CN112910859B - Internet of things equipment monitoring and early warning method based on C5.0 decision tree and time sequence analysis - Google Patents
Internet of things equipment monitoring and early warning method based on C5.0 decision tree and time sequence analysis Download PDFInfo
- Publication number
- CN112910859B CN112910859B CN202110066683.0A CN202110066683A CN112910859B CN 112910859 B CN112910859 B CN 112910859B CN 202110066683 A CN202110066683 A CN 202110066683A CN 112910859 B CN112910859 B CN 112910859B
- Authority
- CN
- China
- Prior art keywords
- data
- internet
- decision tree
- early warning
- things equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003066 decision tree Methods 0.000 title claims abstract description 37
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000012544 monitoring process Methods 0.000 title claims abstract description 29
- 238000012300 Sequence Analysis Methods 0.000 title claims abstract description 13
- 238000005516 engineering process Methods 0.000 claims abstract description 16
- 238000012549 training Methods 0.000 claims description 20
- 230000002159 abnormal effect Effects 0.000 claims description 19
- 238000012360 testing method Methods 0.000 claims description 19
- 238000013138 pruning Methods 0.000 claims description 10
- 238000007781 pre-processing Methods 0.000 claims description 9
- 238000004140 cleaning Methods 0.000 claims description 7
- 238000013527 convolutional neural network Methods 0.000 claims description 7
- 238000001514 detection method Methods 0.000 claims description 7
- 230000015654 memory Effects 0.000 claims description 6
- 238000010606 normalization Methods 0.000 claims description 5
- 238000012545 processing Methods 0.000 claims description 5
- 238000013480 data collection Methods 0.000 claims description 4
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 238000001914 filtration Methods 0.000 claims description 3
- 238000005457 optimization Methods 0.000 claims description 3
- 230000005856 abnormality Effects 0.000 claims description 2
- 238000004458 analytical method Methods 0.000 abstract description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000006403 short-term memory Effects 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000008034 disappearance Effects 0.000 description 1
- 238000004880 explosion Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000007787 long-term memory Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000000306 recurrent effect Effects 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/10—Pre-processing; Data cleansing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/243—Classification techniques relating to the number of classes
- G06F18/24323—Tree-organised classifiers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
- G06N20/20—Ensemble learning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/049—Temporal neural networks, e.g. delay elements, oscillating neurons or pulsed inputs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Artificial Intelligence (AREA)
- Computing Systems (AREA)
- Evolutionary Computation (AREA)
- General Physics & Mathematics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Biology (AREA)
- Software Systems (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Mathematical Physics (AREA)
- Computer Hardware Design (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Molecular Biology (AREA)
- Medical Informatics (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to an Internet of things equipment monitoring and early warning method, in particular to an Internet of things equipment monitoring and early warning method based on a C5.0 decision tree and time sequence analysis. The method is characterized by classifying the characteristics of data based on a C5.0 algorithm, predicting the time sequence by using a CNN-LSTM mixed model, and matching the Internet of things equipment and the data based on a white list technology. According to the invention, a decision tree C5.0 algorithm and a time sequence prediction technology CNN-LSTM combined model are respectively cited as an information classification module and a data prediction module of the system, a host in a monitoring range is monitored through analysis of historical data, accurate analysis and monitoring prediction on unknown attacks are realized, and once a great attacked risk and a potential leak of the equipment are found, the system can give out early warning, so that the classification and prediction precision and practicability of the system are greatly improved, and meanwhile, the problem of real-time monitoring in the flow monitoring field is solved.
Description
Technical Field
The invention relates to an Internet of things equipment monitoring and early warning method, in particular to an Internet of things equipment monitoring and early warning method based on a C5.0 decision tree and time sequence analysis.
Background
Abnormal traffic and vulnerability attack monitoring play a vital role in today's internet of things (IoT) applications. Particularly, under the promotion of rapid development of technologies such as big data, artificial intelligence, information communication and the like, the scale of the internet of things is rapidly increased, the technology of the internet of things and related applications are continuously innovated and broken through, and the number of devices is increased. With the large-scale application of the Internet of things, an attacker can take advantage of the Internet of things. The attacker accesses the leaked equipment into the target network to be latent and can launch the attack at any time. The internet of things architecture has the characteristics of itself, and once the internet of things architecture is attacked, network paralysis can be caused, so that countries and individuals can be greatly threatened and lost. The existing solution generally performs feature extraction and classification on the flow based on machine learning, and has the defects that a large amount of manual operation is required in the classification process, and the adaptability is poor; and aiming at unknown attacks and bugs, early warning cannot be given in time only by means of a flow monitoring system, and the detection system lacks real-time performance. Therefore, it is very necessary to improve the monitoring and early warning efficiency of the internet of things equipment.
Disclosure of Invention
The invention provides an Internet of things equipment monitoring and early warning method based on a C5.0 decision tree and time sequence analysis, aiming at solving the problems that the existing flow monitoring and early warning method is not strong in adaptivity, not high in real-time performance and incapable of monitoring and predicting unknown flow in time.
The invention is realized by adopting the following technical scheme: the Internet of things equipment monitoring and early warning method based on the C5.0 decision tree and the time sequence analysis comprises the following steps:
the first step is as follows: data collection and preprocessing: collecting flow data of the Internet of things equipment to obtain a data set S, wherein part of data in the data set S is used as a training set to train a C5.0 decision tree, and the rest data is used as a test set;
the second step is that: classifying the data of the tested set by using a C5.0 decision tree algorithm: inputting the training set into the established C5.0 decision tree model for training and learning to obtain selection characteristics, performing classification prediction on the test set by using the selection characteristics as classification rules, thereby achieving classification and identification processing of the test set data, finally outputting abnormal data as a new data set H, and converting the data set H into time sequence information;
the third step: converting time series information into a GAF graph, taking the GAF graph as a data feature of abnormal data, training by using a convolutional neural network to obtain a detection key feature, combining a selection feature in the training process of a decision tree with the key feature generated based on the convolutional neural network to form a new feature set, inputting the new feature set into a long-short term memory network model, predicting the data trend in a data set H by using the long-short term memory network, and finally obtaining the data abnormal trend of the data set H, wherein the abnormal trend represents the probability that the data is possibly abnormal, attacked or has potential loopholes in the future;
the fourth step: matching the data set H data and the equipment based on the white list: carrying out secondary filtration on the data set H through a white list technology, comparing data with data in a white list, wherein the probability of the data set H possibly having abnormality, attack or potential loophole exceeds a certain value, extracting data coincident with the white list, reducing an early warning retrieval range, and obtaining final early warning data; and then, matching the early warning data with the Internet of things equipment, identifying the type of the abnormal Internet of things equipment, and realizing the conversion of the prediction result from the data to the equipment. Through detection, the Internet of things equipment which is vulnerable and has potential vulnerabilities is determined and early-warned, so that a user can obtain the state information of the Internet of things equipment in advance
The Internet of things equipment monitoring and early warning system and the identification method based on C5.0 and time sequence analysis comprise the following steps:
preprocessing the data in the test set, and classifying the data by using a trained decision tree; the data preprocessing process comprises data identification, data cleaning and data standardization.
(1) Data identification: the attribute A of each data in the data set S has n values, wherein one attribute value is an attack type, and the data identification is to identify the data according to the attack type;
(2) data cleaning: checking, repairing or eliminating the data which do not meet the standard in the data set S;
(3) data normalization: including centering and normalization, i.e., removing the unit limitation of the data by shifting and scaling the differences that exist between the features.
The test set data is preprocessed and then classified, so that the classification precision can be improved.
The Internet of things equipment monitoring and early warning system and the identification method based on C5.0 and time sequence analysis are used for optimizing data on the basis of classifying test set data, and the Boosting technology and the pruning technology are utilized, so that the classification precision can be effectively improved, and the purposes of model data pruning and optimization are achieved.
The invention provides an Internet of things equipment monitoring and early warning system and an identification method based on C5.0 and time sequence analysis. According to the current situation of network security, a Device Hive Internet of things virtual platform is used for collecting flow data of Internet of things equipment, and a decision tree C5.0 and a time sequence prediction model are respectively quoted as an information classification module and a data prediction module of the system, so that the monitoring precision is greatly improved, the problem of real-time monitoring on unknown attacks in the flow monitoring field is effectively solved, and the practicability and the real-time performance are improved.
Drawings
FIG. 1 is a flow chart of the present invention.
FIG. 2 is a schematic diagram of the operation principle of the CNN-LSTM combined model.
Detailed Description
The Internet of things equipment monitoring and early warning method based on the C5.0 decision tree and time sequence analysis comprises the steps of carrying out feature classification by taking the decision tree C5.0 as a training model, inputting data after analysis and processing for classification training, improving model accuracy by adopting methods such as Boosting and pruning and the like, reducing overfitting, improving precision indexes, and constructing a time sequence model to analyze classification results to obtain accurate prediction values. Compared with the traditional Internet of things equipment identification monitoring method, the method provided by the invention optimizes the processing of data repetition and redundancy, improves the accuracy and stability, and meanwhile, the system
And a time sequence technology is added to predict abnormal flow, so that flow monitoring and early warning are more timely, and unnecessary loss caused by malicious attack can be avoided.
The first step is as follows: data collection and preprocessing: data collection is carried out through a Device Hive Internet of things virtual platform, and forty three kinds of Internet of things equipment such as an intelligent temperature management system and household appliances are added into the Device Hive Internet of things virtual platform. In order to enable all tested devices to generate enough data, the devices are activated by initialization setting, meanwhile, the devices are connected to WiFi or Ethernet by means of application software provided by a supplier, at the moment, the certificates are synchronously transmitted to a user network, and the devices are forcibly restored to factory settings through a series of operations, so that repeated testing of the device data is facilitated.
70 percent of data set S collected by the Device Hive Internet of things virtual platform is randomly extracted to be used as a training set, and the rest 30 percent is subjected to data preprocessing to obtain a test set. The data preprocessing process comprises data identification, data cleaning and data standardization.
(1) And (5) data identification. The attribute A of each data in the data set S has n values { a }1,a2,...,anAnd one attribute value is an attack type, and the data identification is used for identifying the data according to the attack type.
(2) And (6) data cleaning. Data (such as error data, missing data, redundant data, meaningless features and the like) which do not meet the specification in the data set S are checked, repaired or eliminated.
(3) And (4) standardizing the data. Including centering and normalization, i.e., removing the unit limitation of the data by shifting and scaling the differences that exist between the features.
And (3) carrying out data standardization on the data in the data set S after data cleaning, centralizing the data according to a mean value x, and zooming according to a standard deviation delta to finally obtain normal distribution with a value range between [0 and 1 ].
The second step is that: and classifying the preprocessed test set data in a system classification detection module by using a C5.0 decision tree algorithm.
And inputting the training set into the established C5.0 decision tree model for training and learning to obtain selection features, and performing classification prediction on the test set by using the selection features as classification rules, thereby achieving classification and identification processing of the data of the test set. In the process of training a decision tree model, information gain rate is used as a basis for judging nodes of the decision tree, the decision tree is generated by taking the information gain rate as measurement, the characteristics of test set data are distinguished, test set abnormal data which really carry malicious attacks and vulnerabilities are identified, data are optimized on the basis of classification, an initial weight value is given to each sample by using a Boosting technology and a pruning technology, a new decision tree model is established by selecting the sample, the larger the weight is, the direct proportion is realized to the selected probability, and according to the rule, repeated iteration is continuously carried out on wrong samples until the classification error is smaller than a specified threshold value.
Gain (S, a), i.e. the information Gain for attribute a, represents the degree to which the information is free of random uncertainty under a condition, and the information Gain obtained by dividing the data set S by attribute a. Sa iRepresented in the data set S, the attribute A takes the valuea iThe obtained sample set subset is taken as the attribute Aa iThe larger the number is, the feature inherent value SpliInformation (S)a iThe larger A), the larger
The information gain rate calculation method comprises the following steps:
the generation of the decision tree is a process of recursively invoking feature selection, starting from a root node, selecting the optimal feature as a node feature by using the information gain rate, establishing child nodes according to different values of the feature, then invoking the above method for the child nodes until the information gain rates of all the features are very small or no feature can be selected, and finally obtaining the decision tree model.
A pruning method is used in the C5.0 decision tree model to improve the accuracy of the model, and pruning is used as a regularization technology, so that the model is close to the optimal structure through calculation, overfitting is prevented, and the accuracy index is improved.
Based on a data set S and an information gain rate thereof, a decision tree T is established, wherein T is a leaf node, and the number of the leaf nodes is | T |, Pt、HtAnd respectively, the attributes of the T-th node on the decision tree, wherein alpha can be used as a parameter for adjusting the size of the tree and the balance between the fit of the tree and the data, alpha | T | is the complexity of the tree, and pruning is used for calculating the model loss value.
Then the loss function can be defined as:
feature distinguishing is carried out through a decision tree C5.0 model, meanwhile, the accuracy of the model is improved through a pruning method, the problem of decision tree overfitting is solved, the accuracy index is improved, finally, abnormal data are output to serve as a new data set H, the data set H is converted into time sequence information, and the time sequence information is displayed in an Excel table mode and used for a subsequent time sequence prediction model.
The third step: a prediction model is built based on the characteristic time sequence, time sequence information is converted into a GAF graph in a prediction module of the system by using a visualization technology and is used as a data characteristic of abnormal data, a one-dimensional Convolutional Neural Network (CNN) is used for training to obtain a detection key characteristic, a selection characteristic in the training process of a decision tree and a key characteristic generated based on the convolutional neural network are combined to form a new characteristic set, the new characteristic set is input into a long-short term memory network (LSTM) model, the data trend in a data set H is predicted by the long-short term memory network (LSTM), and finally the data abnormal trend of the data set H is obtained.
Because it is difficult to build a prediction model by adding deep learning to a time sequence, time sequence information is converted into a two-dimensional image GAF through a python library. Gramian Angular Field (GAF) works on the principle that a one-dimensional time sequence is converted into a polar coordinate system in a Cartesian coordinate system, and then a GAF matrix is generated through a trigonometric function.
The LSTM (Long Short-Term Memory) is a Long and Short Term Memory network, belongs to a type of a time Recurrent Neural Network (RNN), and can just solve a series of problems of gradient disappearance, gradient explosion and the like which can occur in the Long sequence training process of the RNN by training data characteristics.
The fourth step: matching the data set H data and the equipment based on the white list: carrying out secondary filtration on the data set H through a white list technology, comparing data with the data in the white list, wherein the probability of the data set H possibly having abnormity, attack or potential bugs exceeds sixty percent, extracting data coincident with the white list, reducing the early warning retrieval range, and obtaining final early warning data; and then, matching the early warning data with the Internet of things equipment, identifying the type of the abnormal Internet of things equipment, and realizing the conversion of the prediction result from the data to the equipment. And after detection, determining the Internet of things equipment which is vulnerable and has potential vulnerabilities and early warning the Internet of things equipment, so that the user can obtain the state information of the Internet of things equipment in advance.
Selecting NSL-KDD, ADFA IDS Data, Masquerading User Data and DARPA1998, comparing the classified normal Data in the four Data sets, extracting the overlapped Data to ensure the Data accuracy, and using the overlapped Data as a white list database.
Claims (3)
1. The Internet of things equipment monitoring and early warning method based on the C5.0 decision tree and the time sequence analysis is characterized by comprising the following steps: the method comprises the following steps:
the first step is as follows: data collection and preprocessing: collecting flow data of the Internet of things equipment to obtain a data set S, wherein a part of data in the data set S is used as a training set to train a C5.0 decision tree, and the rest data is used as a test set;
the second step is that: classifying the test set data by using a C5.0 decision tree algorithm: inputting the training set into the established C5.0 decision tree model for training and learning to obtain selection characteristics, performing classification prediction on the test set by using the selection characteristics as classification rules, thereby achieving classification and identification processing of the test set data, finally outputting abnormal data as a new data set H, and converting the data set H into time sequence information;
the third step: converting time sequence information into a GAF (generalized open form factor) graph, taking the GAF graph as a data feature of abnormal data, training by using a convolutional neural network to obtain a detection key feature, combining a selection feature in the training process of a decision tree with the key feature generated based on the convolutional neural network to form a new feature set, inputting the new feature set into a long-short term memory network model, predicting the data trend in the data set H by using the long-short term memory network, and finally obtaining the data abnormal trend of the data set H, wherein the abnormal trend represents the probability that the data is possibly abnormal, attacked or has potential bugs in the future;
the fourth step: matching the data set H data and the equipment based on the white list: carrying out secondary filtration on the data set H through a white list technology, comparing data with data in a white list, wherein the probability of the data set H possibly having abnormality, attack or potential loophole exceeds a certain value, extracting data coincident with the white list, reducing an early warning retrieval range, and obtaining final early warning data; and then, matching the early warning data with the Internet of things equipment, identifying the type of the abnormal Internet of things equipment, and realizing the conversion of the prediction result from the data to the equipment.
2. The Internet of things equipment monitoring and early warning method based on the C5.0 decision tree and the time sequence analysis as claimed in claim 1, wherein: the method comprises the following steps:
preprocessing the test centralized data and then classifying the data by a trained decision tree; the data preprocessing process comprises data identification, data cleaning and data standardization.
(1) Data identification: the attribute A of each data in the data set S has n values, wherein one attribute value is an attack type, and the data identification is to identify the data according to the attack type;
(2) data cleaning: checking, repairing or eliminating the data which do not meet the standard in the data set S;
(3) data normalization: including centering and normalization, i.e., removing the unit limitation of the data by shifting and scaling the differences that exist between the features.
3. The Internet of things equipment monitoring and early warning method based on the C5.0 decision tree and the time sequence analysis as claimed in claim 1 or 2, wherein: data optimization is performed on the basis of test set data classification, and the classification precision can be effectively improved by using the Boosting technology and the pruning technology, so that the purposes of model data pruning and optimization are achieved.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110066683.0A CN112910859B (en) | 2021-01-19 | 2021-01-19 | Internet of things equipment monitoring and early warning method based on C5.0 decision tree and time sequence analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110066683.0A CN112910859B (en) | 2021-01-19 | 2021-01-19 | Internet of things equipment monitoring and early warning method based on C5.0 decision tree and time sequence analysis |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112910859A CN112910859A (en) | 2021-06-04 |
| CN112910859B true CN112910859B (en) | 2022-06-14 |
Family
ID=76115097
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110066683.0A Active CN112910859B (en) | 2021-01-19 | 2021-01-19 | Internet of things equipment monitoring and early warning method based on C5.0 decision tree and time sequence analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112910859B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113505925B (en) * | 2021-07-09 | 2022-07-15 | 重庆邮电大学 | A kind of abnormal information early warning method of laboratory hazardous chemicals based on ANFIS |
| CN113657628A (en) * | 2021-08-20 | 2021-11-16 | 武汉霖汐科技有限公司 | Industrial equipment monitoring method and system, electronic equipment and storage medium |
| CN113781213B (en) * | 2021-08-20 | 2023-09-29 | 上海华鑫股份有限公司 | Intelligent transaction anomaly detection method based on graph and hierarchical convertors |
| CN114252739B (en) * | 2021-12-24 | 2023-11-03 | 国家电网有限公司 | Power distribution network single-phase earth fault discrimination method, system, equipment and storage medium |
| CN114338187B (en) * | 2021-12-30 | 2024-02-02 | 中国电信股份有限公司 | Terminal safety detection method and device based on decision tree |
| CN114554490B (en) * | 2021-12-30 | 2024-08-06 | 国网辽宁省电力有限公司电力科学研究院 | Abnormal AP detection method and system based on time sequence model |
| CN116008756B (en) * | 2023-03-15 | 2023-06-09 | 国网福建省电力有限公司 | Insulation fault diagnosis method, system, equipment and medium for capacitive voltage transformer |
| CN117527369B (en) * | 2023-11-13 | 2024-06-04 | 无锡商业职业技术学院 | Android malicious attack monitoring method and system based on hash function |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103107902A (en) * | 2011-11-14 | 2013-05-15 | 无锡南理工科技发展有限公司 | Attack detection system based on decision-making tree |
| CN108718291A (en) * | 2018-02-28 | 2018-10-30 | 北京微智信业科技有限公司 | A kind of malice URL detection methods based on big data |
| CN111062511A (en) * | 2019-11-14 | 2020-04-24 | 佛山科学技术学院 | Aquaculture disease prediction method and system based on decision tree and neural network |
| CN111526101A (en) * | 2020-04-16 | 2020-08-11 | 华北电力大学 | A machine learning-based dynamic traffic classification method for the Internet of Things |
| AU2020102094A4 (en) * | 2020-09-01 | 2020-10-08 | K.R, Ananth DR | GROUP ACTIVITY RECOGNITION BY INTEGRATION AND FUSION OF INDIVIDUAL MULTISENSORY IoT DATA |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190180196A1 (en) * | 2015-01-23 | 2019-06-13 | Conversica, Inc. | Systems and methods for generating and updating machine hybrid deep learning models |
-
2021
- 2021-01-19 CN CN202110066683.0A patent/CN112910859B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103107902A (en) * | 2011-11-14 | 2013-05-15 | 无锡南理工科技发展有限公司 | Attack detection system based on decision-making tree |
| CN108718291A (en) * | 2018-02-28 | 2018-10-30 | 北京微智信业科技有限公司 | A kind of malice URL detection methods based on big data |
| CN111062511A (en) * | 2019-11-14 | 2020-04-24 | 佛山科学技术学院 | Aquaculture disease prediction method and system based on decision tree and neural network |
| CN111526101A (en) * | 2020-04-16 | 2020-08-11 | 华北电力大学 | A machine learning-based dynamic traffic classification method for the Internet of Things |
| AU2020102094A4 (en) * | 2020-09-01 | 2020-10-08 | K.R, Ananth DR | GROUP ACTIVITY RECOGNITION BY INTEGRATION AND FUSION OF INDIVIDUAL MULTISENSORY IoT DATA |
Non-Patent Citations (2)
| Title |
|---|
| A Comparison of SVM and CNN-LSTM Based Approach for Detecting Smoke Inhalations from Respiratory signal;Volkan Y Senyurek.etl;《2019 41st Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC)》;20191007;全文 * |
| 基于主成分分析禁忌搜索和决策树分类的异常流量检测方法;冶晓隆等;《计算机应用》;20131001(第10期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112910859A (en) | 2021-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112910859B (en) | Internet of things equipment monitoring and early warning method based on C5.0 decision tree and time sequence analysis | |
| CN117473571B (en) | Data information security processing method and system | |
| CN111163057B (en) | User identification system and method based on heterogeneous information network embedding algorithm | |
| CN112235283B (en) | A network attack assessment method for power industrial control system based on vulnerability description attack graph | |
| CN111901340B (en) | A kind of intrusion detection system and method for energy internet | |
| CN113378990B (en) | Flow data anomaly detection method based on deep learning | |
| CN113505371B (en) | Database Security Risk Assessment System | |
| CN115987615A (en) | Network behavior safety early warning method and system | |
| CN114218998A (en) | Power system abnormal behavior analysis method based on hidden Markov model | |
| CN117056902A (en) | Password management method and system for Internet of things | |
| Ao | Using machine learning models to detect different intrusion on NSL-KDD | |
| KR102470364B1 (en) | A method for generating security event traning data and an apparatus for generating security event traning data | |
| CN117349618A (en) | Method and medium for constructing malicious encryption traffic detection model of network information system | |
| CN115242431A (en) | Industrial Internet of things data anomaly detection method based on random forest and long-short term memory network | |
| CN118627066A (en) | A BERT-based APT attack tracing method | |
| Chen et al. | An efficient network intrusion detection model based on temporal convolutional networks | |
| CN118041587A (en) | Network security test evaluation system and method | |
| CN117034149A (en) | Fault processing strategy determining method and device, electronic equipment and storage medium | |
| CN116346475A (en) | Hidden high-risk behavior operation anomaly scoring method and system | |
| Harbola et al. | Improved intrusion detection in DDoS applying feature selection using rank & score of attributes in KDD-99 data set | |
| CN118573455B (en) | Deep learning-based power system network security prediction method and device | |
| CN119449452A (en) | A network threat deduction system and method based on Transformer and graph attention network model | |
| Dong et al. | Security situation assessment algorithm for industrial control network nodes based on improved text simhash | |
| Li et al. | On Testing and Evaluation of Artificial Intelligence Models | |
| Su et al. | Intrusion detection using convolutional recurrent neural network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |