CN109766229B - Anomaly detection method for integrated electronic system - Google Patents
Anomaly detection method for integrated electronic system Download PDFInfo
- Publication number
- CN109766229B CN109766229B CN201811477152.5A CN201811477152A CN109766229B CN 109766229 B CN109766229 B CN 109766229B CN 201811477152 A CN201811477152 A CN 201811477152A CN 109766229 B CN109766229 B CN 109766229B
- Authority
- CN
- China
- Prior art keywords
- message
- command word
- periodic
- messages
- sequence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Maintenance And Management Of Digital Transmission (AREA)
Abstract
The invention discloses an anomaly detection method for an integrated electronic system, and provides a method based on combination of command word sequence specification and time sequence. The command word sequence standard method is used for detecting whether the periodic message is abnormal or not, and the time sequence method selects a Markov model and is used for predicting whether the aperiodic message is abnormal or not. The method comprises the following steps: 1) collecting data: collecting bus transmission data; 2) generating a detector: according to log information, self-generating a periodic command word sequence standard and training a Markov model; 3) and (3) intrusion detection: and detecting the message to be detected according to the command word sequence specification, identifying the message as an aperiodic message when the command word of the message does not conform to the sequence specification, carrying out aperiodic message detection, and giving an alarm if the detection is still failed. The invention can detect the attack between the bus controller and the subsystem, and can effectively resist various attacks such as replay attack, counterfeit attack, denial of service and the like.
Description
Technical Field
The invention belongs to the technical field of information security of an integrated electronic system, and particularly relates to a lightweight misuse detection method for the integrated electronic system.
Background
The integrated electronic system is widely applied to the fields of civil aviation airplanes, fighters, armored vehicles, rockets, spacecrafts and the like, and the safety problem of the integrated electronic system is not taken into consideration all the time because the integrated electronic system is in a physical isolation network. In recent years, security studies on physically isolated networks have been increasingly conducted. A typical physical isolation network has an industrial control system, in recent years, the safety of the industrial control system is researched more, and the safe operation of the industrial control system is generally guaranteed by means of a white list mechanism, deep analysis of an industrial protocol, vulnerability scanning and the like.
Compared with an industrial control system, the safety research of the integrated electronic system is less. The integrated electronic system is limited by hardware, power consumption and size, the memory and CPU main frequency are very small, and different integrated electronic systems adopt different non-universal CPUs due to special use scenes. The complexity and diversity of hardware equipment can cause frequent system errors, most of integrated electronic systems can fully utilize limited hardware resources to meet the requirement design of system reliability, and safety design is less considered.
In the face of the security threat of the integrated electronic system, the current intrusion detection security technology only stays in network-level intrusion detection in the application of the satellite, and because of the particularity of the application range of the integrated electronic system, the limitation of resources such as hardware memory and the like, the intrusion detection technology for the integrated electronic system at the internal system level is less, and the security of the integrated electronic system cannot be fundamentally improved. It has only been found that Stan et al propose Markov model-based anomaly detection methods in 2017. The storage space required by the features proposed by Stan et al is 137bit, and under the condition of huge data volume, the occupied space is not a little different; meanwhile, the abnormal detection method still has a defect, because the Markov model cannot solve the abnormal detection with the ABA sequence, namely if the ABA sequence exists in the training set, a forged command word B is inserted after the command word A, the command word cannot be recognized, although the Markov model proposed by Stan et al has a time period, if the inserted forged command word B follows the period of the AB sequence, the forged command word can be recognized as a normal command word.
Disclosure of Invention
The invention aims to provide an anomaly detection method for an integrated electronic system, which can effectively resist the internal attack of the integrated electronic system and ensure the integrity and the usability of data transmitted in the integrated electronic system.
The specific technical scheme for realizing the purpose of the invention is as follows:
an abnormality detection method for an integrated electronic system, the method comprising the following steps:
step 1: monitoring the bus of the integrated electronic system, and collecting a large number of bus log messages as a data set required by a periodic command word sequence and a non-periodic detector which are used for generating periodic detection in a subsequent step;
step 2: generating a sequence of periodic command words using a self-generating algorithm from the bus log messages;
and step 3: generating a non-periodic message detector based on a time series method according to the bus log message; wherein the time series method includes, but is not limited to, a Markov (Markov) model;
and 4, step 4: monitoring the bus in real time, transmitting the command word in each message into a command word sequence standard detector, and carrying out command word sequence standard detection; wherein the command word sequence specification detector comprises a periodic command word sequence and an aperiodic message detector.
Step 2, generating a periodic command word sequence by using a self-generating algorithm, specifically comprising:
step A1: extracting all periodic messages in the message log, extracting features and generating a periodic command word set;
step A2: generating the periodic command word set into a periodic command word sequence specification according to the message sequence in the message log;
step A3: a sequence specification retrieved based on the Hash algorithm is generated from the list of periodic command word sequence specifications.
The extracting of the features in the step a1 specifically includes: according to the bus protocol, the periodic message characteristics define a 6-tuple representation, i.e. termination address, sub-address/termination address, send/receive, number of data words, channel a/B and minimum time interval.
The sequence retrieved based on the Hash algorithm in step a3 is maintained using a one-way circular linked list including, but not limited to.
The generating of the aperiodic message detector based on the time series method in step 3 specifically includes:
step B1: forming legal messages in the bus log into a training set, extracting periodic messages according to an algorithm for extracting periodic command words, and then extracting a difference set of the periodic messages from the training set to obtain aperiodic messages; meanwhile, extracting the previous periodic message when the aperiodic message occurs so as to form a new training set, and extracting the characteristics of all messages in the training set to obtain a training set TS;
step B2: after a training set TS for training aperiodic messages is obtained, the state transition probability is calculated by iterating the training set, and Markov parameters are trained.
The extracting of the features of all the messages in the training set in step B1 specifically includes: according to the bus protocol, the message characteristics are represented by 5-tuples, i.e. terminal address, sub-address/terminal address, send/receive, number of data words and channel a/B.
Each message in the training set TS in step B1 is a state of the Markov modelj。
The performing of command word sequence specification detection in step 4 specifically includes:
step C1: acquiring a predicted command word by using a previous command word according to the sequence of the single-direction linked list, comparing the predicted command word with the currently acquired command word to detect whether the message to be detected conforms to the sequence specification, identifying the message to be detected as a periodic message if the predicted command word conforms to the currently acquired command word, namely conforms to the sequence specification, and then detecting whether the time period of the command word is normal or not, and executing the step C2; if the sequence specification is not met, recognizing the message as a non-periodic message, and executing the step C3;
step C2: comparing whether the time period of the message is correct or not, if the time period is greater than or equal to the minimum time interval, identifying the message as a legal periodic message, and allowing the flow to pass normally; if the time period is less than the minimum time interval, the time period is abnormal, and exception handling is carried out;
step C3: taking the previous command word and the command word to be detected as input, and obtaining the state transition probability of the two messages according to a Markov model; and comparing the probability with an abnormal threshold, and if the probability is lower than the abnormal threshold, determining that the abnormal condition exists, and performing abnormal treatment.
Said anomaly threshold in step C3 is defined as the minimum probability of periodic to aperiodic messages observed in the training set; calculating the state transition probability from the periodic message to the aperiodic message as follows: stateProbj*transProdj→l(ii) a Wherein stateProbjIs statejProbability of occurrence, transProbj→lIs statejTo statelProbability of state transition. The invention has the beneficial effects that:
the invention is an intrusion detection method suitable for the interior of a comprehensive electronic system, which can effectively resist the interior attacks of the comprehensive electronic system, wherein the interior attacks mainly comprise integrity attack destroying and availability attack destroying, in particular to denial of service attack, counterfeiting attack, tampering attack and replay attack, thereby ensuring the integrity and the availability of data transmitted in the comprehensive electronic system.
Unknown attacks can be effectively prevented: by researching the message characteristics of the integrated electronic system, combining the periodic message sequence, the time characteristics and the prediction of the non-periodic messages, the method has the potential of detecting unknown attacks.
By effectively utilizing the characteristics of the messages on the bus, the characteristic quantity required to be extracted is greatly reduced, the space occupation quantity is reduced, and the lightness of the anomaly detection method is ensured; meanwhile, the combination of the command word sequence specification and the time sequence specification method solves the problem that a legal ABA sequence exists in a Markov model, and effectively improves the accuracy and the detection rate.
Drawings
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a schematic diagram of a periodic message feature;
FIG. 3 is a schematic diagram of aperiodic message characteristics;
fig. 4 is a schematic diagram of a message log.
Detailed Description
The present invention will be described in further detail with reference to the following specific examples and the accompanying drawings. The procedures, conditions, experimental methods and the like for carrying out the present invention are general knowledge and common general knowledge in the art, except for the contents specifically mentioned below, and the present invention is not particularly limited to the contents.
The integrated electronic system of the invention can be applied to communication satellites, civil aircrafts, tanks and armored vehicles.
Examples
Taking a 1553B bus-based integrated electronic system suitable for a communication satellite platform as an example, the abnormality detection steps facing the integrated electronic system are specifically explained as follows:
flow acquisition:
there are three types of devices in an integrated electronic system: in 1553B equipment, only a BM can acquire all traffic on a bus, so that the BM is used as a bus traffic acquisition module, and after a complete message acquired by the BM is transmitted, the message is transmitted to a feature extraction module for intrusion detection.
Feature definition: feature extraction is performed only on the command word sequence. The periodic message characteristic definition is represented by a tuple of < terminal address, sub-address/terminal address, transmission/reception, number of data words, channel A/B, minimum time interval >6, and the aperiodic message is represented by a tuple of < terminal address, sub-address/terminal address, transmission/reception, number of data words, channel A/B > 5.
Generating a detector:
generating a periodic command word sequence specification by using a self-generating algorithm according to a bus log, detecting a command word to be detected according to the command word sequence specification, identifying the command word sequence as an aperiodic message when detecting that the command word sequence is not in the command word sequence specification, detecting by using the aperiodic message, and giving an alarm if the command word sequence still fails to be detected.
The periodic message anomaly detector generates:
1) extracting periodic command words according to the proposed lightweight clustering algorithm by analyzing the characteristics of the messages in the data set
In the test data set, the times of occurrence of each command word are counted, and the maximum possible difference of 1 in the number of messages in the week period is analyzed according to the data. As shown in fig. 2, for any periodic message, if the number range of messages in one period is ± 1, all pairs of periodic messages fall in the interval, and the total amount of the periodic messages accounts for the most, after the interval of the periodic messages is calculated, the number of the messages in the interval is added, the interval with the most number is used as the interval of the periodic messages, and then the messages in the entire interval are classified as the periodic messages.
The algorithm for extracting the periodic command word is as follows:
2) regenerating periodic message sequence specifications from message sequences in a message log
And traversing the command word sequence in the message log, if the traversed message is found to be a periodic message, adding the message into the command word sequence specification until all proposed periodic messages are added into the command word sequence specification, namely generating the periodic message sequence specification.
3) Anomaly detection using sequence specifications retrieved based on Hash algorithm
In order to realize the command word specification search efficiency of O (1), the invention provides a lightweight detection sequence specification algorithm based on Hash search and using a one-way circular linked list to maintain a sequence. In the case where hash collisions are so few, the hash stores data that can look for the feature in O (1) time.
The sequence specification algorithm for generating the search based on the Hash algorithm is as follows:
the aperiodic message detector generates:
1) initializing a data set
And forming legal messages in the bus log into a training set, extracting periodic messages according to an algorithm for extracting periodic command words, and extracting a difference set of the periodic messages from the training set to obtain aperiodic messages. And simultaneously extracting the previous periodic message when the aperiodic message occurs so as to form a new training set TS, wherein the training set TS is used for training Markov model parameters of the aperiodic message, and each message in the TS is a state of the Markov modelj。
2) Training Markov parameters
After a training set TS for training aperiodic messages is obtained, state transition probability is calculated through an iterative training set, and Markov parameters are trained.
The training Markov parameter algorithm is as follows:
and (3) intrusion detection:
in the detection stage, a one-way circular linked list maintenance sequence is used, and whether the message to be detected conforms to the sequence specification or not is detected according to the sequence of the linked list based on the Hash lookup sequence specification. If the sequence specification is met, comparing whether the time period of the message is correct or not, and if the time period of the message is correct, normally transmitting the message; if not, it is abnormal. If the sequence specification is not met, the message is identified as a non-periodic message, and non-periodic message anomaly detection is carried out.
For the detection of the non-periodic message, the previous message and the non-periodic message are input, and the state transition probability of the two messages is obtained according to a Markov model. The probability is compared with an anomaly threshold, and if the probability is lower than the anomaly threshold, the device is abnormal. The anomaly threshold is defined as the minimum probability of two sequences observed in the training set. The state transition probabilities for the two messages are calculated as follows: stateProbj*transProbj→l。
The command word sequence specification detection algorithm and the non-periodic message anomaly detection algorithm are respectively as follows:
command word sequence specification detection algorithm
Anomaly detection algorithm for aperiodic messages
Claims (8)
1. An abnormality detection method for an integrated electronic system, characterized by comprising the following steps:
step 1: monitoring a comprehensive electronic system bus 1553B, and collecting a large number of bus log messages as a periodic command word sequence for periodic detection and a data set required by a non-periodic detector;
step 2: generating a periodic command word sequence specification using a self-generating algorithm according to the bus log message;
and step 3: generating a non-periodic message detector based on a time series method according to the bus log message; wherein the time series method comprises a Markov model;
and 4, step 4: monitoring a bus 1553B in real time, transmitting the command word in each message into a command word sequence specification detector, and performing command word sequence specification detection; wherein the command word sequence specification detector comprises a periodic command word sequence and an aperiodic message detector; wherein:
step 2, generating the periodic command word sequence specification by using a self-generating algorithm specifically comprises:
step A1: extracting all periodic messages in the message log, extracting features and generating a periodic command word set;
step A2: generating the periodic command word set into a periodic command word sequence specification according to the message sequence in the message log;
step A3: a sequence specification retrieved based on the Hash algorithm is generated from the list of periodic command word sequence specifications.
2. The method for detecting anomalies oriented to integrated electronic systems according to claim 1, characterized in that said extracting features in step a1 specifically comprises: according to the bus protocol, the periodic message characteristics define a 6-tuple representation, i.e. termination address, sub-address/termination address, send/receive, number of data words, channel a/B and minimum time interval.
3. The integrated electronic system-oriented anomaly detection method according to claim 1, characterized in that said Hash algorithm-based retrieved sequence specification of step a3 is maintained using a one-way circular linked list.
4. The method for detecting anomalies towards integrated electronic systems according to claim 1, characterized in that said generating, in step 3, of a non-periodic message detector based on a time-series method, comprises in particular:
step B1: forming legal messages in the bus log into a training set, extracting periodic messages according to an algorithm for extracting periodic command words, and then extracting a difference set of the periodic messages from the training set to obtain aperiodic messages; meanwhile, extracting the previous periodic message when the aperiodic message occurs so as to form a new training set, and extracting the characteristics of all messages in the training set to obtain a training set TS;
step B2: after a training set TS for training aperiodic messages is obtained, the state transition probability is calculated by iterating the training set, and Markov parameters are trained.
5. The method for detecting anomalies oriented to integrated electronic systems of claim 4, wherein said extracting the characteristics of all the messages in the training set in step B1, in particular comprises: according to the bus protocol, the message characteristics are represented by 5-tuples, i.e. terminal address, sub-address/terminal address, send/receive, number of data words and channel a/B.
6. The method for detecting anomalies towards integrated electronic systems according to claim 4, characterized in that each message in said training set TS in step B1 is a state of the Markov modelj。
7. The method for detecting anomalies oriented to integrated electronic systems according to claim 1, characterized in that said step 4 of carrying out command word sequence specification detection specifically comprises:
step C1: acquiring a predicted command word by using a previous command word according to the sequence of the single-direction linked list, comparing the predicted command word with the currently acquired command word to detect whether the message to be detected conforms to the sequence specification, identifying the message to be detected as a periodic message if the predicted command word conforms to the currently acquired command word, namely conforms to the sequence specification, and then detecting whether the time period of the command word is normal or not, and executing the step C2; if the sequence specification is not met, recognizing the message as a non-periodic message, and executing the step C3;
step C2: comparing whether the time period of the message is correct or not, if the time period is greater than or equal to the minimum time interval, identifying the message as a legal periodic message, and allowing the flow to pass normally; if the time period is less than the minimum time interval, the time period is abnormal, and exception handling is carried out;
step C3: taking the previous command word and the command word to be detected as input, and obtaining the state transition probability of the two messages according to a Markov model; and comparing the probability with an abnormal threshold, and if the probability is lower than the abnormal threshold, determining that the abnormal condition exists, and performing abnormal treatment.
8. The method for detecting anomalies towards integrated electronic systems according to claim 7, characterized in that said anomaly threshold of step C3 is defined as the minimum probability of periodic to aperiodic messages observed in the training set; calculating the state transition probability from the periodic message to the aperiodic message as follows: stateProbj*transProbj→l(ii) a Wherein stateProbjIs statejProbability of occurrence, transProbj→lIs statejTo statelProbability of state transition.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811477152.5A CN109766229B (en) | 2018-12-05 | 2018-12-05 | Anomaly detection method for integrated electronic system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811477152.5A CN109766229B (en) | 2018-12-05 | 2018-12-05 | Anomaly detection method for integrated electronic system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109766229A CN109766229A (en) | 2019-05-17 |
| CN109766229B true CN109766229B (en) | 2022-02-11 |
Family
ID=66451138
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811477152.5A Active CN109766229B (en) | 2018-12-05 | 2018-12-05 | Anomaly detection method for integrated electronic system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109766229B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP7175858B2 (en) * | 2019-08-07 | 2022-11-21 | 株式会社日立製作所 | Information processing device and legitimate communication determination method |
| CN111428235A (en) * | 2020-02-21 | 2020-07-17 | 华东师范大学 | Bus controller decision protection method facing MI L-STD-1553B |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102831096A (en) * | 2012-08-17 | 2012-12-19 | 中国科学院空间科学与应用研究中心 | 1553B bus protocol IP (Intellectual Property) core |
| CN103259686A (en) * | 2013-05-31 | 2013-08-21 | 浙江大学 | CAN bus network fault diagnosis method based on disperse error events |
| CN103645947A (en) * | 2013-11-25 | 2014-03-19 | 北京航空航天大学 | MIL-STD-1553B bus monitoring and data analysis system |
| CN105137214A (en) * | 2015-06-23 | 2015-12-09 | 中国空间技术研究院 | Satellite bus data analysis system |
| CN106502811A (en) * | 2016-10-12 | 2017-03-15 | 北京精密机电控制设备研究所 | A kind of 1553B bus communications fault handling method |
| CN107153584A (en) * | 2016-03-03 | 2017-09-12 | 中兴通讯股份有限公司 | Method for detecting abnormality and device |
| CN107844406A (en) * | 2017-10-25 | 2018-03-27 | 千寻位置网络有限公司 | Method for detecting abnormality and system, service terminal, the memory of distributed system |
| CN108632351A (en) * | 2018-03-23 | 2018-10-09 | 山东昭元信息科技有限公司 | A kind of Information Exchange System |
| CN108847879A (en) * | 2018-06-14 | 2018-11-20 | 上海卫星工程研究所 | Two-shipper fault detection and restoration methods based on bus control unit |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110191129A1 (en) * | 2010-02-04 | 2011-08-04 | Netzer Moriya | Random Number Generator Generating Random Numbers According to an Arbitrary Probability Density Function |
| US20180150125A1 (en) * | 2016-11-28 | 2018-05-31 | Qualcomm Incorporated | Wifi memory power minimization |
-
2018
- 2018-12-05 CN CN201811477152.5A patent/CN109766229B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102831096A (en) * | 2012-08-17 | 2012-12-19 | 中国科学院空间科学与应用研究中心 | 1553B bus protocol IP (Intellectual Property) core |
| CN103259686A (en) * | 2013-05-31 | 2013-08-21 | 浙江大学 | CAN bus network fault diagnosis method based on disperse error events |
| CN103645947A (en) * | 2013-11-25 | 2014-03-19 | 北京航空航天大学 | MIL-STD-1553B bus monitoring and data analysis system |
| CN105137214A (en) * | 2015-06-23 | 2015-12-09 | 中国空间技术研究院 | Satellite bus data analysis system |
| CN107153584A (en) * | 2016-03-03 | 2017-09-12 | 中兴通讯股份有限公司 | Method for detecting abnormality and device |
| CN106502811A (en) * | 2016-10-12 | 2017-03-15 | 北京精密机电控制设备研究所 | A kind of 1553B bus communications fault handling method |
| CN107844406A (en) * | 2017-10-25 | 2018-03-27 | 千寻位置网络有限公司 | Method for detecting abnormality and system, service terminal, the memory of distributed system |
| CN108632351A (en) * | 2018-03-23 | 2018-10-09 | 山东昭元信息科技有限公司 | A kind of Information Exchange System |
| CN108847879A (en) * | 2018-06-14 | 2018-11-20 | 上海卫星工程研究所 | Two-shipper fault detection and restoration methods based on bus control unit |
Non-Patent Citations (2)
| Title |
|---|
| Protecting Military Avionics Platforms from Attacks on MIL-STD-1553 Communication Bus;orly stan;《https://arxiv.org/abs/1707.05032》;20170717;全文 * |
| 环境感知应用***的数据传输与安全;何道敬;《南京信息工程大学学报》;20170930;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109766229A (en) | 2019-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105704103B (en) | Modbus TCP communication behavior abnormity detection method based on OCSVM double-contour model | |
| CN109347853B (en) | Deep packet analysis-based anomaly detection method for integrated electronic system | |
| CN111541661A (en) | Power information network attack scene reconstruction method and system based on causal knowledge | |
| CN111245848B (en) | Industrial control intrusion detection method for hierarchical dependency modeling | |
| CN112953971B (en) | Network security flow intrusion detection method and system | |
| Zhe et al. | DoS attack detection model of smart grid based on machine learning method | |
| CN108600003B (en) | Intrusion detection method, device and system for video monitoring network | |
| CN110324337B (en) | Vehicle intranet intrusion detection method and system based on capsule neural network | |
| CN113179244B (en) | Federal deep network behavior feature modeling method for industrial internet boundary safety | |
| CN109766229B (en) | Anomaly detection method for integrated electronic system | |
| CN109462580B (en) | Training flow detection model, method and device for detecting abnormal business flow | |
| Marchetti et al. | Identification of correlated network intrusion alerts | |
| CN110086829B (en) | Method for detecting abnormal behaviors of Internet of things based on machine learning technology | |
| CN108768949B (en) | Random geometric data anomaly positioning method based on Markov random field theory | |
| Sen et al. | Towards an approach to contextual detection of multi-stage cyber attacks in smart grids | |
| CN108206826B (en) | Lightweight intrusion detection method for integrated electronic system | |
| CN114584345B (en) | Rail transit network security processing method, device and equipment | |
| CN113688385B (en) | Lightweight distributed intrusion detection method | |
| CN115802358A (en) | Multi-step DDoS prediction poisoning attack based on reinforcement learning and defense method thereof | |
| CN109784040B (en) | Misuse detection method for integrated electronic system | |
| CN113162904A (en) | Power monitoring system network security alarm evaluation method based on probability graph model | |
| Bezukladnikov et al. | Method to counter the threat of covert channels in LonWorks-based Industrial Control systems | |
| Desnitsky | Approach to machine learning based attack detection in wireless sensor networks | |
| CN116506216B (en) | Lightweight malicious flow detection and evidence-storage method, device, equipment and medium | |
| TWI816579B (en) | Network intrusion detecting system and network intrusion detecting method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |