CN114650166B - Fusion anomaly detection system for open heterogeneous network - Google Patents
Fusion anomaly detection system for open heterogeneous network Download PDFInfo
- Publication number
- CN114650166B CN114650166B CN202210115825.2A CN202210115825A CN114650166B CN 114650166 B CN114650166 B CN 114650166B CN 202210115825 A CN202210115825 A CN 202210115825A CN 114650166 B CN114650166 B CN 114650166B
- Authority
- CN
- China
- Prior art keywords
- network
- module
- fusion
- data
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a fusion anomaly detection system for an open heterogeneous network, wherein the open heterogeneous network consists of a plurality of networks (an edge network, the Internet and a mobile communication network); according to the invention, the edge network gathers the data acquired by the sensors and transmits the data through the Internet and the mobile communication network. Each network respectively makes a modeling portrait according to the offline data, respectively performs abnormality detection analysis on the online data, and then performs fusion analysis on the respective abnormality detection results to accurately judge whether abnormality exists. Meanwhile, the abnormal source can be conveniently located. According to the invention, based on the respective anomaly detection, further fusion analysis is carried out, so that the information security condition of the heterogeneous network is more accurately judged, and the detection rate and the false alarm rate are effectively improved.
Description
Technical Field
The invention belongs to the field of network information security, and particularly relates to an open heterogeneous network-oriented fusion anomaly detection system.
Background
The technology of the internet of things rapidly develops, and the NB-IoT, eMTC and LoRa technologies provide wide area coverage, low power consumption access and massive terminal access capabilities of the internet of things, so that the deployment of the edge network terminal is promoted, and the network becomes more and more complex. Further thought is needed to ensure network security issues.
Network security refers to the security of information processing and transmission, and with the rapid development of computer technology, information networks have become an important guarantee for social development. In a mass access and data interaction environment of heterogeneous networks consisting of various networks such as a mobile communication network, the internet and the internet of things, there is a lot of sensitive information of users, industries or industries, even national confidentiality. Therefore, various man-made attacks (such as information leakage, information theft, data tampering, etc.) are inevitably attracted, and a higher-performance and more reliable anomaly detection system is required to support network security.
The security requirement of the heterogeneous network is greatly improved due to the complexity, firstly, security analysis is carried out in one network only, the security requirement of the heterogeneous network cannot be met by an anomaly detection system of a single layer, and secondly, the data access mode is more complicated due to the addition of the edge network. The traditional distributed anomaly detection can deploy anomaly detection nodes in a plurality of subnets, but needs to work cooperatively through exchanging data, has high requirements on data interaction and real-time performance, but each industry independently builds a network, forms a data island among the industries, severely restricts data fusion, leads to incapability of unifying data for analysis modeling in one layer, and greatly improves the difficulty of anomaly detection.
In the heterogeneous network, the data may pass through different networks in the transmission process, and may be attacked by different nodes, or the edge node itself may collect abnormal data, so that the information or the results generated after the detection of multiple abnormal detection systems need to be further analyzed.
With the increasing abundance of network access and the need for social public services, open heterogeneous network architectures have been proposed, in which there are many network security issues faced. The main problems are as follows:
offline data acquisition problem: because all the Internet of things industries of the edge network in the heterogeneous network are independently networking, some data in the Internet of things industry may involve privacy, so that offline data cannot be uploaded to the Internet or a mobile communication network, and an established anomaly detection model is incomplete, so that integral data cannot be described. This can greatly increase the difficulty of fusion anomaly detection in heterogeneous networks.
On-line data detection problem: the traditional distributed anomaly detection can deploy anomaly detection nodes in a plurality of subnets, and when in detection, the anomaly detection nodes are required to interact detected data so as to improve the detection rate. But data is not typically interacted with other networks during the transmission of the data over each network due to its privacy. And because the data forms which can be presented by different nodes in the transmission process of the data are different, the method for interactively detecting the data to improve the detection rate is not feasible in the heterogeneous network.
Analysis of detection results: the traditional distributed anomaly detection system independently completes detection and response at the detection nodes, but due to the complexity of the heterogeneous network, the problem that the response made by a single detection node cannot reflect the real situation exists. In addition, because in reality, certain internet of things environment data is generated by a plurality of different internet of things devices, at the moment, certain contact exists between the devices, and at the moment, the overall safety cannot be confirmed by the safety of a single device.
Disclosure of Invention
The invention aims to ensure the information safety of a complex open heterogeneous network and ensure the normal operation of the network, and provides an open heterogeneous network-oriented fusion anomaly detection system.
The system firstly needs to customize an abnormality detection module in each layer of network according to actual conditions, the abnormality detection module detects data passing through the network layer in real time, outputs a message to describe related information of the data (without involving privacy of the data), the message output by each network layer is used as input of a fusion abnormality detection analysis module, the fusion abnormality detection analysis module correctly judges whether the data is abnormal or misjudged according to a fusion detection analysis algorithm, and then outputs a message to describe whether the data is abnormal or not and an abnormality source. And finally, the response module receives the messages from the abnormality detection module and the fusion abnormality detection module and makes reactions such as alarm initiation, alarm release, connection disconnection and the like.
The specific technical scheme for realizing the aim of the invention is as follows:
the fusion anomaly detection system for the open heterogeneous network comprises an anomaly detection module, a fusion anomaly detection analysis module and a response module, wherein:
the abnormality detection module is used for holding an offline data set of the network, inputting online data into the offline data set, establishing an abnormality detection algorithm based on the offline data set, detecting the online data abnormally, outputting an abnormality detection result, packaging the abnormality detection result into a first message, and sending the first message to the response module and the fusion abnormality detection module;
the fusion anomaly detection analysis module is used for analyzing after receiving the first message output by each network anomaly detection module, judging whether an anomaly exists or not by using a weighted average or probability analysis means of the results of each anomaly detection module and combining an actual scene, packaging the judgment result to generate a second message, and sending the second message to the response module;
and the response module receives the first message and the second message from the abnormality detection module and the fusion abnormality detection analysis module, and makes an alarm initiating, an alarm releasing and a connection cutting-off reaction.
The message one format is:
the second format of the message is:
compared with the prior art, the invention has the following advantages and technical effects:
1) According to the invention, the problem that the security requirement of the heterogeneous network cannot be met by the anomaly detection system of a single layer and the problem of data privacy security exists is considered, so that unified modeling detection is carried out on the premise that all network data do not need to be taken out, when the anomaly detection module works, detected data cannot be interacted, only the result of anomaly detection and fusion detection is adopted in the information interacted between the modules, the data cannot be revealed, and the confidentiality and the security of the data are greatly protected.
2) According to the invention, based on detection by the respective anomaly detection modules, further fusion analysis is performed, so that the information security condition of the heterogeneous network is more accurately judged, and the detection rate and the false alarm rate are effectively improved.
3) According to the invention, different abnormality detection modules can be customized according to actual requirements, such as a model based on statistics and learning, an algorithm based on machine learning and the like.
Drawings
FIG. 1 is a flow chart of the operation of the system of the present invention;
FIG. 2 is a block diagram of a system according to the present invention;
FIG. 3 is a schematic diagram of another embodiment of the system of the present invention;
FIG. 4 is a schematic diagram of yet another embodiment of the system of the present invention;
FIG. 5 is a diagram of a system for detecting fusion anomalies of intelligent water meter data in a heterogeneous network;
fig. 6 is a diagram of a system for detecting fusion anomalies of intelligent furniture data in a heterogeneous network.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings and examples.
Referring to fig. 1, the system of the present invention operates as follows:
step1: the abnormality detection module #N locally models offline data and detects online data;
step2: each anomaly detection module sends the generated message to a fusion anomaly detection analysis module;
step3: the fusion anomaly detection analysis module sends a confirmation instruction to tell the anomaly detection module that he has received the first message;
step4: the fusion anomaly detection analysis module analyzes after receiving all the first messages;
step5: the fusion anomaly detection analysis module packages the analysis result into a second message and sends the second message to the response module;
step6: the response module sends a confirmation instruction to tell the fusion anomaly detection and analysis module that the fusion anomaly detection and analysis module has received the data packet, and processes the anomaly data according to the second message.
Referring to fig. 2, the fused anomaly detection system for the open heterogeneous network provided by the invention is composed of an anomaly detection module, a fused anomaly detection analysis module and a response module.
The definition of data is as follows: taking the internet as an example, a data packet is a unit of a packet in a layering above a network layer such as IP, UDP and the like, the data packet can be forwarded through the internet by a protocol such as IP, TCP, UDP, the data packet is received and then is subjected to feature extraction and analysis to form data, and the internet data has the following features: a source IP address, a source port number, a destination IP address, a destination port number, a transport protocol, source to destination bytes, destination to source bytes, source TCP sequence number, destination TCP sequence number, depth of connection to HTTP request/response transaction, content size of data transmitted by HTTP service, average value of stream packet size transmitted by source, average value of stream packet size transmitted by destination, etc.
The abnormality detection module (one of which is replaced by one in the figure) is a basic module and holds an offline data set of the network where the abnormality detection module is located, the input online data is a data packet from other networks, the abnormality detection module establishes an abnormality detection algorithm based on the offline data set and then performs abnormality detection on the online data, outputs an abnormality detection result, packages the abnormality detection result into a first message, and sends the first message to the response module and the fusion abnormality detection module. The function is as follows: modeling portraits are carried out on data in a network, anomaly detection is carried out on the transmitted data, and results are transmitted to a fusion anomaly detection analysis module and a response module; the anomaly detection module selects different algorithms to realize according to actual requirements of different networks, and can cope with big data age through advanced machine learning algorithms (such as random forest and the like) or deep learning algorithms (such as CNN, RNN and the like), so that detection efficiency and accuracy are improved; the anomaly detection module inputs an offline data set of the network, analyzes the network data packet according to a customized anomaly detection algorithm, calculates normal data boundary conditions and sets a detection threshold, the detection stage detects real-time data one by one, if the detection result exceeds the threshold, the detection result is abnormal, records and packages the detection result, and sends the detection result to the response module and the fusion anomaly detection module.
The fusion abnormality detection analysis module is a core module and has the functions as follows: and after receiving the first message output by each network anomaly detection module, analyzing (means such as weighted average or probability analysis of the results of each anomaly detection module can be used), judging whether an anomaly exists or not according to an actual scene, packaging the judgment result to generate a second message, and transmitting the second message to a response module. The method for uniformly modeling and detecting all data is restricted by factors such as different expression forms of the same group of data at each network layer, different networks through which different data pass, privacy of the data and the like, so that the fusion anomaly detection analysis module needs to respectively receive results from different network anomaly detection modules. Data may appear to behave normally at a certain network level, but for the case that it is in general normal, it may not be the case that the analysis of anomaly detection results by different network levels compares; in addition, the abnormal detection module may classify the normal behavior as abnormal due to the high false alarm rate, and the abnormal detection module needs to be used for analysis at the moment so as to effectively reduce the false alarm rate.
And the response module receives the information from the abnormality detection module and the fusion abnormality detection analysis module and can make reactions such as alarm initiation, alarm release, connection disconnection and the like.
The solution of the invention also has other alternatives to achieve the same object
The system of the invention carries out interaction on the result information of the deployed single abnormal detection module, and analyzes the result information in a centralized fusion analysis module, but takes the complexity and the difference of the network into consideration, and can also carry out distributed fusion, namely, all abnormal detection results are not required to be fused, and only a certain detection modules are required to be fused, for example, the result of the abnormal detection module of the network 1 and the result of the abnormal detection module of the network 2 and the result of the abnormal detection module of the network 3 are required to be fused for analysis, and the result of the abnormal detection module of the network 2 and the abnormal detection module of the network 3 are analyzed as shown in figure 3.
The system of the invention also has a method for carrying out fusion analysis under the condition that the fusion abnormality detection analysis module is not used for analyzing the results of the abnormality detection module. At this time, the output of the abnormality detection module cannot be a simple normal/abnormal result, and the data itself needs to be described to some extent by including some modeling image information, and the description information is transmitted to other abnormality detection modules, and finally, after receiving the related description information of the data of other modules, some abnormality detection module performs fusion, as shown in fig. 4.
Example 1
Fusion anomaly detection system (single entity data) of NB-IoT intelligent water meter data in heterogeneous network
Referring to fig. 5, in this embodiment, consider a fused anomaly detection system for NB-IoT smart meter data in a heterogeneous network.
Taking an NB-IoT intelligent water meter as an example, data is collected by a sensor and is transmitted to an edge network, the internet and a mobile communication network through the NB-IoT in a wireless mode. And setting an anomaly detection module in the edge gateway and the data centers of the Internet and the mobile network, detecting anomalies and generating a message I. Consider the following cases (mainly consider if there is an anomaly in the sensor and if there is an anomaly in the inter-network transmission):
case 1: the water meter fails and turns crazy, and the abnormality detection module 1 immediately alarms to the response module to process if the information generated by the abnormality detection module 1 at the edge gateway judges that the data is abnormal. If the first message generated by the anomaly detection modules 2 and 3 at the data centers of the internet and the mobile network judges that the data is normal, the first message may be attacked in the transmission process between the networks, the second message generated by the fusion anomaly detection analysis module may obtain the result of the attack such as the anomaly occurrence of the sensor and the information tampering, and the response module also carries out the related processing on the data center alarm which is attacked.
Case 2: and if the water meter operates normally and the first judgment data of the message generated by the abnormality detection module 1 at the edge gateway is normal, the first judgment data of the message generated by the abnormality detection modules 2 and 3 at the data centers of the Internet and the mobile network is abnormal. The second message generated by the fusion anomaly detection and analysis module can obtain the conclusion that the sensor is normal but possibly suffers from the internet attack, and then the response module needs to determine the attack position and process the attack position.
Case 3: the water meter operates normally, the first judgment data of the message generated by the abnormality detection module 1 at the edge gateway is normal, and the first judgment data of the message generated by the abnormality detection modules 2 and 3 at the data centers of the Internet and the mobile network is normal. And the second result of the information generated by the fusion anomaly detection and analysis module is that the sensor is normal and has no attack behavior, and the response module does not need to make alarm behavior.
Example 2
Fusion anomaly detection system (multi-entity data) of intelligent home data in heterogeneous network
Along with popularization of the internet of things technology, a series of intelligent devices enter the furniture industry, more families are equipped with intelligent home devices, and the fusion anomaly detection system for data transmission of the intelligent home devices in heterogeneous networks is considered in the embodiment.
Referring to fig. 6, the intelligent door lock is an important part of home security, the intelligent door lock develops an online unlocking mode combining bluetooth, WIFI and 4G mobile network communication modes, and data information of the door lock can be sent to a mobile network to inform a user and an internet APP to view related information through a short message mode. And setting an anomaly detection module in the edge gateway and the data centers of the Internet and the mobile network, detecting anomalies and generating a message I. Consider the following:
case 1: the intruder carries the equipment to attack the intelligent door lock, shields the door lock alarm system, breaks the password or falsifies the identity to cheat the door lock, at the moment, the result of the message I possibly generated by the anomaly detection modules 1 and 3 at the edge gateway and the mobile network data center is normal, but a large amount of unlocking requests generated by the attack or different network IP logins from the prior art can be received at the internet data center, at the moment, the message I generated by the anomaly detection module 2 can report the anomaly, the conclusion of the anomaly can be made by the message II generated by the fusion detection analysis module, and the response module can send an alarm to the host.
Case 2: the intruder bypasses the door lock system and enters the house, other intelligent household devices such as a lamp and a refrigerator are opened when the house is made, and no alarm is given at the moment in a general case, because the information of the abnormality detection module 1 at the edge gateway is normal as soon as the switch of the devices is detected, but the fusion detection analysis module can see that the intelligent door lock does not request a data packet or successfully opens the door and locks the data packet, but the data packet of other internet of things devices such as the lamp is provided, and the generated information is abnormal at the moment, so that relevant measures such as alarm and the like are needed to be given to the response module.
Claims (1)
1. An open heterogeneous network-oriented fusion anomaly detection system is characterized by comprising an anomaly detection module, a fusion anomaly detection analysis module and a response module, wherein the anomaly detection module is arranged in each layer of network,
the abnormality detection module is used for holding an offline data set of the network, inputting online data into the offline data set, establishing an abnormality detection algorithm based on the offline data set, detecting the online data abnormally, outputting an abnormality detection result, packaging the abnormality detection result into a first message, and sending the first message to the response module and the fusion abnormality detection module;
the fusion anomaly detection analysis module is used for analyzing after receiving the first message output by each network anomaly detection module, judging whether an anomaly exists or not by using a weighted average or probability analysis means of the results of each anomaly detection module and combining an actual scene, packaging the judgment result to generate a second message, and sending the second message to the response module;
the message one format is as follows:
The message two format is as follows:
And the response module receives the first message and the second message from the abnormality detection module and the fusion abnormality detection analysis module, and makes an alarm initiating, an alarm releasing and a connection cutting-off reaction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210115825.2A CN114650166B (en) | 2022-02-07 | 2022-02-07 | Fusion anomaly detection system for open heterogeneous network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210115825.2A CN114650166B (en) | 2022-02-07 | 2022-02-07 | Fusion anomaly detection system for open heterogeneous network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114650166A CN114650166A (en) | 2022-06-21 |
| CN114650166B true CN114650166B (en) | 2023-08-01 |
Family
ID=81993633
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210115825.2A Active CN114650166B (en) | 2022-02-07 | 2022-02-07 | Fusion anomaly detection system for open heterogeneous network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114650166B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117118749A (en) * | 2023-10-20 | 2023-11-24 | 天津奥特拉网络科技有限公司 | Personal communication network-based identity verification system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105407103A (en) * | 2015-12-19 | 2016-03-16 | 中国人民解放军信息工程大学 | Network threat evaluation method based on multi-granularity anomaly detection |
| CN113870230A (en) * | 2021-09-30 | 2021-12-31 | 湖南大学 | Surface anomaly detection method based on hybrid supervised learning |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101719842B (en) * | 2009-11-20 | 2011-09-21 | 中国科学院软件研究所 | Cloud computing environment-based distributed network security pre-warning method |
| US9366451B2 (en) * | 2010-12-24 | 2016-06-14 | Commonwealth Scientific And Industrial Research Organisation | System and method for the detection of faults in a multi-variable system utilizing both a model for normal operation and a model for faulty operation |
| CN103634296B (en) * | 2013-11-07 | 2017-02-08 | 西安交通大学 | Intelligent electricity network attack detection method based on physical system and information network abnormal data merging |
| US11552985B2 (en) * | 2017-02-17 | 2023-01-10 | Nec Corporation | Method for predicting events using a joint representation of different feature types |
| US11159540B2 (en) * | 2018-09-27 | 2021-10-26 | General Electric Company | Dynamic physical watermarking for attack detection in cyber-physical systems |
| JP2021114174A (en) * | 2020-01-20 | 2021-08-05 | 沖電気工業株式会社 | Abnormality detection device, abnormality detection program, and abnormality detection method |
| CN111964718A (en) * | 2020-08-11 | 2020-11-20 | 重庆大学 | Multi-source information fusion environment monitoring device and system thereof |
| CN112004204B (en) * | 2020-08-12 | 2022-09-23 | 河海大学常州校区 | High-dimensional data anomaly detection method based on layered processing in industrial Internet of things |
| CN113392429B (en) * | 2021-05-26 | 2023-12-12 | 江苏省电力试验研究院有限公司 | Block chain-based power distribution Internet of things data safety protection method and device |
-
2022
- 2022-02-07 CN CN202210115825.2A patent/CN114650166B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105407103A (en) * | 2015-12-19 | 2016-03-16 | 中国人民解放军信息工程大学 | Network threat evaluation method based on multi-granularity anomaly detection |
| CN113870230A (en) * | 2021-09-30 | 2021-12-31 | 湖南大学 | Surface anomaly detection method based on hybrid supervised learning |
Non-Patent Citations (4)
| Title |
|---|
| "Improving Cellular IoT Security with Identity Federation and Anomaly Detection";Bernardo Santos等;《2020 5th International Conference on Computer and Communication Systems》;全文 * |
| "基于物联网环境的异常检测功能分布式部署研究";杜群;《中国优秀硕士学位论文全文数据库》;全文 * |
| "智能家居无线嵌入式网关硬件平台的设计与实现";徐景;《中国优秀硕士学位论文全文数据库》;全文 * |
| 网络安全异常报警系统的设计与实现;张亚利;睢丹;;科技创新导报(03);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114650166A (en) | 2022-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110011999B (en) | IPv6 network DDoS attack detection system and method based on deep learning | |
| KR101375813B1 (en) | Active security sensing device and method for intrusion detection and audit of digital substation | |
| CN111092869B (en) | Security management and control method for terminal access to office network and authentication server | |
| CN110224990A (en) | A kind of intruding detection system based on software definition security architecture | |
| Sedjelmaci et al. | Novel hybrid intrusion detection system for clustered wireless sensor network | |
| Yusheng et al. | Intrusion detection of industrial control system based on Modbus TCP protocol | |
| CN111556083B (en) | Network attack physical side and information side collaborative source tracing device of power grid information physical system | |
| CN110086810A (en) | Passive type industrial control equipment fingerprint identification method and device based on characteristic behavior analysis | |
| CN110324323B (en) | New energy plant station network-related end real-time interaction process anomaly detection method and system | |
| CN106656627A (en) | Performance monitoring and fault positioning method based on service | |
| Alseiari et al. | Real-time anomaly-based distributed intrusion detection systems for advanced Metering Infrastructure utilizing stream data mining | |
| KR20150037285A (en) | Apparatus and method for intrusion detection | |
| CN111404914A (en) | Ubiquitous power Internet of things terminal safety protection method under specific attack scene | |
| CN101364981A (en) | Hybrid intrusion detection method based on Internet protocol version 6 | |
| CN113037745A (en) | Intelligent substation risk early warning system and method based on security situation awareness | |
| CN114650166B (en) | Fusion anomaly detection system for open heterogeneous network | |
| CN106789351A (en) | A kind of online intrusion prevention method and system based on SDN | |
| CN111224973A (en) | Network attack rapid detection system based on industrial cloud | |
| CN115865526A (en) | Industrial internet security detection method and system based on cloud edge cooperation | |
| Paul et al. | Towards the protection of industrial control systems–conclusions of a vulnerability analysis of profinet IO | |
| Kim et al. | Behavior Detection Mechanism for Trust Sensor Data Using Deep Learning in the Internet of Things | |
| Fenil et al. | Towards a secure software defined network with adaptive mitigation of dDoS attacks by machine learning approaches | |
| CN107241307A (en) | The Network Isolation safety device and method of a kind of self study based on message content | |
| La et al. | A misbehavior node detection algorithm for 6LoWPAN Wireless Sensor Networks | |
| KR102083028B1 (en) | System for detecting network intrusion |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |