CN111163071A - Unknown industrial protocol recognition engine - Google Patents

Unknown industrial protocol recognition engine Download PDF

Info

Publication number
CN111163071A
CN111163071A CN201911328190.9A CN201911328190A CN111163071A CN 111163071 A CN111163071 A CN 111163071A CN 201911328190 A CN201911328190 A CN 201911328190A CN 111163071 A CN111163071 A CN 111163071A
Authority
CN
China
Prior art keywords
protocol
data packet
unknown
data
clustering
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911328190.9A
Other languages
Chinese (zh)
Inventor
王亮
仪智奇
赵宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Jiulue Intelligent Technology Co ltd
Original Assignee
Hangzhou Jiulue Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Jiulue Intelligent Technology Co ltd filed Critical Hangzhou Jiulue Intelligent Technology Co ltd
Priority to CN201911328190.9A priority Critical patent/CN111163071A/en
Publication of CN111163071A publication Critical patent/CN111163071A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/12Protocol engines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • G06F18/232Non-hierarchical techniques
    • G06F18/2321Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions
    • G06F18/23213Non-hierarchical techniques using statistics or function optimisation, e.g. modelling of probability density functions with fixed number of clusters, e.g. K-means clustering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/285Selection of pattern recognition techniques, e.g. of classifiers in a multi-classifier system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/26Special purpose or proprietary protocols or architectures

Landscapes

  • Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Biology (AREA)
  • General Physics & Mathematics (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Evolutionary Computation (AREA)
  • Computing Systems (AREA)
  • Probability & Statistics with Applications (AREA)
  • Computer Hardware Design (AREA)
  • Communication Control (AREA)

Abstract

The invention discloses an unknown industrial protocol recognition engine, which comprises the following steps: s1, filtering the known protocol according to the port and the known protocol characteristics, and clustering the rest unknown protocols according to the port number; s2, identifying the characteristics of the industrial protocol, firstly capturing control characters or special communication characters in the application layer data in the data packet, and then carrying out binary maximum similarity matching by using a clustering algorithm; through training, if the data appearing in each bit of an unknown industrial protocol can be enumerated, the data is recorded as clustering feature enumeration and is used as a main basis for judging whether the protocol is in compliance or not, and finally a protocol feature set is obtained; s3, adopting AC multi-mode matching algorithm to match the multi-mode, judging whether the new data packet is unknown protocol according to the character characteristics of control and communication; and S4, slicing and transmitting the data packet according to the protocol characteristics, and judging whether the data packet is in compliance according to the sample set.

Description

Unknown industrial protocol recognition engine
Technical Field
The invention relates to the technical field of industrial application, in particular to an unknown industrial protocol recognition engine.
Background
With the deep integration of Information Technology (IT) and Operation Technology (OT), the mark enters the industrial 4.0 era, which means that the boundary between IT and OT is more and more fuzzy; it is important to collect data on device management, operation conditions, and real conditions of products and devices, and even data on fault diagnosis, network attack recognition, artificial security attack, etc. by using industrial internet technology, and to report and process the data in time. The industrial internet is full of various known and unknown industrial protocols, so that the identification of the unknown industrial protocol as a key technology in the field of network security is receiving more and more extensive attention and has become a key subject of research of related scholars.
The method mainly researches an unknown industrial protocol identification unit, and provides reliable basis for improving the network security in order to ensure the safe operation of the network and the early warning of attack and damage behaviors.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide an unknown industrial protocol identification engine.
The technical purpose of the invention is realized by the following technical scheme:
an unknown industrial protocol identification engine comprising the steps of:
s1, filtering the known protocol according to the port and the known protocol characteristics, and clustering the rest unknown protocols according to the port number;
s2, identifying the characteristics of the industrial protocol, firstly capturing control characters or special communication characters in the application layer data in the data packet, and then carrying out binary maximum similarity matching by using a clustering algorithm; through training, if the data appearing in each bit of an unknown industrial protocol can be enumerated, the data is recorded as clustering feature enumeration and is used as a main basis for judging whether the protocol is in compliance or not, and finally a protocol feature set is obtained;
s3, adopting AC multi-mode matching algorithm to match the multi-mode, judging whether the new data packet is unknown protocol according to the character characteristics of control and communication;
s4, slicing the data packet according to the protocol characteristics, judging whether the data packet is in compliance according to the sample set, classifying the data packet into the same unknown protocol of the application layer when the control and communication character characteristics can be matched through multimode matching and the clustering characteristics are satisfied, putting the data packet into a characteristic library of the protocol so as to distinguish the protocol type of the application layer data of the new data packet subsequently, or obtaining clustering characteristic enumeration according to the past clustering characteristics and judging whether the existing data packet is legal.
More preferably, the specific step of step S1 includes: judging whether the known protocol is an unknown protocol or not according to the port, judging whether the known protocol is an unknown protocol or not according to the characteristics, and carrying out aggregation processing according to the port number; the data packet firstly enters a protocol identification engine, comparison is carried out according to calibration data (comprising a port number set and a protocol feature set) of a known protocol (industrial and common protocols) in the engine, the data packet which is not in a calibration data range is copied and submitted to the industrial protocol feature identification engine for learning.
Further preferably, the binary maximum similarity matching in step S2 is implemented by using a clustering algorithm, the clustering feature is obtained based on a self-improved clustering algorithm, assuming that there is a data set X in which N records [ X1, X2, X3, X4, X5, X6, … ] are provided, and the specific clustering step includes:
randomly taking a record xi from the data set X for the first time, taking the record xi as a first central point of the cluster, and then repeating the following steps:
for each record xi, calculating the distance D (xn) between the record xi and the nearest midpoint and storing the calculated distance into a data set, wherein the calculated distance formula uses the euclidean distance, and the data set is represented as D (x) ═ D (x1), D (x2), D (x3), D (x4), D (x5), D (x6),. ];
adding Sum (D (x)) to the calculated distance, then dividing each record in the data group by the Sum value of the distance to obtain a probability distribution array, and calculating the cumulative Sum;
randomly taking a record from the data group, and taking the value in the data set X by using the subscript of the record as the next clustering center point; after the cluster central points are initially finished, next using a k-means algorithm to gather all the clusters, calculating the distance between all the points and each central point, and taking the central point closest to the cluster as the cluster;
recalculating the midpoint of each cluster, and taking the average value of each characteristic column to obtain a new central point;
the above steps are repeated until no center point moves.
Preferably, the AC multi-mode matching algorithm in step 3 inputs data according to a calibration feature set of the Ready state and a new data packet, where the calibration feature set is a rule set, and the new data packet is matched with the rule set and outputs whether the new data packet belongs to the unknown protocol.
In summary, compared with the prior art, the beneficial effects of the invention are as follows: through the use of control and universal characters and a clustering algorithm, the result accuracy is improved compared with the traditional binary system comparison efficiency, and the result is more accurate.
Drawings
FIG. 1 is a schematic diagram illustrating an unknown protocol identification process in an embodiment;
detailed description of the preferred embodiments
The invention is described in further detail below with reference to the accompanying drawings.
An unknown industrial protocol identification engine, as described with reference to fig. 1, comprising the steps of:
s1, filtering the known protocol according to the port and the known protocol characteristics, and clustering the rest unknown protocols according to the port number;
s2, carrying out feature recognition on the industrial protocol, firstly continuously capturing control characters or special communication characters in application layer data in a data packet, specifically, carrying out character-by-character matching on the application layer data, wherein the matched characters are marked as X1, and the corresponding position deviation is marked as Y1, and the operation occurs in an industrial protocol feature recognition engine; then, carrying out binary maximum similarity matching by using a clustering algorithm; through training, if the data appearing in each bit of an unknown industrial protocol can be enumerated, the data is recorded as clustering feature enumeration and is used as a main basis for judging whether the protocol is in compliance or not, and finally a protocol feature set is obtained;
s3, adopting AC multi-mode matching algorithm to match the multi-mode, judging whether the new data packet is unknown protocol according to the character characteristics of control and communication;
s4, slicing the data packet according to the protocol characteristics, judging whether the data packet is in compliance according to the sample set, classifying the data packet into the same unknown protocol of the application layer when the control and communication character characteristics can be matched through multimode matching and the clustering characteristics are satisfied, putting the data packet into a characteristic library of the protocol so as to distinguish the protocol type of the application layer data of the new data packet subsequently, or obtaining clustering characteristic enumeration according to the past clustering characteristics and judging whether the existing data packet is legal.
The specific steps of step S1 include:
judging whether the known protocol is an unknown protocol or not according to the port, and if the known protocol is judged to be the unknown protocol, finishing the identification process; judging whether the known protocol is an unknown protocol or not according to the characteristics, and if the known protocol is judged to be the unknown protocol, finishing the identification process; aggregating and processing according to port numbers aiming at the rest unknown protocols; specifically, a data packet firstly enters a protocol identification engine, comparison is carried out according to calibration data (comprising a port number set and a protocol feature set) of a known protocol (industrial and common protocols) in the engine, the data packet which is not in a calibration data range is copied and submitted to the industrial protocol feature identification engine for learning.
The binary maximum similarity matching in the step S2 is implemented by using a clustering algorithm, the clustering characteristics are obtained based on a self-improved clustering algorithm, it is assumed that there is a data set X in which N records [ X1, X2, X3, X4, X5, X6, … ] are provided, and the specific clustering step includes:
randomly taking a record xi from the data set X for the first time, taking the record xi as a first central point of the cluster, and then repeating the following steps:
for each record xi, calculating the distance D (xn) between the record xi and the nearest midpoint and storing the calculated distance into a data set, wherein the calculated distance formula uses the euclidean distance, and the data set is represented as D (x) ═ D (x1), D (x2), D (x3), D (x4), D (x5), D (x6),. ];
sum (d (x)) of the calculated distances, and then divide each record in the data set by the Sum of the distances, as shown below;
D(xn)/Sum(D(x)),
[D(x1)/Sum(D(x)),
D(x2)/Sum(D(x)),
D(x3)/Sum(D(x)),
D(x4)/Sum(D(x)),
D(x5)/Sum(D(x)),
D(x6)/Sum(D(x)),
......]
the following probability distribution arrays are obtained: [ P (x1), P (x2), P (x3), P (x4), P (x5), P (x6),. ];
the accumulated sum is then calculated: [ P (x1), P (x1) + P (x2), P (x1) + P (x2) + P (x3), P (x1) + P (x2) + P (x3) + P (x4), P (x1) + P (x2) + P (x3) + P (x4) + P (x5), P (x1) + P (x2) + P (x3) + P (x4) + P (x5) + P (x 36 6);
randomly taking a record from the data group, and taking the value in the data set X by using the subscript of the record as the next clustering center point; after the cluster central points are initially finished, next using a k-means algorithm to gather all the clusters, calculating the distance between all the points and each central point, and taking the central point closest to the cluster as the cluster;
{0:[x1,x2,x3],1:[x4,x5,x6],......}
recalculating the midpoint of each cluster, and taking the average value of each characteristic column to obtain a new central point;
[(x1+x2+x3)/3,(x4+x5+x6)/3,...];
the above steps are repeated until no center point moves.
It should be noted that the clustering feature indicated in this document is the converged clustering midpoint, the improvement point is to improve the processing efficiency, the hit rate dimension is increased for the calibration data collected by the unknown protocol, and when the centroid is obtained, the hit rate is combined, the matching times are reduced, and the centroid convergence speed is improved.
And (3) the AC multi-mode matching algorithm in the step 3 inputs data according to the calibration characteristic set of the Ready state and the newly-entered data packet, wherein the calibration characteristic set is a rule set, and the newly-entered data packet is matched with the rule set and outputs whether the newly-entered data packet belongs to the unknown protocol.
The protocol feature slicing and judging whether the data packet is normalized or not in the step 4 are described by expanding the process:
1. acquiring a control and communication character information set in a newly-entered data packet;
2. the new packet information set and the feature set are brought into an AC multi-mode matching algorithm;
3. the clustering characteristics obtained through the AC algorithm are consistent with the characteristic set, namely the same unknown protocol is obtained.
The above description is intended to be illustrative of the present invention and not to limit the scope of the invention, which is defined by the claims appended hereto.

Claims (4)

1. An unknown industrial protocol identification engine comprising the steps of:
s1, filtering the known protocol according to the port and the known protocol characteristics, and clustering the rest unknown protocols according to the port number;
s2, identifying the characteristics of the industrial protocol, firstly capturing control characters or special communication characters in the application layer data in the data packet, and then carrying out binary maximum similarity matching by using a clustering algorithm; through training, if the data appearing in each bit of an unknown industrial protocol can be enumerated, the data is recorded as clustering feature enumeration and is used as a main basis for judging whether the protocol is in compliance or not, and finally a protocol feature set is obtained;
s3, adopting AC multi-mode matching algorithm to match the multi-mode, judging whether the new data packet is unknown protocol according to the character characteristics of control and communication;
s4, slicing the data packet according to the protocol characteristics, judging whether the data packet is in compliance according to the sample set, classifying the data packet into the same unknown protocol of the application layer when the control and communication character characteristics can be matched through multimode matching and the clustering characteristics are satisfied, putting the data packet into a characteristic library of the protocol so as to distinguish the protocol type of the application layer data of the new data packet subsequently, or obtaining clustering characteristic enumeration according to the past clustering characteristics and judging whether the existing data packet is legal.
2. The unknown industrial protocol identification engine as claimed in claim 1 wherein said step S1 includes the following steps: judging whether the known protocol is an unknown protocol or not according to the port, judging whether the known protocol is an unknown protocol or not according to the characteristics, and carrying out aggregation processing according to the port number; the data packet firstly enters a protocol identification engine, comparison is carried out according to calibration data (comprising a port number set and a protocol feature set) of a known protocol (industrial and common protocols) in the engine, the data packet which is not in a calibration data range is copied and submitted to the industrial protocol feature identification engine for learning.
3. The unknown industrial protocol recognition engine as claimed in claim 1, wherein the binary maximum similarity matching in step S2 is implemented by using a clustering algorithm, and the clustering feature is obtained based on a self-improved clustering algorithm, assuming that there is a data set X with N records [ X1, X2, X3, X4, X5, X6, … ], the specific clustering step includes:
randomly taking a record xi from the data set X for the first time, taking the record xi as a first central point of the cluster, and then repeating the following steps:
for each record xi, calculating the distance D (xn) between the record xi and the nearest midpoint and storing the calculated distance into a data set, wherein the calculated distance formula uses the euclidean distance, and the data set is represented as D (x) ═ D (x1), D (x2), D (x3), D (x4), D (x5), D (x6),. ];
adding Sum (D (x)) to the calculated distance, then dividing each record in the data group by the Sum value of the distance to obtain a probability distribution array, and calculating the cumulative Sum;
randomly taking a record from the data group, and taking the value in the data set X by using the subscript of the record as the next clustering center point; after the cluster central points are initially finished, next using a k-means algorithm to gather all the clusters, calculating the distance between all the points and each central point, and taking the central point closest to the cluster as the cluster;
recalculating the midpoint of each cluster, and taking the average value of each characteristic column to obtain a new central point;
the above steps are repeated until no center point moves.
4. The unknown industrial protocol recognition engine according to claim 1, wherein the AC multi-mode matching algorithm in step 3 is based on two types of input data, namely a calibration feature set of Ready state and a new data packet, the calibration feature set is a rule set, and the new data packet is matched with the rule set and outputs whether the new data packet belongs to the unknown protocol.
CN201911328190.9A 2019-12-20 2019-12-20 Unknown industrial protocol recognition engine Pending CN111163071A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911328190.9A CN111163071A (en) 2019-12-20 2019-12-20 Unknown industrial protocol recognition engine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911328190.9A CN111163071A (en) 2019-12-20 2019-12-20 Unknown industrial protocol recognition engine

Publications (1)

Publication Number Publication Date
CN111163071A true CN111163071A (en) 2020-05-15

Family

ID=70557607

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911328190.9A Pending CN111163071A (en) 2019-12-20 2019-12-20 Unknown industrial protocol recognition engine

Country Status (1)

Country Link
CN (1) CN111163071A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113645065A (en) * 2021-07-21 2021-11-12 武汉虹旭信息技术有限责任公司 Industrial control safety audit system and method based on industrial internet
CN114640611A (en) * 2022-03-09 2022-06-17 西安电子科技大学 Unknown heterogeneous industrial protocol detection and identification method, system, equipment and medium
CN116208374A (en) * 2022-12-30 2023-06-02 长扬科技(北京)股份有限公司 Industrial protocol identification method, device, equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101707532A (en) * 2009-10-30 2010-05-12 中山大学 Automatic analysis method for unknown application layer protocol
CN102130956A (en) * 2011-03-18 2011-07-20 清华大学 Method and system for identifying application layer protocols
CN102333313A (en) * 2011-10-18 2012-01-25 中国科学院计算技术研究所 Feature code generation method and detection method of mobile botnet
CN102546625A (en) * 2011-12-31 2012-07-04 深圳市永达电子股份有限公司 Semi-supervised clustering integrated protocol identification system
CN104159232A (en) * 2014-09-01 2014-11-19 电子科技大学 Method of recognizing protocol format of binary message data
CN105827603A (en) * 2016-03-14 2016-08-03 中国人民解放军信息工程大学 Inexplicit protocol feature library establishment method and device and inexplicit message classification method and device
CN109657712A (en) * 2018-12-11 2019-04-19 浙江工业大学 A kind of electric business food and drink data analysing method based on the improved K-Means algorithm of Spark

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101707532A (en) * 2009-10-30 2010-05-12 中山大学 Automatic analysis method for unknown application layer protocol
WO2011050545A1 (en) * 2009-10-30 2011-05-05 中山大学 Automatic analysis method for unknown application layer protocols
CN102130956A (en) * 2011-03-18 2011-07-20 清华大学 Method and system for identifying application layer protocols
CN102333313A (en) * 2011-10-18 2012-01-25 中国科学院计算技术研究所 Feature code generation method and detection method of mobile botnet
CN102546625A (en) * 2011-12-31 2012-07-04 深圳市永达电子股份有限公司 Semi-supervised clustering integrated protocol identification system
CN104159232A (en) * 2014-09-01 2014-11-19 电子科技大学 Method of recognizing protocol format of binary message data
CN105827603A (en) * 2016-03-14 2016-08-03 中国人民解放军信息工程大学 Inexplicit protocol feature library establishment method and device and inexplicit message classification method and device
CN109657712A (en) * 2018-12-11 2019-04-19 浙江工业大学 A kind of electric business food and drink data analysing method based on the improved K-Means algorithm of Spark

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李阳等: "基于离散序列报文的轮廓格式特征提取方法", 《信息工程大学学报》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113645065A (en) * 2021-07-21 2021-11-12 武汉虹旭信息技术有限责任公司 Industrial control safety audit system and method based on industrial internet
CN113645065B (en) * 2021-07-21 2024-03-15 武汉虹旭信息技术有限责任公司 Industrial control security audit system and method based on industrial Internet
CN114640611A (en) * 2022-03-09 2022-06-17 西安电子科技大学 Unknown heterogeneous industrial protocol detection and identification method, system, equipment and medium
CN116208374A (en) * 2022-12-30 2023-06-02 长扬科技(北京)股份有限公司 Industrial protocol identification method, device, equipment and storage medium
CN116208374B (en) * 2022-12-30 2023-09-29 长扬科技(北京)股份有限公司 Industrial protocol identification method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
Li et al. Deep joint discriminative learning for vehicle re-identification and retrieval
CN111163071A (en) Unknown industrial protocol recognition engine
CN111385297B (en) Wireless device fingerprint identification method, system, device and readable storage medium
CN104765768A (en) Mass face database rapid and accurate retrieval method
CN111898642B (en) Key point detection method and device, electronic equipment and storage medium
CN104112005B (en) Distributed mass fingerprint identification method
CN104700033A (en) Virus detection method and virus detection device
CN113706100B (en) Real-time detection and identification method and system for Internet of things terminal equipment of power distribution network
CN107247873B (en) Differential methylation site recognition method
CN112926045B (en) Group control equipment identification method based on logistic regression model
CN111507385B (en) Extensible network attack behavior classification method
CN108256449B (en) Human behavior identification method based on subspace classifier
CN112487406B (en) Network behavior analysis method based on machine learning
CN115913691A (en) Network flow abnormity detection method and system
CN110659175A (en) Log trunk extraction method, log trunk classification method, log trunk extraction equipment and log trunk storage medium
Hadi et al. A novel approach to network intrusion detection system using deep learning for Sdn: Futuristic approach
CN109214466A (en) A kind of novel clustering algorithm based on density
CN111797260A (en) Trademark retrieval method and system based on image recognition
CN112580531B (en) Identification detection method and system for true and false license plates
Kang et al. A transfer learning based abnormal can bus message detection system
CN114254691A (en) Multi-channel operation wind control method based on active identification and intelligent monitoring
CN112583847A (en) Method for network security event complex analysis for medium and small enterprises
CN117014193A (en) Unknown Web attack detection method based on behavior baseline
CN111740921A (en) Network traffic classification method and system based on improved K-means algorithm
Revett et al. On the use of rough sets for user authentication via keystroke dynamics

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200515

RJ01 Rejection of invention patent application after publication