CN111355625B - Analysis method and device for abnormal Internet of things card - Google Patents
Analysis method and device for abnormal Internet of things card Download PDFInfo
- Publication number
- CN111355625B CN111355625B CN201811582177.1A CN201811582177A CN111355625B CN 111355625 B CN111355625 B CN 111355625B CN 201811582177 A CN201811582177 A CN 201811582177A CN 111355625 B CN111355625 B CN 111355625B
- Authority
- CN
- China
- Prior art keywords
- characteristic data
- card
- cards
- entropy
- networking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0823—Errors, e.g. transmission errors
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Environmental & Geological Engineering (AREA)
- Mathematical Analysis (AREA)
- Mathematical Physics (AREA)
- Probability & Statistics with Applications (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Telephonic Communication Services (AREA)
Abstract
The application discloses an analysis method and device for an abnormal Internet of things card. After acquiring a first characteristic data entropy of at least one analyte networking card and characteristic data entropies of a first preset number of normal Internet of things cards in a first time period, obtaining a second preset number of analyte networking cards by adopting an outlier detection algorithm with preset relative density; and then acquiring second characteristic data entropy of historical characteristic data of a second preset number of the network cards of the to-be-analyzed objects in a second time period, and adopting a preset autoregressive integration moving average algorithm to the second characteristic data entropy to obtain first predicted characteristic data entropy of the second preset number of the network cards of the to-be-analyzed objects in the first time period, so as to acquire abnormal network cards of the second preset number of the network cards of the to-be-analyzed objects. According to the method, the abnormal Internet of things card is accurately analyzed by adopting an outlier detection algorithm of relative density and a time series abnormity detection method, and the accuracy of analyzing the abnormal Internet of things card is improved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to an analysis method and an analysis device for an abnormal internet of things card.
Background
The internet of things is a network which connects sensors, controllers, machines, personnel, objects and the like together in a new mode by using communication technologies such as local networks or the internet and the like to form person-to-object and object-to-object connection and realize informatization, remote management control and intellectualization. The Internet of things has the three characteristics of scale, mobility and safety. The service of the internet of things provides personalized, intelligent and informationized application of the internet of things for clients on the basis of a communication network. The internet of things card is a mobile communication access service provided by three operators (mobile, Unicom and telecom) based on an internet of things private network and facing to users of the internet of things. The special number segment (11 bit or 13 bit) for three networks is adopted, and basic communication services such as short messages, wireless data, voice and the like are supported through special network element equipment, so that intelligent channel services such as communication link management, terminal management and the like are provided.
In recent years, in the process of rapid development and expansion of the internet of things, based on the characteristics of multiple business scenes, various network access modes and complex equipment types of the internet of things, operators have some potential safety hazards on management of the internet of things, for example, the internet of things is often cheated by communication information of malicious users, or malicious software is spread, spam messages are sent and the like, so that user experience is influenced.
In order to solve the above problems, the conventional scheme is to monitor the key behavior data of the terminal of the internet of things, where the key behavior data may be the internet surfing time, the internet surfing frequency, the internet surfing position, and the like. Judging whether the key behavior data of the terminal of the Internet of things exceeds an abnormal behavior threshold value of the terminal of the Internet of things; and if the key behavior data exceed the abnormal behavior threshold, determining that the network card of the terminal of the Internet of things is stolen, namely potential safety hazards exist.
However, the inventor finds that, due to different business scenarios of the internet of things card and large difference of key behavior data in different business scenarios, it is easy to cause that the abnormal behavior threshold is difficult to determine, and when the amount of the key behavior data of the internet of things card is large, misjudgment is easy to cause.
Disclosure of Invention
The embodiment of the application provides an analysis method and device for an abnormal internet of things card, which are used for solving the problems in the prior art and improving the accuracy of analyzing the abnormal internet of things card.
In a first aspect, an analysis of an abnormal internet of things card is provided, and the method may include:
acquiring a first characteristic data entropy of at least one network card to be analyzed and characteristic data entropies of a first preset number of normal network cards to be analyzed in a first time period;
obtaining a second preset number of analyte networking cards by adopting an outlier detection algorithm with preset relative density on the first characteristic data entropy of the at least one analyte networking card and the characteristic data entropy of the first preset number of normal internet of things cards, wherein the second preset number of analyte networking cards are the analyte networking cards with the lowest second preset number of outliers;
acquiring second characteristic data entropy of historical characteristic data of the second preset number of network cards to be analyzed in a second time period, wherein the second time period is the historical time period of the first time period, and the second time period is greater than the first time period;
adopting a preset autoregressive integration moving average algorithm to the second feature data entropy to obtain first predicted feature data entropies of the network cards of the second preset number of analytes in the first time period;
and acquiring abnormal Internet of things cards in the second preset number of the network cards to be analyzed according to the first characteristic data entropy and the first predicted characteristic data entropy of the second preset number of the network cards to be analyzed.
In an optional implementation, the acquiring a first feature data entropy of feature data of at least one analyte networking card and feature data entropies of a first preset number of normal internet of things cards in a first time period includes:
acquiring characteristic data of at least one network card to be analyzed and characteristic data of a first preset number of normal network cards in a first time period;
and performing preset entropy operation on the characteristic data of the network card to be analyzed and the characteristic data of the normal Internet of things card to obtain the characteristic data entropy of the network card to be analyzed and the characteristic data entropy of the normal Internet of things card.
In an optional implementation, the obtaining a second preset number of analyte networking cards by using an outlier detection algorithm with a preset relative density for the first entropy of the at least one analyte networking card and the characteristic data entropy of the first preset number of normal internet of things cards includes:
adopting a preset relative density algorithm to the first characteristic data entropy of the at least one analyte networking card and the characteristic data entropies of the first preset number of normal Internet of things cards to obtain the relative density of the at least one analyte networking card and the relative density of the first preset number of normal Internet of things cards;
obtaining the outlier score of the at least one analyte networking card by adopting a preset outlier scoring algorithm for the relative density of the at least one analyte networking card and the relative densities of the first preset number of normal internet of things cards;
and acquiring the analyte networking cards corresponding to the second preset number of lowest outlier scores.
In an optional implementation, the obtaining the abnormal internet of things card in the second preset number of analyte networking cards according to the first characteristic data entropy and the first predicted characteristic data entropy of the second preset number of analyte networking cards includes:
when the first characteristic data entropy of a target analyte networking card in the second preset number of analyte networking cards is not larger than the first prediction characteristic data entropy, determining the target analyte networking card as a normal internet of things card, wherein the target analyte networking card is any one of the second preset number of analyte networking cards;
when the first characteristic data entropy of the target analyte networking card is larger than the first predicted characteristic data entropy, acquiring the average difference value of second characteristic data entropies of the target analyte networking card in the second time period, wherein the average difference value is the average difference value of second characteristic data entropies every third time period in the second time period;
acquiring a second predicted characteristic data entropy of the target analysis networked card in the first time period according to the difference average value of the second characteristic data entropy and the preset autoregressive integrated moving average algorithm;
when the first characteristic data entropy of the target analyte networking card is larger than the second predicted characteristic data entropy, determining the target analyte networking card as an abnormal internet of things card;
and when the first characteristic data entropy of the target analyte networking card is not larger than the second predicted characteristic data entropy, determining the target analyte networking card as a normal Internet of things card.
In an optional implementation, the feature data includes the number of opened services, the number of times of calling, the duration of the call, the calling contact location, and the identifier of the user terminal.
In an optional implementation, the feature data further includes an open service number;
and when the number of the opened services is greater than a preset opening service threshold value, determining the Internet of things card corresponding to the number of the opened services as an abnormal Internet of things card.
In a second aspect, an apparatus is provided, which may include: an acquisition unit and an arithmetic unit;
the acquisition unit is used for acquiring a first characteristic data entropy of at least one to-be-analyzed networking card and characteristic data entropies of a first preset number of normal networking cards in a first time period;
the operation unit is used for obtaining a second preset number of analyte networking cards by adopting an outlier detection algorithm with preset relative density on the first characteristic data entropy of the at least one analyte networking card and the characteristic data entropy of the first preset number of normal internet-of-things cards, wherein the second preset number of analyte networking cards are the analyte networking cards with the lowest outliers of the second preset number;
the acquiring unit is further configured to acquire second feature data entropy of historical feature data of the second preset number of analyte-networked cards in a second time period, where the second time period is a historical time period of the first time period, and the second time period is greater than the first time period;
the operation unit is further configured to adopt a preset autoregressive integration moving average algorithm for the second feature data entropy to obtain first predicted feature data entropies of the second preset number of network cards with the to-be-analyzed object in the first time period;
the acquisition unit is further used for acquiring the abnormal internet of things cards in the second preset number of the network cards to be analyzed according to the first characteristic data entropy and the first predicted characteristic data entropy of the second preset number of the network cards to be analyzed.
In an optional implementation, the acquiring unit is further configured to acquire feature data of at least one analyte networking card and feature data of the first preset number of normal internet of things cards in a first time period;
and performing preset entropy operation on the characteristic data of the network card to be analyzed and the characteristic data of the normal Internet of things card to obtain the characteristic data entropy of the network card to be analyzed and the characteristic data entropy of the normal Internet of things card.
In an optional implementation, the operation unit is further configured to obtain the relative density of the at least one analyte networking card and the relative densities of the first preset number of normal internet of things cards by using a preset relative density algorithm for the first characteristic data entropy of the at least one analyte networking card and the characteristic data entropy of the first preset number of normal internet of things cards;
obtaining the outlier score of the at least one analyte networking card by adopting a preset outlier scoring algorithm for the relative density of the at least one analyte networking card and the relative densities of the first preset number of normal internet of things cards;
the acquisition unit is further used for acquiring the analyte networking cards corresponding to the second preset number of lowest outlier scores.
In an alternative implementation, the apparatus further comprises a first determining unit;
the first determining unit is used for determining a target analyte networking card as a normal analyte networking card when the first characteristic data entropy of the target analyte networking card in the second preset number of analyte networking cards is not larger than the first predicted characteristic data entropy, wherein the target analyte networking card is any one of the second preset number of analyte networking cards;
the obtaining unit is further configured to obtain an average difference value of second feature data entropies of the target analyte networking card in the second time period when the first feature data entropy of the target analyte networking card is greater than the first predicted feature data entropy, where the average difference value is an average value of second feature data entropies every third time period in the second time period;
acquiring a second predicted characteristic data entropy of the target analysis networked card in the first time period according to the difference average value of the second characteristic data entropy and the preset autoregressive integrated moving average algorithm;
the first determining unit is further used for determining the target analyte networking card as an abnormal internet of things card when the first characteristic data entropy of the target analyte networking card is larger than the second predicted characteristic data entropy;
and when the first characteristic data entropy of the target analyte networking card is not larger than the second predicted characteristic data entropy, determining the target analyte networking card as a normal Internet of things card.
In an optional implementation, the feature data includes the number of opened services, the number of times of calling, the duration of the call, the calling contact location, and the identifier of the user terminal.
In an alternative implementation, the apparatus further comprises a second determining unit; the characteristic data also comprises the number of opened services;
and the second determining unit is used for determining the Internet of things card corresponding to the opened service number as an abnormal Internet of things card when the opened service number is greater than a preset opening service threshold value.
In a third aspect, an electronic device is provided, which includes a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory complete communication with each other through the communication bus;
a memory for storing a computer program;
a processor adapted to perform the method steps of any of the above first aspects when executing a program stored in the memory.
In a fourth aspect, a computer-readable storage medium is provided, having stored therein a computer program which, when executed by a processor, performs the method steps of any of the above first aspects.
After acquiring a first characteristic data entropy of at least one analyte networking card and characteristic data entropies of a first preset number of normal internet of things cards in a first time period, obtaining a second preset number of analyte networking cards by using an outlier detection algorithm with preset relative density for the first characteristic data entropy of the at least one analyte networking card and the characteristic data entropies of the first preset number of normal internet of things cards, wherein the second preset number of analyte networking cards are the analyte networking cards with the lowest second preset number of outliers; acquiring second characteristic data entropies of historical characteristic data of a second preset number of network cards to be analyzed in a second time period, wherein the second time period is the historical time period of the first time period and is greater than the first time period, and adopting a preset autoregressive integration moving average algorithm to the second characteristic data entropies to obtain first predicted characteristic data entropies of the second preset number of network cards to be analyzed in the first time period; and acquiring abnormal Internet of things cards in a second preset number of the network cards to be analyzed according to the first characteristic data entropy and the first predicted characteristic data entropy of the second preset number of the network cards to be analyzed. According to the method, the abnormal Internet of things card is accurately analyzed by adopting an outlier detection algorithm of relative density and a time series abnormity detection method, and the accuracy of analyzing the abnormal Internet of things card is improved.
Drawings
Fig. 1 is a schematic diagram of characteristic data of an internet of things card according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of an analysis method for an abnormal internet of things card according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an analysis apparatus for an abnormal internet of things card according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without any creative effort belong to the protection scope of the present application.
The analysis method of the abnormal Internet of things card provided by the embodiment of the invention can be applied to a server or a cloud server. In order to ensure the accuracy of the analysis, the server is an application server with strong computing power.
The method for analyzing the abnormal internet of things judges whether the internet of things has abnormal communication behaviors by utilizing the characteristic data of the internet of things in the signaling data and the outlier detection algorithm of the relative density, wherein the characteristic data are voice, internet surfing, short message data and the like in the signaling data, and as shown in figure 1, the characteristic data can comprise six-dimensional data of the number of opened services, the number of calling/called times, the call duration, the calling/called contact persons, the contact positions of the calling/called and the identification of the used terminal. If the abnormal communication behavior exists, acquiring the characteristic data of the Internet of things card with the abnormal communication behavior in the historical time period, and determining the abnormal Internet of things card used for communication information fraud by using a time series abnormality detection method. For the Internet of things card used for communication information fraud, the terminal related to the Internet of things card and the associated Internet of things card are obtained, and the loss of the communication information fraud to an operator is reduced by measures such as shutting down the abnormal Internet of things card and the Internet of things card related to the abnormal Internet of things card. The method is beneficial for operators to analyze and monitor the information fraud behaviors of the Internet of things card by utilizing the characteristic data of the Internet of things card in the signaling data.
Compared with the prior art, the method for analyzing the abnormal Internet of things card provided by the embodiment of the invention can accurately analyze the abnormal Internet of things card by adopting the outlier detection algorithm of relative density and the time series abnormality detection method, thereby improving the accuracy of analyzing the abnormal Internet of things card.
The preferred embodiments of the present application will be described below with reference to the accompanying drawings of the specification, it being understood that the preferred embodiments described herein are merely for illustrating and explaining the present invention and are not intended to limit the present invention, and that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
Fig. 2 is a schematic flow chart of an analysis method for an abnormal internet of things card according to an embodiment of the present invention. As shown in fig. 2, the method may include:
step 210, acquiring a first characteristic data entropy of characteristic data of at least one network card to be analyzed in a first time period and characteristic data entropies of a first preset number of normal network cards.
The network card to be analyzed is the Internet of things card with unknown behavior state, and the normal Internet of things card is the Internet of things card with known behavior state.
Before the step is executed, collecting the characteristic data of at least one network card to be analyzed in a first time period and the characteristic data of a first preset number of normal network cards in the first time period. The first time period may be a time period of a current day; the feature data may include the number of provisioned services, the number of callers, the duration of the call, the caller contact, the location of the caller contact, and the identity of the terminal used.
After the characteristic data are obtained, the characteristic data are operated by adopting a preset entropy to obtain a first characteristic data entropy of at least one network card to be analyzed and characteristic data entropies of a first preset number of normal network cards to be analyzed.
The feature data may include contact entropy, call duration entropy, number of callers entropy, place of contact entropy and usage terminal entropy.
In a first time period of the internet of things, for example, in one day, characteristic data may be recorded many times, so before detecting abnormal behavior of the internet of things, the records need to be summarized and summarized, and the characteristic data is converted into a numerical form, or correlation between the characteristic data is described first, and the correlated characteristic data is converted into the numerical form, and the correlated characteristic data may be the number of callers of a caller contact, the number of callers of a caller contact in a caller contact position, the number of callers of a terminal used by the caller contact in the caller contact position, etc., and since the information entropy may preliminarily reflect the degree of randomness of the characteristic data, the characteristic data or the correlated characteristic data may be converted into the form of the information entropy.
(1) Contact entropy;
the contact entropy can well measure the random degree of the distribution of the calling contacts of the Internet of things card. The greater the randomness of the contact, the greater the entropy of the contact. Contact entropy can be expressed as:
wherein n is the number of calling contacts, miThe dialing times of the calling contact person i are shown, and m is the total dialing times of the Internet of things card.
(2) A call duration entropy;
the call duration entropy can be used for measuring the random degree of the distribution of the call duration of the internet of things card and the calling contact. The larger the randomness of the call duration is, the larger the entropy of the call duration is. The calculation formula of the call duration entropy is the same as above, and at this time, n is the number of the calling contacts, miAnd m is the total call duration of the calling contact i, and m is the total call duration of the internet of things card.
(3) Calling frequency entropy;
the calling frequency entropy can be used for measuring the random degree of calling frequency distribution of the Internet of things card in each time period in the first time period. The larger the randomness of the calling amount in each time interval is, the larger the calling frequency entropy is. The calculation formula of the call duration entropy is the same as above, and n is the time interval number miThe number of calling times of the card in the time period i, and m is the total number of calling times of the internet of things card, and the total number of calling times of the day.
(4) Entropy of the contact;
the contact entropy can well measure the random degree of the distribution of the contact places of the calling contacts of the Internet of things card. The larger the randomness of the contact, the larger the entropy of the contact. The formula for calculating the entropy of the contact areas is the same as above, wherein n is the number of the contact areas, miThe number of dialing times of the contact place i is m, the total number of dialing times of the internet of things card is m, and the total number of dialing times of the day is the current number of dialing times.
(5) Using the terminal entropy;
the terminal entropy is used to well measure the random degree of the terminal used by the Internet of things card. The larger the randomness of the terminal used, the larger the entropy of the terminal. The calculation formula using the terminal entropy is the same as above, and n is the same at this timenIs the number of terminals, miAnd using the dialing times of the terminal i for the number of the Internet of things card, wherein m is the total dialing times of the Internet of things card and the total dialing times of the current day.
Furthermore, the information entropy can preliminarily reflect the random degree of the feature data, so that the associated feature data can be converted into the form of the information entropy.
Optionally, whether the internet of things card is suspected of information fraud can be preliminarily judged by using the information entropy. The method specifically comprises the following steps: and comparing the first characteristic data entropy with a preset entropy threshold (or called a random degree), and when the first characteristic data entropy is larger than the preset entropy threshold, determining that the Internet of things card corresponding to the first characteristic data entropy is an abnormal-behavior Internet of things card.
For example, a calling contact of the internet of things card is limited to a main user of the internet of things card, and if the dialing times of the calling contact are distributed unevenly and have high randomness, information fraud is suspected; the call duration between the internet of things card and each calling contact is approximately the same, and if the call duration between the calling contacts is uneven and has high randomness, the suspicion of information fraud exists; the calling contacts of the Internet of things card are distributed more uniformly in the main time period of the first time period, and if the calling times are concentrated in a plurality of time periods and have larger fluctuation, the suspicion of information fraud exists; the attribution of the calling contact of the Internet of things card is limited to a local area or a plurality of specific areas, and if the contact areas are unevenly distributed and have high randomness, the suspicion of information fraud exists; the internet of things card is used in a specific terminal according to the principle of special card application, and if the terminal is frequently replaced and has high randomness, the information fraud is suspected.
Optionally, the characteristic data may also include the number of provisioned services.
Because the current information fraud is mostly presented in a voice call mode, and the current normal internet of things card can only open one service among short messages, data and voice, whether the behavior of the internet of things card is normal can be judged according to the number of the opened services.
And when the number of the opened services is greater than the preset opening service threshold value, the fact that the Internet of things card has information fraud is indicated, and the Internet of things card corresponding to the number of the opened services is determined as the abnormal Internet of things card.
And step 220, obtaining a second preset number of analyte networking cards by adopting an outlier detection algorithm with preset relative density for the first characteristic data entropy of at least one Internet of things card and the characteristic data entropies of a first preset number of normal Internet of things cards.
Because the difference of the business scenes of the internet of things card is large, the internet of things card is used as data points which are possibly distributed in different regions and have different densities, and if a surrounding density algorithm is used, the surrounding density of the data points in the region with sparse density is generally low, so that the data points are easily mistakenly judged as outliers; the density around the data points in the dense density area is generally high, and even if one data point is far away from other data points in the area, the data point is not easy to be judged as an outlier, so that misjudgment is caused.
The embodiment of the invention introduces an outlier detection algorithm of relative density, which is an outlier discovery algorithm to detect abnormal behaviors of the Internet of things card. When the algorithm is used for detection, the outlier score of each Internet of things card can be quantitatively given, and the higher the outlier score is, the greater the abnormal degree of the Internet of things card is. And obtaining the abnormal Internet of things card in the Internet of things card set by selecting the point with the score ranking at the front.
And obtaining the relative density of the at least one analyte networking card and the relative densities of the first preset number of normal Internet of things cards by adopting a preset relative density algorithm on the first characteristic data entropy of the at least one analyte networking card and the characteristic data entropies of the first preset number of normal Internet of things cards.
For example, regarding at least one analyte networking card in the first time period as a set x, and acquiring a neighboring set N (x, k) of the set x by using a first preset number of normal internet of things cards, for example, k normal internet of things cards as neighboring internet of things cards of the set x. The relative density of each analyte-networking card in set x may be expressed as:
where | N (x, k) | is the size of the neighbor set, y is any one of k normal internet of things cards, and D (x, y) is a proximity metric based on Mahalanobis distance (Mahalanobis), where D (x, y) ═ x-y) S-1(x-y)T,S-1Is the inverse matrix of the known data covariance.
Similarly, the relative densities of the k normal internet of things cards can also be obtained based on the above formula, which is not described herein again in the embodiments of the present invention.
And then, obtaining the outlier score of the at least one analyte networking card by adopting a preset outlier scoring algorithm for the relative density of the at least one analyte networking card and the relative densities of the first preset number of normal Internet of things cards. The outlier score of the at least one analyte networking card may be expressed as:
wherein, outline _ score (x, k) is the outlier score of x internet of things cards, density (x, k) is the relative density of x internet of things cards to be analyzed, density (y, k) is the relative density of k normal internet of things cards, y is a preset internet of things card in the k normal internet of things cards, and | N (x, k) | is the size of the proximity set.
And selecting the network cards to be analyzed corresponding to the second preset number of lowest outlier scores. Specifically, at least one analyte networking card in the set x can be sorted in an ascending order according to the outlier score, and a first preset number of analyte networking cards are selected.
And step 230, acquiring second characteristic data entropy of the historical characteristic data of a second preset number of the network-connected cards to be analyzed in a second time period.
The second time period is a historical time period of the first time period, and the second time period is larger than the first time period. If the first time period is a time of day of the day, the second time period is a number of days, or a number of months, before the day. For example, the first time period is the current day and the second time period is 30 days prior to the current day.
And acquiring historical characteristic data of the network cards of the second preset number of the analytes in the second time period, and obtaining a second characteristic data entropy of the network cards of the second preset number of the analytes in the second time period by adopting preset entropy operation.
And 240, adopting a preset autoregressive integration moving average algorithm to the second characteristic data entropies to obtain first predicted characteristic data entropies of the network cards of the second preset number of analytes in the first time period.
In normal use, the characteristic data of the daily Internet of things card can not be changed obviously along with the time without the periodic or seasonal factors. However, if the characteristic data of the internet of things card fluctuates significantly in a certain day of a month, it indicates that the internet of things card is manually used for other operations, such as sending preferential information of various merchants, making harassing calls, and the like, that is, the internet of things card is an abnormal internet of things card.
In order to meet the characteristics of large difference of required scenes and unfixed distribution of use time of the internet of things card in use, the embodiment of the invention adopts an Auto Regression Integrated Moving Average (ARIMA) algorithm to solve the problems that the characteristic data of a random process changes along with time and the randomness exists in the reason of non-stability of a time sequence. The ARIMA algorithm may be used to predict a first entropy value of the internet of things card in a first time period after a second time period according to a second entropy value of historical characteristic data of the internet of things card.
Therefore, a preset autoregressive integration moving average algorithm is adopted for second feature data entropies of a second preset number of network cards to be analyzed in a second time period, and a first predicted feature data entropy in a first time period is predicted.
And step 250, acquiring abnormal Internet of things cards in a second preset number of the network cards to be analyzed according to the first characteristic data entropy and the first predicted characteristic data entropy of the second preset number of the network cards to be analyzed.
When the first characteristic data entropy of the target analyte networking card in the second preset number of analyte networking cards is not larger than the first prediction characteristic data entropy, the characteristic data of the target analyte networking card in the first time period is within the variation trend of the historical characteristic data in the second time period, namely the historical characteristic data has stationarity, at the moment, the target analyte networking card is determined to be a normal analyte networking card, and the target analyte networking card is any one of the second preset number of analyte networking cards.
When the entropy of the first feature data of the target analyte networking card in the second preset number of analyte networking cards is larger than the entropy of the first predicted feature data, the feature data of the target analyte networking card in the first time period is not in the variation trend of the historical feature data in the second time period, namely the historical feature data is not stable, and the time series historical feature data of the stable sequence is obtained through a difference method for the non-stable time series historical feature data.
Specifically, the difference average value of second characteristic data entropies of the target analysis-object networking card in a second time period is obtained, and the difference average value is the average value of the difference values of the second characteristic data entropies every third time period in the second time period; for example, the second time period is a 30 day period, the third time period is a 3 day period within 30 days, so the difference between day 1 and day 5, the difference between day 5 and day 9, the difference between day 9 and day 13, and so on, is taken, and finally the average of 7 differences is taken.
Then, acquiring a second predicted characteristic data entropy of the target analyte networking card in a first time period according to the difference average value of the second characteristic data entropy and a preset autoregressive integrated moving average algorithm;
when the first characteristic data entropy of the target analyte networking card is not larger than the second predicted characteristic data entropy, determining the target analyte networking card as a normal Internet of things card;
and when the first characteristic data entropy of the network card for the target analyte is larger than the second predicted characteristic data entropy, determining the network card for the target analyte as an abnormal network card for the target analyte.
Further, in order to further improve the accuracy of analysis, the characteristic data of the internet of things card in the first time period is manually checked and tested, if a fraud condition exists, a terminal related to the internet of things card and an associated internet of things card are excavated, and measures such as shutting down the abnormal internet of things card and the internet of things card related to the abnormal internet of things card are taken in time, so that the loss caused by information fraud is reduced.
After acquiring a first characteristic data entropy of at least one analyte networking card and characteristic data entropies of a first preset number of normal internet of things cards in a first time period, obtaining a second preset number of analyte networking cards by using an outlier detection algorithm with preset relative density for the first characteristic data entropy of the at least one analyte networking card and the characteristic data entropies of the first preset number of normal internet of things cards, wherein the second preset number of analyte networking cards are the analyte networking cards with the lowest second preset number of outliers; acquiring second characteristic data entropies of historical characteristic data of a second preset number of network cards to be analyzed in a second time period, wherein the second time period is the historical time period of the first time period and is greater than the first time period, and adopting a preset autoregressive integration moving average algorithm to the second characteristic data entropies to obtain first predicted characteristic data entropies of the second preset number of network cards to be analyzed in the first time period; and acquiring abnormal Internet of things cards in a second preset number of the network cards to be analyzed according to the first characteristic data entropy and the first predicted characteristic data entropy of the second preset number of the network cards to be analyzed. According to the method, the abnormal Internet of things card is accurately analyzed by adopting an outlier detection algorithm of relative density and a time series abnormity detection method, and the accuracy of analyzing the abnormal Internet of things card is improved.
Corresponding to the above method, an embodiment of the present invention further provides an analysis apparatus for an abnormal internet of things card, as shown in fig. 3, the apparatus includes: an acquisition unit 310 and an arithmetic unit 320;
the acquiring unit 310 is configured to acquire a first feature data entropy of at least one to-be-analyzed networking card and feature data entropies of a first preset number of normal networking cards within a first time period;
the operation unit 320 is configured to obtain a second preset number of analyte networking cards by using an outlier detection algorithm with a preset relative density for the first feature data entropy of the at least one analyte networking card and the feature data entropy of the first preset number of normal internet of things cards, where the second preset number of analyte networking cards are the analyte networking cards with the lowest outlier score of the second preset number;
the obtaining unit 310 is further configured to obtain a second feature data entropy of historical feature data of the second preset number of analyte-networked cards in a second time period, where the second time period is a historical time period of the first time period, and the second time period is greater than the first time period;
the operation unit 320 is further configured to apply a preset autoregressive integrated moving average algorithm to the second feature data entropies to obtain first predicted feature data entropies of the network cards with the second preset number of analytes in the first time period;
the obtaining unit 310 is further configured to obtain the abnormal internet of things cards in the second preset number of analyte networking cards according to the first characteristic data entropy and the first predicted characteristic data entropy of the second preset number of analyte networking cards.
In an optional implementation, the obtaining unit 310 is further configured to obtain feature data of at least one analyte networking card and feature data of the first preset number of normal internet of things cards in a first time period;
and performing preset entropy operation on the characteristic data of the network card to be analyzed and the characteristic data of the normal Internet of things card to obtain the characteristic data entropy of the network card to be analyzed and the characteristic data entropy of the normal Internet of things card.
In an optional implementation, the operation unit 320 is further configured to obtain the relative density of the at least one analyte networking card and the relative densities of the first preset number of normal internet of things cards by using a preset relative density algorithm on the first characteristic data entropy of the at least one analyte networking card and the characteristic data entropies of the first preset number of normal internet of things cards;
obtaining the outlier score of the at least one analyte networking card by adopting a preset outlier scoring algorithm for the relative density of the at least one analyte networking card and the relative densities of the first preset number of normal internet of things cards;
the obtaining unit 310 is further configured to obtain a second preset number of analyte networking cards corresponding to the lowest outlier scores.
In an alternative implementation, the apparatus further comprises a first determining unit 330;
a first determining unit 330, configured to determine, when a first feature data entropy of a target analyte-related card of the second preset number of analyte-related cards is not greater than the first predicted feature data entropy, the target analyte-related card as a normal analyte-related card, where the target analyte-related card is any one of the second preset number of analyte-related cards;
the obtaining unit 310 is further configured to obtain an average difference value of second feature data entropies of the target analyte networking card in the second time period when the first feature data entropy of the target analyte networking card is greater than the first predicted feature data entropy, where the average difference value is an average value of second feature data entropies every third time period in the second time period;
acquiring a second predicted characteristic data entropy of the target analysis networked card in the first time period according to the difference average value of the second characteristic data entropy and the preset autoregressive integrated moving average algorithm;
the first determining unit 330 is further configured to determine the target analyte networking card as an abnormal internet of things card when the first characteristic data entropy of the target analyte networking card is greater than the second predicted characteristic data entropy;
and when the first characteristic data entropy of the target analyte networking card is not larger than the second predicted characteristic data entropy, determining the target analyte networking card as a normal Internet of things card.
In an optional implementation, the feature data includes the number of opened services, the number of times of calling, the duration of the call, the calling contact location, and the identifier of the user terminal.
In an alternative implementation, the apparatus further comprises a second determining unit 340; the characteristic data also comprises the number of opened services;
a second determining unit 340, configured to determine, when the number of provisioned services is greater than a preset provisioning service threshold, the internet of things card corresponding to the number of provisioned services as an abnormal internet of things card.
The functions of the functional units of the analysis apparatus for the abnormal internet of things card provided in the above embodiment of the present invention can be implemented through the above method steps, and therefore, the specific working processes and beneficial effects of the units in the analysis apparatus for the abnormal internet of things card provided in the embodiment of the present invention are not repeated herein.
An embodiment of the present invention further provides an electronic device, as shown in fig. 4, including a processor 410, a communication interface 420, a memory 430, and a communication bus 440, where the processor 410, the communication interface 420, and the memory 430 complete mutual communication through the communication bus 440.
A memory 430 for storing computer programs;
the processor 410, when executing the program stored in the memory 430, implements the following steps:
acquiring a first characteristic data entropy of at least one network card to be analyzed and characteristic data entropies of a first preset number of normal network cards to be analyzed in a first time period;
obtaining a second preset number of analyte networking cards by adopting an outlier detection algorithm with preset relative density on the first characteristic data entropy of the at least one analyte networking card and the characteristic data entropy of the first preset number of normal internet of things cards, wherein the second preset number of analyte networking cards are the analyte networking cards with the lowest second preset number of outliers;
acquiring second characteristic data entropy of historical characteristic data of the second preset number of network cards to be analyzed in a second time period, wherein the second time period is the historical time period of the first time period, and the second time period is greater than the first time period;
adopting a preset autoregressive integration moving average algorithm to the second feature data entropy to obtain first predicted feature data entropies of the network cards of the second preset number of analytes in the first time period;
and acquiring abnormal Internet of things cards in the second preset number of the network cards to be analyzed according to the first characteristic data entropy and the first predicted characteristic data entropy of the second preset number of the network cards to be analyzed.
In an optional implementation, the acquiring a first feature data entropy of feature data of at least one analyte networking card and feature data entropies of a first preset number of normal internet of things cards in a first time period includes:
acquiring characteristic data of at least one network card to be analyzed and characteristic data of a first preset number of normal network cards in a first time period;
and performing preset entropy operation on the characteristic data of the network card to be analyzed and the characteristic data of the normal Internet of things card to obtain the characteristic data entropy of the network card to be analyzed and the characteristic data entropy of the normal Internet of things card.
In an optional implementation, the obtaining a second preset number of analyte networking cards by using an outlier detection algorithm with a preset relative density for the first entropy of the at least one analyte networking card and the characteristic data entropy of the first preset number of normal internet of things cards includes:
adopting a preset relative density algorithm to the first characteristic data entropy of the at least one analyte networking card and the characteristic data entropies of the first preset number of normal Internet of things cards to obtain the relative density of the at least one analyte networking card and the relative density of the first preset number of normal Internet of things cards;
obtaining the outlier score of the at least one analyte networking card by adopting a preset outlier scoring algorithm for the relative density of the at least one analyte networking card and the relative densities of the first preset number of normal internet of things cards;
and acquiring the analyte networking cards corresponding to the second preset number of lowest outlier scores.
In an optional implementation, the obtaining the abnormal internet of things card in the second preset number of analyte networking cards according to the first characteristic data entropy and the first predicted characteristic data entropy of the second preset number of analyte networking cards includes:
when the first characteristic data entropy of a target analyte networking card in the second preset number of analyte networking cards is not larger than the first prediction characteristic data entropy, determining the target analyte networking card as a normal internet of things card, wherein the target analyte networking card is any one of the second preset number of analyte networking cards;
when the first characteristic data entropy of the target analyte networking card is larger than the first predicted characteristic data entropy, acquiring the average difference value of second characteristic data entropies of the target analyte networking card in the second time period, wherein the average difference value is the average difference value of second characteristic data entropies every third time period in the second time period;
acquiring a second predicted characteristic data entropy of the target analysis networked card in the first time period according to the difference average value of the second characteristic data entropy and the preset autoregressive integrated moving average algorithm;
when the first characteristic data entropy of the target analyte networking card is larger than the second predicted characteristic data entropy, determining the target analyte networking card as an abnormal internet of things card;
and when the first characteristic data entropy of the target analyte networking card is not larger than the second predicted characteristic data entropy, determining the target analyte networking card as a normal Internet of things card.
In an optional implementation, the feature data includes the number of opened services, the number of times of calling, the duration of the call, the calling contact location, and the identifier of the user terminal.
In an optional implementation, the feature data further includes an open service number;
and when the number of the opened services is greater than a preset opening service threshold value, determining the Internet of things card corresponding to the number of the opened services as an abnormal Internet of things card.
The aforementioned communication bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the electronic equipment and other equipment.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
Since the implementation manner and the beneficial effects of the problem solving of each device of the electronic device in the foregoing embodiment can be implemented by referring to each step in the embodiment shown in fig. 2, detailed working processes and beneficial effects of the electronic device provided by the embodiment of the present invention are not described herein again.
In another embodiment of the present invention, a computer-readable storage medium is further provided, where instructions are stored in the computer-readable storage medium, and when the instructions are executed on a computer, the computer is enabled to execute the method for analyzing an abnormal internet of things card according to any one of the above embodiments.
In another embodiment of the present invention, a computer program product containing instructions is further provided, which when running on a computer, causes the computer to execute the method for analyzing an abnormal internet of things card according to any one of the above embodiments.
As will be appreciated by one of skill in the art, the embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all changes and modifications that fall within the true scope of the embodiments of the present application.
It is apparent that those skilled in the art can make various changes and modifications to the embodiments of the present application without departing from the spirit and scope of the embodiments of the present application. Thus, if such modifications and variations of the embodiments of the present application fall within the scope of the claims of the embodiments of the present application and their equivalents, the embodiments of the present application are also intended to include such modifications and variations.
Claims (10)
1. An analysis method for an abnormal internet of things card is characterized by comprising the following steps:
acquiring a first characteristic data entropy of at least one network card to be analyzed and characteristic data entropies of a first preset number of normal network cards to be analyzed in a first time period;
obtaining a second preset number of analyte networking cards by adopting an outlier detection algorithm with preset relative density on the first characteristic data entropy of the at least one analyte networking card and the characteristic data entropy of the first preset number of normal internet of things cards, wherein the second preset number of analyte networking cards are the analyte networking cards with the lowest second preset number of outliers;
acquiring second characteristic data entropy of historical characteristic data of the second preset number of network cards to be analyzed in a second time period, wherein the second time period is the historical time period of the first time period, and the second time period is greater than the first time period;
adopting a preset autoregressive integration moving average algorithm to the second feature data entropy to obtain first predicted feature data entropies of the network cards of the second preset number of analytes in the first time period;
acquiring abnormal internet-of-things cards in the second preset number of the network-of-analytes according to the first characteristic data entropy and the first predicted characteristic data entropy of the second preset number of the network-of-analytes, wherein the method specifically comprises the following steps:
when the first characteristic data entropy of the target analyte networking card is larger than the first predicted characteristic data entropy, acquiring the average difference value of second characteristic data entropies of the target analyte networking card in the second time period, wherein the average difference value is the average difference value of second characteristic data entropies every third time period in the second time period;
acquiring a second predicted characteristic data entropy of the target analysis networked card in the first time period according to the difference average value of the second characteristic data entropy and the preset autoregressive integrated moving average algorithm;
and when the first characteristic data entropy of the target analyte networking card is larger than the second predicted characteristic data entropy, determining the target analyte networking card as an abnormal Internet of things card.
2. The method of claim 1, wherein acquiring a first characteristic data entropy of characteristic data of at least one analyte networking card and characteristic data entropies of a first preset number of normal Internet of things cards in a first time period comprises:
acquiring characteristic data of at least one network card to be analyzed and characteristic data of a first preset number of normal network cards in a first time period;
and performing preset entropy operation on the characteristic data of the network card to be analyzed and the characteristic data of the normal Internet of things card to obtain the characteristic data entropy of the network card to be analyzed and the characteristic data entropy of the normal Internet of things card.
3. The method of claim 1, wherein the obtaining a second preset number of analyte networking cards by using an outlier detection algorithm with a preset relative density for the first entropy of the at least one analyte networking card and the characteristic data entropy of the first preset number of normal network networking cards comprises:
adopting a preset relative density algorithm to the first characteristic data entropy of the at least one analyte networking card and the characteristic data entropies of the first preset number of normal Internet of things cards to obtain the relative density of the at least one analyte networking card and the relative density of the first preset number of normal Internet of things cards;
obtaining the outlier score of the at least one analyte networking card by adopting a preset outlier scoring algorithm for the relative density of the at least one analyte networking card and the relative densities of the first preset number of normal internet of things cards;
and acquiring the analyte networking cards corresponding to the second preset number of lowest outlier scores.
4. The method of claim 1, wherein the method further comprises:
when the first characteristic data entropy of a target analyte networking card in the second preset number of analyte networking cards is not larger than the first prediction characteristic data entropy, determining the target analyte networking card as a normal internet of things card, wherein the target analyte networking card is any one of the second preset number of analyte networking cards;
or when the first characteristic data entropy of the target analyte networking card is not larger than the second predicted characteristic data entropy, determining the target analyte networking card as a normal Internet of things card.
5. The method of claim 1, wherein the feature data comprises the number of open services, the number of callers, the duration of the call, the caller contact, the location of the caller contact, and the identity of the using terminal.
6. The method of claim 5, wherein the method further comprises:
the characteristic data also comprises the number of opened services;
and when the number of the opened services is greater than a preset opening service threshold value, determining the Internet of things card corresponding to the number of the opened services as an abnormal Internet of things card.
7. An analysis device for an abnormal internet of things card, the device comprising: an acquisition unit, an arithmetic unit and a first determination unit;
the acquisition unit is used for acquiring a first characteristic data entropy of at least one to-be-analyzed networking card and characteristic data entropies of a first preset number of normal networking cards in a first time period;
the operation unit is used for obtaining a second preset number of analyte networking cards by adopting an outlier detection algorithm with preset relative density on the first characteristic data entropy of the at least one analyte networking card and the characteristic data entropy of the first preset number of normal internet-of-things cards, wherein the second preset number of analyte networking cards are the analyte networking cards with the lowest outliers of the second preset number;
the acquiring unit is further configured to acquire second feature data entropy of historical feature data of the second preset number of analyte-networked cards in a second time period, where the second time period is a historical time period of the first time period, and the second time period is greater than the first time period;
the operation unit is further configured to adopt a preset autoregressive integration moving average algorithm for the second feature data entropy to obtain first predicted feature data entropies of the second preset number of network cards with the to-be-analyzed object in the first time period;
the acquisition unit is further used for acquiring abnormal internet of things cards in the second preset number of network cards to be analyzed according to the first characteristic data entropy and the first predicted characteristic data entropy of the second preset number of network cards to be analyzed;
when the first characteristic data entropy of the target analyte networking card is larger than the first predicted characteristic data entropy, acquiring the average difference value of second characteristic data entropies of the target analyte networking card in the second time period, wherein the average difference value is the average difference value of second characteristic data entropies every third time period in the second time period; acquiring a second predicted characteristic data entropy of the target analysis networked card in the first time period according to the difference average value of the second characteristic data entropy and the preset autoregressive integrated moving average algorithm;
the first determining unit is used for determining the target analyte networking card as an abnormal internet of things card when the first characteristic data entropy of the target analyte networking card is larger than the second predicted characteristic data entropy.
8. The apparatus according to claim 7, wherein the acquiring unit is further configured to acquire feature data of at least one analyte networking card and feature data of the first preset number of normal internet of things cards in a first time period;
and performing preset entropy operation on the characteristic data of the network card to be analyzed and the characteristic data of the normal Internet of things card to obtain the characteristic data entropy of the network card to be analyzed and the characteristic data entropy of the normal Internet of things card.
9. An electronic device, characterized in that the electronic device comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any of claims 1-6 when executing a program stored on a memory.
10. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811582177.1A CN111355625B (en) | 2018-12-24 | 2018-12-24 | Analysis method and device for abnormal Internet of things card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811582177.1A CN111355625B (en) | 2018-12-24 | 2018-12-24 | Analysis method and device for abnormal Internet of things card |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111355625A CN111355625A (en) | 2020-06-30 |
| CN111355625B true CN111355625B (en) | 2021-12-07 |
Family
ID=71197922
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811582177.1A Active CN111355625B (en) | 2018-12-24 | 2018-12-24 | Analysis method and device for abnormal Internet of things card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111355625B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102611713A (en) * | 2012-04-10 | 2012-07-25 | 重庆交通大学 | Entropy operation-based network intrusion detection method and device |
| CN107547266A (en) * | 2017-07-31 | 2018-01-05 | 腾讯科技(深圳)有限公司 | The detection method and device of online amount abnormity point, computer equipment and storage medium |
| CN107659560A (en) * | 2017-08-28 | 2018-02-02 | 国家计算机网络与信息安全管理中心 | A kind of abnormal auditing method for mass network data flow log processing |
| CN107786368A (en) * | 2016-08-31 | 2018-03-09 | 华为技术有限公司 | Detection of anomaly node method and relevant apparatus |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9794158B2 (en) * | 2015-09-08 | 2017-10-17 | Uber Technologies, Inc. | System event analyzer and outlier visualization |
| US11200582B2 (en) * | 2016-10-31 | 2021-12-14 | International Business Machines Corporation | Ensuring compliance of internet of things (IoT) devices |
-
2018
- 2018-12-24 CN CN201811582177.1A patent/CN111355625B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102611713A (en) * | 2012-04-10 | 2012-07-25 | 重庆交通大学 | Entropy operation-based network intrusion detection method and device |
| CN107786368A (en) * | 2016-08-31 | 2018-03-09 | 华为技术有限公司 | Detection of anomaly node method and relevant apparatus |
| CN107547266A (en) * | 2017-07-31 | 2018-01-05 | 腾讯科技(深圳)有限公司 | The detection method and device of online amount abnormity point, computer equipment and storage medium |
| CN107659560A (en) * | 2017-08-28 | 2018-02-02 | 国家计算机网络与信息安全管理中心 | A kind of abnormal auditing method for mass network data flow log processing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111355625A (en) | 2020-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107566358B (en) | Risk early warning prompting method, device, medium and equipment | |
| CN107305611B (en) | Method and device for establishing model corresponding to malicious account and method and device for identifying malicious account | |
| CN106294508B (en) | Brushing amount tool detection method and device | |
| CN112543176A (en) | Abnormal network access detection method, device, storage medium and terminal | |
| JP2016507794A (en) | System and method for generating subscriber churn predictions | |
| CN106815255A (en) | The method and device of detection data access exception | |
| CN106851633B (en) | Telecommunication fraud detection system and method based on user privacy protection | |
| CN110830986A (en) | Method, device, equipment and storage medium for detecting abnormal behavior of Internet of things card | |
| CN110493476B (en) | Detection method, device, server and storage medium | |
| CN110019382B (en) | User intimacy index determination method and device, storage medium and electronic equipment | |
| CN111078446A (en) | Fault information acquisition method and device, electronic equipment and storage medium | |
| CN111064719B (en) | Method and device for detecting abnormal downloading behavior of file | |
| CN106998336B (en) | Method and device for detecting user in channel | |
| CN106301975B (en) | Data detection method and device | |
| CN110866290A (en) | Chip malicious tampering detection method and device, electronic equipment and storage medium | |
| CN106331060B (en) | WIFI-based deployment and control method and system | |
| CN114338915A (en) | Caller ID risk identification method, caller ID risk identification device, caller ID risk identification equipment and storage medium | |
| CN111371633A (en) | Method, device, equipment and medium for detecting abnormal use of Internet of things card | |
| CN114173006B (en) | Off-network early warning method and server for communication user | |
| CN113691483B (en) | Method, device and equipment for detecting abnormal user equipment and storage medium | |
| CN111355625B (en) | Analysis method and device for abnormal Internet of things card | |
| CN109168138A (en) | The recognition methods for the number of changing, device and equipment in net | |
| CN113194474A (en) | Pseudo base station positioning method and device, electronic equipment and readable storage medium | |
| CN107040603B (en) | Method and device for determining active scene of application program App | |
| CN114268983B (en) | Shared information analysis method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |