CN116707902A - LoRaWAN network attack detection method based on decision tree - Google Patents
LoRaWAN network attack detection method based on decision tree Download PDFInfo
- Publication number
- CN116707902A CN116707902A CN202310668900.2A CN202310668900A CN116707902A CN 116707902 A CN116707902 A CN 116707902A CN 202310668900 A CN202310668900 A CN 202310668900A CN 116707902 A CN116707902 A CN 116707902A
- Authority
- CN
- China
- Prior art keywords
- lorawan
- decision tree
- data
- attack
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003066 decision tree Methods 0.000 title claims abstract description 68
- 238000001514 detection method Methods 0.000 title claims abstract description 14
- 238000000034 method Methods 0.000 claims abstract description 27
- 238000012795 verification Methods 0.000 claims abstract description 8
- 238000012549 training Methods 0.000 claims abstract description 7
- 238000012545 processing Methods 0.000 claims abstract description 6
- 230000000903 blocking effect Effects 0.000 claims abstract description 4
- 230000000694 effects Effects 0.000 claims abstract description 4
- 108010003272 Hyaluronate lyase Proteins 0.000 claims description 11
- 238000004891 communication Methods 0.000 claims description 11
- 238000013138 pruning Methods 0.000 claims description 11
- 230000005540 biological transmission Effects 0.000 claims description 9
- 238000005516 engineering process Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 7
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 4
- 238000007405 data analysis Methods 0.000 claims description 3
- 238000005265 energy consumption Methods 0.000 claims description 3
- 239000000203 mixture Substances 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000004458 analytical method Methods 0.000 claims description 2
- 239000000284 extract Substances 0.000 claims 1
- 230000006399 behavior Effects 0.000 abstract 1
- 238000011897 real-time detection Methods 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 4
- QVFWZNCVPCJQOP-UHFFFAOYSA-N chloralodol Chemical compound CC(O)(C)CC(C)OC(O)C(Cl)(Cl)Cl QVFWZNCVPCJQOP-UHFFFAOYSA-N 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 230000007480 spreading Effects 0.000 description 2
- 230000015556 catabolic process Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000006731 degradation reaction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000010187 selection method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B17/00—Monitoring; Testing
- H04B17/30—Monitoring; Testing of propagation channels
- H04B17/309—Measuring or estimating channel quality parameters
- H04B17/318—Received signal strength
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B17/00—Monitoring; Testing
- H04B17/30—Monitoring; Testing of propagation channels
- H04B17/309—Measuring or estimating channel quality parameters
- H04B17/336—Signal-to-interference ratio [SIR] or carrier-to-interference ratio [CIR]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a LoRaWAN network attack detection method based on a decision tree. Firstly, collecting data packets of LoRaWAN equipment nodes, analyzing and extracting characteristics of the data when the LoRaWAN equipment nodes are attacked and not attacked, then constructing a decision tree model by utilizing a characteristic attribute selection algorithm, performing data training, evaluating the performance and effect of the model by adopting indexes such as cross verification, accuracy rate, recall rate and the like, and improving the precision and generalization performance of the decision tree model by performing operations such as parameter adjustment, cross verification and the like. Finally, the real-time detection of LoRaWAN network attack is realized, and once suspicious attack behaviors occur, blocking processing operation can be accurately and efficiently performed. The method can effectively and timely detect the data conforming to the attack characteristics, reduces the safety risk of the LoRaWAN network application, has the advantages of timely detection, high accuracy, strong expandability and the like, and is suitable for various LoRaWAN application scenes.
Description
Technical Field
The invention relates to the technical field of Internet of things protocol security, in particular to a LoRaWAN network attack detection method based on a decision tree.
Background
With the rapid development of the LoRaWAN technology, the popularization of the Internet of things equipment, and the wireless communication network is more widely applied to actual life. Recently, the lorewan technology is widely applied to various internet of things scenes, but security threats of the lorewan network are increased due to the openness of the lorewan network, defects of a protocol and more advanced attack means, various attacks on the lorewan device bring about serious risks to the lorewan application, for example, a so-called key extraction attack can lead to confidentiality and integrity degradation, and interference attack can seriously impair the usability of the lorewan wireless connection, and the DoS attack is more difficult to prevent compared with the DoS attack of the traditional IP network transmission layer because the DoS attack is performed on a wireless physical layer. In order to cope with the above challenges, researchers have studied on system reinforcement and intrusion detection, such as new media access methods that are not easily subject to intentional interference, such as code hopping, and there is room for improvement in attack detection despite the progress in the lorewan security study that improves wireless availability. Based on the defects of the research, the invention aims to provide a LoRaWAN network attack detection method based on a decision tree, and the safety of the LoRaWAN network is ensured by a more efficient and more accurate method by means of a modern data analysis technology.
Disclosure of Invention
The invention aims to provide a decision tree-based LoRaWAN network attack detection method, which combines a data analysis technology, and can effectively and timely detect common attacks of a LoRaWAN network by carrying out deep analysis on LoRaWAN flow data while ensuring that the influence on the resource and energy consumption is not great, thereby reducing the risk of network security events of the Internet of things and improving the usability of a system.
In order to achieve the above purpose, the technical scheme adopted by the invention comprises the following steps:
step S1, collecting LoRaWAN equipment data: the network traffic packet capturing technology is used for monitoring normal communication data of the LoRaWAN equipment and data when the LoRaWAN equipment is attacked, and storing and analyzing the data.
Step S2, extracting LoRaWAN data characteristics: and performing operations such as data grouping, feature extraction and the like on the acquired data set. According to the LoRaWAN specification, analyzing various fields of the LoRaWAN data packet, and acquiring metadata information of each LoRaWAN data packet, wherein the metadata information comprises RSSI (received signal strength), SNR (signal to noise ratio), DR (data rate), freq (frequency), SF (spreading factor), TS (transmission time stamp) and Fcnt (frame counter) information.
The RSSI is the received signal strength, and refers to a signal strength value obtained by a receiving end from the field strength of a received signal, which is a negative value, and is usually in dBm. The larger the value, the stronger the signal, the minimum can reach-140 dBm, and the maximum is 0 dBm.
The SNR is the signal-to-noise ratio, which refers to the difference between the signal strength and the background noise, usually expressed in dB. A value above 0dB typically indicates a good signal, while a value below 0dB indicates a bad signal.
The DR is a data rate, which refers to the modulation scheme used when transmitting or receiving data packets, and is typically expressed in terms of symbols per second.
The Freq is a channel frequency, which refers to a transmission frequency of a data packet, and is usually expressed in MHz, and because the LoRa works in ISM unlicensed frequency bands, the Freq is usually concentrated in CN470 frequency bands in China.
The SF is a spreading factor, which refers to a parameter used to spread the duration of a data packet and increase the coverage of the data packet in a modulation scheme of LoRa. The lowwan data packet contains spreading factors, that is, it is designated what kind of spreading factor is adopted by the device when transmitting data, and different spreading factors may affect aspects such as transmission rate, transmission distance, and battery life of the data packet.
The TS is a sending time stamp, which refers to a time stamp of a data packet sent by the LoRaWAN device, and is used for calculating network delay or performing time synchronization under a multi-device scene.
The Fcnt is a frame counter including transmit and receive frame counters that are used to detect and prevent replay attacks.
Step S3, constructing a LoRaWAN network attack decision tree: and training a decision tree model by using the processed data set, and classifying a plurality of LoRaWAN attack types. And sequentially constructing a root node and child nodes from the root node, thereby obtaining a decision tree model.
S4, pruning the decision tree: in order to avoid the situation of over-fitting or under-fitting of the decision tree, pruning treatment is required to be carried out on the decision tree.
Step S5, prediction and evaluation: and inputting the newly acquired LoRaWAN data into a constructed decision tree, and judging whether the communication node is attacked and the type of the attack according to the tree structure and the classification rule. The performance and effect of the model are evaluated by adopting indexes such as cross verification, accuracy rate, recall rate and the like, and the accuracy and generalization performance of the decision tree model are improved through operations such as parameter adjustment, cross verification and the like.
Step S6, detecting attack in real time: and detecting data flowing in the LoRaWAN in real time, judging the type of attack if the LoRaWAN data contains the attack characteristic attribute according to the output result of the decision tree model, and performing corresponding blocking processing on the LoRaWAN communication.
The step S3 is to construct LoRaWAN network attack decision tree as follows:
step S31, selecting a root node. For the feature attribute selection of the node, starting from the root node, calculating the information gain ratio of all possible feature attributes for the node, selecting the information feature attribute with the largest information gain ratio as the dividing feature of the node, and establishing the child node by different values of the feature. To obtain the information gain ratio, the information entropy is required, the calculation formula is shown as formula (1), and the information gain ratio calculation formula is shown as formula (2):
(1)
for measuring the breadth and uniformity of a split dataset of a characteristic attribute a.
(2)
In the method, in the process of the invention,representing a training dataset, formed byA sample composition. A isHas a certain characteristic attribute ofDifferent values, according to whichDivided intoThe number of subsets of the set,represent the firstIndividual subsets [ ]),Representing subsetsIs the number of samples in the sample.
And S32, recursively calling the child nodes. The method is recursively called on the child nodes to construct the LoRaWAN network attack decision tree.
Step S33, stopping dividing the nodes at proper positions. The division termination conditions include: (1) all samples of a given node belong to the same class, (2) no residual attributes can be used to further divide the samples, using majority voting, (3) no residual samples.
And step S34, obtaining a decision tree model.
Compared with the existing LoRaWAN attack detection method, the LoRaWAN network attack detection method based on the decision tree has the following advantages:
(1) The method provided by the invention has high efficiency: through the processing of the decision tree, the flow data in the LoRaWAN network can be comprehensively analyzed and classified in a short time, and the detection efficiency is improved.
(2) The detection accuracy is high: by adopting the decision tree model, various attacks can be identified and positioned more accurately, and the safety of the LoRaWAN network is effectively ensured.
(3) The expandability is strong: the method can be used for different LoRaWAN application scenes, is compatible with equipment of different manufacturers, can perform personalized parameter setting according to requirements, and is wide in applicability.
Drawings
Fig. 1 is a schematic diagram of implementation steps of a technical solution according to an embodiment of the present invention.
FIG. 2 is a diagram of the decision tree model building steps according to an embodiment of the present invention.
FIG. 3 is a schematic diagram of a decision tree model according to an embodiment of the present invention.
Detailed Description
Examples:
as shown in fig. 1, the technical solution of the embodiment of the present invention includes 6 steps: collecting LoRaWAN equipment data, extracting LoRaWAN data characteristics, constructing a LoRaWAN network attack decision tree, pruning the decision tree, predicting and evaluating, and detecting attack in real time;
the specific implementation steps of this embodiment are as follows:
step S1, collecting LoRaWAN equipment data: most of the Internet of things equipment forms a terminal device through a sensor and a communication node, the equipment is communicated with a server to complete data transmission, such as temperature and humidity data acquisition of an agricultural pasture, a relatively fixed data format is sent to the server every day, and when the equipment is attacked, communication data packets of the equipment are necessarily affected. The network traffic packet capturing technology is used for monitoring normal communication data of the LoRaWAN equipment and data when the LoRaWAN equipment is attacked, and storing and analyzing the data.
Step S2, extracting LoRaWAN data characteristics: and performing operations such as data grouping, feature extraction and the like on the acquired data set. According to the LoRaWAN specification, analyzing various fields of the LoRaWAN data packet, and acquiring metadata information of each LoRaWAN data packet, wherein the metadata information comprises RSSI (received signal strength), SNR (signal to noise ratio), DR (data rate), freq (frequency), SF (spreading factor), TS (transmission time stamp) and Fcnt (frame counter) information.
Step S3, constructing a LoRaWAN network attack decision tree: and training a decision tree model by using the processed data set, classifying a plurality of LoRaWAN attack types, and taking the characteristic attribute in the step S2 as a node.
As shown in fig. 2, the lorewan network attack decision tree is constructed in four steps: s31 selects a root node, S32 sub-nodes are called recursively, S33 stops dividing the nodes at proper positions, and S34 obtains a decision tree model. For the characteristic attribute selection of the node, starting from the root node, calculating the information gain ratio of all possible characteristic attributes for the node, selecting the information characteristic attribute with the largest information gain ratio as the dividing characteristic of the node, establishing child nodes by different values of the characteristic, and recursively calling the child nodes to construct a decision tree; until the information gain ratio of all features is small or no features can be selected, the final decision tree is obtained. In the process of generating the decision tree, different splitting modes are needed for discrete data and continuous data, and the termination condition of data set division is considered before the subtree is generated, and the decision tree with proper size can be obtained only by stopping the division process at a proper position. The division termination conditions include: (1) all samples of a given node belong to the same class, (2) no residual attributes can be used to further divide the samples, using majority voting, (3) no residual samples.
The information gain ratio is a feature selection method of the decision tree, and the main idea is that on the basis of calculating the information gain of a certain feature attribute, the information gain is divided by the information quantity contained in the feature attribute, so that the influence caused by the information of the feature is eliminated, and the information quantity calculation process is shown in a formula (3). The information gain ratio is the ratio of the information gain of a certain characteristic attribute A to the data set S to the entropy value of the current data set S about the characteristic attribute A, and the calculation process is shown in a formula (4).
(3)
For measuring the breadth and uniformity of a split dataset of a characteristic attribute a. The more uniform the distribution of values of the sample S over the attribute a,the greater the value of (2).
(4)
In the method, in the process of the invention,representing a training dataset, formed byA sample composition. A isHas a certain characteristic attribute ofDifferent values, according to whichDivided intoThe number of subsets of the set,represent the firstIndividual subsets [ ]),Representing subsetsIs the number of samples in the sample.
As shown in fig. 3, as a schematic diagram of a constructed decision tree model, the selected LoRaWAN data feature attribute 1 with the largest information gain ratio is a root node; the internal nodes are non-leaf nodes in the decision tree and are used for dividing a data set and generating subtrees, dividing the data into smaller subsets, including LoRaWAN data characteristic attribute 2, loRaWAN data characteristic attribute 3, loRaWAN data characteristic attribute 4, loRaWAN data characteristic attribute 5, loRaWAN data characteristic attribute 6 and LoRaWAN data characteristic attribute 7, wherein the data characteristic attributes comprise RSSI (received signal strength), SNR (signal to noise ratio), DR (data rate), freq (frequency), SF (spreading factor), TS (transmission time stamp) and Fcnt (frame counter) information; the leaf nodes are classification results in the decision tree, and represent which type of attack the LoRaWAN network is subjected to, including interference attack, energy consumption attack, replay attack and Dos attack.
S4, pruning the decision tree: in order to avoid the situation of over-fitting or under-fitting of the decision tree, pruning treatment is required to be carried out on the decision tree. Specifically, a pre-pruning or post-pruning strategy can be adopted to reduce branch nodes or merged leaf nodes, and the complexity of the decision tree is reduced and the prediction accuracy is improved through pruning processing.
Step S5, prediction and evaluation: and inputting the newly acquired LoRaWAN data into a constructed decision tree, and judging whether the communication node is attacked and the type of the attack according to the tree structure and the classification rule. The performance and effect of the model are evaluated by adopting indexes such as cross verification, accuracy rate, recall rate and the like, and the accuracy and generalization performance of the decision tree model are improved through operations such as parameter adjustment, cross verification and the like.
Step S6, detecting attack in real time: the method comprises the steps of detecting data flowing through the LoRaWAN in real time, obtaining a result according to a series of processing and judging of a decision tree model, judging whether current LoRaWAN equipment is attacked or not, judging which type of attack belongs to if the data contains attack characteristics, and making corresponding reaction according to the type of attack received, so that warning and blocking of the LoRaWAN attack are achieved, the safety risk of the LoRaWAN network is reduced, and the operation safety of a system is protected.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (8)
1. The invention provides a LoRaWAN network attack detection method based on a decision tree, which is characterized by comprising the following steps: s1, collecting LoRaWAN equipment data, S2 extracting LoRaWAN data characteristics, S3 constructing a LoRaWAN network attack decision tree, S4 performing pruning operation on the decision tree, S5 predicting and evaluating, and S6 detecting attack in real time; by combining the modern data analysis technology, the method can effectively and timely detect the common attacks of the LoRaWAN network by carrying out deep analysis on the LoRaWAN flow data while ensuring that the influence on the resource and energy consumption is not great, thereby reducing the risk of the network security event of the Internet of things and improving the usability of the system.
2. The method for detecting the lorewan network attack based on the decision tree according to claim 1, wherein the step S1 collects the data of the lorewan device: the network traffic packet capturing technology is used for monitoring normal communication data of the LoRaWAN equipment and data when the LoRaWAN equipment is attacked, and storing and analyzing the data.
3. The method for detecting the lorewan network attack based on the decision tree according to claim 1, wherein the step S2 extracts the lorewan data characteristics: performing operations such as data grouping, feature extraction and the like on the acquired data set; according to the LoRaWAN specification, analyzing various fields of the LoRaWAN data packet, and acquiring metadata information of each LoRaWAN data packet, wherein the metadata information comprises RSSI (received signal strength), SNR (signal to noise ratio), DR (data rate), freq (frequency), SF (spreading factor), TS (transmission time stamp) and Fcnt (frame counter) information.
4. The method for detecting the lorewan network attack based on the decision tree according to claim 1, wherein the step S3 is to construct the lorewan network attack decision tree: training a decision tree model by using the processed data set, and classifying a plurality of LoRaWAN attack types; and sequentially constructing a root node and child nodes from the root node, thereby obtaining a decision tree model.
5. The method for detecting the lorewan network attack based on the decision tree according to claim 1, wherein the step S4 of pruning the decision tree is characterized in that: in order to avoid the situation of over-fitting or under-fitting of the decision tree, pruning treatment is required to be carried out on the decision tree.
6. The method for detecting the lorewan network attack based on the decision tree according to claim 1, wherein the step S5 predicts and evaluates: inputting newly acquired LoRaWAN data into a constructed decision tree, and judging whether the communication node is attacked and the type of the attack according to the tree structure and the classification rule; the performance and effect of the model are evaluated by adopting indexes such as cross verification, accuracy rate, recall rate and the like, and the accuracy and generalization performance of the decision tree model are improved through operations such as parameter adjustment, cross verification and the like.
7. The method for detecting the lorewan network attack based on the decision tree according to claim 1, wherein the step S6 is to detect the attack in real time: and detecting data flowing in the LoRaWAN network in real time, judging the type of attack of the LoRaWAN network if the LoRaWAN data contains the attack characteristic attribute according to the output result of the decision tree model, and performing corresponding blocking processing on the LoRaWAN network communication.
8. The method for detecting the lorewan network attack based on the decision tree according to claim 1, wherein the step of constructing the lorewan network attack decision tree in the step S3 is as follows:
s31, selecting a root node; for the feature attribute selection of the node, starting from the root node, calculating the information gain ratio of all possible feature attributes for the node, selecting the information feature attribute with the largest information gain ratio as the dividing feature of the node, and establishing the child node by different values of the feature; to obtain the information gain ratio, the information entropy is required, the calculation formula is shown as formula (1), and the information gain ratio calculation formula is shown as formula (2):
(1)
the method is used for measuring the breadth and uniformity of a split data set of a certain characteristic attribute A;
(2)
in the method, in the process of the invention,represents a training dataset, consists of->A sample composition; a is->Is a characteristic attribute of a certain of the (c),there is->Different values, according to which +.>Divided into->Subset of->Indicate->Subset (+)>),/>Representation subset->The number of samples in (a);
s32, recursively calling the child nodes; recursively calling the method to the child nodes to construct a LoRaWAN network attack decision tree;
s33, stopping dividing the nodes at proper positions; the division termination conditions include: (1) all samples of a given node belong to the same class, (2) no residual attributes can be used to further divide the samples, using majority voting, (3) no residual samples;
and step S34, obtaining a decision tree model.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310668900.2A CN116707902A (en) | 2023-06-07 | 2023-06-07 | LoRaWAN network attack detection method based on decision tree |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310668900.2A CN116707902A (en) | 2023-06-07 | 2023-06-07 | LoRaWAN network attack detection method based on decision tree |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116707902A true CN116707902A (en) | 2023-09-05 |
Family
ID=87832111
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310668900.2A Pending CN116707902A (en) | 2023-06-07 | 2023-06-07 | LoRaWAN network attack detection method based on decision tree |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116707902A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117527369A (en) * | 2023-11-13 | 2024-02-06 | 无锡商业职业技术学院 | Hash function-based android malicious attack monitoring method and system |
-
2023
- 2023-06-07 CN CN202310668900.2A patent/CN116707902A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117527369A (en) * | 2023-11-13 | 2024-02-06 | 无锡商业职业技术学院 | Hash function-based android malicious attack monitoring method and system |
| CN117527369B (en) * | 2023-11-13 | 2024-06-04 | 无锡商业职业技术学院 | Hash function-based android malicious attack monitoring method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111541661A (en) | Power information network attack scene reconstruction method and system based on causal knowledge | |
| CN109104438B (en) | Botnet early warning method and device in narrow-band Internet of things and readable storage medium | |
| KR20080066653A (en) | Method and apparatus for whole-network anomaly diagnosis and methods to detect and classify network anomalies using traffic feature distributions | |
| CN116707902A (en) | LoRaWAN network attack detection method based on decision tree | |
| CN114143037B (en) | Malicious encrypted channel detection method based on process behavior analysis | |
| CN109688028A (en) | A kind of method for monitoring and analyzing and system based on network big data | |
| CN111866882B (en) | Mobile application traffic generation method based on generation countermeasure network | |
| CN113645182A (en) | Random forest detection method for denial of service attack based on secondary feature screening | |
| US7720013B1 (en) | Method and system for classifying digital traffic | |
| Ridoux et al. | Seeing the difference in IP traffic: Wireless versus wireline | |
| CN107483413A (en) | Two-way intruding detection system and method based on cloud computing, cognitive radio networks | |
| Cukier et al. | A statistical analysis of attack data to separate attacks | |
| CN117336033A (en) | Traffic interception method and device, storage medium and electronic equipment | |
| Guo et al. | Forensic analysis of DoS attack traffic in MANET | |
| CN114449444B (en) | Cross-intelligent portable equipment association method based on WiFi-BLE signal passive sniffing | |
| CN114205821B (en) | Wireless radio frequency anomaly detection method based on depth prediction coding neural network | |
| Ratnayake et al. | An intelligent approach to detect probe request attacks in IEEE 802.11 networks | |
| CN114554490A (en) | Abnormal AP detection method and system based on time sequence model | |
| CN114205855A (en) | Feeder automation service network anomaly detection method facing 5G slices | |
| Lingkang et al. | Detection of abnormal data flow at network boundary of renewable energy power system | |
| Hai et al. | A signal marker method based on double threshold energy detection | |
| CN113347634B (en) | 4G and 5G air interface attack detection method based on signal and signaling fingerprint | |
| CN115941555B (en) | APP personal information collection behavior detection method and system based on flow fingerprint | |
| CN103916858B (en) | A kind of mobile terminal health degree decision method and device | |
| CN116736781B (en) | Safety state monitoring method and device for industrial automation control equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |