CN109167798A - A kind of household internet of things equipment DDoS detection method based on machine learning - Google Patents
A kind of household internet of things equipment DDoS detection method based on machine learning Download PDFInfo
- Publication number
- CN109167798A CN109167798A CN201811295449.XA CN201811295449A CN109167798A CN 109167798 A CN109167798 A CN 109167798A CN 201811295449 A CN201811295449 A CN 201811295449A CN 109167798 A CN109167798 A CN 109167798A
- Authority
- CN
- China
- Prior art keywords
- data
- machine learning
- feature
- dos
- things equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/141—Denial of service attacks against endpoints in a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/142—Denial of service attacks against network infrastructure
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/144—Detection or countermeasures against botnets
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The household internet of things equipment DDoS detection method based on machine learning that the invention discloses a kind of, comprising the following steps: A. establishes a local network simulated domestic internet of things equipment network to generate normal data and DoS data;B. the normal data and DoS data generated in the step A is collected, and signature analysis and feature extraction are carried out to the normal data and DoS data that are collected into;C. characteristic is divided into training set and test set two parts, the training set is for training machine learning decision tree, Random Forest model and generates two disaggregated models, and the test set is used to verify accurate rate and the recall rate of two disaggregated models generated to measure the feasibility of machine learning model detection DDoS flow;D. two disaggregated models of generation are operated on network middleware and carries out data acquisition, feature extraction and packet classification and identification normal discharge packet and DoS flow packet.Method of the invention can realize that particular network behavior carries out high-precision DDoS detection.
Description
Technical field
It is the present invention relates to Internet of Things safety detection and machine learning techniques field, in particular to a kind of based on machine learning
Household internet of things equipment DDoS detection method.
Background technique
Although more and more Internet of Things (IoT) equipment are connected to internet, many equipment is simultaneously dangerous, into one
Step is degrading internet environment, and unsafe internet of things equipment makes Botnet have opportunity to its attack, using not
The household internet of things equipment of safety, some Botnets (such as Mirai) carry out distributed denial of service to critical infrastructures
(DDoS) it attacks.Ever-increasing threat promotes to develop new technology to identify and prevent the attack stream from Internet of Things Botnet
Amount.
Nearest abnormality detection research has shown that machine learning can be used for identifying malicious network traffic.Meanwhile Internet of Things
There are great differences for the flow of net equipment and the flow of other internet devices (such as laptop and smart phone).It is based on
This characteristic can formulate one for household internet of things equipment DDoS detection method, utilize the specific network of internet of things equipment
Behavior carries out feature extraction, realizes high-precision DDoS detection by machine learning algorithm, finds internet of things equipment under fire in time
The case where, safety prevention measure is taken, loss is reduced.
Summary of the invention
It is insufficient in above-mentioned background technique the purpose of the present invention is overcoming, a kind of household Internet of Things based on machine learning is provided
Machine learning algorithm can be used to detect the ddos attack flow of internet of things equipment in equipment DDoS detection method, be one towards
The network anomaly detection method of Internet of Things specific function is, it can be achieved that particular network behavior carries out high-precision DDoS detection.
In order to reach above-mentioned technical effect, the present invention takes following technical scheme:
A kind of household internet of things equipment DDoS detection method based on machine learning, comprising the following steps:
A. a local network simulated domestic internet of things equipment network is established to generate normal data and DoS data;
B. the normal data and DoS data generated in the step A is collected, and to the normal data and DoS number being collected into
According to progress signature analysis and feature extraction;
C. characteristic is divided into training set and test set two parts, the training set is used for training machine learning decision
Tree, Random Forest model simultaneously generate two disaggregated models, the test set be used for verify generate two disaggregated models accurate rate and
Recall rate is to measure the feasibility that machine learning model detects DDoS flow;
D. two disaggregated models of generation are operated in and carries out data acquisition, feature extraction and data packet point on network middleware
Class and identification normal discharge packet and DoS flow packet;
In method of the invention, mainly by testing environment acquisition based on machine learning algorithm and locally building Internet of Things
Data traffic is analyzed to be characterized, so that training machine learns two disaggregated models, is finally divided using two disaggregated models
Class identifies DDoS data packet, to realize that the particular network behavior to internet of things equipment carries out high-precision DDoS detection.
Further, router is included at least in the local network established in the step A, multiple household Internet of Things are set
Standby, attack equipment, target drone.
Further, the step B specifically includes the following steps:
B1. it collects normal data: the interaction data between the multiple household internet of things equipment and router is grabbed
Packet obtains normal discharge data file;
B2. DoS data are collected: attack equipment, target drone are accessed local network, while the multiple household Internet of Things being set
Standby to disconnect local network, crawl attack equipment obtains DoS data file to the DoS attack file of target drone;
B3. signature analysis is carried out to the data of two class data files obtained in the step B1 and step B2 and feature mentions
It takes.
It further, is specifically that the characteristic of extraction is divided into stateful feature and stateless spy in the step B3
Sign, the stateful feature are the characteristic value for summarizing multiple data packet analysis in certain time span and going out, the stateless feature
It is that the feature analyzed from single data packet refers to.
Further, the stateless feature includes data package size, packet interval, communication protocol, described stateful
Feature includes bandwidth, target ip address number.
Further, the step B3 specifically:
B3.1 is grouped two class data files obtained in the step B1 and step B2, presses the mesh of data packet first
Mark IP is grouped, and Target IP is identical to be divided into one group, then sends out the data packet of each group further according to certain data packet
Time interval is sent to be grouped;
B3.2 carries out stateful feature and stateless feature extraction to the data being divided into group;
The characteristic of extraction is carried out handmarking by B3.3, and distinguishing every characteristic is DoS data or normal number
According to for machine learning model training.
Compared with prior art, the present invention have it is below the utility model has the advantages that
Household internet of things equipment DDoS detection method based on machine learning of the invention is the stream based on internet of things equipment
The flow characteristic that there are great differences of amount and other internet devices (such as laptop and smart phone), the one of formulation
It is a to be used for household internet of things equipment DDoS detection method, feature extraction is carried out using the specific network behavior of internet of things equipment, is led to
It crosses machine learning algorithm and realizes high-precision DDoS detection, to realize the case where discovery internet of things equipment is under fire in time, take
Safety prevention measure reduces loss, is the network anomaly detection method of an internet of things oriented specific function, it can be achieved that ad hoc networks
Network behavior carries out high-precision DDoS detection.
Detailed description of the invention
Fig. 1 is the schematic diagram of the local network of the foundation in one embodiment of the present of invention.
Fig. 2 is the flow diagram that two sorting machine learning models carry out DDoS detection in one embodiment of the present of invention.
Specific embodiment
Below with reference to the embodiment of the present invention, the invention will be further elaborated.
Embodiment:
A kind of household internet of things equipment DDoS detection method based on machine learning, for realizing the spy to internet of things equipment
Determine network behavior and carries out high-precision DDoS detection, specifically includes the following steps:
S101. a local network is established, as shown in Figure 1, including routing in the local network established in the present embodiment
Device, multiple mainstream household internet of things equipment, attack equipment and DoS target drone.
Specifically, mainstream household internet of things equipment attacks equipment and DoS target drone is then main mainly to realize normal discharge
For carrying out DoS attack, wherein the mainstream household internet of things equipment in the present embodiment specifically includes IP Camera, intelligent sound
The loud and Intelligent bracelet with Android smartphone bluetooth connection.
Meanwhile being in the present embodiment specifically use on server Linux virtual machine as the source DoS to attack equipment, general
The Apache Web server that operation has php web to apply is as DoS target drone.
Elder generation is needed when establishing local network, has configured home router wifi, then accesses IP Camera, intelligent sound
Router wifi.By Intelligent bracelet by bluetooth connection to Android smartphone, then Android smartphone couple in router
wifi。
S102. normal discharge is collected, carries out the interaction of half an hour using above-mentioned mainstream household internet of things equipment and on road
By the packet capturing of device end, normal discharge data file is obtained, thus records all data packets sent in the period.
Specifically in the present embodiment, content of interaction includes that control camera holder turns to, opens/closes intelligence during this
It can camera and installing firmware update.Voice control intelligent sound plays music, controls volume, phonetic search etc..By intelligent hand
Ring collects movement step number, and the data such as heart rate, which are uploaded onto the server, to be stored.
Specifically, also needing further to filter after getting normal discharge data file all non-in packet capturing data file
The flow of IoT, for example, Android smartphone other App and server communication data.
S103. Dos flow is collected, infects the common DoS attack type of equipment: TCP in the present embodiment with specific reference to Mirai
Operation is had php web to apply by SYN Flood, UDP Flood using Linux virtual machine on server as DoS attack source
Then two equipment are connected in local network context by Apache Web server as DoS target drone by wifi, simultaneously will
Above-mentioned mainstream household internet of things equipment is disconnected with wifi, and then, DoS attack source carries out target drone 5 minutes or so respectively
All kinds of DoS attacks.
Router equally grabs the pcap file of attack traffic.TCP SYN Flood and UDP Flood attack uses
Hping3 is simulated.Then DoS flow and normal discharge are remixed, it is made to look like internet of things equipment while being generated normal
Flow and DoS attack flow.
S104. feature extraction is studied the two class data that step S102 and step S103 are grabbed, is analyzed, then
Feature extraction is carried out, and the feature after extraction is divided into stateless feature and stateful feature.
Statelessly it is characterized in that the characteristic value analyzed from single data packet, i.e., stateless feature can be from each data packets
Data are derived, the communication stream in the source IP will not be relied on when generating these features.Stateful feature is then certain time span
(10s) summarizes the characteristic value that multiple data packet analysis go out, i.e., stateful feature is the network flow of (such as 10s) in certain time span
Amount, these features need to summarize in a time span statistical data of multiple data packets.
Specifically, stateless feature includes data package size, packet interval, communication protocol.
Wherein, data package size: there are dramatically different for data package size between attack and normal discharge.More than 90%
Attacking Packets are all within 100 bytes, and normal data packet usually changes between 100 to 1200 bytes.That is the present embodiment
In data on flows packet of the data packet within 100 bytes can be determined as stateless feature.
Packet interval: the normal most of data packets of Internet of Things flow are sent to server at regular intervals.
On the contrary, most DoS attack flow transmission time intervals (Δ T) are close to zero, and the single order and second order of time interval (Δ T)
Derivative is all very high.Using Δ T and Δ T single order and second dervative as feature can help sorting algorithm to find normal discharge
Difference between DoS flow.
Stateful feature includes bandwidth, target ip address number.
Bandwidth: average bandwidth was calculated in time span at 10 seconds, to measure the instant bandwidth of each equipment.Normal discharge and
Bandwidth availability ratio differs greatly between attack traffic, and the bandwidth availability ratio of attack traffic is generally significantly higher than normal discharge
Bandwidth availability ratio.
Target ip address number and otherness: the number of servers that internet of things equipment is characterized in that they are communicated is limited.Example
Such as, intelligent video camera head is only communicated with four distance hosts, for transmitting from cloud instruction, retrieving firmware update and video
It uploads.And the host ip of Botnet correspondence with foreign country can up to tens.Therefore, pass through target ip address number and otherness
It can be carried out the differentiation between normal discharge and DoS flow.
Then, the data packet got is grouped, is grouped (identical mesh by the target ip address of data packet first
Mark IP address is divided into one group), then by the data packet being divided into group according to target ip address according to certain time interval (such as 10s)
Further progress grouping.Then stateful feature and stateless feature extraction can be proceeded as described above to the data being divided into group.Finally
The feature of extraction is subjected to handmarking, i.e. every characteristic is DoS data or normal data, is used for machine learning model
Training.
S105. training and verifying.The characteristic generated in step S104 is divided into training set and test set, is made respectively
It is trained with the decision tree in the library Scikit-learn Python and random forests algorithm and generates two sorting machines study mould
Type.Test verifying is carried out using test set, so that two sorting machine learning models classify to each packet, classification results and standard
True rate is as shown in the table:
| Decision tree | Random forest | |
| Accurate rate (normal) | 99.6% | 99.9% |
| Accurate rate (attack) | 99.9% | 99.9% |
| Recall rate (normal) | 99.3% | 99.8% |
| Recall rate (attack) | 99.9% | 99.9% |
As can be known from the above table, in the present embodiment, decision tree can reach 99% accurate rate with random forest.
S106. two sorting machine learning models of generation are operated on such as security gateway network middleware and carries out data
Acquisition, feature extraction and packet classification and identification normal discharge packet and DoS flow packet.
The whole flow process method that two sorting machine learning models carry out DDoS detection in the present embodiment is illustrated in figure 2 to show
Meaning:
The flow of IoT is obtained first, the method that can specifically take router packet capturing, or in practical family's ring
In border, disaggregated model program is operated in above security gateway, the mode for carrying out traffic mirroring to router obtains flow.
Then the data packet got is grouped, is grouped (identical mesh by the target ip address of data packet first
Mark IP address is divided into one group), then by the data packet being divided into group according to target ip address according to certain time interval (such as 10s)
Further progress grouping.Then feature extraction is carried out, step S104 is specifically can refer to and carries out feature extraction.
The characteristic of extraction is finally input to two sorting machine learning models to classify, is identified whether as DoS packet
Or normal data packet.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary implementation that uses
Mode, however the present invention is not limited thereto.For those skilled in the art, essence of the invention is not being departed from
In the case where mind and essence, various changes and modifications can be made therein, these variations and modifications are also considered as protection scope of the present invention.
Claims (6)
1. a kind of household internet of things equipment DDoS detection method based on machine learning, which comprises the following steps:
A. a local network simulated domestic internet of things equipment network is established to generate normal data and DoS data;
B. collect the normal data that generates in the step A and DoS data, and to the normal data and DoS data being collected into
Row signature analysis and feature extraction;
C. characteristic is divided into training set and test set two parts, the training set for training machine learning decision tree, with
Machine forest model simultaneously generates two sorting machine learning models, and the test set is used to verify the two sorting machine learning models generated
Accurate rate and recall rate with measure two sorting machine learning models detection DDoS flow feasibility;
D. two sorting machine learning models of generation are operated in and carries out data acquisition, feature extraction and data on network middleware
Packet classification and identification normal discharge packet and DoS flow packet.
2. a kind of household internet of things equipment DDoS detection method based on machine learning according to claim 1, feature
It is, router, multiple household internet of things equipment, attack equipment, target is included at least in the local network established in the step A
Machine.
3. a kind of household internet of things equipment DDoS detection method based on machine learning according to claim 2, feature
Be, the step B specifically includes the following steps:
B1. it collects normal data: packet capturing being carried out to the interaction data between the multiple household internet of things equipment and router, is obtained
Take normal discharge data file;
B2. DoS data are collected: attack equipment, target drone are accessed local network, while the multiple household internet of things equipment being broken
Local network is opened, crawl attack equipment obtains DoS data file to the DoS attack file of target drone;
B3. signature analysis and feature extraction are carried out to the data of two class data files obtained in the step B1 and step B2.
4. a kind of household internet of things equipment DDoS detection method based on machine learning according to claim 3, feature
It is, is specifically that the characteristic of extraction is divided into stateful feature and stateless feature in the step B3, it is described stateful
Feature is the characteristic value for summarizing multiple data packet analysis in certain time span and going out, described to be statelessly characterized in from single data packet
The feature analyzed refers to.
5. a kind of household internet of things equipment DDoS detection method based on machine learning according to claim 4, feature
Be, the stateless feature includes data package size, packet interval, communication protocol, the stateful feature include bandwidth,
Target ip address number.
6. a kind of household internet of things equipment DDoS detection method based on machine learning according to claim 4 or 5, special
Sign is, the step B3 specifically:
B3.1 is grouped two class data files obtained in the step B1 and step B2, presses the Target IP of data packet first
It is grouped, Target IP is identical to be divided into one group, when then sending the data packet of each group further according to certain data packet
Between be spaced and be grouped;
B3.2 carries out stateful feature and stateless feature extraction to the data being divided into group;
The characteristic of extraction is carried out handmarking by B3.3, and distinguishing every characteristic is DoS data or normal data, is used
In the training of two sorting machine learning models.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811295449.XA CN109167798B (en) | 2018-11-01 | 2018-11-01 | Household Internet of things device DDoS detection method based on machine learning |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811295449.XA CN109167798B (en) | 2018-11-01 | 2018-11-01 | Household Internet of things device DDoS detection method based on machine learning |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109167798A true CN109167798A (en) | 2019-01-08 |
| CN109167798B CN109167798B (en) | 2020-03-17 |
Family
ID=64876551
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811295449.XA Active CN109167798B (en) | 2018-11-01 | 2018-11-01 | Household Internet of things device DDoS detection method based on machine learning |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109167798B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109951484A (en) * | 2019-03-20 | 2019-06-28 | 四川长虹电器股份有限公司 | The test method and system attacked for machine learning product |
| CN110113348A (en) * | 2019-05-14 | 2019-08-09 | 四川长虹电器股份有限公司 | A method of Internet of Things threat detection is carried out based on machine learning |
| CN111510433A (en) * | 2020-03-18 | 2020-08-07 | 山东大学 | Internet of things malicious flow detection method based on fog computing platform |
| CN111814986A (en) * | 2020-07-07 | 2020-10-23 | 上海交通大学包头材料研究院 | Dynamic network flow controller scheduling and service type distribution method and controller algorithm |
| CN111984972A (en) * | 2020-08-17 | 2020-11-24 | 济南浪潮高新科技投资发展有限公司 | Method and system for generating training set based on Mininet analysis network traffic |
| CN112291213A (en) * | 2020-10-16 | 2021-01-29 | 北京方研矩行科技有限公司 | Abnormal flow analysis method and device based on intelligent terminal |
| CN112995104A (en) * | 2019-12-16 | 2021-06-18 | 海信集团有限公司 | Communication equipment and network security prediction method |
| CN113037687A (en) * | 2019-12-24 | 2021-06-25 | 中移物联网有限公司 | Flow identification method and electronic equipment |
| CN113055381A (en) * | 2021-03-12 | 2021-06-29 | 山东大学 | Method, equipment and storage medium for realizing DDoS (distributed denial of service) flow detection of Internet of things based on page type network |
| CN113098832A (en) * | 2019-12-23 | 2021-07-09 | 四川大学 | Remote buffer overflow attack detection method based on machine learning |
| CN113703325A (en) * | 2020-10-30 | 2021-11-26 | 天翼智慧家庭科技有限公司 | Method and system for detecting intelligent household terminal collapse |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104796416A (en) * | 2015-04-08 | 2015-07-22 | 中国科学院信息工程研究所 | Botnet simulation method and botnet simulation system |
| CN104883278A (en) * | 2014-09-28 | 2015-09-02 | 北京匡恩网络科技有限责任公司 | Method for classifying network equipment by utilizing machine learning |
| CN106850333A (en) * | 2016-12-23 | 2017-06-13 | 中国科学院信息工程研究所 | A kind of network equipment recognition methods and system based on feedback cluster |
| US20180013786A1 (en) * | 2016-05-05 | 2018-01-11 | Neustar, Inc. | Systems and methods for mitigating and/or preventing distributed denial-of-service attacks |
| CN108549814A (en) * | 2018-03-24 | 2018-09-18 | 西安电子科技大学 | A kind of SQL injection detection method based on machine learning, database security system |
| CN108667804A (en) * | 2018-04-08 | 2018-10-16 | 北京大学 | A kind of ddos attack detection and means of defence and system based on SDN frameworks |
| CN108712404A (en) * | 2018-05-04 | 2018-10-26 | 重庆邮电大学 | A kind of Internet of Things intrusion detection method based on machine learning |
-
2018
- 2018-11-01 CN CN201811295449.XA patent/CN109167798B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104883278A (en) * | 2014-09-28 | 2015-09-02 | 北京匡恩网络科技有限责任公司 | Method for classifying network equipment by utilizing machine learning |
| CN104796416A (en) * | 2015-04-08 | 2015-07-22 | 中国科学院信息工程研究所 | Botnet simulation method and botnet simulation system |
| US20180013786A1 (en) * | 2016-05-05 | 2018-01-11 | Neustar, Inc. | Systems and methods for mitigating and/or preventing distributed denial-of-service attacks |
| CN106850333A (en) * | 2016-12-23 | 2017-06-13 | 中国科学院信息工程研究所 | A kind of network equipment recognition methods and system based on feedback cluster |
| CN108549814A (en) * | 2018-03-24 | 2018-09-18 | 西安电子科技大学 | A kind of SQL injection detection method based on machine learning, database security system |
| CN108667804A (en) * | 2018-04-08 | 2018-10-16 | 北京大学 | A kind of ddos attack detection and means of defence and system based on SDN frameworks |
| CN108712404A (en) * | 2018-05-04 | 2018-10-26 | 重庆邮电大学 | A kind of Internet of Things intrusion detection method based on machine learning |
Non-Patent Citations (1)
| Title |
|---|
| 钱明: "基于大数据分析的网络安全审计技术的研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109951484A (en) * | 2019-03-20 | 2019-06-28 | 四川长虹电器股份有限公司 | The test method and system attacked for machine learning product |
| CN110113348A (en) * | 2019-05-14 | 2019-08-09 | 四川长虹电器股份有限公司 | A method of Internet of Things threat detection is carried out based on machine learning |
| CN112995104B (en) * | 2019-12-16 | 2022-05-20 | 海信集团有限公司 | Communication equipment and network security prediction method |
| CN112995104A (en) * | 2019-12-16 | 2021-06-18 | 海信集团有限公司 | Communication equipment and network security prediction method |
| CN113098832A (en) * | 2019-12-23 | 2021-07-09 | 四川大学 | Remote buffer overflow attack detection method based on machine learning |
| CN113037687A (en) * | 2019-12-24 | 2021-06-25 | 中移物联网有限公司 | Flow identification method and electronic equipment |
| CN113037687B (en) * | 2019-12-24 | 2022-09-16 | 中移物联网有限公司 | Traffic identification method and electronic equipment |
| CN111510433A (en) * | 2020-03-18 | 2020-08-07 | 山东大学 | Internet of things malicious flow detection method based on fog computing platform |
| CN111510433B (en) * | 2020-03-18 | 2021-01-15 | 山东大学 | Internet of things malicious flow detection method based on fog computing platform |
| CN111814986A (en) * | 2020-07-07 | 2020-10-23 | 上海交通大学包头材料研究院 | Dynamic network flow controller scheduling and service type distribution method and controller algorithm |
| CN111814986B (en) * | 2020-07-07 | 2024-02-20 | 上海交通大学包头材料研究院 | Dynamic network flow controller dispatching and service type distribution method |
| CN111984972A (en) * | 2020-08-17 | 2020-11-24 | 济南浪潮高新科技投资发展有限公司 | Method and system for generating training set based on Mininet analysis network traffic |
| CN112291213A (en) * | 2020-10-16 | 2021-01-29 | 北京方研矩行科技有限公司 | Abnormal flow analysis method and device based on intelligent terminal |
| CN113703325A (en) * | 2020-10-30 | 2021-11-26 | 天翼智慧家庭科技有限公司 | Method and system for detecting intelligent household terminal collapse |
| CN113055381A (en) * | 2021-03-12 | 2021-06-29 | 山东大学 | Method, equipment and storage medium for realizing DDoS (distributed denial of service) flow detection of Internet of things based on page type network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109167798B (en) | 2020-03-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109167798A (en) | A kind of household internet of things equipment DDoS detection method based on machine learning | |
| CN110113328B (en) | Software defined opportunistic network DDoS defense method based on block chain | |
| CN109962903B (en) | Home gateway security monitoring method, device, system and medium | |
| CN111510433B (en) | Internet of things malicious flow detection method based on fog computing platform | |
| CN105681250B (en) | A kind of Botnet distribution real-time detection method and system | |
| US10686814B2 (en) | Network anomaly detection | |
| CN108063765B (en) | SDN system suitable for solving network security | |
| CN106131027B (en) | A kind of exception flow of network detection system of defense based on software defined network | |
| CN103297433B (en) | The HTTP Botnet detection method of data flow Network Based and system | |
| US20150341380A1 (en) | System and method for detecting abnormal behavior of control system | |
| Hussein et al. | SDN security plane: An architecture for resilient security services | |
| WO2010031288A1 (en) | Botnet inspection method and system | |
| CN108632269B (en) | Distributed denial of service attack detection method based on C4.5 decision tree algorithm | |
| CN106357685A (en) | Method and device for defending distributed denial of service attack | |
| CN107241304B (en) | Method and device for detecting DDoS attack | |
| CN109561051A (en) | Content distributing network safety detection method and system | |
| CN103916288A (en) | Botnet detection method and system on basis of gateway and local | |
| CN109474485A (en) | Method, system and storage medium based on network traffic information detection Botnet | |
| Pokrinchak et al. | Distributed denial of service: Problems and solutions | |
| Shanthi et al. | Detection of botnet by analyzing network traffic flow characteristics using open source tools | |
| US20230115046A1 (en) | Network security system for preventing unknown network attacks | |
| KR101528928B1 (en) | Apparatus and method for managing network traffic based on flow and session | |
| Xiao et al. | Discovery method for distributed denial-of-service attack behavior in SDNs using a feature-pattern graph model | |
| Karimpour et al. | Intrusion detection in network flows based on an optimized clustering criterion | |
| JP6970344B2 (en) | Infection spread attack detection device, attack source identification method and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |