CN109446804B - Intrusion detection method based on multi-scale feature connection convolutional neural network - Google Patents
Intrusion detection method based on multi-scale feature connection convolutional neural network Download PDFInfo
- Publication number
- CN109446804B CN109446804B CN201811127767.5A CN201811127767A CN109446804B CN 109446804 B CN109446804 B CN 109446804B CN 201811127767 A CN201811127767 A CN 201811127767A CN 109446804 B CN109446804 B CN 109446804B
- Authority
- CN
- China
- Prior art keywords
- data
- neural network
- convolutional neural
- network
- scale feature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
- G06N3/088—Non-supervised learning, e.g. competitive learning
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Biophysics (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- Computational Linguistics (AREA)
- Artificial Intelligence (AREA)
- Mathematical Physics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Image Analysis (AREA)
Abstract
The invention discloses an intrusion detection method based on a multi-scale feature connection convolutional neural network, which extracts key features and associated features in intrusion data by using the super-strong feature extraction capability of the convolutional neural network, so that the extracted features have stronger robustness under various environments and the network structure has stronger universality. Meanwhile, the convolution self-encoder and unmarked data are utilized to pre-train the parameters of the convolution layer group, so that the network can obtain good effect even under the condition of less marked data quantity, and the problem of difficult marking of a large amount of data is solved. When the trained convolutional neural network meets the requirements, the network parameters are stored, and the later system deployment process does not need to be trained again, so that convenience is brought to implementation and deployment of the system. When new network intrusion data are collected, the weights trained before can be used as initial values to be loaded into the network for fine tuning training, and the intrusion detection network can seek better performance.
Description
Technical Field
The invention relates to the classification field in machine learning and the intrusion detection field in information security, in particular to an intrusion detection method based on a multi-scale Feature Connection Convolutional Neural Network (MFC-CNN).
Background
With the development of computer networks, many applications involving sensitive data are deployed in the network, and the security problem is threatened by a myriad of intrusion means. The intrusion detection technology is used as an active intrusion prevention means, can analyze access behaviors entering an information system, and detects the behaviors with malicious intrusion behaviors. Intrusion detection techniques detect data packets that may affect information security by collecting data packets entering and exiting an information system, monitoring network communications, and analyzing the collected data packets and the content of the communications using various methods. An excellent intrusion detection system should have a high recognition rate for malicious activities and a low false alarm rate for normal activities.
Methods of analyzing access behavior in a network system are diverse. The key is to find out which access information or access characteristics are clearly characteristic in the access behavior. Many machine learning algorithms and feature extraction algorithms are proposed and applied to the field of intrusion detection, but when the methods face intrusion samples with large differences, the problems of low detection rate and high false alarm rate often occur, and the reason is that feature information in intrusion attributes cannot be found well.
Disclosure of Invention
The invention provides an intrusion detection method based on a multi-scale feature connection convolutional neural network, aiming at the problems of low detection rate, high false alarm rate and low universality on specific network intrusion scenes of the conventional intrusion detection method.
In order to solve the problems, the invention is realized by the following technical scheme:
an intrusion detection method based on a multi-scale feature connection convolutional neural network specifically comprises the following steps:
step 2, randomly selecting partial data from the total data set D to form a decimation data set D ', and dividing the decimation data set D' into a training set STRain and a test set STest;
step 4, forming the data which is left by removing the decimated data set D' from the total data set D into a remaining data set
step 6, when unsupervised pre-training is finished, keeping all initial parameters W of convolution layers in the convolutional neural network based on multi-scale feature connection;
step 8, sending data in the training set string into the pre-trained convolution neural network based on multi-scale feature connection obtained in the step 7 for supervised training;
step 9, in the process of supervised training, training network parameters by using a back propagation algorithm, verifying the accuracy of the network by using data in a test set STest at intervals of a certain training batch, and storing all parameters Wa of each layer in the current pre-trained convolutional neural network based on multi-scale feature connection when the accuracy reaches a set threshold;
and 11, when the intrusion detection of the network data is required, sending the network data required to be detected into the final convolution neural network based on the multi-scale feature connection obtained in the step 10, namely predicting the intrusion detection result.
In step 1, the total data D and the residual data set
The data in (1) does not contain the real intrusion type label, namely, the data is label-free data.
Compared with the prior art, the invention has the following characteristics:
1. a method of unsupervised pre-training and supervised training fine tuning is used, so that the difficulty of labeling network intrusion data is solved to a certain extent;
2. the method combines the super-strong characteristic learning capability of the convolutional neural network, effectively extracts the characteristics of a given sample and the relation characteristics between attributes, improves the detection rate of intrusion detection and reduces the false alarm rate;
3. the generalization capability of the convolutional neural network is utilized, so that the method has strong universality, and the method can be easily applied to various intrusion detection environments without making too much modification on the system.
Drawings
Fig. 1 is a flowchart of an intrusion detection method based on a multi-scale feature-connected convolutional neural network.
FIG. 2 is a schematic diagram of a convolutional neural network based on multi-scale feature connection.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings in conjunction with specific examples.
Referring to fig. 1, an intrusion detection method based on a multi-scale feature connection convolutional neural network specifically includes the following steps:
And 2, randomly selecting partial data from the total data set D to form a decimation data set D ', and dividing the decimation data set D' into a training set STRain and a test set STest for subsequent supervised training.
And 3, marking the data in the training set STRain and the test set STest with an intrusion type label according to the real situation of the intrusion data.
Step 4, forming the data which is left by removing the decimated data set D' from the total data set D into a remaining data set
For subsequent unsupervised pre-training. Residual data set
The data in (1) does not contain its true intrusion type tag, i.e., is untagged data.
And 6, when the unsupervised pre-training is finished, keeping all the initial parameters W of the convolution layer in the convolution neural network based on the multi-scale feature connection.
And 7, loading all the parameters W of the convolutional layer obtained in the step 6 back to the initial convolutional layer based on the multi-scale feature connection convolutional neural network to obtain the pre-trained convolutional neural network based on the multi-scale feature connection.
And 8, sending the data in the training set string into the pre-trained convolution neural network based on the multi-scale feature connection obtained in the step 7 for supervised training.
And 9, in the process of supervised training, training network parameters by using a back propagation algorithm, verifying the accuracy of the network by using data in the test set STest at regular intervals of training batches, and storing all parameters Wa of each layer in the current pre-trained convolutional neural network based on multi-scale feature connection once the accuracy reaches a set threshold value.
And step 10, correspondingly loading all the parameters Wa of each layer obtained in the step 9 back to each layer of the pre-trained convolutional neural network based on multi-scale feature connection to obtain the final convolutional neural network based on multi-scale feature connection.
And 11, when the intrusion detection of the network data is required, sending the network data required to be detected into the final convolution neural network based on the multi-scale feature connection obtained in the step 10, namely predicting the intrusion detection result.
The method extracts key features and associated features in the intrusion data by using the super-strong feature extraction capability of the convolutional neural network, so that the extracted features have stronger robustness under various environments, and the network structure has stronger universality. Meanwhile, the convolution self-encoder and unmarked data are utilized to pre-train the parameters of the convolution layer group, so that the network can obtain good effect even under the condition of less marked data quantity, and the problem of difficult marking of a large amount of data is solved. When the trained convolutional neural network meets the requirements, the network parameters are stored, and the later system deployment process does not need to be trained again, so that convenience is brought to implementation and deployment of the system. When new network intrusion data are collected, the weights trained before can be used as initial values to be loaded into the network for fine tuning training, and the intrusion detection network can seek better performance.
The following is a description of the key technologies involved in the present invention:
(1) connecting a convolutional neural network model based on multi-scale features:
the convolutional neural network is used as a feature extractor, has the advantages of strong robustness, high accuracy and strong generalization capability, can find the characteristics among the access attributes, and can also find the associated features among the attributes through convolution operation. Therefore, convolutional neural networks are well suited for extracting current increasingly complex intrusion instruments and intrusion behaviors.
In order to enable the input and internal convolution operation of the convolutional neural network to be suitable for network intrusion data, the structure of the convolutional neural network based on multi-scale feature connection is as follows: a network intrusion data with n features is generally encoded into an n-dimensional feature column vector, and therefore, the input of the multi-scale feature-connected convolutional neural network is an n-dimensional column vector; in order to acquire the characteristics of the intrusion data on different scales, a convolution layer group is arranged behind a network input layer, the convolution layer group consists of three convolution layers, and each convolution layer consists of 20 convolution kernels [3x1], 10 convolution kernels [5x1] and 5 convolution kernels [7x1 ]; the convolution layer group is followed by a characteristic connection layer, and the layer splices three groups of characteristic vectors obtained by the convolution layer group and an original input D according to columns, namely: f ═ a; b; c; d ]; f is a final characteristic vector, a, b and c are characteristic vectors from three convolution layers of a convolution layer group respectively, and D is an original input; the last of the network is two fully connected layers. Since the dimension of the input data is not necessarily, the number of neurons in the first full-link layer is 3 times of the classification number, and the number of neurons in the second full-link layer is +1 (total number of intrusion types + non-intrusion behavior) of the intrusion types to be detected.
In this embodiment, a multi-scale feature-connected convolutional neural network as shown in fig. 2 is constructed, including an input layer, a convolutional layer, a feature connection layer, a full connection layer, and an output layer. The input layer accepts an n-dimensional column vector input and feeds it into the convolutional layer. In the network shown in fig. 2, the convolutional layer includes 20 convolutional kernels [3 × 1], 10 convolutional kernels [5 × 1], and 5 convolutional kernels [7 × 1], and the value of each convolutional kernel element is a parameter of network operation, which aims to extract the associated features of the network intrusion data attribute on different scales. The n-dimensional column vectors are passed through the convolutional layer to obtain 3 eigenvectors f1, f2 and f 3. The 3 eigenvectors and the original data input are spliced into a longer final eigenvector in the characteristic connection layer and sent to the full connection layer. The length of the final eigenvector is different due to different input data, and the number of neurons in the full junction layer is also different. In the network shown in fig. 2, the fully-connected layer 1 is used, in which the number of neurons is equal to 3 times the number of classifications, and the fully-connected layer 2 has the number of neurons equal to the number of classifications. And the full connection layer carries out linear transformation on the final characteristics, and the final characteristics pass through the two full connection layers to obtain the logic distribution (logic) of the intrusion data characteristics. And finally, sending the logit into a Softmax classifier to obtain a final classification result, namely the intrusion type corresponding to the piece of intrusion data.
The invention increases the robustness of the intrusion system by fully utilizing the characteristic that the convolutional neural network can extract excellent characteristics, improves the detection rate and reduces the rate of missing report and false report.
(2) Processing network intrusion data:
the collected network historical data does not need to be specially processed, only enumeration type data in the data need to be digitalized, and other processing such as normalization is not needed. For example, the protocol types of the data are TCP, UDP and P2P, the TCP in the data is replaced by a value 1, the UDP is replaced by a value 2, the P2P is replaced by a value 3, and the intrusion type is also handled in the same way.
Most network intrusion data is a collection of behavior attributes as a data instance. Taking the example of processing KDD99 data sets here, other custom network data may be processed in a manner similar to the example.
Each connection in the KDD99 dataset is described by 41 features, which include four broad categories, basic features for 9 connections, content features for 13 connections, time-based network traffic statistics, and host-based network traffic features, with the 42 th dimension of the data representing the classification label of the data. These include continuous numeric type features as well as enumerated discrete type features. For numerical type features, no processing is required. For enumerated discrete data, a numerical operation is required. The discrete features in the data are shown in table 1.
TABLE 1 characteristics of discrete values of the KDD99 dataset
Enumerating the characteristics of the types, numbering each value from 0, replacing the original data of the value, and completing the digitization of the data.
For the classification tag, after the numeralization operation is performed on the classification tag, one-hot encoding (one-hot encoding) is also required to be performed.
(3) Training of convolutional neural networks for intrusion detection
Fig. 1 is a schematic diagram of a training flow of an intrusion detection convolutional neural network. The method comprises the following two steps: pre-training a convolution layer group by using a large amount of unlabeled data; and then fine-tuning the network with a small amount of label data.
In the pre-training stage, unlabeled data are sent into a convolution self-encoder, reconstructed data are obtained through convolution encoding and transposition convolution decoding, and the distance between the reconstructed data and original data is measured by using a square error:
D(X,F)=||X-F||2
where X is the original input and F is the reconstructed representation of X through the self-encoder. The self-encoder takes the above formula as a loss function, and can obtain the self-encoder related to the data X through repeated iterative training. And the parameters of the convolution layer group part are used as initialization parameters of the convolution neural network convolution layer group connected with the multi-scale features.
After the pre-training is finished, the multi-scale feature connection convolutional neural network is established and trained. The convolutional neural network accepts network intrusion data as input, which needs to be digitized and fed into the convolutional neural network in a column vector manner. During training, data with labels are fed into a convolutional neural network in batches, wherein X represents input network intrusion data, Y represents the real classification of each data, and one-hot coding is used for representing the data.
And the data sent into the convolutional neural network passes through a convolutional layer and a full connection layer, and is finally sent into a softmax classifier to obtain a final prediction classification result Y _ pred. Calculating the cross Entropy loss Encopy as a loss function by combining the result with the true classification Y of the data, which is calculated by the formula:
subsequently, each parameter in the convolutional neural network is iteratively updated using a back propagation algorithm in cooperation with a gradient descent optimization algorithm. And testing by using the test set after a plurality of iterations, and storing the parameters of the network model after the required precision is reached.
(4) Deploying a trained intrusion detection network
And building a convolutional neural network which is the same as that in the training stage, and loading the parameters obtained by training into the convolutional neural network. The deployment process is seen in fig. 2.
Firstly, transmitting acquired network data into a convolutional neural network for training; and deploying the intrusion detection in a network system, and detecting the behavior data in the network to obtain the behavior classification. Network intrusion data are sent into the multi-scale feature connection convolutional neural network after being subjected to numerical processing, the strong feature extraction capability of the convolutional neural network is utilized to extract the data and the associated features of the data on all scales, and the features are sent into the full-connection network and the classification network in a connection and combination mode to realize intrusion detection. Because the invention belongs to a machine learning algorithm, the network needs to be trained to meet the required detection performance requirement. In the training stage, data samples collected on the network and real classification labels thereof are sent to the network, errors are calculated after classification, and weight parameters of the convolutional neural network are optimized through a back propagation algorithm. And when the classification performance of the convolutional neural network meets the requirement, all the weight parameters of the network at the moment are stored. Subsequently, when the network is deployed at any time, only the trained weight parameters need to be loaded back to the network. The invention utilizes convolution kernels with different sizes to extract the characteristics of the data on each scale and the universality and robustness of the convolution neural network to the classification problem, constructs the convolution neural network suitable for network intrusion data, improves the robustness and the accuracy of intrusion detection, and simultaneously reduces the false alarm rate of common network flow data.
It should be noted that, although the above-mentioned embodiments of the present invention are illustrative, the present invention is not limited thereto, and thus the present invention is not limited to the above-mentioned embodiments. Other embodiments, which can be made by those skilled in the art in light of the teachings of the present invention, are considered to be within the scope of the present invention without departing from its principles.
Claims (2)
1. An intrusion detection method based on a multi-scale feature connection convolutional neural network is characterized by specifically comprising the following steps:
step 1, collecting historical data in a network to form a total data set D;
step 2, randomly selecting partial data from the total data set D to form a decimation data set D ', and dividing the decimation data set D' into a training set STRain and a test set STest;
step 3, marking the data in the training set STRain and the test set STest with an intrusion type label according to the real situation of the intrusion data;
step 4, forming the data which is left by removing the decimated data set D' from the total data set D into a remaining data set
Step 5, remaining data set
The data in the step (1) is sent into an initial convolutional neural network connected based on multi-scale features for unsupervised pre-training;
step 6, when unsupervised pre-training is finished, keeping all initial parameters W of convolution layers in the convolutional neural network based on multi-scale feature connection;
step 7, loading all the parameters W of the convolutional layer obtained in the step 6 back to the initial convolutional layer based on the multi-scale feature connection convolutional neural network to obtain a pre-trained convolutional neural network based on the multi-scale feature connection;
step 8, sending data in the training set string into the pre-trained convolution neural network based on multi-scale feature connection obtained in the step 7 for supervised training;
step 9, in the process of supervised training, training network parameters by using a back propagation algorithm, verifying the accuracy of the network by using data in a test set STest at intervals of a certain training batch, and storing all parameters Wa of each layer in the current pre-trained convolutional neural network based on multi-scale feature connection when the accuracy reaches a set threshold;
step 10, correspondingly loading all the parameters Wa of each layer obtained in the step 9 back to each layer of the pre-trained convolutional neural network based on multi-scale feature connection to obtain a final convolutional neural network based on multi-scale feature connection;
and 11, when the intrusion detection of the network data is required, sending the network data required to be detected into the final convolution neural network based on the multi-scale feature connection obtained in the step 10, namely predicting the intrusion detection result.
2. The method according to claim 1, wherein in step 1, the total data D and the residual data set
The data in (1) are all label-free data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811127767.5A CN109446804B (en) | 2018-09-27 | 2018-09-27 | Intrusion detection method based on multi-scale feature connection convolutional neural network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811127767.5A CN109446804B (en) | 2018-09-27 | 2018-09-27 | Intrusion detection method based on multi-scale feature connection convolutional neural network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109446804A CN109446804A (en) | 2019-03-08 |
| CN109446804B true CN109446804B (en) | 2022-02-01 |
Family
ID=65544369
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811127767.5A Active CN109446804B (en) | 2018-09-27 | 2018-09-27 | Intrusion detection method based on multi-scale feature connection convolutional neural network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109446804B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110912867B (en) * | 2019-09-29 | 2022-05-17 | 惠州蓄能发电有限公司 | Intrusion detection method, device, equipment and storage medium for industrial control system |
| CN111092873B (en) * | 2019-12-11 | 2022-07-29 | 中国科学院深圳先进技术研究院 | Training method and detection method of traffic detection model of asymmetric convolutional network |
| CN111382438B (en) * | 2020-03-27 | 2024-04-23 | 玉溪师范学院 | Malware detection method based on multi-scale convolutional neural network |
| CN111460441A (en) * | 2020-04-17 | 2020-07-28 | 武汉大学 | Network intrusion detection method based on batch normalization convolutional neural network |
| CN111953712B (en) * | 2020-08-19 | 2022-03-29 | 中国电子信息产业集团有限公司第六研究所 | Intrusion detection method and device based on feature fusion and density clustering |
| SG10202008469RA (en) | 2020-09-01 | 2020-10-29 | Ensign Infosecurity Pte Ltd | A deep embedded self-taught learning system and method for detecting suspicious network behaviours |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2833594A1 (en) * | 2013-07-31 | 2015-02-04 | Siemens Aktiengesellschaft | Feature based three stage neural networks intrusion detection method and system |
| CN108038435A (en) * | 2017-12-04 | 2018-05-15 | 中山大学 | A kind of feature extraction and method for tracking target based on convolutional neural networks |
-
2018
- 2018-09-27 CN CN201811127767.5A patent/CN109446804B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2833594A1 (en) * | 2013-07-31 | 2015-02-04 | Siemens Aktiengesellschaft | Feature based three stage neural networks intrusion detection method and system |
| CN108038435A (en) * | 2017-12-04 | 2018-05-15 | 中山大学 | A kind of feature extraction and method for tracking target based on convolutional neural networks |
Non-Patent Citations (5)
| Title |
|---|
| Going deeper with convolutions;Christian Szegedy et.al;《Computer Vision and Pattern Recognition 2015》;20140917;文献第4-5页,图2 * |
| SU-IDS:A Semi-supervised and Unsupervised Framework for Network Intrusion Detection;Erxue Min et.al;《Cloud Computing and Security 4th International Conference,ICCCS 2018》;20180913;文献第324-327页,图1 * |
| Using convolutional neural networks to network intrusion detection for cyber threats;Wen-Hui Lin et.al;《2018 IEEE International Conference on Applied System Invention (ICASI)》;20180625;全文 * |
| 基于卷积神经网络的入侵检测算法;贾凡,孔令智;《北京理工大学学报 第37卷 第12期》;20171231;全文 * |
| 基于深度信念网络的入侵检测算法研究;逯玉婧;《中国优秀硕士学位论文全文数据库 信息科技辑 2016年第08期》;20160815;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109446804A (en) | 2019-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109446804B (en) | Intrusion detection method based on multi-scale feature connection convolutional neural network | |
| CN110287983B (en) | Single-classifier anomaly detection method based on maximum correlation entropy deep neural network | |
| CN109768985B (en) | Intrusion detection method based on flow visualization and machine learning algorithm | |
| CN111915437B (en) | Training method, device, equipment and medium of money backwashing model based on RNN | |
| CN105224872B (en) | A kind of user's anomaly detection method based on neural network clustering | |
| CN109698836A (en) | A kind of method for wireless lan intrusion detection and system based on deep learning | |
| CN109299741B (en) | Network attack type identification method based on multi-layer detection | |
| CN111556016B (en) | Network flow abnormal behavior identification method based on automatic encoder | |
| CN110263538A (en) | A kind of malicious code detecting method based on system action sequence | |
| CN114492768A (en) | Twin capsule network intrusion detection method based on small sample learning | |
| CN112134862A (en) | Coarse-fine granularity mixed network anomaly detection method and device based on machine learning | |
| CN115277888A (en) | Method and system for analyzing message type of mobile application encryption protocol | |
| CN116662817A (en) | Asset identification method and system of Internet of things equipment | |
| CN112487406A (en) | Network behavior analysis method based on machine learning | |
| CN115277189A (en) | Unsupervised intrusion flow detection and identification method based on generative countermeasure network | |
| Arya et al. | Ensemble filter-based feature selection model for cyber attack detection in industrial Internet of Things | |
| CN111130942A (en) | Application flow identification method based on message size analysis | |
| CN110650124A (en) | Network flow abnormity detection method based on multilayer echo state network | |
| CN116232761B (en) | Method and system for detecting abnormal network traffic based on shapelet | |
| CN117559373A (en) | Deep flyback ESD protection device and method thereof | |
| CN117591813A (en) | Complex equipment fault diagnosis method and system based on multidimensional features | |
| Huang et al. | Network-traffic anomaly detection with incremental majority learning | |
| CN115879030A (en) | Network attack classification method and system for power distribution network | |
| CN116170187A (en) | Industrial Internet intrusion monitoring method based on CNN and LSTM fusion network | |
| CN114553790A (en) | Multi-mode feature-based small sample learning Internet of things traffic classification method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |