CN109688112A - Industrial Internet of Things unusual checking device - Google Patents

Industrial Internet of Things unusual checking device Download PDF

Info

Publication number
CN109688112A
CN109688112A CN201811490982.1A CN201811490982A CN109688112A CN 109688112 A CN109688112 A CN 109688112A CN 201811490982 A CN201811490982 A CN 201811490982A CN 109688112 A CN109688112 A CN 109688112A
Authority
CN
China
Prior art keywords
things
industrial internet
unusual checking
internet
model
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811490982.1A
Other languages
Chinese (zh)
Inventor
孙雁飞
亓晋
裴玉青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post and Telecommunication University
Nanjing University of Posts and Telecommunications
Original Assignee
Nanjing Post and Telecommunication University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post and Telecommunication University filed Critical Nanjing Post and Telecommunication University
Priority to CN201811490982.1A priority Critical patent/CN109688112A/en
Publication of CN109688112A publication Critical patent/CN109688112A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Molecular Biology (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A kind of industry Internet of Things unusual checking device, described device includes: model acquiring unit, is suitable for obtaining corresponding industrial Internet of Things unusual checking model;The industry Internet of Things unusual checking model is to be trained to obtain to acquired original network traffic data using deepness auto encoder and depth feedforward neural network;Behavioral value unit is suitable for the industrial Internet of Things network flow data input industrial Internet of Things unusual checking model to be detected obtaining corresponding industrial Internet of Things unusual checking result.The accuracy of industrial Internet of Things unusual checking can be improved in above-mentioned scheme.

Description

Industrial Internet of Things unusual checking device
Technical field
The invention belongs to industrial internet of things field, fill more particularly to a kind of industrial Internet of Things unusual checking It sets.
Background technique
The industrial intelligent that industrial cloud, industrial big data and intelligent equipment are constituted has become the aobvious of infant industry form Work feature.The data analysis in cloud and application, local field control, the data processing and response of edge side, three ends combine The stage construction trend that interconnects that cooperative development is formed also brings the mass upgrade of industry.
Industrial Internet of Things needs hundreds of millions of terminal industrial equipments to be connected into internet, so that the work of script relative closure Industry control network becomes more and more open.It is open while bring convenient and efficiency, it loophole quantity and is formed effectively using loophole The quantity of attack is also constantly riseing, and industrial network security is made to be faced with great challenge.
In the prior art, in order to detect industrial Internet of Things network attack, it is necessary to which on-premise network intruding detection system is for supervising Depending on and detection whole network system in suspicious event, method is divided into detection based on signature and based on abnormal detection two Kind, but it is low there is detection accuracy the problems such as.
Summary of the invention
Present invention solves the technical problem that being how to improve the accuracy of industrial Internet of Things unusual checking.
In order to achieve the above object, the present invention provides a kind of industrial Internet of Things unusual checking device, described device packet It includes:
Model acquiring unit is suitable for obtaining corresponding industrial Internet of Things unusual checking model;The industry Internet of Things Unusual checking model is using deepness auto encoder and depth feedforward neural network to acquired primitive network flow Data are trained to obtain;
Behavioral value unit is suitable for the industrial Internet of Things network flow data input industrial Internet of Things to be detected is different Normal behavioral value model obtains corresponding industrial Internet of Things unusual checking result.
It optionally, further include model training unit, suitable for obtaining the original network traffic data in industrial Internet of Things;By institute The original network traffic data of acquisition is pre-processed, and pretreated original network traffic data is obtained;The pretreatment packet Include network flow characteristic conversion and feature normalization operation;Using the deepness auto encoder algorithm to pretreated original Network flow data carries out unmarked training, obtains the estimation parameter of the industrial Internet of Things unusual checking model;Using Depth feedforward neural network and pretreated original network traffic data have carried out label training, different to the industrial Internet of Things The estimation parameter of normal behavioral value model optimizes, and obtains the industrial Internet of Things unusual checking model.
Optionally, the model training unit, suitable for being carried out using following formula to extracted network flow characteristic Normalization:
Wherein, Z(i)The i-th network flow characteristic after indicating normalization, v(i)Indicate extracted i-th A network flow characteristic, μ indicate feature v(i)Mean value, σ indicate feature v(i)Standard deviation.
Optionally, the estimation ginseng for the industrial Internet of Things unusual checking model that the model training list training obtains Number, including weight and deviation.
Optionally, described device further include:
Alarm Unit, suitable for exporting corresponding alarm prompt when detecting industrial Internet of Things abnormal behaviour.
Optionally, described device further include:
It signs storage unit, suitable for when detecting industrial Internet of Things abnormal behaviour, from detected industrial Internet of Things Corresponding signed data is extracted in abnormal behaviour and is stored in preset log database.
Optionally, the original network traffic data include source IP address, purpose IP address, source port, target port and The information of protocol type.
Compared with prior art, the invention has the benefit that
Above-mentioned scheme, by obtaining corresponding industrial Internet of Things unusual checking model, and by industry to be detected The Internet of Things network flow data input industrial Internet of Things unusual checking model, it is abnormal to obtain corresponding industrial Internet of Things Behavioral value is as a result, since the industrial Internet of Things unusual checking model is to be feedovered using deepness auto encoder and depth Neural network is trained to obtain to acquired original network traffic data, therefore industrial Internet of Things abnormal behaviour inspection can be improved The accuracy of survey.
Detailed description of the invention
In order to more clearly explain the technical solutions in the embodiments of the present application, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, the drawings in the following description are only some examples of the present application, for For those of ordinary skill in the art, without any creative labor, it can also be obtained according to these attached drawings His attached drawing.
Fig. 1 is the flow diagram of the industrial Internet of Things anomaly detection method of one of embodiment of the present invention;
Fig. 2 is the structural schematic diagram of the industrial Internet of Things unusual checking device of one of embodiment of the present invention.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on Embodiment in the application, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall in the protection scope of this application.Related directionality instruction in the embodiment of the present invention (such as upper and lower, left and right, It is forward and backward etc.) it is only used for the relative positional relationship explained under a certain particular pose (as shown in the picture) between each component, movement feelings Condition etc., if the particular pose changes, directionality instruction is also correspondingly changed correspondingly.
As stated in the background art, there is Detection accuracies for industrial Internet of Things anomaly detection method in the prior art Low problem.
Technical solution of the present invention, which passes through, obtains corresponding industrial Internet of Things unusual checking model, and will be to be detected The industrial Internet of Things network flow data input industrial Internet of Things unusual checking model, obtains corresponding industrial Internet of Things Unusual checking is as a result, since the industrial Internet of Things unusual checking model is using deepness auto encoder and depth Feedforward neural network is trained to obtain to acquired original network traffic data, therefore industrial Internet of Things exception row can be improved For the accuracy of detection.
It is understandable to enable above-mentioned purpose of the invention, feature and beneficial effect to become apparent, with reference to the accompanying drawing to this The specific embodiment of invention is described in detail.
Fig. 1 is a kind of flow diagram of industrial Internet of Things anomaly detection method of the embodiment of the present invention.Referring to figure 1, a kind of industry Internet of Things anomaly detection method can specifically include following step:
Step S101: corresponding industrial Internet of Things unusual checking model is obtained;The industry Internet of Things abnormal behaviour Detection model is to be carried out using deepness auto encoder and depth feedforward neural network to acquired original network traffic data Training obtains.
In specific implementation, when being trained to the industrial Internet of Things unusual checking model, available work Original network traffic data in industry Internet of Things;Wherein, the original network traffic data includes source IP address, destination IP Location, source port, target port and protocol type information.
Then, acquired original network traffic data is pre-processed, obtains pretreated primitive network flow Data.In an embodiment of the present invention, carrying out pretreatment to acquired original network traffic data includes network flow characteristic Conversion and feature normalization operation.
Wherein, when carrying out network flow characteristic conversion to acquired original network traffic data, it is assumed that subsequent training Obtained industrial Internet of Things unusual checking model receives the data characteristics of numeric type, therefore needing to pass through will be from primitive network stream The each symbolic feature values extracted in amount data are converted to numerical characteristics value.For example, NSL-KDD data set has many symbols They can be each mapped to 1,2 and 3 etc. including the protocol type with nominal value, such as ICMP, TCP and UDP by attribute.
Because deep learning depends on weight, different characteristic dimensions can be by data skew to specific level, may Cause certain weights to update faster than other, therefore needs that network flow characteristic is normalized.Implement in the present invention one In example, network flow characteristic is normalized using 0 mean normalization (Z-score normalization), that is, is adopted Network flow characteristic is normalized with following formula:
Wherein, Z(i)The i-th network flow characteristic after indicating normalization, v(i)Indicate that extracted i-th of network flow is special Sign, μ indicate feature v(i)Mean value, σ indicate feature v(i)Standard deviation.
Network flow characteristic after normalized will obey standardized normal distribution.
It, can be special using the network flow after normalized after obtaining the network flow characteristic after normalized It levies data and constructs corresponding training set and test set, and successively use depth automatic using the corresponding training set of building and test set Encoder algo and depth feedforward neural network carry out lasting training and obtain corresponding industrial Internet of Things unusual checking mould Type.Specifically, pretreated original network traffic data is carried out without mark using the deepness auto encoder algorithm first Note training obtains the estimation parameter of the industrial Internet of Things unusual checking model, including weight and deviation.Then, it will instruct The estimation parameter of the industrial Internet of Things unusual checking model got is as input, then uses depth Feedforward Neural Networks Network and pretreated original network traffic data have carried out label training, to the industrial Internet of Things unusual checking model Estimation parameter optimize, finally obtain the industrial Internet of Things unusual checking model.
Step S102: by the industrial Internet of Things network flow data input industrial Internet of Things abnormal behaviour inspection to be detected Model is surveyed, corresponding industrial Internet of Things unusual checking result is obtained.
In specific implementation, it when getting the industrial Internet of Things unusual checking model that training obtains, can adopt The abnormal behaviour in industrial Internet of Things is detected with the industrial Internet of Things unusual checking model, namely to industrial object Attack present in networking is detected.
In specific implementation, the industrial Internet of Things anomaly detection method can also include:
Step S103: when detecting industrial Internet of Things abnormal behaviour, corresponding alarm prompt is exported.
In specific implementation, when confirmly detecting the abnormal behaviour in industrial Internet of Things, namely detection attack When, it can be generated and export corresponding warning information, so that related personnel can take appropriate measures, ensure industrial Internet of Things Net the normal operation at network.
In specific implementation, the industrial Internet of Things anomaly detection method can also include:
Step S104: corresponding signed data is extracted from detected industrial Internet of Things abnormal behaviour and is stored in pre- If behavior database in.
In specific implementation, when confirmly detecting the abnormal behaviour in industrial Internet of Things, namely detection attack When, by extracting corresponding signed data from detected industrial Internet of Things abnormal behaviour and being stored in preset behavior number According in library, the industrial Internet of Things abnormal behaviour inspection can be carried out using the data stored in the behavior database so as to subsequent The optimization of model is surveyed, to further increase the accuracy of industrial Internet of Things unusual checking.
The above-mentioned industrial Internet of Things anomaly detection method in the embodiment of the present invention is described in detail, and below will The above-mentioned corresponding device of method is introduced.
Fig. 2 shows the structural schematic diagrams of the industrial Internet of Things unusual checking device of one of embodiment of the present invention. Referring to fig. 2, the industrial Internet of Things unusual checking device 20 of one of embodiment of the present invention may include model acquiring unit 201 and behavioral value unit 202, in which:
The model acquiring unit 201 is suitable for obtaining corresponding industrial Internet of Things unusual checking model;The industry Internet of Things unusual checking model is using deepness auto encoder and depth feedforward neural network to acquired original net Network data on flows is trained to obtain.
The behavioral value unit 202 is suitable for industrial Internet of Things network flow data to be detected inputting the industry Internet of Things unusual checking model obtains corresponding industrial Internet of Things unusual checking result.
In specific implementation, the industrial Internet of Things unusual checking device 20 of one of embodiment of the present invention can also wrap Model training unit 203 is included, in which:
The model training unit 203, suitable for obtaining the original network traffic data in industrial Internet of Things;It will be acquired Original network traffic data is pre-processed, and obtains pretreated original network traffic data wherein, the primitive network stream Amount data may include the information of source IP address, purpose IP address, source port, target port and protocol type;The pretreatment Including network flow characteristic conversion and feature normalization operation;Using the deepness auto encoder algorithm to pretreated original Beginning network flow data carries out unmarked training, obtains the estimation parameter of the industrial Internet of Things unusual checking model, In, the estimation parameter for the industrial Internet of Things unusual checking model that the model training list training obtains, including weight And deviation;Label training is carried out using depth feedforward neural network and pretreated original network traffic data, to described The estimation parameter of industrial Internet of Things unusual checking model optimizes, and obtains the industrial Internet of Things unusual checking mould Type.
In an embodiment of the present invention, the model training unit 203, suitable for using following formula to extracted net Network traffic characteristic is normalized:
Wherein, Z(i)The i-th network flow characteristic after indicating normalization, v(i)Indicate extracted i-th A network flow characteristic, μ indicate feature v(i)Mean value, σ indicate feature v(i)Standard deviation.
In specific implementation, described device 20 can also include Alarm Unit 205, in which:
The Alarm Unit 205, suitable for when detecting industrial Internet of Things abnormal behaviour, exporting corresponding alarm prompt letter Breath.
In specific implementation, described device 20 can also include signature storage unit 206, in which:
The signature storage unit 206, suitable for when detecting industrial Internet of Things abnormal behaviour, from detected industry Corresponding signed data is extracted in Internet of Things abnormal behaviour and is stored in preset log database.
The embodiment of the invention also provides a kind of computer readable storage mediums, are stored thereon with computer instruction, described The step of industrial Internet of Things anomaly detection method is executed when computer instruction is run.Wherein, the industrial object Networking anomaly detection method refers to being discussed in detail for preceding sections, repeats no more.
The embodiment of the invention also provides a kind of terminal, including memory and processor, energy is stored on the memory Enough computer instructions run on the processor, the processor execute the industry when running the computer instruction The step of Internet of Things anomaly detection method.Wherein, the industrial Internet of Things anomaly detection method refers to aforementioned Partial is discussed in detail, and repeats no more.
Using the above scheme in the embodiment of the present invention, by obtaining corresponding industrial Internet of Things unusual checking mould Type, and by the industrial Internet of Things network flow data input industrial Internet of Things unusual checking model to be detected, it obtains Corresponding industry Internet of Things unusual checking is as a result, since the industrial Internet of Things unusual checking model is using depth Autocoder and depth feedforward neural network are trained to obtain to acquired original network traffic data, therefore can be improved The accuracy of industrial Internet of Things unusual checking.
The basic principles, main features and advantages of the present invention have been shown and described above.The technology of the industry Personnel are it should be appreciated that the present invention is not limited to the above embodiments, and the above embodiments and description only describe this The principle of invention, without departing from the spirit and scope of the present invention, various changes and improvements may be made to the invention, the present invention Claimed range is delineated by the appended claims, the specification and equivalents thereof from the appended claims.

Claims (7)

1. a kind of industry Internet of Things unusual checking device characterized by comprising
Model acquiring unit is suitable for obtaining corresponding industrial Internet of Things unusual checking model;The industry Internet of Things is abnormal Behavioral value model is using deepness auto encoder and depth feedforward neural network to acquired original network traffic data It is trained to obtain;
Behavioral value unit is suitable for the industrial Internet of Things network flow data input industrial Internet of Things exception row to be detected For detection model, corresponding industrial Internet of Things unusual checking result is obtained.
2. industry Internet of Things unusual checking device according to claim 1, which is characterized in that further include model training Unit, suitable for obtaining the original network traffic data in industrial Internet of Things;Acquired original network traffic data is carried out pre- Processing, obtains pretreated original network traffic data;The pretreatment includes network flow characteristic conversion and feature normalizing Change operation;Unmarked training is carried out to pretreated original network traffic data using the deepness auto encoder algorithm, Obtain the estimation parameter of the industrial Internet of Things unusual checking model;Using depth feedforward neural network and pretreated Original network traffic data has carried out label training, carries out to the estimation parameter of the industrial Internet of Things unusual checking model Optimization obtains the industrial Internet of Things unusual checking model.
3. industry Internet of Things unusual checking device according to claim 2, which is characterized in that the model training list Member, suitable for extracted network flow characteristic is normalized using following formula:
Wherein, Z(i)The i-th network flow characteristic after indicating normalization, v(i)Indicate extracted i-th of network flow characteristic, μ Indicate feature v(i)Mean value, σ indicate feature v(i)Standard deviation.
4. industry Internet of Things unusual checking device according to claim 3, which is characterized in that the model training list The estimation parameter for the industrial Internet of Things unusual checking model that training obtains, including weight and deviation.
5. industry Internet of Things unusual checking device according to claim 1-4, which is characterized in that also wrap It includes:
Alarm Unit, suitable for exporting corresponding alarm prompt when detecting industrial Internet of Things abnormal behaviour.
6. industry Internet of Things unusual checking device according to claim 5, which is characterized in that further include:
It signs storage unit, it is abnormal from detected industrial Internet of Things suitable for when detecting industrial Internet of Things abnormal behaviour Corresponding signed data is extracted in behavior and is stored in preset log database.
7. industry Internet of Things unusual checking device according to claim 1, which is characterized in that the primitive network stream Amount data include the information of source IP address, purpose IP address, source port, target port and protocol type.
CN201811490982.1A 2018-12-06 2018-12-06 Industrial Internet of Things unusual checking device Pending CN109688112A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811490982.1A CN109688112A (en) 2018-12-06 2018-12-06 Industrial Internet of Things unusual checking device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811490982.1A CN109688112A (en) 2018-12-06 2018-12-06 Industrial Internet of Things unusual checking device

Publications (1)

Publication Number Publication Date
CN109688112A true CN109688112A (en) 2019-04-26

Family

ID=66186459

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811490982.1A Pending CN109688112A (en) 2018-12-06 2018-12-06 Industrial Internet of Things unusual checking device

Country Status (1)

Country Link
CN (1) CN109688112A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110365703A (en) * 2019-07-30 2019-10-22 国家电网有限公司 Internet-of-things terminal abnormal state detection method, apparatus and terminal device
CN111163115A (en) * 2020-04-03 2020-05-15 深圳市云盾科技有限公司 Internet of things safety monitoring method and system based on double engines
CN113783717A (en) * 2021-08-12 2021-12-10 北京邮电大学 Smart city network flow prediction method and system
CN114520736A (en) * 2022-01-24 2022-05-20 广东工业大学 Internet of things security detection method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104298202A (en) * 2014-10-21 2015-01-21 张晓华 Industrial field intelligent monitoring terminal based on internet of things
CN105629790A (en) * 2016-01-29 2016-06-01 广州能迪能源科技股份有限公司 Data management platform and method based on industrial IOT (Internet of Things)
US20170347283A1 (en) * 2016-05-31 2017-11-30 At&T Intellectual Property I, L.P. System and method for event based internet of things (iot) device status monitoring and reporting in a mobility network
CN107944552A (en) * 2017-12-19 2018-04-20 电子科技大学 A kind of industrial Internet of Things parameter prediction method based on Elman neutral nets
CN108429753A (en) * 2018-03-16 2018-08-21 重庆邮电大学 A kind of matched industrial network DDoS intrusion detection methods of swift nature

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104298202A (en) * 2014-10-21 2015-01-21 张晓华 Industrial field intelligent monitoring terminal based on internet of things
CN105629790A (en) * 2016-01-29 2016-06-01 广州能迪能源科技股份有限公司 Data management platform and method based on industrial IOT (Internet of Things)
US20170347283A1 (en) * 2016-05-31 2017-11-30 At&T Intellectual Property I, L.P. System and method for event based internet of things (iot) device status monitoring and reporting in a mobility network
CN107944552A (en) * 2017-12-19 2018-04-20 电子科技大学 A kind of industrial Internet of Things parameter prediction method based on Elman neutral nets
CN108429753A (en) * 2018-03-16 2018-08-21 重庆邮电大学 A kind of matched industrial network DDoS intrusion detection methods of swift nature

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
AL-HAWAWREH等: ""Identification of malicious activities in industrial internet of things based on deep learning models"", 《JOURNAL OF INFORMATION SECURITY AND APPLICATIONS》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110365703A (en) * 2019-07-30 2019-10-22 国家电网有限公司 Internet-of-things terminal abnormal state detection method, apparatus and terminal device
CN111163115A (en) * 2020-04-03 2020-05-15 深圳市云盾科技有限公司 Internet of things safety monitoring method and system based on double engines
CN113783717A (en) * 2021-08-12 2021-12-10 北京邮电大学 Smart city network flow prediction method and system
CN113783717B (en) * 2021-08-12 2023-03-24 北京邮电大学 Smart city network flow prediction method and system
CN114520736A (en) * 2022-01-24 2022-05-20 广东工业大学 Internet of things security detection method, device, equipment and storage medium
CN114520736B (en) * 2022-01-24 2023-08-22 广东工业大学 Internet of things security detection method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN109547455A (en) Industrial Internet of Things anomaly detection method, readable storage medium storing program for executing and terminal
CN109688112A (en) Industrial Internet of Things unusual checking device
WO2020143227A1 (en) Method for generating malicious sample of industrial control system based on adversarial learning
CN106570513B (en) The method for diagnosing faults and device of big data network system
CN110909811A (en) OCSVM (online charging management system) -based power grid abnormal behavior detection and analysis method and system
CN104598813B (en) Computer intrusion detection method based on integrated study and semi-supervised SVM
CN103905440A (en) Network security situation awareness analysis method based on log and SNMP information fusion
Liu et al. A novel intrusion detection algorithm for industrial control systems based on CNN and process state transition
CN109639734B (en) Abnormal flow detection method with computing resource adaptivity
CN117113262B (en) Network traffic identification method and system
CN105306463A (en) Modbus TCP intrusion detection method based on support vector machine
CN105991517B (en) Vulnerability mining method and apparatus
CN108985061A (en) A kind of webshell detection method based on Model Fusion
CN103810424A (en) Method and device for identifying abnormal application programs
CN114338195A (en) Web traffic anomaly detection method and device based on improved isolated forest algorithm
Liu et al. Slippage fault diagnosis of dampers for transmission lines based on faster R-CNN and distance constraint
CN105871861B (en) A kind of intrusion detection method of self study protocol rule
CN103971054A (en) Detecting method of browser extension loophole based on behavior sequence
CN112333128A (en) Web attack behavior detection system based on self-encoder
CN110022313A (en) Polymorphic worm feature extraction and polymorphic worm discrimination method based on machine learning
CN108761250B (en) Industrial control equipment voltage and current-based intrusion detection method
CN108073803A (en) For detecting the method and device of malicious application
CN108040067B (en) Cloud platform intrusion detection method, device and system
Yin et al. Botnet detection based on genetic neural network
CN114863210A (en) Method and system for resisting sample attack of bridge structure health monitoring data driving model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190426