CN109064694B - Intrusion detection method and device, computer equipment and storage medium - Google Patents
Intrusion detection method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN109064694B CN109064694B CN201810958531.XA CN201810958531A CN109064694B CN 109064694 B CN109064694 B CN 109064694B CN 201810958531 A CN201810958531 A CN 201810958531A CN 109064694 B CN109064694 B CN 109064694B
- Authority
- CN
- China
- Prior art keywords
- intrusion
- sample
- continuous
- state information
- channel state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B13/00—Burglar, theft or intruder alarms
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B13/00—Burglar, theft or intruder alarms
- G08B13/22—Electrical actuation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B17/00—Monitoring; Testing
- H04B17/30—Monitoring; Testing of propagation channels
- H04B17/309—Measuring or estimating channel quality parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/02—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas
- H04B7/04—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas
- H04B7/06—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the transmitting station
- H04B7/0613—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the transmitting station using simultaneous transmission
- H04B7/0615—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the transmitting station using simultaneous transmission of weighted versions of same signal
- H04B7/0619—Diversity systems; Multi-antenna system, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the transmitting station using simultaneous transmission of weighted versions of same signal using feedback from receiving side
- H04B7/0621—Feedback content
- H04B7/0626—Channel coefficients, e.g. channel state information [CSI]
Abstract
The invention discloses an intrusion detection method, an intrusion detection device, computer equipment and a storage medium. The intrusion detection method comprises the following steps: acquiring at least two pieces of actual measurement channel state information within a preset acquisition time limit according to a preset acquisition frequency, and acquiring an actual measurement subcarrier matrix corresponding to each piece of actual measurement channel state information; comparing each actually measured subcarrier matrix with each sample subcarrier matrix in a preset sample library one by one to obtain the instantaneous invasiveness of the actually measured channel state information; storing each instantaneous intrusion according to a preset sequence to form a continuous intrusion queue, and acquiring a continuous intrusion ratio based on the continuous intrusion queue; and if the continuous intrusion ratio exceeds a first threshold value, presetting a channel intrusion detection result in the acquisition time limit as an intrusion. The method can realize the purpose of intrusion detection by fully utilizing the existing wireless network and the router, reduce the detection cost and effectively enlarge the detection range.
Description
Technical Field
The invention relates to the field of security and protection, in particular to an intrusion detection method and device, computer equipment and a storage medium.
Background
In the monitoring of important areas, people often purchase additional hardware equipment, such as a camera or an infrared sensor, to achieve the purpose of on-site detection. These devices work well in specific environments, but have many limitations, for example, the camera must be within a linear line-of-sight range, and once a blocking object exists, the camera cannot effectively guarantee normal detection; while infrared sensors have a small detectable range, making them of limited use in intrusion detection. How to improve the detection range of intrusion detection becomes an urgent problem to be solved.
Disclosure of Invention
The embodiment of the invention provides an intrusion detection method, an intrusion detection device, computer equipment and a storage medium, which aim to solve the problem of smaller current intrusion detection range.
An intrusion detection method comprising:
acquiring at least two pieces of actual measurement channel state information within a preset acquisition time limit according to a preset acquisition frequency, and acquiring an actual measurement subcarrier matrix corresponding to each piece of actual measurement channel state information;
comparing each actually measured subcarrier matrix with each sample subcarrier matrix in a preset sample library one by one to obtain the instantaneous invasiveness of the actually measured channel state information;
storing each instantaneous intrusion according to a preset sequence to form a continuous intrusion queue, and acquiring a continuous intrusion ratio based on the continuous intrusion queue;
and if the continuous intrusion ratio exceeds a first threshold value, presetting a channel intrusion detection result in the acquisition time limit as an intrusion.
An intrusion detection device comprising:
the acquisition actual measurement information module is used for acquiring at least two pieces of actual measurement channel state information within a preset acquisition period according to a preset acquisition frequency and acquiring an actual measurement subcarrier matrix corresponding to each piece of actual measurement channel state information;
the instantaneous invasiveness acquisition module is used for comparing each actually measured subcarrier matrix with each sample subcarrier matrix in a preset sample library one by one to acquire the instantaneous invasiveness of the actually measured channel state information;
the system comprises an intrusion ratio acquisition module, a continuous intrusion ratio acquisition module and a data processing module, wherein the intrusion ratio acquisition module is used for storing each instant intrusion according to a preset sequence to form a continuous intrusion queue and acquiring the continuous intrusion ratio based on the continuous intrusion queue;
and the detection result acquisition module is used for presetting a channel intrusion detection result in the acquisition time limit as the intrusion if the continuous intrusion ratio exceeds a first threshold value.
A computer device comprising a memory, a processor and a computer program stored in said memory and executable on said processor, said processor implementing the steps of the above intrusion detection method when executing said computer program.
A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the intrusion detection method described above.
According to the intrusion detection method, the intrusion detection device, the computer equipment and the storage medium, at least two pieces of actual measurement channel state information in a preset acquisition period are acquired according to the preset acquisition frequency, and the sample subcarrier matrix in the preset sample library is compared to calculate the continuous intrusion ratio, so that the channel intrusion detection result in the preset acquisition period can be obtained. The invention can realize the detection purpose by fully utilizing the existing wireless network and router without building special hardware facilities, thereby reducing the detection cost. Meanwhile, the coverage range of CSI detection by using the wireless network is wide and is not influenced by wireless sampling environment facilities, and the detection range is effectively expanded.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive labor.
FIG. 1 is a diagram of an application environment of an intrusion detection method according to an embodiment of the present invention;
FIG. 2 is a flow chart of an intrusion detection method according to an embodiment of the invention;
FIG. 3 is another flow chart of an intrusion detection method according to an embodiment of the invention;
FIG. 4 is another flow chart of an intrusion detection method according to an embodiment of the invention;
FIG. 5 is another flow chart of an intrusion detection method according to an embodiment of the invention;
FIG. 6 is another flow chart of an intrusion detection method according to an embodiment of the invention;
FIG. 7 is a schematic diagram of an intrusion detection device in accordance with an embodiment of the invention;
FIG. 8 is a schematic diagram of a computer device according to an embodiment of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The intrusion detection method provided by the embodiment of the invention can be applied to the application environment shown in fig. 1, and the intrusion detection method is applied to an intrusion detection system, wherein the intrusion detection system comprises a client and a server, and the client communicates with the detection server through a network. The client is also called a user side, and refers to a program corresponding to the server and providing local services for the client. The client can be installed on computer equipment such as but not limited to various personal computers, notebook computers, smart phones, tablet computers and portable wearable equipment. The detection server may be implemented by an independent server or a server cluster composed of a plurality of servers.
In an embodiment, as shown in fig. 2, an intrusion detection method is provided, which is described by taking the detection server for receiving and analyzing channel state information in fig. 1 as an example, and includes the following steps:
s10, acquiring at least two pieces of actual measurement channel state information within a preset acquisition time limit according to a preset acquisition frequency, and acquiring an actual measurement subcarrier matrix corresponding to each piece of actual measurement channel state information.
The preset acquisition frequency is the number of times of acquiring the actually measured channel state information in unit time, and the preset acquisition frequency can be set to be 10 times/second, that is, the actually measured channel state information is acquired every 0.1 second.
The preset collection time limit is the collection time length for collecting the actually measured channel state information, and in this embodiment, the preset collection time limit may be set to 1 second. The preset acquisition frequency is 10 times/second, that is, 10 sets of measured channel state information are included in each preset acquisition period (1 second).
The actually measured channel state information refers to channel state information actually acquired according to a preset acquisition frequency within a preset acquisition time limit. Channel State Information (CSI) is a Channel attribute of a communication link. It describes the fading factor of the signal on each transmission path, i.e. the value of each element in the channel gain moment H, such as signal Scattering (Scattering), fading or fading, distance fading (power fading) and other information. The CSI may adapt the communication system to current channel conditions, providing guarantees for high reliability and high rate communication in a multi-antenna system. It is to be understood that the measured channel state information is data obtained by actually measuring channel state information in the wireless sampling environment.
The measured subcarrier matrix is a subcarrier matrix extracted from a carrier matrix corresponding to the measured channel state information. The subcarrier matrix is a matrix of 1 × Z in the carrier matrix, that is, a matrix of subcarrier data of the first transmitting antenna × the first receiving antenna × Z. The carrier matrix refers to a matrix of N × M × Z in the CSI, where N is the number of transmit antennas of the wireless access point, M is the number of receive antennas of the network card, and Z is the number of subcarriers. It is understood that the measured subcarrier matrix is a matrix that actually measures 1 × Z in the carrier matrix in the wireless sampling environment.
In step S10, the detection server may acquire CSI via the channel state information acquisition tool, and may obtain an actually measured subcarrier matrix corresponding to each CSI after analyzing data recorded by the CSI, which is beneficial for the detection server to further determine the object intrusion condition of the wireless sampling environment via the actually measured subcarrier matrix.
S20, comparing each actually measured subcarrier matrix with each sample subcarrier matrix in a preset sample library one by one to obtain the instantaneous invasiveness of the actually measured channel state information.
The sample subcarrier matrix is a matrix that is stored in a preset sample library by the detection server and used as a comparison standard.
The preset sample library is a database for storing a sample subcarrier matrix and a corresponding sample identifier, wherein the sample identifier is an identifier of an environmental state represented by the sample subcarrier matrix. The environmental states include: intrusion status and normal status. The intrusion state refers to the condition that an object intrudes in the wireless sampling environment, and the normal state refers to the condition that the object intrudes in the wireless sampling environment.
The instantaneous invasiveness is a detection result for judging whether the object invasion exists in the wireless sampling environment in each acquisition period, and if the object invasion exists, the instantaneous invasiveness is true; if not, the transient intrusiveness is null.
Specifically, the implementation process of obtaining the instantaneous invasiveness of the measured channel state information is as follows: acquiring the Euclidean distance between an actually measured subcarrier matrix and each sample subcarrier matrix in a preset sample library; screening out k sample subcarrier matrixes closest to the actually measured subcarrier matrixes as target subcarrier matrixes based on the Euclidean distance corresponding to each actually measured subcarrier matrix; and acquiring the number ratio of the invasion pieces in the k entry mark subcarrier matrix, and acquiring the instantaneous invasiveness of the actually measured channel state information based on the number ratio of the invasion pieces.
In step S20, the detection server may locally pre-store a standard sample subcarrier matrix for comparison. Because the wireless sampling environment has two states of intrusion and normal, the corresponding standard sample subcarrier matrix also stores the sample subcarrier matrix in the two states, which is beneficial for the detection server to compare the actually measured subcarrier matrix with each sample subcarrier matrix to obtain the closest sample. The closest sample represents the environmental state that is the result of the transient invasiveness. Thus, the instantaneous invasiveness of the measured channel state information also includes both the invasive and normal states.
And S30, storing each instantaneous intrusion according to a preset sequence to form a continuous intrusion queue, and acquiring a continuous intrusion proportion based on the continuous intrusion queue.
The continuous intrusiveness queue is a queue formed by a plurality of instant intrusions acquired in sequence within a preset acquisition time limit. In this embodiment, if the preset collection frequency is 10 times/second, each continuous intruding queue includes 10 sets of instantaneous intrusions. A continuous intrusion queue is illustrated: the invasion situation within the preset collection period of 1s is as follows (0 means that the instantaneous invasion is normal, and 1 means that the instantaneous invasion is invasion):
the continuous intrusiveness queue records one: 0,0,0,0,0,1,0,0,0,0, 0, the continuous intrusiveness queue states that an object intrusion is generated at 0.6 seconds, the result of the instantaneous intrusiveness recording is an intrusion, the result of the instantaneous intrusions recording is normal when no object intrusion is generated at the rest time.
Record two of the continuous intrusiveness queue: the continuous intrusions queue shows that no object intrusions occur at 0.1, 0.7 and 1 second, and the instantaneous intrusions in the three periods are recorded as normal.
The continuous intrusion ratio is the ratio of the recorded times of the most continuous instantaneous intrusions in the continuous intrusion queue to the total times recorded in the continuous intrusion queue. Continuing to explain by taking the above example, when the record of the continuous intrusiveness queue is record two, it can be known that the most continuous instantaneous intrusions with the number of times from 0.2 second to 0.6 second are all intrusions, and the number of records is 5; and the instantaneous invasiveness from 0.8 second to 0.9 second is the invasion, and the recording times are 2 times. So 5 times are selected as the recording times of the most continuous instantaneous intrusions in the continuous intrusions queue. The total recording time is 10 times, and the continuous intrusion ratio of the continuous intrusion queue is 50%.
In step S30, the detection server obtains the continuous intrusion ratio by comparing the recorded times of the most continuous instantaneous intrusions as intrusions with the total recorded times in the continuous intrusion queue, so that the result of the continuous intrusion ratio becomes more reasonable. The fact that the wireless sampling environment is invaded by an object can be proved by the fact that the wireless sampling environment is invaded continuously in a period which is difficult to fully explain by the instant invasion in a period, so that the object invasion detection is more reasonable.
And S40, if the continuous intrusion ratio exceeds a first threshold value, presetting a channel intrusion detection result in a collection time limit as an intrusion.
The first threshold is the minimum continuous intrusion ratio when the object intrudes in the wireless acquisition environment, which is obtained by a developer through multiple experiments based on practical experience. Because the CSI is sensitive to environmental influence and change, a slight environmental change may cause a recording result of instantaneous intrusiveness as intrusion, and therefore, it is necessary to determine whether there is an object intrusion by a continuous intrusion ratio, so that the object intrusion detection result is more reasonable.
In step S40, the developer needs to confirm that the wireless sampling environment does indeed have an object intrusion, and the object intrusion has affected normal operation, and needs to set the first threshold. And when the continuous intrusion ratio exceeds a first threshold value, confirming the channel intrusion detection result within the preset acquisition period as intrusion. The detection server filters out continuous intrusion proportion which does not meet the conditions by setting the first threshold value, so that the intrusion result obtained by detection is more reasonable and accurate.
Preferably, as shown in fig. 1, after step S30, that is, after the step of acquiring the continuous intrusion ratio, the intrusion detection method further includes:
s50, if the ratio of the continuous intrusion does not exceed the first threshold value, acquiring the recorded value as the sum of the intrusion times of the intrusion.
Wherein the continuous intrusion proportion is the percentage of the maximum continuous times to the total number of the record values of the continuous intrusion queue. The sum of the intrusion times is the total number of times that the instantaneous intrusions in the continuous intrusions queue are recorded as the intrusion states (all values are not necessarily recorded as continuous intrusions). Examples of intrusion times and:
continuous intrusiveness queue recording: [ 0,1,1,1,1,1,0,1,1,0 ], the continuous intrusiveness queue indicates that no object intrusions are generated at 0.1, 0.7 and 1 second, and the instantaneous intrusions in the remaining 7 periods (0.1 second) are all intrusions, i.e. the sum of the intrusions is 7.
In step S50, the detection server examines the object intrusion condition from the perspective of the stability of the wireless acquisition environment based on the sum of the intrusion times obtained by obtaining the recorded value as intrusion. The result that the instant intrusions are all intrusions in continuous periods necessarily indicates that the object intrusion phenomenon exists in the wireless acquisition environment. In practical circumstances, the channel state information may also be in an intermittently unstable state, that is, the recorded values do not form continuous intrusion recorded values, and therefore the recorded values in the continuous intrusion queue are unstable. At this moment, the wireless acquisition environment can be analyzed based on the sum of the intrusion times when the recorded values recorded in the continuous intrusion queue in the preset acquisition period are unstable, so that the detection result is more comprehensive.
And S60, comparing the intrusion times with the recorded value of the continuous intrusion queue to obtain the intrusion times in the continuous intrusion queue.
Specifically, the intrusion count ratio is the percentage of the number of intrusions and the total number of recorded values in the continuous intrusion queue. In this step, the intrusion frequency ratio can be totally reflected in the intrusion condition in the preset acquisition period, and a data analysis basis is provided for the detection server to perform detection analysis based on the intrusion frequency ratio.
And S70, if the intrusion frequency ratio exceeds a second threshold value, presetting a channel intrusion detection result in a collection time limit as intrusion.
The second threshold value is a ratio of minimum intrusion times of a developer for specifying abnormal states of the wireless acquisition environment based on actual experience.
In step S70, the detection server determines that when the intrusion frequency ratio exceeds the second threshold, it indicates that the wireless acquisition environment is in an unstable or abnormal state, which may cause an unsafe factor and also requires to check the site of the wireless acquisition environment. In this case, the result of such channel intrusion detection is also determined as intrusion.
In steps S50 to S70, the detection server may analyze the wireless acquisition environment when the record value recorded in the continuous intruding queue is unstable within a preset acquisition period, so that the detection result is more comprehensive; when the intrusion frequency ratio exceeds the second threshold value, the situation that the wireless acquisition environment is unstable or abnormal is indicated, unsafe factors may exist, and the site of the wireless acquisition environment also needs to be checked. In this case, the result of such channel intrusion detection is also determined as intrusion.
The intrusion detection method provided by this embodiment acquires at least two pieces of actual measurement channel state information within a preset acquisition period according to a preset acquisition frequency, and compares sample subcarrier matrixes in a preset sample library to calculate a continuous intrusion ratio, so as to obtain a channel intrusion detection result within the preset acquisition period. The invention can realize the detection purpose by fully utilizing the existing wireless network and router without building special hardware facilities, thereby reducing the detection cost. Meanwhile, the coverage range of CSI detection by using the wireless network is wide and is not influenced by wireless sampling environment facilities, and the detection range is effectively expanded.
In an embodiment, as shown in fig. 3, before step S10, that is, before the step of collecting at least two pieces of measured channel state information within a preset collection period at a preset collection frequency, the intrusion detection method further includes the following steps:
s101, collecting a preset number of pieces of sample channel state information, wherein each piece of sample channel state information comprises a positive sample identification or a negative sample identification.
The preset number is the number of the sample channel state information which can basically cover the intrusion state of the wireless sampling environment and is set according to practical experience. In order to enhance the integrity of the scene of the intrusion channel state information, the object intrusion condition of the wireless sampling environment should be sampled in multiple angles, for example, the object intrudes the wireless sampling environment at different speeds, angles or distances.
The wireless sampling environment includes a normal state and an intrusion state, and correspondingly, the state information of the sample channel should be respectively acquired. The preset number can be set to 100, that is, 100 pieces of sample channel state information in the normal state and 100 pieces of sample channel state information in the intrusion state are collected. It can be understood that the positive sample identifier is an identifier carried by the channel state information of the sample acquired in the normal state, and the negative sample identifier is an identifier carried by the channel state information of the sample acquired in the intrusion state.
In step S101, the detection server may collect a preset number of sample channel state information, so as to extract a sample subcarrier matrix for comparison with the actually measured subcarrier matrix based on the sample channel state information.
And S102, obtaining a sample subcarrier matrix corresponding to each sample channel state information.
Specifically, the sample subcarrier matrix is a subcarrier matrix extracted from a carrier matrix corresponding to the sample information state information. The subcarrier matrix is a matrix of 1 × Z in the carrier matrix, that is, a matrix of subcarrier data of a first transmitting antenna and a first receiving antenna. The carrier matrix refers to a matrix of N × M × Z in the CSI, where N is the number of transmit antennas of the wireless access point, M is the number of receive antennas of the network card, and Z is the number of subcarriers. It is understood that the sample subcarrier matrix is a matrix of 1 × Z in the carrier matrix of the sample channel state information provided in step S101.
In step S102, the sample subcarrier matrix obtained by the detection server through the sample channel state information may be used to compare the actually measured subcarrier matrix to provide comparison data.
And S103, storing each sample subcarrier matrix and the corresponding positive sample identification or negative sample identification in a preset sample library in a correlated manner.
The preset sample library is a database used for storing the sample subcarrier matrix and the corresponding sample identifier.
Step 103 may obtain a corresponding sample identifier for a subsequently measured subcarrier matrix to be close to a certain sample subcarrier matrix by correspondingly storing each sample subcarrier matrix and the sample identifier, thereby confirming the instantaneous invasiveness of the measured subcarrier matrix.
Step S101 to step S103, the detection server acquires a preset number of sample channel state information, extracts a sample subcarrier matrix for comparison with the actually measured subcarrier matrix based on the sample channel state information, and finally establishes a preset sample library for comparison with the actually measured subcarrier matrix in real time by correspondingly storing each sample subcarrier matrix and a sample identifier, thereby confirming the instantaneous invasiveness of the actually measured subcarrier matrix.
In an embodiment, as shown in fig. 4, in step S102, obtaining a sample subcarrier matrix corresponding to each sample channel state information specifically includes the following steps:
and S1021, acquiring a sample carrier matrix of each sample channel state information based on the sample channel state information.
The sample channel state information refers to channel state information which is acquired according to a preset acquisition frequency and is used as a sample within a preset acquisition time limit.
S1022, based on the sample carrier matrix, a sample subcarrier matrix with the specified dimension is obtained.
The carrier matrix refers to a matrix of N × M × Z in the CSI, where N is the number of transmit antennas of the wireless access point, M is the number of receive antennas of the network card, and Z is the number of subcarriers.
The specified dimension is the dimensions of N and M specified in the carrier matrix of N × M × Z, and in this embodiment, N and M may be set to 1, that is, the sample subcarrier matrix is the matrix of 1 × Z in the carrier matrix of the sample channel state information provided in step S1021.
In steps S1021 to S1022, the detection server obtains the sample channel state information and obtains the sample subcarrier matrix of the specified dimension in the sample channel state information, and can reduce the dimension of the multidimensional data to form a sample subcarrier matrix of a simple dimension, which is convenient for comparing the subsequent sample subcarrier data based on the simple dimension with the actually measured subcarrier matrix, and reduces the computational complexity, thereby improving the computational efficiency and making the object intrusion detection faster.
In an embodiment, as shown in fig. 5, in step S20, comparing each measured sub-carrier matrix with each sample sub-carrier matrix in a preset sample library one by one to obtain an instantaneous invasiveness of the measured channel state information, specifically includes the following steps:
and S21, acquiring the Euclidean distance between the actually measured subcarrier matrix and each sample subcarrier matrix in a preset sample library.
Here, the euclidean distance refers to a true distance between two points in an m-dimensional space, or a natural length of a vector (i.e., a distance from the point to an origin). The Euclidean equation in n-dimensional space is:
an n-dimensional euclidean space is a set of points, each point X or vector X of which may be represented as (X [1], X [2], …, X [ n ]), where X [ i ] (i ═ 1, 2, …, n) is a real number, referred to as the ith coordinate of X. Applied to this embodiment, the euclidean distance between the measured subcarrier matrix and each sample subcarrier matrix in the preset sample library may be obtained, and the euclidean distance ρ (a, B) between the measured subcarrier matrix and the sample subcarrier matrix is obtained by the following formula:
in the above formula, a is the measured subcarrier matrix, a ═ a [1], a [2], …, a [ n ], B is the sample subcarrier matrix, B ═ B [1], B [2], …, B [ n ]), ρ (a, B) is the distance between the measured subcarrier matrix and the sample subcarrier matrix in the n-dimensional space.
In step S21, the detection server may obtain the euclidean distance between the actually measured subcarrier matrix and each sample subcarrier matrix in the preset sample library, determine the sample subcarrier matrix most similar to the actually measured subcarrier matrix, and perform state division on the actually measured subcarrier matrix.
And S22, screening out k sample sub-carrier matrixes nearest to the actually measured sub-carrier matrixes as target sub-carrier matrixes based on the Euclidean distance corresponding to each actually measured sub-carrier matrix.
The Euclidean distance corresponding to each measured subcarrier matrix means that one Euclidean distance exists in the preset sample library corresponding to each sample subcarrier matrix of each measured subcarrier matrix. The target subcarrier matrix is the closest of all the sample subcarrier matrices to the measured subcarrier matrix of the k sample subcarrier matrices.
Specifically, the euclidean distances corresponding to each measured subcarrier matrix obtained in step S21 are sorted in the order from small to large, and k smallest euclidean distances are screened out. And acquiring a sample subcarrier matrix corresponding to the k Euclidean distances as a target subcarrier matrix.
In step S22, the detection server selects k (k >1) sample subcarrier matrices closest to the actually measured subcarrier matrix as target subcarrier matrices. The actual value of k is determined according to actual experience, and k can be set to be 5 when the method is applied to the proposal. In the embodiment, a closest sample subcarrier matrix is not selected as a target subcarrier matrix, but k sample subcarrier matrices are set as reference bases, so that the accuracy and the rationality of the judgment result are enhanced.
S23, acquiring the number ratio of the intrusions in the k item label subcarrier matrix, and acquiring the instantaneous intrusiveness of the actually measured channel state information based on the number ratio of the intrusions.
The number of intruding pieces is the percentage of the number of intruding pieces in k target sub-carrier matrixes, wherein the percentage of the number of intruding pieces is the sample identification carried in the k target sub-carrier matrixes. In this embodiment, the ratio of the number of intrusions in the k entry label subcarrier matrix is compared with a preset normal subcarrier ratio threshold, and if the ratio of the number of intrusions is greater than the preset normal subcarrier ratio threshold, the instantaneous intrusiveness of the actually measured channel state information is normal; otherwise, if the ratio of the number of the intrusions is not greater than the preset normal subcarrier ratio threshold, the instantaneous intrusiveness of the actually measured channel state information is the intrusion. For example, the number ratio of the intrusions is illustrated, if 4 of the 5 sample subcarrier matrixes closest to the actually measured subcarrier matrix in the preset sample library carry normal sample identifiers and 1 sample identifier of the intrusions, and the ratio of 80% of the sample subcarrier matrix carrying the normal identifiers is greater than 60% of the preset normal subcarrier ratio threshold (60% is also a reference percentage set according to actual experience), it can be determined that the instantaneous intrusiveness in the acquisition period is normal, or the object intrusion phenomenon does not exist in the current wireless acquisition environment.
In steps S21 to S23, the detection server obtains instantaneous intrusiveness by calculating the ratio of the number of intrusions in the k pieces of sample subcarrier data closest to the actually measured subcarrier matrix and by comprehensively examining the states of the plurality of sample subcarrier matrices and the actually measured subcarrier matrix for comparison, thereby increasing the reliability and rationality of the comparison result.
In one embodiment, each transient intrusion in the continuous intrusion queue includes a corresponding record value, the record value including an intrusion and a normal. As shown in fig. 6, in step S30, that is, based on the continuous intrusion queue, the method obtains the continuous intrusion ratio, and specifically includes the following steps:
and S31, acquiring the maximum continuous times of the record value as the intrusion.
The recording value is the recording result of the instantaneous invasiveness, the instantaneous invasiveness comprises an invasion state and a normal state, wherein the invasion state can be recorded by 1, and the normal state can be recorded by 0. The maximum number of consecutive times that a value is recorded as an intrusion is the maximum number of times that values are continuously recorded as an intrusion state (i.e., all 1's). The maximum number of consecutive times is illustrated as follows:
continuous intrusiveness queue recording: [ 0,1,1,1,1,1,0,1,1,0 ] the continuous intrusiveness queue indicates that no object intrusion is generated at 0.1, 0.7 and 1 second, and the instantaneous intrusiveness records in the above three periods are normal. The instantaneous intrusions with the maximum continuous instantaneous intrusions number of times from 0.2 second to 0.6 second are all intrusions and are recorded for 5 times, and the instantaneous intrusions with the maximum continuous instantaneous intrusions number of times from 0.8 second to 0.9 second are all intrusions and are recorded for 2 times, so 5 times are selected as the maximum continuous times.
And S32, comparing the maximum continuous times with the total number of the recorded values of the continuous invasive queue to obtain the continuous invasive ratio in the continuous invasive queue.
Wherein, the total number of the record values of the continuous invasive queue is the record times in the preset collection period. In this embodiment, the total number of record values of the continuous intrusion queue is 10. The continuous intrusion ratio is a percentage of the maximum number of continuous times of the total number of recorded values of the continuous intrusion queue.
In the steps S31-S32, the detection server obtains the continuous intrusion ratio by comparing the maximum continuous times of the intrusion of the maximum continuous instant intrusions with the total number of the recorded values of the continuous intrusion queue, so that the result of the continuous intrusion ratio is more reasonable. The instant invasion in one period is difficult to fully explain that the wireless sampling environment has invasion, and the invasion condition exists in continuous periods, so that the wireless sampling environment can be proved to have object invasion.
The intrusion detection method provided by this embodiment acquires at least two pieces of actually measured channel state information within a preset acquisition period according to a preset acquisition frequency, and compares sample subcarriers in a preset sample library with continuous intrusion ratio to obtain a channel intrusion detection result within the preset acquisition period. The intrusion detection method does not need to build special hardware facilities, can realize the detection purpose by fully utilizing the existing wireless network and the router, and reduces the detection cost. Meanwhile, the coverage range of CSI detection by using a wireless network is wide and is not influenced by wireless sampling environment facilities, and the detection range is effectively expanded.
Furthermore, the detection server acquires the sample channel state information of a preset number, extracts a sample subcarrier matrix for comparison with the actually measured subcarrier matrix based on the sample channel state information, and finally establishes a preset sample library convenient for real-time comparison of the actually measured subcarrier matrix by correspondingly storing each sample subcarrier matrix and a sample identifier, thereby confirming the instantaneous invasiveness of the actually measured subcarrier matrix. The detection server can reduce the dimension of the multi-dimensional data to form a sample subcarrier matrix with a simple dimension by acquiring the sample channel state information and acquiring the sample subcarrier matrix with a specified dimension in the sample channel state information, so that the subsequent comparison of the sample subcarrier data based on the simple dimension with the actually-measured subcarrier matrix is facilitated, the calculation complexity is reduced, and the calculation efficiency is improved. The detection server calculates the intrusion number ratio in k pieces of sample subcarrier data closest to the actually measured subcarrier matrix, and obtains instantaneous intrusiveness by comprehensively inspecting the states of a plurality of sample subcarrier matrices and the actually measured subcarrier matrix for comparison, so that the reliability and the rationality of the comparison result are improved. The detection server obtains the continuous invasion ratio by comparing the maximum continuous times of the most continuous instantaneous invasion and the total number of the recorded values of the continuous invasion queue, so that the result of the continuous invasion ratio is more reasonable. The fact that the wireless sampling environment is invaded by an object can be proved by the fact that the invasion exists in the wireless sampling environment which is difficult to fully explain by the instant invasion in one period and the invasion exists in continuous periods. The detection server can analyze the wireless acquisition environment when the record value recorded in the continuous invasive queue is unstable in the preset acquisition period, so that the detection result is more comprehensive. When the intrusion frequency ratio exceeds the second threshold value, the situation that the wireless acquisition environment is unstable or abnormal is indicated, unsafe factors may exist, the site of the wireless acquisition environment also needs to be checked, and the result of the channel intrusion detection also needs to be judged as intrusion so as to ensure the comprehensiveness of the intrusion detection.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
In one embodiment, an intrusion detection apparatus is provided, where the intrusion detection apparatus corresponds to the intrusion detection method in the above embodiment one to one. As shown in fig. 7, the intrusion detection apparatus includes a module 10 for collecting measured information, a module 20 for obtaining instantaneous intrusiveness, a module 30 for obtaining intrusion ratio, and a module 40 for obtaining detection results. The functional modules are explained in detail as follows:
and the actual measurement information collecting module 10 is configured to collect at least two pieces of actual measurement channel state information within a preset collection time limit according to a preset collection frequency, and obtain an actual measurement subcarrier matrix corresponding to each piece of actual measurement channel state information.
And an instantaneous invasiveness obtaining module 20, configured to compare each measured subcarrier matrix with each sample subcarrier matrix in a preset sample library one by one, and obtain an instantaneous invasiveness of the measured channel state information.
And an intrusion proportion obtaining module 30, configured to save each instantaneous intrusion according to a preset sequence to form a continuous intrusion queue, and obtain a continuous intrusion proportion based on the continuous intrusion queue.
And a detection result obtaining module 40, configured to preset a channel intrusion detection result within the acquisition time limit as an intrusion if the continuous intrusion percentage exceeds a first threshold.
Preferably, the intrusion detection device further comprises a sample information collecting module 101, a subcarrier matrix obtaining module 102 and an association preservation matrix module 103.
A sample information collecting module 101, configured to collect a preset number of pieces of sample channel state information, where each piece of sample channel state information includes a positive sample identifier or a negative sample identifier.
The obtaining subcarrier matrix module 102 is configured to obtain a sample subcarrier matrix corresponding to each sample channel state information.
And the association storage matrix module 103 is configured to associate and store each sample subcarrier matrix and the corresponding positive sample identifier or negative sample identifier into a preset sample library.
Preferably, the acquiring subcarrier matrix module 102 includes an acquiring carrier matrix unit 1021 and an acquiring subcarrier matrix unit 1022.
An obtaining carrier matrix unit 1021, configured to obtain a sample carrier matrix of each sample channel state information based on the sample channel state information.
An obtaining subcarrier matrix unit 1022, configured to obtain a sample subcarrier matrix of a specified dimension based on the sample carrier matrix.
Preferably, the module for obtaining transient invasiveness 20 includes a module for obtaining euclidean distance 21, a module for screening the target matrix 22, and a module for obtaining transient invasiveness 23.
The euclidean distance obtaining module 21 is configured to obtain an euclidean distance between the actually measured subcarrier matrix and each sample subcarrier matrix in the preset sample library.
And a target matrix screening module 22, configured to screen out, based on the euclidean distance corresponding to each measured subcarrier matrix, k sample subcarrier matrices closest to the measured subcarrier matrix as target subcarrier matrices.
And an instant invasiveness obtaining module 23, configured to obtain an intruding number ratio in the k entry label subcarrier matrix, and obtain instant invasiveness of the actually measured channel state information based on the intruding number ratio.
Preferably, the module for obtaining intrusion ratio 30 includes a module for obtaining consecutive times 31 and a module for obtaining consecutive intrusions 32.
And an obtaining continuous times module 31, configured to obtain the maximum continuous times of the intrusion of the recorded value.
And the continuous intrusion obtaining module 32 is configured to compare the maximum number of continuous times with the total number of recorded values of the continuous intrusion queue, and obtain a continuous intrusion ratio in the continuous intrusion queue.
Preferably, the intrusion detection device further comprises an intrusion frequency acquiring module 50, an intrusion proportion acquiring module 60 and a detection result acquiring module 70.
And an intrusion frequency acquiring module 50, configured to acquire the sum of intrusion frequency of the intrusion if the ratio of consecutive intrusions does not exceed the first threshold.
And an intrusion ratio obtaining module 60, configured to compare the intrusion frequency with the total number of recorded values of the continuous intrusion queue, and obtain the intrusion frequency ratio in the continuous intrusion queue.
And a detection result obtaining module 70, configured to preset a channel intrusion detection result within the acquisition time limit as an intrusion if the intrusion frequency ratio exceeds a second threshold.
For the specific limitations of the intrusion detection device, reference may be made to the above limitations of the intrusion detection method, which are not described herein again. The modules in the intrusion detection device can be wholly or partially implemented by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent of a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, the internal structure of which may be as shown in fig. 8. The computer equipment comprises a processor, an internal memory, a network interface, a display screen and an input device which are connected through a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external server through a network connection. The computer program is executed by a processor to implement an intrusion detection method.
In one embodiment, a computer device is provided, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
and acquiring at least two pieces of actual measurement channel state information within a preset acquisition period according to a preset acquisition frequency, and acquiring an actual measurement subcarrier matrix corresponding to each piece of actual measurement channel state information.
And comparing each actually measured subcarrier matrix with each sample subcarrier matrix in a preset sample library one by one to obtain the instantaneous invasiveness of the actually measured channel state information.
And storing each instantaneous intrusion according to a preset sequence to form a continuous intrusion queue, and acquiring a continuous intrusion ratio based on the continuous intrusion queue.
And if the continuous intrusion ratio exceeds a first threshold value, presetting a channel intrusion detection result in the acquisition time limit as intrusion.
In an embodiment, before the step of acquiring at least two pieces of measured channel state information within a preset acquisition period according to a preset acquisition frequency, the processor executes the computer program to further implement the following steps:
and acquiring a preset number of pieces of sample channel state information, wherein each piece of sample channel state information comprises a positive sample identifier or a negative sample identifier.
And acquiring a sample subcarrier matrix corresponding to the channel state information of each sample.
And storing each sample subcarrier matrix and the corresponding positive sample identification or negative sample identification in a preset sample library in a correlated manner.
In one embodiment, the processor, when executing the computer program, performs the steps of:
based on the sample channel state information, a sample carrier matrix of each sample channel state information is obtained.
And acquiring a sample subcarrier matrix with specified dimensions based on the sample carrier matrix.
In one embodiment, the processor when executing the computer program implements the steps of:
and acquiring the Euclidean distance between the actually measured subcarrier matrix and each sample subcarrier matrix in a preset sample library.
And screening out k sample subcarrier matrixes closest to the actually measured subcarrier matrixes as target subcarrier matrixes based on the Euclidean distance corresponding to each actually measured subcarrier matrix.
And acquiring the number ratio of the intrusions in the k entry mark subcarrier matrix, and acquiring the instantaneous intrusiveness of the actually measured channel state information based on the number ratio of the intrusions.
In one embodiment, the processor, when executing the computer program, performs the steps of:
the record value is obtained as the maximum continuous times of intrusion.
And comparing the maximum continuous times with the total number of the recorded values of the continuous invasive queue to obtain the continuous invasive ratio in the continuous invasive queue.
In one embodiment, after the step of obtaining the successive intrusion proportion, the processor when executing the computer program further performs the steps of:
and if the ratio of the continuous intrusion does not exceed the first threshold value, acquiring the recorded value as the sum of the intrusion times of the intrusion.
And comparing the recorded value with the total number of the recorded values of the continuous invasive queue to obtain the intrusion frequency ratio in the continuous invasive queue.
And if the intrusion frequency ratio exceeds a second threshold value, presetting a channel intrusion detection result in the acquisition time limit as intrusion.
In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of:
and acquiring at least two pieces of actual measurement channel state information within a preset acquisition time limit according to a preset acquisition frequency, and acquiring an actual measurement subcarrier matrix corresponding to each piece of actual measurement channel state information.
And comparing each actually measured subcarrier matrix with each sample subcarrier matrix in a preset sample library one by one to obtain the instantaneous invasiveness of the actually measured channel state information.
And storing each instantaneous intrusion according to a preset sequence to form a continuous intrusion queue, and acquiring a continuous intrusion ratio based on the continuous intrusion queue.
And if the continuous intrusion ratio exceeds a first threshold value, presetting a channel intrusion detection result in the acquisition time limit as an intrusion.
In an embodiment, before the step of acquiring the at least two measured channel state information within the preset acquisition period at the preset acquisition frequency, the computer program further implements the following steps when executed by the processor:
and acquiring a preset number of pieces of sample channel state information, wherein each piece of sample channel state information comprises a positive sample identifier or a negative sample identifier.
And acquiring a sample subcarrier matrix corresponding to the channel state information of each sample.
And storing each sample subcarrier matrix and the corresponding positive sample identification or negative sample identification in a preset sample library in an associated manner.
In an embodiment, the computer program realizes the following steps when being executed by a processor
And acquiring a sample carrier matrix of each sample channel state information based on the sample channel state information.
And acquiring a sample subcarrier matrix of the specified dimension based on the sample carrier matrix.
In an embodiment, the computer program realizes the following steps when being executed by a processor
And acquiring the Euclidean distance between the actually measured subcarrier matrix and each sample subcarrier matrix in a preset sample library.
And screening out k sample subcarrier matrixes closest to the actually measured subcarrier matrixes as target subcarrier matrixes based on the Euclidean distance corresponding to each actually measured subcarrier matrix.
And acquiring the number ratio of the invasion pieces in the k entry mark subcarrier matrix, and acquiring the instantaneous invasiveness of the actually measured channel state information based on the number ratio of the invasion pieces.
In an embodiment, the computer program realizes the following steps when being executed by a processor
The record value is obtained as the maximum continuous times of intrusion.
And comparing the maximum continuous times with the total number of the recorded values of the continuous invasive queue to obtain the continuous invasive ratio in the continuous invasive queue.
In one embodiment, after the step of obtaining the successive intrusion proportion, the computer program when executed by the processor further performs the steps of:
and if the ratio of the continuous intrusion does not exceed the first threshold value, acquiring the recorded value as the sum of the intrusion times of the intrusion.
And comparing the recorded value with the total number of the recorded values of the continuous invasive queue to obtain the intrusion frequency ratio in the continuous invasive queue.
And if the intrusion frequency ratio exceeds a second threshold value, presetting a channel intrusion detection result in the acquisition time limit as intrusion.
In an embodiment, prior to the step of obtaining the login authentication request, the computer program when executed by the processor further performs the steps of:
it will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It should be clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional units and modules is only used for illustration, and in practical applications, the above function distribution may be performed by different functional units and modules as needed, that is, the internal structure of the apparatus may be divided into different functional units or modules to perform all or part of the above described functions.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein.
Claims (9)
1. An intrusion detection method, comprising:
acquiring at least two pieces of actual measurement channel state information within a preset acquisition period according to a preset acquisition frequency, and acquiring an actual measurement subcarrier matrix corresponding to each piece of actual measurement channel state information;
comparing the actually measured subcarrier matrix corresponding to each actually measured channel state information with each sample subcarrier matrix in a preset sample library one by one to obtain the instantaneous invasiveness of each actually measured channel state information;
storing each instant invasion according to a preset sequence to form a continuous invasion queue, and acquiring a continuous invasion ratio based on the continuous invasion queue;
if the continuous intrusion ratio exceeds a first threshold value, the channel intrusion detection result in the preset acquisition period is intrusion;
wherein, comparing each measured sub-carrier matrix with each sample sub-carrier matrix in a preset sample library one by one to obtain the instantaneous invasiveness of the measured channel state information, comprises:
acquiring the Euclidean distance between the actually measured subcarrier matrix and each sample subcarrier matrix in the preset sample library;
screening out k sample subcarrier matrixes nearest to the actually measured subcarrier matrix as a target subcarrier matrix based on the Euclidean distance of each subcarrier matrix;
and acquiring the number ratio of invasion pieces in the k target subcarrier matrixes, and acquiring the instantaneous invasiveness of the actually measured channel state information based on the number ratio of the invasion pieces.
2. The intrusion detection method according to claim 1, wherein before the step of collecting the at least two measured channel state information within a preset collection period at a preset collection frequency, the intrusion detection method further comprises:
acquiring preset number of sample channel state information, wherein each sample channel state information comprises a positive sample identifier or a negative sample identifier;
acquiring a sample subcarrier matrix corresponding to each piece of sample channel state information;
and storing each sample subcarrier matrix and the corresponding positive sample identification or negative sample identification in a preset sample library in a correlated manner.
3. The method of claim 2, wherein the obtaining the sample subcarrier matrix corresponding to each of the sample csi comprises:
acquiring a sample carrier matrix of each sample channel state information based on the sample channel state information;
and acquiring a sample subcarrier matrix with a specified dimension based on the sample carrier matrix.
4. The intrusion detection method of claim 1, wherein each transient intrusion in the continuous intrusion queue includes a corresponding recorded value, the recorded value including an intrusion;
based on the continuous intrusion queue, acquiring a continuous intrusion ratio, comprising:
acquiring the maximum continuous times of intrusion of the recorded value;
and comparing the maximum continuous times with the total number of the recorded values of the continuous invasive queue to obtain the continuous invasive ratio in the continuous invasive queue.
5. The intrusion detection method according to claim 1, wherein after the step of obtaining successive intrusion ratios, the intrusion detection method further comprises:
if the continuous intrusion ratio does not exceed a first threshold value, acquiring a recorded value as the sum of the intrusion times of the intrusion;
comparing the intrusion times with the total number of the recorded values of the continuous intrusion queue to obtain the intrusion times in the continuous intrusion queue;
and if the intrusion frequency ratio exceeds a second threshold value, the channel intrusion detection result in the preset acquisition period is intrusion.
6. An intrusion detection device, comprising:
the acquisition actual measurement information module is used for acquiring at least two pieces of actual measurement channel state information within a preset acquisition time limit according to a preset acquisition frequency and acquiring an actual measurement subcarrier matrix corresponding to each piece of actual measurement channel state information;
an instantaneous invasiveness obtaining module, configured to compare each actually measured subcarrier matrix with each sample subcarrier matrix in a preset sample library one by one, and obtain an instantaneous invasiveness of the actually measured channel state information; the instantaneous invasiveness obtaining module is further configured to obtain a euclidean distance between the actually measured subcarrier matrix and each sample subcarrier matrix in the preset sample library;
the instantaneous invasive acquisition module is also used for screening out k sample subcarrier matrixes nearest to the actually measured subcarrier matrix as target subcarrier matrixes based on the Euclidean distance of each subcarrier matrix;
the module for acquiring instantaneous invasiveness is further configured to acquire an intruding number ratio of k pieces of the target subcarrier matrix, and acquire instantaneous invasiveness of the actually measured channel state information based on the intruding number ratio;
the intrusion ratio acquisition module is used for storing each instant intrusion according to a preset sequence to form a continuous intrusion queue and acquiring a continuous intrusion ratio based on the continuous intrusion queue;
and the detection result acquisition module is used for acquiring the channel intrusion detection result in the preset acquisition period as the intrusion if the continuous intrusion ratio exceeds a first threshold.
7. The intrusion detection device of claim 6, further comprising:
the device comprises a sample information acquisition module, a sample information acquisition module and a sample information processing module, wherein the sample information acquisition module is used for acquiring preset number of sample channel state information, and each sample channel state information comprises a positive sample identifier or a negative sample identifier;
a sub-carrier matrix obtaining module, configured to obtain a sample sub-carrier matrix corresponding to each piece of sample channel state information;
and the association storage matrix module is used for associating and storing each sample subcarrier matrix and the corresponding positive sample identification or negative sample identification to a preset sample library.
8. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the intrusion detection method according to any one of claims 1 to 5 when executing the computer program.
9. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the intrusion detection method according to one of the claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810958531.XA CN109064694B (en) | 2018-08-22 | 2018-08-22 | Intrusion detection method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810958531.XA CN109064694B (en) | 2018-08-22 | 2018-08-22 | Intrusion detection method and device, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109064694A CN109064694A (en) | 2018-12-21 |
| CN109064694B true CN109064694B (en) | 2022-07-19 |
Family
ID=64687908
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810958531.XA Active CN109064694B (en) | 2018-08-22 | 2018-08-22 | Intrusion detection method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109064694B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113556192B (en) * | 2020-04-26 | 2022-10-28 | 阿里巴巴集团控股有限公司 | Detection method, device, equipment, system, wireless equipment and base station equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104603853A (en) * | 2012-05-04 | 2015-05-06 | 李尔登公司 | System and methods for coping with doppler effects in distributed-input distributed-output wireless systems |
| CN105303743A (en) * | 2015-09-15 | 2016-02-03 | 北京腾客科技有限公司 | WiFi-based indoor intrusion detection method and device |
| US9883511B1 (en) * | 2012-12-05 | 2018-01-30 | Origin Wireless, Inc. | Waveform design for time-reversal systems |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7885354B2 (en) * | 2004-04-02 | 2011-02-08 | Rearden, Llc | System and method for enhancing near vertical incidence skywave (“NVIS”) communication using space-time coding |
| US10460596B2 (en) * | 2014-10-31 | 2019-10-29 | Siemens Schweiz Ag | Method, digital tool, device and system for detecting movements of objects and/or living beings in a radio range, in particular of an indoor area |
| CN104766427B (en) * | 2015-04-27 | 2017-04-05 | 太原理工大学 | A kind of house illegal invasion detection method based on Wi Fi |
| CN107180223A (en) * | 2017-04-10 | 2017-09-19 | 南京苗米科技有限公司 | Action identification method and system based on WIFI wireless signals |
| CN111246440B (en) * | 2017-06-13 | 2024-02-09 | 天地融科技股份有限公司 | Method and system for safety communication of Bluetooth equipment |
| CN107480699A (en) * | 2017-07-13 | 2017-12-15 | 电子科技大学 | A kind of intrusion detection method based on channel condition information and SVMs |
-
2018
- 2018-08-22 CN CN201810958531.XA patent/CN109064694B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104603853A (en) * | 2012-05-04 | 2015-05-06 | 李尔登公司 | System and methods for coping with doppler effects in distributed-input distributed-output wireless systems |
| US9883511B1 (en) * | 2012-12-05 | 2018-01-30 | Origin Wireless, Inc. | Waveform design for time-reversal systems |
| CN105303743A (en) * | 2015-09-15 | 2016-02-03 | 北京腾客科技有限公司 | WiFi-based indoor intrusion detection method and device |
Non-Patent Citations (1)
| Title |
|---|
| 用于光线围栏入侵告警的频谱分析快速模式识别;王照勇 等;《中国激光》;20150430;第42卷(第4期);第0405010-1至0405010-5页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109064694A (en) | 2018-12-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109347834B (en) | Method, device and equipment for detecting abnormal data in Internet of things edge computing environment | |
| CN111208748B (en) | Linkage control method and system based on Internet of things and computer equipment | |
| US20160019388A1 (en) | Event correlation based on confidence factor | |
| US10121330B2 (en) | ATM skimmer detection based upon incidental RF emissions | |
| CN111092852A (en) | Network security monitoring method, device, equipment and storage medium based on big data | |
| CN111222423A (en) | Target identification method and device based on operation area and computer equipment | |
| CN108449237B (en) | Network performance monitoring method and device, computer equipment and storage medium | |
| US11575688B2 (en) | Method of malware characterization and prediction | |
| CN108234426B (en) | APT attack warning method and APT attack warning device | |
| CN106294219A (en) | A kind of equipment identification, data processing method, Apparatus and system | |
| CN112714040B (en) | Holographic message detection method, device, equipment and storage medium | |
| CN104298586A (en) | Web system exception analytical method and device based on system log | |
| CN109064694B (en) | Intrusion detection method and device, computer equipment and storage medium | |
| CN110659188B (en) | Page portrait data processing method and device, computer equipment and storage medium | |
| CN110505438B (en) | Queuing data acquisition method and camera | |
| CN112165498B (en) | Intelligent decision-making method and device for penetration test | |
| CN110618977B (en) | Login anomaly detection method, device, storage medium and computer equipment | |
| CN117319001A (en) | Network security assessment method, device, storage medium and computer equipment | |
| CN111049685A (en) | Network security sensing system, network security sensing method and device of power system | |
| CN110838940A (en) | Underground cable inspection task configuration method and device | |
| CN115589339A (en) | Network attack type identification method, device, equipment and storage medium | |
| CN115426161A (en) | Abnormal device identification method, apparatus, device, medium, and program product | |
| CN114745407A (en) | Security situation sensing method, device, equipment and medium for power internet of things | |
| CN113286260B (en) | Crowd distribution determination method, system, computer device and storage medium | |
| CN114760140A (en) | APT attack tracing graph analysis method and device based on cluster analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |