Industrial internet intrusion detection method based on support vector machine and implementation system

An industrial Internet and support vector machine technology, applied in the complete field of intrusion detection network, can solve the problem of lack of research on the extraction of input data features of intrusion detection models, and achieve the effect of wide application prospects and improved detection efficiency.

Active Publication Date: 2021-07-09
HARBIN INST OF TECH AT WEIHAI +1
View PDF7 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0036]At present, the main goal of industrial network intrusion detection using SVM is to detect and classify abnormal attack behaviors. Related research mainly focuses on SVM model kernel function selection and parameter optimization and algorithm structure, there is a lack of research on the extraction of input data features of intrusion detection models

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Industrial internet intrusion detection method based on support vector machine and implementation system
  • Industrial internet intrusion detection method based on support vector machine and implementation system
  • Industrial internet intrusion detection method based on support vector machine and implementation system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0093] A support vector machine-based industrial Internet intrusion detection method, such as figure 1 shown, including:

[0094] (1) Obtain abnormal communication traffic data of dnsflood attack; the specific process is:

[0095] a. Collection of network characteristics: monitor each session between hosts, and capture UDP-based packets in the session;

[0096] Detection of b.dnsflood attack: based on the message collected based on the UDP protocol in step a, the detection of dnsflood attack is carried out;

[0097] In step b, the detection of the dnsflood attack, the specific steps include:

[0098] b-1. For each established session, set a time stamp starting from the first data packet sent, and include all data packets sent after the time stamp into this period of time, and count the packets sent within this period of time Times; when the user stops sending data packets for more than the set time, the current timestamp will be turned off;

[0099] If the user sends the d...

Embodiment 2

[0133] The implementation system of the industrial Internet intrusion detection method based on the support vector machine provided by embodiment 1 includes:

[0134] Abnormal communication flow data extraction module, used to obtain abnormal communication flow data of dnsflood attack;

[0135] Feature data extraction and construction of feature quantity module, used to extract feature data and construct feature quantity;

[0136] The SVM intrusion detection model detection module is used to train the SVM intrusion detection model detection, and use the trained SVM intrusion detection model detection to perform intrusion detection on the characteristic data extraction and the feature vector input by the construction feature quantity module, and perform intrusion detection on the detected suspicious traffic. captured and processed.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an industrial internet intrusion detection method based on a support vector machine and an implementation system. The intrusion detection method comprises the following steps: (1) acquiring abnormal communication flow data of a dnsflood attack; (2) for the abnormal communication flow data obtained in the step (1), extracting feature data and constructing a feature quantity; (3) inputting the feature quantity constructed in the step (2) into an SVM intrusion detection model for training to obtain the SVM intrusion detection model for detecting dnsflood attack; (4) extracting feature data of communication flow data to be detected, constructing a feature quantity, inputting the feature quantity into the trained SVM intrusion detection model for intrusion detection, capturing detected suspicious flow, recording a log, and processing the log. According to the method, the data features capable of reflecting the difference between the normal behavior and the abnormal behavior can be extracted, and the detection efficiency of the abnormal attack behavior is improved.

Description

technical field [0001] The invention relates to a support vector machine-based industrial Internet intrusion detection method and an implementation system, belonging to the complete field of intrusion detection networks. Background technique [0002] Industrial control systems are widely used in electric power, energy, transportation, petroleum and petrochemical and other industrial fields. Most industrial production needs to rely on industrial control systems to realize automatic operation to ensure efficient, reliable and stable operation of industrial production systems. Traditional industrial control systems based on physical isolation do not communicate with the outside world, which can effectively avoid attacks from the network. With the development of information technology and functional requirements of industrial control systems, industrial control systems have developed into networked systems, and are interconnected with enterprise networks and the Internet to form...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24H04L29/12G06F16/953G06K9/62
CPCH04L63/1425H04L63/1416H04L41/145G06F16/953H04L61/4511G06F18/2411
Inventor 萧景东李斌王佰玲魏玉良辛国栋
Owner HARBIN INST OF TECH AT WEIHAI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap