CN113542060B - Abnormal equipment detection method based on equipment communication data characteristics - Google Patents
Abnormal equipment detection method based on equipment communication data characteristics Download PDFInfo
- Publication number
- CN113542060B CN113542060B CN202110768602.1A CN202110768602A CN113542060B CN 113542060 B CN113542060 B CN 113542060B CN 202110768602 A CN202110768602 A CN 202110768602A CN 113542060 B CN113542060 B CN 113542060B
- Authority
- CN
- China
- Prior art keywords
- density
- equipment
- point
- data
- behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000006854 communication Effects 0.000 title claims abstract description 53
- 238000004891 communication Methods 0.000 title claims abstract description 52
- 238000001514 detection method Methods 0.000 title claims abstract description 33
- 230000002159 abnormal effect Effects 0.000 title claims abstract description 29
- 238000000034 method Methods 0.000 claims abstract description 13
- 238000009826 distribution Methods 0.000 claims abstract description 7
- 238000012545 processing Methods 0.000 claims abstract description 7
- 230000006399 behavior Effects 0.000 claims description 71
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 12
- 238000001914 filtration Methods 0.000 claims description 6
- 238000007781 pre-processing Methods 0.000 claims description 3
- 230000009191 jumping Effects 0.000 claims description 2
- 238000012216 screening Methods 0.000 abstract 1
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000013499 data model Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000000737 periodic effect Effects 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000002547 anomalous effect Effects 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0817—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The invention discloses an abnormal equipment detection method based on equipment communication data characteristics, which utilizes clustering algorithm processing to obtain normal equipment communication behavior characteristics; designing a data density radius to represent the local density condition of the data point by using the distance between the data point and a neighborhood point, representing the neighborhood point density condition of the point by using the density radius mean value of the point in the neighborhood, screening isolated points according to the difference condition of two density values, clustering the points with local same density, and establishing an equipment normal behavior feature library; and calculating the density condition, the difference between the local density and the neighborhood density of the density condition and the density difference of the cluster where the closest point is located, and judging the abnormal equipment behavior. The method has flexible adaptability, can adapt to clustering under different density distributions, can adjust and distinguish gradient differences of different densities by parameters, and reduces the misjudgment probability.
Description
Technical Field
The invention belongs to the technical field of Internet of things safety, and particularly relates to a method for detecting abnormal Internet of things equipment by comparing data characteristics of detection equipment with a normal behavior characteristic library and establishing a data characteristic library of normal communication behaviors of the Internet of things equipment in an Internet of things system communicated by a TCP/IP protocol.
Background
The Internet of Things is used as a component of the modern information industry, the scale, the value and the distribution field of the Internet of Things are gradually enlarged, the importance of the Internet of Things is gradually improved, meanwhile, the Internet of Things equipment has the characteristics of low cost, multiple architectures, non-uniform technical standards and the like, the characteristics enable the Internet of Things equipment to face more safety risks, the equipment is possibly influenced by severe environment and man-made malicious attack and becomes abnormal equipment, unreliable data are uploaded to an Internet of Things server, and the safe and stable operation of an Internet of Things (IOT) system is influenced.
The Internet of things equipment belongs to the tail end of an Internet of things system and mainly achieves the functions of environment sensing and state reporting. Compared with the fields of traditional internet and mobile internet, various devices of internet of things devices are mainly designed aiming at various specific subdivision fields, the device is stronger in specificity, simpler in structure and more single in function, and work tasks have periodic characteristics, so that the communication behavior of the device has relatively stable data characteristics. The Internet of things system is used as an information system with a large scale, normal equipment behaviors of equipment have certain data characteristics, abnormal behaviors threaten system safety, and the data characteristics of the abnormal behaviors deviate from the characteristics of the normal equipment behaviors. In the aspect of network system security, the abnormal destructive behaviors are regarded as intrusion behaviors, and the intrusion behaviors are detected in various ways and are processed and prevented, namely intrusion detection. Intrusion Detection Systems (IDS) are an important area of network security research. Intrusion detection can be roughly classified into two categories, misuse detection (misdetection) and anomaly detection (anomaly detection). Misuse detection is directed to feature matching that determines the behavior of an attack, thereby determining anomalous behavior. The abnormal detection is a detection method based on normal behavior characteristics, normal behaviors are converted into expressible rule characteristics through learning of a data set, and abnormal behaviors can be judged through comparing differences between detection behaviors and a characteristic library.
The clustering method is used for analyzing and generating behavior data features of the Internet of things equipment, and can be divided into different clusters according to certain evaluation criteria and the difference degree of data point features, so that elements in each cluster have similar features, and different clusters have larger feature differences. The clustering algorithm based on density can automatically identify data clusters with different numbers and shapes, but the globally uniform parameters are only suitable for the single density distribution condition; the application scenes of the internet of things are multiple, the specificity is high, multiple equipment groups can exist in the internet of things system, the communication behavior characteristics are multiple, a common clustering algorithm adopts a global unified characteristic generation and judgment mode and cannot adapt to the equipment characteristics in the field of the internet of things, so that the clustering algorithm suitable for the data characteristics of the equipment of the internet of things needs to be designed, the communication data characteristics of the equipment distributed in various densities in the internet of things can be adapted, and a normal communication behavior data characteristic database of the equipment in the internet of things system is established. On the basis, the abnormal equipment communication behavior is detected by comparing the difference between the equipment behavior and the characteristic library based on the characteristic difference between the normal equipment and the abnormal equipment in the communication behavior, and then the abnormal equipment is detected.
Disclosure of Invention
The invention provides an abnormal device detection method based on device communication data characteristics, and aims to solve the problem that weak-performance devices in the environment of the Internet of things are changed into abnormal devices due to natural damage and malicious damage to affect stable and reliable operation of the Internet of things system. Based on the characteristic that the communication behavior of the Internet of things equipment has relatively stable data characteristics, the data characteristics of the communication behavior of the equipment are obtained by processing through a clustering algorithm; aiming at the current situation that the communication behavior data characteristics of equipment are not uniform in the whole situation due to large differences of various equipment in an Internet of things, the distance between a data point and a neighborhood point is utilized, the data density radius is designed to represent the local density condition of the data point, the density radius mean value of the neighborhood point is adopted to represent the neighborhood point density condition of the point, isolated points are screened according to the difference condition of two density values, the local points with the same density are clustered, and an equipment normal communication behavior characteristic library in the Internet of things system is established. And calculating the density condition of the communication behavior data of the equipment to be tested under the characteristic library, calculating to obtain the local density and neighborhood density difference of the equipment to be tested and the density difference of the cluster where the closest point is located, judging abnormal equipment behaviors, continuously detecting for multiple periods, and reducing the probability of misjudgment.
The present invention aims to solve the above problems and provide an abnormal device detection method based on device communication data characteristics, which specifically includes the following implementation processes:
selecting communication behavior characteristics of the Internet of things equipment, and establishing a data object model representing the communication behavior characteristics of the Internet of things equipment;
preprocessing to obtain a density radius representing the density degree of the data object, and arranging the data object from density to density according to the size;
sequentially processing equipment behavior data points, filtering isolated noise points by comparing the difference degree of the local density of the data points and the mean value of the density of neighborhood points, clustering behavior data sets of the equipment of the Internet of things according to the local density, establishing a normal behavior feature database, comparing communication behavior data of the equipment to be tested, and identifying abnormal behaviors;
and continuously detecting for multiple periods, and marking the equipment as abnormal equipment when all the multiple detections are marked as abnormal behaviors.
The invention realizes the purpose through the following technical scheme: designing a multi-dimensional data point object representing the communication behavior of the equipment, calculating the density difference between the data point and the neighborhood points by using the distance between the data point and the neighborhood points, filtering isolated noise points, clustering the local same-density points, establishing a normal equipment communication behavior feature library, detecting and identifying abnormal equipment behaviors, detecting for multiple continuous periods, and reducing the misjudgment probability of the abnormal equipment.
The invention has the beneficial effects that:
1. based on the specific communication design of different Internet of things equipment, a data object model representing the equipment state under the system is selected, the data object model is quantized to a proper calculation range, and the method has flexible adaptability;
2. according to a set density threshold value, the local density is represented by using the distance mean value of data points and neighborhood points without prior parameters;
3. the local density of a data point and the mean value of the density of the neighborhood points are compared with set difference parameters, so that the clustering under different density distributions can be adapted, and meanwhile, the parameters can be used for adjusting and distinguishing the gradient difference of different densities;
4. and the detection results of a plurality of continuous periods are adopted as judgment, so that the misjudgment probability is reduced.
Drawings
FIG. 1 illustrates the steps of carrying out the present invention;
FIG. 2 is a step of establishing a normal behavior feature library of the IOT device according to an embodiment of the present invention;
fig. 3 is a flowchart of an apparatus for detecting an abnormality according to an embodiment of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings:
as shown in fig. 1, the invention provides an abnormal device detection method based on device communication data characteristics, which detects abnormal devices through device communication data characteristics based on the characteristic that communication behaviors of devices of the internet of things have relatively stable data characteristics. Designing a data object representing the communication behavior of the device, wherein the data object is represented as a data point in a device communication data set; calculating to obtain local density and neighborhood density of the data points by using the distance between the data points and neighborhood data points, wherein the local density and the neighborhood density are used for representing the density difference between the data points and the neighborhood points, filtering isolated points, clustering local same-density points, establishing a normal equipment communication behavior feature library, and detecting and identifying abnormal equipment behaviors; the detection is carried out for a plurality of continuous periods, the misjudgment probability is reduced, the abnormal equipment is finally identified, the reliability of the Internet of things system is protected, and the implementation process of the method is described in detail by combining with a specific figure. The method of the invention is realized by the following steps:
a1: selecting communication behavior characteristics of the Internet of things equipment, establishing a data model for representing the communication behavior characteristics of the equipment, and representing the equipment state behind the data communication behavior of the equipment through the data model;
the communication modes of the internet of things equipment are various, in the mode of adopting TCP/IP protocol communication, the communication process of the equipment and the server generally comprises three steps of connection establishment, communication and disconnection, and in the process, the normally working internet of things equipment can complete periodic work according to the setting of a software program, so that the normally working internet of things equipment has relatively stable frequency in message reporting, and in a normal working environment, the frequency of the connection communication between the equipment and the server is stable, and the connection frequency and the message frequency are selected to represent the equipment behavior.
The device connection frequency is represented by X and represents the number of times that the device makes a connection request to the server within a given time, and the connection frequency is calculated in a manner of X = N/T, where T represents the detection time length and N represents the number of device connections. The device message frequency is represented by Y and represents the number of messages sent to the server by the device within a certain time, and the message frequency is calculated in a manner of Y = N/T, where T represents the detection time length and N represents the number of device message sending times.
A2: the method comprises the steps of preprocessing a device communication behavior data object, quantizing the data object to a certain value range, calculating a density radius representing the density condition of the data object according to the following formula, and quantizing the similarity of the device communication behavior characteristics of the Internet of things through the density radius. The method is different from the mode of giving the detection radius of the global data point and the density threshold value in advance according to the prior knowledge, only one density threshold value M is set in advance, and the density radius is adopted
Representing the data density of the data point, wherein distance pi Representing the distance from M points nearest to the detection point, and representing the local density of the data points through a density radius e;
a3: sequentially processing the communication behavior data points of the equipment, and calculating the mean value E of the density radius of the local neighborhood point of the point p Comparing the density radius mean E of the point and its local neighborhood point p Filtering the isolated noise points to realize the clustering of the data sets according to local density and form a normal equipment communication behavior feature library for detecting the communication behavior of the equipment;
a31: sequentially taking out an unvisited data point p from the data set by adopting a formula
Calculating the density radius mean value of p point local neighborhood points, representing the data density condition of the data point neighborhood points, and representing the device group characteristics most similar to the device behavior characteristics;
a32: comparing the point p with the average value E of the local neighborhood point density radius p Degree of difference o, wherein o = | log 2 (e p /E p ) L with o<a is a detection condition, individual noise points influencing the accuracy of the database are filtered and marked as accessed, and a is a preset difference parameter and generally takes the value of 1;
a33: marking a non-isolated point p meeting the conditions as a kth cluster point, recording the average density radius value in the kth cluster as E, and adding p into a Seeds set;
a34: if the Seeds are empty, jumping back to A31; if the Seeds are not empty, a point q in the Seeds is arbitrarily selected and marked as a k cluster type point, and the average density radius value in the k cluster is updated in a weighting mode to be E = (E × (N-1) + E q ) N is the number of nodes in the current cluster; for any point p in the q neighborhood, the mean value E of the density radius of the point p and the local neighborhood point p If the degree of difference o satisfies the condition o<a, add the point p to Seeds. If the condition o is not met<a, marking the point p as visited, and repeating A34;
a35: and processing all the equipment communication behavior data sets to form a distributed global normal behavior feature library of the equipment of the Internet of things with various density distributions. Because the abnormal communication behavior of the equipment is isolated and deviates from the normal behavior characteristic cluster, the density radius value e of the equipment behavior data object w to be detected is calculated w And the mean value E of the density radius of the local neighborhood points under the feature library w Detection Condition o<a and E w <E v Whether the behavior accords with the characteristic cluster, and whether the behavior accords with the characteristic cluster, so as to identify the abnormal behavior of the equipment, wherein E v The cluster density radius mean value of the cluster where the most adjacent point is located, and if any condition is not met, the abnormal behavior is determined;
a4: and detecting continuously in multiple periods, and marking the equipment as abnormal equipment when the equipment is marked as abnormal equipment behaviors after multiple detections, so that the misjudgment probability is reduced.
The invention has the beneficial effects that:
1. based on the specific communication design of different Internet of things equipment, a data object model representing the equipment state under the system is selected, the data object model is quantized to a proper calculation range, and the method has flexible adaptability;
2. according to a set density threshold value, the local density is represented by using the distance mean value of the data point and the neighborhood point without prior parameters;
3. the local density of a data point and the mean value of the density of the neighborhood points are compared with set difference parameters, so that the clustering under different density distributions can be adapted, and meanwhile, the parameters can be used for adjusting and distinguishing the gradient difference of different densities;
4. and the detection results of a plurality of continuous periods are adopted as judgment, so that the misjudgment probability is reduced.
The technical solution of the present invention is not limited to the limitations of the above specific embodiments, and all technical modifications made according to the technical solution of the present invention fall within the protection scope of the present invention.
Claims (2)
1. An abnormal device detection method based on device communication data characteristics is characterized by comprising the following steps:
selecting communication behavior characteristics of the Internet of things equipment, and establishing a data object model representing the communication behavior characteristics of the Internet of things equipment;
preprocessing to obtain a density radius representing the density degree of the data object, and arranging the data object from density to density according to the size; the formula for calculating the density radius e is:
where M is the density threshold, distance pi Representing the distance from M nearest points of the detection point;
sequentially processing equipment behavior data points, filtering isolated noise points by comparing the difference degree of the local density of the data points and the mean value of the density of neighborhood points, clustering behavior data sets of the equipment of the Internet of things according to the local density, establishing a normal behavior feature database, comparing communication behavior data of the equipment to be tested, and identifying abnormal behaviors; the method specifically comprises the following steps:
a31: sequentially fetching an unvisited data point p from the data set by using a formula
Calculating the mean value of the density radius of the p-point local neighborhood points, E p Representing the data density of the neighborhood of the data point, e qi Representing a device group characteristic most similar to the device behavior characteristic;
a32: comparing the difference degree o of the point p and the local neighborhood point density radius mean value Ep thereof, wherein o = | log2 (Ep/Ep) |, and Ep is the local neighborhood point density radius mean value of the point p; filtering individual noise points influencing the accuracy of the database by taking o < a as a detection condition, marking the individual noise points as accessed, wherein a is a preset difference parameter and takes the value as 1;
a33: marking a non-isolated point p meeting the conditions as a kth cluster point, recording the average density radius value in the kth cluster as E, and adding p into a Seeds set;
a34: if the Seeds are empty, jumping back to A31; if the Seeds are not empty, taking a point q in the Seeds, marking as a kth cluster point, and updating the average density radius value in the kth cluster in a weighting manner to be E = (N-1) + Eq)/N, wherein N is the number of nodes in the current cluster; for any point p in the q neighborhood, the difference degree o of the point p and the local neighborhood point density radius mean value Ep meets the condition o < a, and the point p is added into Seeds; if the condition o < a is not met, marking the point p as accessed, and repeating A34;
a35: processing all the equipment communication behavior data sets to form a globally distributed normal behavior feature library of the Internet of things equipment with various density distributions; calculating a density radius value Ew of a behavior data object w of the equipment to be detected and a local neighborhood point density radius mean value Ew under a feature library, detecting whether conditions o < a and Ew < Ev are met, judging whether the behavior data object w belongs to an equipment normal behavior feature cluster, and identifying abnormal behavior of the equipment, wherein Ev is the intra-cluster density radius mean value of a cluster where the most adjacent point is located, and if any condition is not met, the behavior data object w is abnormal behavior; and continuously detecting for multiple periods, and marking the equipment as abnormal equipment when all the multiple detections are marked as abnormal behaviors.
2. The abnormal equipment detection method based on the equipment communication data characteristics as claimed in claim 1, wherein the communication behavior data of the internet of things equipment is detected continuously and periodically, and if the number of times of recording the abnormal behavior of the equipment continuously marked exceeds a threshold value, the equipment is judged to be abnormal equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110768602.1A CN113542060B (en) | 2021-07-07 | 2021-07-07 | Abnormal equipment detection method based on equipment communication data characteristics |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110768602.1A CN113542060B (en) | 2021-07-07 | 2021-07-07 | Abnormal equipment detection method based on equipment communication data characteristics |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113542060A CN113542060A (en) | 2021-10-22 |
| CN113542060B true CN113542060B (en) | 2023-03-07 |
Family
ID=78097971
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110768602.1A Active CN113542060B (en) | 2021-07-07 | 2021-07-07 | Abnormal equipment detection method based on equipment communication data characteristics |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113542060B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113923043B (en) * | 2021-10-27 | 2024-02-09 | 温州职业技术学院 | User entity behavior analysis method based on density peak value self-adaptive clustering |
| CN114827211B (en) * | 2022-05-13 | 2023-12-29 | 浙江启扬智能科技有限公司 | Abnormal monitoring area detection method driven by node data of Internet of things |
| CN115329910B (en) * | 2022-10-17 | 2023-04-07 | 南通坤鹏科技有限公司 | Intelligent processing method for enterprise production emission data |
| CN116610731B (en) * | 2023-07-20 | 2023-11-07 | 深圳市行云数据技术有限公司 | Big data distributed storage method and device, electronic equipment and storage medium |
| CN116963136B (en) * | 2023-09-21 | 2023-11-28 | 安普德(天津)科技股份有限公司 | WLAN protocol data filtering method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110083475A (en) * | 2019-04-23 | 2019-08-02 | 新华三信息安全技术有限公司 | A kind of detection method and device of abnormal data |
| CN110874310A (en) * | 2018-12-21 | 2020-03-10 | 北京安天网络安全技术有限公司 | Terminal behavior monitoring method and device, electronic equipment and storage medium |
| CN112600792A (en) * | 2020-11-23 | 2021-04-02 | 国网山东省电力公司青岛供电公司 | Abnormal behavior detection method and system for Internet of things equipment |
| CN113032502A (en) * | 2021-02-09 | 2021-06-25 | 北京工业大学 | Ship anomaly detection method based on improved track segment DBSCAN clustering |
-
2021
- 2021-07-07 CN CN202110768602.1A patent/CN113542060B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110874310A (en) * | 2018-12-21 | 2020-03-10 | 北京安天网络安全技术有限公司 | Terminal behavior monitoring method and device, electronic equipment and storage medium |
| CN110083475A (en) * | 2019-04-23 | 2019-08-02 | 新华三信息安全技术有限公司 | A kind of detection method and device of abnormal data |
| CN112600792A (en) * | 2020-11-23 | 2021-04-02 | 国网山东省电力公司青岛供电公司 | Abnormal behavior detection method and system for Internet of things equipment |
| CN113032502A (en) * | 2021-02-09 | 2021-06-25 | 北京工业大学 | Ship anomaly detection method based on improved track segment DBSCAN clustering |
Non-Patent Citations (1)
| Title |
|---|
| 一种改进的基于密度聚类的入侵检测算法;杨剑;《微计算机信息》;20090125(第03期);第58-60页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113542060A (en) | 2021-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113542060B (en) | Abnormal equipment detection method based on equipment communication data characteristics | |
| CN107566163B (en) | Alarm method and device for user behavior analysis association | |
| CN106888205B (en) | Non-invasive PLC anomaly detection method based on power consumption analysis | |
| CN111092862B (en) | Method and system for detecting communication traffic abnormality of power grid terminal | |
| CN109660518B (en) | Communication data detection method and device of network and machine-readable storage medium | |
| CN109951499B (en) | Anomaly detection method based on network structure characteristics | |
| CN110768946A (en) | Industrial control network intrusion detection system and method based on bloom filter | |
| CN110825545A (en) | Cloud service platform anomaly detection method and system | |
| KR20210115991A (en) | Method and apparatus for detecting network anomaly using analyzing time-series data | |
| CN111031006A (en) | Intelligent power grid communication anomaly detection method based on network flow | |
| CN117216660A (en) | Method and device for detecting abnormal points and abnormal clusters based on time sequence network traffic integration | |
| CN117170979B (en) | Energy consumption data processing method, system, equipment and medium for large-scale equipment | |
| CN110830504A (en) | Network intrusion behavior detection method and system | |
| CN109309586B (en) | Intrusion detection method for food processing remote control system | |
| CN115514581B (en) | Data analysis method and equipment for industrial internet data security platform | |
| CN117041312A (en) | Enterprise-level information technology monitoring system based on Internet of things | |
| CN110650145A (en) | Low-rate denial of service attack detection method based on SA-DBSCAN algorithm | |
| CN111064724B (en) | Network intrusion detection system based on RBF neural network | |
| CN115033893A (en) | Information vulnerability data analysis method of improved clustering algorithm | |
| CN114397842A (en) | Intelligent inspection reinforcing method for safety of power monitoring network | |
| CN113254485A (en) | Real-time data flow abnormity detection method and system | |
| CN114553580B (en) | Network attack detection method and device based on rule generalization and attack reconstruction | |
| CN108520005A (en) | The wrong report removing method for network active monitoring system based on machine learning | |
| Yi-ran et al. | Anomaly Detection of Network Traffic Based on t-SNE Dimensionality Reduction Preprocessing | |
| Chen et al. | Network intrusion detection based on subspace clustering and BP neural network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |