CN106789904A - Internet of things intrusion detection method and device - Google Patents

Internet of things intrusion detection method and device Download PDF

Info

Publication number
CN106789904A
CN106789904A CN201611042617.5A CN201611042617A CN106789904A CN 106789904 A CN106789904 A CN 106789904A CN 201611042617 A CN201611042617 A CN 201611042617A CN 106789904 A CN106789904 A CN 106789904A
Authority
CN
China
Prior art keywords
data
environmental data
current time
undulate quantity
moment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611042617.5A
Other languages
Chinese (zh)
Other versions
CN106789904B (en
Inventor
李祺
黄炎裔
郭燕慧
孙博文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN201611042617.5A priority Critical patent/CN106789904B/en
Publication of CN106789904A publication Critical patent/CN106789904A/en
Application granted granted Critical
Publication of CN106789904B publication Critical patent/CN106789904B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Alarm Systems (AREA)
  • Burglar Alarm Systems (AREA)

Abstract

The invention provides a kind of Internet of Things intrusion detection method and device, it is related to the technical field of Internet of Things safety, wherein methods described includes obtaining the environmental data for changing over time, and the environmental data includes one or more data in intensity of illumination, temperature, humidity, pressure, gravity, vibration frequency, position, speed, acceleration and volume;Environmental data according to current time calculates the undulate quantity of the environmental data relative to the environmental data of adjacent moment at current time with the environmental data of adjacent moment;The corresponding IDS Framework of the data on flows at current time is determined according to the undulate quantity, the data on flows at current time is performed intrusion detection by the IDS Framework, wherein, the data on flows at current time is corresponding with the environmental data at current time.Internet of Things intrusion detection method and device that the present invention is provided, can solve that using existing Internet of Things intrusion detection method intrusion behavior, the insecure technical problem of result of detection can not be accurately detected.

Description

Internet of Things intrusion detection method and device
Technical field
The present invention relates to Internet of Things security fields, more particularly, to a kind of Internet of Things intrusion detection method and device.
Background technology
Internet of Things (Internet of Things) is, to be perceived as the integrated information system that the thing of core is interconnected with thing, to lead to The cognition technologies that communicate such as Intellisense, identification technology and general fit calculation are crossed, is widely used in the fusion of network, be referred to as after meter The third wave of world information industry development after calculation machine, internet.Security requirement of the Internet of Things to data is very high, especially It is in sensing layer.The characteristics of due to thing network sensing layer node itself, perceive node layer and be easy to be attacked by intrusion behavior, If network is invaded, there is illegal or bad data to flow into Internet of Things by sensing layer equipment, then can not only destroy Internet of Things The security of the perception data of net, and the safety of the information transfer being attached thereto or even information processing layer data can be jeopardized Property, bring unforeseen infringement to whole Internet of Things.
Intrusion detection refers to be carried out by some key point collection information in computer network or computer system and to it Whether analysis, therefrom finds there is the sign violated the behavior of security strategy and attacked in network or system, is Logistics networks peace Full basis, is also effective supplement of fire wall.
The intrusion detection for being currently based on thing network sensing layer is in a stage for opposing primary, conventional detection method bag Include feature detection and abnormality detection.Wherein, feature detection is that deterministic description is made to the feature of intrusion behavior, forms corresponding Rule and be aggregated into a feature database, then the data message of collection and feature database are compared, it is true if matching The behavior is recognized for intrusion behavior, confirms that the behavior is normal behaviour if mismatching.Abnormality detection is the spy to normal behaviour Levy and make deterministic description, forming corresponding rule simultaneously carries out collecting formation rule storehouse, the data message that then will be gathered with Rule base is compared, and confirms that this behavior is normal behaviour if matching, and confirms that this behavior is invasion if mismatching Behavior.
In the prior art, new intrusion behavior is capable of detecting when using abnormality detection, but with rate of false alarm higher, can be led Cause follow-up work difficulty to increase, and influence is produced on the normal function of system.It can be seen that using existing Internet of Things intrusion detection Method can not be accurately detected intrusion behavior, and the result of detection is unreliable.
The content of the invention
In view of this, it is an object of the invention to provide a kind of Internet of Things intrusion detection method and device, to solve to use Existing Internet of Things intrusion detection method can not be accurately detected intrusion behavior, the insecure technical problem of result of detection.
In a first aspect, the embodiment of the invention provides a kind of Internet of Things intrusion detection method, methods described includes:Obtain with The environmental data of time change, the environmental data includes intensity of illumination, temperature, humidity, pressure, gravity, vibration frequency, position Put, one or more data in speed, acceleration and volume;The environmental data and adjacent moment according to current time The environmental data calculates the undulate quantity of the environmental data relative to the environmental data of adjacent moment at current time;Root The corresponding IDS Framework of the data on flows at current time is determined according to the undulate quantity, by the IDS Framework to working as The data on flows at preceding moment is performed intrusion detection, wherein, the data on flows at current time is described with current time Environmental data is corresponding.
With reference in a first aspect, the embodiment of the invention provides the first possible implementation method of first aspect, wherein, lead to Cross the institute that below equation calculates current time according to the environmental data at current time with the environmental data of adjacent moment State undulate quantity of the environmental data relative to the environmental data of adjacent moment:
Wherein, StThe undulate quantity of the environmental data of t is represented, υ (t, i) is represented The numerical value of any one of described environmental data of t data i, Δ υ (t, i) represents the data i and adjacent moment of t The data i difference, n represents the quantity of the data that the environmental data is included.
With reference in a first aspect, the embodiment of the invention provides second possible implementation method of first aspect, wherein, institute State and the corresponding IDS Framework of the data on flows at current time is determined according to the undulate quantity, including:According to what is pre-build Undulate quantity division rule is classified to the undulate quantity, and the order of the classification of the undulate quantity according to rank from low to high includes Fuctuation within a narrow range, normal fluctuation and fluctuation;Determine the sorted undulate quantity according to default class models corresponding relation Corresponding IDS Framework, will determine the IDS Framework as the data on flows at current time it is corresponding enter Invade detection model.
With reference to second possible implementation method of first aspect, the third of first aspect is the embodiment of the invention provides Possible implementation method, wherein, the undulate quantity division rule is set up in the following manner:Obtain the environment of preset duration Data, calculate the undulate quantity of the environmental data at each moment in the preset duration;Each moment is described described in statistics The undulate quantity of environmental data, obtains statistics;The statistics is divided using the ratio data of normal distribution, really The fixed undulate quantity division rule.
With reference to second possible implementation method of first aspect, the 4th kind of first aspect is the embodiment of the invention provides Possible implementation method, wherein, classification is carried out to the undulate quantity according to the undulate quantity division rule for pre-building described Afterwards, methods described also includes:Analyze the change between the environmental data and the environmental data at front and rear moment at current time Change trend;When the variation tendency between the environmental data at current time and the environmental data at front and rear moment is consistent, and Difference between the undulate quantity of the undulate quantity of the environmental data at current time and the environmental data of adjacent moment exceedes During predetermined threshold value, the classification of the undulate quantity of the environmental data at current time is lifted into one-level.
Second aspect, the embodiment of the present invention also provides a kind of Internet of Things invasion detecting device, and described device includes:Data are obtained Modulus block, for obtaining the environmental data that changes over time, the environmental data include intensity of illumination, temperature, humidity, pressure, One or more data in gravity, vibration frequency, position, speed, acceleration and volume;Data computation module, for basis It is relative that the environmental data at current time calculates the environmental data at current time with the environmental data of adjacent moment In the undulate quantity of the environmental data of adjacent moment;Classification and Detection module, for determining current time according to the undulate quantity The corresponding IDS Framework of data on flows, the data on flows at current time is carried out by the IDS Framework Intrusion detection, wherein, the data on flows at current time is corresponding with the environmental data at current time.
With reference to second aspect, the first possible implementation method of second aspect is the embodiment of the invention provides, wherein, institute State data computation module specifically for:By below equation according to the environmental data and adjacent moment at current time Environmental data calculates the undulate quantity of the environmental data relative to the environmental data of adjacent moment at current time:
Wherein, StThe undulate quantity of the environmental data of t is represented, υ (t, i) is represented The numerical value of any one of described environmental data of t data i, Δ υ (t, i) represents the data i and adjacent moment of t The data i difference, n represents the quantity of the data that the environmental data is included.
With reference to second aspect, second possible implementation method of second aspect is the embodiment of the invention provides, wherein, institute Stating classification and Detection module includes:Taxon, for being carried out to the undulate quantity according to the undulate quantity division rule for pre-building Classification, the order of the classification of the undulate quantity according to rank from low to high includes fuctuation within a narrow range, normal fluctuation and fluctuation;Really Order unit, for determining the corresponding intrusion detection mould of the sorted undulate quantity according to default class models corresponding relation Type, the data on flows corresponding IDS Framework of the IDS Framework that will be determined as current time.
With reference to second possible implementation method of second aspect, the third of second aspect is the embodiment of the invention provides Possible implementation method, wherein, described device also includes:Rule sets up module, for setting up the undulate quantity division rule, tool Body includes:Data capture unit, the environmental data for obtaining preset duration calculates each moment in the preset duration The environmental data undulate quantity;Statistic unit, the undulate quantity of the environmental data for counting each moment, obtains To statistics;Rule determination unit, divides for the ratio data using normal distribution to the statistics, it is determined that The undulate quantity division rule.
With reference to second possible implementation method of second aspect, the 4th kind of second aspect is the embodiment of the invention provides Possible implementation method, wherein, the classification and Detection module also includes:Data analysis unit, for described according to building in advance After vertical undulate quantity division rule is classified to the undulate quantity, analyze current time the environmental data with it is front and rear when Variation tendency between the environmental data carved;Classification lift unit, for when current time the environmental data with it is preceding Variation tendency rear between the environmental data at moment is consistent, and the undulate quantity of the environmental data at current time with it is adjacent When difference between the undulate quantity of the environmental data at moment exceedes predetermined threshold value, by the environmental data at current time The classification lifting one-level of undulate quantity.
The embodiment of the present invention brings following beneficial effect:In embodiments of the present invention, the environment for changing over time is obtained Data, the environmental data includes intensity of illumination, temperature, humidity, pressure, gravity, vibration frequency, position, speed, acceleration and sound One or more in amount, the environmental data according to current time calculates the environment at current time with the environmental data of adjacent moment Data determine that the data on flows at current time is corresponding according to the undulate quantity relative to the undulate quantity of the environmental data of adjacent moment IDS Framework, is performed intrusion detection by the IDS Framework to the data on flows at current time, wherein, current time Data on flows it is corresponding with the environmental data at current time.Compared with correlation technique, due to side provided in an embodiment of the present invention Method and device are not performed intrusion detection using the model of single fixation, but the environmental data to obtaining is analyzed calculating, The corresponding IDS Framework of data on flows is determined according to result of calculation, data on flows is entered using corresponding IDS Framework Row intrusion detection, therefore method and device in the embodiment of the present invention can flexibly determine invasion inspection according to the situation of environmental data Model is surveyed, intrusion behavior is detected by the method and device in the embodiment of the present invention, testing result is more accurate and can Lean on.
Other features and advantages of the present invention will be illustrated in the following description, also, the partly change from specification Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages are in specification, claims And specifically noted structure is realized and obtained in accompanying drawing.
To enable the above objects, features and advantages of the present invention to become apparent, preferred embodiment cited below particularly, and coordinate Appended accompanying drawing, is described in detail below.
Brief description of the drawings
In order to illustrate more clearly of the specific embodiment of the invention or technical scheme of the prior art, below will be to specific The accompanying drawing to be used needed for implementation method or description of the prior art is briefly described, it should be apparent that, in describing below Accompanying drawing is some embodiments of the present invention, for those of ordinary skill in the art, before creative work is not paid Put, other accompanying drawings can also be obtained according to these accompanying drawings.
The schematic flow sheet of the Internet of Things intrusion detection method that Fig. 1 is provided for first embodiment of the invention;
The stream of undulate quantity division rule is set up in the Internet of Things intrusion detection method that Fig. 2 is provided for first embodiment of the invention Journey schematic diagram;
The module composition schematic diagram of the Internet of Things invasion detecting device that Fig. 3 is provided for second embodiment of the invention;
Rule sets up the unit composition of module in the Internet of Things invasion detecting device that Fig. 4 is provided for second embodiment of the invention Schematic diagram.
Specific embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with accompanying drawing to the present invention Technical scheme be clearly and completely described, it is clear that described embodiment is a part of embodiment of the invention, rather than Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative work premise Lower obtained every other embodiment, belongs to the scope of protection of the invention.
Internet of Things include sensing layer, due to perceive node layer itself the characteristics of, perceive node layer be easy to be subject to invasion go For attack, the intrusion behavior for sensing layer can not be accurately detected using existing Internet of Things intrusion detection method, examine The result of survey is unreliable, and based on this, the embodiment of the present invention provides a kind of Internet of Things intrusion detection for the sensing layer of Internet of Things Method and device, is performed intrusion detection using IDS Framework corresponding with data on flows to data on flows, can be exactly Intrusion behavior is detected, the result of detection is relatively reliable.For ease of understanding the present embodiment, first to the embodiment of the present invention A kind of disclosed Internet of Things intrusion detection method describes in detail.
Embodiment one:
The schematic flow sheet of the Internet of Things intrusion detection method that Fig. 1 is provided for first embodiment of the invention, the method includes Following steps:
Step S110, the environmental data that acquisition is changed over time, environmental data includes intensity of illumination, temperature, humidity, pressure One or more data in power, gravity, vibration frequency, position, speed, acceleration and volume.
Thing network sensing layer is provided with environmental data collecting node, for gathering environmental data.Preferably, Internet of Things is perceived Layer is provided with multiple sensor collection plates, and sensor is provided with sensor collection plate, is carried out by main body of sensor collection plate Environmental data collecting, the acquisition time of record environmental data while environmental data is gathered, wherein environmental data includes:Light According to one or more in intensity, temperature, humidity, pressure, gravity, vibration frequency, position, speed, acceleration and volume.Example Such as:Intensity of illumination in environment, the vibration frequency of object, speed and acceleration etc. can be gathered by photoelectric sensor collection plate Environmental data, it is also possible to which object is gathered by collection plates such as vibrating sensor, velocity sensor and acceleration transducers respectively The environmental datas such as vibration frequency, speed and acceleration;Environment temperature and humidity can be gathered by Temperature Humidity Sensor collection plate Deng environmental data;The environmental datas such as pressure (such as air pressure), gravity can be gathered by pressure sensor collection plate;By GPS (Global Positioning System, global positioning system) sensor collection plate can gather the position data of object;It is logical Crossing sound transducer collection plate can gather volume data of sound etc..Additionally, all data that can quantify collection can be made It is environmental data herein, therefore the environmental data is not limited to the above-mentioned parameter enumerated.
While environmental data is gathered, data on flows corresponding with environmental data is gathered.Specifically, set in Internet of Things Multiple network routers are equipped with, the environmental data that sensor collection plate is collected is transmitted by each network router, this step In, Port Mirroring is carried out to each network router in Internet of Things, the data traffic of the whole network is mapped to designated port, collection is complete The data on flows of net, and the acquisition time of data on flows is recorded, it is right with data on flows to set up environmental data according to acquisition time Should be related to.In Internet of Things, control instruction is sent to sensor collection plate by router, start sensor collection environment number According to, the environmental data that sensor collection plate will be collected by router be transmitted back to come.In the present embodiment, transmitted via router Data can regard data on flows as, the data on flows at least include send to sensor control instruction and sensor gather The environmental data for arriving.
Step S120, the environmental data according to current time calculates the environment at current time with the environmental data of adjacent moment Undulate quantity of the data relative to the environmental data of adjacent moment.
The environmental data at each moment and the environmental data of its adjacent moment, this step can be obtained by step S110 In, for the environmental data at current time, calculate the ripple of the environmental data relative to the environmental data of adjacent moment at current time Momentum, the undulate quantity can be calculated by below equation:
Wherein, StThe undulate quantity of the environmental data of t is represented, when υ (t, i) represents t The numerical value of any one of the environmental data at quarter data i, Δ υ (t, i) represents the difference of the data i of t and the data i of adjacent moment Value, n represents the quantity of the data that environmental data is included.
Specifically, when Δ υ (t, i) can be the difference, or t of data i and the data i of previous moment of t The difference of the data i at quarter and the data i of later moment in time, i.e. Δ υ (t, i)=υ (t, i)-υ (t-1, i) or Δ υ (t, i)=υ (t + 1, i)-υ (t, i), wherein υ (t-1, i) represents the numerical value of data i in the environmental data at t-1 moment (previous moment of t), (t+1 i) represents the numerical value of data i in the environmental data at t+1 moment (later moment in time of t) to υ.The environment number of such as collection Be 1 by temperature marker according to including temperature, three data of gravity and speed, gravity is labeled as 2, and speed is labeled as 3, then υ (t-1, 1), υ (t, 1), υ (t+1,1) are followed successively by the temperature value at t-1, t, t+1 moment, and υ (t-1,2), υ (t, 2), υ (t+1,2) are followed successively by The gravity size at t-1, t, t+1 moment, υ (t-1,3), υ (t, 3), that υ (t+1,3) is followed successively by the speed at t-1, t, t+1 moment is big It is small.With Δ υ (t, i)=υ, (t+1, i) as a example by-υ (t, i), the undulate quantity of environmental data this moment is:
Step S130, the corresponding IDS Framework of the data on flows at current time is determined according to above-mentioned undulate quantity, is passed through The IDS Framework is performed intrusion detection to the data on flows at current time, wherein, the data on flows at current time with it is current The environmental data at moment is corresponding.
By after the undulate quantity that step S120 is calculated environmental data, the flow at current time being determined according to this undulate quantity The corresponding IDS Framework of data.In the present embodiment, the stream at current time is determined by following two step S131 and S132 The corresponding IDS Framework of amount data:
Step S131, classifies according to the undulate quantity division rule for pre-building to undulate quantity, and the classification of undulate quantity is pressed Include fuctuation within a narrow range, normal fluctuation and fluctuation according to rank order from low to high.
Step S132, the corresponding intrusion detection mould of sorted undulate quantity is determined according to default class models corresponding relation Type, the IDS Framework that will be determined is used as the corresponding IDS Framework of the data on flows at current time.
Specifically, the undulate quantity division rule for pre-building is included in the present embodiment, according to be calculated it is current when The size of the undulate quantity at quarter, determines the classification of the undulate quantity at current time.The undulate quantity division rule for for example pre-building is:0 ≤St< 3 belongs to fuctuation within a narrow range, 3≤St< 8 belongs to normal fluctuation, St>=8 belong to fluctuation, if the undulate quantity at current time It is 4, it is determined that the classification of the undulate quantity at current time is normal fluctuation.
The stream of undulate quantity division rule is set up in the Internet of Things intrusion detection method that Fig. 2 is provided for first embodiment of the invention Journey schematic diagram, as shown in Fig. 2 the undulate quantity division rule in step S131 is set up by three below step:
Step S210, obtains the environmental data of preset duration, calculates the ripple of the environmental data at each moment in preset duration Momentum.
Set up undulate quantity division rule, it is necessary to first obtain preset duration environmental data, specific acquisition methods with step Rapid S110 is identical, repeats no more here.Wherein, this preset duration is not particularly limited, and preset duration is bigger, the undulate quantity of foundation Division rule is more perfect, and such as preset duration can be 30 days.After getting the environmental data of preset duration, preset duration is calculated The undulate quantity of the environmental data at interior each moment, specific computational methods are identical with step S120, repeat no more here.
Step S220, counts the undulate quantity of the environmental data at above-mentioned each moment, obtains statistics.
The undulate quantity of the environmental data at statistics above-mentioned each moment being calculated, and the undulate quantity is carried out from small to large Sequence, obtains statistics.
Step S230, is divided using the ratio data of normal distribution to above-mentioned statistics, determines that undulate quantity is divided Rule.
Specifically, can be determined in above-mentioned statistics according to Normal Distribution Theory, the quantity of fuctuation within a narrow range:(slightly The quantity of the quantity+normal fluctuation of fluctuation):(quantity of the quantity+fluctuation of the quantity+normal fluctuation of fuctuation within a narrow range)= 0.6827:0.9500:1.Above-mentioned statistics is divided using the ratio data of normal distribution, can first determine small amplitude wave Dynamic division border, then determine the division border of normal fluctuation, the division border of fluctuation is finally determined, so that it is determined that fluctuation Amount division rule, such as statistics are 0≤StRatio shared by the undulate quantity of < 3 is 0.6827,0≤StThe undulate quantity institute of < 8 The ratio for accounting for is 0.9500, then undulate quantity division rule is:0≤St< 3 belongs to fuctuation within a narrow range, 3≤St< 8 belongs to normal fluctuation, St>=8 belong to fluctuation;The division border of fluctuation can also first be determined, then determine the division border of normal fluctuation, most The division border of fuctuation within a narrow range is determined afterwards, so that it is determined that undulate quantity division rule, such as statistics are St>=8 undulate quantity institute The ratio for accounting for is 0.05.StRatio shared by >=3 undulate quantity is 0.3173, then undulate quantity division rule is similarly:0≤St< 3 Belong to fuctuation within a narrow range, 3≤St< 8 belongs to normal fluctuation, St>=8 belong to fluctuation;The division of fuctuation within a narrow range can also first be determined Border or the division border of fluctuation, finally determine the division border of normal fluctuation, no longer illustrate here.
It is provided in an embodiment of the present invention after classifying to undulate quantity according to the undulate quantity division rule for pre-building Internet of Things intrusion detection method also includes following two sub-steps:
S1311, analyzes the variation tendency between the environmental data and the environmental data at front and rear moment at current time.
Specifically, the environment number at the corresponding variation tendency of rate of change and the front and rear moment of the environmental data at analysis current time According to the corresponding variation tendency of rate of change whether all same.
Such as, the rate of change of t data i isWherein, υ (t, i) represents the environmental data of t The numerical value of middle data i, Δ υ (t, i) represents the difference of the data i of t and the data i of adjacent moment.Accordingly, the t-1 moment The rate of change of data i isThe rate of change of t+1 time datas i is If Vt-1、Vt、Vt+1It is positive and negative identical, then illustrate the corresponding variation tendency of rate of change of the environmental data of t and front and rear moment The corresponding variation tendency of rate of change of environmental data is identical, that is, the environmental data at the environmental data of t and front and rear moment it Between variation tendency it is consistent, otherwise the then corresponding variation tendency of rate of change of the environmental data of explanation t and the front and rear moment The corresponding variation tendency of the rate of change of environmental data is different, that is, the environmental data at the environmental data of t and front and rear moment it Between variation tendency it is inconsistent.
S1312, when the environmental data at current time is consistent with the variation tendency between the environmental data at front and rear moment, and works as When difference between the undulate quantity of the undulate quantity of the environmental data at preceding moment and the environmental data of adjacent moment exceedes predetermined threshold value, The classification of the undulate quantity of the environmental data at current time is lifted into one-level.
Specifically, the embodiment of the present invention includes predetermined threshold value, when the environment at environmental data and the front and rear moment at current time Variation tendency between data is consistent, and undulate quantity and the environmental data of adjacent moment of the environmental data at current time fluctuation When difference between amount exceedes the predetermined threshold value, the classification of the undulate quantity of the environmental data at current time is lifted into one-level, so that It is later determined that IDS Framework disclosure satisfy that actual demand.For example, predetermined threshold value be 1, if the environmental data of t with it is preceding Variation tendency afterwards between the environmental data at moment is consistent, and St-St-1﹥ 1 or St+1-St﹥ 1, then by the undulate quantity of t Classification lifts one-level, the undulate quantity of t such as is promoted into normal fluctuation by fuctuation within a narrow range, or be promoted to by normal fluctuation Fluctuation.
After the classification of undulate quantity is determined according to the above method, the classification further according to the undulate quantity determines corresponding intrusion detection Model.Also include default class models corresponding relation, the different invasion of different undulate quantity classification correspondences in the present embodiment Detection model.Preferably, default class models corresponding relation is:Fuctuation within a narrow range invasion of the correspondence based on Colored Petri Net is examined Model is surveyed, the time-based K-means IDS Frameworks of normal fluctuation correspondence, fluctuation correspondence is based on convolutional neural networks Internet Intrusion Detection Model.Such as, if the classification of the undulate quantity at current time is normal fluctuation, it is determined that the ripple at current time The time-based K-means IDS Frameworks of momentum correspondence.Further, will determine IDS Framework as it is current when The corresponding IDS Framework of data on flows at quarter, and the data on flows at current time is entered using the IDS Framework for determining Row intrusion detection, obtains testing result.
Specifically, for fuctuation within a narrow range, using the IDS Framework based on Colored Petri Net:This is a kind of based on shape The intrusion detection method of state, is one of intrusion detection method based on misuse, and each invasion tag expression is a pattern by it, Relation between event and their content is expressed by pattern, the intrusion detection analysis of small-scale static state Internet of Things is appropriate for. For normal fluctuation, using time-based K-means IDS Frameworks:K-means is classical clustering algorithm, and it is used Data are agglomerated into K class by simple iteration, and the algorithm has the remarkable advantages such as simple, understandable, good scalability, turns into Important algorithm in current intruding detection system in terms of clustering algorithm research;Time-based inference method using time rule come The feature of identifying user behavior normal mode;The intrusion detection method combined with time rule using K-means carries out abnormal pre- Survey, meet the demand of thing network sensing layer abnormality detection.For fluctuation, using the network intrusions based on convolutional neural networks Detection model:Because this partial discharge data is larger, change various, common analysis method may cause analysis unilateral, make Can make full use of historical sample with neural network algorithm, and combine a small amount of instant sample, using the method for machine learning come Dependence or the causality automatically analyzed, excavate between contextual information, reach the purpose of model online updating, meet Internet of Things The demand of sensing layer abnormality detection.
The embodiment of the present invention is performed intrusion detection from suitable IDS Framework to data on flows, thus the knot for detecting Fruit is more accurate, more reliable.
Understand that the Internet of Things intrusion detection method that the embodiment of the present invention is provided has following beneficial effect based on above-mentioned analysis Really:In embodiments of the present invention, the environmental data that changes over time is obtained, the environmental data includes intensity of illumination, temperature, wet One or more in degree, pressure, gravity, vibration frequency, position, speed, acceleration and volume, according to the environment at current time Data calculate the fluctuation of the environmental data relative to the environmental data of adjacent moment at current time with the environmental data of adjacent moment Amount, determines the corresponding IDS Framework of the data on flows at current time, by the IDS Framework pair according to the undulate quantity The data on flows at current time is performed intrusion detection, wherein, the data on flows at current time and the environmental data phase at current time Correspondence.Compared with correlation technique, because method provided in an embodiment of the present invention is not invaded using the model of single fixation Detection, but the environmental data to obtaining is analyzed calculating, and the corresponding intrusion detection of data on flows is determined according to result of calculation Model, is performed intrusion detection using corresponding IDS Framework to data on flows, therefore the method energy in the embodiment of the present invention It is enough that IDS Framework is flexibly determined according to the situation of environmental data, intrusion behavior is entered by the method in the embodiment of the present invention Row detection, testing result is more accurate and reliable.
In the embodiment of the present invention, the intrusion behavior detection scheme based on environmental context is proposed, it is abundant according to environmental change Using all types of perception informations, context-aware technology is applied to defining for thing network sensing layer intrusion behavior, with adaptation The characteristics of monitors environment dynamic change, improve the flexibility and reliability detected to intrusion behavior.Further, rely on Ripe IDS Framework, is that it sets the application scenarios for being adapted to thing network sensing layer, it is played maximum benefit.
Embodiment two:
Method in correspondence above-described embodiment one, the embodiment of the present invention additionally provides a kind of Internet of Things invasion detecting device, For performing the method in above-described embodiment one.The Internet of Things invasion detecting device that Fig. 3 is provided for second embodiment of the invention Module composition schematic diagram, as shown in figure 3, the Internet of Things invasion detecting device in the present embodiment includes:Data acquisition module 11, uses In the environmental data that acquisition is changed over time, the environmental data includes intensity of illumination, temperature, humidity, pressure, gravity, vibration frequency One or more data in rate, position, speed, acceleration and volume;Data computation module 12, for according to current time Environmental data calculates the environmental data at current time relative to the environmental data of adjacent moment with the environmental data of adjacent moment Undulate quantity;Classification and Detection module 13, the corresponding intrusion detection mould of data on flows for determining current time according to the undulate quantity Type, is performed intrusion detection by the IDS Framework to the data on flows at current time, wherein, the data on flows at current time Environmental data with current time is corresponding.
Further, data computation module 12 specifically for:By below equation according to the environmental data at current time with The environmental data of adjacent moment calculates the undulate quantity of the environmental data relative to the environmental data of adjacent moment at current time:
Wherein, StThe undulate quantity of the environmental data of t is represented, when υ (t, i) represents t The numerical value of any one of the environmental data at quarter data i, Δ υ (t, i) represents the difference of the data i of t and the data i of adjacent moment Value, n represents the quantity of the data that environmental data is included.
Specifically, classification and Detection module 13 includes:Taxon, for according to the undulate quantity division rule pair for pre-building Undulate quantity is classified, and the order of the classification of undulate quantity according to rank from low to high includes fuctuation within a narrow range, normal fluctuation and significantly Fluctuation;Determining unit, for determining the corresponding intrusion detection of sorted undulate quantity according to default class models corresponding relation Model, the IDS Framework that will be determined is used as the corresponding IDS Framework of the data on flows at current time.
Further, Internet of Things invasion detecting device provided in an embodiment of the present invention also includes:Rule sets up module, is used for The undulate quantity division rule set up in above-mentioned classification and Detection module 13.Fig. 4 enters for the Internet of Things that second embodiment of the invention is provided Invade the unit composition schematic diagram that rule in detection means sets up module.As shown in figure 4, the rule sets up module specifically including:Number According to acquiring unit 21, the environmental data for obtaining preset duration calculates the ripple of the environmental data at each moment in preset duration Momentum;Statistic unit 22, the undulate quantity of the environmental data for counting each moment, obtains statistics;Rule determination unit 23, the statistics is divided for the ratio data using normal distribution, determine undulate quantity division rule.
Further, classification and Detection module also includes:Data analysis unit, for being drawn according to the undulate quantity for pre-building After divider is then classified to undulate quantity, the change between the environmental data and the environmental data at front and rear moment at current time is analyzed Change trend;Classification lift unit, for becoming when the change between the environmental data and the environmental data at front and rear moment at current time Gesture is consistent, and difference between the undulate quantity of the environmental data of the undulate quantity and adjacent moment of the environmental data at current time exceedes During predetermined threshold value, the classification of the undulate quantity of the environmental data at current time is lifted into one-level.
Internet of Things invasion detecting device provided in an embodiment of the present invention, the Internet of Things intrusion detection provided with above-described embodiment Method has identical technical characteristic, so can also solve identical technical problem, reaches identical technique effect.
Understand that the Internet of Things invasion detecting device that the embodiment of the present invention is provided has following beneficial effect based on above-mentioned analysis Really:In embodiments of the present invention, data acquisition module 11 obtains the environmental data for changing over time, and the environmental data includes illumination One or more in intensity, temperature, humidity, pressure, gravity, vibration frequency, position, speed, acceleration and volume, data meter The environmental data that module 12 is calculated according to the environmental data calculating current time of the environmental data and adjacent moment at current time is relative In the undulate quantity of the environmental data of adjacent moment, classification and Detection module 13 determines the data on flows at current time according to the undulate quantity Corresponding IDS Framework, is performed intrusion detection by the IDS Framework to the data on flows at current time, wherein, when The data on flows at preceding moment is corresponding with the environmental data at current time.Compared with correlation technique, because the embodiment of the present invention is carried The device of confession is not performed intrusion detection using the model of single fixation, but the environmental data to obtaining is analyzed calculating, The corresponding IDS Framework of data on flows is determined according to result of calculation, data on flows is entered using corresponding IDS Framework Row intrusion detection, therefore device in the embodiment of the present invention can flexibly determine intrusion detection mould according to the situation of environmental data Type, is detected by the device in the embodiment of the present invention to intrusion behavior, and testing result is more accurate and reliable.
Internet of Things intrusion detection method and the computer program product of device that the embodiment of the present invention is provided, including storage The computer-readable recording medium of program code, the instruction that described program code includes can be used to perform previous methods embodiments Described in method, implement can be found in embodiment of the method, will not be repeated here.
It is apparent to those skilled in the art that, for convenience and simplicity of description, the system of foregoing description With the specific work process of device, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
In addition, in the description of the embodiment of the present invention, unless otherwise clearly defined and limited, term " installation ", " phase Company ", " connection " should be interpreted broadly, for example, it may be being fixedly connected, or being detachably connected, or be integrally connected;Can Being to mechanically connect, or electrically connect;Can be joined directly together, it is also possible to be indirectly connected to by intermediary, Ke Yishi Two connections of element internal.For the ordinary skill in the art, with concrete condition above-mentioned term can be understood at this Concrete meaning in invention.
If the function is to realize in the form of SFU software functional unit and as independent production marketing or when using, can be with Storage is in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words The part contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter Calculation machine software product is stored in a storage medium, including some instructions are used to so that a computer equipment (can be individual People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the invention. And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
In the description of the invention, it is necessary to explanation, term " " center ", " on ", D score, "left", "right", " vertical ", The orientation or position relationship of the instruction such as " level ", " interior ", " outward " be based on orientation shown in the drawings or position relationship, merely to Be easy to the description present invention and simplify describe, rather than indicate imply signified device or element must have specific orientation, With specific azimuth configuration and operation, therefore it is not considered as limiting the invention.Additionally, term " first ", " second ", " the 3rd " is only used for describing purpose, and it is not intended that indicating or implying relative importance.
Finally it should be noted that:Embodiment described above, specific embodiment only of the invention, is used to illustrate the present invention Technical scheme, rather than its limitations, protection scope of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair It is bright to be described in detail, it will be understood by those within the art that:Any one skilled in the art The invention discloses technical scope in, it can still modify to the technical scheme described in previous embodiment or can be light Change is readily conceivable that, or equivalent is carried out to which part technical characteristic;And these modifications, change or replacement, do not make The essence of appropriate technical solution departs from the spirit and scope of embodiment of the present invention technical scheme, should all cover in protection of the invention Within the scope of.Therefore, protection scope of the present invention described should be defined by scope of the claims.

Claims (10)

1. a kind of Internet of Things intrusion detection method, it is characterised in that methods described includes:
The environmental data that changes over time of acquisition, the environmental data includes intensity of illumination, temperature, humidity, pressure, gravity, shakes One or more data in dynamic frequency, position, speed, acceleration and volume;
The environmental data according to current time calculates the environment at current time with the environmental data of adjacent moment Undulate quantity of the data relative to the environmental data of adjacent moment;
The corresponding IDS Framework of the data on flows at current time is determined according to the undulate quantity, by the intrusion detection mould Type is performed intrusion detection to the data on flows at current time, wherein, the data on flows at current time and current time The environmental data it is corresponding.
2. method according to claim 1, it is characterised in that by below equation according to the environment number at current time The environment of the environmental data relative to adjacent moment at current time is calculated according to the environmental data with adjacent moment The undulate quantity of data:
Wherein, StThe undulate quantity of the environmental data of t is represented, when υ (t, i) represents t The numerical value of any one of the environmental data carved data i, Δ υ (t, i) represents the data i and adjacent moment of t The difference of the data i, n represents the quantity of the data that the environmental data is included.
3. method according to claim 1, it is characterised in that the flow that current time is determined according to the undulate quantity The corresponding IDS Framework of data, including:
Undulate quantity division rule according to pre-building is classified to the undulate quantity, and the classification of the undulate quantity is according to rank Order from low to high includes fuctuation within a narrow range, normal fluctuation and fluctuation;
Determine the corresponding IDS Framework of the sorted undulate quantity according to default class models corresponding relation, will determine The IDS Framework as current time the corresponding IDS Framework of the data on flows.
4. method according to claim 3, it is characterised in that the undulate quantity division rule is set up in the following manner:
The environmental data of preset duration is obtained, the fluctuation of the environmental data at each moment in the preset duration is calculated Amount;
The undulate quantity of the environmental data at statistics each moment, obtains statistics;
The statistics is divided using the ratio data of normal distribution, determines the undulate quantity division rule.
5. method according to claim 3, it is characterised in that described according to the undulate quantity division rule pair for pre-building After the undulate quantity is classified, methods described also includes:
Analyze the variation tendency between the environmental data and the environmental data at front and rear moment at current time;
When the variation tendency between the environmental data at current time and the environmental data at front and rear moment is consistent, and currently Difference between the undulate quantity of the undulate quantity of the environmental data at moment and the environmental data of adjacent moment exceedes default During threshold value, the classification of the undulate quantity of the environmental data at current time is lifted into one-level.
6. a kind of Internet of Things invasion detecting device, it is characterised in that described device includes:
Data acquisition module, for obtaining the environmental data that changes over time, the environmental data include intensity of illumination, temperature, One or more data in humidity, pressure, gravity, vibration frequency, position, speed, acceleration and volume;
Data computation module, the environmental data calculating for the environmental data according to current time and adjacent moment is worked as Undulate quantity of the environmental data at preceding moment relative to the environmental data of adjacent moment;
Classification and Detection module, the corresponding IDS Framework of data on flows for determining current time according to the undulate quantity, The data on flows at current time is performed intrusion detection by the IDS Framework, wherein, current time it is described Data on flows is corresponding with the environmental data at current time.
7. device according to claim 6, it is characterised in that the data computation module specifically for:
When calculating current with the environmental data of adjacent moment according to the environmental data at current time by below equation Undulate quantity of the environmental data relative to the environmental data of adjacent moment carved:
Wherein, StThe undulate quantity of the environmental data of t is represented, when υ (t, i) represents t The numerical value of any one of the environmental data carved data i, Δ υ (t, i) represents the data i and adjacent moment of t The difference of the data i, n represents the quantity of the data that the environmental data is included.
8. device according to claim 6, it is characterised in that the classification and Detection module includes:
Taxon, for classifying to the undulate quantity according to the undulate quantity division rule for pre-building, the undulate quantity Classification include fuctuation within a narrow range, normal fluctuation and fluctuation according to rank order from low to high;
Determining unit, for determining the corresponding invasion inspection of the sorted undulate quantity according to default class models corresponding relation Model is surveyed, the data on flows corresponding IDS Framework of the IDS Framework that will be determined as current time.
9. device according to claim 8, it is characterised in that described device also includes:
Rule sets up module, for setting up the undulate quantity division rule, specifically includes:
Data capture unit, the environmental data for obtaining preset duration calculates each moment in the preset duration The undulate quantity of the environmental data;
Statistic unit, the undulate quantity of the environmental data for counting each moment, obtains statistics;
Rule determination unit, divides for the ratio data using normal distribution to the statistics, determines the ripple Momentum division rule.
10. device according to claim 8, it is characterised in that the classification and Detection module also includes:
Data analysis unit, for carrying out classification to the undulate quantity according to the undulate quantity division rule for pre-building described Afterwards, the variation tendency between the environmental data and the environmental data at front and rear moment at analysis current time;
Classification lift unit, for when the change between the environmental data and the environmental data at front and rear moment at current time Change trend is consistent, and undulate quantity and the environmental data of adjacent moment of the environmental data at current time undulate quantity it Between difference when exceeding predetermined threshold value, the classification of the undulate quantity of the environmental data at current time is lifted into one-level.
CN201611042617.5A 2016-11-23 2016-11-23 Internet of Things intrusion detection method and device Active CN106789904B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611042617.5A CN106789904B (en) 2016-11-23 2016-11-23 Internet of Things intrusion detection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611042617.5A CN106789904B (en) 2016-11-23 2016-11-23 Internet of Things intrusion detection method and device

Publications (2)

Publication Number Publication Date
CN106789904A true CN106789904A (en) 2017-05-31
CN106789904B CN106789904B (en) 2019-10-25

Family

ID=58973986

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611042617.5A Active CN106789904B (en) 2016-11-23 2016-11-23 Internet of Things intrusion detection method and device

Country Status (1)

Country Link
CN (1) CN106789904B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107241350A (en) * 2017-07-13 2017-10-10 北京紫光恒越网络科技有限公司 Network security defence method, device and electronic equipment
CN107809439A (en) * 2017-08-31 2018-03-16 上海财经大学 Network connection data categorizing system
CN109962980A (en) * 2019-03-20 2019-07-02 北京易沃特科技有限公司 A kind of data uploading method based on Internet of Things, device, equipment and medium
CN110120950A (en) * 2019-05-13 2019-08-13 四川长虹电器股份有限公司 It is a kind of to be impended the system and method for analysis based on Internet of Things flow
CN110808972A (en) * 2019-10-30 2020-02-18 杭州迪普科技股份有限公司 Data stream identification method and device
CN110839032A (en) * 2019-11-18 2020-02-25 河南牧业经济学院 Internet of things abnormal data identification method and system
CN111132142A (en) * 2019-12-24 2020-05-08 中国联合网络通信集团有限公司 Security defense method and device
CN111917801A (en) * 2020-08-18 2020-11-10 南京工业大学浦江学院 Petri network-based user behavior authentication method in private cloud environment
CN112654010A (en) * 2019-09-26 2021-04-13 诺基亚技术有限公司 Method and apparatus for intrusive IoT device detection
CN114323116A (en) * 2021-11-17 2022-04-12 招银云创信息技术有限公司 Power system monitoring method and device and computer equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN203279188U (en) * 2012-12-05 2013-11-06 浙江商业技师学院 Intrusion detection device for wireless sensor network
CN103973697A (en) * 2014-05-19 2014-08-06 重庆邮电大学 Intrusion detecting method of internet-of-things sensing layer
CN104601553A (en) * 2014-12-26 2015-05-06 北京邮电大学 Internet-of-things tampering invasion detection method in combination with abnormal monitoring
US20160285979A1 (en) * 2015-03-25 2016-09-29 Intel Corporation Accessing service of internet of things

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN203279188U (en) * 2012-12-05 2013-11-06 浙江商业技师学院 Intrusion detection device for wireless sensor network
CN103973697A (en) * 2014-05-19 2014-08-06 重庆邮电大学 Intrusion detecting method of internet-of-things sensing layer
CN104601553A (en) * 2014-12-26 2015-05-06 北京邮电大学 Internet-of-things tampering invasion detection method in combination with abnormal monitoring
US20160285979A1 (en) * 2015-03-25 2016-09-29 Intel Corporation Accessing service of internet of things

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107241350A (en) * 2017-07-13 2017-10-10 北京紫光恒越网络科技有限公司 Network security defence method, device and electronic equipment
CN107809439B (en) * 2017-08-31 2020-01-10 上海财经大学 Network connection data classification system
CN107809439A (en) * 2017-08-31 2018-03-16 上海财经大学 Network connection data categorizing system
CN107948147A (en) * 2017-08-31 2018-04-20 上海财经大学 Network connection data sorting technique
CN107948147B (en) * 2017-08-31 2020-01-17 上海财经大学 Network connection data classification method
CN109962980A (en) * 2019-03-20 2019-07-02 北京易沃特科技有限公司 A kind of data uploading method based on Internet of Things, device, equipment and medium
CN110120950A (en) * 2019-05-13 2019-08-13 四川长虹电器股份有限公司 It is a kind of to be impended the system and method for analysis based on Internet of Things flow
CN112654010A (en) * 2019-09-26 2021-04-13 诺基亚技术有限公司 Method and apparatus for intrusive IoT device detection
CN110808972A (en) * 2019-10-30 2020-02-18 杭州迪普科技股份有限公司 Data stream identification method and device
CN110808972B (en) * 2019-10-30 2021-12-24 杭州迪普科技股份有限公司 Data stream identification method and device
CN110839032A (en) * 2019-11-18 2020-02-25 河南牧业经济学院 Internet of things abnormal data identification method and system
CN111132142A (en) * 2019-12-24 2020-05-08 中国联合网络通信集团有限公司 Security defense method and device
CN111917801A (en) * 2020-08-18 2020-11-10 南京工业大学浦江学院 Petri network-based user behavior authentication method in private cloud environment
CN114323116A (en) * 2021-11-17 2022-04-12 招银云创信息技术有限公司 Power system monitoring method and device and computer equipment
CN114323116B (en) * 2021-11-17 2023-12-05 招银云创信息技术有限公司 Power system monitoring method, device and computer equipment

Also Published As

Publication number Publication date
CN106789904B (en) 2019-10-25

Similar Documents

Publication Publication Date Title
CN106789904B (en) Internet of Things intrusion detection method and device
CN102647292B (en) Intrusion detecting method based on semi-supervised neural network
Habibzadeh et al. Soft sensing in smart cities: Handling 3Vs using recommender systems, machine intelligence, and data analytics
CN101746269B (en) Fatigue driving fusion detection method based on soft computing
CN103793484B (en) The fraud identifying system based on machine learning in classification information website
CN104348829B (en) A kind of network security situation sensing system and method
CN109000645A (en) Complex environment target classics track extracting method
CN107846392A (en) A kind of intrusion detection algorithm based on improvement coorinated training ADBN
CN106844138A (en) O&M warning system and method
CN107241358A (en) A kind of smart home intrusion detection method based on deep learning
CN106502234A (en) Industrial control system method for detecting abnormality based on double skeleton patterns
CN108197575A (en) A kind of abnormal behaviour recognition methods detected based on target detection and bone point and device
CN110162445A (en) The host health assessment method and device of Intrusion Detection based on host log and performance indicator
CN107277443A (en) A kind of a wide range of perimeter security monitoring method and system
CN111274886B (en) Deep learning-based pedestrian red light running illegal behavior analysis method and system
CN108322445A (en) A kind of network inbreak detection method based on transfer learning and integrated study
CN109218321A (en) A kind of network inbreak detection method and system
CN106792883A (en) Sensor network abnormal deviation data examination method and system
Zou et al. A novel network security algorithm based on improved support vector machine from smart city perspective
Portela et al. Evaluation of the performance of supervised and unsupervised Machine learning techniques for intrusion detection
CN104077571B (en) A kind of crowd's anomaly detection method that model is serialized using single class
CN110943974A (en) DDoS (distributed denial of service) anomaly detection method and cloud platform host
CN110138638A (en) A kind of processing method and processing device of network flow
CN105160285A (en) Method and system for recognizing human body tumble automatically based on stereoscopic vision
CN117197726B (en) Important personnel accurate management and control system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant