CN111614659B - Distributed detection method for unknown network flow - Google Patents
Distributed detection method for unknown network flow Download PDFInfo
- Publication number
- CN111614659B CN111614659B CN202010424526.8A CN202010424526A CN111614659B CN 111614659 B CN111614659 B CN 111614659B CN 202010424526 A CN202010424526 A CN 202010424526A CN 111614659 B CN111614659 B CN 111614659B
- Authority
- CN
- China
- Prior art keywords
- mobile
- network
- deep
- signal
- distributed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a distributed detection method of unknown network flow, which is applied to a mobile ad hoc network. The method comprises the steps of sending a preset message signal to the mobile ad hoc network through a plurality of different authenticated mobile terminals to obtain a characteristic signal, carrying out deep packet detection on the characteristic signal through a plurality of different unauthenticated communication terminals to obtain a deep data packet, combining the preset message signal and the plurality of deep data packets and sending the combined signal to the network to obtain a response signal, inputting the characteristic signal and the response signal into a deep learning network model as training signals to train, testing the trained deep learning network model, and using the deep learning network model meeting the testing requirements for unknown network traffic identification and detection of the mobile ad hoc network. The technical scheme of the invention can quickly and accurately identify and detect the unknown network flow.
Description
Technical Field
The invention belongs to the technical field of network detection, and particularly relates to a distributed detection method for unknown network flow.
Background
With the development of internet application technology, especially the development of content search, hacking and other technologies, the traffic generated by robots in the internet gradually approaches or even exceeds the traffic generated by human users.
Internet information security company Incapsula investigated this phenomenon in 2012 and 2014, respectively. The 2012 survey showed that 51% of internet traffic was not coming from computers under real user operation, but rather from robotic users. Wherein, the hacker software contributes 5% to the internet traffic, and the automatic copy tool contributes 5% to the internet traffic. Overall, the contribution of such tools with malicious intent to internet traffic is 31%, while another 20% of non-human user traffic comes from search engines. The 2014 survey found that the proportion of robot traffic in the global internet has increased to 61.5%, by about 10 percentage points compared to 2012. 31% of the traffic comes from the search engine and the rest of the traffic comes from malicious robots, e.g. 5% of the traffic comes from crawler accesses and 4.5% of the traffic comes from hacker tool scans. Such a new and advanced development situation, especially the rapid transition of application behaviors and application traffic, brings a serious challenge to network management, security guarantee, service quality provision, and the like of the internet. One of the important problems is how to effectively monitor, manage and control various kinds of application traffic that emerge endlessly.
The identification of mobile traffic from a large amount of mixed traffic and the analysis of the traffic are the first steps for the intensive study of the characteristics of the mobile internet, and at the same time, valuable information can be provided for mobile network measurement and management, mobile security and privacy protection.
Network traffic identification generally involves identification of network protocols and can be divided into identification oriented towards known protocols and identification oriented towards unknown protocols. The identification facing the known protocols mainly includes a port-based protocol identification technique, a load-based protocol identification technique and a measurement-based protocol identification technique. The methods mainly aim at known network protocol data and are based on a large amount of prior knowledge to carry out protocol identification.
For example, the chinese patent application with application number CN201911119633.3 proposes an intelligent detection method for malicious user behaviors based on reinforcement learning, which includes an intelligent analysis engine module, a network space state sensing module, and a multi-domain action execution module; the intelligent analysis engine module is used for judging which action is taken under which state; the network space state perception module is used for perceiving the current state of the network space, and the perception is local perception which is the basis for judging the condition by the intelligent analysis engine; the multi-domain action execution module is used for executing the multi-domain action, obtaining corresponding rewards and executing the actions of the network action, the physical domain and the information domain. The invention can intelligently generate the security management strategy suitable for the local network according to the continuous feedback of the intelligent analysis engine and the security management personnel, thereby realizing the intelligent detection of malicious user behaviors and achieving the purpose of reducing the security management cost.
However, the prior art does not provide an effective technical solution for traffic identification and protocol authentication of unknown networks.
Disclosure of Invention
In order to solve the technical problem, the invention provides a distributed detection method of unknown network flow, which is applied to a mobile Adhoc network. The method comprises the steps of sending a preset message signal to the mobile ad hoc network through a plurality of different authenticated mobile terminals to obtain a characteristic signal, carrying out deep packet detection on the characteristic signal through a plurality of different unauthenticated communication terminals to obtain a deep data packet, combining the preset message signal and the plurality of deep data packets to send to the network to obtain a response signal, inputting the characteristic signal and the response signal into a deep learning network model as training signals to train, testing the trained deep learning network model, and using the deep learning network model meeting the testing requirement for unknown network traffic identification and detection of the mobile ad hoc network. The technical scheme of the invention can quickly and accurately identify and detect the unknown network flow.
Specifically, the technical solutions of the present application are summarized as follows as a whole:
a distributed detection method of unknown network traffic, the detection method being applied in a mobile ad hoc network comprising a plurality of distributed sensors, characterized in that the detection method comprises the steps of:
s100: sending a preset message signal to the mobile ad hoc network through a plurality of different authenticated mobile terminals, and receiving a characteristic signal fed back by the mobile ad hoc network;
in the technical scheme of the invention, each distributed sensor in the mobile ad hoc network comprising a plurality of distributed sensors comprises a unique authentication code.
Step S100 specifically includes:
a plurality of distributed sensors in the mobile Adhoc network are each connected to a gateway control node;
the plurality of different authenticated mobile terminals send the preset message signals to the gateway control node, the gateway control node inquires an authentication code of the mobile terminal corresponding to the preset message signals from a monitoring center, and when the authentication code passes, the gateway control node forwards the preset message signals to the distributed sensor matched with the authentication code.
S200: performing deep packet detection on the characteristic signal through a plurality of different communication terminals which are not authenticated to obtain a plurality of deep data packets;
step S200 specifically includes:
acquiring a communication protocol between the preset message signal and the mobile Adhoc network, and acquiring a feature code of the preset message signal based on the communication protocol;
and unpacking and analyzing the characteristic signals based on the characteristic codes to obtain a plurality of deep data packets.
S300: after combining the preset message signal with the plurality of deep data packets, sending the combined preset message signal to the mobile ad hoc network through the communication terminal which is not authenticated, and receiving a response signal of the mobile ad hoc network;
step S300 specifically includes:
and forming a digital signature by hashing the preset message signal and the authentication code of the corresponding mobile terminal, and combining the digital signature into the deep data packet.
And sending the deep data packet combined with the digital signature to the gateway control node, extracting the digital signature from a monitoring center by the gateway control node, decoding and authenticating the digital signature to obtain an authentication code, and forwarding the deep data packet to a distributed sensor matched with the authentication code by the gateway control node.
S400: inputting the characteristic signal and the response signal as training signals into a deep learning network model for training;
step S400 further includes:
the deep learning network model comprises a flow identification model based on machine learning, the flow identification model is composed of two stages of learning modules, the first learning module is a supervised learning module, and the second learning module is an unsupervised learning module.
And in training, taking the output of the first learning module as the input of the second-stage learning module.
S500: testing the trained deep learning network model by using preset message signals sent by the plurality of different unauthenticated communication terminals; and when the output result obtained after the output of the second-stage learning module is input into the first learning module is in a preset range, judging that the test requirement is met.
S600: and using a deep learning network model meeting the test requirements for the unknown network traffic identification and detection of the mobile ad hoc network.
Further advantages of the invention will be apparent in the detailed description section in conjunction with the drawings attached hereto.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a flow chart of a method for distributed detection of unknown network traffic in accordance with one embodiment of the present invention.
Fig. 2 is a diagram of a portion of a system architecture for implementing the method described in fig. 1.
FIG. 3 is a schematic diagram of training and testing of a deep learning network model used by the method of FIG. 2.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. It is to be understood that the embodiments described are only a few embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a flow chart of a distributed unknown network traffic detection method according to an embodiment of the present invention is shown.
The detection method described in fig. 1 comprises the following steps S100-S600:
s100: sending a preset message signal to the mobile ad hoc network through a plurality of different authenticated mobile terminals, and receiving a characteristic signal fed back by the mobile ad hoc network;
s200: performing deep packet inspection on the characteristic signals through a plurality of different unauthenticated communication terminals to obtain a plurality of deep data packets;
s300: after combining the preset message signal with the plurality of deep data packets, sending the combined preset message signal to the mobile ad hoc network through the communication terminal which is not authenticated, and receiving a response signal of the mobile ad hoc network;
s400: inputting the characteristic signal and the response signal as training signals into a deep learning network model for training;
s500: testing the trained deep learning network model by using preset message signals sent by the plurality of different unauthenticated communication terminals;
s600: and applying a deep learning network model meeting the test requirements to the unknown network traffic identification and detection of the mobile ad hoc network.
On the basis of fig. 1, see fig. 2.
The detection method is applied to a mobile ad hoc network comprising a plurality of distributed sensors; each distributed sensor in the mobile ad hoc network comprising a plurality of distributed sensors contains a unique authentication code.
A plurality of distributed sensors in the mobile Adhoc network are each connected to a gateway control node;
in this embodiment, the mobile Adhoc network may be a Distributed Sensor Network (DSN) consisting of sensors with limited computational and communication capabilities. Each distributed sensor serves as a node, is not only a collector and a sender of information, but also serves as a router of the information, and sends data to the gateway through network self-organization and multi-hop routing. The gateway is a special node, and takes charge of the tasks of internal node control and communication with the outside, the communication mode comprises the Internet, a satellite or a mobile communication network and the like, and a plurality of gateways can be used in large-scale application.
In step S100, the plurality of different authenticated mobile terminals send the preset packet signal to the gateway control node, the gateway control node queries a monitoring center for an authentication code of the mobile terminal corresponding to the preset packet signal, and when the authentication code passes, the gateway control node forwards the preset packet signal to a distributed sensor matched with the authentication code.
In step S200, performing deep packet inspection on the feature signal through a plurality of different unauthenticated communication terminals to obtain a plurality of deep data packets, which specifically includes:
acquiring a communication protocol between the preset message signal and the mobile Adhoc network, and acquiring a feature code of the preset message signal based on the communication protocol;
and unpacking and analyzing the characteristic signals based on the characteristic codes to obtain a plurality of deep data packets.
In the step S300, the combining the preset packet signal and the multiple deep data packets specifically includes:
and forming a digital signature by hashing the preset message signal and the authentication code of the corresponding mobile terminal, and combining the digital signature into the deep data packet.
In the step S300, the sending to the mobile ad hoc network through the unauthenticated communication terminal specifically includes:
and sending the deep data packet combined with the digital signature to the gateway control node, extracting the digital signature from a monitoring center by the gateway control node, decoding and authenticating the digital signature to obtain an authentication code, and forwarding the deep data packet to a distributed sensor matched with the authentication code by the gateway control node.
On the basis of fig. 1-2, referring to fig. 3, a schematic diagram of training and testing a deep learning network model used in the method of fig. 2 is shown. The deep learning network model comprises a flow identification model based on machine learning, the flow identification model is composed of two stages of learning modules, the first learning module is a supervised learning module, and the second learning module is an unsupervised learning module. And in training, taking the output of the first learning module as the input of the second-stage learning module. And when the output result obtained after the output of the second-stage learning module is input into the first learning module is in a preset range, judging that the test requirement is met.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that various changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (8)
1. A distributed detection method of unknown network traffic, the detection method being applied to a mobile ad hoc network comprising a plurality of distributed sensors, characterized in that the detection method comprises the following steps:
s100: a plurality of distributed sensors in the mobile Adhoc network are each connected to a gateway control node; a plurality of different authenticated mobile terminals send preset message signals to the gateway control node, the gateway control node inquires an authentication code of the mobile terminal corresponding to the preset message signals from a monitoring center, and the gateway control node forwards the preset message signals to a distributed sensor matched with the authentication code;
receiving a characteristic signal fed back by the mobile Adhoc network;
s200: performing deep packet detection on the characteristic signal through a plurality of different communication terminals which are not authenticated to obtain a plurality of deep data packets;
s300: the preset message signal and an authentication code of a corresponding mobile terminal are subjected to hash transformation to form a digital signature, the digital signature is combined into the deep data packet, the deep data packet is sent to the mobile Adhoc network through the communication terminal which is not authenticated, and a response signal of the mobile Adhoc network is received;
s400: inputting the characteristic signal and the response signal as training signals into a deep learning network model for training;
s500: testing the trained deep learning network model by using preset message signals sent by the plurality of different unauthenticated communication terminals;
s600: and using a deep learning network model meeting the test requirements for the unknown network traffic identification and detection of the mobile ad hoc network.
2. The distributed detection method of unknown network traffic as in claim 1, wherein:
each distributed sensor in the mobile ad hoc network comprising a plurality of distributed sensors contains a unique authentication code.
3. The distributed detection method of unknown network traffic as in claim 1, wherein:
in step S200, performing deep packet inspection on the feature signal through a plurality of different unauthenticated communication terminals to obtain a plurality of deep data packets, which specifically includes:
acquiring a communication protocol between the preset message signal and the mobile Adhoc network, and acquiring a feature code of the preset message signal based on the communication protocol;
and unpacking and analyzing the characteristic signals based on the characteristic codes to obtain a plurality of deep data packets.
4. The distributed detection method of unknown network traffic as in claim 1, wherein:
in the step S300, the sending to the mobile ad hoc network through the unauthenticated communication terminal specifically includes:
and sending the deep data packet combined with the digital signature to the gateway control node, extracting the digital signature from a monitoring center by the gateway control node, decoding and authenticating the digital signature to obtain an authentication code, and forwarding the deep data packet to a distributed sensor matched with the authentication code by the gateway control node.
5. The distributed detection method of unknown network traffic as in claim 1, wherein:
in the step S400, the feature signal and the response signal are input into a deep learning network model as training signals for training, which specifically includes:
the deep learning network model comprises a flow identification model based on machine learning, the flow identification model is composed of two stages of learning modules, the first learning module is a supervised learning module, and the second learning module is an unsupervised learning module.
6. The method of distributed detection of unknown network traffic as in claim 5, wherein:
the output of the first learning module is used as the input of the second stage learning module.
7. The distributed detection method of unknown network traffic as in claim 5 or 6, wherein:
in S600, using a deep learning network model meeting the test requirements for the unknown network traffic identification and detection of the mobile ad hoc network, specifically including:
and when the output result obtained after the output of the second-stage learning module is input into the first learning module is in a preset range, judging that the test requirement is met.
8. A monitoring platform for connection to a mobile ad hoc network, the monitoring platform comprising a memory and a processor having stored thereon computer executable instruction code which is executable by the processor, the monitoring platform being operable to perform the distributed detection method of any one of claims 1 to 7 for detection of unknown network traffic in the mobile ad hoc network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010424526.8A CN111614659B (en) | 2020-05-19 | 2020-05-19 | Distributed detection method for unknown network flow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010424526.8A CN111614659B (en) | 2020-05-19 | 2020-05-19 | Distributed detection method for unknown network flow |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111614659A CN111614659A (en) | 2020-09-01 |
| CN111614659B true CN111614659B (en) | 2022-09-23 |
Family
ID=72202203
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010424526.8A Active CN111614659B (en) | 2020-05-19 | 2020-05-19 | Distributed detection method for unknown network flow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111614659B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112307987B (en) * | 2020-11-03 | 2021-06-29 | 泰山学院 | Method for identifying communication signal based on deep hybrid routing network |
| CN115396346B (en) * | 2022-08-30 | 2023-11-28 | 北京知道创宇信息技术股份有限公司 | Simulation pressure testing method, device, system and electronic equipment |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002318735A (en) * | 2001-04-23 | 2002-10-31 | Matsushita Electric Works Ltd | Method for monitoring abnormality in communication terminal of specified class on network, network managing system and network managing program |
| JP2007013386A (en) * | 2005-06-29 | 2007-01-18 | Hitachi Ltd | Communication terminal and communication control method for ad hoc network |
| CN101765109A (en) * | 2009-12-14 | 2010-06-30 | 浙江大学 | Program dynamic updating method for wireless sensor network capable of resisting compromised node attack |
| WO2011121713A1 (en) * | 2010-03-29 | 2011-10-06 | 富士通株式会社 | Node, transfer method, and transfer program |
| CN103731266A (en) * | 2012-10-12 | 2014-04-16 | 北京微智全景信息技术有限公司 | Method and system for authenticating electronic certificate |
| CN104935600A (en) * | 2015-06-19 | 2015-09-23 | 中国电子科技集团公司第五十四研究所 | Mobile ad hoc network intrusion detection method and device based on deep learning |
| CN107733921A (en) * | 2017-11-14 | 2018-02-23 | 深圳中兴网信科技有限公司 | Network flow abnormal detecting method, device, computer equipment and storage medium |
| CN107770592A (en) * | 2017-12-05 | 2018-03-06 | 清华大学 | Motion state of mobile terminal detection method in mobile video playing process |
| CN110311829A (en) * | 2019-05-24 | 2019-10-08 | 西安电子科技大学 | A kind of net flow assorted method accelerated based on machine learning |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10091218B2 (en) * | 2012-01-23 | 2018-10-02 | Hrl Laboratories, Llc | System and method to detect attacks on mobile wireless networks based on network controllability analysis |
| US10834586B2 (en) * | 2016-07-29 | 2020-11-10 | Amzetta Technologies, Llc | System and method for controlling heterogeneous internet of things (IoT) devices using single application |
-
2020
- 2020-05-19 CN CN202010424526.8A patent/CN111614659B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002318735A (en) * | 2001-04-23 | 2002-10-31 | Matsushita Electric Works Ltd | Method for monitoring abnormality in communication terminal of specified class on network, network managing system and network managing program |
| JP2007013386A (en) * | 2005-06-29 | 2007-01-18 | Hitachi Ltd | Communication terminal and communication control method for ad hoc network |
| CN101765109A (en) * | 2009-12-14 | 2010-06-30 | 浙江大学 | Program dynamic updating method for wireless sensor network capable of resisting compromised node attack |
| WO2011121713A1 (en) * | 2010-03-29 | 2011-10-06 | 富士通株式会社 | Node, transfer method, and transfer program |
| CN103731266A (en) * | 2012-10-12 | 2014-04-16 | 北京微智全景信息技术有限公司 | Method and system for authenticating electronic certificate |
| CN104935600A (en) * | 2015-06-19 | 2015-09-23 | 中国电子科技集团公司第五十四研究所 | Mobile ad hoc network intrusion detection method and device based on deep learning |
| CN107733921A (en) * | 2017-11-14 | 2018-02-23 | 深圳中兴网信科技有限公司 | Network flow abnormal detecting method, device, computer equipment and storage medium |
| CN107770592A (en) * | 2017-12-05 | 2018-03-06 | 清华大学 | Motion state of mobile terminal detection method in mobile video playing process |
| CN110311829A (en) * | 2019-05-24 | 2019-10-08 | 西安电子科技大学 | A kind of net flow assorted method accelerated based on machine learning |
Non-Patent Citations (3)
| Title |
|---|
| Ad hoc网络的入侵检测技术;代伟;《重庆大学学报(自然科学版)》;20060528(第05期);全文 * |
| 移动Ad Hoc网络联合路由入侵检测模型研究;杨清等;《计算机工程与应用》;20090501(第13期);全文 * |
| 软件定义网络中的异常流量检测研究进展;徐玉华等;《软件学报》;20191106(第01期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111614659A (en) | 2020-09-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112203282B (en) | 5G Internet of things intrusion detection method and system based on federal transfer learning | |
| Singh et al. | Machine-learning-assisted security and privacy provisioning for edge computing: A survey | |
| Agiollo et al. | DETONAR: Detection of routing attacks in RPL-based IoT | |
| Basnet et al. | Deep learning-based intrusion detection system for electric vehicle charging station | |
| CN111614659B (en) | Distributed detection method for unknown network flow | |
| JP2008306706A (en) | Method and apparatus for detecting anomaly in signaling flows | |
| CN113259943B (en) | Method and system for analyzing and blocking abnormal flow of power wireless private network | |
| CN111555988A (en) | Big data-based network asset mapping and discovering method and device | |
| Gholami et al. | Trusted decentralized federated learning | |
| CN111181930A (en) | DDoS attack detection method, device, computer equipment and storage medium | |
| CN114615066A (en) | Target path determination method and device | |
| Khan et al. | Long short-term memory neural networks for false information attack detection in software-defined in-vehicle network | |
| CN111641951A (en) | 5G network APT attack tracing method and system based on SA architecture | |
| Rahal et al. | AntibotV: A multilevel behaviour-based framework for botnets detection in vehicular networks | |
| CN114513518A (en) | Data processing method and system based on block chain | |
| CN112507265B (en) | Method and device for abnormality detection based on tree structure and related products | |
| CN116723058B (en) | Network attack detection and protection method and device | |
| Chakraborty et al. | RTT-based rogue UAV detection in Iov Networks | |
| CN116208416A (en) | Attack link mining method and system for industrial Internet | |
| CN115001790B (en) | Device fingerprint-based secondary authentication method and device and electronic device | |
| Ratnayake et al. | Identification of probe request attacks in WLANs using neural networks | |
| Nakahara et al. | Malware Detection for IoT Devices using Automatically Generated White List and Isolation Forest. | |
| CN114363879B (en) | Roaming processing method and system for wireless terminal | |
| CN115633359A (en) | PFCP session security detection method, device, electronic equipment and storage medium | |
| CN115333801A (en) | Method and system based on bidirectional message intrusion detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |