CN112804189A - Cloud and mist cooperation-based intrusion detection method for Internet of vehicles - Google Patents

Cloud and mist cooperation-based intrusion detection method for Internet of vehicles Download PDF

Info

Publication number
CN112804189A
CN112804189A CN202011491452.6A CN202011491452A CN112804189A CN 112804189 A CN112804189 A CN 112804189A CN 202011491452 A CN202011491452 A CN 202011491452A CN 112804189 A CN112804189 A CN 112804189A
Authority
CN
China
Prior art keywords
data
cost
fog
cloud
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011491452.6A
Other languages
Chinese (zh)
Inventor
赖英旭
曹天浩
刘静
王一鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Technology
Original Assignee
Beijing University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Technology filed Critical Beijing University of Technology
Priority to CN202011491452.6A priority Critical patent/CN112804189A/en
Publication of CN112804189A publication Critical patent/CN112804189A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2415Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on parametric or probabilistic models, e.g. based on likelihood ratio or false acceptance rate versus a false rejection rate
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/243Classification techniques relating to the number of classes
    • G06F18/24323Tree-organised classifiers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/047Probabilistic or stochastic networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Computational Linguistics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Molecular Biology (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Computer Hardware Design (AREA)
  • Probability & Statistics with Applications (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Biology (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a cloud and mist cooperation-based intrusion detection method for Internet of vehicles, which mainly comprises three parts, including: step 1, a cloud and mist cooperative defense architecture is designed due to the fact that computing capacities of mist nodes and cloud servers are different, flow data are divided into normal data and suspicious data at the mist nodes with limited resources, the suspicious data are specifically classified on the cloud servers with powerful computing resources, and attack types are judged. And 2, due to the problems that the fog node resources are limited and the network environment is complex and changeable, suspicious data and benign data can be determined more quickly by detecting the data by adopting a CART decision tree algorithm. And 3, aiming at the problem of data imbalance in the scene of the Internet of vehicles, designing a cost sensitive CNN model, specifically classifying suspicious data and reducing the missing report rate of few attacks. The algorithm is evaluated on a vehicle networking data set in a simulation reality, and the method can obtain higher performance under the condition of lower resource demand.

Description

Cloud and mist cooperation-based intrusion detection method for Internet of vehicles
Technical Field
The invention relates to the technical field of Internet of vehicles network security, in particular to an Internet of vehicles intrusion detection method based on cloud and mist cooperation.
Background
The rapid development of intelligent transportation enables vehicles to communicate with adjacent vehicles or network infrastructure, and to acquire traffic conditions in time, thereby improving safety and efficiency, but also raising many safety issues. The development of the internet of vehicles has great potential safety hazard due to the attack of hackers, and an attacker can access the network and tamper confidential data by using a vulnerability, so that more accidents can be caused, and the significance of safe driving is changed. The attack may destroy the system function of the internet of vehicles, or may abuse the internet of vehicles for its own purpose. For example, some hackers may penetrate the vehicle internal network and use the external network to attack the vehicle by stealing the vehicle-mounted device, and then use the attacked abnormal vehicle to interfere with other users in the vehicle networking environment, which may seriously damage the benefit of the user and even threaten the personal safety of the user.
The internet of vehicles is a fast moving network with strong dynamics, so that the real-time performance of information sharing among vehicles is very important. Since the time of encounter between vehicles is short and rapid action is required on the received information, it is important to quickly determine the reliability of the information. Cryptography involves pairwise keys and overhead, involves computational cost, storage and time, and key theft can lead to intrusion into the internet of vehicles, making it more difficult to guard against attacks initiated from inside the vehicle. Therefore, intrusion detection systems must be deployed in the internet of vehicles network to detect attacks.
In addition to these safety-related challenges, the vehicle also needs to process data collected and received from other vehicles. If the collected traffic data is sent to the cloud to perform required calculation, and then the result is communicated to the vehicles, calculation and communication overhead among the vehicles can be limited, and the privacy of the vehicles can be improved. However, since the road information is time sensitive, this solution may be inefficient. In fog computing, where fog nodes are located between end users and the cloud, with roadside units as fog nodes, fog computing may be an alternative to road condition computing. In this case, the road side unit collects traffic data from vehicles within each road side unit area, and the road conditions are extracted by analyzing the collected data by the road side unit. Communication, detection, positioning between vehicles may be indirectly interacted through the fog nodes.
Therefore, in order to solve the information security problem of the internet of vehicles, the cloud and fog cooperation-based intrusion detection method for the internet of vehicles is provided, the particularity of the internet of vehicles compared with the original traditional internet is fully considered, and the characteristics of higher computing capacity, storage capacity and security requirements are mainly adopted, so that an intrusion detection model is constructed by machine learning and deep learning technologies which are broken through in various fields at present.
Disclosure of Invention
The invention aims to provide a method for detecting the intrusion of a vehicle networking network, which is used for solving the problem of high dynamic vehicle networking network safety. The technical scheme for solving the technical problems is as follows, and the cloud and mist cooperation-based intrusion detection method for the Internet of vehicles comprises the following steps:
step 1, converting the vehicle networking data into a feature vector data set, wherein the feature vector set specifically comprises information such as an 802.11p protocol IP address and type, time, a source IP, a destination IP, a protocol name, a packet size, a port number, a flag and the like in a UDP datagram and an IP datagram, and packet loss rate, communication link times and the like. Learning the characteristic vector data set by using a decision tree CART algorithm at the mist node with limited resources to obtain a decision tree CART classifier;
step 2, preliminarily classifying the data by adopting a decision tree CART at the fog node, and sending the preliminary classification result to a cloud server by the fog node;
and 3, deploying a cost sensitive CNN algorithm on the cloud server, and specifically classifying the data sent by the fog nodes.
The key technical points of the invention are as follows: the CART decision tree algorithm is adopted for the first time in the fog node detection of the Internet of vehicles, the algorithm has the characteristics of simple model and simple rule extraction, a binary tree-form simple decision tree is formed by utilizing a binary recursive splitting method, and the method is suitable for the requirements of limited fog node resources and real-time detection; according to the characteristics that the resources of the fog nodes are limited and the resources of the cloud server are unlimited, different computing tasks are distributed at the fog nodes and the cloud server, and the cooperative computing is realized: the data are divided into normal data and suspicious data by the fog node, the suspicious data are sent to the cloud server, and specific attack category detection is carried out on the cloud server; the cloud server side adopts cost sensitive CNN, namely a cost matrix is added between softmax and loss layers of the CNN, and parameters are automatically updated through joint optimization, so that the detection accuracy of the attack is improved.
The invention has the beneficial effects that:
the cloud computing method and the cloud computing system avoid the situation that all collected traffic data are sent to the cloud to execute required computation, reduce end-to-end time delay, detect the flow passing through the cloud nodes by adopting a CART algorithm, and meet the real-time requirement of the Internet of vehicles.
Secondly, the cloud and mist cooperative mode is adopted, so that the mist nodes and the cloud server work cooperatively, the storage and calculation advantages of different devices are better utilized, and the attack behavior in the environment is detected.
By improving the CNN algorithm, the unbalanced data in the actual scene can be better processed, the attack behavior can be accurately detected, and the safety of the data in the cloud server can be protected.
In conclusion, the attack behavior can be detected more quickly by adopting the CART algorithm, and the real-time requirement of the fog node is met. And by adopting a cloud and mist cooperative mode, resources in the mist nodes and the cloud server can be effectively utilized. At the Internet of vehicles server side, the detection accuracy rate of the unbalanced data can be improved based on the cost sensitive CNN method. The invention can detect abnormal behaviors from the network flow of the Internet of vehicles and protect the network security of the Internet of vehicles.
Drawings
Fig. 1 is a schematic view of the general structure of the present invention.
FIG. 2 is a schematic illustration of the cloud and mist cooperative detection of the present invention.
Fig. 3 is a model diagram of the CNN algorithm employed in the present invention.
Detailed Description
The principles and features of this invention are described below in conjunction with the following drawings, which are set forth by way of illustration only and are not intended to limit the scope of the invention.
Example one
In the first embodiment, a CART decision tree algorithm is adopted, the algorithm has the characteristics of simple model and simple rule extraction, a binary tree-form simple decision tree is formed by utilizing a binary recursive splitting method, and the method is suitable for an intrusion detection algorithm on a fog node. The algorithm principle is as follows:
step 1, calculating the GINI coefficient of each attribute in the attributes, and selecting the attribute with the minimum GINI coefficient as the splitting attribute of the root node. For the continuous attribute, calculating a segmentation threshold value, discretizing the continuous attribute according to the segmentation threshold value, and calculating a GINI coefficient of the continuous attribute; for the discrete attribute, the sample set needs to be divided according to the possible subsets of the discrete attribute value, if there are N discrete attributes, then there are 2 effective subsetsn-2, then selecting the subset with the smallest GINI coefficient as the partition of the discrete attribute, the smallest GINI coefficient being the GINI coefficient of the discrete attribute.
Calculation of the GINI coefficient:
(1) assume the entire sample set is S and the class set is { C1,C2,...,CnDividing the data into n classes, each class corresponding to a sample subset Si. Let | S | be the number of samples in the sample set S, | CiI is the class C in the sample set SiThe number of samples of (1), the GINI coefficient of the sample set is defined as follows
Figure BDA0002840861320000051
Wherein p isi=|CiI/S I belongs to class C for sample set sampleiThe probability of (c).
(2) When there is only binary splitting, the subset S into which S is divided for the attribute A in the training sample set S1And S2The GINI coefficient for a given partition S is as follows
Figure BDA0002840861320000052
And the k-th subset occupies the weight of the whole sample set.
If the split attribute is a continuous attribute, dividing the sample set into two parts of T and T according to the value of the attribute, wherein T is a division threshold value of the continuous attribute; if the split attribute is a discrete attribute, the sample set is divided into two parts according to whether the value of the attribute is contained in the true subset of the discrete attribute with the minimum GINI coefficient.
Step 3, two sample subsets S corresponding to the splitting attribute of the root node1And S2And recursively establishing child nodes of the tree by adopting the same method as the step 1. And the process is circulated until the samples in all the child nodes belong to the same category or no attribute which can be selected as the splitting attribute exists.
And 4, pruning the generated decision tree.
Based on the method, the invention adopts detection time and recall (recall) evaluation indexes commonly used in the field of machine learning to evaluate the effectiveness and reliability of the algorithm. The evaluation criteria are defined as follows:
detection time T2 (detection completion time) -T1 (start detection time)
Figure BDA0002840861320000061
Example two
As shown in fig. 1, the second embodiment is a schematic diagram of the general structure of the invention in the environment of internet of vehicles, and the general structure is mainly divided into three parts: cloud server, fog node and terminal equipment. As shown in fig. 2, in order to reasonably utilize resources in the cloud computing and cloud computing system and effectively execute the intrusion detection task, the cloud and mist cooperative detection method of the present invention includes:
and step 21, the fog node classifies the data into normal data and suspicious data according to a second classification. And if the fog node detects normal data, the normal data is processed locally, and the data sent to the cloud server is reduced, so that the user privacy data in the intelligent transportation environment is protected.
And step 22, on the fog node, if the detected data is abnormal data, the fog node sends the abnormal data to the cloud server.
And step 23, performing multi-classification on the abnormal data by adopting a cost sensitive CNN algorithm at the cloud server to obtain a specific attack type.
And 24, the response system in the cloud server sends the result to an administrator at the fog node end, and the administrator can find the infected intelligent equipment and take corresponding measures. Therefore, cooperative work of the fog nodes and the cloud server is achieved.
EXAMPLE III
Embodiment three is an improvement to the CNN algorithm employed on the cloud server. In real life, a large amount of normal traffic and a small amount of abnormal traffic exist in network traffic passing through intelligent traffic fog nodes, so the method and the system attempt to apply cost-sensitive automatic learning to a convolutional neural network of unbalanced data.
Step 1, the invention provides a new cost matrix xi for modifying the last layer of CNN, between softmax and loss layer. The invention introduces a new cost matrix to enable the algorithm model to correctly classify the infrequent classes. Thus, CNN output O is modified using cost matrix ξ according to cross-entropy loss function F as follows:
Figure BDA0002840861320000071
wherein y is(i)Represents the modified output, p represents the desired class,
Figure BDA0002840861320000072
representing a function, in particular a cross-entropy loss function, O(i)Is the output of the CNN, and,
Figure BDA0002840861320000073
indicating that the modified desired class will output a higher value than the other classes.
Step 2, the method solves the class imbalance problem in CNN training, and introduces a cost sensitive error function which can be expressed as average loss on the training set
Figure BDA0002840861320000074
Wherein the predicted output y before the loss layer is influenced by parameters theta and xi, theta is CNN parameter, xi is cost matrix parameter, M is total number of training set, N represents total number of neurons of the output layer, l (d)(i),y(i) θξ) For the cross entropy loss function, d ∈ {0, 1}1×NIs the desired output (Σ)ndn:=1),y(i)The softmax value obtained is shown. When the model does not work well on the training set, the error is larger, and the learning algorithm aims to find the optimal parameters (theta, xi), so that the average loss of the cost is reduced. Thus optimizing the objective of
*,ξ*) Argmin E (θ, ξ) (equation 4)
The penalty function in the equation selects a cross-entropy penalty function that maximizes the closeness of the prediction to the desired output, as follows:
l(d,y)=-∑n(dnlog yn) (formula 5)
dnIs the desired output (Σ)ndn:=1),ynThe softmax value obtained is shown. Wherein y isnClass dependent cost matrix and output o from the softmax functionnCorrelation, the following formula is the position where the cost matrix is added:
Figure BDA0002840861320000081
wherein the softmax output of the nth element is
Figure BDA0002840861320000082
Which is the ratio of the index of the nth element to the sum of the indices of all elements.
Step 3, learning optimal parameters
When the cross entropy loss function is used, the goal is to learn the parameter θ and the class dependent loss function parameter ξ together. For joint optimization, the two types of parameters are solved alternately by keeping one fixed parameter and minimizing the cost of the other parameter. The algorithm is as follows:
Figure BDA0002840861320000083
Figure BDA0002840861320000091
the CNN algorithm is improved by adopting the method, and the improved algorithm is applied to a cloud server of intelligent transportation, so that the classification of intrusion data is realized.
Step 4, the structure of the CNN model is shown in fig. 3. The model consists of two convolutional layers, two pooling layers, a fully-connected layer and a dropout layer, and a softmax classifier.
Based on the method, the invention adopts the detection accuracy (precision) evaluation index commonly used in the field of machine learning to evaluate the effectiveness and reliability of the algorithm. The evaluation criteria are defined as follows:
Figure BDA0002840861320000092
it should be understood that although the description is made in terms of embodiments, not every embodiment includes only a single embodiment, and such description is for clarity only, and those skilled in the art will recognize that the embodiments described herein may be combined as appropriate, and implemented as would be understood by those skilled in the art.

Claims (5)

1. A vehicle networking intrusion detection method based on cloud and mist cooperation is characterized in that: the cloud and mist collaborative data classification method is adopted, a decision tree CART classifier is adopted for rough classification at mist nodes, and a cost sensitive CNN algorithm is adopted for specific classification of a cloud server, and the method comprises the following steps:
step 1, converting the vehicle networking data into a feature vector data set, wherein the feature vector set specifically comprises an 802.11p protocol IP address and type, time, source IP, destination IP, protocol name, packet size, port number and flag information in UDP datagram and IP datagram, packet loss rate and communication link frequency. Learning the feature vector data set by utilizing a decision tree CART algorithm at the mist node with limited resources to obtain a decision tree CART classifier;
step 2, preliminarily classifying the feature vector data sets at the fog nodes by adopting a decision tree CART, and sending the preliminarily classified feature vector data to a cloud server;
and 3, deploying a cost-sensitive CNN algorithm on the cloud server, wherein the cost-sensitive CNN algorithm is used for specifically classifying the data sent by the fog nodes.
2. The cloud-fog-collaboration-based intrusion detection method for the internet of vehicles according to claim 1, wherein the preliminary classification at the fog nodes in the step 2 by using a decision tree CART algorithm comprises:
a CART decision tree algorithm is adopted in the fog node detection of the Internet of vehicles, the CART decision tree forms a simple decision tree in a binary tree form by selecting the attribute with the minimum GINI coefficient as the splitting attribute of the root node and utilizing a binary recursion splitting method, the efficiency is highest when the fog nodes are subjected to binary classification, and the method is suitable for the requirements of limited fog node resources and real-time detection.
3. The cloud-fog-collaboration-based intrusion detection method for the internet of vehicles according to claim 1, wherein in the step 2, different computing tasks are distributed to the fog nodes and the cloud server to realize collaboration, and the specific collaboration steps include:
and step 21, the fog node classifies the data into normal data and suspicious data according to a second classification. And if the fog node detects normal data, the normal data is processed locally, and the data sent to the cloud server is reduced, so that the user privacy data in the intelligent transportation environment is protected.
And step 22, on the fog node, if the detected data is abnormal data, the fog node sends the data to the cloud server.
And step 23, performing multi-classification on the abnormal data by using a cost sensitive CNN algorithm on the cloud server to obtain a specific attack type.
And 24, the response system in the cloud server sends the result to an administrator at the fog node end, and the administrator finds the infected intelligent equipment and takes measures to realize the cooperative work of the fog node and the cloud server.
4. The cloud-fog-collaboration-based intrusion detection method for the internet of vehicles according to claim 1, wherein in the step 3, the cost sensitive CNN adds a cost matrix ξ between softmax and loss layer of CNN, and updates parameters automatically through joint optimization, specifically comprising:
and 31, transmitting the suspicious data screened out by the fog nodes to a cost sensitive CNN algorithm, updating the data labels, and changing the data labels into specific attack labels. In order to reduce the influence of the class imbalance on the algorithm, the last layer of the CNN is modified, and a cost matrix is added between the softmax layer and the loss layer;
step 32, before calculating the classification loss, the result of the cost matrix is compressed to [0,1], and the loss function adopts a cross entropy loss function;
step 33, the position where the cost matrix xi is added, in the formula of softmax
Figure FDA0002840861310000021
Multiplying the exponent value of each element by a corresponding cost value, wherein all the cost values form the value of a cost matrix, and o in the formula of softmaxnRepresenting output through two layers of CNN.
Step 34, when the cross entropy loss function is used, updating a cost sensitive CNN parameter theta and a cost matrix parameter xi, and updating the theta and xi by adopting a joint optimization mode;
5. step 34 of claim 4 updates θ and ξ in a joint optimization manner, specifically including:
for the optimization of θ, a random gradient descent with error back propagation is used, step 51. To optimize ξ, the gradient descent algorithm is used again to calculate the direction of the step size to update the parameters, as follows;
step 52, establishing a cost sensitive CNN network, initializing a neural network parameter theta, and setting a cost matrix and error initialization as 1;
step 53, starting an epoch cycle until the maximum epoch number is reached;
step 54, calculating gradient grad (x, d, F (ξ)), and updating gradient parameters, wherein x is data, and d is a data label;
step 55, in the batch loop, carrying out forward propagation to obtain output, carrying out backward propagation to obtain gradient, updating network parameters, and exiting the loop when the maximum batch number is reached;
step 56, forward propagation is carried out to obtain errors, if the errors are larger than the set errors, the learning rate of the cost matrix is reduced by 100 times, and the errors are updated;
step 57, stopping the epoch cycle and quitting the cycle;
and 58, obtaining the optimal values of the cost matrix parameter xi and the learning parameter theta. And training the cost-sensitive CNN algorithm by using the feature vector data set to be identified to obtain the cost-sensitive CNN algorithm classifier.
CN202011491452.6A 2020-12-17 2020-12-17 Cloud and mist cooperation-based intrusion detection method for Internet of vehicles Pending CN112804189A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011491452.6A CN112804189A (en) 2020-12-17 2020-12-17 Cloud and mist cooperation-based intrusion detection method for Internet of vehicles

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011491452.6A CN112804189A (en) 2020-12-17 2020-12-17 Cloud and mist cooperation-based intrusion detection method for Internet of vehicles

Publications (1)

Publication Number Publication Date
CN112804189A true CN112804189A (en) 2021-05-14

Family

ID=75806869

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011491452.6A Pending CN112804189A (en) 2020-12-17 2020-12-17 Cloud and mist cooperation-based intrusion detection method for Internet of vehicles

Country Status (1)

Country Link
CN (1) CN112804189A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117319095A (en) * 2023-11-29 2023-12-29 杭州海康威视数字技术股份有限公司 Fuzzy logic-based threat light-weight collaborative detection method and device for Internet of things

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7818797B1 (en) * 2001-10-11 2010-10-19 The Trustees Of Columbia University In The City Of New York Methods for cost-sensitive modeling for intrusion detection and response
CN106611189A (en) * 2016-06-28 2017-05-03 四川用联信息技术有限公司 Method for constructing integrated classifier of standardized multi-dimensional cost sensitive decision-making tree
CN106611036A (en) * 2016-06-20 2017-05-03 四川用联信息技术有限公司 Improved multidimensional scaling heterogeneous cost-sensitive decision tree building method
CN109358608A (en) * 2018-11-28 2019-02-19 广东电网有限责任公司 A kind of transformer state methods of risk assessment and device based on integrated study

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7818797B1 (en) * 2001-10-11 2010-10-19 The Trustees Of Columbia University In The City Of New York Methods for cost-sensitive modeling for intrusion detection and response
CN106611036A (en) * 2016-06-20 2017-05-03 四川用联信息技术有限公司 Improved multidimensional scaling heterogeneous cost-sensitive decision tree building method
CN106611189A (en) * 2016-06-28 2017-05-03 四川用联信息技术有限公司 Method for constructing integrated classifier of standardized multi-dimensional cost sensitive decision-making tree
CN109358608A (en) * 2018-11-28 2019-02-19 广东电网有限责任公司 A kind of transformer state methods of risk assessment and device based on integrated study

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
丁艳军: "面向车联网的车辆攻击方法及入侵检测技术研究", 《中国优秀硕博士学位论文全文数据库(硕士)》 *
董伟豪: "云雾一体化软定义车联网架构和性能优化", 《中国优秀硕博士学位论文全文数据库(硕士)》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117319095A (en) * 2023-11-29 2023-12-29 杭州海康威视数字技术股份有限公司 Fuzzy logic-based threat light-weight collaborative detection method and device for Internet of things
CN117319095B (en) * 2023-11-29 2024-02-13 杭州海康威视数字技术股份有限公司 Fuzzy logic-based threat light-weight collaborative detection method and device for Internet of things

Similar Documents

Publication Publication Date Title
Yang et al. MTH-IDS: A multitiered hybrid intrusion detection system for internet of vehicles
Li et al. Deep learning in security of internet of things
CN111970309B (en) Spark Internet of vehicles based combined deep learning intrusion detection method and system
Bangui et al. A hybrid machine learning model for intrusion detection in VANET
Chauhan et al. A comparative study of classification techniques for intrusion detection
Sethi et al. Deep reinforcement learning based intrusion detection system for cloud infrastructure
US10504038B2 (en) Refined learning data representation for classifiers
KR20130126814A (en) Traffic flooding attack detection and in-depth analysis devices and method using data mining
Türkoğlu et al. Recognition of DDoS attacks on SD-VANET based on combination of hyperparameter optimization and feature selection
CN113821793B (en) Multi-stage attack scene construction method and system based on graph convolution neural network
Anzer et al. A multilayer perceptron-based distributed intrusion detection system for internet of vehicles
Khedr et al. FMDADM: A multi-layer DDoS attack detection and mitigation framework using machine learning for stateful SDN-based IoT networks
CN114372530A (en) Abnormal flow detection method and system based on deep self-coding convolutional network
Banafshehvaragh et al. Intrusion, anomaly, and attack detection in smart vehicles
Jing et al. [Retracted] Detection of DDoS Attack within Industrial IoT Devices Based on Clustering and Graph Structure Features
Kamalov et al. Orthogonal variance-based feature selection for intrusion detection systems
Alkhatib et al. Unsupervised network intrusion detection system for AVTP in automotive Ethernet networks
Al-Fawa'reh et al. Detecting stealth-based attacks in large campus networks
Radivilova et al. Analysis of anomaly detection and identification methods in 5G traffic
CN112804189A (en) Cloud and mist cooperation-based intrusion detection method for Internet of vehicles
Zhang et al. Many-objective optimization based intrusion detection for in-vehicle network security
CN116633682B (en) Intelligent identification method and system based on security product risk threat
CN113079167A (en) Internet of vehicles intrusion detection method and system based on deep reinforcement learning
Raja Sree et al. HAP: detection of HTTP flooding attacks in cloud using diffusion map and affinity propagation clustering
CN114330504A (en) Network malicious traffic detection method based on Sketch

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20210514

WD01 Invention patent application deemed withdrawn after publication