CN112968816B - Method and system for screening abnormality of Internet of things equipment through flow abnormality detection - Google Patents

Method and system for screening abnormality of Internet of things equipment through flow abnormality detection Download PDF

Info

Publication number
CN112968816B
CN112968816B CN202110272964.1A CN202110272964A CN112968816B CN 112968816 B CN112968816 B CN 112968816B CN 202110272964 A CN202110272964 A CN 202110272964A CN 112968816 B CN112968816 B CN 112968816B
Authority
CN
China
Prior art keywords
data
flow
abnormality
equipment
log
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110272964.1A
Other languages
Chinese (zh)
Other versions
CN112968816A (en
Inventor
李霁远
孙歆
孙昌华
李沁园
戴桦
徐宏
周辉
汪自翔
徐梦宇
边珊
陈云
林蓓
杨中豪
周星宇
刘航宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Wudun Information Technology Co ltd
Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Shanghai Wudun Information Technology Co ltd
Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Wudun Information Technology Co ltd, Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd filed Critical Shanghai Wudun Information Technology Co ltd
Priority to CN202110272964.1A priority Critical patent/CN112968816B/en
Publication of CN112968816A publication Critical patent/CN112968816A/en
Application granted granted Critical
Publication of CN112968816B publication Critical patent/CN112968816B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0823Errors, e.g. transmission errors
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention discloses a method and a system for screening abnormality of Internet of things equipment through flow abnormality detection. The technical scheme adopted by the invention is as follows: 1) mirroring the flow passing through the switch to obtain the IP address and the specific flow information of the equipment in the network and generating a flow log; 2) monitoring a flow log directory or a log file by using a log data collector of a local file, acquiring real-time log data and temporarily storing the real-time log data; 3) collecting characteristic value data, synthesizing a time sequence vector through log vectorization, and monitoring flow abnormity of multiple dimensions on different equipment by using a method for detecting time sequence abnormity based on prediction; 4) and carrying out hierarchical processing on the abnormal information obtained by time series abnormal detection. The invention optimizes the mode of equipment abnormity detection by using a means of flow abnormity analysis, and greatly reduces the pressure of abnormity analysis requiring a large amount of occupied equipment resources on equipment load in a service scene.

Description

Method and system for screening abnormality of Internet of things equipment through flow abnormality detection
Technical Field
The invention belongs to the field of anomaly detection of equipment of the Internet of things, and particularly relates to a method and a system for screening anomaly of equipment of the Internet of things through flow anomaly detection.
Background
Along with the use of the internet of things in various fields of production and life is more and more extensive, especially in an electric power system, the number of terminals of the internet of things is huge and various, and along with the intellectualization of the electric power system, the number and the types of the terminals can be further increased, so that great pressure is brought to the safety protection and operation and maintenance of the electric power system. Therefore, it is necessary to reduce the equipment resources occupied by the safety protection and operation and maintenance of the power system and reduce the pressure on the system caused by the abnormal detection.
Because the number of terminals of the internet of things is large, for some types of equipment, a traditional abnormality detection method for the equipment is used, and therefore a large amount of resources are consumed for performing abnormality detection on all the equipment, and the abnormality detection is difficult to achieve. For example, for the anomaly detection of a camera device, if an image is taken according to time granularity by an image processing method to perform anomaly detection on the image, a great pressure is applied to a system, and in addition, if the time granularity for taking the image is increased to reduce the pressure of the anomaly detection on the system, some time sequence information in a video stream is inevitably lost, so that some time sequence related anomalies are difficult to detect.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provides a method and a system for screening the abnormality of the internet of things equipment by detecting the flow abnormality of the internet of things equipment.
Therefore, the invention adopts the following technical scheme: the method for detecting and screening the abnormality of the Internet of things equipment through flow abnormality comprises the following steps:
1) mirroring the flow passing through the switch to obtain the IP address and the specific flow information of the equipment in the network and generating a flow log;
2) monitoring a log directory or a log file by using a log data collector of a local file, acquiring real-time log data and temporarily storing the real-time log data;
3) collecting characteristic value data, synthesizing a time sequence vector through log vectorization, and monitoring flow abnormity of multiple dimensions on different equipment by using a method for detecting time sequence abnormity based on prediction;
4) carrying out classification processing on the abnormal information obtained by time series abnormal detection, wherein the classification processing comprises I-level classification and II-level classification;
classification of fraction I: based on the traffic data anomaly model, directly judging the anomaly information as abnormal operation and directly reporting the abnormal operation;
class II: after the flow is judged to be abnormal preliminarily, when detailed contents of abnormal information cannot be further acquired, the probe server is instructed to issue corresponding active scanning tasks for different types of Internet of things equipment, and further abnormal analysis is performed on the current equipment to acquire more detailed abnormal data.
The invention optimizes the mode of equipment abnormity detection by using a means of flow abnormity analysis, captures the abnormity information of the equipment while keeping the time sequence abnormity information, and greatly relieves the pressure of the current abnormity analysis method which needs to occupy a large amount of equipment resources on equipment load in a service scene.
Further, the specific content of step 3) is as follows: aiming at each different device to be monitored, each time sequence data P is in time sequencetExtracting n communication data traffic packets of the device within 5 minutes:
Pt={p1,p2,p3,…,pn},
extracting m features from each packet to form a time series vector:
one of the timing characteristic matrices of each different data to be monitored is expressed as:
Figure BDA0002975378280000021
and for the time sequence characteristic matrix F of each different device, performing flow abnormity monitoring on the different devices by using a method for performing time sequence abnormity detection based on prediction.
Further, the method for detecting the time sequence abnormity based on the prediction comprises Holt-Winters, time sequence data decomposition, ARMA series algorithm and a deep learning model.
Further, the flow data abnormity model is formed by integrating a moving average autoregressive model and a neural network model.
Further, when the class II classification processing is performed on the abnormal information in the step 4), for the video device, according to a manufacturer of the video device, the probe server is used to obtain real-time data stream data of the device, several latest video screenshots are intercepted, the features of each screenshot are calculated, and a trained image abnormal recognition model is used to further judge the specific abnormal condition of the video device.
Further, when performing class II classification processing on the abnormal information in step 4), for the sensing terminal, according to the reported path, the probe server is used to obtain the latest data reported by the device, compare the historical data reported by the terminal, determine the deviation value of the latest data, and further report the specific abnormal condition of the device if the deviation value is greater than the threshold value.
The invention adopts another technical scheme that: through unusual system of screening thing networking equipment of flow anomaly detection, it includes:
a flow log generating unit for mirroring the flow passing through the switch to obtain the IP address and the specific flow information of the equipment in the network and generating a flow log;
the real-time log data acquisition unit monitors a flow log directory or a log file by using a log data collector of a local file, acquires real-time log data and temporarily stores the real-time log data;
the flow abnormity monitoring unit is used for acquiring characteristic value data, synthesizing a time sequence vector through log vectorization, and monitoring flow abnormity of multiple dimensions on different equipment by using a method for detecting time sequence abnormity based on prediction;
the abnormal information grading processing unit is used for grading the abnormal information obtained by time series abnormal detection and comprises I-grade classification and II-grade classification;
classification of fraction I: based on the traffic data anomaly model, directly judging the anomaly information as abnormal operation and directly reporting the abnormal operation;
class II: after the flow is judged to be abnormal preliminarily, when detailed contents of abnormal information cannot be further acquired, the probe server is instructed to issue corresponding active scanning tasks for different types of Internet of things equipment, and further abnormal analysis is performed on the current equipment to acquire more detailed abnormal data.
Further, the specific content of the flow anomaly monitoring unit is as follows: aiming at each different device to be monitored, each time sequence data P is in time sequencetExtracting n communication data traffic packets of the device within 5 minutes:
Pt={p1,p2,p3,…,pn},
extracting m features from each packet to form a time series vector:
one of the timing characteristic matrices of each different data to be monitored is expressed as:
Figure BDA0002975378280000031
for the time sequence characteristic matrix F of each different device, monitoring the flow abnormity of the different devices by a method for detecting the time sequence abnormity based on prediction;
the method for detecting the time sequence abnormity based on the prediction comprises Holt-Winters, time sequence data decomposition, an ARMA series algorithm and a deep learning model.
Further, the flow data abnormity model is formed by integrating a moving average autoregressive model and a neural network model.
Further, when the abnormal information is subjected to II-level classification processing in the abnormal information classification processing unit, aiming at the video equipment, according to a manufacturer of the video equipment, the probe server is used for acquiring real-time data flow data of the equipment, capturing a plurality of latest video screenshots, calculating the characteristics of each screenshot, and further judging the specific abnormal condition of the video equipment by using a trained image abnormal recognition model; aiming at the induction terminal, according to the reported path, the probe server is utilized to obtain the latest reported data of the equipment, the historical data reported by the terminal is compared, the deviation value of the latest data is judged, and if the deviation value is larger than the threshold value, the specific abnormal condition of the equipment is further reported.
The invention has the following beneficial effects: according to the method, the abnormity is detected and positioned in the flow abnormity detection stage, so that whether the abnormity can be directly obtained or not is screened, or the data is continuously obtained for abnormity detection, time sequence and non-time sequence abnormal information is obtained in the flow detection stage, the time sequence information loss caused by the reduction of equipment load in the traditional abnormity detection task aiming at the Internet of things equipment is avoided, the expense of abnormity detection is greatly reduced, and the resource waste of abnormity detection is avoided.
Drawings
Fig. 1 is a flowchart of a method for screening abnormality of internet of things equipment through flow abnormality detection according to the present invention.
Detailed Description
The technical scheme of the invention is further explained in detail by combining the detailed description and the attached drawings of the specification.
Example 1
The embodiment provides a method for detecting and screening abnormality of internet of things equipment through flow abnormality, which comprises the following steps:
1) mirroring the flow passing through the switch to obtain the IP address and the specific flow information of the equipment in the network and generating a flow log;
2) monitoring a log directory or a log file by using a log data acquisition unit of a local file, acquiring real-time log data and temporarily storing the real-time log data;
3) collecting characteristic value data, synthesizing a time sequence vector through log vectorization, and monitoring flow abnormity of multiple dimensions on different equipment by using a method for detecting time sequence abnormity based on prediction;
4) carrying out classification processing on the abnormal information, wherein the classification processing comprises I-level classification and II-level classification;
classification of fraction I: based on the traffic data anomaly model, directly judging the anomaly information as abnormal operation and directly reporting the abnormal operation;
class II: after the flow anomaly is preliminarily determined, when detailed contents of anomaly information cannot be further acquired, a probe server is instructed to issue corresponding active scanning tasks for different types of Internet of things equipment according to high-level flow anomaly alarms, and further anomaly analysis is performed on the current equipment to acquire more detailed anomaly data.
In step 3), aiming at each different device to be monitored, each time sequence data P is in time sequencetExtracting n communication data traffic packets of the device within 5 minutes:
Pt={p1,p2,p3,pn}
each packet extracts 72 features to form a vector:
Figure BDA0002975378280000041
Figure BDA0002975378280000051
Figure BDA0002975378280000061
one of the timing signature matrices for each different data to be monitored can be expressed as:
Figure BDA0002975378280000062
for the time sequence feature matrix F of each different device, the common method for detecting the time sequence abnormality based on prediction, including but not limited to Holt-Winters, time sequence data decomposition (STL), ARMA series algorithm, deep learning model, etc., is used to monitor the flow abnormality of the different devices.
Then, in order to avoid the waste of resources, the abnormal information is processed in a grading way:
classification of fraction I: based on the traffic data exception model, the abnormal operation can be directly judged, for example, the offline operation is directly reported to an application scene, and the effect of quick response is achieved.
Class II: after the flow anomaly is preliminarily determined, when detailed anomaly content cannot be further obtained, the device anomaly is obtained by different means for different types of internet of things devices aiming at high-level flow anomaly alarms, for example, for a video device, according to a manufacturer of the video device, real-time data flow data of the device is obtained by a probe server, a plurality of latest video screenshots are intercepted, the characteristics (such as a brightness mean value, a color temperature value and the like) of each screenshot are calculated, and the specific anomaly (such as a black screen, a brightness anomaly, a color cast and the like) of the video device is further judged by using a trained image anomaly identification model; aiming at the induction terminal, according to the reported path, the probe server is used for obtaining the latest reported data of the equipment, comparing the historical data reported by the terminal, judging the deviation value of the latest data, and if the deviation value is larger than the threshold value, further reporting the detailed abnormity of the equipment.
The abnormity is detected and positioned in the flow abnormity detection stage, so that whether the abnormity can be directly obtained or not is screened, or the data is continuously obtained for abnormity detection.
Example 2
The embodiment provides a system for detecting and screening internet of things equipment abnormality through flow abnormality, which includes:
a flow log generating unit for mirroring the flow passing through the switch to obtain the IP address and the specific flow information of the equipment in the network and generating a flow log;
the real-time log data acquisition unit monitors a flow log directory or a log file by using a log data collector of a local file, acquires real-time log data and temporarily stores the real-time log data;
the flow abnormity monitoring unit is used for acquiring characteristic value data, synthesizing a time sequence vector through log vectorization, and monitoring flow abnormity of multiple dimensions on different equipment by using a method for detecting time sequence abnormity based on prediction;
the abnormal information grading processing unit is used for grading the abnormal information obtained by time series abnormal detection and comprises I-grade classification and II-grade classification;
classification of fraction I: based on the traffic data anomaly model, directly judging the anomaly information as abnormal operation and directly reporting the abnormal operation;
class II: after the flow is judged to be abnormal preliminarily, when detailed contents of abnormal information cannot be further acquired, the probe server is instructed to issue corresponding active scanning tasks for different types of Internet of things equipment, and further abnormal analysis is performed on the current equipment to acquire more detailed abnormal data.
The specific content of the flow abnormity monitoring unit is as follows: aiming at each different device to be monitored, each time sequence data P is in time sequencetThe extraction being carried out in 5 minutesn communication data traffic packets:
Pt={p1,p2,p3,…,pn},
extracting m features from each packet to form a time series vector:
one of the timing characteristic matrices of each different data to be monitored is expressed as:
Figure BDA0002975378280000081
for the time sequence characteristic matrix F of each different device, monitoring the flow abnormity of the different devices by a method for detecting the time sequence abnormity based on prediction;
the method for detecting the time sequence abnormity based on the prediction comprises Holt-Winters, time sequence data decomposition, an ARMA series algorithm and a deep learning model.
The flow data abnormity model is formed by integrating a moving average autoregressive model and a neural network model.
When the abnormal information is subjected to II-level classification processing in the abnormal information classification processing unit, aiming at video equipment, according to a manufacturer of the video equipment, a probe server is used for acquiring real-time data flow data of the equipment, a plurality of latest video screenshots are intercepted, the characteristics of each screenshot are calculated, and the specific abnormal condition of the video equipment is further judged by using a trained image abnormal recognition model; aiming at the induction terminal, according to a reported path, the probe server is utilized to obtain the latest reported data of the equipment, historical data reported by the terminal are compared, the deviation value of the latest data is judged, and if the deviation value is larger than a threshold value, the specific abnormal condition of the equipment is further reported.
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made to the described embodiments or alternatives may be employed by those skilled in the art without departing from the spirit or scope of the invention as defined in the appended claims.

Claims (10)

1. The method for detecting and screening the abnormality of the Internet of things equipment through flow abnormality is characterized by comprising the following steps:
1) mirroring the flow passing through the switch to obtain the IP address and the specific flow information of the equipment in the network and generating a flow log;
2) monitoring a flow log directory or a log file by using a log data collector of a local file, acquiring real-time log data and temporarily storing the real-time log data;
3) collecting characteristic value data, synthesizing a time sequence vector through log vectorization, and monitoring flow abnormity of multiple dimensions on different equipment by using a method for detecting time sequence abnormity based on prediction;
4) carrying out classification processing on the abnormal information obtained by time series abnormal detection, wherein the classification processing comprises I-level classification and II-level classification;
classification of fraction I: based on the traffic data anomaly model, directly judging the anomaly information as abnormal operation and directly reporting the abnormal operation;
class II: after the flow is judged to be abnormal preliminarily, when detailed contents of abnormal information cannot be further acquired, the probe server is instructed to issue corresponding active scanning tasks for different types of Internet of things equipment, and further abnormal analysis is performed on the current equipment to acquire more detailed abnormal data.
2. The method for screening the abnormality of the internet of things equipment through traffic abnormality detection according to claim 1, wherein the specific content of the step 3) is as follows: aiming at each different device to be monitored, each time sequence data P is in time sequencetExtracting n communication data traffic packets of the device within 5 minutes:
Pt={p1,p2,p3,…,pn},
extracting m features from each packet to form a time series vector:
one of the timing characteristic matrices of each different data to be monitored is expressed as:
Figure FDA0002975378270000011
and for the time sequence characteristic matrix F of each different device, performing flow abnormity monitoring on the different devices by using a method for performing time sequence abnormity detection based on prediction.
3. The method for screening the abnormality of the internet of things equipment through flow abnormality detection according to claim 2, wherein the method for performing time series abnormality detection based on prediction comprises Holt-Winters, time series data decomposition, ARMA series algorithms and a deep learning model.
4. The method for screening abnormality of equipment of the internet of things through traffic abnormality detection according to any one of claims 1 to 3, wherein the traffic data abnormality model is formed by integrating a moving average autoregressive model and a neural network model.
5. The method for detecting and screening the abnormality of the internet of things device according to the flow abnormality as recited in any one of claims 1 to 3, wherein when the abnormality information is subjected to class II classification processing in the step 4), for the video device, according to a manufacturer of the video device, a probe server is used for acquiring real-time data flow data of the device, several latest video screenshots are intercepted, the characteristics of each screenshot are calculated, and a trained image abnormality recognition model is used for further judging the specific abnormality condition of the video device.
6. The method for screening abnormality of internet of things equipment through flow abnormality detection according to any one of claims 1 to 3, wherein when the abnormality information is subjected to class II classification processing in step 4), the probe server is used for acquiring the latest reported data of the equipment according to the reported path of the induction terminal, comparing the historical data reported by the terminal, judging the deviation value of the latest data, and further reporting the specific abnormality of the equipment if the deviation value is greater than a threshold value.
7. Through unusual system of screening thing networking equipment of flow anomaly detection, its characterized in that includes:
a flow log generating unit for mirroring the flow passing through the switch to obtain the IP address and the specific flow information of the equipment in the network and generating a flow log;
the real-time log data acquisition unit monitors a flow log directory or a log file by using a log data collector of a local file, acquires real-time log data and temporarily stores the real-time log data;
the flow abnormity monitoring unit is used for acquiring characteristic value data, synthesizing a time sequence vector through log vectorization, and monitoring flow abnormity of multiple dimensions on different equipment by using a method for detecting time sequence abnormity based on prediction;
the abnormal information grading processing unit is used for grading the abnormal information obtained by time series abnormal detection and comprises I-grade classification and II-grade classification;
classification of fraction I: based on the traffic data anomaly model, directly judging the anomaly information as abnormal operation and directly reporting the abnormal operation;
class II: after the flow is judged to be abnormal preliminarily, when detailed contents of abnormal information cannot be further acquired, the probe server is instructed to issue corresponding active scanning tasks for different types of Internet of things equipment, and further abnormal analysis is performed on the current equipment to acquire more detailed abnormal data.
8. The system for detecting and screening abnormality of internet of things equipment according to claim 7, wherein the traffic abnormality monitoring unit includes the following specific contents: aiming at each different device to be monitored, each time sequence data P is in time sequencetExtracting n communication data traffic packets of the device within 5 minutes:
Pt={p1,p2,p3,…,pn},
extracting m features from each packet to form a time series vector:
one of the timing characteristic matrices of each different data to be monitored is expressed as:
Figure FDA0002975378270000021
for the time sequence characteristic matrix F of each different device, monitoring the flow abnormity of the different devices by a method for detecting the time sequence abnormity based on prediction;
the method for detecting the time sequence abnormity based on the prediction comprises Holt-Winters, time sequence data decomposition, an ARMA series algorithm and a deep learning model.
9. The system for screening abnormality of internet of things equipment according to claim 7 or 8, wherein the traffic data abnormality model is formed by integrating a moving average autoregressive model and a neural network model.
10. The system for detecting and screening abnormality of internet of things equipment according to flow abnormality according to claim 7 or 8, wherein when abnormality information is subjected to class II classification processing in the abnormality information classification processing unit, for video equipment, according to a manufacturer of the video equipment, real-time data stream data of the equipment is acquired by using a probe server, a plurality of latest video screenshots are intercepted, the characteristics of each screenshot are calculated, and the specific abnormal condition of the video equipment is further judged by using a trained image abnormality recognition model; aiming at the induction terminal, according to the reported path, the probe server is utilized to obtain the latest reported data of the equipment, the historical data reported by the terminal is compared, the deviation value of the latest data is judged, and if the deviation value is larger than the threshold value, the specific abnormal condition of the equipment is further reported.
CN202110272964.1A 2021-03-14 2021-03-14 Method and system for screening abnormality of Internet of things equipment through flow abnormality detection Active CN112968816B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110272964.1A CN112968816B (en) 2021-03-14 2021-03-14 Method and system for screening abnormality of Internet of things equipment through flow abnormality detection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110272964.1A CN112968816B (en) 2021-03-14 2021-03-14 Method and system for screening abnormality of Internet of things equipment through flow abnormality detection

Publications (2)

Publication Number Publication Date
CN112968816A CN112968816A (en) 2021-06-15
CN112968816B true CN112968816B (en) 2022-05-17

Family

ID=76279560

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110272964.1A Active CN112968816B (en) 2021-03-14 2021-03-14 Method and system for screening abnormality of Internet of things equipment through flow abnormality detection

Country Status (1)

Country Link
CN (1) CN112968816B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113362200B (en) * 2021-07-02 2024-02-23 上海天麦能源科技有限公司 Abnormality detection method and system for space-time dimension combination
CN113534731B (en) * 2021-07-16 2022-03-11 珠海市鸿瑞信息技术股份有限公司 Download data security analysis system and method based on industrial control
CN113705714A (en) * 2021-09-03 2021-11-26 上海观安信息技术股份有限公司 Power distribution Internet of things equipment abnormal behavior detection method and device based on behavior sequence
CN113794774A (en) * 2021-09-15 2021-12-14 厦门畅合赢文化传媒有限公司 Flow monitoring system based on new network audio-visual media
CN115658441B (en) * 2022-12-13 2023-03-10 济南丽阳神州智能科技有限公司 Method, equipment and medium for monitoring abnormality of household service system based on log
CN116684878B (en) * 2023-07-10 2024-01-30 北京中科网芯科技有限公司 5G information transmission data safety monitoring system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102404164A (en) * 2011-08-09 2012-04-04 江苏欣网视讯科技有限公司 Flow analysis method based on ARMA (Autoregressive Moving Average) model and chaotic time sequence model
WO2020087513A1 (en) * 2018-11-02 2020-05-07 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for prediction of device failure
CN111163115A (en) * 2020-04-03 2020-05-15 深圳市云盾科技有限公司 Internet of things safety monitoring method and system based on double engines
CN111669411A (en) * 2020-07-28 2020-09-15 国网电子商务有限公司 Industrial control equipment abnormity detection method and system
US10902062B1 (en) * 2017-08-24 2021-01-26 Amazon Technologies, Inc. Artificial intelligence system providing dimension-level anomaly score attributions for streaming data
CN112333706A (en) * 2019-07-16 2021-02-05 中国移动通信集团浙江有限公司 Internet of things equipment anomaly detection method and device, computing equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102404164A (en) * 2011-08-09 2012-04-04 江苏欣网视讯科技有限公司 Flow analysis method based on ARMA (Autoregressive Moving Average) model and chaotic time sequence model
US10902062B1 (en) * 2017-08-24 2021-01-26 Amazon Technologies, Inc. Artificial intelligence system providing dimension-level anomaly score attributions for streaming data
WO2020087513A1 (en) * 2018-11-02 2020-05-07 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for prediction of device failure
CN112333706A (en) * 2019-07-16 2021-02-05 中国移动通信集团浙江有限公司 Internet of things equipment anomaly detection method and device, computing equipment and storage medium
CN111163115A (en) * 2020-04-03 2020-05-15 深圳市云盾科技有限公司 Internet of things safety monitoring method and system based on double engines
CN111669411A (en) * 2020-07-28 2020-09-15 国网电子商务有限公司 Industrial control equipment abnormity detection method and system

Also Published As

Publication number Publication date
CN112968816A (en) 2021-06-15

Similar Documents

Publication Publication Date Title
CN112968816B (en) Method and system for screening abnormality of Internet of things equipment through flow abnormality detection
CN112769796B (en) Cloud network side collaborative defense method and system based on end side edge computing
CN111928888B (en) Intelligent monitoring and analyzing method and system for water pollution
CN103731643A (en) Video surveillance network quality inspection method and system
KR102001813B1 (en) Apparatus and method for detecting abnormal behavior of nonstandard protocol payload using deep neural network algorithm
CN111241938A (en) Face recognition method and device based on image verification and computer equipment
CN112350882A (en) Distributed network traffic analysis system and method
CN111698209A (en) Network abnormal flow detection method and device
KR20210115991A (en) Method and apparatus for detecting network anomaly using analyzing time-series data
Zhang et al. Pca-svm-based approach of detecting low-rate dos attack
CN111639769A (en) Monitoring equipment remote maintenance method and device and electronic equipment
CN111045889A (en) Closed network equipment state monitoring system, method and device and readable storage medium
CN112001443A (en) Network behavior data monitoring method and device, storage medium and electronic equipment
CN110266680B (en) Industrial communication anomaly detection method based on dual similarity measurement
CN113900426B (en) Remote equipment control and fault diagnosis system based on 5G+ industrial Internet
CN110650124A (en) Network flow abnormity detection method based on multilayer echo state network
CN108073854A (en) A kind of detection method and device of scene inspection
CN110636077A (en) Network security protection system and method based on unified platform
CN114285596B (en) Transformer substation terminal account abnormity detection method based on machine learning
CN114785617A (en) 5G network application layer anomaly detection method and system
CN110503131B (en) Wind driven generator health monitoring system based on big data analysis
CN113593074A (en) Monitoring video generation method and device
CN112132819A (en) Communication network management monitoring method based on artificial intelligence
CN114666282B (en) Machine learning-based 5G flow identification method and device
CN114205667B (en) Broadcast television broadcast abnormal picture identification and fault analysis system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant