CN109067778A - A kind of industry control scanner fingerprint identification method based on sweet network data - Google Patents
A kind of industry control scanner fingerprint identification method based on sweet network data Download PDFInfo
- Publication number
- CN109067778A CN109067778A CN201811083267.6A CN201811083267A CN109067778A CN 109067778 A CN109067778 A CN 109067778A CN 201811083267 A CN201811083267 A CN 201811083267A CN 109067778 A CN109067778 A CN 109067778A
- Authority
- CN
- China
- Prior art keywords
- data
- scanning
- scanner
- industry control
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 235000009508 confectionery Nutrition 0.000 title claims abstract description 9
- 238000003066 decision tree Methods 0.000 claims abstract description 16
- 235000012907 honey Nutrition 0.000 claims abstract description 15
- 239000000284 extract Substances 0.000 claims abstract description 5
- 238000012549 training Methods 0.000 claims description 12
- 238000004458 analytical method Methods 0.000 claims description 6
- 238000013138 pruning Methods 0.000 claims description 6
- 238000013459 approach Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 claims description 4
- 241001269238 Data Species 0.000 claims description 3
- 238000001514 detection method Methods 0.000 claims description 2
- 230000015572 biosynthetic process Effects 0.000 abstract description 2
- 230000000977 initiatory effect Effects 0.000 abstract description 2
- 238000012360 testing method Methods 0.000 description 9
- 230000008859 change Effects 0.000 description 4
- 238000013480 data collection Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 238000002474 experimental method Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000004927 fusion Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 208000027534 Emotional disease Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013145 classification model Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000007499 fusion processing Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000003208 petroleum Substances 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/004—Artificial life, i.e. computing arrangements simulating life
- G06N3/006—Artificial life, i.e. computing arrangements simulating life based on simulated virtual individual or collective life forms, e.g. social simulations or particle swarm optimisation [PSO]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Molecular Biology (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Evolutionary Computation (AREA)
- Biophysics (AREA)
- Biomedical Technology (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Health & Medical Sciences (AREA)
- Image Analysis (AREA)
Abstract
The present invention proposes a kind of industry control scanner fingerprint identification method based on sweet network data, it include: to analyze the scan data and existing industry control scanner that are captured in industrial control network by honey jar network system, sorter model of classifying the scan data of acquisition finger print information and building based on CART decision tree more.More classification sorter models can effectively identify the specific scanning tools for initiating scanning flow, and export the judgement probability of all kinds of scanner labels.Later, mostly the output result of classification sorter model is by the input data as clustering algorithm, and clustering algorithm can be found that deeper incidence relation between different scanning entity, and formation clusters.Meanwhile clustering algorithm can also effectively extract the different scanning features to cluster, form new scanner label, and update into more categorised decision trees before, improve the present invention for the judgement of new scanners data.
Description
Technical field
The invention belongs to technical field of network security, are related to a kind of industry control scanner fingerprint recognition side based on sweet network data
Method.
Background technique
Huge variation has occurred in recent years, cyberspace security fields, and industrial control system becomes new network
One of space safety main battle ground.After two change fusion, the information security of IT system has also been incorporated in industrial control system safety.When
Before, the situation is tense and complicated for the network security that China's key message infrastructure faces.Network peace " is listened to " attentively according to Northeastern University
The data of full team shows that the whole world has the industrial control systems largely exposed on the internet, wherein accounting for and more including
Power industry, petroleum and petrochemical industry and advanced manufacturing industry, these are all closely related with national economy, are related to national security.
Scanner recognition has gradually penetrated into industrial control system network peace as a kind of important means of network security
Quan Zhong, as the Center Technology of industry control safety, the research and upgrading of scanner are very crucial, for the network of industrial control system
Safety has very important importance.
Research of traditional IT field in relation to scanner recognition is less, applied to the even more fewer and fewer of industry control security fields.
Existing some technologies mostly identify scanner using honey jar network access traffic or temporal characteristics, can not effectively know
Not novel scanning activity.Meanwhile honey jar network system can monitor hacker can also mistake to the scanner activity of industrial control equipment
Filter other unrelated flows, more targetedly, and the low easy deployment of honey jar network cost, it is only necessary to the server of low configuration or
Deployment can be completed in specialized hardware, has the advantages that multiple.Thus, the invention proposes a kind of novel works based on sweet network data
Control scanner fingerprint identification method.The method of proposition can adapt to newfound scanner and industry control agreement, and independent of tool
The network environment of body, real-time update data and in terms of all promoted.
Summary of the invention
It is an object of the invention to: scan data is captured based on honeynet system, and utilizes more categorised decisions based on CART
The mode that tree and cluster combine, provides a kind of industry control scanner fingerprint identification method based on sweet network data.
Implementation of the present invention is as follows:
The scan data and existing industry control scanner that are captured in industrial control network by honey jar network system are carried out
Analysis is obtained finger print information and is classified sorter model more based on CART decision tree building scan data.More classification classifier moulds
Type can effectively identify the specific scanning tools for initiating scanning flow, and export the judgement probability for meeting all kinds of scanner labels.
Later, mostly for the output result of classification sorter model by the input data as clustering algorithm, clustering algorithm can be found that difference
Deeper incidence relation between scanning entity, formation cluster.Meanwhile clustering algorithm can also effectively extract it is different cluster sweep
Feature is retouched, forms new scanner label, and update into more categorised decision trees before, the present invention is improved and is swept for novel
Retouch the judgement of device data.
The present invention the specific technical proposal is:
A kind of industry control scanner fingerprint identification method based on sweet network data, includes the following steps:
A. obtain original training data, wherein the acquisition of original training data includes two kinds of approach: one is based on deployment
Honey jar network acquisition scanner in industrial control system is to the detection behavior of industrial control equipment and carries out depth with it and interacts, and obtains
Obtain scan data;Another kind is the industry control scanner information record provided in conjunction with associated safety service facility, and analysis is scanned
Data.
B. scan data fingerprint content is extracted, scanning feature data set is established.
C. it is based on scanning feature data set, using continuous and discontinuous attribute value capable of being effectively treated and with high accuracy
CART decision Tree algorithms building sorter models of classifying more;During model training, current optimal dividing category is constantly selected
Property is divided, until all training datas are all fitted completely;Due to requiring to be fitted all training datas during model training,
Therefore it is easy to appear over-fittings.Therefore, beta pruning is carried out to trained decision tree using cost complexity pruning algorithms,
The smallest subtree of Select Error forms label as the optimum decision tree after beta pruning;Meanwhile it is existing in order to be fully retained
Disaggregated model simultaneously is convenient for updating, and constructs classifiers of classifying, and the maximum classification conduct of select probability using " one-to-one " method more
Classification results, classification results are exported in the form of probability.
D. more classification sorter models that above step is mentioned can accurately identify the finger print information of industry control scanner, however
It can not effectively identify emerging scanning tools and find the profound incidence relation between different scanning IP address.Therefore,
It uses Clustering Model using the classification results that step c is exported as input, clustering is carried out to scanning entity, to find different scanning
Incidence relation between tool and scanning entity IP;The incidence relation includes determining to constitute a kind of sweep with specific scanning tools
Entity is retouched, determine the scanning entity to constitute a class by itself and extracts tissue belonging to it;It was found that the association between different scanning IP address
Relationship effectively blocks potential network attack to be of great significance for finding network attack tissue.
E. will be generated after clustering algorithm it is multiple cluster, if there is the appearance that clusters containing new label, the new label to cluster
It will be input into step c, and utilize the more classification sorter models new and old based on CART decision Tree algorithms again, accomplish in real time
It updates, constantly expands;If not occurring clustering containing new label, classification results will be as final result output.
Further, scan data fingerprint content described in above-mentioned steps b includes: IP address information, port information, data
Packet length, communications protocol and specific communication data.
Present invention has an advantage that
It combines based on two methods of CART decision tree and cluster, utilizes the multi-categorizer constructed based on CART decision tree point
Input results of the output result of class model as clustering algorithm, can more precisely identify attacker's identity, judge its class
Type and profound incidence relation to each other.Meanwhile making the honey jar network of industrial control system itself using the result being finally identified to
Reply is more accurate, with more fascination.
The beneficial effects of the present invention are:
1) novel industry control scanner fingerprint identification method is proposed, can effectively identify attack tool, to progress
More accurately attacker's portrait is significant.
2) by accurately identifying its fingerprint, the ability that honey jar network formulates more targeted strategy is improved, can be induced
Attacker carries out more deep interaction, to extract its more attack information.
3) has the function of self refresh, when there is new attack activity, this method can extract its scanning feature in advance, add
It tags, and its potential attack tissue is found by clustering algorithm, this defends the active safety of industry control network heavy to closing
It wants.
4) can by analyze various scanners analysis result combination different scanning entity who-is INFORMATION DISCOVERY not
With the homology of scanner.
Detailed description of the invention
Fig. 1 is state transition graph of the invention.
Fig. 2 is flow chart of the invention.
Specific embodiment
Below in conjunction with drawings and specific embodiments, the present invention is described in further detail, but not as to the present invention
The restriction of technical solution.
In recent years, huge variation had occurred in cyberspace security fields, with going deep into for two change fusion processes, industry control
System processed is inseparable with internet.After two change fusion, the information security of IT system has also been incorporated industrial control system safety
In.Currently, industry control scanner fingerprint recognition system can be analyzed and be classified to flow, have for the invasion of network attack person
Vital effect, industry control scanner fingerprint recognition system can accomplish to classify for flow known to system,
Unknown flow can be marked, be judged further according to domain name, be stopped or let pass, current scanner is big
Majority cannot carry out real-time flow group and update, and can not carry out effectively accurately processing for many novel flow rates.
Fig. 1 illustrates the state of industry control scanner fingerprint recognition system of the invention during carrying out traffic classification and turns
Change figure.
Fig. 2 illustrates specific flow chart of the invention, describes analysis when running whole system for flow
With the detailed process of classification.
As shown in Fig. 2, the present invention will be combined based on the more categorised decision trees of CART with clustering algorithm, to industrial control network
In the scan data that is captured by honey jar network system and existing industry control scanner analyzed, obtain its finger print information.It is first
First, classify sorter model using based on CART decision tree building scan data more, model is trained up, classification results
It is provided in the form of distribution probability.Secondly, being input to classification results as input data in clustering algorithm, exported after being clustered
Multiple clustering containing different labels, the incidence relation that can be further discovered that between scanning entity.Finally, if there is not being identified
Newly cluster, then its label is added in more classification classifiers and real-time update is carried out to model.
The present invention is tested experiment in the specific implementation process, to accuracy and adaptability, is specifically divided into classification mould
Type test, Clustering Model test and holistic approach test three parts.Experimental data set of the invention include scanner data collection and
Two class of honeypot data collection.Scanner data collection is by known i.e. by the offer of professional industry control network security study mechanism and open source
Two kinds of industry control scanners generate, and honeypot data collection is then captured by our industry control honey jar.In order to capture more scanning flows, I
Industry control honey jar has been deployed in cloud service, in three kinds of different network environments of campus network and ISP network.
In disaggregated model part of detecting, the present invention has selected drinks, automotive-type and satellite image class three in UCI data set
A data set carries out test experiments and carries out with currently used fuzzy SVM, improvement SVM and DAG classification model construction method more than tri- kinds
Comparison.Table 1 illustrates the fundamental characteristics of three data sets, and table 2 illustrates the result of disaggregated model test experiments, it can be seen that
On drinks and automotive-type data set, CART disaggregated model of the invention is superior to other several methods, in satellite image class data
On collection, CART disaggregated model of the invention is close to the highest improvement SVM method of precision.Comprehensively consider three data sets and its
The features such as the complexity of his method, the disaggregated model accuracy and adaptability that the present invention chooses are superior to currently used several sides
Method.
Table 1
| Data set | Classification | Scale | Training data | Test data |
| Wine | 3 | 13 | 90 | 88 |
| Automobile | 4 | 6 | 958 | 770 |
| Satellite image | 6 | 36 | 4435 | 2000 |
Table 2
| Algorithm | Wine | Automobile | Satellite image |
| Fuzzy SVM | 0.53 | 0.73 | 0.60 |
| DAG | 0.68 | 0.79 | 0.63 |
| Improve SVM | 0.84 | 0.91 | 0.89 |
| The present invention | 0.887 | 0.95 | 0.854 |
In Clustering Model part of detecting, the present invention was had chosen from November 30,21 days to 2017 March in 2017 and 2018
It the Modbus data that are captured on July 22, on April 4, to 2018 and is captured from July 22 4 days to 2018 April in 2018
EtherNet/IP data as test data set.Within these periods, Modbus honey jar captures 199 different IP
As 199 scanning entities, EtherNet/IP honey jar captures 44 different IP address as 44 scanning entities for address.
Meanwhile also having chosen two kinds of clustering methods of currently used K-Means and AGNES and being compared with clustering method of the invention,
By comparing the DB index of distinct methods, respective accuracy and adaptability are analyzed.Table 3 illustrates the experiment of Clustering Model test
As a result, it is clear that the clustering algorithm that the present invention chooses obtains DB index either in Modbus data set or EtherNet/IP data
On collection, the DB index of other two kinds of clustering methods will be far smaller than, this mean that Clustering Model of the present invention accuracy and
Adaptability is also superior to currently used several method.
Table 3
In holistic approach part of detecting, the present invention is directed to Ethernet/IP data set, has selected BinaryEdge as one
A new scanner label.Because BinaryEdge scans our honey jar there are two entity, present invention selection wherein one
A to be used as training data, another adds them to industry control scanner data concentration as test data.Experimental result table
Bright, the new precision of disaggregated model is 0.985, and can identify and all belong to the new scanning flow of BinaryEdge.Meanwhile benefit
It is 0.808 with the new precision that new scanning label is clustered.The main reason for invariable precision of disaggregated model is original survey
It is too big to try data volume, has ignored the contribution of BinaryEdge.The invariable precision of Clustering Model is then due to BinaryEdge
Scanner independently of the scanner of its hetero-organization, result will not be impacted.However, all BinaryEdge that belong to are new
Scanning flow can correctly be classified, this demonstrates holistic approach with more excellent updating ability and adaptability.Therefore, originally
Inventing proposed method has accuracy and adaptability better than current common method, and have good analysis ability and
Updating ability has safely industry control network more great innovative significance.
It needs specified otherwise: being a kind of embodiment provided in conjunction with particular content as described above, can not assert
Specific implementation of the invention is only limited to these instructions.It is all similar to structure of the invention, device, identical, or for this hair
Several technology deduction or replace are made under bright concept thereof, all should be considered as protection scope of the present invention.
Claims (2)
1. a kind of industry control scanner fingerprint identification method based on sweet network data, which comprises the steps of:
A. obtain original training data, wherein the acquisition of original training data includes two kinds of approach: one is be based on being deployed in work
Honey jar network acquisition scanner in industry control system is to the detection behavior of industrial control equipment and carries out depth with it and interacts, and is swept
Retouch data;Another kind is the industry control scanner information record provided in conjunction with associated safety service facility, and analysis obtains scan data;
B. scan data fingerprint content is extracted, scanning feature data set is established;
C. it is based on scanning feature data set, constructs sorter models of classifying using CART decision Tree algorithms more;In model training mistake
Cheng Zhong constantly selects current optimal dividing attribute to be divided, until all training datas are all fitted completely;Using cost complexity
Spend pruning algorithms and beta pruning carried out to trained decision tree, the smallest subtree of Select Error as the optimum decision tree after beta pruning,
Form label;Classifiers of classifying are constructed using " one-to-one " method more, and the maximum classification of select probability is divided as classification results
Class result is exported in the form of probability;
D. it uses Clustering Model using the classification results that step c is exported as input, clustering is carried out to scanning entity, to find not
With the incidence relation between scanning tools and scanning entity IP;The incidence relation includes that determining and specific scanning tools constitute one
The scanning entity of class determines the scanning entity to constitute a class by itself and extracts tissue belonging to it;
E. will be generated after clustering algorithm it is multiple cluster, if there is the appearance that clusters containing new label, which will be by
It is input in step c, utilizes the more classification sorter models new and old based on CART decision Tree algorithms again, accomplish in real time more
Newly, constantly expand;If not occurring clustering containing new label, classification results will be as final result output.
2. the industry control scanner fingerprint identification method according to claim 1 based on sweet network data, which is characterized in that step
Scan data fingerprint content described in b includes: IP address information, port information, data packet length, communications protocol and specific communication
Data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811083267.6A CN109067778B (en) | 2018-09-18 | 2018-09-18 | Industrial control scanner fingerprint identification method based on honeynet data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811083267.6A CN109067778B (en) | 2018-09-18 | 2018-09-18 | Industrial control scanner fingerprint identification method based on honeynet data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109067778A true CN109067778A (en) | 2018-12-21 |
| CN109067778B CN109067778B (en) | 2020-07-24 |
Family
ID=64762888
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811083267.6A Active CN109067778B (en) | 2018-09-18 | 2018-09-18 | Industrial control scanner fingerprint identification method based on honeynet data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109067778B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111126440A (en) * | 2019-11-25 | 2020-05-08 | 广州大学 | Integrated industrial control honeypot identification system and method based on deep learning |
| CN111641634A (en) * | 2020-05-28 | 2020-09-08 | 东北大学 | Honey net based active defense system and method for industrial control network |
| CN111931874A (en) * | 2020-10-09 | 2020-11-13 | 北京元支点信息安全技术有限公司 | Adjoint bait generation method and device based on deep learning and data clustering |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104217160A (en) * | 2014-09-19 | 2014-12-17 | 中国科学院深圳先进技术研究院 | Method and system for detecting Chinese phishing website |
| CN104316786A (en) * | 2014-10-10 | 2015-01-28 | 湖南大学 | Mixed isolated island detection method |
| CN104881706A (en) * | 2014-12-31 | 2015-09-02 | 天津弘源慧能科技有限公司 | Electrical power system short-term load forecasting method based on big data technology |
| CN104883278A (en) * | 2014-09-28 | 2015-09-02 | 北京匡恩网络科技有限责任公司 | Method for classifying network equipment by utilizing machine learning |
| CN108234345A (en) * | 2016-12-21 | 2018-06-29 | 中国移动通信集团湖北有限公司 | A kind of traffic characteristic recognition methods of terminal network application, device and system |
| CN108509794A (en) * | 2018-03-09 | 2018-09-07 | 中山大学 | A kind of malicious web pages defence detection method based on classification learning algorithm |
-
2018
- 2018-09-18 CN CN201811083267.6A patent/CN109067778B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104217160A (en) * | 2014-09-19 | 2014-12-17 | 中国科学院深圳先进技术研究院 | Method and system for detecting Chinese phishing website |
| CN104883278A (en) * | 2014-09-28 | 2015-09-02 | 北京匡恩网络科技有限责任公司 | Method for classifying network equipment by utilizing machine learning |
| CN104316786A (en) * | 2014-10-10 | 2015-01-28 | 湖南大学 | Mixed isolated island detection method |
| CN104881706A (en) * | 2014-12-31 | 2015-09-02 | 天津弘源慧能科技有限公司 | Electrical power system short-term load forecasting method based on big data technology |
| CN108234345A (en) * | 2016-12-21 | 2018-06-29 | 中国移动通信集团湖北有限公司 | A kind of traffic characteristic recognition methods of terminal network application, device and system |
| CN108509794A (en) * | 2018-03-09 | 2018-09-07 | 中山大学 | A kind of malicious web pages defence detection method based on classification learning algorithm |
Non-Patent Citations (1)
| Title |
|---|
| 胡海龙: "基于蜜罐技术的工业控制入侵捕获系统的设计与实现", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111126440A (en) * | 2019-11-25 | 2020-05-08 | 广州大学 | Integrated industrial control honeypot identification system and method based on deep learning |
| CN111126440B (en) * | 2019-11-25 | 2023-12-22 | 广州大学 | Integrated honey control tank identification system and method based on deep learning |
| CN111641634A (en) * | 2020-05-28 | 2020-09-08 | 东北大学 | Honey net based active defense system and method for industrial control network |
| CN111641634B (en) * | 2020-05-28 | 2021-06-15 | 东北大学 | Honey net based active defense system and method for industrial control network |
| CN111931874A (en) * | 2020-10-09 | 2020-11-13 | 北京元支点信息安全技术有限公司 | Adjoint bait generation method and device based on deep learning and data clustering |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109067778B (en) | 2020-07-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Dong et al. | SR2CNN: Zero-shot learning for signal recognition | |
| CN107592312B (en) | Malicious software detection method based on network flow | |
| CN111832417B (en) | Signal modulation pattern recognition method based on CNN-LSTM model and transfer learning | |
| CN109218223B (en) | Robust network traffic classification method and system based on active learning | |
| CN104009836B (en) | Encryption data detection method and system | |
| CN109391602A (en) | A kind of zombie host detection method | |
| CN112738015A (en) | Multi-step attack detection method based on interpretable convolutional neural network CNN and graph detection | |
| CN109067778A (en) | A kind of industry control scanner fingerprint identification method based on sweet network data | |
| CN106650605B (en) | A kind of Morse automatic signal detection interpretation method based on machine learning | |
| CN111641634B (en) | Honey net based active defense system and method for industrial control network | |
| Yang et al. | Research on network traffic identification based on machine learning and deep packet inspection | |
| CN111506599A (en) | Industrial control equipment identification method and system based on rule matching and deep learning | |
| CN110868404B (en) | Industrial control equipment automatic identification method based on TCP/IP fingerprint | |
| CN109274677B (en) | IP classification method and system based on machine learning | |
| CN110519228B (en) | Method and system for identifying malicious cloud robot in black-production scene | |
| CN112926045B (en) | Group control equipment identification method based on logistic regression model | |
| CN110134719A (en) | A kind of identification of structural data Sensitive Attributes and stage division of classifying | |
| CN109547466B (en) | Method and device for improving risk perception capability based on machine learning, computer equipment and storage medium | |
| Kong et al. | Identification of abnormal network traffic using support vector machine | |
| Ganapathy et al. | An intelligent intrusion detection system for mobile ad-hoc networks using classification techniques | |
| Zhao | Network intrusion detection system model based on data mining | |
| CN112383488B (en) | Content identification method suitable for encrypted and non-encrypted data streams | |
| Cui et al. | Semi-2DCAE: a semi-supervision 2D-CNN AutoEncoder model for feature representation and classification of encrypted traffic | |
| CN116418565A (en) | Domain name detection method based on attribute heterograph neural network | |
| CN109587136B (en) | Radio frequency fingerprint feature extraction and identification method based on double maximum values |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20181221 Assignee: Liaoning Hesheng Yida Technology Co.,Ltd. Assignor: Northeastern University Contract record no.: X2023210000208 Denomination of invention: A fingerprint recognition method for industrial control scanners based on honeynet data Granted publication date: 20200724 License type: Common License Record date: 20231127 |