CN109547455A - Industrial Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal - Google Patents
Industrial Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal Download PDFInfo
- Publication number
- CN109547455A CN109547455A CN201811491056.6A CN201811491056A CN109547455A CN 109547455 A CN109547455 A CN 109547455A CN 201811491056 A CN201811491056 A CN 201811491056A CN 109547455 A CN109547455 A CN 109547455A
- Authority
- CN
- China
- Prior art keywords
- things
- internet
- industrial internet
- unusual checking
- anomaly detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Abstract
A kind of industry Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal, which comprises obtain corresponding industrial Internet of Things unusual checking model;The industry Internet of Things unusual checking model is to be trained to obtain to acquired original network traffic data using deepness auto encoder and depth feedforward neural network;By the industrial Internet of Things network flow data input industrial Internet of Things unusual checking model to be detected, corresponding industrial Internet of Things unusual checking result is obtained.The accuracy of industrial Internet of Things unusual checking can be improved in above-mentioned scheme.
Description
Technical field
The invention belongs to industrial internet of things field, more particularly to a kind of industrial Internet of Things anomaly detection method
And device, readable storage medium storing program for executing and terminal.
Background technique
The industrial intelligent that industrial cloud, industrial big data and intelligent equipment are constituted has become the aobvious of infant industry form
Work feature.The data analysis in cloud and application, local field control, the data processing and response of edge side, three ends combine
The stage construction trend that interconnects that cooperative development is formed also brings the mass upgrade of industry.
Industrial Internet of Things needs hundreds of millions of terminal industrial equipments to be connected into internet, so that the work of script relative closure
Industry control network becomes more and more open.It is open while bring convenient and efficiency, it loophole quantity and is formed effectively using loophole
The quantity of attack is also constantly riseing, and industrial network security is made to be faced with great challenge.
In the prior art, in order to detect industrial Internet of Things network attack, it is necessary to which on-premise network intruding detection system is for supervising
Depending on and detection whole network system in suspicious event, method is divided into detection based on signature and based on abnormal detection two
Kind, but it is low there is detection accuracy the problems such as.
Summary of the invention
Present invention solves the technical problem that being how to improve the accuracy of industrial Internet of Things unusual checking.
In order to achieve the above object, the present invention provides a kind of industrial Internet of Things anomaly detection method, the method packet
It includes:
Obtain corresponding industrial Internet of Things unusual checking model;It is described industry Internet of Things unusual checking model be
Acquired original network traffic data is trained to obtain using deepness auto encoder and depth feedforward neural network;
By the industrial Internet of Things network flow data input industrial Internet of Things unusual checking model to be detected, obtain
To corresponding industrial Internet of Things unusual checking result.
Optionally, industrial Internet of Things unusual checking model training by the way of following obtains:
Obtain the original network traffic data in industrial Internet of Things;
Acquired original network traffic data is pre-processed, pretreated original network traffic data is obtained;
The pretreatment includes network flow characteristic conversion and feature normalization operation;
Unmarked training is carried out to pretreated original network traffic data using the deepness auto encoder algorithm,
Obtain the estimation parameter of the industrial Internet of Things unusual checking model;
Label training is carried out using depth feedforward neural network and pretreated original network traffic data, to described
The estimation parameter of industrial Internet of Things unusual checking model optimizes, and obtains the industrial Internet of Things unusual checking mould
Type.
Optionally, extracted network flow characteristic is normalized using following formula:
Wherein, Z(i)The i-th network flow characteristic after indicating normalization, v(i)Indicate that extracted i-th of network flow is special
Sign, μ indicate feature v(i)Mean value, σ indicate feature v(i)Standard deviation.
Optionally, the estimation parameter of the industrial Internet of Things unusual checking model, including weight and deviation.
Optionally, when detecting industrial Internet of Things abnormal behaviour, the method also includes:
Export corresponding alarm prompt.
Optionally, when detecting industrial Internet of Things abnormal behaviour, the method also includes:
Corresponding signed data is extracted from detected industrial Internet of Things abnormal behaviour and is stored in preset behavior
In database.
Optionally, the original network traffic data include source IP address, purpose IP address, source port, target port and
The information of protocol type.
The embodiment of the invention also provides a kind of computer readable storage mediums, are stored thereon with computer instruction, described
Computer instruction executes the step of industrial Internet of Things anomaly detection method described in any of the above embodiments when running.
The embodiment of the invention also provides a kind of terminal, including memory and processor, energy is stored on the memory
Enough computer instructions run on the processor, the processor execute any of the above-described when running the computer instruction
The step of described industrial Internet of Things anomaly detection method.
Compared with prior art, the invention has the benefit that
Above-mentioned scheme, by obtaining corresponding industrial Internet of Things unusual checking model, and by industry to be detected
The Internet of Things network flow data input industrial Internet of Things unusual checking model, it is abnormal to obtain corresponding industrial Internet of Things
Behavioral value is as a result, since the industrial Internet of Things unusual checking model is to be feedovered using deepness auto encoder and depth
Neural network is trained to obtain to acquired original network traffic data, therefore industrial Internet of Things abnormal behaviour inspection can be improved
The accuracy of survey.
Detailed description of the invention
In order to more clearly explain the technical solutions in the embodiments of the present application, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, the drawings in the following description are only some examples of the present application, for
For those of ordinary skill in the art, without any creative labor, it can also be obtained according to these attached drawings
His attached drawing.
Fig. 1 is the flow diagram of the industrial Internet of Things anomaly detection method of one of embodiment of the present invention;
Fig. 2 is the structural schematic diagram of the industrial Internet of Things unusual checking device of one of embodiment of the present invention.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on
Embodiment in the application, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall in the protection scope of this application.Related directionality instruction in the embodiment of the present invention (such as upper and lower, left and right,
It is forward and backward etc.) it is only used for the relative positional relationship explained under a certain particular pose (as shown in the picture) between each component, movement feelings
Condition etc., if the particular pose changes, directionality instruction is also correspondingly changed correspondingly.
As stated in the background art, there is Detection accuracies for industrial Internet of Things anomaly detection method in the prior art
Low problem.
Technical solution of the present invention, which passes through, obtains corresponding industrial Internet of Things unusual checking model, and will be to be detected
The industrial Internet of Things network flow data input industrial Internet of Things unusual checking model, obtains corresponding industrial Internet of Things
Unusual checking is as a result, since the industrial Internet of Things unusual checking model is using deepness auto encoder and depth
Feedforward neural network is trained to obtain to acquired original network traffic data, therefore industrial Internet of Things exception row can be improved
For the accuracy of detection.
It is understandable to enable above-mentioned purpose of the invention, feature and beneficial effect to become apparent, with reference to the accompanying drawing to this
The specific embodiment of invention is described in detail.
Fig. 1 is a kind of flow diagram of industrial Internet of Things anomaly detection method of the embodiment of the present invention.Referring to figure
1, a kind of industry Internet of Things anomaly detection method can specifically include following step:
Step S101: corresponding industrial Internet of Things unusual checking model is obtained;The industry Internet of Things abnormal behaviour
Detection model is to be carried out using deepness auto encoder and depth feedforward neural network to acquired original network traffic data
Training obtains.
In specific implementation, when being trained to the industrial Internet of Things unusual checking model, available work
Original network traffic data in industry Internet of Things;Wherein, the original network traffic data includes source IP address, destination IP
Location, source port, target port and protocol type information.
Then, acquired original network traffic data is pre-processed, obtains pretreated primitive network flow
Data.In an embodiment of the present invention, carrying out pretreatment to acquired original network traffic data includes network flow characteristic
Conversion and feature normalization operation.
Wherein, when carrying out network flow characteristic conversion to acquired original network traffic data, it is assumed that subsequent training
Obtained industrial Internet of Things unusual checking model receives the data characteristics of numeric type, therefore needing to pass through will be from primitive network stream
The each symbolic feature values extracted in amount data are converted to numerical characteristics value.For example, NSL-KDD data set has many symbols
They can be each mapped to 1,2 and 3 etc. including the protocol type with nominal value, such as ICMP, TCP and UDP by attribute.
Because deep learning depends on weight, different characteristic dimensions can be by data skew to specific level, may
Cause certain weights to update faster than other, therefore needs that network flow characteristic is normalized.Implement in the present invention one
In example, network flow characteristic is normalized using 0 mean normalization (Z-score normalization), that is, is adopted
Network flow characteristic is normalized with following formula:
Wherein, Z(i)The i-th network flow characteristic after indicating normalization, v(i)Indicate that extracted i-th of network flow is special
Sign, μ indicate feature v(i)Mean value, σ indicate feature v(i)Standard deviation.
Network flow characteristic after normalized will obey standardized normal distribution.
It, can be special using the network flow after normalized after obtaining the network flow characteristic after normalized
It levies data and constructs corresponding training set and test set, and successively use depth automatic using the corresponding training set of building and test set
Encoder algo and depth feedforward neural network carry out lasting training and obtain corresponding industrial Internet of Things unusual checking mould
Type.Specifically, pretreated original network traffic data is carried out without mark using the deepness auto encoder algorithm first
Note training obtains the estimation parameter of the industrial Internet of Things unusual checking model, including weight and deviation.Then, it will instruct
The estimation parameter of the industrial Internet of Things unusual checking model got is as input, then uses depth Feedforward Neural Networks
Network and pretreated original network traffic data have carried out label training, to the industrial Internet of Things unusual checking model
Estimation parameter optimize, finally obtain the industrial Internet of Things unusual checking model.
Step S102: by the industrial Internet of Things network flow data input industrial Internet of Things abnormal behaviour inspection to be detected
Model is surveyed, corresponding industrial Internet of Things unusual checking result is obtained.
In specific implementation, it when getting the industrial Internet of Things unusual checking model that training obtains, can adopt
The abnormal behaviour in industrial Internet of Things is detected with the industrial Internet of Things unusual checking model, namely to industrial object
Attack present in networking is detected.
In specific implementation, the industrial Internet of Things anomaly detection method can also include:
Step S103: when detecting industrial Internet of Things abnormal behaviour, corresponding alarm prompt is exported.
In specific implementation, when confirmly detecting the abnormal behaviour in industrial Internet of Things, namely detection attack
When, it can be generated and export corresponding warning information, so that related personnel can take appropriate measures, ensure industrial Internet of Things
Net the normal operation at network.
In specific implementation, the industrial Internet of Things anomaly detection method can also include:
Step S104: corresponding signed data is extracted from detected industrial Internet of Things abnormal behaviour and is stored in pre-
If behavior database in.
In specific implementation, when confirmly detecting the abnormal behaviour in industrial Internet of Things, namely detection attack
When, by extracting corresponding signed data from detected industrial Internet of Things abnormal behaviour and being stored in preset behavior number
According in library, the industrial Internet of Things abnormal behaviour inspection can be carried out using the data stored in the behavior database so as to subsequent
The optimization of model is surveyed, to further increase the accuracy of industrial Internet of Things unusual checking.
The above-mentioned industrial Internet of Things anomaly detection method in the embodiment of the present invention is described in detail, and below will
The above-mentioned corresponding device of method is introduced.
Fig. 2 shows the structural schematic diagrams of the industrial Internet of Things unusual checking device of one of embodiment of the present invention.
Referring to fig. 2, the industrial Internet of Things unusual checking device 20 of one of embodiment of the present invention may include model acquiring unit
201 and behavioral value unit 202, in which:
The model acquiring unit 201 is suitable for obtaining corresponding industrial Internet of Things unusual checking model;The industry
Internet of Things unusual checking model is using deepness auto encoder and depth feedforward neural network to acquired original net
Network data on flows is trained to obtain.
The behavioral value unit 202 is suitable for industrial Internet of Things network flow data to be detected inputting the industry
Internet of Things unusual checking model obtains corresponding industrial Internet of Things unusual checking result.
In specific implementation, the industrial Internet of Things unusual checking device 20 of one of embodiment of the present invention can also wrap
Model training unit 203 is included, in which:
The model training unit 203, suitable for obtaining the original network traffic data in industrial Internet of Things;It will be acquired
Original network traffic data is pre-processed, and obtains pretreated original network traffic data wherein, the primitive network stream
Amount data may include the information of source IP address, purpose IP address, source port, target port and protocol type;The pretreatment
Including network flow characteristic conversion and feature normalization operation;Using the deepness auto encoder algorithm to pretreated original
Beginning network flow data carries out unmarked training, obtains the estimation parameter of the industrial Internet of Things unusual checking model,
In, the estimation parameter for the industrial Internet of Things unusual checking model that the model training list training obtains, including weight
And deviation;Label training is carried out using depth feedforward neural network and pretreated original network traffic data, to described
The estimation parameter of industrial Internet of Things unusual checking model optimizes, and obtains the industrial Internet of Things unusual checking mould
Type.
In an embodiment of the present invention, the model training unit 203, suitable for using following formula to extracted net
Network traffic characteristic is normalized:
Wherein, Z(i)The i-th network flow characteristic after indicating normalization, v(i)Indicate extracted i-th
A network flow characteristic, μ indicate feature v(i)Mean value, σ indicate feature v(i)Standard deviation.
In specific implementation, described device 20 can also include Alarm Unit 205, in which:
The Alarm Unit 205, suitable for when detecting industrial Internet of Things abnormal behaviour, exporting corresponding alarm prompt letter
Breath.
In specific implementation, described device 20 can also include signature storage unit 206, in which:
The signature storage unit 206, suitable for when detecting industrial Internet of Things abnormal behaviour, from detected industry
Corresponding signed data is extracted in Internet of Things abnormal behaviour and is stored in preset log database.
The embodiment of the invention also provides a kind of computer readable storage mediums, are stored thereon with computer instruction, described
The step of industrial Internet of Things anomaly detection method is executed when computer instruction is run.Wherein, the industrial object
Networking anomaly detection method refers to being discussed in detail for preceding sections, repeats no more.
The embodiment of the invention also provides a kind of terminal, including memory and processor, energy is stored on the memory
Enough computer instructions run on the processor, the processor execute the industry when running the computer instruction
The step of Internet of Things anomaly detection method.Wherein, the industrial Internet of Things anomaly detection method refers to aforementioned
Partial is discussed in detail, and repeats no more.
Using the above scheme in the embodiment of the present invention, by obtaining corresponding industrial Internet of Things unusual checking mould
Type, and by the industrial Internet of Things network flow data input industrial Internet of Things unusual checking model to be detected, it obtains
Corresponding industry Internet of Things unusual checking is as a result, since the industrial Internet of Things unusual checking model is using depth
Autocoder and depth feedforward neural network are trained to obtain to acquired original network traffic data, therefore can be improved
The accuracy of industrial Internet of Things unusual checking.
The basic principles, main features and advantages of the present invention have been shown and described above.The technology of the industry
Personnel are it should be appreciated that the present invention is not limited to the above embodiments, and the above embodiments and description only describe this
The principle of invention, without departing from the spirit and scope of the present invention, various changes and improvements may be made to the invention, the present invention
Claimed range is delineated by the appended claims, the specification and equivalents thereof from the appended claims.
Claims (9)
1. a kind of industry Internet of Things anomaly detection method characterized by comprising
Obtain corresponding industrial Internet of Things unusual checking model;The industry Internet of Things unusual checking model is to use
Deepness auto encoder and depth feedforward neural network are trained to obtain to acquired original network traffic data;
By the industrial Internet of Things network flow data input industrial Internet of Things unusual checking model to be detected, obtain pair
The industrial Internet of Things unusual checking result answered.
2. industry Internet of Things anomaly detection method according to claim 1, which is characterized in that the industry Internet of Things
The training by the way of following of unusual checking model obtains:
Obtain the original network traffic data in industrial Internet of Things;
Acquired original network traffic data is pre-processed, pretreated original network traffic data is obtained;It is described
Pretreatment includes network flow characteristic conversion and feature normalization operation;
Unmarked training is carried out to pretreated original network traffic data using the deepness auto encoder algorithm, is obtained
The estimation parameter of the industry Internet of Things unusual checking model;
Label training is carried out using depth feedforward neural network and pretreated original network traffic data, to the industry
The estimation parameter of Internet of Things unusual checking model optimizes, and obtains the industrial Internet of Things unusual checking model.
3. industry Internet of Things anomaly detection method according to claim 2, which is characterized in that use following formula
Extracted network flow characteristic is normalized:
Wherein, Z(i)The i-th network flow characteristic after indicating normalization, v(i)Indicate extracted i-th of network flow characteristic, μ
Indicate feature v(i)Mean value, σ indicate feature v(i)Standard deviation.
4. industry Internet of Things anomaly detection method according to claim 3, which is characterized in that the industry Internet of Things
The estimation parameter of unusual checking model, including weight and deviation.
5. industry Internet of Things anomaly detection method according to claim 1-4, which is characterized in that work as detection
When to industrial Internet of Things abnormal behaviour, further includes:
Export corresponding alarm prompt.
6. industry Internet of Things anomaly detection method according to claim 5, which is characterized in that when detecting industrial object
When abnormal behaviour of networking, further includes:
Corresponding signed data is extracted from detected industrial Internet of Things abnormal behaviour and is stored in preset behavioral data
In library.
7. industry Internet of Things anomaly detection method according to claim 1, which is characterized in that the primitive network stream
Amount data include the information of source IP address, purpose IP address, source port, target port and protocol type.
8. a kind of computer readable storage medium, is stored thereon with computer instruction, which is characterized in that the computer instruction fortune
Perform claim requires the step of 1 to 7 described in any item industrial Internet of Things anomaly detection methods when row.
9. a kind of terminal, which is characterized in that including memory and processor, storing on the memory can be in the processing
The computer instruction run on device, perform claim requires described in 1 to 7 any one when the processor runs the computer instruction
Industrial Internet of Things anomaly detection method the step of.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811491056.6A CN109547455A (en) | 2018-12-06 | 2018-12-06 | Industrial Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811491056.6A CN109547455A (en) | 2018-12-06 | 2018-12-06 | Industrial Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109547455A true CN109547455A (en) | 2019-03-29 |
Family
ID=65853060
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811491056.6A Pending CN109547455A (en) | 2018-12-06 | 2018-12-06 | Industrial Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109547455A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110365703A (en) * | 2019-07-30 | 2019-10-22 | 国家电网有限公司 | Internet-of-things terminal abnormal state detection method, apparatus and terminal device |
CN110516125A (en) * | 2019-08-28 | 2019-11-29 | 拉扎斯网络科技(上海)有限公司 | Identify method, apparatus, equipment and the readable storage medium storing program for executing of unusual character string |
CN111031051A (en) * | 2019-12-17 | 2020-04-17 | 清华大学 | Network traffic anomaly detection method and device, and medium |
CN111163115A (en) * | 2020-04-03 | 2020-05-15 | 深圳市云盾科技有限公司 | Internet of things safety monitoring method and system based on double engines |
CN112333706A (en) * | 2019-07-16 | 2021-02-05 | 中国移动通信集团浙江有限公司 | Internet of things equipment anomaly detection method and device, computing equipment and storage medium |
CN113872823A (en) * | 2021-08-06 | 2021-12-31 | 中标慧安信息技术股份有限公司 | Internet of things terminal abnormal starting monitoring method and system |
CN114520736A (en) * | 2022-01-24 | 2022-05-20 | 广东工业大学 | Internet of things security detection method, device, equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105608446A (en) * | 2016-02-02 | 2016-05-25 | 北京大学深圳研究生院 | Video stream abnormal event detection method and apparatus |
CN106656981A (en) * | 2016-10-21 | 2017-05-10 | 东软集团股份有限公司 | Network intrusion detection method and device |
CN107040517A (en) * | 2017-02-22 | 2017-08-11 | 南京邮电大学 | A kind of cognitive intrusion detection method towards cloud computing environment |
US20180176243A1 (en) * | 2016-12-16 | 2018-06-21 | Patternex, Inc. | Method and system for learning representations for log data in cybersecurity |
-
2018
- 2018-12-06 CN CN201811491056.6A patent/CN109547455A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105608446A (en) * | 2016-02-02 | 2016-05-25 | 北京大学深圳研究生院 | Video stream abnormal event detection method and apparatus |
CN106656981A (en) * | 2016-10-21 | 2017-05-10 | 东软集团股份有限公司 | Network intrusion detection method and device |
US20180176243A1 (en) * | 2016-12-16 | 2018-06-21 | Patternex, Inc. | Method and system for learning representations for log data in cybersecurity |
CN107040517A (en) * | 2017-02-22 | 2017-08-11 | 南京邮电大学 | A kind of cognitive intrusion detection method towards cloud computing environment |
Non-Patent Citations (1)
Title |
---|
MUNA AL-HAWAWREH等: "Identification of malicious activities in industrial internet of things based on deep learning models", 《JOURNAL OF INFORMATION SECURITY AND APPLICATIONS》 * |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112333706A (en) * | 2019-07-16 | 2021-02-05 | 中国移动通信集团浙江有限公司 | Internet of things equipment anomaly detection method and device, computing equipment and storage medium |
CN112333706B (en) * | 2019-07-16 | 2022-08-23 | 中国移动通信集团浙江有限公司 | Internet of things equipment anomaly detection method and device, computing equipment and storage medium |
CN110365703A (en) * | 2019-07-30 | 2019-10-22 | 国家电网有限公司 | Internet-of-things terminal abnormal state detection method, apparatus and terminal device |
CN110516125A (en) * | 2019-08-28 | 2019-11-29 | 拉扎斯网络科技(上海)有限公司 | Identify method, apparatus, equipment and the readable storage medium storing program for executing of unusual character string |
CN110516125B (en) * | 2019-08-28 | 2020-05-08 | 拉扎斯网络科技(上海)有限公司 | Method, device and equipment for identifying abnormal character string and readable storage medium |
CN111031051A (en) * | 2019-12-17 | 2020-04-17 | 清华大学 | Network traffic anomaly detection method and device, and medium |
CN111031051B (en) * | 2019-12-17 | 2021-03-16 | 清华大学 | Network traffic anomaly detection method and device, and medium |
CN111163115A (en) * | 2020-04-03 | 2020-05-15 | 深圳市云盾科技有限公司 | Internet of things safety monitoring method and system based on double engines |
CN113872823A (en) * | 2021-08-06 | 2021-12-31 | 中标慧安信息技术股份有限公司 | Internet of things terminal abnormal starting monitoring method and system |
CN114520736A (en) * | 2022-01-24 | 2022-05-20 | 广东工业大学 | Internet of things security detection method, device, equipment and storage medium |
CN114520736B (en) * | 2022-01-24 | 2023-08-22 | 广东工业大学 | Internet of things security detection method, device, equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109547455A (en) | Industrial Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal | |
CN109688112A (en) | Industrial Internet of Things unusual checking device | |
CN110909811B (en) | OCSVM (online charging management system) -based power grid abnormal behavior detection and analysis method and system | |
CN107659543B (en) | Protection method for APT (android packet) attack of cloud platform | |
Almalawi et al. | An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems | |
US10511613B2 (en) | Knowledge transfer system for accelerating invariant network learning | |
JP2019061565A (en) | Abnormality diagnostic method and abnormality diagnostic device | |
KR20160095856A (en) | System and method for detecting intrusion intelligently based on automatic detection of new attack type and update of attack type | |
CN107392016A (en) | A kind of web data storehouse attack detecting system based on agency | |
CN105807631B (en) | Industry control intrusion detection method and intruding detection system based on PLC emulation | |
CN103905440A (en) | Network security situation awareness analysis method based on log and SNMP information fusion | |
Liu et al. | A novel intrusion detection algorithm for industrial control systems based on CNN and process state transition | |
CN105306463A (en) | Modbus TCP intrusion detection method based on support vector machine | |
CN103810424A (en) | Method and device for identifying abnormal application programs | |
CN112565187B (en) | Power grid attack detection method, system, equipment and medium based on logistic regression | |
Lv et al. | A deep convolution generative adversarial networks based fuzzing framework for industry control protocols | |
CN113890821B (en) | Log association method and device and electronic equipment | |
CN105991517B (en) | Vulnerability mining method and apparatus | |
CN113067798A (en) | ICS intrusion detection method and device, electronic equipment and storage medium | |
CN108761250B (en) | Industrial control equipment voltage and current-based intrusion detection method | |
CN108040067B (en) | Cloud platform intrusion detection method, device and system | |
CN108073803A (en) | For detecting the method and device of malicious application | |
WO2019032502A1 (en) | Knowledge transfer system for accelerating invariant network learning | |
CN115118482A (en) | Industrial control system intrusion detection clue analysis traceability method, system and terminal | |
CN108366071A (en) | URL exceptions localization method, device, server and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190329 |