Industrial Internet of Things-oriented abnormal traffic grading detection method

Abstract

The invention provides an industrial Internet of Things oriented abnormal traffic grading detection method, which comprises two times of anomaly detection: detecting frequency anomaly of network traffic of the first stage; firstly, calculating a differential value of flow frequency, and smoothing; secondly, performing data fitting by adopting an exponential weighted moving average model to enable the data to accord with a statistical law, and performing deviation correction on the model to reduce an error generated by an initial value; and finally, providing a double-layer threshold interval method, and dividing the traffic into three types of traffic, namely steady-state traffic, suspicious traffic and dangerous traffic. Second-level flow attribute detection is carried out on suspicious flow found in first-level detection, a clustering optimization anomaly detection algorithm oriented to complex data attribute features is adopted, weighting distances and safety coefficients of data are classified according to priorities of the flow attribute features, data with the high safety coefficient is rapidly selected as a clustering center, and matching the multi-feature data around the center into a cluster, and finally using the cluster for attribute anomaly detection.

Description

technical field [0001] The invention belongs to the technical field of abnormal traffic detection, and in particular relates to a hierarchical detection method for abnormal traffic oriented to the industrial internet of things. Background technique [0002] The application of industrial Internet of Things technology in the field of industrial production is becoming more and more extensive. Through network interconnection, the information interaction between the control devices of each equipment layer on the master control terminal can be realized, and the management decision can be perfectly integrated with the assembly line production operation. A series of new challenges have come. Due to the increasing number and variety of ports connected to the network, the general control system, data input, and networking equipment in the Industrial Internet of Things are vulnerable to attacks, disrupting the normal operation of the network. It may even interrupt industrial production...

AI Technical Summary

Problems solved by technology

[0002] The application of industrial Internet of Things technology in the field of industrial production is becoming more and more extensive. Through network interconnection, the information interaction between the control devices of each equipment layer on the master control terminal can be realized, and the management decision can be perfectly integrated with the assembly line production operation. A series of new challenges have come. Due to the increasing number and variety of ports connected to the network, the general control system, data input, and networking equipment in the Industrial Internet of Things are vulnerable to attacks, disrupting the normal operation of the network. It may even interrupt industrial production and cause economic losses. Therefore, it is very necessary to study the anomaly detection of the traffic security of the Industrial Internet of Things.

[0003] The abnormalities in the Industrial Internet of Things are mainly traffic abnormalities. There are two reasons for traffic abnormalities. One is that network technology is always flawed and constantly upgraded. Vulnerabilities in protocols, management, and services will be exploited by attackers; The second is that the new technologies integrated in the Industrial Internet of Things do not have reliable and verified security protection measures, which brings potential security risks to the network.

Images