CN106789904A - Internet of things intrusion detection method and device - Google Patents
Internet of things intrusion detection method and device Download PDFInfo
- Publication number
- CN106789904A CN106789904A CN201611042617.5A CN201611042617A CN106789904A CN 106789904 A CN106789904 A CN 106789904A CN 201611042617 A CN201611042617 A CN 201611042617A CN 106789904 A CN106789904 A CN 106789904A
- Authority
- CN
- China
- Prior art keywords
- data
- environmental data
- current time
- undulate quantity
- moment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Alarm Systems (AREA)
- Burglar Alarm Systems (AREA)
Abstract
The invention provides a kind of Internet of Things intrusion detection method and device, it is related to the technical field of Internet of Things safety, wherein methods described includes obtaining the environmental data for changing over time, and the environmental data includes one or more data in intensity of illumination, temperature, humidity, pressure, gravity, vibration frequency, position, speed, acceleration and volume;Environmental data according to current time calculates the undulate quantity of the environmental data relative to the environmental data of adjacent moment at current time with the environmental data of adjacent moment;The corresponding IDS Framework of the data on flows at current time is determined according to the undulate quantity, the data on flows at current time is performed intrusion detection by the IDS Framework, wherein, the data on flows at current time is corresponding with the environmental data at current time.Internet of Things intrusion detection method and device that the present invention is provided, can solve that using existing Internet of Things intrusion detection method intrusion behavior, the insecure technical problem of result of detection can not be accurately detected.
Description
Technical field
The present invention relates to Internet of Things security fields, more particularly, to a kind of Internet of Things intrusion detection method and device.
Background technology
Internet of Things (Internet of Things) is, to be perceived as the integrated information system that the thing of core is interconnected with thing, to lead to
The cognition technologies that communicate such as Intellisense, identification technology and general fit calculation are crossed, is widely used in the fusion of network, be referred to as after meter
The third wave of world information industry development after calculation machine, internet.Security requirement of the Internet of Things to data is very high, especially
It is in sensing layer.The characteristics of due to thing network sensing layer node itself, perceive node layer and be easy to be attacked by intrusion behavior,
If network is invaded, there is illegal or bad data to flow into Internet of Things by sensing layer equipment, then can not only destroy Internet of Things
The security of the perception data of net, and the safety of the information transfer being attached thereto or even information processing layer data can be jeopardized
Property, bring unforeseen infringement to whole Internet of Things.
Intrusion detection refers to be carried out by some key point collection information in computer network or computer system and to it
Whether analysis, therefrom finds there is the sign violated the behavior of security strategy and attacked in network or system, is Logistics networks peace
Full basis, is also effective supplement of fire wall.
The intrusion detection for being currently based on thing network sensing layer is in a stage for opposing primary, conventional detection method bag
Include feature detection and abnormality detection.Wherein, feature detection is that deterministic description is made to the feature of intrusion behavior, forms corresponding
Rule and be aggregated into a feature database, then the data message of collection and feature database are compared, it is true if matching
The behavior is recognized for intrusion behavior, confirms that the behavior is normal behaviour if mismatching.Abnormality detection is the spy to normal behaviour
Levy and make deterministic description, forming corresponding rule simultaneously carries out collecting formation rule storehouse, the data message that then will be gathered with
Rule base is compared, and confirms that this behavior is normal behaviour if matching, and confirms that this behavior is invasion if mismatching
Behavior.
In the prior art, new intrusion behavior is capable of detecting when using abnormality detection, but with rate of false alarm higher, can be led
Cause follow-up work difficulty to increase, and influence is produced on the normal function of system.It can be seen that using existing Internet of Things intrusion detection
Method can not be accurately detected intrusion behavior, and the result of detection is unreliable.
The content of the invention
In view of this, it is an object of the invention to provide a kind of Internet of Things intrusion detection method and device, to solve to use
Existing Internet of Things intrusion detection method can not be accurately detected intrusion behavior, the insecure technical problem of result of detection.
In a first aspect, the embodiment of the invention provides a kind of Internet of Things intrusion detection method, methods described includes:Obtain with
The environmental data of time change, the environmental data includes intensity of illumination, temperature, humidity, pressure, gravity, vibration frequency, position
Put, one or more data in speed, acceleration and volume;The environmental data and adjacent moment according to current time
The environmental data calculates the undulate quantity of the environmental data relative to the environmental data of adjacent moment at current time;Root
The corresponding IDS Framework of the data on flows at current time is determined according to the undulate quantity, by the IDS Framework to working as
The data on flows at preceding moment is performed intrusion detection, wherein, the data on flows at current time is described with current time
Environmental data is corresponding.
With reference in a first aspect, the embodiment of the invention provides the first possible implementation method of first aspect, wherein, lead to
Cross the institute that below equation calculates current time according to the environmental data at current time with the environmental data of adjacent moment
State undulate quantity of the environmental data relative to the environmental data of adjacent moment:
Wherein, StThe undulate quantity of the environmental data of t is represented, υ (t, i) is represented
The numerical value of any one of described environmental data of t data i, Δ υ (t, i) represents the data i and adjacent moment of t
The data i difference, n represents the quantity of the data that the environmental data is included.
With reference in a first aspect, the embodiment of the invention provides second possible implementation method of first aspect, wherein, institute
State and the corresponding IDS Framework of the data on flows at current time is determined according to the undulate quantity, including:According to what is pre-build
Undulate quantity division rule is classified to the undulate quantity, and the order of the classification of the undulate quantity according to rank from low to high includes
Fuctuation within a narrow range, normal fluctuation and fluctuation;Determine the sorted undulate quantity according to default class models corresponding relation
Corresponding IDS Framework, will determine the IDS Framework as the data on flows at current time it is corresponding enter
Invade detection model.
With reference to second possible implementation method of first aspect, the third of first aspect is the embodiment of the invention provides
Possible implementation method, wherein, the undulate quantity division rule is set up in the following manner:Obtain the environment of preset duration
Data, calculate the undulate quantity of the environmental data at each moment in the preset duration;Each moment is described described in statistics
The undulate quantity of environmental data, obtains statistics;The statistics is divided using the ratio data of normal distribution, really
The fixed undulate quantity division rule.
With reference to second possible implementation method of first aspect, the 4th kind of first aspect is the embodiment of the invention provides
Possible implementation method, wherein, classification is carried out to the undulate quantity according to the undulate quantity division rule for pre-building described
Afterwards, methods described also includes:Analyze the change between the environmental data and the environmental data at front and rear moment at current time
Change trend;When the variation tendency between the environmental data at current time and the environmental data at front and rear moment is consistent, and
Difference between the undulate quantity of the undulate quantity of the environmental data at current time and the environmental data of adjacent moment exceedes
During predetermined threshold value, the classification of the undulate quantity of the environmental data at current time is lifted into one-level.
Second aspect, the embodiment of the present invention also provides a kind of Internet of Things invasion detecting device, and described device includes:Data are obtained
Modulus block, for obtaining the environmental data that changes over time, the environmental data include intensity of illumination, temperature, humidity, pressure,
One or more data in gravity, vibration frequency, position, speed, acceleration and volume;Data computation module, for basis
It is relative that the environmental data at current time calculates the environmental data at current time with the environmental data of adjacent moment
In the undulate quantity of the environmental data of adjacent moment;Classification and Detection module, for determining current time according to the undulate quantity
The corresponding IDS Framework of data on flows, the data on flows at current time is carried out by the IDS Framework
Intrusion detection, wherein, the data on flows at current time is corresponding with the environmental data at current time.
With reference to second aspect, the first possible implementation method of second aspect is the embodiment of the invention provides, wherein, institute
State data computation module specifically for:By below equation according to the environmental data and adjacent moment at current time
Environmental data calculates the undulate quantity of the environmental data relative to the environmental data of adjacent moment at current time:
Wherein, StThe undulate quantity of the environmental data of t is represented, υ (t, i) is represented
The numerical value of any one of described environmental data of t data i, Δ υ (t, i) represents the data i and adjacent moment of t
The data i difference, n represents the quantity of the data that the environmental data is included.
With reference to second aspect, second possible implementation method of second aspect is the embodiment of the invention provides, wherein, institute
Stating classification and Detection module includes:Taxon, for being carried out to the undulate quantity according to the undulate quantity division rule for pre-building
Classification, the order of the classification of the undulate quantity according to rank from low to high includes fuctuation within a narrow range, normal fluctuation and fluctuation;Really
Order unit, for determining the corresponding intrusion detection mould of the sorted undulate quantity according to default class models corresponding relation
Type, the data on flows corresponding IDS Framework of the IDS Framework that will be determined as current time.
With reference to second possible implementation method of second aspect, the third of second aspect is the embodiment of the invention provides
Possible implementation method, wherein, described device also includes:Rule sets up module, for setting up the undulate quantity division rule, tool
Body includes:Data capture unit, the environmental data for obtaining preset duration calculates each moment in the preset duration
The environmental data undulate quantity;Statistic unit, the undulate quantity of the environmental data for counting each moment, obtains
To statistics;Rule determination unit, divides for the ratio data using normal distribution to the statistics, it is determined that
The undulate quantity division rule.
With reference to second possible implementation method of second aspect, the 4th kind of second aspect is the embodiment of the invention provides
Possible implementation method, wherein, the classification and Detection module also includes:Data analysis unit, for described according to building in advance
After vertical undulate quantity division rule is classified to the undulate quantity, analyze current time the environmental data with it is front and rear when
Variation tendency between the environmental data carved;Classification lift unit, for when current time the environmental data with it is preceding
Variation tendency rear between the environmental data at moment is consistent, and the undulate quantity of the environmental data at current time with it is adjacent
When difference between the undulate quantity of the environmental data at moment exceedes predetermined threshold value, by the environmental data at current time
The classification lifting one-level of undulate quantity.
The embodiment of the present invention brings following beneficial effect:In embodiments of the present invention, the environment for changing over time is obtained
Data, the environmental data includes intensity of illumination, temperature, humidity, pressure, gravity, vibration frequency, position, speed, acceleration and sound
One or more in amount, the environmental data according to current time calculates the environment at current time with the environmental data of adjacent moment
Data determine that the data on flows at current time is corresponding according to the undulate quantity relative to the undulate quantity of the environmental data of adjacent moment
IDS Framework, is performed intrusion detection by the IDS Framework to the data on flows at current time, wherein, current time
Data on flows it is corresponding with the environmental data at current time.Compared with correlation technique, due to side provided in an embodiment of the present invention
Method and device are not performed intrusion detection using the model of single fixation, but the environmental data to obtaining is analyzed calculating,
The corresponding IDS Framework of data on flows is determined according to result of calculation, data on flows is entered using corresponding IDS Framework
Row intrusion detection, therefore method and device in the embodiment of the present invention can flexibly determine invasion inspection according to the situation of environmental data
Model is surveyed, intrusion behavior is detected by the method and device in the embodiment of the present invention, testing result is more accurate and can
Lean on.
Other features and advantages of the present invention will be illustrated in the following description, also, the partly change from specification
Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages are in specification, claims
And specifically noted structure is realized and obtained in accompanying drawing.
To enable the above objects, features and advantages of the present invention to become apparent, preferred embodiment cited below particularly, and coordinate
Appended accompanying drawing, is described in detail below.
Brief description of the drawings
In order to illustrate more clearly of the specific embodiment of the invention or technical scheme of the prior art, below will be to specific
The accompanying drawing to be used needed for implementation method or description of the prior art is briefly described, it should be apparent that, in describing below
Accompanying drawing is some embodiments of the present invention, for those of ordinary skill in the art, before creative work is not paid
Put, other accompanying drawings can also be obtained according to these accompanying drawings.
The schematic flow sheet of the Internet of Things intrusion detection method that Fig. 1 is provided for first embodiment of the invention;
The stream of undulate quantity division rule is set up in the Internet of Things intrusion detection method that Fig. 2 is provided for first embodiment of the invention
Journey schematic diagram;
The module composition schematic diagram of the Internet of Things invasion detecting device that Fig. 3 is provided for second embodiment of the invention;
Rule sets up the unit composition of module in the Internet of Things invasion detecting device that Fig. 4 is provided for second embodiment of the invention
Schematic diagram.
Specific embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with accompanying drawing to the present invention
Technical scheme be clearly and completely described, it is clear that described embodiment is a part of embodiment of the invention, rather than
Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative work premise
Lower obtained every other embodiment, belongs to the scope of protection of the invention.
Internet of Things include sensing layer, due to perceive node layer itself the characteristics of, perceive node layer be easy to be subject to invasion go
For attack, the intrusion behavior for sensing layer can not be accurately detected using existing Internet of Things intrusion detection method, examine
The result of survey is unreliable, and based on this, the embodiment of the present invention provides a kind of Internet of Things intrusion detection for the sensing layer of Internet of Things
Method and device, is performed intrusion detection using IDS Framework corresponding with data on flows to data on flows, can be exactly
Intrusion behavior is detected, the result of detection is relatively reliable.For ease of understanding the present embodiment, first to the embodiment of the present invention
A kind of disclosed Internet of Things intrusion detection method describes in detail.
Embodiment one:
The schematic flow sheet of the Internet of Things intrusion detection method that Fig. 1 is provided for first embodiment of the invention, the method includes
Following steps:
Step S110, the environmental data that acquisition is changed over time, environmental data includes intensity of illumination, temperature, humidity, pressure
One or more data in power, gravity, vibration frequency, position, speed, acceleration and volume.
Thing network sensing layer is provided with environmental data collecting node, for gathering environmental data.Preferably, Internet of Things is perceived
Layer is provided with multiple sensor collection plates, and sensor is provided with sensor collection plate, is carried out by main body of sensor collection plate
Environmental data collecting, the acquisition time of record environmental data while environmental data is gathered, wherein environmental data includes:Light
According to one or more in intensity, temperature, humidity, pressure, gravity, vibration frequency, position, speed, acceleration and volume.Example
Such as:Intensity of illumination in environment, the vibration frequency of object, speed and acceleration etc. can be gathered by photoelectric sensor collection plate
Environmental data, it is also possible to which object is gathered by collection plates such as vibrating sensor, velocity sensor and acceleration transducers respectively
The environmental datas such as vibration frequency, speed and acceleration;Environment temperature and humidity can be gathered by Temperature Humidity Sensor collection plate
Deng environmental data;The environmental datas such as pressure (such as air pressure), gravity can be gathered by pressure sensor collection plate;By GPS
(Global Positioning System, global positioning system) sensor collection plate can gather the position data of object;It is logical
Crossing sound transducer collection plate can gather volume data of sound etc..Additionally, all data that can quantify collection can be made
It is environmental data herein, therefore the environmental data is not limited to the above-mentioned parameter enumerated.
While environmental data is gathered, data on flows corresponding with environmental data is gathered.Specifically, set in Internet of Things
Multiple network routers are equipped with, the environmental data that sensor collection plate is collected is transmitted by each network router, this step
In, Port Mirroring is carried out to each network router in Internet of Things, the data traffic of the whole network is mapped to designated port, collection is complete
The data on flows of net, and the acquisition time of data on flows is recorded, it is right with data on flows to set up environmental data according to acquisition time
Should be related to.In Internet of Things, control instruction is sent to sensor collection plate by router, start sensor collection environment number
According to, the environmental data that sensor collection plate will be collected by router be transmitted back to come.In the present embodiment, transmitted via router
Data can regard data on flows as, the data on flows at least include send to sensor control instruction and sensor gather
The environmental data for arriving.
Step S120, the environmental data according to current time calculates the environment at current time with the environmental data of adjacent moment
Undulate quantity of the data relative to the environmental data of adjacent moment.
The environmental data at each moment and the environmental data of its adjacent moment, this step can be obtained by step S110
In, for the environmental data at current time, calculate the ripple of the environmental data relative to the environmental data of adjacent moment at current time
Momentum, the undulate quantity can be calculated by below equation:
Wherein, StThe undulate quantity of the environmental data of t is represented, when υ (t, i) represents t
The numerical value of any one of the environmental data at quarter data i, Δ υ (t, i) represents the difference of the data i of t and the data i of adjacent moment
Value, n represents the quantity of the data that environmental data is included.
Specifically, when Δ υ (t, i) can be the difference, or t of data i and the data i of previous moment of t
The difference of the data i at quarter and the data i of later moment in time, i.e. Δ υ (t, i)=υ (t, i)-υ (t-1, i) or Δ υ (t, i)=υ (t
+ 1, i)-υ (t, i), wherein υ (t-1, i) represents the numerical value of data i in the environmental data at t-1 moment (previous moment of t),
(t+1 i) represents the numerical value of data i in the environmental data at t+1 moment (later moment in time of t) to υ.The environment number of such as collection
Be 1 by temperature marker according to including temperature, three data of gravity and speed, gravity is labeled as 2, and speed is labeled as 3, then υ (t-1,
1), υ (t, 1), υ (t+1,1) are followed successively by the temperature value at t-1, t, t+1 moment, and υ (t-1,2), υ (t, 2), υ (t+1,2) are followed successively by
The gravity size at t-1, t, t+1 moment, υ (t-1,3), υ (t, 3), that υ (t+1,3) is followed successively by the speed at t-1, t, t+1 moment is big
It is small.With Δ υ (t, i)=υ, (t+1, i) as a example by-υ (t, i), the undulate quantity of environmental data this moment is:
Step S130, the corresponding IDS Framework of the data on flows at current time is determined according to above-mentioned undulate quantity, is passed through
The IDS Framework is performed intrusion detection to the data on flows at current time, wherein, the data on flows at current time with it is current
The environmental data at moment is corresponding.
By after the undulate quantity that step S120 is calculated environmental data, the flow at current time being determined according to this undulate quantity
The corresponding IDS Framework of data.In the present embodiment, the stream at current time is determined by following two step S131 and S132
The corresponding IDS Framework of amount data:
Step S131, classifies according to the undulate quantity division rule for pre-building to undulate quantity, and the classification of undulate quantity is pressed
Include fuctuation within a narrow range, normal fluctuation and fluctuation according to rank order from low to high.
Step S132, the corresponding intrusion detection mould of sorted undulate quantity is determined according to default class models corresponding relation
Type, the IDS Framework that will be determined is used as the corresponding IDS Framework of the data on flows at current time.
Specifically, the undulate quantity division rule for pre-building is included in the present embodiment, according to be calculated it is current when
The size of the undulate quantity at quarter, determines the classification of the undulate quantity at current time.The undulate quantity division rule for for example pre-building is:0
≤St< 3 belongs to fuctuation within a narrow range, 3≤St< 8 belongs to normal fluctuation, St>=8 belong to fluctuation, if the undulate quantity at current time
It is 4, it is determined that the classification of the undulate quantity at current time is normal fluctuation.
The stream of undulate quantity division rule is set up in the Internet of Things intrusion detection method that Fig. 2 is provided for first embodiment of the invention
Journey schematic diagram, as shown in Fig. 2 the undulate quantity division rule in step S131 is set up by three below step:
Step S210, obtains the environmental data of preset duration, calculates the ripple of the environmental data at each moment in preset duration
Momentum.
Set up undulate quantity division rule, it is necessary to first obtain preset duration environmental data, specific acquisition methods with step
Rapid S110 is identical, repeats no more here.Wherein, this preset duration is not particularly limited, and preset duration is bigger, the undulate quantity of foundation
Division rule is more perfect, and such as preset duration can be 30 days.After getting the environmental data of preset duration, preset duration is calculated
The undulate quantity of the environmental data at interior each moment, specific computational methods are identical with step S120, repeat no more here.
Step S220, counts the undulate quantity of the environmental data at above-mentioned each moment, obtains statistics.
The undulate quantity of the environmental data at statistics above-mentioned each moment being calculated, and the undulate quantity is carried out from small to large
Sequence, obtains statistics.
Step S230, is divided using the ratio data of normal distribution to above-mentioned statistics, determines that undulate quantity is divided
Rule.
Specifically, can be determined in above-mentioned statistics according to Normal Distribution Theory, the quantity of fuctuation within a narrow range:(slightly
The quantity of the quantity+normal fluctuation of fluctuation):(quantity of the quantity+fluctuation of the quantity+normal fluctuation of fuctuation within a narrow range)=
0.6827:0.9500:1.Above-mentioned statistics is divided using the ratio data of normal distribution, can first determine small amplitude wave
Dynamic division border, then determine the division border of normal fluctuation, the division border of fluctuation is finally determined, so that it is determined that fluctuation
Amount division rule, such as statistics are 0≤StRatio shared by the undulate quantity of < 3 is 0.6827,0≤StThe undulate quantity institute of < 8
The ratio for accounting for is 0.9500, then undulate quantity division rule is:0≤St< 3 belongs to fuctuation within a narrow range, 3≤St< 8 belongs to normal fluctuation,
St>=8 belong to fluctuation;The division border of fluctuation can also first be determined, then determine the division border of normal fluctuation, most
The division border of fuctuation within a narrow range is determined afterwards, so that it is determined that undulate quantity division rule, such as statistics are St>=8 undulate quantity institute
The ratio for accounting for is 0.05.StRatio shared by >=3 undulate quantity is 0.3173, then undulate quantity division rule is similarly:0≤St< 3
Belong to fuctuation within a narrow range, 3≤St< 8 belongs to normal fluctuation, St>=8 belong to fluctuation;The division of fuctuation within a narrow range can also first be determined
Border or the division border of fluctuation, finally determine the division border of normal fluctuation, no longer illustrate here.
It is provided in an embodiment of the present invention after classifying to undulate quantity according to the undulate quantity division rule for pre-building
Internet of Things intrusion detection method also includes following two sub-steps:
S1311, analyzes the variation tendency between the environmental data and the environmental data at front and rear moment at current time.
Specifically, the environment number at the corresponding variation tendency of rate of change and the front and rear moment of the environmental data at analysis current time
According to the corresponding variation tendency of rate of change whether all same.
Such as, the rate of change of t data i isWherein, υ (t, i) represents the environmental data of t
The numerical value of middle data i, Δ υ (t, i) represents the difference of the data i of t and the data i of adjacent moment.Accordingly, the t-1 moment
The rate of change of data i isThe rate of change of t+1 time datas i is
If Vt-1、Vt、Vt+1It is positive and negative identical, then illustrate the corresponding variation tendency of rate of change of the environmental data of t and front and rear moment
The corresponding variation tendency of rate of change of environmental data is identical, that is, the environmental data at the environmental data of t and front and rear moment it
Between variation tendency it is consistent, otherwise the then corresponding variation tendency of rate of change of the environmental data of explanation t and the front and rear moment
The corresponding variation tendency of the rate of change of environmental data is different, that is, the environmental data at the environmental data of t and front and rear moment it
Between variation tendency it is inconsistent.
S1312, when the environmental data at current time is consistent with the variation tendency between the environmental data at front and rear moment, and works as
When difference between the undulate quantity of the undulate quantity of the environmental data at preceding moment and the environmental data of adjacent moment exceedes predetermined threshold value,
The classification of the undulate quantity of the environmental data at current time is lifted into one-level.
Specifically, the embodiment of the present invention includes predetermined threshold value, when the environment at environmental data and the front and rear moment at current time
Variation tendency between data is consistent, and undulate quantity and the environmental data of adjacent moment of the environmental data at current time fluctuation
When difference between amount exceedes the predetermined threshold value, the classification of the undulate quantity of the environmental data at current time is lifted into one-level, so that
It is later determined that IDS Framework disclosure satisfy that actual demand.For example, predetermined threshold value be 1, if the environmental data of t with it is preceding
Variation tendency afterwards between the environmental data at moment is consistent, and St-St-1﹥ 1 or St+1-St﹥ 1, then by the undulate quantity of t
Classification lifts one-level, the undulate quantity of t such as is promoted into normal fluctuation by fuctuation within a narrow range, or be promoted to by normal fluctuation
Fluctuation.
After the classification of undulate quantity is determined according to the above method, the classification further according to the undulate quantity determines corresponding intrusion detection
Model.Also include default class models corresponding relation, the different invasion of different undulate quantity classification correspondences in the present embodiment
Detection model.Preferably, default class models corresponding relation is:Fuctuation within a narrow range invasion of the correspondence based on Colored Petri Net is examined
Model is surveyed, the time-based K-means IDS Frameworks of normal fluctuation correspondence, fluctuation correspondence is based on convolutional neural networks
Internet Intrusion Detection Model.Such as, if the classification of the undulate quantity at current time is normal fluctuation, it is determined that the ripple at current time
The time-based K-means IDS Frameworks of momentum correspondence.Further, will determine IDS Framework as it is current when
The corresponding IDS Framework of data on flows at quarter, and the data on flows at current time is entered using the IDS Framework for determining
Row intrusion detection, obtains testing result.
Specifically, for fuctuation within a narrow range, using the IDS Framework based on Colored Petri Net:This is a kind of based on shape
The intrusion detection method of state, is one of intrusion detection method based on misuse, and each invasion tag expression is a pattern by it,
Relation between event and their content is expressed by pattern, the intrusion detection analysis of small-scale static state Internet of Things is appropriate for.
For normal fluctuation, using time-based K-means IDS Frameworks:K-means is classical clustering algorithm, and it is used
Data are agglomerated into K class by simple iteration, and the algorithm has the remarkable advantages such as simple, understandable, good scalability, turns into
Important algorithm in current intruding detection system in terms of clustering algorithm research;Time-based inference method using time rule come
The feature of identifying user behavior normal mode;The intrusion detection method combined with time rule using K-means carries out abnormal pre-
Survey, meet the demand of thing network sensing layer abnormality detection.For fluctuation, using the network intrusions based on convolutional neural networks
Detection model:Because this partial discharge data is larger, change various, common analysis method may cause analysis unilateral, make
Can make full use of historical sample with neural network algorithm, and combine a small amount of instant sample, using the method for machine learning come
Dependence or the causality automatically analyzed, excavate between contextual information, reach the purpose of model online updating, meet Internet of Things
The demand of sensing layer abnormality detection.
The embodiment of the present invention is performed intrusion detection from suitable IDS Framework to data on flows, thus the knot for detecting
Fruit is more accurate, more reliable.
Understand that the Internet of Things intrusion detection method that the embodiment of the present invention is provided has following beneficial effect based on above-mentioned analysis
Really:In embodiments of the present invention, the environmental data that changes over time is obtained, the environmental data includes intensity of illumination, temperature, wet
One or more in degree, pressure, gravity, vibration frequency, position, speed, acceleration and volume, according to the environment at current time
Data calculate the fluctuation of the environmental data relative to the environmental data of adjacent moment at current time with the environmental data of adjacent moment
Amount, determines the corresponding IDS Framework of the data on flows at current time, by the IDS Framework pair according to the undulate quantity
The data on flows at current time is performed intrusion detection, wherein, the data on flows at current time and the environmental data phase at current time
Correspondence.Compared with correlation technique, because method provided in an embodiment of the present invention is not invaded using the model of single fixation
Detection, but the environmental data to obtaining is analyzed calculating, and the corresponding intrusion detection of data on flows is determined according to result of calculation
Model, is performed intrusion detection using corresponding IDS Framework to data on flows, therefore the method energy in the embodiment of the present invention
It is enough that IDS Framework is flexibly determined according to the situation of environmental data, intrusion behavior is entered by the method in the embodiment of the present invention
Row detection, testing result is more accurate and reliable.
In the embodiment of the present invention, the intrusion behavior detection scheme based on environmental context is proposed, it is abundant according to environmental change
Using all types of perception informations, context-aware technology is applied to defining for thing network sensing layer intrusion behavior, with adaptation
The characteristics of monitors environment dynamic change, improve the flexibility and reliability detected to intrusion behavior.Further, rely on
Ripe IDS Framework, is that it sets the application scenarios for being adapted to thing network sensing layer, it is played maximum benefit.
Embodiment two:
Method in correspondence above-described embodiment one, the embodiment of the present invention additionally provides a kind of Internet of Things invasion detecting device,
For performing the method in above-described embodiment one.The Internet of Things invasion detecting device that Fig. 3 is provided for second embodiment of the invention
Module composition schematic diagram, as shown in figure 3, the Internet of Things invasion detecting device in the present embodiment includes:Data acquisition module 11, uses
In the environmental data that acquisition is changed over time, the environmental data includes intensity of illumination, temperature, humidity, pressure, gravity, vibration frequency
One or more data in rate, position, speed, acceleration and volume;Data computation module 12, for according to current time
Environmental data calculates the environmental data at current time relative to the environmental data of adjacent moment with the environmental data of adjacent moment
Undulate quantity;Classification and Detection module 13, the corresponding intrusion detection mould of data on flows for determining current time according to the undulate quantity
Type, is performed intrusion detection by the IDS Framework to the data on flows at current time, wherein, the data on flows at current time
Environmental data with current time is corresponding.
Further, data computation module 12 specifically for:By below equation according to the environmental data at current time with
The environmental data of adjacent moment calculates the undulate quantity of the environmental data relative to the environmental data of adjacent moment at current time:
Wherein, StThe undulate quantity of the environmental data of t is represented, when υ (t, i) represents t
The numerical value of any one of the environmental data at quarter data i, Δ υ (t, i) represents the difference of the data i of t and the data i of adjacent moment
Value, n represents the quantity of the data that environmental data is included.
Specifically, classification and Detection module 13 includes:Taxon, for according to the undulate quantity division rule pair for pre-building
Undulate quantity is classified, and the order of the classification of undulate quantity according to rank from low to high includes fuctuation within a narrow range, normal fluctuation and significantly
Fluctuation;Determining unit, for determining the corresponding intrusion detection of sorted undulate quantity according to default class models corresponding relation
Model, the IDS Framework that will be determined is used as the corresponding IDS Framework of the data on flows at current time.
Further, Internet of Things invasion detecting device provided in an embodiment of the present invention also includes:Rule sets up module, is used for
The undulate quantity division rule set up in above-mentioned classification and Detection module 13.Fig. 4 enters for the Internet of Things that second embodiment of the invention is provided
Invade the unit composition schematic diagram that rule in detection means sets up module.As shown in figure 4, the rule sets up module specifically including:Number
According to acquiring unit 21, the environmental data for obtaining preset duration calculates the ripple of the environmental data at each moment in preset duration
Momentum;Statistic unit 22, the undulate quantity of the environmental data for counting each moment, obtains statistics;Rule determination unit
23, the statistics is divided for the ratio data using normal distribution, determine undulate quantity division rule.
Further, classification and Detection module also includes:Data analysis unit, for being drawn according to the undulate quantity for pre-building
After divider is then classified to undulate quantity, the change between the environmental data and the environmental data at front and rear moment at current time is analyzed
Change trend;Classification lift unit, for becoming when the change between the environmental data and the environmental data at front and rear moment at current time
Gesture is consistent, and difference between the undulate quantity of the environmental data of the undulate quantity and adjacent moment of the environmental data at current time exceedes
During predetermined threshold value, the classification of the undulate quantity of the environmental data at current time is lifted into one-level.
Internet of Things invasion detecting device provided in an embodiment of the present invention, the Internet of Things intrusion detection provided with above-described embodiment
Method has identical technical characteristic, so can also solve identical technical problem, reaches identical technique effect.
Understand that the Internet of Things invasion detecting device that the embodiment of the present invention is provided has following beneficial effect based on above-mentioned analysis
Really:In embodiments of the present invention, data acquisition module 11 obtains the environmental data for changing over time, and the environmental data includes illumination
One or more in intensity, temperature, humidity, pressure, gravity, vibration frequency, position, speed, acceleration and volume, data meter
The environmental data that module 12 is calculated according to the environmental data calculating current time of the environmental data and adjacent moment at current time is relative
In the undulate quantity of the environmental data of adjacent moment, classification and Detection module 13 determines the data on flows at current time according to the undulate quantity
Corresponding IDS Framework, is performed intrusion detection by the IDS Framework to the data on flows at current time, wherein, when
The data on flows at preceding moment is corresponding with the environmental data at current time.Compared with correlation technique, because the embodiment of the present invention is carried
The device of confession is not performed intrusion detection using the model of single fixation, but the environmental data to obtaining is analyzed calculating,
The corresponding IDS Framework of data on flows is determined according to result of calculation, data on flows is entered using corresponding IDS Framework
Row intrusion detection, therefore device in the embodiment of the present invention can flexibly determine intrusion detection mould according to the situation of environmental data
Type, is detected by the device in the embodiment of the present invention to intrusion behavior, and testing result is more accurate and reliable.
Internet of Things intrusion detection method and the computer program product of device that the embodiment of the present invention is provided, including storage
The computer-readable recording medium of program code, the instruction that described program code includes can be used to perform previous methods embodiments
Described in method, implement can be found in embodiment of the method, will not be repeated here.
It is apparent to those skilled in the art that, for convenience and simplicity of description, the system of foregoing description
With the specific work process of device, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
In addition, in the description of the embodiment of the present invention, unless otherwise clearly defined and limited, term " installation ", " phase
Company ", " connection " should be interpreted broadly, for example, it may be being fixedly connected, or being detachably connected, or be integrally connected;Can
Being to mechanically connect, or electrically connect;Can be joined directly together, it is also possible to be indirectly connected to by intermediary, Ke Yishi
Two connections of element internal.For the ordinary skill in the art, with concrete condition above-mentioned term can be understood at this
Concrete meaning in invention.
If the function is to realize in the form of SFU software functional unit and as independent production marketing or when using, can be with
Storage is in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words
The part contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used to so that a computer equipment (can be individual
People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the invention.
And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
In the description of the invention, it is necessary to explanation, term " " center ", " on ", D score, "left", "right", " vertical ",
The orientation or position relationship of the instruction such as " level ", " interior ", " outward " be based on orientation shown in the drawings or position relationship, merely to
Be easy to the description present invention and simplify describe, rather than indicate imply signified device or element must have specific orientation,
With specific azimuth configuration and operation, therefore it is not considered as limiting the invention.Additionally, term " first ", " second ",
" the 3rd " is only used for describing purpose, and it is not intended that indicating or implying relative importance.
Finally it should be noted that:Embodiment described above, specific embodiment only of the invention, is used to illustrate the present invention
Technical scheme, rather than its limitations, protection scope of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair
It is bright to be described in detail, it will be understood by those within the art that:Any one skilled in the art
The invention discloses technical scope in, it can still modify to the technical scheme described in previous embodiment or can be light
Change is readily conceivable that, or equivalent is carried out to which part technical characteristic;And these modifications, change or replacement, do not make
The essence of appropriate technical solution departs from the spirit and scope of embodiment of the present invention technical scheme, should all cover in protection of the invention
Within the scope of.Therefore, protection scope of the present invention described should be defined by scope of the claims.
Claims (10)
1. a kind of Internet of Things intrusion detection method, it is characterised in that methods described includes:
The environmental data that changes over time of acquisition, the environmental data includes intensity of illumination, temperature, humidity, pressure, gravity, shakes
One or more data in dynamic frequency, position, speed, acceleration and volume;
The environmental data according to current time calculates the environment at current time with the environmental data of adjacent moment
Undulate quantity of the data relative to the environmental data of adjacent moment;
The corresponding IDS Framework of the data on flows at current time is determined according to the undulate quantity, by the intrusion detection mould
Type is performed intrusion detection to the data on flows at current time, wherein, the data on flows at current time and current time
The environmental data it is corresponding.
2. method according to claim 1, it is characterised in that by below equation according to the environment number at current time
The environment of the environmental data relative to adjacent moment at current time is calculated according to the environmental data with adjacent moment
The undulate quantity of data:
Wherein, StThe undulate quantity of the environmental data of t is represented, when υ (t, i) represents t
The numerical value of any one of the environmental data carved data i, Δ υ (t, i) represents the data i and adjacent moment of t
The difference of the data i, n represents the quantity of the data that the environmental data is included.
3. method according to claim 1, it is characterised in that the flow that current time is determined according to the undulate quantity
The corresponding IDS Framework of data, including:
Undulate quantity division rule according to pre-building is classified to the undulate quantity, and the classification of the undulate quantity is according to rank
Order from low to high includes fuctuation within a narrow range, normal fluctuation and fluctuation;
Determine the corresponding IDS Framework of the sorted undulate quantity according to default class models corresponding relation, will determine
The IDS Framework as current time the corresponding IDS Framework of the data on flows.
4. method according to claim 3, it is characterised in that the undulate quantity division rule is set up in the following manner:
The environmental data of preset duration is obtained, the fluctuation of the environmental data at each moment in the preset duration is calculated
Amount;
The undulate quantity of the environmental data at statistics each moment, obtains statistics;
The statistics is divided using the ratio data of normal distribution, determines the undulate quantity division rule.
5. method according to claim 3, it is characterised in that described according to the undulate quantity division rule pair for pre-building
After the undulate quantity is classified, methods described also includes:
Analyze the variation tendency between the environmental data and the environmental data at front and rear moment at current time;
When the variation tendency between the environmental data at current time and the environmental data at front and rear moment is consistent, and currently
Difference between the undulate quantity of the undulate quantity of the environmental data at moment and the environmental data of adjacent moment exceedes default
During threshold value, the classification of the undulate quantity of the environmental data at current time is lifted into one-level.
6. a kind of Internet of Things invasion detecting device, it is characterised in that described device includes:
Data acquisition module, for obtaining the environmental data that changes over time, the environmental data include intensity of illumination, temperature,
One or more data in humidity, pressure, gravity, vibration frequency, position, speed, acceleration and volume;
Data computation module, the environmental data calculating for the environmental data according to current time and adjacent moment is worked as
Undulate quantity of the environmental data at preceding moment relative to the environmental data of adjacent moment;
Classification and Detection module, the corresponding IDS Framework of data on flows for determining current time according to the undulate quantity,
The data on flows at current time is performed intrusion detection by the IDS Framework, wherein, current time it is described
Data on flows is corresponding with the environmental data at current time.
7. device according to claim 6, it is characterised in that the data computation module specifically for:
When calculating current with the environmental data of adjacent moment according to the environmental data at current time by below equation
Undulate quantity of the environmental data relative to the environmental data of adjacent moment carved:
Wherein, StThe undulate quantity of the environmental data of t is represented, when υ (t, i) represents t
The numerical value of any one of the environmental data carved data i, Δ υ (t, i) represents the data i and adjacent moment of t
The difference of the data i, n represents the quantity of the data that the environmental data is included.
8. device according to claim 6, it is characterised in that the classification and Detection module includes:
Taxon, for classifying to the undulate quantity according to the undulate quantity division rule for pre-building, the undulate quantity
Classification include fuctuation within a narrow range, normal fluctuation and fluctuation according to rank order from low to high;
Determining unit, for determining the corresponding invasion inspection of the sorted undulate quantity according to default class models corresponding relation
Model is surveyed, the data on flows corresponding IDS Framework of the IDS Framework that will be determined as current time.
9. device according to claim 8, it is characterised in that described device also includes:
Rule sets up module, for setting up the undulate quantity division rule, specifically includes:
Data capture unit, the environmental data for obtaining preset duration calculates each moment in the preset duration
The undulate quantity of the environmental data;
Statistic unit, the undulate quantity of the environmental data for counting each moment, obtains statistics;
Rule determination unit, divides for the ratio data using normal distribution to the statistics, determines the ripple
Momentum division rule.
10. device according to claim 8, it is characterised in that the classification and Detection module also includes:
Data analysis unit, for carrying out classification to the undulate quantity according to the undulate quantity division rule for pre-building described
Afterwards, the variation tendency between the environmental data and the environmental data at front and rear moment at analysis current time;
Classification lift unit, for when the change between the environmental data and the environmental data at front and rear moment at current time
Change trend is consistent, and undulate quantity and the environmental data of adjacent moment of the environmental data at current time undulate quantity it
Between difference when exceeding predetermined threshold value, the classification of the undulate quantity of the environmental data at current time is lifted into one-level.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611042617.5A CN106789904B (en) | 2016-11-23 | 2016-11-23 | Internet of Things intrusion detection method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611042617.5A CN106789904B (en) | 2016-11-23 | 2016-11-23 | Internet of Things intrusion detection method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106789904A true CN106789904A (en) | 2017-05-31 |
CN106789904B CN106789904B (en) | 2019-10-25 |
Family
ID=58973986
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611042617.5A Active CN106789904B (en) | 2016-11-23 | 2016-11-23 | Internet of Things intrusion detection method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106789904B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107241350A (en) * | 2017-07-13 | 2017-10-10 | 北京紫光恒越网络科技有限公司 | Network security defence method, device and electronic equipment |
CN107809439A (en) * | 2017-08-31 | 2018-03-16 | 上海财经大学 | Network connection data categorizing system |
CN109962980A (en) * | 2019-03-20 | 2019-07-02 | 北京易沃特科技有限公司 | A kind of data uploading method based on Internet of Things, device, equipment and medium |
CN110120950A (en) * | 2019-05-13 | 2019-08-13 | 四川长虹电器股份有限公司 | It is a kind of to be impended the system and method for analysis based on Internet of Things flow |
CN110808972A (en) * | 2019-10-30 | 2020-02-18 | 杭州迪普科技股份有限公司 | Data stream identification method and device |
CN110839032A (en) * | 2019-11-18 | 2020-02-25 | 河南牧业经济学院 | Internet of things abnormal data identification method and system |
CN111132142A (en) * | 2019-12-24 | 2020-05-08 | 中国联合网络通信集团有限公司 | Security defense method and device |
CN111917801A (en) * | 2020-08-18 | 2020-11-10 | 南京工业大学浦江学院 | Petri network-based user behavior authentication method in private cloud environment |
CN112654010A (en) * | 2019-09-26 | 2021-04-13 | 诺基亚技术有限公司 | Method and apparatus for intrusive IoT device detection |
CN114323116A (en) * | 2021-11-17 | 2022-04-12 | 招银云创信息技术有限公司 | Power system monitoring method and device and computer equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN203279188U (en) * | 2012-12-05 | 2013-11-06 | 浙江商业技师学院 | Intrusion detection device for wireless sensor network |
CN103973697A (en) * | 2014-05-19 | 2014-08-06 | 重庆邮电大学 | Intrusion detecting method of internet-of-things sensing layer |
CN104601553A (en) * | 2014-12-26 | 2015-05-06 | 北京邮电大学 | Internet-of-things tampering invasion detection method in combination with abnormal monitoring |
US20160285979A1 (en) * | 2015-03-25 | 2016-09-29 | Intel Corporation | Accessing service of internet of things |
-
2016
- 2016-11-23 CN CN201611042617.5A patent/CN106789904B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN203279188U (en) * | 2012-12-05 | 2013-11-06 | 浙江商业技师学院 | Intrusion detection device for wireless sensor network |
CN103973697A (en) * | 2014-05-19 | 2014-08-06 | 重庆邮电大学 | Intrusion detecting method of internet-of-things sensing layer |
CN104601553A (en) * | 2014-12-26 | 2015-05-06 | 北京邮电大学 | Internet-of-things tampering invasion detection method in combination with abnormal monitoring |
US20160285979A1 (en) * | 2015-03-25 | 2016-09-29 | Intel Corporation | Accessing service of internet of things |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107241350A (en) * | 2017-07-13 | 2017-10-10 | 北京紫光恒越网络科技有限公司 | Network security defence method, device and electronic equipment |
CN107809439B (en) * | 2017-08-31 | 2020-01-10 | 上海财经大学 | Network connection data classification system |
CN107809439A (en) * | 2017-08-31 | 2018-03-16 | 上海财经大学 | Network connection data categorizing system |
CN107948147A (en) * | 2017-08-31 | 2018-04-20 | 上海财经大学 | Network connection data sorting technique |
CN107948147B (en) * | 2017-08-31 | 2020-01-17 | 上海财经大学 | Network connection data classification method |
CN109962980A (en) * | 2019-03-20 | 2019-07-02 | 北京易沃特科技有限公司 | A kind of data uploading method based on Internet of Things, device, equipment and medium |
CN110120950A (en) * | 2019-05-13 | 2019-08-13 | 四川长虹电器股份有限公司 | It is a kind of to be impended the system and method for analysis based on Internet of Things flow |
CN112654010A (en) * | 2019-09-26 | 2021-04-13 | 诺基亚技术有限公司 | Method and apparatus for intrusive IoT device detection |
CN110808972A (en) * | 2019-10-30 | 2020-02-18 | 杭州迪普科技股份有限公司 | Data stream identification method and device |
CN110808972B (en) * | 2019-10-30 | 2021-12-24 | 杭州迪普科技股份有限公司 | Data stream identification method and device |
CN110839032A (en) * | 2019-11-18 | 2020-02-25 | 河南牧业经济学院 | Internet of things abnormal data identification method and system |
CN111132142A (en) * | 2019-12-24 | 2020-05-08 | 中国联合网络通信集团有限公司 | Security defense method and device |
CN111917801A (en) * | 2020-08-18 | 2020-11-10 | 南京工业大学浦江学院 | Petri network-based user behavior authentication method in private cloud environment |
CN114323116A (en) * | 2021-11-17 | 2022-04-12 | 招银云创信息技术有限公司 | Power system monitoring method and device and computer equipment |
CN114323116B (en) * | 2021-11-17 | 2023-12-05 | 招银云创信息技术有限公司 | Power system monitoring method, device and computer equipment |
Also Published As
Publication number | Publication date |
---|---|
CN106789904B (en) | 2019-10-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106789904B (en) | Internet of Things intrusion detection method and device | |
CN102647292B (en) | Intrusion detecting method based on semi-supervised neural network | |
Habibzadeh et al. | Soft sensing in smart cities: Handling 3Vs using recommender systems, machine intelligence, and data analytics | |
CN101746269B (en) | Fatigue driving fusion detection method based on soft computing | |
CN103793484B (en) | The fraud identifying system based on machine learning in classification information website | |
CN104348829B (en) | A kind of network security situation sensing system and method | |
CN109000645A (en) | Complex environment target classics track extracting method | |
CN107846392A (en) | A kind of intrusion detection algorithm based on improvement coorinated training ADBN | |
CN106844138A (en) | O&M warning system and method | |
CN107241358A (en) | A kind of smart home intrusion detection method based on deep learning | |
CN106502234A (en) | Industrial control system method for detecting abnormality based on double skeleton patterns | |
CN108197575A (en) | A kind of abnormal behaviour recognition methods detected based on target detection and bone point and device | |
CN110162445A (en) | The host health assessment method and device of Intrusion Detection based on host log and performance indicator | |
CN107277443A (en) | A kind of a wide range of perimeter security monitoring method and system | |
CN111274886B (en) | Deep learning-based pedestrian red light running illegal behavior analysis method and system | |
CN108322445A (en) | A kind of network inbreak detection method based on transfer learning and integrated study | |
CN109218321A (en) | A kind of network inbreak detection method and system | |
CN106792883A (en) | Sensor network abnormal deviation data examination method and system | |
Zou et al. | A novel network security algorithm based on improved support vector machine from smart city perspective | |
Portela et al. | Evaluation of the performance of supervised and unsupervised Machine learning techniques for intrusion detection | |
CN104077571B (en) | A kind of crowd's anomaly detection method that model is serialized using single class | |
CN110943974A (en) | DDoS (distributed denial of service) anomaly detection method and cloud platform host | |
CN110138638A (en) | A kind of processing method and processing device of network flow | |
CN105160285A (en) | Method and system for recognizing human body tumble automatically based on stereoscopic vision | |
CN117197726B (en) | Important personnel accurate management and control system and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |