CN112769623A - Internet of things equipment identification method under edge environment - Google Patents

Internet of things equipment identification method under edge environment Download PDF

Info

Publication number
CN112769623A
CN112769623A CN202110070269.7A CN202110070269A CN112769623A CN 112769623 A CN112769623 A CN 112769623A CN 202110070269 A CN202110070269 A CN 202110070269A CN 112769623 A CN112769623 A CN 112769623A
Authority
CN
China
Prior art keywords
internet
things equipment
flow
things
machine learning
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110070269.7A
Other languages
Chinese (zh)
Inventor
杜瑞忠
王晶泽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Heibei University
Hebei University
Original Assignee
Heibei University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Heibei University filed Critical Heibei University
Priority to CN202110070269.7A priority Critical patent/CN112769623A/en
Publication of CN112769623A publication Critical patent/CN112769623A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/243Classification techniques relating to the number of classes
    • G06F18/24323Tree-organised classifiers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Evolutionary Biology (AREA)
  • Medical Informatics (AREA)
  • Software Systems (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Security & Cryptography (AREA)
  • Environmental & Geological Engineering (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to an Internet of things equipment identification method in a marginal environment, which comprises the following steps: firstly, establishing a classification model, establishing a small network through known Internet of things equipment, capturing a flow packet generated by the Internet of things equipment in daily life, dividing the flow according to a fixed time interval, extracting relevant statistical characteristics from the divided flow, taking the statistical characteristics as characteristics and the type of the Internet of things equipment corresponding to the characteristics as labels to jointly construct a data set, and constructing a machine learning model by using a random forest algorithm through the data set; secondly, classifying the Internet of things equipment, deploying the constructed machine learning model to a gateway, capturing flow generated by all Internet of things equipment in the local area network, segmenting according to time intervals during model construction, extracting characteristics, classifying the Internet of things equipment, improving the efficiency of network managers for managing the Internet of things equipment, and guaranteeing the safety of network space.

Description

Internet of things equipment identification method under edge environment
Technical Field
The invention relates to a communication technology, in particular to a method for identifying equipment of the Internet of things in a marginal environment.
Background
In recent years, a large number of internet of things devices are accessed to a network, and as the number of the internet of things devices increases, the network is threatened, and meanwhile, more challenges are brought to network managers. More and more attackers implement network attacks by exploiting vulnerabilities of internet of things devices. In the current internet environment, the distributed denial of service attack implemented by using the internet of things equipment has become a main attack mode for attackers.
How to manage the internet of things devices and ensure the security of the network system has become a problem which is most concerned by network managers. The traditional anomaly detection system judges whether the Internet of things equipment has abnormal behaviors or not by detecting the anomalies of the data behavior patterns, however, the Internet of things equipment has the characteristics of mass and heterogeneity, and the traditional system is difficult to identify the abnormal data behavior patterns. In addition, when a vulnerability of the internet of things device is discovered, a common method is to update software running on the internet of things device in a patching mode, but not all the internet of things devices support online updating, and meanwhile, a large number of users do not have the awareness that the internet of things device is safer, so that the vulnerability exists for a long time. Therefore, identifying the type of the internet of things device accessing the network is significant for management of the internet of things device, and especially in a marginal computing scenario, under the condition that computing resources are limited, how to efficiently and accurately identify the networked device is a problem that needs to be solved urgently.
The existing internet of things equipment identification technology mostly utilizes a DPI technology to extract features in application layer response data packets for internet of things equipment identification. However, the internet of things device identification technology requires plaintext data packet content, and brings large classification and storage overhead, which is not suitable for edge environment, so that the internet of things device cannot be effectively identified in an edge computing scene.
Disclosure of Invention
The invention aims to provide an Internet of things equipment identification method in an edge environment, and aims to solve the problem that the existing Internet of things equipment identification technology cannot effectively identify Internet of things equipment in an edge computing scene.
The invention is realized by the following steps: an Internet of things equipment identification method under an edge environment comprises the following steps:
a. establishing a classification model;
establishing a local area network through known Internet of things equipment, accessing the local area network to the Internet through a gateway, capturing a flow packet generated by the Internet of things equipment in daily life from the gateway, dividing the flow according to a fixed time interval, extracting statistical characteristics from the divided flow, using the statistical characteristics as characteristics, using the corresponding Internet of things equipment as a label, jointly constructing a data set, using the data set, using a random forest algorithm to construct a machine learning model, and training the machine learning model to form a classification mode;
b. classifying the Internet of things equipment;
and deploying the constructed machine learning model to a gateway, capturing flow packets generated by all the Internet of things devices in the local area network, dividing the flow according to the time interval when the machine learning model is constructed, extracting statistical characteristics from the divided flow as characteristics, inputting the characteristics into the classification model, and obtaining output which is the identified type of the Internet of things devices.
Specifically, the statistical characteristics include: flowVolume and flowVolume modes, flowVolume mean and flowVolume variance, flowRate and flowRate modes, flowRate mean and flowRate variance.
Specifically, the statistical characteristics further include: binary codes of port number classifications accessed by the internet of things devices, the number of occurrences of port numbers of the port number classifications, and the number of occurrences of streams of the TCP/UDP protocol.
In the invention, a fixed time window is used for segmenting the flow and extracting the characteristics, the selection of the time window can influence the classification effect, when the time window is short, such as 1min and 10min, abnormal flow can be quickly responded, meanwhile, the cost for storing and extracting the characteristics is low, but the flow related characteristics of some Internet of things equipment show high similarity in a short time, and the classification effect can be degraded; the time window is chosen longer as: at 30min and 1h, the cost for storing and extracting the features is high, but the flow related features show large deviation in a long time window and can generate a good classification effect, so that the scheme can be suitable for various scenes by balancing the cost for storing and extracting the features, for example, in an edge calculation scene, the requirement on cost is high, namely, the time window is properly shortened.
When the machine learning model is established, the flow segmentation is carried out at a plurality of different time intervals, then the characteristics are extracted, the classification effect is verified, and the machine learning model is deployed on gateway equipment after the balance of better expenditure and classification effect is realized.
The invention discloses a lightweight Internet of things equipment identification method based on stream characteristics. The invention uses DFI technology to construct features, avoids the situation that plaintext features are unavailable due to data encryption, improves the work efficiency of feature extraction, model construction and equipment identification in the process of equipment identification, greatly reduces the calculation and storage overhead of constructing classification models, is suitable for identifying the equipment of the Internet of things in the edge computing environment, greatly facilitates the work of network managers and further improves the system security of the network.
Drawings
FIG. 1 is a block flow diagram of the identification method of the present invention.
Fig. 2 is a schematic diagram of a cloud-edge network architecture.
Detailed Description
As shown in fig. 1, the method for identifying the internet of things device in the edge environment of the present invention includes the following operation steps:
the method comprises the following steps: and establishing a classification model.
The method comprises the steps of establishing a local area network through known Internet of things equipment, accessing the local area network to the Internet through a gateway, capturing a flow packet generated by the Internet of things equipment in daily life from the gateway, obtaining a file in a pcap format at the moment, and only containing the flow of interaction between the Internet of things equipment and an external network IP in the captured flow packet. And segmenting the pcap file according to a fixed time interval, and extracting statistical characteristics from the segmented flow. The extracted statistical properties include: flowVolume (sum of number of bytes uploaded and downloaded in bidirectional flow) and flowVolume mode, flowVolume mean and flowVolume variance, flowRate (duration of flowVolume/flow in bidirectional flow) and flowRate mode, flowRate mean and flowRate variance. In addition, the port number accessed by the internet of things device can also be used as part of the characteristics. In order to be suitable for a machine learning algorithm, the invention carries out the following processing on the characteristics related to the port number: first, port numbers are classified into three types: port numbers 0-1023 are port numbers fixedly allocated to certain services, classified as: port number class I; the port numbers 1024-49151 are port numbers loosely bound to some services, and are classified as: port number class II; the port numbers 49151-65535 are dynamic or private port numbers, and are classified as: port number class iii. Secondly, binary coding is carried out on the port numbers of the three categories, the number of times of occurrence of the port number of each category and the number of times of occurrence of the stream of the TCP/UDP protocol are recorded, and the number is marked as: (udpCnt, tcpCnt). The method comprises the steps of taking the flowVolume mode, the flowVolume average value, the flowVolume variance, the flowRate mode, the flowRate average value, the flowRate variance, the occurrence frequency of a port number type I, the occurrence frequency of a port number type II, the occurrence frequency of a port number type III, the number of TCP streams and the number of UDP streams as characteristics, taking corresponding Internet of things equipment as tags, jointly constructing a data set, utilizing the data set, using a random forest algorithm to construct a machine learning model, and training the machine learning model to form a classification mode.
The choice of a fixed time interval is also taken into account when building the machine learning model. The selection of the time window can affect the classification effect, when the time window is short, such as 1min and 10min, abnormal flow can be quickly responded, meanwhile, the cost for storing and extracting the features is low, but the flow-related features of some internet of things devices show high similarity in a short time, and the classification effect can be degraded; the time window is chosen longer as: at 30min and 1h, the cost for storing and extracting the features is high, but the flow related features show large deviation in a long time window, and a good classification effect is generated. And selecting a plurality of time windows to segment the flow and construct a model, evaluating the effect, training and classification time of the machine learning model, and selecting the optimal time window to construct the machine learning model.
The effect of the machine learning model can be evaluated using the following indices and calculation formulas:
(1) accuracy (Pr):
Figure DEST_PATH_IMAGE001
(2) Recall rate: (Re):
Figure 576199DEST_PATH_IMAGE002
(3) Accuracy (Acc):
Figure DEST_PATH_IMAGE003
(4)F1-score(F 1 ):
Figure 95604DEST_PATH_IMAGE004
Step two: and classifying the Internet of things equipment.
The established classification model is deployed on a gateway, flow packets generated by all Internet of things equipment in a local area network are captured, the flow is divided at a good time interval in the stage of constructing a machine learning model, and statistical characteristics are extracted from the divided flow to serve as characteristics. The statistical properties include the number of occurrences of the TCP/UDP protocol stream in step one (udpCnt, tcpCnt). And inputting the flowVolume mode, the flowVolume average value, the flowVolume variance, the flowRate mode, the flowRate average value, the flowRate variance, the occurrence frequency of the port number type I, the occurrence frequency of the port number type II, the occurrence frequency of the port number type III, the number of TCP (transmission control protocol) flows, the number of UDP (user datagram protocol) flows and the like into a classification model, and obtaining output which is the identified type of the Internet of things equipment. Wherein the captured flows are stored in pcap form, and the features and data sets are stored in csv form. The generated classification result is the specific model of the Internet of things equipment. The classification result generated by the classification model is the specific model of the equipment of the Internet of things, so that the classification of the equipment of the Internet of things is realized.
The method for identifying the internet of things equipment works on an edge gateway of a cloud-edge network architecture as shown in fig. 2, and identifies the equipment accessed to the network through the gateway. Through the above description of the embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
What is not described in detail in this specification is prior art to the knowledge of those skilled in the art.
The above-mentioned embodiments are merely preferred embodiments for fully illustrating the present invention, and the scope of the present invention is not limited thereto. The equivalent substitution or change made by the technical personnel in the technical field on the basis of the invention is all within the protection scope of the invention. The protection scope of the invention is subject to the claims.

Claims (3)

1. An Internet of things equipment identification method under an edge environment is characterized by comprising the following steps:
a. establishing a classification model:
establishing a local area network through known Internet of things equipment, accessing the local area network to the Internet through a gateway, capturing a flow packet generated by the Internet of things equipment in daily life from the gateway, dividing the flow according to a fixed time interval, extracting statistical characteristics from the divided flow, using the statistical characteristics as characteristics, using the corresponding Internet of things equipment as a label, jointly constructing a data set, using the data set, using a random forest algorithm to construct a machine learning model, and training the machine learning model to form a classification mode;
b. classifying the Internet of things equipment:
and deploying the constructed machine learning model to a gateway, capturing flow packets generated by all the Internet of things devices in the local area network, dividing the flow according to the time interval when the machine learning model is constructed, extracting statistical characteristics from the divided flow as characteristics, inputting the characteristics into the classification model, and obtaining output which is the identified type of the Internet of things devices.
2. The method for identifying the internet of things equipment in the edge environment according to claim 1, wherein the statistical characteristics comprise: flowVolume and flowVolume modes, flowVolume mean and flowVolume variance, flowRate and flowRate modes, flowRate mean and flowRate variance.
3. The method for identifying internet of things equipment in an edge environment according to claim 2, wherein the statistical characteristics further include: binary codes of port number classifications accessed by the internet of things devices, the number of occurrences of port numbers of the port number classifications, and the number of occurrences of streams of the TCP/UDP protocol.
CN202110070269.7A 2021-01-19 2021-01-19 Internet of things equipment identification method under edge environment Pending CN112769623A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110070269.7A CN112769623A (en) 2021-01-19 2021-01-19 Internet of things equipment identification method under edge environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110070269.7A CN112769623A (en) 2021-01-19 2021-01-19 Internet of things equipment identification method under edge environment

Publications (1)

Publication Number Publication Date
CN112769623A true CN112769623A (en) 2021-05-07

Family

ID=75703239

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110070269.7A Pending CN112769623A (en) 2021-01-19 2021-01-19 Internet of things equipment identification method under edge environment

Country Status (1)

Country Link
CN (1) CN112769623A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113191455A (en) * 2021-05-26 2021-07-30 平安国际智慧城市科技股份有限公司 Edge computing box election method and device, electronic equipment and medium
CN114328630A (en) * 2022-01-24 2022-04-12 嘉应学院 Equipment identification system based on thing networking
CN114462623A (en) * 2022-02-10 2022-05-10 电子科技大学 Data analysis method, system and platform based on edge calculation
CN114679318A (en) * 2022-03-25 2022-06-28 东南大学 Lightweight Internet of things equipment identification method in high-speed network
CN114880587A (en) * 2022-06-10 2022-08-09 国网福建省电力有限公司 Port scanning path recommendation method for Internet of things equipment
CN115021986A (en) * 2022-05-24 2022-09-06 中国科学院计算技术研究所 Construction method and device for Internet of things equipment identification deployable model
CN114880587B (en) * 2022-06-10 2024-08-02 国网福建省电力有限公司 Port scanning path recommending method of Internet of things equipment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109818793A (en) * 2019-01-30 2019-05-28 基本立子(北京)科技发展有限公司 For the device type identification of Internet of Things and network inbreak detection method
CN110380989A (en) * 2019-07-26 2019-10-25 东南大学 The polytypic internet of things equipment recognition methods of network flow fingerprint characteristic two-stage
CN110602041A (en) * 2019-08-05 2019-12-20 中国人民解放军战略支援部队信息工程大学 White list-based Internet of things equipment identification method and device and network architecture
CN110958305A (en) * 2019-11-15 2020-04-03 锐捷网络股份有限公司 Method and device for identifying terminal equipment of Internet of things
US20200219005A1 (en) * 2019-01-09 2020-07-09 International Business Machines Corporation Device discovery and classification from encrypted network traffic
CN111757365A (en) * 2020-06-03 2020-10-09 湃方科技(北京)有限责任公司 Abnormal equipment identification method and device in wireless network
CN112073988A (en) * 2020-07-31 2020-12-11 中国科学院信息工程研究所 Detection method for hidden camera in local area network
CN113591950A (en) * 2021-07-19 2021-11-02 中国海洋大学 Random forest network traffic classification method, system and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200219005A1 (en) * 2019-01-09 2020-07-09 International Business Machines Corporation Device discovery and classification from encrypted network traffic
CN109818793A (en) * 2019-01-30 2019-05-28 基本立子(北京)科技发展有限公司 For the device type identification of Internet of Things and network inbreak detection method
CN110380989A (en) * 2019-07-26 2019-10-25 东南大学 The polytypic internet of things equipment recognition methods of network flow fingerprint characteristic two-stage
CN110602041A (en) * 2019-08-05 2019-12-20 中国人民解放军战略支援部队信息工程大学 White list-based Internet of things equipment identification method and device and network architecture
CN110958305A (en) * 2019-11-15 2020-04-03 锐捷网络股份有限公司 Method and device for identifying terminal equipment of Internet of things
CN111757365A (en) * 2020-06-03 2020-10-09 湃方科技(北京)有限责任公司 Abnormal equipment identification method and device in wireless network
CN112073988A (en) * 2020-07-31 2020-12-11 中国科学院信息工程研究所 Detection method for hidden camera in local area network
CN113591950A (en) * 2021-07-19 2021-11-02 中国海洋大学 Random forest network traffic classification method, system and storage medium

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113191455A (en) * 2021-05-26 2021-07-30 平安国际智慧城市科技股份有限公司 Edge computing box election method and device, electronic equipment and medium
CN113191455B (en) * 2021-05-26 2024-06-07 平安国际智慧城市科技股份有限公司 Edge computing box election method and device, electronic equipment and medium
CN114328630A (en) * 2022-01-24 2022-04-12 嘉应学院 Equipment identification system based on thing networking
CN114328630B (en) * 2022-01-24 2023-06-23 嘉应学院 Equipment identification system based on Internet of things
CN114462623A (en) * 2022-02-10 2022-05-10 电子科技大学 Data analysis method, system and platform based on edge calculation
CN114462623B (en) * 2022-02-10 2023-05-26 电子科技大学 Data analysis method, system and platform based on edge calculation
CN114679318A (en) * 2022-03-25 2022-06-28 东南大学 Lightweight Internet of things equipment identification method in high-speed network
CN114679318B (en) * 2022-03-25 2024-04-23 东南大学 Lightweight Internet of things equipment identification method in high-speed network
CN115021986A (en) * 2022-05-24 2022-09-06 中国科学院计算技术研究所 Construction method and device for Internet of things equipment identification deployable model
CN114880587A (en) * 2022-06-10 2022-08-09 国网福建省电力有限公司 Port scanning path recommendation method for Internet of things equipment
CN114880587B (en) * 2022-06-10 2024-08-02 国网福建省电力有限公司 Port scanning path recommending method of Internet of things equipment

Similar Documents

Publication Publication Date Title
CN112769623A (en) Internet of things equipment identification method under edge environment
CN110011999B (en) IPv6 network DDoS attack detection system and method based on deep learning
US11201882B2 (en) Detection of malicious network activity
US10187401B2 (en) Hierarchical feature extraction for malware classification in network traffic
CN109600363B (en) Internet of things terminal network portrait and abnormal network access behavior detection method
US11895145B2 (en) Systems and methods for automatically selecting an access control entity to mitigate attack traffic
Lee et al. Effective value of decision tree with KDD 99 intrusion detection datasets for intrusion detection system
Lee et al. Detection of DDoS attacks using optimized traffic matrix
US8631464B2 (en) Method of detecting anomalous behaviour in a computer network
CN111277587A (en) Malicious encrypted traffic detection method and system based on behavior analysis
CN109450721B (en) Network abnormal behavior identification method based on deep neural network
US20150052606A1 (en) Method and a system to detect malicious software
CN111464485A (en) Encrypted proxy flow detection method and device
Papadopoulos et al. A novel graph-based descriptor for the detection of billing-related anomalies in cellular mobile networks
SG184120A1 (en) Method of identifying a protocol giving rise to a data flow
Lopez et al. Collecting and characterizing a real broadband access network traffic dataset
CN111464510B (en) Network real-time intrusion detection method based on rapid gradient lifting tree classification model
CN113821793A (en) Multi-stage attack scene construction method and system based on graph convolution neural network
Sacramento et al. Flowhacker: Detecting unknown network attacks in big traffic data using network flows
CN112003869A (en) Vulnerability identification method based on flow
Bahashwan et al. Flow-based approach to detect abnormal behavior in neighbor discovery protocol (NDP)
CN115333915B (en) Heterogeneous host-oriented network management and control system
Krasnov et al. Detecting DDoS attacks using the analysis of network traffic as dynamical system
CN116170227A (en) Flow abnormality detection method and device, electronic equipment and storage medium
Yang et al. Botnet detection based on machine learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210507

RJ01 Rejection of invention patent application after publication