CN114666127B - Abnormal flow detection method based on block chain - Google Patents
Abnormal flow detection method based on block chain Download PDFInfo
- Publication number
- CN114666127B CN114666127B CN202210284900.8A CN202210284900A CN114666127B CN 114666127 B CN114666127 B CN 114666127B CN 202210284900 A CN202210284900 A CN 202210284900A CN 114666127 B CN114666127 B CN 114666127B
- Authority
- CN
- China
- Prior art keywords
- node
- variable
- communication network
- mathematical
- variables
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000002159 abnormal effect Effects 0.000 title claims abstract description 32
- 238000001514 detection method Methods 0.000 title claims abstract description 14
- 238000004891 communication Methods 0.000 claims abstract description 35
- 241000854291 Dianthus carthusianorum Species 0.000 claims abstract description 10
- 238000004364 calculation method Methods 0.000 claims description 12
- 238000003066 decision tree Methods 0.000 claims description 11
- 238000000034 method Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 7
- 238000007781 pre-processing Methods 0.000 claims description 3
- 238000012216 screening Methods 0.000 claims description 3
- 238000012549 training Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 9
- 238000011160 research Methods 0.000 abstract description 5
- 238000004422 calculation algorithm Methods 0.000 description 7
- 238000005265 energy consumption Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- NAWXUBYGYWOOIX-SFHVURJKSA-N (2s)-2-[[4-[2-(2,4-diaminoquinazolin-6-yl)ethyl]benzoyl]amino]-4-methylidenepentanedioic acid Chemical compound C1=CC2=NC(N)=NC(N)=C2C=C1CCC1=CC=C(C(=O)N[C@@H](CC(=C)C(O)=O)C(O)=O)C=C1 NAWXUBYGYWOOIX-SFHVURJKSA-N 0.000 description 1
- 230000000052 comparative effect Effects 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000007637 random forest analysis Methods 0.000 description 1
- 238000012706 support-vector machine Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/026—Capturing of monitoring data using flow identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a block chain-based abnormal flow detection method, which effectively solves the problem that the effect is not obvious due to the fact that a plurality of problems which are not considered exist in the research aiming at defending attack in the prior art. According to the invention, a communication network based on a smart grid is constructed by utilizing a blockchain and a software defined network SDN, a cluster structure is adopted in the communication network, each cluster is made into an SDN domain, an SDN controller is selected in each SDN domain as a cluster head, entropy values of the cluster head and a target IP are calculated, mathematical variables obtained from flow information of the target IP are preprocessed, so that the feature importance of an output variable is classified by utilizing an automatic encoder, abnormal flow in the communication network is detected, and the safety of the communication network is further ensured.
Description
Technical Field
The invention relates to the field of smart grids, in particular to a block chain-based abnormal flow detection method.
Background
The smart power grid combines smart devices such as sensors and smart meters with emerging information and communication technologies to achieve continuous management of power customers, assets and operations. In recent years, a combination of a software defined network SDN and a smart grid, which is composed of a control center, a smart grid device and a communication network, has been widely studied. The software defined network SDN provides a centralized network control and programmable application interface, and brings greater scalability to the smart grid. However, advanced communication technologies also make networks more vulnerable to various security threats, particularly from attackers who build targeted attacks. An attacker decides to initiate a resource exhaustion attack on a firewall located between a substation subnet and a communication bus by long-term monitoring to acquire the attribute of the security function, and at this time, the firewall server fails due to the exhaustion of bandwidth and processing capacity.
Currently, there are many researches on defending attacks, for example, the following three patent documents with application numbers CN201811188730.3, CN201911211225.0 and CN201711403221.3 disclose a blockchain and method for protecting rule of SDN network flow, a distributed SDN synchronization method based on blockchain technology, and a distributed SDN control plane security authentication method based on blockchain thinking, which all have obvious effects on guaranteeing intelligent power networks, but also have the phenomena of not considering node energy consumption, fewer malicious nodes, not considering abnormal traffic processing and not considering energy consumption of an SDN controller, so that the effect of the research institute on defending attacks is not obvious at present.
The present invention thus provides a new solution to this problem.
Disclosure of Invention
Aiming at the defects existing in the prior art, the invention aims to provide an abnormal flow detection method based on a blockchain, which effectively solves the problem that the effects are not obvious due to the fact that a plurality of problems which are not considered exist in the research aiming at defending attacks in the prior art.
The technical scheme is that the abnormal flow detection method based on the blockchain specifically comprises the following steps:
s1, constructing a communication network based on a smart grid by utilizing a blockchain and a Software Defined Network (SDN), wherein the communication network comprises a data layer, a control layer and a blockchain layer, and a distributed SDN controller is arranged in the control layer;
s2, enabling the communication network in the step S1 to adopt a cluster structure, enabling each cluster to be SDN domains, and selecting one SDN controller in each SDN domain as a cluster head;
s3, calculating entropy values of the cluster head and the target IP in the step S2, comparing the entropy values with a set upper limit threshold and a set lower limit threshold, and screening out variables with obvious characteristics, wherein the target IP is the IP address of the target node;
s4, collecting characteristic variables of the target IP in the communication network within a predefined time interval;
s5, calculating the characteristic variables obtained in the step S4 to obtain a mean value, a median value, a standard deviation, an entropy value and a variation coefficient;
s6, preprocessing the characteristic variable obtained in the step S4 to obtain the characteristic importance of the characteristic variable;
s7, classifying the selected characteristics by using an automatic encoder according to the characteristic importance degree, and further obtaining abnormal flow.
Further, the variable with obvious characteristics in the step S3 is a variable whose entropy value is not between the set upper limit threshold and lower limit threshold.
where X is the characteristic variable and N is the total number of characteristic variables.
Further, the step S6 is to preprocess the importance of the feature variable by using the following specific steps:
x1, calculating the coefficient of the foundation of the mth decision tree node by using a formula (5), wherein the node m is a node before bifurcation on the decision tree:
wherein K represents that the node m has K-type characteristic variables and p mk Representing the proportion of the characteristic variable k in the node m, p mk’ Representing the proportion of the characteristic variable k which is different from the characteristic variable k in the node m, wherein GIm represents the probability of inconsistency of any two different characteristic variable categories in the node m;
x2, node l and node r are two child nodes after the decision tree is bifurcated, and the change quantity of the coefficient of the foundation of the decision point m before and after bifurcation is calculated by using a formula (6):
and X3, summing the variation of the coefficient of the ken obtained in the step X2 by using a formula (7):
x4, using formula (8) to normalize the sum obtained in step X3 to obtain a value as the importance of the feature variable:
wherein the method comprises the steps ofRepresenting the sum of the coefficients of the foundation of all characteristic variables, +.>Represents the sum of the coefficients of the key of node VIM over all decision tree nodes, where i, j are characteristic variables.
Further, the step S7 of classifying the flow by using the automatic encoder to classify the feature importance of the feature variable specifically includes the following steps:
Y1、inputting feature importance for feature variables as data X to training a variational automatic encoder VAE using a normal flow data set Xθ, thus the probability coding model +.>And probability decoding model g θ In (a) and (b);
y2, obtaining the data x in probability coding model by utilizing an automatic encoderAnd probability decoding model g θ The reconstruction error epsilon= |x-x| in (2), wherein the data x generating the reconstruction error epsilon forms a flow set x i ,i=1,...,N;
Y3, for each flow set x i Respectively processing and utilizing decoder output decoding meansSum of variances->Two parameters;
y4, decoding average value output according to step Y3Sum of variances->The two parameters get the abnormal flow.
The invention has the following beneficial effects:
by arranging the distributed cluster taking the SDN controller as the core in the communication network in the application, the influence of the prior art on the communication network when single-point faults occur is avoided, meanwhile, the nodes and the SDN controller are balanced, the blockchain technology is combined, the safety and privacy of the communication network are enhanced, whether abnormal traffic exists in the communication network is detected, the purpose that higher accuracy is achieved on the basis of lower time expenditure is achieved, the accuracy of the communication network is improved, and the phenomenon that node energy consumption is not considered, the number of malicious nodes is less, the processing of the abnormal traffic is not considered and the phenomenon that the energy consumption problem of the SDN controller is not considered is caused is effectively solved.
Drawings
FIG. 1 is a comparative schematic diagram of the runtime effect of the present invention.
FIG. 2 is a schematic diagram showing the comparison of the effect of false alarm rate according to the present invention.
FIG. 3 is a graph showing the comparison of the effect of the precision of the present invention.
Detailed Description
The foregoing and other features, aspects and advantages of the present invention will become more apparent from the following detailed description of the embodiments, which proceeds with reference to the accompanying figures 1-3. The following embodiments are described in detail with reference to the drawings.
Exemplary embodiments of the present invention will be described below with reference to the accompanying drawings.
An abnormal traffic detection method based on a blockchain specifically comprises the following steps:
s1, constructing a communication network based on a smart grid by utilizing a blockchain and a Software Defined Network (SDN), wherein the communication network comprises a data layer, a control layer and a blockchain layer, and a distributed SDN controller is arranged in the control layer;
s2, enabling the communication network in the step S1 to adopt a cluster structure, enabling each cluster to be SDN domains, and selecting one SDN controller in each SDN domain as a cluster head;
s3, calculating entropy values of the cluster head and the target IP in the step S2, comparing the entropy values with a set upper limit threshold and a set lower limit threshold, and screening out variables with obvious characteristics, wherein the target IP is the IP address of the target node;
s4, collecting characteristic variables of the target IP in the communication network within a predefined time interval;
s5, calculating the characteristic variables obtained in the step S4 to obtain a mean value, a median value, a standard deviation, an entropy value and a variation coefficient;
s6, preprocessing the characteristic variable obtained in the step S4 to obtain the characteristic importance of the characteristic variable;
s7, classifying the selected characteristics by using an automatic encoder according to the characteristic importance degree, and further obtaining abnormal flow.
And in the step S3, the variable with obvious characteristics is the variable of which the entropy value is not between the set upper limit threshold value and the set lower limit threshold value.
where X is the characteristic variable and N is the total number of characteristic variables.
The step S6 is to preprocess the importance degree of the characteristic variable by using the following specific steps:
x1, calculating the coefficient of the foundation of the mth decision tree node by using a formula (5), wherein the node m is a node before bifurcation on the decision tree:
wherein K represents that the node m has K-type characteristic variables,p mk Representing the proportion of the characteristic variable k in the node m, p mk’ Representing the proportion of the characteristic variable k which is different from the characteristic variable k in the node m, wherein GIm represents the probability of inconsistency of any two different characteristic variable categories in the node m;
x2, node l and node r are two child nodes after the decision tree is bifurcated, and the change quantity of the coefficient of the foundation of the decision point m before and after bifurcation is calculated by using a formula (6):
and X3, summing the variation of the coefficient of the ken obtained in the step X2 by using a formula (7):
x4, using formula (8), normalizing the sum of the variation amounts of the coefficient of the kunit obtained in step X3 to obtain a value as the importance of the feature variable:
wherein the method comprises the steps ofRepresenting the sum of the coefficients of the foundation of all characteristic variables, +.>Representing node VIM j The coefficients of the kuntze sum over all decision tree nodes, where i, j are characteristic variables.
The step S7 of classifying the flow by utilizing the automatic encoder to classify the feature importance of the feature variable specifically comprises the following steps:
y1, inputting the feature importance of the feature variable as data X to training the variable automatic encoder VAE by using the normal flow data set XTraining deviceθ, thus the probability coding model +.>And probability decoding model g θ In that the data x is subjected to x-x ' with an automatic encoder, where dim (x) > dim (x '), and to x '. Fwdarw.x "with a decoder, where dim (x) > dim (x"), where × is performed>G is a probability coding model θ Is a probabilistic decoding model, and μ z (i),σ z (i)=f φ (z|x (i) ),/>
Y2, obtaining the data x in probability coding model by utilizing an automatic encoderAnd probability decoding model g θ The reconstruction error epsilon= |x-x| in (2), wherein the data x generating the reconstruction error epsilon forms a flow set x i I=1,..n, when the reconstruction error e=0, the automatic encoder performs lossless compression;
y3, for each flow set x i Respectively processing and utilizing decoder output decoding meansSum of variances->Two parameters, first according to the probabilistic encoder model +.>Acquiring a flow set x i The encoded mean mu of (a) z (i) Sum of variances sigma z (i) Two parameters and from the probabilistic encoder model +.>Extract flow set x i Takes L traffic in (1) as samples and takes the samples according to a probability decoder model g θ Output decoded mean +.>Sum of variances->Two parameters;
y4, decoding average value output according to step Y3Sum of variances->Obtaining abnormal flow by two parameters, namely decoding average value output according to step Y3 +.>Sum of variances->Two parameters, calculate the flow set x i Reconstruction probability generated from Bernoulli distribution>When RP (i) < threshold a, traffic set x i And if the flow is normal, otherwise, the flow is abnormal.
In the actual use process, firstly, a communication network based on an intelligent power grid is constructed by utilizing a block chain and a software defined network SDN, a cluster structure is adopted in the communication network, each cluster is made to be an SDN domain, an SDN controller is selected in each SDN domain to serve as a cluster head, entropy values of the cluster head and a target IP are calculated, characteristic variables obtained in flow information of the target IP are preprocessed, so that the characteristic importance of an output variable is classified by utilizing an automatic encoder, abnormal flow in the communication network is detected, an automatic encoder-based detection algorithm EP-RF-SVM of the application is compared with three indexes of a random forest algorithm RF, a neighbor algorithm KNN and a support vector machine algorithm SVM in running time, a false alarm rate FPR and a precision P, and in the method, the figures 1-3 are effect comparison under the three indexes, wherein the false alarm rate FPR represents the proportion of a normal flow sample detected as the normal flow sample in the application, the false alarm rate FPR value is smaller, the algorithm performance is higher than the false alarm rate FPR, and the algorithm performance is represented as the actual flow sample represented as the attack sample by the formula (10):
the numbers of abnormal flow and normal flow in the abnormal flow detected by TP and FP respectively, the numbers of abnormal flow and normal flow in the abnormal flow not detected by FN and TN respectively, and the figures 1-3 can know that the detection algorithm EP-RF-SVM based on the automatic encoder simultaneously shows excellent performance in three indexes of running time, false alarm rate FPR and precision rate P.
The invention has the following beneficial effects:
(1) By arranging the distributed cluster taking the SDN controller as the core in the communication network in the application, the influence of the prior art on the communication network when single-point faults occur is avoided, meanwhile, the nodes and the SDN controller are balanced, the blockchain technology is combined, the safety and the privacy of the communication network are enhanced, whether abnormal traffic exists in the communication network is detected, the higher accuracy rate is realized on the basis of lower time expenditure, the accuracy of the communication network is improved, and the phenomenon that the effect is not obvious due to the phenomenon that node energy consumption is not considered, the number of malicious nodes is less, the processing of the abnormal traffic is not considered and the energy consumption problem of the SDN controller is not considered in the research on defending attacks in the prior art is effectively solved.
(2) The abnormal flow detection method using the automatic encoder can automatically detect abnormal flow and normal flow, avoids the problem that the abnormal flow is not considered in the prior art, and further causes the security of the communication network to be not guaranteed, and further guarantees the security of the communication network.
Claims (4)
1. The abnormal traffic detection method based on the blockchain is characterized by comprising the following steps of:
s1, constructing a communication network based on a smart grid by utilizing a blockchain and a Software Defined Network (SDN), wherein the communication network comprises a data layer, a control layer and a blockchain layer, and a distributed SDN controller is arranged in the control layer;
s2, enabling the communication network in the step S1 to adopt a cluster structure, enabling each cluster to be SDN domains, and selecting one SDN controller in each SDN domain as a cluster head;
s3, calculating entropy values of the cluster head and the target IP in the step S2, comparing the entropy values with a set upper limit threshold and a set lower limit threshold, and screening out variables with obvious characteristics, wherein the target IP is the IP address of the target node;
s4, collecting characteristic variables of the target IP in the communication network within a predefined time interval;
s5, calculating the characteristic variables obtained in the step S4 to obtain a mean value, a median value, a standard deviation, an entropy value and a variation coefficient;
s6, preprocessing the characteristic variable obtained in the step S4 to obtain the characteristic importance of the characteristic variable;
s7, classifying the selected characteristic variables by using an automatic encoder according to the characteristic importance, and further obtaining abnormal flow;
the step S6 is to preprocess the importance of the mathematical variables by using the following specific steps:
x1, calculating the coefficient of the foundation of the mth decision tree node by using a formula (5), wherein the node m is a node before bifurcation on the decision tree:
wherein K represents that the node m has K types of mathematical variables, p mk Representing the proportion of the numerical variable k in the node m, p mk’ Representing the proportion of a mathematical variable k different from a mathematical variable k in a node m, and GIm represents the probability of inconsistency of any two different mathematical variable categories in the node m;
x2, node l and node r are two child nodes after the decision tree is bifurcated, and the change quantity of the coefficient of the foundation of the decision point m before and after bifurcation is calculated by using a formula (6):
and X3, summing the variation of the coefficient of the ken obtained in the step X2 by using a formula (7):
x4, using formula (8) to normalize the sum obtained in step X3 to obtain a value as the importance of the feature of the mathematical variable:
2. The abnormal traffic detection method according to claim 1, wherein the variable with obvious characteristics in the step S3 is a variable whose entropy value is not between the set upper threshold and lower threshold.
3. The abnormal traffic detection method according to claim 1, wherein the mean value calculation formula in the step S5 is:
where X is the mathematical variable and N is the total number of mathematical variables.
4. The abnormal traffic detection method according to claim 1, wherein the step S7 of classifying the traffic by using the automatic encoder for the feature importance of the digital variable comprises the steps of:
y1, inputting the feature importance of the logarithmic variable as data X to training the variational automatic encoder VAE by using the normal flow data set XIn the probability coding model thus obtained +.>And probability decoding model g θ In (a) and (b);
y2, obtaining the data x in probability coding model by utilizing an automatic encoderAnd probability decoding model g θ Reconstruction error e= |x-x "| in (b), wherein data x generating reconstruction error e constitutes flow set x i ,i=1,…,N;
Y3, for each flow set x i Respectively processing and utilizing decoder output decoding meansAnd->Two parameters;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210284900.8A CN114666127B (en) | 2022-03-22 | 2022-03-22 | Abnormal flow detection method based on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210284900.8A CN114666127B (en) | 2022-03-22 | 2022-03-22 | Abnormal flow detection method based on block chain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114666127A CN114666127A (en) | 2022-06-24 |
CN114666127B true CN114666127B (en) | 2023-05-23 |
Family
ID=82030509
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210284900.8A Active CN114666127B (en) | 2022-03-22 | 2022-03-22 | Abnormal flow detection method based on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114666127B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112019338A (en) * | 2019-05-31 | 2020-12-01 | 浙江工商大学 | Lightweight safety smart power grid communication method and system based on block chain |
CN112528277A (en) * | 2020-12-07 | 2021-03-19 | 昆明理工大学 | Hybrid intrusion detection method based on recurrent neural network |
CN112637193A (en) * | 2020-12-21 | 2021-04-09 | 江苏省未来网络创新研究院 | Industrial Internet security situation awareness system based on SDN |
CN112800116A (en) * | 2021-04-08 | 2021-05-14 | 腾讯科技(深圳)有限公司 | Method and device for detecting abnormity of service data |
CN113807858A (en) * | 2021-09-23 | 2021-12-17 | 未鲲(上海)科技服务有限公司 | Data processing method based on decision tree model and related equipment |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102132539B1 (en) * | 2018-11-26 | 2020-07-09 | 한국과학기술원 | System for secure software defined networking(sdn) based on block-chain and the method thereof |
-
2022
- 2022-03-22 CN CN202210284900.8A patent/CN114666127B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112019338A (en) * | 2019-05-31 | 2020-12-01 | 浙江工商大学 | Lightweight safety smart power grid communication method and system based on block chain |
CN112528277A (en) * | 2020-12-07 | 2021-03-19 | 昆明理工大学 | Hybrid intrusion detection method based on recurrent neural network |
CN112637193A (en) * | 2020-12-21 | 2021-04-09 | 江苏省未来网络创新研究院 | Industrial Internet security situation awareness system based on SDN |
CN112800116A (en) * | 2021-04-08 | 2021-05-14 | 腾讯科技(深圳)有限公司 | Method and device for detecting abnormity of service data |
CN113807858A (en) * | 2021-09-23 | 2021-12-17 | 未鲲(上海)科技服务有限公司 | Data processing method based on decision tree model and related equipment |
Non-Patent Citations (4)
Title |
---|
"基于决策树的网络舆情类型识别模型研究";覃玉冰、邓春林、杨柳、肖望、张昊宇;《智能计算机与应用》;第8卷(第6期);第27-32页 * |
"基于区块链的电网全业务数据分布式存储应用";王丽霞、李伟、李广野、温鑫;《信息技术》;第43卷(第1期);全文 * |
信息科技》.2022,(第1期),全文. * |
薛晨子."基于区块链的智能电网管控研究".《工程科技Ⅱ辑 * |
Also Published As
Publication number | Publication date |
---|---|
CN114666127A (en) | 2022-06-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Liang et al. | Data fusion approach for collaborative anomaly intrusion detection in blockchain-based systems | |
Wainakh et al. | Enhancing privacy via hierarchical federated learning | |
Li et al. | A game-theoretic approach to fake-acknowledgment attack on cyber-physical systems | |
CN110166454B (en) | Mixed feature selection intrusion detection method based on adaptive genetic algorithm | |
Eslahi et al. | Periodicity classification of HTTP traffic to detect HTTP Botnets | |
CN112149967B (en) | Power communication network vulnerability assessment method and system based on complex system theory | |
CN115208604B (en) | AMI network intrusion detection method, device and medium | |
Mirzaee et al. | Fids: A federated intrusion detection system for 5g smart metering network | |
CN115277055B (en) | Method and device for guaranteeing data interaction safety of Internet of things and electronic equipment | |
Zhou et al. | Research of network traffic anomaly detection model based on multilevel autoregression | |
CN114205816B (en) | Electric power mobile internet of things information security architecture and application method thereof | |
Roopa et al. | Blockchain based spectrum sensing for secured cognitive radio wireless networks | |
CN114666127B (en) | Abnormal flow detection method based on block chain | |
CN116684202B (en) | Internet of things information security transmission method | |
CN117640223A (en) | Dynamic evaluation method, system, equipment and medium for trust degree of electric power Internet of things equipment | |
Zhu et al. | A distributed sequential algorithm for collaborative intrusion detection networks | |
CN116405262A (en) | Network security access method, device, equipment and storage medium | |
Dongmei et al. | A risk assessment method of the wireless network security | |
CN113794742B (en) | High-precision detection method for FDIA of power system | |
Rakas et al. | Intrusion detection systems in smart grid | |
Alotaibi | A hybrid attack detection strategy for cybersecurity using moth elephant herding optimisation‐based stacked autoencoder | |
He et al. | Detecting anomalies in distributed control systems by modeling traffic behaviors | |
Xie | Data Security Model Construction of Network Coding of Wireless Communication Based on Deep Learning Algorithm | |
Dai et al. | Online Network traffic anomaly detection method combining OS-ELM and SADE | |
Dang et al. | Trusted dynamic threshold caculation method in power IoT |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |