CN106559416B - A kind of wireless sense network intrusion detection method based on SVM - Google Patents

A kind of wireless sense network intrusion detection method based on SVM Download PDF

Info

Publication number
CN106559416B
CN106559416B CN201610943016.5A CN201610943016A CN106559416B CN 106559416 B CN106559416 B CN 106559416B CN 201610943016 A CN201610943016 A CN 201610943016A CN 106559416 B CN106559416 B CN 106559416B
Authority
CN
China
Prior art keywords
network
intrusion detection
normal
wireless sensor
training
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610943016.5A
Other languages
Chinese (zh)
Other versions
CN106559416A (en
Inventor
周纯杰
黄开兴
彭源
秦元庆
涂伟勋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN201610943016.5A priority Critical patent/CN106559416B/en
Publication of CN106559416A publication Critical patent/CN106559416A/en
Application granted granted Critical
Publication of CN106559416B publication Critical patent/CN106559416B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • H04L43/103Active monitoring, e.g. heartbeat, ping or trace-route with adaptive polling, i.e. dynamically adapting the polling rate
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of wireless sense network intrusion detection method based on SVM, the flow rate mode of grid is described by establishing the discharge model of wireless sense network first, traffic characteristic parameter is extracted from network traffic data bag according to the discharge model, and traffic characteristic parameter is normalized;SVM, the flow rate mode of learning system network are trained by above-mentioned traffic characteristic parameter;Online intrusion detection is carried out using trained SVM;This wireless sense network intrusion detection method provided by the invention, wireless sense network running state parameter is extracted using Model of network traffic, without carrying out deep analysis to network message, only need to extract a small amount of characteristic parameter, real-time intrusion detection can be achieved, and can be universally used in the intrusion detection of cycle polling type and event flip-over type wireless sense network;While practicality is ensured, drastically increase verification and measurement ratio, reduce rate of false alarm.

Description

Wireless sensor network intrusion detection method based on support vector machine
Technical Field
The invention belongs to the technical field of wireless sensor network information safety protection, and particularly relates to a wireless sensor network intrusion detection method based on a support vector machine.
Background
With the rapid development of wireless transmission technology, low-power processors and embedded computing technology, wireless sensor networks are more and more widely applied; because the sensors of the wireless sensor network are mostly deployed in an unattended environment, the wireless sensor network is easy to be attacked by a malicious network. The intrusion detection system can be used as an intelligent system capable of actively discovering attacks and providing alarm information and can be used as a second defense line of the system.
Aiming at the prior intrusion detection technology of the wireless sensor network, such as the invention patent application (CN 201510606829.0), the thesis of Chongqing post and telecommunications university (Nature science edition) 2016 (article 1, wireless sensor network intrusion detection genetic Algorithm based on information entropy), the intrusion detection method is characterized in that the header information of all messages is analyzed, and then the network characteristics are extracted and the attack is detected; the method can work normally when the network scale is small, but the method cannot be used in a large-scale and large-data-volume wireless sensor network due to the fact that excessive system resources are occupied. In order to reduce the electricity consumption of the sensors as much as possible, more and more wireless sensor networks adopt a communication mode triggered by events, the sensors do not send data at ordinary times, and only when specific events are detected, information is transmitted to the cluster head nodes; compared with a periodic polling working mode, event triggering brings more uncertain factors to the network, so that network flow in the system is sudden; how to detect attacks in heterogeneous environments with both periodic polling and event triggering is a huge challenge.
Disclosure of Invention
Aiming at the defects or the improvement requirements of the prior art, the invention provides a wireless sensor network intrusion detection method based on a support vector machine, and aims to improve the detection rate of detecting attacks in a heterogeneous environment with both periodic polling and event triggering and reduce the false alarm rate.
In order to achieve the above object, according to an aspect of the present invention, there is provided a method for detecting intrusion of a wireless sensor network based on a support vector machine, including the steps of:
(1) Establishing a flow model of a wireless sensor network, extracting flow characteristic parameters from a network data flow packet according to the flow model, and carrying out normalization processing on the flow characteristic parameters; the flow model is used for describing the flow mode of the system network;
(2) Learning a flow mode of a system network by training a support vector machine by adopting the flow characteristic parameters;
(3) And carrying out online intrusion detection by adopting a trained support vector machine.
Preferably, the intrusion detection method for the wireless sensor network based on the support vector machine includes the following substeps in step (1):
(1.1) describing the flow mode of each sensor in the wireless sensor network by adopting an ON/OFF model;
wherein, the ON/OFF model comprises an ON state and an OFF state, and belongs to the ON state when the sensor is in a data transmission stage; when no data is transmitted on the sensor, the sensor is in an OFF state;
(1.2) the flow characteristics of each sensor node are described in detail by adopting the following flow characteristic parameters:
an average duration of the ON state;
average duration of the OFF state;
λ ON : average data transmission rate in ON state;
T IAT : average time interval between two data packets in ON state;
n ON : average data packet transmission amount in ON state;
k: a data transmission rate;
λ b : the number of ON states received by the cluster head in unit time from the sensor nodes;
degree of data burstiness of the sensor node;
(1.3) collecting a network data packet, and extracting flow characteristic parameters from the network data packet according to the ON/OFF model;
constructing a characteristic set according to the flow characteristic parameters
And according to network data packet fromDividing the feature Set into a normal Set or a network from which the attack is caused N Or attack Set A
(1.4) obtaining the Normal Set N Mean value μ of each dimension of the respective quantity i Sum variance σ i
And carrying out normalization processing on each vector in the normal set and the attack set by adopting the following formula:
wherein x is i Refers to the ith parameter in the vector.
Preferably, the intrusion detection method for the wireless sensor network based on the support vector machine includes the following substeps in step (2):
(2.1) Set from attack Set A And Set of Normal Set N Selecting N/2 samples at random to form a sample set { (x) 1 ,y 1 ),(x 2 ,y 2 ),...,(x N ,y N )};
Wherein x is j Refers to the jth flow characteristic sample, y i E { -1, +1}, -1 denotes that the sample belongs to the normal set, and +1 denotes that the sample belongs to the attack set; n refers to the number of samples in a training set required for training a support vector machine each time; can be taken from 50 to 100;
(2.2) acquiring a hyperplane by adopting the sample set according to the following functions:
the function satisfies:
wherein: w is the normal vector of the hyperplane, w T Refers to the transposed vector of w; c is a positive constant for controlAndthe relative influence therebetween; xi k Refers to the relaxation variable; b refers to a hyperplane offset value; k is an index value of a sample in the training set;
y k is a marker in the training set; Φ (-) is the mapping from the input space to the high-dimensional feature space;
(2.3) Using the sample set { (x) constructed in step (2.1) 1 ,y 1 ),(x 2 ,y 2 ),...,(x N ,y N ) Solving the convex quadratic programming problem of the support vector machine by solving the maximum value of the cost function through Lagrange number multiplication to obtain a normal vector w and an offset b of the classification hyperplane of the support vector machine; the method comprises the following specific steps:
the function satisfies:
wherein, K (x) m ,x n )=<Φ(x m ),Φ(x n )&gt is a kernel function;
x m and x n Refers to samples in a training set; y is m And y n Means thatThe mark value of the sample in the training set is-1, which indicates normal, and +1, which indicates attack; alpha is alpha m And alpha n Is lagrange number multiplication coefficient;
(2.4) Set from attack Set A Randomly selecting N samples to form a first attack Set, and selecting a normal Set N Randomly selecting N samples to form a first normal set;
(2.5) arranging all vectors in the first attack set and the first normal set according to the distance between each vector and the current hyperplane in an ascending order; that is, the vector closest to the hyperplane is ranked first, and the vector farthest from the hyperplane is ranked last;
(2.6) respectively selecting N/2 vectors from the first attack Set and the first normal Set which are subjected to ascending arrangement in the step (2.5) to form a training Set T
The selection rule is as follows: when selecting a vector, randomly selecting a vector from the front d% data according to the probability of a%, and randomly selecting a vector from the rear a% data according to the probability of d%;
(2.7) Set with training Set T As a sample set, repeating the steps (2.2) - (2.3) to update the hyperplane;
(2.8) repeating the steps (2.4) - (2.7) until the preset training times are reached, and obtaining the hyperplane normal vector w f Offset b f
In the invention, the problem of training the support vector machine under the condition of an unbalanced data set is solved by adopting the dynamic optimal subset selection method in the step (2), and the support vector machine is trained by actively selecting the training samples and the support vectors close to the classification hyperplane, so that the training speed of the support vector machine can be greatly improved, and the final classification performance of the support vector machine is not influenced.
Preferably, in the intrusion detection method for the wireless sensor network based on the support vector machine, in the step (2.6), a is 95, and d is 5.
Preferably, the intrusion detection method for the wireless sensor network based on the support vector machine includes the following substeps in step (3):
(3.1) capturing a network data packet from the running wireless sensor network, and extracting the flow characteristic parameters defined in the step (1.2) from the network data packet to form an input vector x;
(3.2) carrying out normalization pretreatment on x according to the method in the step (1.4);
(3.3) determination of whether or not w is satisfied f x+b f Less than or equal to 0; if yes, judging the network flow to be normal; if not, the network attack is determined.
Preferably, in the intrusion detection method for the wireless sensor network based on the support vector machine, in step (3.1), a data packet is collected by using a sliding time window method to reduce the influence of noise data.
The improved intrusion detection method of the wireless sensor network based on the support vector machine comprehensively considers the network topology structure, the communication mode, the unbalanced training samples and other factors of the wireless sensor network, and can quickly and effectively detect the network attack suffered by the system; in general, compared with the prior art, the above technical solution contemplated by the present invention can achieve the following beneficial effects:
(1) The intrusion detection method of the wireless sensor network based on the support vector machine, provided by the invention, adopts a machine learning method to carry out intrusion detection of the wireless sensor network, and the data volume of the sample to be attacked is small; the existing pattern recognition method is based on the premise that the number of samples is enough, and the performance of the existing pattern recognition method is guaranteed only when the number of samples tends to be infinite; the support vector machine adopted by the invention can obtain the classifier with good performance without a large number of samples, has low algorithm complexity, high speed and no influence on online service, and is suitable for online intrusion detection;
(2) The invention provides a wireless sensor network intrusion detection method based ON a support vector machine, which treats a polling command as an event with fixed occurrence frequency, thereby integrating periodic polling and event triggering into an event-triggered communication mode, and describing the flow mode of each sensor in the wireless sensor network by adopting an ON/OFF model; the flow mode of the wireless sensor network can be described more accurately;
(3) The wireless sensor network intrusion detection method based ON the support vector machine provided by the invention adopts the ON/OFF model to accurately describe the flow mode of the wireless sensor network, and uses the network flow model to extract the running state parameters of the wireless sensor network, does not need to carry out deep analysis ON network messages, and only needs to extract a small amount of characteristic parameters to realize real-time intrusion detection;
in the prior art, a flow mode of a wireless sensor network is described by adopting a poisson process, and the poisson process cannot describe burst flow in the network and cannot extract enough characteristic parameters to comprehensively depict the running state of a system; in comparison, the method is suitable for heterogeneous working environments with event triggering and periodic polling, and high detection rate and low false alarm rate are guaranteed through an accurate flow model;
(4) The invention provides a wireless sensor network intrusion detection method based on a support vector machine, which improves the training method of the existing support vector machine, processes the training problem of the support vector machine under the condition of an unbalanced data set by a method of selecting a dynamic optimal subset, and actively selects a training sample, a support vector and a training support vector machine which are close to a classified hyperplane, and the sample near the hyperplane has main contribution to the final training result, so the method overcomes the defect that the hyperplane obtained by training is biased to a normal set due to the unbalanced training set; and the hyperplane obtained after training is very close to the hyperplane obtained by using all training data; the method can still obtain a relatively ideal classification effect under the condition of too few attack samples in the training set, greatly improves the training speed of the support vector machine, and further improves the real-time performance of intrusion detection.
Drawings
Fig. 1 is a schematic flowchart of an intrusion detection method for a wireless sensor network based on a support vector machine according to an embodiment;
FIG. 2 is a schematic diagram of the ON/OFF flow model established in the example.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
The invention provides a wireless sensor network intrusion detection method based on a support vector machine, which comprises the steps of firstly establishing a flow model for a wireless sensor network to accurately describe the network flow behavior of a system; by means of the flow model, a characteristic parameter set with a small scale can be extracted to effectively depict the system running state; then, taking the characteristic parameter set as an input vector set, and learning the flow pattern of the system by using a support vector machine; and (5) classifying the hyperplane by using the trained support vector machine to perform online intrusion detection.
The flow of the intrusion detection method for the wireless sensor network based on the support vector machine provided by the embodiment is shown in fig. 1, and the intrusion detection method comprises two stages of off-line learning and on-line detection; in an OFF-line learning stage, extracting a large amount of flow characteristics by using an ON/OFF model and training a support vector machine to obtain parameters of a classification hyperplane of the support vector machine; in the online monitoring stage, the classification hyperplane obtained in the offline learning stage is used for online intrusion detection, which specifically comprises the following steps:
step 1: capturing a data flow packet in a network, extracting required characteristic parameters according to a proposed flow model, and then carrying out normalization pretreatment, wherein the specific steps comprise:
step 1.1: acquiring network flow data by using a sliding time window method, and reducing noise interference by calculating the mean value of flow characteristic parameters in the time period;
step 1.2: describing a system network by adopting an ON/OFF flow model for the event-triggered wireless sensor network shown in FIG. 2;
in the model, as long as an event occurs, no matter the event triggers or periodically polls the sensor, an ON state is generated, the sensor transmits data to the cluster head node in the ON state, and the sensor enters an OFF state after completing data transmission; according to the model, the required flow characteristic parameters are extracted, and the method comprises the following steps:
an average duration of the ON state;
average duration of the OFF state;
λ ON : average data transmission rate in ON state;
T IAT : average time interval between two data packets in ON state;
n ON : average data packet transmission amount in ON state;
k: a data transmission rate;
λ b : the number of ON states received by the cluster head in unit time from the sensor nodes;
degree of data burstiness of the sensor node;
step 1.3: constructing a vector shown in an expression (1) according to the extracted 8 features,
and dividing the feature Set into a normal Set according to whether the network data packet comes from a normal network or from a network in an attacked state N Or attack Set A
Step 1.4: meterSet calculation N Mean and variance of each dimension of the medium vector, expressed as μ i And σ i . Then to Set N And Set A Each vector in the vector is subjected to normalization pretreatment by adopting a formula (2);
wherein i represents the index value of the feature in the vector x;
step 2: training a support vector machine by using the training sample set obtained in the step 1; the method comprises the following specific steps:
step 2.1: calculating a hyperplane of a support vector machine using the following equations (3) to (6);
the above function satisfies:
the function satisfies:
wherein: w is the normal vector of the hyperplane;
w T refers to the transposed vector of w;
b is a hyperplane offset value;
y k is a marker in the training set;
Φ (-) is the mapping from the input space to the high-dimensional feature space;
c is a positive constant for controllingAndthe relative influence therebetween;
ξ k is a relaxation variable;
K(x m ,x n )=<Φ(x m ),Φ(x n )&gt is a kernel function;
x m and x n Refers to samples in a training set;
y m and y n The method comprises the steps of (1) indicating a mark value of a sample in a training set; in the examples, normal is represented by-1 and attack is represented by + 1;
α m and alpha n Is lagrange number multiplication coefficient;
step 2.2: set from attack Set A Randomly selecting N samples to form a Set, and setting from a normal Set N Randomly selecting N vectors to form a set;
step 2.3: arranging all vectors in ascending order according to the distance between each vector and the currently obtained hyperplane in the two sets formed in the step (2.2);
step 2.4: selecting N/2 vectors from the two sets after the sorting in the step (2.3) to form a training Set T (ii) a In an embodiment, the selection rule is: when a vector is selected each time, randomly selecting a vector from the first 5% of data with a probability of 95%, and randomly selecting a vector from the second 95% of data with a probability of 5%;
step 2.5: according to the above equations (3) - (6), set is used T Training a support vector machine and updating the hyperplane;
step 2.6: repeating the steps (2.2) - (2.5) until reaching the preset training times, and obtaining the hyperplane normal vector w f Offset b f (ii) a In the embodiment, for a single-layer wireless sensor network based on clustering, the preset number of iterations is 5, that is, the steps (2.2) - (2.5) are repeated for 5 times, and the preset number in each iteration isThe training times of the support vector machine are 50 times;
and 3, step 3: using a support vector machine obtained by training for online intrusion detection; in the operation process of the system, the online intrusion detection comprises the following sub-steps:
step 3.1: capturing a network data packet from an operating wireless sensor network, extracting all flow characteristic parameters defined in the step 1.2, and forming an input vector x; in an embodiment, the data packets are acquired using a sliding time window to reduce the effects of noisy data;
step 3.2: carrying out normalization pretreatment on x by using an equation (2);
step 3.3: calculating w f x+b f (ii) a If w f x+b f If the network flow is less than or equal to 0, judging the normal network flow; if w f x+b f If the judgment result is more than 0, the network attack is judged.
In the above method provided by the embodiment, the training speed can be adjusted by adjusting the number of iterations of training the support vector machine and the size of the training set in each iteration.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (6)

1. A wireless sensor network intrusion detection method based on a support vector machine is characterized by comprising the following steps:
(1) Establishing a flow model of a wireless sensor network, extracting flow characteristic parameters from a network data flow packet according to the flow model, and carrying out normalization processing on the flow characteristic parameters; wherein the traffic model is used for describing a traffic pattern of the system network;
the step (1) comprises the following substeps:
(1.1) describing the flow mode of each sensor in the wireless sensor network by adopting an ON/OFF model;
(1.2) the flow characteristics of each sensor node are described in detail by adopting the following flow characteristic parameters:
an average duration of the ON state;
average duration of the OFF state;
λ ON : average data transmission rate in ON state;
T IAT : average time interval between two data packets in ON state;
n ON : average total amount of data packet transmission in ON state;
k: a data transmission rate;
λ b : the number of ON states received by the cluster head from the sensor node in unit time;
degree of data burstiness of the sensor node;
(1.3) collecting network data packets, extracting flow characteristic parameters from the network data packets according to the ON/OFF model,
constructing a feature set according to the flow feature parameters
And dividing the feature Set into a normal Set according to whether the network data packet comes from a normal network or from a network in an attacked state N Or attack Set A
(1.4) obtaining the Normal Set N Mean value μ of each dimension of the respective quantity i Sum variance σ i
And carrying out normalization processing on each vector in the normal set and the attack set by adopting the following formula:
wherein x is i Refers to the ith parameter in the vector;
(2) Learning a traffic pattern of a system network by training a support vector machine using the traffic feature parameters;
(3) And carrying out online intrusion detection by adopting a trained support vector machine.
2. The intrusion detection method for the wireless sensor network according to claim 1, wherein the step (2) comprises the following sub-steps:
(2.1) Set from attack Set A And Set of Normal Set N In each of the N/2 samples, a sample set is formed 1 ,y 1 ),(x 2 ,y 2 ),...,(x N ,y N )};
Wherein x is j Refers to the jth flow characteristic sample, y j E { -1, +1}, with-1 indicating that the sample belongs to the normal set and +1 indicating that the sample belongs to the attack set; n refers to the number of samples in a training set required for training a support vector machine each time;
(2.2) obtaining the hyperplane according to the following function:
the above function satisfies:
wherein w is the normal vector of the hyperplane, w T Refers to the transposed vector of w; c is a positive constant for controllingSystem for makingAnd withThe relative influence therebetween; xi k Refers to the relaxation variable; b refers to a hyperplane offset value; k is an index value of a sample in the training set; y is k Is a marker in the training set; Φ (-) refers to the mapping from the input space to the high-dimensional feature space;
(2.3) Using the sample set { (x) constructed in step (2.1) 1 ,y 1 ),(x 2 ,y 2 ),...,(x N ,y N ) Solving the convex quadratic programming problem of the support vector machine by using Lagrange number multiplication to solve the maximum value of the cost function, and obtaining the normal vector w and the offset b of the classification hyperplane of the support vector machine, wherein the method specifically comprises the following steps:
the above function satisfies:
wherein, K (x) m ,x n )=<Φ(x m ),Φ(x n )&gt, is the kernel function,<,&the symbol represents the vector inner product;
x m and x n Refers to samples in a training set; y is m And y n The method comprises the steps of (1) indicating a mark value of a sample in a training set; alpha is alpha n And alpha n Refers to lagrange multiplication coefficient;
(2.4) Set from attack Set A In the random selection of N samples to form the secondAn attack Set, set from the Normal Set N Randomly selecting N samples to form a first normal set;
(2.5) arranging all vectors in the first attack set and the first normal set according to the distance between each vector and the current hyperplane in an ascending order;
(2.6) respectively selecting N/2 vectors from the first attack Set and the first normal Set which are subjected to ascending arrangement in the step (2.5) to form a training Set T
(2.7) Set with training Set T As a sample set, repeating the steps (2.2) - (2.3) to update the hyperplane;
(2.8) repeating the steps (2.4) - (2.7) until the preset training times are reached, and obtaining the hyperplane normal vector w f Offset b f
3. The intrusion detection method for the wireless sensor network according to claim 2, wherein the vector rule selected in the step (2.6) to form the training set is: when a certain vector is selected, one vector is randomly selected from the front d% data according to the probability of a%, and one vector is randomly selected from the rear a% data according to the probability of d%.
4. The wireless sensor network intrusion detection method of claim 3, wherein a is 95 and d is 5.
5. The intrusion detection method for the wireless sensor network according to claim 1, wherein the step (3) comprises the following sub-steps:
(3.1) capturing a network data packet from the running wireless sensor network, and extracting the flow characteristic parameters defined in the step (1.2) from the network data packet to form an input vector x;
(3.2) carrying out normalization pretreatment on x according to the method in the step (1.4);
(3.3) determination of whether or not w is satisfied f x+b f Less than or equal to 0; if yes, judging the network flow to be normal; if not, the network attack is determined.
6. The intrusion detection method for a wireless sensor network according to claim 5, wherein in the step (3.1), a sliding time window is used to acquire the data packets to reduce the influence of noise data.
CN201610943016.5A 2016-10-26 2016-10-26 A kind of wireless sense network intrusion detection method based on SVM Active CN106559416B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610943016.5A CN106559416B (en) 2016-10-26 2016-10-26 A kind of wireless sense network intrusion detection method based on SVM

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610943016.5A CN106559416B (en) 2016-10-26 2016-10-26 A kind of wireless sense network intrusion detection method based on SVM

Publications (2)

Publication Number Publication Date
CN106559416A CN106559416A (en) 2017-04-05
CN106559416B true CN106559416B (en) 2018-01-26

Family

ID=58443479

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610943016.5A Active CN106559416B (en) 2016-10-26 2016-10-26 A kind of wireless sense network intrusion detection method based on SVM

Country Status (1)

Country Link
CN (1) CN106559416B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108093406B (en) * 2017-11-29 2021-02-02 重庆邮电大学 Wireless sensor network intrusion detection method based on ensemble learning
CN109918900B (en) * 2019-01-28 2022-08-16 锦图计算技术(深圳)有限公司 Sensor attack detection method, device, equipment and computer readable storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101557327A (en) * 2009-03-20 2009-10-14 扬州永信计算机有限公司 Intrusion detection method based on support vector machine (SVM)
CN102291392B (en) * 2011-07-22 2015-03-25 中国电力科学研究院 Hybrid intrusion detection method based on Bagging algorithm
CN102420723A (en) * 2011-12-14 2012-04-18 南京邮电大学 Anomaly detection method for various kinds of intrusion

Also Published As

Publication number Publication date
CN106559416A (en) 2017-04-05

Similar Documents

Publication Publication Date Title
CN108632279B (en) Multilayer anomaly detection method based on network traffic
Cheng et al. MS-LSTM: A multi-scale LSTM model for BGP anomaly detection
O'Reilly et al. Anomaly detection in wireless sensor networks in a non-stationary environment
Fawzy et al. Outliers detection and classification in wireless sensor networks
CN106604267B (en) A kind of wireless sensor network intrusion detection intelligent method of dynamic self-adapting
CN103532949B (en) Self adaptation wooden horse communication behavior detection method based on dynamical feedback
Jiang et al. Outlier detection approaches based on machine learning in the internet-of-things
CN108601026B (en) Perception data error attack detection method based on random sampling consistency
Peng et al. Network intrusion detection based on deep learning
CN108322445A (en) A kind of network inbreak detection method based on transfer learning and integrated study
CN111209563A (en) Network intrusion detection method and system
Sadiq et al. An efficient ids using hybrid magnetic swarm optimization in wanets
Bodström et al. State of the art literature review on network anomaly detection with deep learning
CN107276999B (en) Event detection method in wireless sensor network
CN106559416B (en) A kind of wireless sense network intrusion detection method based on SVM
CN111314910B (en) Wireless sensor network abnormal data detection method for mapping isolation forest
Ghalehgolabi et al. Intrusion detection system using genetic algorithm and data mining techniques based on the reduction
CN112887326A (en) Intrusion detection method based on edge cloud cooperation
Zhang et al. A scalable network intrusion detection system towards detecting, discovering, and learning unknown attacks
Wu et al. Online dynamic event region detection using distributed sensor networks
Jingjing et al. Intrusion Detection Model for Wireless Sensor Networks Based on MC‐GRU
Sun et al. Dynamic adaptive trust management system in wireless sensor networks
CN112422546A (en) Network anomaly detection method based on variable neighborhood algorithm and fuzzy clustering
Qi Computer Real-Time Location Forensics Method for Network Intrusion Crimes.
Ghorbel et al. One class outlier detection method in wireless sensor networks: Comparative study

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant