CN116781347A - Industrial Internet of things intrusion detection method and device based on deep learning - Google Patents
Industrial Internet of things intrusion detection method and device based on deep learning Download PDFInfo
- Publication number
- CN116781347A CN116781347A CN202310735877.4A CN202310735877A CN116781347A CN 116781347 A CN116781347 A CN 116781347A CN 202310735877 A CN202310735877 A CN 202310735877A CN 116781347 A CN116781347 A CN 116781347A
- Authority
- CN
- China
- Prior art keywords
- network
- data
- deep learning
- industrial internet
- model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 34
- 238000013135 deep learning Methods 0.000 title claims abstract description 23
- 238000012545 processing Methods 0.000 claims abstract description 22
- 238000012549 training Methods 0.000 claims abstract description 22
- 238000013136 deep learning model Methods 0.000 claims abstract description 20
- 238000000034 method Methods 0.000 claims abstract description 20
- 238000007781 pre-processing Methods 0.000 claims abstract description 8
- 238000000605 extraction Methods 0.000 claims abstract description 7
- 230000006399 behavior Effects 0.000 claims description 17
- 238000012544 monitoring process Methods 0.000 claims description 13
- 238000004458 analytical method Methods 0.000 claims description 11
- 230000004044 response Effects 0.000 claims description 11
- 230000002159 abnormal effect Effects 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 8
- 230000006870 function Effects 0.000 claims description 6
- 238000010606 normalization Methods 0.000 claims description 4
- 230000009471 action Effects 0.000 claims description 3
- 230000004913 activation Effects 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 claims description 3
- 238000006243 chemical reaction Methods 0.000 claims description 2
- 206010000117 Abnormal behaviour Diseases 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 6
- 230000008901 benefit Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
- G06N3/0455—Auto-encoder networks; Encoder-decoder networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
- G06N3/09—Supervised learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Life Sciences & Earth Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses an industrial Internet of things intrusion detection method and device based on deep learning. The method comprises the following steps: preprocessing network traffic data to reduce data dimension for convenient processing; constructing a deep learning model based on a depth self-encoder and a depth feedforward network; network training, flow characteristic extraction and classification; saving the learned weights to a model for a classifier; and detecting abnormal behaviors in the network traffic by using the trained model. The problem that network attacks are difficult to ascertain in the traditional mode in the environment of the industrial Internet of things is solved, and key infrastructure is protected from network malicious attacks.
Description
Technical Field
The application relates to the technical field of Internet of things, in particular to an industrial Internet of things intrusion detection method and device based on deep learning.
Background field
In recent years, a great number of sensing, computing, communication, networking and storage technologies composed of industrial internet of things have become an important part of numerous industries. The industrial Internet of things has the advantages that in the aspect of improving the operation efficiency, the productivity, expandability and cost benefit of most enterprises are obviously improved, and the industrial Internet of things has strong development potential in the whole manufacturing industry and industrial flow. While industrial internet of things has contributed to a wider innovation, it is also threatened by the network. These threats include attacks on Industrial Control Systems (ICS), such as Distributed Control Systems (DCS), programmable Logic Controllers (PLCs), supervisory control and data acquisition (SCADA) systems, and the like. Protecting industrial internet of things and industrial data security is an important issue of current concern.
Disclosure of Invention
In view of the above, the present application provides an industrial internet of things intrusion detection method based on deep learning to solve the problem of network attack detection in the environment of the industrial internet of things, the method includes:
preprocessing network traffic data, reducing data dimension and facilitating processing;
constructing a deep learning model based on a depth self-encoder and a depth feedforward network;
network training, flow characteristic extraction and classification;
saving the learned weights to a model for a classifier;
further, the preprocessing of the network traffic data and the reduction of the data dimension facilitate the processing, including:
feature conversion, converting non-numerical data in network data into numerical representation;
feature normalization, processing each feature value through a Z-Score function, wherein the feature normalization is specifically shown as follows:
where μ is n given eigenvalues v i Sigma is the standard deviation.
Further, the constructing a deep learning model based on a depth self-encoder and a depth feed-forward network, comprising:
constructing a depth self-encoder to learn normal network traffic data;
and constructing a depth feed-forward network, and continuing to perform supervised learning by using the weights learned by the depth self-encoder.
Further, the training through the network, extracting and classifying the flow characteristics comprise:
inputting unlabeled normal network traffic data into a depth self-encoder for unsupervised training, wherein the encoding process f is Wherein σ is a Sigmod activation function; its decoding process g is->
The model obtained by training the depth self-encoder is imported into a depth feed-forward network and supervised training is carried out by using tagged network traffic data containing malicious behaviors.
Further, the saving the learned weights to the model for the classifier includes:
establishing a model storage mechanism;
and storing the learned weight result into a model file.
The application also provides an industrial Internet of things intrusion detection device based on deep learning, which comprises:
the sniffing monitoring module monitors the network flow of the IOT equipment in the industrial Internet of things;
the analysis module comprises a data processing unit for processing the data stream and a detection unit for detecting abnormal network behaviors by the deep learning model;
the response module is used for sending an alarm to a system administrator and storing attack information into the database;
further, the sniffing monitoring module comprises:
the sniffing unit monitors and collects traffic exchanged with an external network in the gateway to obtain transmitted and received data packets;
the storage unit receives the data obtained by the sniffing unit and stores the data in a file and then transmits the data to the original flow database.
Further, the analysis module includes:
the data processing unit analyzes and collects network traffic according to the relevant attributes (such as source IP address and target IP address, port number, protocol type and the like) of the data packet, converts the data into a uniform format and writes the uniform format into a user behavior database;
and a detection unit that uses a result obtained from the deep learning model as a detection model. The model uses data in the user behavior database to detect known and unknown attacks, and any input data is classified as an attack if it does not match normal network behavior.
Further, the response module includes:
a warning unit that alerts a system administrator to take appropriate action when any abnormal activity is detected in the network;
the characteristics of the new attack type are stored in a log database.
The embodiment of the application provides an industrial Internet of things intrusion detection method based on deep learning, which comprises the following steps: preprocessing network traffic data to reduce data dimension for convenient processing; constructing a deep learning model based on a depth self-encoder and a depth feedforward network; network training, flow characteristic extraction and classification; saving the learned weights to a model for a classifier; and detecting abnormal behaviors in the network traffic by using the trained model. Meanwhile, the embodiment of the application provides an industrial Internet of things intrusion detection device based on deep learning, which comprises the steps of establishing a sniffing monitoring module for monitoring network traffic of IOT equipment in the industrial Internet of things; the method comprises the steps of establishing an analysis module, wherein the analysis module comprises a data processing unit for processing data flow and a detection unit for detecting abnormal network behaviors by a deep learning model; the response module is established and used for sending an alarm to a system administrator and storing attack information into the database; the deep learning model can finally realize accurate identification of network abnormal behaviors by using marked network traffic data, and further prompts a system administrator to take appropriate measures through a response module, so that the problem that network attacks are difficult to be ascertained in a traditional mode in an industrial Internet of things environment is solved, and key infrastructure is protected.
Drawings
FIG. 1 is a flow chart of a method provided by an embodiment of the present application;
FIG. 2 is a flow chart of anomaly-based intrusion detection system deep learning in an embodiment of the present application;
FIG. 3 is a block diagram of an anomaly-based intrusion detection system deep learning model in an embodiment of the application;
FIG. 4 is a flow chart of an apparatus provided by an embodiment of the present application;
FIG. 5 is a block diagram of an apparatus provided by an embodiment of the present application;
FIG. 6 is a block diagram of the sniffing monitoring module;
FIG. 7 is a block diagram of the analysis module;
FIG. 8 is a block diagram of the response module;
Detailed Description
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The method embodiments provided by the embodiments of the present application may be implemented in embedded hardware, a computer terminal, or similar computing devices.
Fig. 1 is a flowchart of an industrial internet of things intrusion detection method based on deep learning according to an embodiment of the application. As shown in fig. 1, the method for detecting the intrusion of the industrial internet of things based on deep learning comprises the following steps:
in step S101, preprocessing of network traffic data and reducing data dimension are convenient for processing.
The application uses the UNSW-NB15 data set to train the network deep learning model, wherein the UNSW-NB15 is a data set which is manufactured by New Navigator university and aims at the network security field; the data set contains nine different attacks, including DoS, worms, backgates, etc. of 100GB total of original network data packets. The number of records of the training set is 175,341, and the number of records of the test set is 82,332.
Step S102, as shown in fig. 2, constructs a deep learning model based on the depth self-encoder and the depth feedforward network, as an alternative embodiment, as shown in fig. 3, including constructing the depth self-encoder to learn normal network traffic data and constructing the depth feedforward network, and continuing supervised learning using weights learned by the depth self-encoder.
It should be noted that the training set is set in the data set. The depth self-encoder only learns the normal data A with labels, the depth feedforward network learning comprises normal and attack data B, and the depth self-encoder has the following functions of
Step S103, network training, flow characteristic extraction and classification.
Here, the network training includes unsupervised training and supervised training. The normal network traffic data without labels is input into a depth self-encoder for unsupervised training, and the encoding process f is as follows:
wherein σ is a Sigmod activation function;
the decoding process g is as follows:
and the model obtained by training the depth self-encoder is imported into a depth feedforward network, and the network traffic data with labels and containing malicious behaviors is used for supervised training.
Step S104, the learned weight is saved in the model for the classifier.
It should be noted that, the model storage mechanism is first established, and optionally, in this embodiment, the storage medium storing the model file may include, but is not limited to: various media capable of storing data, such as a ROM (Read-Only Memory), a random access Memory (RAM, random Access Memory), a Flash Memory (Flash Memory), a magnetic disk, or an optical disk. The learned weight results are then stored to a model file.
The embodiment of the application provides an industrial Internet of things intrusion detection method based on deep learning, which comprises the following steps: preprocessing network traffic data to reduce data dimension for convenient processing; constructing a deep learning model based on a depth self-encoder and a depth feedforward network; network training, flow characteristic extraction and classification; saving the learned weights to a model for a classifier; and detecting abnormal behaviors in the network traffic by using the trained model. The problem that network attacks are difficult to ascertain in the traditional mode in the environment of the industrial Internet of things is solved, and key infrastructure is protected from network malicious attacks.
It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present application is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required for the present application.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present application.
Example 2
Fig. 4 is a flowchart of an apparatus provided by an embodiment of the present application, and fig. 5 is a block diagram of an industrial internet of things intrusion detection apparatus based on deep learning according to an embodiment of the present application. As shown in fig. 5, the apparatus includes:
the sniffing monitoring module 501 is used for monitoring the network traffic of the IOT device in the industrial internet of things;
an analysis module 502 for processing the data stream and the deep learning model to detect abnormal network behavior;
a response module 503, configured to alert a system administrator and store attack information in the database;
as an alternative embodiment, as shown in fig. 6, the sniffing monitoring module 501 includes:
a sniffing unit 5011 for monitoring and collecting traffic exchanged with an external network in a gateway to obtain transmitted and received data packets;
and the storage unit 5012 is used for receiving the data obtained by the sniffing unit and storing the data in a file and then transmitting the file to the original flow database.
As an alternative embodiment, as shown in fig. 7, the analysis module 502 includes:
the data processing unit 5021 analyzes and collects network traffic according to the relevant attributes (such as source IP address and destination IP address, port number, protocol type, etc.) of the data packet, converts the data into a unified format and writes the data into the user behavior database;
the detection unit 5022 is configured to use a result obtained from the deep learning model as a detection model. The model uses data in the user behavior database to detect known and unknown attacks, and any input data is classified as an attack if it does not match normal network behavior.
As an alternative embodiment, as shown in fig. 8, the response module 503 includes:
a warning unit 5031 alerts the system administrator to take appropriate action when any abnormal activity is detected in the network and stores the characteristics of the new attack type in a log database.
The embodiment of the application provides an industrial Internet of things intrusion detection device based on deep learning, which comprises the steps of establishing a sniffing monitoring module for monitoring network flow of IOT equipment in the industrial Internet of things; the method comprises the steps of establishing an analysis module, wherein the analysis module comprises a data processing unit for processing data flow and a detection unit for detecting abnormal network behaviors by a deep learning model; the response module is established and used for sending an alarm to a system administrator and storing attack information into the database; the deep learning model can finally realize accurate identification of network abnormal behaviors by using marked network traffic data, and further prompts a system administrator to take appropriate measures through a response module, so that the problem that network attacks are difficult to be ascertained in a traditional mode in an industrial Internet of things environment is solved, and key infrastructure is protected.
It should be noted that: the foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program for instructing relevant hardware, where the program may be stored in a computer readable storage medium, and the storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The foregoing description of the preferred embodiments of the application is not intended to limit the application to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and scope of the application are intended to be included within the scope of the application.
Claims (9)
1. An industrial internet of things intrusion detection method based on deep learning is characterized by comprising the following steps:
preprocessing network traffic data, reducing data dimension and facilitating processing;
constructing a deep learning model based on a depth self-encoder and a depth feedforward network;
network training, flow characteristic extraction and classification;
the learned weights are saved to the model for use in the classifier.
2. The deep learning based industrial internet of things intrusion detection method of claim 1, wherein the preprocessing of network traffic data and reducing data dimension and form facilitates processing, comprising:
feature conversion, converting non-numerical data in network data into numerical representation;
feature normalization, processing each feature value through a Z-Score function, wherein the feature normalization is specifically shown as follows:
where μ is n given eigenvalues v i Sigma is the standard deviation.
3. The deep learning based industrial internet of things intrusion detection method of claim 1, wherein the constructing a deep learning model based on a depth self-encoder and a depth feed forward network comprises:
constructing a depth self-encoder to learn normal network traffic data;
and constructing a depth feed-forward network, and continuing to perform supervised learning by using the weights learned by the depth self-encoder.
4. The deep learning based industrial internet of things intrusion detection method of claim 1, wherein the network training, traffic feature extraction and classification comprises:
inputting unlabeled normal network traffic data into a depth self-encoder for unsupervised training, wherein the encoding process f is Wherein σ is a Sigmod activation function; its decoding process g is->
The model obtained by training the depth self-encoder is imported into a depth feed-forward network and supervised training is carried out by using tagged network traffic data containing malicious behaviors.
5. The deep learning based industrial internet of things intrusion detection method of claim 1, wherein the saving the learned weights into a model for a classifier comprises:
establishing a model storage mechanism;
and storing the learned result to a model file.
6. Industrial Internet of things intrusion detection device based on deep learning, which is characterized by comprising:
the sniffing monitoring module monitors the network flow of the IOT equipment in the industrial Internet of things;
the analysis module comprises a data processing unit for processing the data stream and a detection unit for detecting abnormal network behaviors by the deep learning model;
the response module is used for sending an alarm to a system administrator and storing attack information into the database.
7. The deep learning based industrial internet of things intrusion detection device of claim 6, wherein the sniffing monitoring module comprises:
the sniffing unit monitors and collects traffic exchanged with an external network in the gateway to obtain transmitted and received data packets;
the storage unit receives the data obtained by the sniffing unit and stores the data in a file and then transmits the data to the original flow database.
8. The deep learning based industrial internet of things intrusion detection device of claim 6, wherein the analysis module comprises:
the data processing unit analyzes and collects network traffic according to the relevant attributes (such as source IP address and target IP address, port number, protocol type and the like) of the data packet, converts the data into a uniform format and writes the uniform format into a user behavior database;
and a detection unit that uses a result obtained from the deep learning model as a detection model. The model uses data in the user behavior database to detect known and unknown attacks, and any input data is classified as an attack if it does not match normal network behavior.
9. The deep learning based industrial internet of things intrusion detection device of claim 6, wherein the response module for alerting a system administrator and storing attack information to a database comprises:
a warning unit that alerts a system administrator to take appropriate action when any abnormal activity is detected in the network;
the characteristics of the new attack type are stored in a log database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310735877.4A CN116781347A (en) | 2023-06-20 | 2023-06-20 | Industrial Internet of things intrusion detection method and device based on deep learning |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310735877.4A CN116781347A (en) | 2023-06-20 | 2023-06-20 | Industrial Internet of things intrusion detection method and device based on deep learning |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116781347A true CN116781347A (en) | 2023-09-19 |
Family
ID=88005908
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310735877.4A Pending CN116781347A (en) | 2023-06-20 | 2023-06-20 | Industrial Internet of things intrusion detection method and device based on deep learning |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116781347A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117376022A (en) * | 2023-11-23 | 2024-01-09 | 江苏瀚天智能科技股份有限公司 | Anomaly detection system for detecting unknown network attack based on deep learning |
| CN117540372A (en) * | 2023-11-22 | 2024-02-09 | 西藏朗杰信息科技有限公司 | Database intrusion detection and response system for intelligent learning |
-
2023
- 2023-06-20 CN CN202310735877.4A patent/CN116781347A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117540372A (en) * | 2023-11-22 | 2024-02-09 | 西藏朗杰信息科技有限公司 | Database intrusion detection and response system for intelligent learning |
| CN117540372B (en) * | 2023-11-22 | 2024-05-14 | 西藏朗杰信息科技有限公司 | Database intrusion detection and response system for intelligent learning |
| CN117376022A (en) * | 2023-11-23 | 2024-01-09 | 江苏瀚天智能科技股份有限公司 | Anomaly detection system for detecting unknown network attack based on deep learning |
| CN117376022B (en) * | 2023-11-23 | 2024-05-28 | 江苏瀚天智能科技股份有限公司 | Anomaly detection system for detecting unknown network attack based on deep learning |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111262722B (en) | Safety monitoring method for industrial control system network | |
| US20230224316A1 (en) | User behavior analytics for insider threat detection | |
| CN116781347A (en) | Industrial Internet of things intrusion detection method and device based on deep learning | |
| CN106888205B (en) | Non-invasive PLC anomaly detection method based on power consumption analysis | |
| US20210319113A1 (en) | Method for generating malicious samples against industrial control system based on adversarial learning | |
| US10187401B2 (en) | Hierarchical feature extraction for malware classification in network traffic | |
| CN115996146B (en) | Numerical control system security situation sensing and analyzing system, method, equipment and terminal | |
| CN103748853A (en) | Method and system for classifying a protocol message in a data communication network | |
| CN106953766B (en) | Alarm method and device | |
| EP3343421A1 (en) | System to detect machine-initiated events in time series data | |
| Mubarak et al. | Anomaly Detection in ICS Datasets with Machine Learning Algorithms. | |
| CN113824682A (en) | Modular SCADA security situation perception system architecture | |
| Waskita et al. | A simple statistical analysis approach for intrusion detection system | |
| WO2022115419A1 (en) | Method of detecting an anomaly in a system | |
| CN115396324A (en) | Network security situation perception early warning processing system | |
| CN115396204A (en) | Industrial control network flow abnormity detection method and device based on sequence prediction | |
| CN113992419B (en) | System and method for detecting and processing abnormal behaviors of user | |
| CN111464510A (en) | Network real-time intrusion detection method based on rapid gradient lifting tree model | |
| CN117579400B (en) | Industrial control system network safety monitoring method and system based on neural network | |
| Jeevaraj | Feature selection model using naive bayes ML algorithm for WSN intrusion detection system | |
| CN116776331A (en) | Internal threat detection method and device based on user behavior modeling | |
| Onoda | Probabilistic models-based intrusion detection using sequence characteristics in control system communication | |
| Protic et al. | WK-FNN design for detection of anomalies in the computer network traffic | |
| CN112329017A (en) | Information security detection method, detection system, storage medium and terminal | |
| CN113032774A (en) | Training method, device and equipment of anomaly detection model and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |