CN114650166A - Fusion anomaly detection system for open heterogeneous network - Google Patents
Fusion anomaly detection system for open heterogeneous network Download PDFInfo
- Publication number
- CN114650166A CN114650166A CN202210115825.2A CN202210115825A CN114650166A CN 114650166 A CN114650166 A CN 114650166A CN 202210115825 A CN202210115825 A CN 202210115825A CN 114650166 A CN114650166 A CN 114650166A
- Authority
- CN
- China
- Prior art keywords
- anomaly detection
- data
- fusion
- network
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a fusion anomaly detection system facing an open heterogeneous network, wherein the open heterogeneous network consists of a plurality of networks (an edge network, the Internet and a mobile communication network); the edge network of the invention gathers the data collected by the sensor and transmits the data through the internet and the mobile communication network. Each network respectively makes a respective modeling portrait according to the offline data, respectively performs anomaly detection analysis on the online data, and then performs fusion analysis on respective anomaly detection results to accurately judge whether anomalies exist. Meanwhile, the abnormal source can be conveniently positioned. The method and the device perform further fusion analysis on the basis of respective abnormal detection, more accurately judge the information safety condition of the heterogeneous network and effectively improve the detection rate and the false alarm rate.
Description
Technical Field
The invention belongs to the field of network information security, and particularly relates to an open heterogeneous network-oriented fusion anomaly detection system.
Background
The technology of the internet of things is rapidly developed, the NB-IoT, eMTC and LoRa technologies provide wide area coverage, low power consumption access and massive internet of things terminal access capabilities, deployment of edge network terminals is promoted, and the network becomes more and more complex. Further consideration needs to be given to how to guarantee the network security.
Network security refers to the security of information processing and transmission, and with the rapid development of computer technology, information networks have become an important guarantee for social development. In the massive access and data interaction environment of heterogeneous networks composed of various networks such as mobile communication networks, the internet and the internet of things, there is a lot of sensitive information of users, industries or industries, even national confidentiality. Therefore, various human attacks (such as information leakage, information stealing, data tampering, etc.) are inevitably attracted, and a higher-performance and more reliable anomaly detection system is required to support network security.
The security requirements of the heterogeneous network are greatly improved due to the complexity, firstly, security analysis is only carried out in one network, an anomaly detection system of a single layer cannot meet the security requirements of the heterogeneous network, and secondly, due to the addition of the edge network, the data access mode becomes more complicated. The traditional distributed anomaly detection can deploy anomaly detection nodes in a plurality of subnets, but the data needs to be exchanged to work in a cooperative mode, the requirements on data interaction and real-time performance are high, but each industry independently builds a network, data islands are formed among the industries, data fusion is severely restricted, so that the data cannot be unified, analysis and modeling can be carried out on one layer, and the difficulty of anomaly detection can be greatly improved.
In a heterogeneous network, data may pass through different networks in the transmission process, and may be attacked by different nodes, or abnormal data may be collected by an edge node itself, and information or results generated after detection by a plurality of abnormality detection systems need to be further analyzed.
With the continuous abundance of network access and the need for social public services, an open heterogeneous network architecture has been proposed, in which many network security issues tend to face. The main problems are as follows:
problem of offline data acquisition: because each internet of things industry of the edge network in the heterogeneous network is independently established, data of some internet of things industries possibly relates to privacy, so that offline data cannot be uploaded to the internet or a mobile communication network, and the established abnormal detection model is incomplete and cannot describe the whole data. This can greatly increase the difficulty of detecting fusion anomalies in heterogeneous networks.
Problem of online data detection: in the traditional distributed anomaly detection, anomaly detection nodes can be deployed in a plurality of subnets, and during detection, each anomaly detection node needs to interact detected data so as to improve the detection rate. But data does not generally interact with other networks due to the privacy of the data in the transmission process of each network. And since the data forms that the data may appear at different nodes in the transmission process are also different, the method for improving the detection rate by interactively detecting the data is not feasible in the heterogeneous network.
Analysis of the test results: the traditional distributed anomaly detection system independently completes detection and response at detection nodes, but due to the complexity of a heterogeneous network, the problem that the response made by a single detection node cannot reflect the real situation exists. In addition, because environment data of a certain internet of things is generated by a plurality of different internet of things devices in reality, the devices can have a certain relation, and the safety of the whole internet of things cannot be confirmed by the safety of a single device.
Disclosure of Invention
The invention aims to guarantee the information safety of a complex open heterogeneous network and ensure the normal operation of the network, and provides an open heterogeneous network-oriented fusion anomaly detection system, which considers the complexity of a heterogeneous network environment and the privacy of data among heterogeneous networks, performs fusion detection on the data under the condition of no data interaction, can locate data anomaly sources, and customizes a proper anomaly detection algorithm according to actual network resources and requirements.
The system firstly customizes an anomaly detection module in each layer of network according to actual conditions, the anomaly detection module detects data passing through the network layer in real time, outputs a message to describe relevant information of the data (not related to the privacy of the data), the message output by each network layer is used as the input of a fusion anomaly detection analysis module, the fusion anomaly detection analysis module correctly judges whether the data is abnormal or misjudged according to a fusion detection analysis algorithm, and then outputs a message to describe whether the data is abnormal or not and the source of the abnormality. And finally, the response module receives the messages from the abnormity detection module and the fusion abnormity detection module and makes reactions of initiating an alarm, relieving the alarm, cutting off connection and the like.
The specific technical scheme for realizing the purpose of the invention is as follows:
a fusion anomaly detection system facing to an open heterogeneous network comprises an anomaly detection module, a fusion anomaly detection analysis module and a response module, wherein:
the anomaly detection module holds an offline data set of the network where the online data is located, the input online data is a data packet from other networks, the anomaly detection module establishes an anomaly detection algorithm based on the offline data set, then performs anomaly detection on the online data, outputs an anomaly detection result, packages the anomaly detection result into a message I, and sends the message I to the response module and the fusion anomaly detection module;
the fusion anomaly detection and analysis module receives the messages I output by each network anomaly detection module and then analyzes the messages I, judges whether an abnormal behavior exists or not by using a weighted average or probability analysis means of the results of each anomaly detection module and combining an actual scene, packages the judgment results to generate a message II and sends the message II to the response module;
and the response module receives the message I and the message II from the abnormality detection module and the fusion abnormality detection analysis module, and makes an alarm initiating, alarm relieving and connection disconnecting reaction.
The first format of the message is as follows:
the second format of the message is as follows:
compared with the prior art, the invention has the following advantages and technical effects:
1) according to the invention, the security requirements of the heterogeneous network cannot be met by the single-layer anomaly detection system and the data privacy security problem exists, so that unified modeling detection is carried out on the premise of not taking out each network data, when the anomaly detection module works, the detected data cannot be interacted, the information interacted between the modules only has the results of anomaly detection and fusion detection, the data cannot be leaked, and the privacy and the security of the data are protected to a great extent.
2) The invention carries out further fusion analysis on the basis of detection of respective abnormal detection modules, more accurately judges the information safety condition of the heterogeneous network and effectively improves the detection rate and the false alarm rate.
3) According to the invention, each network can customize different anomaly detection modules according to actual requirements, such as a model based on statistical learning, an algorithm based on machine learning and the like.
Drawings
FIG. 1 is a flow chart of the operation of the system of the present invention;
FIG. 2 is a block diagram of the system of the present invention;
FIG. 3 is a schematic view of another embodiment of the system of the present invention;
FIG. 4 is a schematic view of another embodiment of the system of the present invention;
fig. 5 is a diagram of a system for detecting fusion anomaly of data of an intelligent water meter in a heterogeneous network;
fig. 6 is a system diagram of fusion anomaly detection of intelligent furniture data in a heterogeneous network.
Detailed Description
The invention is described in detail below with reference to the figures and examples.
Referring to fig. 1, the system of the present invention operates as follows:
step 1: the anomaly detection module # N models offline data locally and detects online data;
step 2: each anomaly detection module sends the generated message to a fusion anomaly detection analysis module;
step 3: the fusion anomaly detection and analysis module sends a confirmation instruction to tell the anomaly detection module that the fusion anomaly detection and analysis module receives the message I;
step 4: the fusion anomaly detection and analysis module receives all the messages I and then analyzes the messages I;
step 5: the fusion anomaly detection analysis module packs the analysis result into a message II and sends the message II to the response module;
step 6: the response module sends a confirmation instruction to tell the fusion anomaly detection analysis that the fusion anomaly detection analysis has received the data packet, and processes the two pairs of anomalous data according to the message.
Referring to fig. 2, the fusion anomaly detection system for the open heterogeneous network of the present invention is composed of an anomaly detection module, a fusion anomaly detection analysis module, and a response module.
The definition of data is as follows: taking the internet as an example, a data packet is a unit of a layered packet above a network layer such as IP and UDP, and the like, the data packet may be forwarded through the internet by protocols such as IP, TCP, UDP, and the like, and the data packet is received and then subjected to feature extraction and analysis to form data, and the internet data has the following features: source IP address, source port number, destination IP address, destination port number, transport protocol, source to destination bytes, destination to source bytes, source TCP sequence number, destination TCP sequence number, depth to HTTP request/response transaction connection, content size of data transported by the HTTP service, average of stream packet sizes transported by the source, average of stream packet sizes transported by the destination, and the like.
The anomaly detection module (a plurality of anomaly detection modules may be arranged in one network, and one is used for replacing the anomaly detection module in the figure) is a basic module, holds an offline data set of the network where the anomaly detection module is arranged, inputs online data as data packets from other networks, establishes an anomaly detection algorithm based on the offline data set, then carries out anomaly detection on the online data, outputs an anomaly detection result, packs the anomaly detection result into a message I, and sends the message I to the response module and the fusion anomaly detection module. The function is as follows: modeling data in a network, carrying out abnormity detection on the transmitted data, and transmitting a result to a fusion abnormity detection analysis module and a response module; the anomaly detection module selects different algorithms to realize according to the actual needs of different networks, and can respond to a big data era through an advanced machine learning algorithm (such as a random forest and the like) or a deep learning algorithm (such as a CNN (random forest network), an RNN (radio network) and the like), so that the detection efficiency and the accuracy are improved; the method comprises the steps that an anomaly detection module inputs an offline data set of a network where the anomaly detection module is located, a network data packet is analyzed according to a customized anomaly detection algorithm, the anomaly detection algorithm calculates normal data boundary conditions and sets a detection threshold value, real-time data are detected item by item in a detection stage, if the detection result exceeds the threshold value, the detection result is abnormal, the detection result is recorded, packaged and sent to a response module and a fusion anomaly detection module.
The fusion anomaly detection and analysis module is a core module and has the functions of: and receiving the first message output by each network anomaly detection module, analyzing the first message (means such as weighted average of results of each anomaly detection module or probability analysis can be used), judging whether an abnormal behavior exists or not by combining with an actual scene, packaging the judgment result to generate a second message, and sending the second message to the response module. The presentation form of the same group of data on each network layer is different, the networks through which different data pass are different, factors such as privacy of the data and the like restrict a method for uniformly modeling and detecting all data, so that the fusion anomaly detection analysis module needs to receive results from different network anomaly detection modules respectively. The data may behave normally at a certain network level, but it is really normal for the whole, which may not be the case by analyzing and comparing the abnormal detection results of different network levels; similarly, the abnormal detection module may classify the normal behavior as abnormal due to its high false alarm rate, and at this time, the abnormal detection analysis module needs to be fused for analysis, so as to effectively reduce the false alarm rate.
And the response module receives the information from the abnormality detection module and the fusion abnormality detection analysis module and can perform reactions such as alarm initiation, alarm release, connection disconnection and the like.
The invention has other alternative solutions to achieve the same object
The system of the invention interacts the result information of the deployed single abnormal detection module and analyzes in a centralized fusion analysis module, but considering the complexity and difference of the network, the system can also perform distributed fusion, that is, all the abnormal detection results do not need to be fused, as long as some detection modules are fused, for example, the results of the abnormal detection modules of the networks 1 and 2 can be fused and analyzed, and the results of the abnormal detection modules of the networks 2 and 3 can be analyzed, as shown in fig. 3.
The system of the invention can also carry out 'fusion' analysis without a fusion anomaly detection analysis module for analyzing the results of the anomaly detection module. At this time, the output of the anomaly detection module cannot be a simple normal/abnormal result, and also needs to contain some modeling portrait information to describe the data itself to some extent, and transmit the description information to other anomaly detection modules, and finally, after a certain anomaly detection module receives the related description information of the data of other modules, the data are fused, as shown in fig. 4.
Example 1
Fusion anomaly detection system (single entity data) of NB-IoT intelligent water meter data in heterogeneous network
Referring to fig. 5, in the present embodiment, a fusion anomaly detection system of NB-IoT intelligent water meter data in a heterogeneous network is considered.
Taking NB-IoT intelligent water meters as an example, the data is collected by the sensors and is wirelessly transmitted to the edge network, the Internet and the mobile communication network through the NB-IoT. And arranging an anomaly detection module in the edge gateway and data centers of the Internet and the mobile network, performing anomaly detection and generating a message I. Consider the following (mainly considering whether there is an anomaly in the sensors and whether there is an anomaly in the inter-network transmissions):
case 1: when the water meter breaks down and rotates wildly, the message I generated by the abnormity detection module 1 at the edge gateway judges that the data is abnormal, and the abnormity detection module 1 immediately gives an alarm to the response module for processing. And if the first message generated by the anomaly detection modules 2 and 3 at the data centers of the internet and the mobile network judges that the data is normal, the data is possibly attacked in the transmission process between networks, the second message generated by the fusion anomaly detection and analysis module can obtain the results of the attacks such as the abnormal occurrence of the sensor, the information tampering and the like, and the response module also performs related processing on the data center alarm suffering from the attack.
Case 2: when the water meter normally runs, the first message judgment data generated by the anomaly detection module 1 at the edge gateway is normal, and if the first message judgment data generated by the anomaly detection modules 2 and 3 at the data centers of the Internet and the mobile network is abnormal at the moment. And the conclusion that the sensor is normal but possibly suffers from internetwork attack can be obtained through the message II generated by the fusion anomaly detection and analysis module, and then the response module needs to determine the attack position and process the attack position.
Case 3: when the water meter runs normally, the first message judgment data generated by the anomaly detection module 1 at the edge gateway is normal, and the first message judgment data generated by the anomaly detection modules 2 and 3 at the data centers of the internet and the mobile network is also normal. And the result of the message II generated by the fusion anomaly detection and analysis module is that the sensor is normal and has no attack behavior, and the response module does not need to make an alarm behavior.
Example 2
Fusion anomaly detection system (multi-entity data) taking intelligent home data as example in heterogeneous network
Along with popularization of the internet of things technology, a series of intelligent devices enter the furniture industry, more and more families are equipped with the intelligent home devices, and the fusion anomaly detection system for data transmission of the intelligent home devices in the heterogeneous network is considered in the embodiment.
Referring to fig. 6, the intelligent door lock is an important part in the family security, an online unlocking mode including a bluetooth mode, a WIFI mode and a 4G mobile network communication mode is developed for the intelligent door lock, and data information of the door lock can be sent to a mobile network to inform a user and check related information through an internet APP mode in a short message mode. And arranging an anomaly detection module in the edge gateway and data centers of the Internet and the mobile network, performing anomaly detection and generating a message I. Consider the following:
case 1: the intruder carries equipment to attack the intelligent door lock, shields a door lock alarm system, and cracks a password or forges an identity to cheat the door lock, at the moment, a result of a message I generated by the abnormality detection modules 1 and 3 at the edge gateway and the mobile network data center is normal, but the internet data center receives a large number of unlocking requests generated by the attack or network IP login different from the past, at the moment, the message I generated by the abnormality detection module 2 can report abnormality, a message II generated by the fusion detection analysis module can draw a conclusion that the abnormality exists, and the response module can send an alarm to the owner.
Case 2: an intruder enters a house by bypassing the door lock system, other intelligent household equipment such as an electric lamp refrigerator and the like is opened in case, an alarm cannot be given under a general condition, because the equipment switches are normally detected by the message I of the abnormity detection module 1 at the edge gateway, but the integration detection analysis module can see that the intelligent door lock does not request a data packet or successfully opens the door lock data packet, but has data packets of other internet of things equipment such as an electric lamp and the like, and the generated message II is abnormal at the moment and needs to be reported to the response module for carrying out related measures such as alarm and the like.
Claims (3)
1. The fusion anomaly detection system oriented to the open heterogeneous network is characterized by comprising an anomaly detection module, a fusion anomaly detection analysis module and a response module, wherein,
the anomaly detection module holds an offline data set of the network where the online data is located, the input online data is a data packet from other networks, the anomaly detection module establishes an anomaly detection algorithm based on the offline data set, then performs anomaly detection on the online data, outputs an anomaly detection result, packages the anomaly detection result into a message I, and sends the message I to the response module and the fusion anomaly detection module;
the fusion anomaly detection and analysis module receives the messages I output by each network anomaly detection module and then analyzes the messages I, judges whether an abnormal behavior exists or not by using a weighted average or probability analysis means of the results of each anomaly detection module and combining an actual scene, packages the judgment results to generate a message II and sends the message II to the response module;
and the response module receives the message I and the message II from the abnormality detection module and the fusion abnormality detection analysis module, and makes an alarm initiating reaction, an alarm relieving reaction and a connection disconnecting reaction.
2. The fusion anomaly detection system according to claim 1, wherein said message one format is as follows:
3. the fusion anomaly detection system according to claim 1, wherein said message two format is as follows:
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210115825.2A CN114650166B (en) | 2022-02-07 | 2022-02-07 | Fusion anomaly detection system for open heterogeneous network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210115825.2A CN114650166B (en) | 2022-02-07 | 2022-02-07 | Fusion anomaly detection system for open heterogeneous network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114650166A true CN114650166A (en) | 2022-06-21 |
| CN114650166B CN114650166B (en) | 2023-08-01 |
Family
ID=81993633
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210115825.2A Active CN114650166B (en) | 2022-02-07 | 2022-02-07 | Fusion anomaly detection system for open heterogeneous network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114650166B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117118749A (en) * | 2023-10-20 | 2023-11-24 | 天津奥特拉网络科技有限公司 | Personal communication network-based identity verification system |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101719842A (en) * | 2009-11-20 | 2010-06-02 | 中国科学院软件研究所 | Cloud computing environment-based distributed network security pre-warning method |
| US20120185728A1 (en) * | 2010-12-24 | 2012-07-19 | Commonwealth Scientific And Industrial Research Organisation | System and method for detecting and/or diagnosing faults in multi-variable systems |
| CN103634296A (en) * | 2013-11-07 | 2014-03-12 | 西安交通大学 | Intelligent electricity network attack detection method based on physical system and information network abnormal data merging |
| CN105407103A (en) * | 2015-12-19 | 2016-03-16 | 中国人民解放军信息工程大学 | Network threat evaluation method based on multi-granularity anomaly detection |
| WO2018149530A1 (en) * | 2017-02-17 | 2018-08-23 | NEC Laboratories Europe GmbH | Method for operating a network |
| US20200106785A1 (en) * | 2018-09-27 | 2020-04-02 | General Electric Company | Dynamic physical watermarking for attack detection in cyber-physical systems |
| CN111964718A (en) * | 2020-08-11 | 2020-11-20 | 重庆大学 | Multi-source information fusion environment monitoring device and system thereof |
| CN112004204A (en) * | 2020-08-12 | 2020-11-27 | 河海大学常州校区 | High-dimensional data anomaly detection method based on layered processing in industrial Internet of things |
| JP2021114174A (en) * | 2020-01-20 | 2021-08-05 | 沖電気工業株式会社 | Abnormality detection device, abnormality detection program, and abnormality detection method |
| CN113392429A (en) * | 2021-05-26 | 2021-09-14 | 江苏省电力试验研究院有限公司 | Block chain-based power distribution Internet of things data safety protection method and device |
| CN113870230A (en) * | 2021-09-30 | 2021-12-31 | 湖南大学 | Surface anomaly detection method based on hybrid supervised learning |
-
2022
- 2022-02-07 CN CN202210115825.2A patent/CN114650166B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101719842A (en) * | 2009-11-20 | 2010-06-02 | 中国科学院软件研究所 | Cloud computing environment-based distributed network security pre-warning method |
| US20120185728A1 (en) * | 2010-12-24 | 2012-07-19 | Commonwealth Scientific And Industrial Research Organisation | System and method for detecting and/or diagnosing faults in multi-variable systems |
| CN103634296A (en) * | 2013-11-07 | 2014-03-12 | 西安交通大学 | Intelligent electricity network attack detection method based on physical system and information network abnormal data merging |
| CN105407103A (en) * | 2015-12-19 | 2016-03-16 | 中国人民解放军信息工程大学 | Network threat evaluation method based on multi-granularity anomaly detection |
| WO2018149530A1 (en) * | 2017-02-17 | 2018-08-23 | NEC Laboratories Europe GmbH | Method for operating a network |
| US20200106785A1 (en) * | 2018-09-27 | 2020-04-02 | General Electric Company | Dynamic physical watermarking for attack detection in cyber-physical systems |
| JP2021114174A (en) * | 2020-01-20 | 2021-08-05 | 沖電気工業株式会社 | Abnormality detection device, abnormality detection program, and abnormality detection method |
| CN111964718A (en) * | 2020-08-11 | 2020-11-20 | 重庆大学 | Multi-source information fusion environment monitoring device and system thereof |
| CN112004204A (en) * | 2020-08-12 | 2020-11-27 | 河海大学常州校区 | High-dimensional data anomaly detection method based on layered processing in industrial Internet of things |
| CN113392429A (en) * | 2021-05-26 | 2021-09-14 | 江苏省电力试验研究院有限公司 | Block chain-based power distribution Internet of things data safety protection method and device |
| CN113870230A (en) * | 2021-09-30 | 2021-12-31 | 湖南大学 | Surface anomaly detection method based on hybrid supervised learning |
Non-Patent Citations (4)
| Title |
|---|
| BERNARDO SANTOS等: ""Improving Cellular IoT Security with Identity Federation and Anomaly Detection"", 《2020 5TH INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATION SYSTEMS》 * |
| 张亚利;睢丹;: "网络安全异常报警系统的设计与实现", 科技创新导报, no. 03 * |
| 徐景: ""智能家居无线嵌入式网关硬件平台的设计与实现"", 《中国优秀硕士学位论文全文数据库》 * |
| 杜群: ""基于物联网环境的异常检测功能分布式部署研究"", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117118749A (en) * | 2023-10-20 | 2023-11-24 | 天津奥特拉网络科技有限公司 | Personal communication network-based identity verification system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114650166B (en) | 2023-08-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111092869B (en) | Security management and control method for terminal access to office network and authentication server | |
| Sedjelmaci et al. | Novel hybrid intrusion detection system for clustered wireless sensor network | |
| CN110224990A (en) | A kind of intruding detection system based on software definition security architecture | |
| KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
| Yusheng et al. | Intrusion detection of industrial control system based on Modbus TCP protocol | |
| JP2016163352A (en) | Anomaly detection in industrial communications networks, anomaly detection system, and methods for performing anomaly detection | |
| CN110086810A (en) | Passive type industrial control equipment fingerprint identification method and device based on characteristic behavior analysis | |
| CN110996285A (en) | College intelligent fire service system based on 6LoWPAN and design method | |
| CN101364981A (en) | Hybrid intrusion detection method based on Internet protocol version 6 | |
| CN111404914A (en) | Ubiquitous power Internet of things terminal safety protection method under specific attack scene | |
| CN103763695B (en) | Method for evaluating safety of internet of things | |
| Segura et al. | Centralized and distributed intrusion detection for resource-constrained wireless SDN networks | |
| Khujamatov et al. | Modern methods of testing and information security problems in IoT | |
| CN114650166B (en) | Fusion anomaly detection system for open heterogeneous network | |
| Paul et al. | Towards the protection of industrial control systems–conclusions of a vulnerability analysis of profinet IO | |
| CN115865526A (en) | Industrial internet security detection method and system based on cloud edge cooperation | |
| CN114331759A (en) | Gas supervision system and supervision method | |
| Fenil et al. | Towards a secure software defined network with adaptive mitigation of dDoS attacks by machine learning approaches | |
| La et al. | A novel monitoring solution for 6LoWPAN-based Wireless Sensor Networks | |
| Alghayadh et al. | Hid-smart: Hybrid intrusion detection model for smart home | |
| CN108768841A (en) | AFDX security gateway systems and its transmission method | |
| La et al. | A misbehavior node detection algorithm for 6LoWPAN Wireless Sensor Networks | |
| CN116318779A (en) | Dynamic security defense method and system based on thermal migration and deep learning | |
| CN102136956A (en) | Monitoring method and system for detecting network communication behaviors | |
| EP3254223A1 (en) | Security system for machine to machine cyber attack detection and prevention |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |