interval, cluster head was received comes from the number of the ON states of sensor node;
The data burst degree of sensor node;
Step 1.3:8 feature constructions according to being extracted enter the vector shown in formula (1),
And come from proper network or from the network under by attack state according to network packet, by feature set point For proper set SetNOr attack collection SetA
Step 1.4:Calculate SetNThe average and variance of middle each dimension of vector, is expressed as μiAnd σi.Then to SetNWith SetAIn each vector pretreatment is normalized using formula (2);
Wherein, i represents the index value of feature in vector x;
Step 2:Using training sample set acquired in step 1, SVM is trained;Comprise the following steps that:
Step 2.1:Using the hyperplane that SVM is calculated with following formula (3)~(6);
Above-mentioned function meets:
Above-mentioned function meets:
Wherein:W is the normal vector of hyperplane;
wTRefer to the transposed vector of w;
B is hyperplane deviant;
ykIt is the labelling in training set;
Φ () is the mapping from the input space to high-dimensional feature space;
C is a positive number constant, for controllingWithBetween relative effect;
ξkIt is slack variable;
K(xm, xn)=<Φ(xm), Φ (xn)>It is kernel function;
xmAnd xnRefer to the sample in training set;
ymAnd ynRefer to the mark value of sample in training set;In embodiment, represent normal with -1, attack is represented with+1;
αmAnd αnRefer to Lagrangian number multiplying factor;
Step 2.2:Collect Set from attackingASet is constituted from the N number of sample of random choose, from proper set SetNMiddle random choose N Individual vector constitutes set;
Step 2.3:Two set that step (2.2) is constituted currently are obtained according to each of which vector distance respectively The distance of hyperplane is according to ascending order arrangement institute directed quantity;
Step 2.4:N/2 vectorial, composing training collection is picked out respectively in two set from after step (2.3) sequence SetT;In embodiment, picking rule is:When selection one is vectorial every time, randomly selected in front 5% data with 95% probability One is vectorial, with 5% probability randomly select in rear 95% data one it is vectorial;
Step 2.5:According to above-mentioned formula (3)-(6), using SetTTraining SVM, updates hyperplane;
Step 2.6:Repeat step (2.2)~(2.5), until reaching default frequency of training, obtain hyperplane method vector wf, side-play amount bf;In embodiment, for one based on the monolayer wireless sense network for clustering, default iterationses are 5, that is, repeat Step (2.2)~(2.5) totally 5 times, in each iteration, default SVM frequency of training is 50 times;
Step 3:The SVM that training is obtained is used for online intrusion detection;In system operation, enter online Invading detection includes following sub-step:
Step 3.1:Network packet is captured from the wireless sense network of operation, all streams defined in extraction step 1.2 Measure feature parameter, constitutes input vector x;In embodiment, packet is obtained using sliding time window and reduce noise data Impact;
Step 3.2:Pretreatment is normalized to x using formula (2);
Step 3.3:Calculate wfx+bf;If wfx+bf≤ 0, then it is judgement proper network flow;If wfx+bf> 0, then judge For network attack.
The iterationses and each iteration of adjusting training SVM in the said method that embodiment is provided, can be passed through The size of middle training set carrys out adjusting training speed.
As it will be easily appreciated by one skilled in the art that the foregoing is only presently preferred embodiments of the present invention, not to The present invention, all any modification, equivalent and improvement made within the spirit and principles in the present invention etc. are limited, all should be included Within protection scope of the present invention.

Claims (7)

1. a kind of wireless sense network intrusion detection method based on SVM, it is characterised in that comprise the steps:
(1) discharge model of wireless sense network is set up, flow is extracted from network traffic data bag according to the discharge model special Parameter is levied, and the traffic characteristic parameter is normalized;Wherein, the discharge model is used for descriptive system network Flow rate mode;
(2) by using the traffic characteristic parameter training SVM come the flow rate mode of learning system network;
(3) online intrusion detection is carried out using trained SVM.
2. wireless sense network intrusion detection method as claimed in claim 1, it is characterised in that the step (1) is including as follows Sub-step:
(1.1) flow rate mode of each sensor in wireless sense network is described using ON/OFF models;
(1.2) using following traffic characteristic parameter describing the traffic characteristic of each sensor node in detail:
The average duration of ON states;
The average duration of OFF state;
λON:Average message transmission rate under ON states;
TIAT:Average time interval under ON states between two packets;
nON:Packet transmission total amount average under ON states;
k:Message transmission rate;
λb:What in the unit interval, cluster head was received comes from the number of the ON states of sensor node;
The data burst degree of sensor node;
(1.3) network packet is gathered, traffic characteristic parameter is extracted from the network packet according to the ON/OFF models,
According to the traffic characteristic parameter construction feature collection
And come from proper network or from the network under by attack state according to network packet, feature set is just divided into Often collect SetNOr attack collection SetA
(1.4) obtain proper set SetNThe mean μ of each each dimension of vectoriAnd variances sigmai
And each vector that proper set and attack are concentrated is normalized using below equation:
x i &prime; = ( x i - &mu; i ) &sigma; i ;
Wherein, xiRefer to i-th parameter in vector.
3. wireless sense network intrusion detection method as claimed in claim 2, it is characterised in that the step (2) is including as follows Sub-step:
(2.1) from attack collection SetAWith proper set SetNIn N/2 sample of each random choose, constitute sample set { (x1, y1), (x2, y2) ..., (xN, yN)};
Wherein, xjRefer to j-th traffic characteristic sample, yjWith -1, ∈ { -1 ,+1 }, represents that the sample belongs to proper set, is represented with+1 The sample belongs to attack collection;Sample size when N refers to training SVM every time in required training set;
(2.2) hyperplane is obtained according to minor function:
Above-mentioned function meets:
&ForAll; k , y k ( w T &Phi; ( x k ) + b ) &GreaterEqual; 1 - &xi; k
&ForAll; k , &xi; k &GreaterEqual; 0
Wherein, w refers to the normal vector of hyperplane, wTRefer to the transposed vector of w;C is positive number constant, for controllingWithBetween relative effect;ξkRefer to slack variable;B refers to hyperplane deviant;K refers to the index of sample in training set Value;ykIt is the labelling in training set;Φ () refers to the mapping from the input space to high-dimensional feature space;
(2.3) convex quadratic programming for seeking cost function maximum to solve SVM by using Suzanne Lenglen number of days multiplication is asked Topic, obtains the normal vector w and side-play amount b of SVM Optimal Separating Hyperplane, specially:
max W ( &alpha; ) &equiv; &Sigma; m = 1 N &alpha; m - 1 2 &Sigma; m , n = 1 N &alpha; m &alpha; n y m y n K ( x m , x n )
Above-mentioned function meets:
&ForAll; m , 0 &le; &alpha; m &le; C
&Sigma; m = 1 N &alpha; m y m = 0
Wherein, K (xm, xn)=<Ф(xm), Ф (xn)>It is kernel function;
xmAnd xnRefer to the sample in training set;ymAnd ynRefer to the mark value of sample in training set;αmAnd αnRefer to Lagrange Number multiplying factor;
(2.4) from attack collection SetAThe N number of sample of middle random choose constitutes first and attacks collection, from proper set SetNMiddle random choose is N number of Sample constitutes the first proper set;
(2.5) the institute's directed quantity attacked described first in collection and the first proper set is current according to wherein each vector distance respectively The distance of hyperplane is arranged according to ascending order;
(2.6) attack from described first and in collection and the first proper set, respectively select N/2 vectorial composing training collection SetT
(2.7) with training set SetTUsed as sample set, repeat step (2.2)~(2.3) update hyperplane;
(2.8) repeat step (2.5)~(2.8), until reaching default frequency of training, obtain hyperplane method vector wf, side-play amount bf
4. wireless sense network intrusion detection method as claimed in claim 3, it is characterised in that select in the step (2.6) The vectorial rule of composing training collection is:When selecting some vectorial, one is randomly selected with the probability of a% in front d% data Vector, with the probability of d% randomly select in rear a% data one it is vectorial.
5. wireless sense network intrusion detection method as claimed in claim 4, it is characterised in that a takes 95, d and takes 5.
6. wireless sense network intrusion detection method as claimed in claim 1 or 2, it is characterised in that the step (3) include as Lower sub-step:
(3.1) network packet is captured from the wireless sense network of operation, traffic characteristic ginseng is extracted from the network packet Number constitutes input vector x;
(3.2) pretreatment is normalized to x according to the method for step (1.4);
(3.3) determine whether to meet ωfx+bf≤0;If so, then it is judged to proper network flow;If it is not, being then judged to that network is attacked Hit.
7. wireless sense network intrusion detection method as claimed in claim 6, it is characterised in that in the step (3.1), adopts Sliding time window is obtaining packet to reduce the impact of noise data.
CN201610943016.5A 2016-10-26 2016-10-26 A kind of wireless sense network intrusion detection method based on SVM Active CN106559416B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610943016.5A CN106559416B (en) 2016-10-26 2016-10-26 A kind of wireless sense network intrusion detection method based on SVM

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610943016.5A CN106559416B (en) 2016-10-26 2016-10-26 A kind of wireless sense network intrusion detection method based on SVM

Publications (2)

Publication Number Publication Date
CN106559416A true CN106559416A (en) 2017-04-05
CN106559416B CN106559416B (en) 2018-01-26

Family

ID=58443479

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610943016.5A Active CN106559416B (en) 2016-10-26 2016-10-26 A kind of wireless sense network intrusion detection method based on SVM

Country Status (1)

Country Link
CN (1) CN106559416B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108093406A (en) * 2017-11-29 2018-05-29 重庆邮电大学 A kind of wireless sense network intrusion detection method based on integrated study
CN109918900A (en) * 2019-01-28 2019-06-21 深圳市赛梅斯凯科技有限公司 Sensor attack detection method, device, equipment and computer readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101557327A (en) * 2009-03-20 2009-10-14 扬州永信计算机有限公司 Intrusion detection method based on support vector machine (SVM)
CN102291392A (en) * 2011-07-22 2011-12-21 中国电力科学研究院 Hybrid intrusion detection method based on bagging algorithm
CN102420723A (en) * 2011-12-14 2012-04-18 南京邮电大学 Anomaly detection method for various kinds of intrusion

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101557327A (en) * 2009-03-20 2009-10-14 扬州永信计算机有限公司 Intrusion detection method based on support vector machine (SVM)
CN102291392A (en) * 2011-07-22 2011-12-21 中国电力科学研究院 Hybrid intrusion detection method based on bagging algorithm
CN102420723A (en) * 2011-12-14 2012-04-18 南京邮电大学 Anomaly detection method for various kinds of intrusion

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108093406A (en) * 2017-11-29 2018-05-29 重庆邮电大学 A kind of wireless sense network intrusion detection method based on integrated study
CN108093406B (en) * 2017-11-29 2021-02-02 重庆邮电大学 Wireless sensor network intrusion detection method based on ensemble learning
CN109918900A (en) * 2019-01-28 2019-06-21 深圳市赛梅斯凯科技有限公司 Sensor attack detection method, device, equipment and computer readable storage medium

Also Published As

Publication number Publication date
CN106559416B (en) 2018-01-26

Similar Documents

Publication Publication Date Title
CN110011999B (en) IPv6 network DDoS attack detection system and method based on deep learning
CN109600363B (en) Internet of things terminal network portrait and abnormal network access behavior detection method
CN103581186B (en) A kind of network security situational awareness method and system
CN102647292B (en) Intrusion detecting method based on semi-supervised neural network
CN106131017B (en) Cloud computing information security visualization system based on trust computing
CN104935600A (en) Mobile ad hoc network intrusion detection method and device based on deep learning
CN106878995A (en) A kind of wireless sensor network Exception Type discrimination method based on perception data
CN103532949B (en) Self adaptation wooden horse communication behavior detection method based on dynamical feedback
CN112788066B (en) Abnormal flow detection method and system for Internet of things equipment and storage medium
CN106713371A (en) Fast Flux botnet detection method based on DNS anomaly mining
CN105577685A (en) Intrusion detection independent analysis method and system in cloud calculation environment
CN102789593A (en) Intrusion detection method based on incremental GHSOM (Growing Hierarchical Self-organizing Maps) neural network
CN106604267A (en) Dynamic self-adapting wireless sensor network invasion detection intelligence algorithm
CN103152222B (en) A kind of Intrusion Detection based on host group character detects speed and becomes the method for attacking domain name
CN109257749B (en) Dynamic topology-oriented wireless sensor network self-adaptive layered intrusion detection method
CN109670302B (en) SVM-based classification method for false data injection attacks
CN106685984A (en) Network threat analysis system and method based on data pocket capture technology
CN108494802A (en) Key message infrastructure security based on artificial intelligence threatens Active Defending System Against
CN109688154B (en) Network intrusion detection model establishing method and network intrusion detection method
CN108347442B (en) The method and system of interest packet extensive aggression are detected in content center network
CN103338451A (en) Method for detecting distributed malicious nodes in wireless sensor network
Rahman et al. PHY/MAC layer attack detection system using neuro-fuzzy algorithm for IoT network
CN106559416A (en) A kind of wireless sense network intrusion detection method based on SVM
CN111314910A (en) Novel wireless sensor network abnormal data detection method for mapping isolation forest
CN101594352B (en) Classifying fusion intrusion detection method based on novel discovery and window function

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant