CN109547455A - Industrial Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal - Google Patents

Industrial Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal Download PDF

Info

Publication number
CN109547455A
CN109547455A CN201811491056.6A CN201811491056A CN109547455A CN 109547455 A CN109547455 A CN 109547455A CN 201811491056 A CN201811491056 A CN 201811491056A CN 109547455 A CN109547455 A CN 109547455A
Authority
CN
China
Prior art keywords
things
internet
industrial internet
unusual checking
anomaly detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811491056.6A
Other languages
Chinese (zh)
Inventor
孙雁飞
亓晋
裴玉青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post and Telecommunication University
Nanjing University of Posts and Telecommunications
Original Assignee
Nanjing Post and Telecommunication University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post and Telecommunication University filed Critical Nanjing Post and Telecommunication University
Priority to CN201811491056.6A priority Critical patent/CN109547455A/en
Publication of CN109547455A publication Critical patent/CN109547455A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Abstract

A kind of industry Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal, which comprises obtain corresponding industrial Internet of Things unusual checking model;The industry Internet of Things unusual checking model is to be trained to obtain to acquired original network traffic data using deepness auto encoder and depth feedforward neural network;By the industrial Internet of Things network flow data input industrial Internet of Things unusual checking model to be detected, corresponding industrial Internet of Things unusual checking result is obtained.The accuracy of industrial Internet of Things unusual checking can be improved in above-mentioned scheme.

Description

Industrial Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal
Technical field
The invention belongs to industrial internet of things field, more particularly to a kind of industrial Internet of Things anomaly detection method And device, readable storage medium storing program for executing and terminal.
Background technique
The industrial intelligent that industrial cloud, industrial big data and intelligent equipment are constituted has become the aobvious of infant industry form Work feature.The data analysis in cloud and application, local field control, the data processing and response of edge side, three ends combine The stage construction trend that interconnects that cooperative development is formed also brings the mass upgrade of industry.
Industrial Internet of Things needs hundreds of millions of terminal industrial equipments to be connected into internet, so that the work of script relative closure Industry control network becomes more and more open.It is open while bring convenient and efficiency, it loophole quantity and is formed effectively using loophole The quantity of attack is also constantly riseing, and industrial network security is made to be faced with great challenge.
In the prior art, in order to detect industrial Internet of Things network attack, it is necessary to which on-premise network intruding detection system is for supervising Depending on and detection whole network system in suspicious event, method is divided into detection based on signature and based on abnormal detection two Kind, but it is low there is detection accuracy the problems such as.
Summary of the invention
Present invention solves the technical problem that being how to improve the accuracy of industrial Internet of Things unusual checking.
In order to achieve the above object, the present invention provides a kind of industrial Internet of Things anomaly detection method, the method packet It includes:
Obtain corresponding industrial Internet of Things unusual checking model;It is described industry Internet of Things unusual checking model be Acquired original network traffic data is trained to obtain using deepness auto encoder and depth feedforward neural network;
By the industrial Internet of Things network flow data input industrial Internet of Things unusual checking model to be detected, obtain To corresponding industrial Internet of Things unusual checking result.
Optionally, industrial Internet of Things unusual checking model training by the way of following obtains:
Obtain the original network traffic data in industrial Internet of Things;
Acquired original network traffic data is pre-processed, pretreated original network traffic data is obtained; The pretreatment includes network flow characteristic conversion and feature normalization operation;
Unmarked training is carried out to pretreated original network traffic data using the deepness auto encoder algorithm, Obtain the estimation parameter of the industrial Internet of Things unusual checking model;
Label training is carried out using depth feedforward neural network and pretreated original network traffic data, to described The estimation parameter of industrial Internet of Things unusual checking model optimizes, and obtains the industrial Internet of Things unusual checking mould Type.
Optionally, extracted network flow characteristic is normalized using following formula:
Wherein, Z(i)The i-th network flow characteristic after indicating normalization, v(i)Indicate that extracted i-th of network flow is special Sign, μ indicate feature v(i)Mean value, σ indicate feature v(i)Standard deviation.
Optionally, the estimation parameter of the industrial Internet of Things unusual checking model, including weight and deviation.
Optionally, when detecting industrial Internet of Things abnormal behaviour, the method also includes:
Export corresponding alarm prompt.
Optionally, when detecting industrial Internet of Things abnormal behaviour, the method also includes:
Corresponding signed data is extracted from detected industrial Internet of Things abnormal behaviour and is stored in preset behavior In database.
Optionally, the original network traffic data include source IP address, purpose IP address, source port, target port and The information of protocol type.
The embodiment of the invention also provides a kind of computer readable storage mediums, are stored thereon with computer instruction, described Computer instruction executes the step of industrial Internet of Things anomaly detection method described in any of the above embodiments when running.
The embodiment of the invention also provides a kind of terminal, including memory and processor, energy is stored on the memory Enough computer instructions run on the processor, the processor execute any of the above-described when running the computer instruction The step of described industrial Internet of Things anomaly detection method.
Compared with prior art, the invention has the benefit that
Above-mentioned scheme, by obtaining corresponding industrial Internet of Things unusual checking model, and by industry to be detected The Internet of Things network flow data input industrial Internet of Things unusual checking model, it is abnormal to obtain corresponding industrial Internet of Things Behavioral value is as a result, since the industrial Internet of Things unusual checking model is to be feedovered using deepness auto encoder and depth Neural network is trained to obtain to acquired original network traffic data, therefore industrial Internet of Things abnormal behaviour inspection can be improved The accuracy of survey.
Detailed description of the invention
In order to more clearly explain the technical solutions in the embodiments of the present application, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, the drawings in the following description are only some examples of the present application, for For those of ordinary skill in the art, without any creative labor, it can also be obtained according to these attached drawings His attached drawing.
Fig. 1 is the flow diagram of the industrial Internet of Things anomaly detection method of one of embodiment of the present invention;
Fig. 2 is the structural schematic diagram of the industrial Internet of Things unusual checking device of one of embodiment of the present invention.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on Embodiment in the application, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall in the protection scope of this application.Related directionality instruction in the embodiment of the present invention (such as upper and lower, left and right, It is forward and backward etc.) it is only used for the relative positional relationship explained under a certain particular pose (as shown in the picture) between each component, movement feelings Condition etc., if the particular pose changes, directionality instruction is also correspondingly changed correspondingly.
As stated in the background art, there is Detection accuracies for industrial Internet of Things anomaly detection method in the prior art Low problem.
Technical solution of the present invention, which passes through, obtains corresponding industrial Internet of Things unusual checking model, and will be to be detected The industrial Internet of Things network flow data input industrial Internet of Things unusual checking model, obtains corresponding industrial Internet of Things Unusual checking is as a result, since the industrial Internet of Things unusual checking model is using deepness auto encoder and depth Feedforward neural network is trained to obtain to acquired original network traffic data, therefore industrial Internet of Things exception row can be improved For the accuracy of detection.
It is understandable to enable above-mentioned purpose of the invention, feature and beneficial effect to become apparent, with reference to the accompanying drawing to this The specific embodiment of invention is described in detail.
Fig. 1 is a kind of flow diagram of industrial Internet of Things anomaly detection method of the embodiment of the present invention.Referring to figure 1, a kind of industry Internet of Things anomaly detection method can specifically include following step:
Step S101: corresponding industrial Internet of Things unusual checking model is obtained;The industry Internet of Things abnormal behaviour Detection model is to be carried out using deepness auto encoder and depth feedforward neural network to acquired original network traffic data Training obtains.
In specific implementation, when being trained to the industrial Internet of Things unusual checking model, available work Original network traffic data in industry Internet of Things;Wherein, the original network traffic data includes source IP address, destination IP Location, source port, target port and protocol type information.
Then, acquired original network traffic data is pre-processed, obtains pretreated primitive network flow Data.In an embodiment of the present invention, carrying out pretreatment to acquired original network traffic data includes network flow characteristic Conversion and feature normalization operation.
Wherein, when carrying out network flow characteristic conversion to acquired original network traffic data, it is assumed that subsequent training Obtained industrial Internet of Things unusual checking model receives the data characteristics of numeric type, therefore needing to pass through will be from primitive network stream The each symbolic feature values extracted in amount data are converted to numerical characteristics value.For example, NSL-KDD data set has many symbols They can be each mapped to 1,2 and 3 etc. including the protocol type with nominal value, such as ICMP, TCP and UDP by attribute.
Because deep learning depends on weight, different characteristic dimensions can be by data skew to specific level, may Cause certain weights to update faster than other, therefore needs that network flow characteristic is normalized.Implement in the present invention one In example, network flow characteristic is normalized using 0 mean normalization (Z-score normalization), that is, is adopted Network flow characteristic is normalized with following formula:
Wherein, Z(i)The i-th network flow characteristic after indicating normalization, v(i)Indicate that extracted i-th of network flow is special Sign, μ indicate feature v(i)Mean value, σ indicate feature v(i)Standard deviation.
Network flow characteristic after normalized will obey standardized normal distribution.
It, can be special using the network flow after normalized after obtaining the network flow characteristic after normalized It levies data and constructs corresponding training set and test set, and successively use depth automatic using the corresponding training set of building and test set Encoder algo and depth feedforward neural network carry out lasting training and obtain corresponding industrial Internet of Things unusual checking mould Type.Specifically, pretreated original network traffic data is carried out without mark using the deepness auto encoder algorithm first Note training obtains the estimation parameter of the industrial Internet of Things unusual checking model, including weight and deviation.Then, it will instruct The estimation parameter of the industrial Internet of Things unusual checking model got is as input, then uses depth Feedforward Neural Networks Network and pretreated original network traffic data have carried out label training, to the industrial Internet of Things unusual checking model Estimation parameter optimize, finally obtain the industrial Internet of Things unusual checking model.
Step S102: by the industrial Internet of Things network flow data input industrial Internet of Things abnormal behaviour inspection to be detected Model is surveyed, corresponding industrial Internet of Things unusual checking result is obtained.
In specific implementation, it when getting the industrial Internet of Things unusual checking model that training obtains, can adopt The abnormal behaviour in industrial Internet of Things is detected with the industrial Internet of Things unusual checking model, namely to industrial object Attack present in networking is detected.
In specific implementation, the industrial Internet of Things anomaly detection method can also include:
Step S103: when detecting industrial Internet of Things abnormal behaviour, corresponding alarm prompt is exported.
In specific implementation, when confirmly detecting the abnormal behaviour in industrial Internet of Things, namely detection attack When, it can be generated and export corresponding warning information, so that related personnel can take appropriate measures, ensure industrial Internet of Things Net the normal operation at network.
In specific implementation, the industrial Internet of Things anomaly detection method can also include:
Step S104: corresponding signed data is extracted from detected industrial Internet of Things abnormal behaviour and is stored in pre- If behavior database in.
In specific implementation, when confirmly detecting the abnormal behaviour in industrial Internet of Things, namely detection attack When, by extracting corresponding signed data from detected industrial Internet of Things abnormal behaviour and being stored in preset behavior number According in library, the industrial Internet of Things abnormal behaviour inspection can be carried out using the data stored in the behavior database so as to subsequent The optimization of model is surveyed, to further increase the accuracy of industrial Internet of Things unusual checking.
The above-mentioned industrial Internet of Things anomaly detection method in the embodiment of the present invention is described in detail, and below will The above-mentioned corresponding device of method is introduced.
Fig. 2 shows the structural schematic diagrams of the industrial Internet of Things unusual checking device of one of embodiment of the present invention. Referring to fig. 2, the industrial Internet of Things unusual checking device 20 of one of embodiment of the present invention may include model acquiring unit 201 and behavioral value unit 202, in which:
The model acquiring unit 201 is suitable for obtaining corresponding industrial Internet of Things unusual checking model;The industry Internet of Things unusual checking model is using deepness auto encoder and depth feedforward neural network to acquired original net Network data on flows is trained to obtain.
The behavioral value unit 202 is suitable for industrial Internet of Things network flow data to be detected inputting the industry Internet of Things unusual checking model obtains corresponding industrial Internet of Things unusual checking result.
In specific implementation, the industrial Internet of Things unusual checking device 20 of one of embodiment of the present invention can also wrap Model training unit 203 is included, in which:
The model training unit 203, suitable for obtaining the original network traffic data in industrial Internet of Things;It will be acquired Original network traffic data is pre-processed, and obtains pretreated original network traffic data wherein, the primitive network stream Amount data may include the information of source IP address, purpose IP address, source port, target port and protocol type;The pretreatment Including network flow characteristic conversion and feature normalization operation;Using the deepness auto encoder algorithm to pretreated original Beginning network flow data carries out unmarked training, obtains the estimation parameter of the industrial Internet of Things unusual checking model, In, the estimation parameter for the industrial Internet of Things unusual checking model that the model training list training obtains, including weight And deviation;Label training is carried out using depth feedforward neural network and pretreated original network traffic data, to described The estimation parameter of industrial Internet of Things unusual checking model optimizes, and obtains the industrial Internet of Things unusual checking mould Type.
In an embodiment of the present invention, the model training unit 203, suitable for using following formula to extracted net Network traffic characteristic is normalized:
Wherein, Z(i)The i-th network flow characteristic after indicating normalization, v(i)Indicate extracted i-th A network flow characteristic, μ indicate feature v(i)Mean value, σ indicate feature v(i)Standard deviation.
In specific implementation, described device 20 can also include Alarm Unit 205, in which:
The Alarm Unit 205, suitable for when detecting industrial Internet of Things abnormal behaviour, exporting corresponding alarm prompt letter Breath.
In specific implementation, described device 20 can also include signature storage unit 206, in which:
The signature storage unit 206, suitable for when detecting industrial Internet of Things abnormal behaviour, from detected industry Corresponding signed data is extracted in Internet of Things abnormal behaviour and is stored in preset log database.
The embodiment of the invention also provides a kind of computer readable storage mediums, are stored thereon with computer instruction, described The step of industrial Internet of Things anomaly detection method is executed when computer instruction is run.Wherein, the industrial object Networking anomaly detection method refers to being discussed in detail for preceding sections, repeats no more.
The embodiment of the invention also provides a kind of terminal, including memory and processor, energy is stored on the memory Enough computer instructions run on the processor, the processor execute the industry when running the computer instruction The step of Internet of Things anomaly detection method.Wherein, the industrial Internet of Things anomaly detection method refers to aforementioned Partial is discussed in detail, and repeats no more.
Using the above scheme in the embodiment of the present invention, by obtaining corresponding industrial Internet of Things unusual checking mould Type, and by the industrial Internet of Things network flow data input industrial Internet of Things unusual checking model to be detected, it obtains Corresponding industry Internet of Things unusual checking is as a result, since the industrial Internet of Things unusual checking model is using depth Autocoder and depth feedforward neural network are trained to obtain to acquired original network traffic data, therefore can be improved The accuracy of industrial Internet of Things unusual checking.
The basic principles, main features and advantages of the present invention have been shown and described above.The technology of the industry Personnel are it should be appreciated that the present invention is not limited to the above embodiments, and the above embodiments and description only describe this The principle of invention, without departing from the spirit and scope of the present invention, various changes and improvements may be made to the invention, the present invention Claimed range is delineated by the appended claims, the specification and equivalents thereof from the appended claims.

Claims (9)

1. a kind of industry Internet of Things anomaly detection method characterized by comprising
Obtain corresponding industrial Internet of Things unusual checking model;The industry Internet of Things unusual checking model is to use Deepness auto encoder and depth feedforward neural network are trained to obtain to acquired original network traffic data;
By the industrial Internet of Things network flow data input industrial Internet of Things unusual checking model to be detected, obtain pair The industrial Internet of Things unusual checking result answered.
2. industry Internet of Things anomaly detection method according to claim 1, which is characterized in that the industry Internet of Things The training by the way of following of unusual checking model obtains:
Obtain the original network traffic data in industrial Internet of Things;
Acquired original network traffic data is pre-processed, pretreated original network traffic data is obtained;It is described Pretreatment includes network flow characteristic conversion and feature normalization operation;
Unmarked training is carried out to pretreated original network traffic data using the deepness auto encoder algorithm, is obtained The estimation parameter of the industry Internet of Things unusual checking model;
Label training is carried out using depth feedforward neural network and pretreated original network traffic data, to the industry The estimation parameter of Internet of Things unusual checking model optimizes, and obtains the industrial Internet of Things unusual checking model.
3. industry Internet of Things anomaly detection method according to claim 2, which is characterized in that use following formula Extracted network flow characteristic is normalized:
Wherein, Z(i)The i-th network flow characteristic after indicating normalization, v(i)Indicate extracted i-th of network flow characteristic, μ Indicate feature v(i)Mean value, σ indicate feature v(i)Standard deviation.
4. industry Internet of Things anomaly detection method according to claim 3, which is characterized in that the industry Internet of Things The estimation parameter of unusual checking model, including weight and deviation.
5. industry Internet of Things anomaly detection method according to claim 1-4, which is characterized in that work as detection When to industrial Internet of Things abnormal behaviour, further includes:
Export corresponding alarm prompt.
6. industry Internet of Things anomaly detection method according to claim 5, which is characterized in that when detecting industrial object When abnormal behaviour of networking, further includes:
Corresponding signed data is extracted from detected industrial Internet of Things abnormal behaviour and is stored in preset behavioral data In library.
7. industry Internet of Things anomaly detection method according to claim 1, which is characterized in that the primitive network stream Amount data include the information of source IP address, purpose IP address, source port, target port and protocol type.
8. a kind of computer readable storage medium, is stored thereon with computer instruction, which is characterized in that the computer instruction fortune Perform claim requires the step of 1 to 7 described in any item industrial Internet of Things anomaly detection methods when row.
9. a kind of terminal, which is characterized in that including memory and processor, storing on the memory can be in the processing The computer instruction run on device, perform claim requires described in 1 to 7 any one when the processor runs the computer instruction Industrial Internet of Things anomaly detection method the step of.
CN201811491056.6A 2018-12-06 2018-12-06 Industrial Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal Pending CN109547455A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811491056.6A CN109547455A (en) 2018-12-06 2018-12-06 Industrial Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811491056.6A CN109547455A (en) 2018-12-06 2018-12-06 Industrial Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal

Publications (1)

Publication Number Publication Date
CN109547455A true CN109547455A (en) 2019-03-29

Family

ID=65853060

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811491056.6A Pending CN109547455A (en) 2018-12-06 2018-12-06 Industrial Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal

Country Status (1)

Country Link
CN (1) CN109547455A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110365703A (en) * 2019-07-30 2019-10-22 国家电网有限公司 Internet-of-things terminal abnormal state detection method, apparatus and terminal device
CN110516125A (en) * 2019-08-28 2019-11-29 拉扎斯网络科技(上海)有限公司 Identify method, apparatus, equipment and the readable storage medium storing program for executing of unusual character string
CN111031051A (en) * 2019-12-17 2020-04-17 清华大学 Network traffic anomaly detection method and device, and medium
CN111163115A (en) * 2020-04-03 2020-05-15 深圳市云盾科技有限公司 Internet of things safety monitoring method and system based on double engines
CN112333706A (en) * 2019-07-16 2021-02-05 中国移动通信集团浙江有限公司 Internet of things equipment anomaly detection method and device, computing equipment and storage medium
CN113872823A (en) * 2021-08-06 2021-12-31 中标慧安信息技术股份有限公司 Internet of things terminal abnormal starting monitoring method and system
CN114520736A (en) * 2022-01-24 2022-05-20 广东工业大学 Internet of things security detection method, device, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105608446A (en) * 2016-02-02 2016-05-25 北京大学深圳研究生院 Video stream abnormal event detection method and apparatus
CN106656981A (en) * 2016-10-21 2017-05-10 东软集团股份有限公司 Network intrusion detection method and device
CN107040517A (en) * 2017-02-22 2017-08-11 南京邮电大学 A kind of cognitive intrusion detection method towards cloud computing environment
US20180176243A1 (en) * 2016-12-16 2018-06-21 Patternex, Inc. Method and system for learning representations for log data in cybersecurity

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105608446A (en) * 2016-02-02 2016-05-25 北京大学深圳研究生院 Video stream abnormal event detection method and apparatus
CN106656981A (en) * 2016-10-21 2017-05-10 东软集团股份有限公司 Network intrusion detection method and device
US20180176243A1 (en) * 2016-12-16 2018-06-21 Patternex, Inc. Method and system for learning representations for log data in cybersecurity
CN107040517A (en) * 2017-02-22 2017-08-11 南京邮电大学 A kind of cognitive intrusion detection method towards cloud computing environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MUNA AL-HAWAWREH等: "Identification of malicious activities in industrial internet of things based on deep learning models", 《JOURNAL OF INFORMATION SECURITY AND APPLICATIONS》 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112333706A (en) * 2019-07-16 2021-02-05 中国移动通信集团浙江有限公司 Internet of things equipment anomaly detection method and device, computing equipment and storage medium
CN112333706B (en) * 2019-07-16 2022-08-23 中国移动通信集团浙江有限公司 Internet of things equipment anomaly detection method and device, computing equipment and storage medium
CN110365703A (en) * 2019-07-30 2019-10-22 国家电网有限公司 Internet-of-things terminal abnormal state detection method, apparatus and terminal device
CN110516125A (en) * 2019-08-28 2019-11-29 拉扎斯网络科技(上海)有限公司 Identify method, apparatus, equipment and the readable storage medium storing program for executing of unusual character string
CN110516125B (en) * 2019-08-28 2020-05-08 拉扎斯网络科技(上海)有限公司 Method, device and equipment for identifying abnormal character string and readable storage medium
CN111031051A (en) * 2019-12-17 2020-04-17 清华大学 Network traffic anomaly detection method and device, and medium
CN111031051B (en) * 2019-12-17 2021-03-16 清华大学 Network traffic anomaly detection method and device, and medium
CN111163115A (en) * 2020-04-03 2020-05-15 深圳市云盾科技有限公司 Internet of things safety monitoring method and system based on double engines
CN113872823A (en) * 2021-08-06 2021-12-31 中标慧安信息技术股份有限公司 Internet of things terminal abnormal starting monitoring method and system
CN114520736A (en) * 2022-01-24 2022-05-20 广东工业大学 Internet of things security detection method, device, equipment and storage medium
CN114520736B (en) * 2022-01-24 2023-08-22 广东工业大学 Internet of things security detection method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN109547455A (en) Industrial Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal
CN109688112A (en) Industrial Internet of Things unusual checking device
CN110909811B (en) OCSVM (online charging management system) -based power grid abnormal behavior detection and analysis method and system
CN107659543B (en) Protection method for APT (android packet) attack of cloud platform
Almalawi et al. An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems
US10511613B2 (en) Knowledge transfer system for accelerating invariant network learning
JP2019061565A (en) Abnormality diagnostic method and abnormality diagnostic device
KR20160095856A (en) System and method for detecting intrusion intelligently based on automatic detection of new attack type and update of attack type
CN107392016A (en) A kind of web data storehouse attack detecting system based on agency
CN105807631B (en) Industry control intrusion detection method and intruding detection system based on PLC emulation
CN103905440A (en) Network security situation awareness analysis method based on log and SNMP information fusion
Liu et al. A novel intrusion detection algorithm for industrial control systems based on CNN and process state transition
CN105306463A (en) Modbus TCP intrusion detection method based on support vector machine
CN103810424A (en) Method and device for identifying abnormal application programs
CN112565187B (en) Power grid attack detection method, system, equipment and medium based on logistic regression
Lv et al. A deep convolution generative adversarial networks based fuzzing framework for industry control protocols
CN113890821B (en) Log association method and device and electronic equipment
CN105991517B (en) Vulnerability mining method and apparatus
CN113067798A (en) ICS intrusion detection method and device, electronic equipment and storage medium
CN108761250B (en) Industrial control equipment voltage and current-based intrusion detection method
CN108040067B (en) Cloud platform intrusion detection method, device and system
CN108073803A (en) For detecting the method and device of malicious application
WO2019032502A1 (en) Knowledge transfer system for accelerating invariant network learning
CN115118482A (en) Industrial control system intrusion detection clue analysis traceability method, system and terminal
CN108366071A (en) URL exceptions localization method, device, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190329