CN117318985A - SVM-based vehicle-mounted terminal intrusion detection test method - Google Patents
SVM-based vehicle-mounted terminal intrusion detection test method Download PDFInfo
- Publication number
- CN117318985A CN117318985A CN202311033019.1A CN202311033019A CN117318985A CN 117318985 A CN117318985 A CN 117318985A CN 202311033019 A CN202311033019 A CN 202311033019A CN 117318985 A CN117318985 A CN 117318985A
- Authority
- CN
- China
- Prior art keywords
- vehicle
- mounted terminal
- data
- svm
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 46
- 238000010998 test method Methods 0.000 title claims abstract description 9
- 238000000034 method Methods 0.000 claims abstract description 21
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 19
- 238000012549 training Methods 0.000 claims abstract description 11
- 238000012216 screening Methods 0.000 claims abstract description 9
- 238000004891 communication Methods 0.000 claims abstract description 6
- 238000012360 testing method Methods 0.000 claims description 13
- 230000002159 abnormal effect Effects 0.000 claims description 8
- 238000010606 normalization Methods 0.000 claims description 7
- 230000035515 penetration Effects 0.000 claims description 6
- 230000009467 reduction Effects 0.000 claims description 6
- 238000007635 classification algorithm Methods 0.000 claims description 5
- 238000012795 verification Methods 0.000 claims description 5
- 238000012545 processing Methods 0.000 claims description 4
- 230000008676 import Effects 0.000 claims description 2
- 238000007781 pre-processing Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000009193 crawling Effects 0.000 description 3
- 238000000513 principal component analysis Methods 0.000 description 3
- 241001397173 Kali <angiosperm> Species 0.000 description 2
- 101150064138 MAP1 gene Proteins 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000007418 data mining Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000011282 treatment Methods 0.000 description 2
- 241000156978 Erebia Species 0.000 description 1
- 230000016571 aggressive behavior Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000002790 cross-validation Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003786 synthesis reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02T—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
- Y02T10/00—Road transport of goods or passengers
- Y02T10/10—Internal combustion engine [ICE] based vehicles
- Y02T10/40—Engine management systems
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of vehicle-mounted terminals, in particular to a vehicle-mounted terminal intrusion detection test method based on SVM. The method comprises the following steps: s1: detecting a common data set according to the current network intrusion, and selecting a proper data set format; s2: analyzing the vulnerability of the network communication of the vehicle-mounted terminal, and constructing a network attack case set aiming at the vehicle-mounted terminal; s3: and screening data streams formed by network attack through Wi reshark, and analyzing through a Ci cf l owmeter by combining daily data. According to the SVM-based vehicle-mounted terminal intrusion detection test method, the network attack case aiming at the vehicle-mounted terminal is designed by analyzing the weakness of the vehicle-mounted terminal, meanwhile, the vehicle-mounted terminal intrusion detection data set based on the C I DS2017 is designed by the data set of the training model based on the vehicle-mounted terminal acquisition, and the data set is not overhead from the algorithm, but is attached to the reality of the vehicle-mounted terminal.
Description
Technical Field
The invention relates to the technical field of vehicle-mounted terminals, in particular to a vehicle-mounted terminal intrusion detection test method based on SVM.
Background
For intrusion detection of the vehicle-mounted terminal, the artificial intelligent algorithm is applied to the intrusion detection algorithm process in a large quantity, but because the artificial intelligent algorithm generally has higher requirements on an example, the artificial intelligent algorithm is limited to the algorithm theory level in the vehicle-mounted Ethernet intrusion detection field.
Therefore, we design a test method for intrusion detection of a vehicle-mounted terminal based on SVM, which is used for providing another technical scheme for the technical problems.
Disclosure of Invention
Based on this, it is necessary to provide a method for testing the intrusion detection of the vehicle-mounted terminal based on the SVM, so as to solve the technical problems set forth in the background art.
In order to solve the technical problems, the invention adopts the following technical scheme:
a vehicle-mounted terminal intrusion detection test method based on SVM comprises the following steps:
s1: detecting a common data set according to the current network intrusion, and selecting a proper data set format;
s2: analyzing the vulnerability of the network communication of the vehicle-mounted terminal, and constructing a network attack case set aiming at the vehicle-mounted terminal;
s3: screening a data stream formed by network attack through Wireshark, analyzing through a Cicflowmeter in combination with daily data to generate and create an intrusion detection data set in a CICIDS2017 format for SVM algorithm model training;
s4: importing an intrusion detection data set, carrying out normalization and data dimension reduction processing on the data set, training an SVM algorithm model, and outputting an SVM model with high recognition accuracy;
s5: and (3) using Kali-linux and burpesite to initiate attack on the vehicle-mounted terminal, and performing penetration test.
In the step S1, a data set format selects a CICIDS2017 data set.
In the step S2, a Kali-linux and a brusu are adopted to perform denial of service attack, man-in-the-middle attack, replay attack and information tampering attack on the vehicle terminal, so as to construct a network attack case set aiming at the vehicle terminal.
As a preferred implementation mode of the method for testing the intrusion detection of the vehicle-mounted terminal based on the SVM, the method for creating the intrusion detection data set in the CICIDS2017 format comprises the following steps:
grabbing the abnormal data stream according to the Wireshark, storing the abnormal data stream as a pcap file, and screening attack data;
an intrusion detection dataset is created.
As a preferred implementation mode of the method for testing the intrusion detection of the vehicle-mounted terminal based on the SVM, in the step S4, the SVM parameters are optimized by adopting a mode of combining grid search and cross verification.
In the step S5, the detection device crawls the data of the vehicle-mounted terminal in the form of an agent, stores the data as a pcap file, analyzes the pcap file in real time through a ciclovmeter to generate a CICIDS2017 data format to be tested, and imports the data to be tested through an SVM classification algorithm model to detect the attack applied to the vehicle-mounted terminal.
As a preferred implementation mode of the method for testing the intrusion detection of the vehicle-mounted terminal based on the SVM, in the step S5, various attacks are initiated to the vehicle-mounted terminal for penetration testing, and the steps are as follows:
and carrying out denial of service attack, man-in-the-middle attack, replay attack and information tampering attack on the vehicle-mounted terminal through Kali-linux and brussuite.
It can be clearly seen that the technical problems to be solved by the present application must be solved by the above-mentioned technical solutions of the present application.
Meanwhile, through the technical scheme, the invention has at least the following beneficial effects:
according to the SVM-based vehicle-mounted terminal intrusion detection test method, the network attack case aiming at the vehicle-mounted terminal is designed by analyzing the weakness of the vehicle-mounted terminal, meanwhile, the data set based on the vehicle-mounted terminal through the training model is collected, the CICIDS 2017-based vehicle-mounted terminal intrusion detection data set is designed, the data set is not overhead from the algorithm, is attached to the vehicle-mounted terminal actually, and the intrusion detection test of the vehicle-mounted terminal and the algorithm verification can be performed in real time through the data proxy.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of the present invention attack data screening;
FIG. 2 is a schematic diagram of a data preprocessing flow according to the present invention;
FIG. 3 is a schematic diagram of real-time intrusion detection according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
In order to make the person skilled in the art better understand the solution of the present invention, the technical solution of the embodiment of the present invention will be clearly and completely described below with reference to the accompanying drawings.
It should be noted that, under the condition of no conflict, the embodiments of the present invention and the features and technical solutions in the embodiments may be combined with each other.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
Referring to fig. 1-3, a method for testing intrusion detection of a vehicle-mounted terminal based on an SVM includes the following steps:
1. analyzing each data set according to the current network intrusion detection common data set and finally selecting CICIDS2017 as a data set format;
the data set format is selected as follows:
(1) KDCUP 99 dataset
The KDD99 data set is obtained by data mining and preprocessing the DARPA98 data set. However, KDD99 and DARPA98 do not correspond one-to-one, and WendeLee et al remove some of the duplicate data when processing the original connection data, for example, when performing a DoS attack, and generate a large number of identical connection records, only the connection records within 5 minutes of the attack are taken as the data set of the attack type. At the same time, normal (normal) data connections are also randomly extracted as normal data sets.
(2) UNSW-NB15 dataset
The original network data package of the UNSW-NB15 dataset was created by the IXIAPerfect Storm tool of the Kansara network target laboratory, university of New Navigator, for generating a mix of true modern normal activities and synthetic contemporary aggression. the tcpdump tool is used to capture 100GB of raw traffic (e.g., pcap files). The dataset has nine types of attacks, fuzzers, analysis, backdoors, doS, exploits, generic, reconnaissance, shellcode and world. 12 algorithms were used and developed to generate a total of 49 features with class labels using the Argus, bro-IDS tool.
(3) CICIDS2017 data set
Canadian communication Security Authority (CSE) and the network Security institute (CIC) cooperate and publish intrusion detection data sets CIC-IDS-2017.CIC-IDS-2017 extracts 80 more network flow features using CICFlowMeter. Which contains 6 basic features and 70 more functional features. To simulate the data-extreme imbalance of a real network environment dataset, while the CICIDS2017 constructs 25 abstract user behaviors based on HTTP, HTTPS, FTP, SSH, the mail protocol. Attacks include BruteForceFTP, bruteForceSSH, doS, heartbleed, webAttack, information, botnet and DDos 8.
The network environment simulated by the KDD data set is different from the current network environment due to the long age, the data dimension of the KDD data set is only 42 dimensions, the network attack behavior is 6, and the KDD data set is not suitable for the vehicle-mounted Ethernet intrusion detection basic data set. The UNSW-NB15 data set has the characteristic dimension far less than CICIDS2017, the data set is published for 2015, the authority is not better than that of a KDD data set, and the data dimension and the data age are not as good as that of the CICIDS2017. The CICIDS2017 dataset is selected as the reference data resolution format under synthesis.
2. Analyzing the vulnerability of the network communication of the vehicle-mounted terminal, adopting Kali-linux and brussuite to carry out denial-of-service attack, man-in-the-middle attack, replay attack and information tampering attack on the vehicle-mounted terminal, and constructing a network attack case set aiming at the vehicle-mounted terminal;
the method comprises the following steps of:
denial of service attacks. Flooding attack is carried out by adopting the Kali-linux system hping, and the Kali command line interface is input with hping3-q-n-n-a 1.1.1-S33-keep-p 445-flood192.168.143.36 (grammar here: the 445 port of 192.168.143.36 is disguised as being attacked by IP address 1.1.1.1), so that the simulated flooding attack is started, namely, large-flow useless data is sent, network blocking to an attacked host is caused, service resources of the attacked host are exhausted, and the attacked host cannot normally communicate with the outside;
man-in-the-middle attacks. ARP spoofing can be implemented to block communication between the target host and the gateway, opening Kali command line terminal input: echo0> >/proc/sys/net/ipv4/ip_forward (for method 0 control, specify an IP address)
arpspoof-ieth0-t192.168.209.89192.168.209.89 (opening ARP attack configuration target IP address native gateway for attack);
replay attacks. The replay attack is carried out by selecting brusu, using a Switchomega expansion plug-in to carry out data proxy on the vehicle-mounted terminal, then carrying out packet capturing on the data through the brusu, and replaying through a repeater of the brusu;
and (5) information tampering attack. The Brusu is used for capturing packets of the vehicle-mounted terminal in a proxy mode, data needing to be tampered is released, the data needing to be tampered is modified in the Brusu, and then the data needing to be tampered is released.
3. Screening data streams formed by network attack through Wireshark, analyzing the two data through a Cicflowmeter by combining daily data, generating and creating an intrusion detection data set in a CICIDS2017 format for training an SVM algorithm model;
the intrusion detection data set in CICIDS2017 format is created as follows:
and (5) data screening is attacked. The flow of attack data screening is shown in fig. 1. Grabbing the abnormal data stream according to the characteristics of Wireshark, storing the abnormal data stream as a pcap file, and analyzing the abnormal data in a CICIDS2017 characteristic format by using CICFLOWMETER;
an intrusion detection dataset is created. And giving a label to each piece of data in the excel file formed by analyzing the attack data, wherein: 1=denial of service attack, 2=man-in-the-middle attack, 3=replay attack, 4=information tampering attack, and the network data generated by a large amount of daily use is analyzed into the CICIDS2017 format, and the label is assigned to 0. I.e. 0 is normal data and the other numbers are abnormal data.
4. Importing an intrusion detection data set, carrying out normalization, data dimension reduction and other treatments on the data set, optimizing SVM parameters by adopting a grid search and cross verification combined mode, training an SVM algorithm model, and outputting an SVM model with high recognition accuracy;
training and outputting an SVM algorithm model with high recognition accuracy, wherein the method comprises the following steps of:
and (5) preprocessing data.
And (5) normalization treatment. The normalization process is a basic work of data mining, different evaluation indexes often have different dimensions and dimension units, the situation can influence the result of data analysis, and in order to eliminate the dimension influence among indexes, the data normalization process is needed to solve the comparability among the data indexes. After the original data is subjected to data standardization processing, all indexes are in the same order of magnitude, and the method is suitable for comprehensive comparison and evaluation.
Standardized by Min-max (Min-Max Normalization)
Conversion function: (X-Min)/(Max-Min), if it is desired to map data to-1, the formula is changed to: (X-Mean)/(Max-Min); the mapping meaning here is: scaling the numerical feature to an interval, such as (0, 1), with a maximum feature value of 5 and a minimum value of 0, then after scaling, 5 maps to 1;
wherein max is the maximum value of the sample data; min is the minimum value of the sample data; x_mean represents the mean of the data.
And (5) reducing the dimension of the data. Principal Component Analysis (PCA) is the most popular dimension-reduction algorithm that reduces feature dimensions by mapping data from high dimensions to low dimensions, while retaining as much information as possible. The essence of PCA dimension reduction is that the relative position of data in space is ensured to be unchanged as much as possible, and the data is depicted by changing a coordinate system capable of expressing more data information in certain dimensions through rotating the coordinate system.
Data standardization and dimension reduction source codes in Matlab environment are shown below. Normalizing each label to be between 0 and 1, then carrying out pca data dimension reduction on the normalized data, and extracting the characteristics with the contribution value higher than 0.9. The data preprocessing flow is shown in fig. 2.
The contribution value is calculated by a pca function provided by matlab in a red code segment, the contribution is the principal component variance returned by the pca function, cumsum is calculated, and sum is the sum
map1=mapminmax(data',0,1);
map=map1';
feature=map;
[coeff,score,latent,tsquared,explained,mu]=pca(feature);
a=cumsum(latent)/sum(latent);
idx=find(a>0.9);
k=idx(1);
Feature=score(:,1:k);
data_out=Feature;
Training and deriving an SVM classification algorithm model. And loading an intrusion detection data set by adopting a LibSVM toolbox under a matlab platform, searching the optimal parameter values through grid search and cross verification, searching the optimal values of c and g of the LibSVM, outputting an algorithm model with high classification precision, and storing the algorithm model as a matfile.
The grid search combined with cross-validation finds the best parameter value source code as follows:
the principle is that each combination of parameters c and g is generated in an exhaustive way in a certain range, the combination is brought into training, if the current combination of parameters c and g is higher than all previous combinations of parameters, the optimal combination of parameters c and g is updated into the current combination of parameters c and g, and the process is repeated until all combinations of parameters in the range are tested, and finally the optimal combination of parameters c and g is output.
5. And using Kali-linux and burpesiite to launch various attacks on the vehicle-mounted terminal, performing penetration test, crawling data of the vehicle-mounted terminal by using detection equipment in a proxy form, storing the data as a pcap file, analyzing the pcap file in real time by using the detection equipment through a Cicflowmeter to generate a CICIDS2017 data format to be tested, importing the data to be tested by using the detection equipment through an SVM classification algorithm model output by the content 3, and detecting the attack of the content 4 applied to the vehicle-mounted terminal.
And (3) launching various attacks on the vehicle-mounted terminal, and performing penetration test, wherein the steps are as follows:
the real-time intrusion detection experiment is shown in fig. 3. Carrying out denial of service attack, man-in-the-middle attack, replay attack and information tampering attack on the vehicle-mounted terminal through Kali-linux and brussuite, and constructing network attack aiming at the vehicle-mounted terminal; the detection equipment performs data crawling on the vehicle-mounted terminal in an agent mode, analyzes the data crawling into a CICIDS2017 format, detects the data through the trained Libsvm classification algorithm model, detects network attack and outputs information such as attack types, IP addresses, ports and the like.
The preferred embodiments of the invention disclosed above are intended only to assist in the explanation of the invention. The preferred embodiments are not exhaustive or to limit the invention to the precise form disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best understand and utilize the invention. The invention is limited only by the claims and the full scope and equivalents thereof.
Claims (7)
1. A vehicle-mounted terminal intrusion detection test method based on SVM is characterized by comprising the following steps:
s1: detecting a common data set according to the current network intrusion, and selecting a proper data set format;
s2: analyzing the vulnerability of the network communication of the vehicle-mounted terminal, and constructing a network attack case set aiming at the vehicle-mounted terminal;
s3: screening a data stream formed by network attack through Wireshark, analyzing through a Cicflowmeter in combination with daily data to generate and create an intrusion detection data set in a CICIDS2017 format for SVM algorithm model training;
s4: importing an intrusion detection data set, carrying out normalization and data dimension reduction processing on the data set, training an SVM algorithm model, and outputting an SVM model with high recognition accuracy;
s5: and (3) using Kali-linux and burpesite to initiate attack on the vehicle-mounted terminal, and performing penetration test.
2. The method for detecting intrusion of an SVM-based vehicle terminal according to claim 1, wherein in the step S1, the data set format selects a CICIDS2017 data set.
3. The method for detecting the intrusion of the vehicle-mounted terminal based on the SVM according to claim 1, wherein in the step S2, kali-linux and brussuite are adopted to carry out denial of service attack, man-in-the-middle attack, replay attack and information tampering attack on the vehicle-mounted terminal, so as to construct a network attack case set aiming at the vehicle-mounted terminal.
4. A method for testing intrusion detection of a vehicle-mounted terminal based on SVM as claimed in claim 3, wherein said creating an intrusion detection data set in CICIDS2017 format comprises the steps of:
grabbing the abnormal data stream according to the Wireshark, storing the abnormal data stream as a pcap file, and screening attack data;
an intrusion detection dataset is created.
5. The method for detecting the intrusion of the vehicle-mounted terminal based on the SVM according to claim 1, wherein in the step S4, the SVM parameters are optimized by adopting a grid search and cross verification mode.
6. The method for detecting intrusion of an SVM-based vehicle-mounted terminal according to claim 1, wherein in the step S5, the detection device crawls data of the vehicle-mounted terminal in a proxy form, stores the data as a pcap file, the detection device parses the pcap file in real time through a ciclopmeter to generate a CICIDS2017 data format to be tested, and imports the data to be tested through an SVM classification algorithm model to detect attacks applied to the vehicle-mounted terminal.
7. The method for detecting the intrusion of the vehicle-mounted terminal based on the SVM according to claim 1, wherein in the step S5, various attacks are initiated to the vehicle-mounted terminal for penetration test, and the steps are as follows:
and carrying out denial of service attack, man-in-the-middle attack, replay attack and information tampering attack on the vehicle-mounted terminal through Kali-linux and brussuite.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311033019.1A CN117318985A (en) | 2023-08-16 | 2023-08-16 | SVM-based vehicle-mounted terminal intrusion detection test method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311033019.1A CN117318985A (en) | 2023-08-16 | 2023-08-16 | SVM-based vehicle-mounted terminal intrusion detection test method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117318985A true CN117318985A (en) | 2023-12-29 |
Family
ID=89241499
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311033019.1A Pending CN117318985A (en) | 2023-08-16 | 2023-08-16 | SVM-based vehicle-mounted terminal intrusion detection test method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117318985A (en) |
-
2023
- 2023-08-16 CN CN202311033019.1A patent/CN117318985A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gao et al. | Omni SCADA intrusion detection using deep learning algorithms | |
| CN109600363B (en) | Internet of things terminal network portrait and abnormal network access behavior detection method | |
| CN109450842B (en) | Network malicious behavior recognition method based on neural network | |
| CN109450721B (en) | Network abnormal behavior identification method based on deep neural network | |
| US8065722B2 (en) | Semantically-aware network intrusion signature generator | |
| CN109117634B (en) | Malicious software detection method and system based on network traffic multi-view fusion | |
| CN107360145B (en) | Multi-node honeypot system and data analysis method thereof | |
| CN112738015A (en) | Multi-step attack detection method based on interpretable convolutional neural network CNN and graph detection | |
| US8903749B2 (en) | Method of identifying a protocol giving rise to a data flow | |
| CN112202759B (en) | APT attack identification and attribution method, system and storage medium based on homology analysis | |
| Khan et al. | A hybrid technique to detect botnets, based on P2P traffic similarity | |
| CN114629718A (en) | Hidden malicious behavior detection method based on multi-model fusion | |
| CN113821793A (en) | Multi-stage attack scene construction method and system based on graph convolution neural network | |
| CN116318924A (en) | Small sample intrusion detection method, system, medium, equipment and terminal | |
| Mubarak et al. | Industrial datasets with ICS testbed and attack detection using machine learning techniques | |
| CN112822223A (en) | DNS hidden tunnel event automatic detection method and device and electronic equipment | |
| CN116915450A (en) | Topology pruning optimization method based on multi-step network attack recognition and scene reconstruction | |
| Khan et al. | Lightweight testbed for cybersecurity experiments in scada-based systems | |
| CN117318985A (en) | SVM-based vehicle-mounted terminal intrusion detection test method | |
| Ariffin et al. | IoT attacks and mitigation plan: A preliminary study with Machine Learning Algorithms | |
| CN114362972B (en) | Botnet hybrid detection method and system based on flow abstract and graph sampling | |
| Sangher et al. | A systematic review–intrusion detection algorithms optimisation for network forensic analysis and investigation | |
| Yang et al. | IoT botnet detection with feature reconstruction and interval optimization | |
| Arifin et al. | Oversampling and undersampling for intrusion detection system in the supervisory control and data acquisition IEC 60870‐5‐104 | |
| Lee et al. | Automatically generating payload-based models for botnet detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |