计算机科学 ›› 2021, Vol. 48 ›› Issue (9): 337-344.doi: 10.11896/jsjkx.200600108
张叶, 李志华, 王长杰
ZHANG Ye, LI Zhi-hua, WANG Chang-jie
摘要: 为了有效应对僵尸网络对家庭和个人物联网的安全威胁,尤其针对家用环境中用于异常检测的资源不足的客观问题,提出了一种基于核密度估计的轻量级物联网异常流量检测(Kernel Density Estimation-based Lightweight IoT Anomaly Traffic Detection,KDE-LIATD)方法。首先,KDE-LIATD方法使用高斯核密度估计方法估计了训练集中正常样本每一维特征的特征值概率密度函数以及对应的概率密度;然后,提出了基于核密度估计的特征选择算法(Kernel Density Estimation-based Feature Selection Algorithm,KDE-FS),获得了对异常检测贡献突出的特征,从而在提升异常检测准确率的同时降低了特征维度;最后,通过三次样条插值方法计算测试样本的异常评估值并进行异常检测,这一策略极大地减少了使用核密度估计方法计算测试样本异常评估值时所需要的计算开销与存储开销。仿真实验结果表明,提出的KDE-LIATD方法在面向异构的物联网设备的异常流量检测方面具有比较强的鲁棒性和兼容性,能够有效地对家庭和个人物联网僵尸网络的异常流量进行检测。
中图分类号:
[1]DAVIS G.Life with 50 billion connected devices[C]//2018IEEE International Conference on Consumer Electronics (ICCE).IEEE,2018:1. [2]ANDREA I,CHRYSOSTOMOU C,HADJICHRISTOFI G,et al.Internet of things:Security vulnerabilities and challenges[C]//2015 IEEE Symposium on Computers and Communication (ISCC).IEEE,2015:180-187. [3]MAKHDOOM I,ABOLHASAN M,LIPMAN J,et al.Anatomy of threats to the internet of things[J].IEEE Communications Surveys & Tutorials,2018,21(2):1636-1675. [4]KOLIAS C,KAMBOURAKIS G,STAVROU A,et al.DDoS in the IoT:Mirai and Other Botnets[J].Computer,2017,50(7):80-84. [5]VITALY S.Imperva Blocks Our Largest DDoS L7/Brute Force Attack Ever (Peaking at 292,000 RPS)[EB/OL].(2019-07-24)[2020-03-10].https://www.imperva.com/blog/imperva-blocks-our-largest-ddos-l7-brute-force-attack-ever-peaking-at-292000-rps. [6]SILVEIRA F,DIOT C,TAFT N,et al.ASTUTE:Detecting a different class of traffic anomalies[J].ACM SIGCOMM Computer Communication Review,2010,40(4):267-278. [7]LIASKOS C,KOTRONIS V,DIMITROPOULOS X.A novelframework for modeling and mitigating distributed link flooding attacks[C]//IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on Computer Communications.IEEE,2016:1-9. [8]SEDJELMACI H,SENOUCI S M,TALEB T.An accurate security game for low-resource IoT devices[J].IEEE Transactions on Vehicular Technology,2017,66(10):9381-9393. [9]SMMERVILLE D H,ZACH K M,CHEN Y.Ultra-lightweight deep packet anomaly detection for Internet of Things devices [C]//2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC).IEEE,2015:1-8. [10]HASAN M,ISLAM M M,ZARIF M I I,et al.Attack andanomaly detection in IoT sensors in IoT sites using machine learning approaches[J].Internet of Things,2019,7:100059. [11]YANG W C,GUO Y B,ZHONG Y,et al.IoT Traffic Anomaly Detection Based on Device Type Identification and BP Neural Network[J].Netinfo Security,2019,19(12):53-63. [12]ÖZÇELIK M,CHALABIANLOO N,GÜR G.Software-Defined Edge Defense against IoT-Based DDoS[C]//2017 IEEE International Conference on Computer and Information Technology (CIT).IEEE,2017:308-313. [13]MCDERMOTT C D,MAJDANI F,PETROVSKI A V.Botnet Detection in the Internet of Things using Deep Learning Approaches[C]//2018 International Joint Conference on Neural Networks (IJCNN).IEEE,2018:1-8. [14]DOSHI R,APTHORPE N,FEAMSTER N.Machine Learning DDoS Detection for Consumer Internet of Things Devices[C]//2018 IEEE Security and Privacy Workshops(SPW).IEEE,2018:29-35. [15]DIETZ C,CASTRO R L,STEINBERGER J,et al.IoT-Botnet Detection and Isolation by Access Routers[C]//2018 9th International Conference on the Network of the Future (NOF).IEEE,2018:88-95. [16]APTHORPE N,REISMAN D,FEAMSTER N.Poster:A Smart Home is No Castle:Privacy Vulnerabilities of Encrypted IoT Traffic[J].arXiv:1705.06805,2017. [17]MEIDAN Y,BOHADANA M,MATHOV Y,et al.N-BaIoT-Network-based Detection of IoT Botnet Attacks Using Deep Autoencoders[J].IEEE Pervasive Computing,2018,17(3):12-22. [18]MENDONÇA G,SANTOS G H A,SILVA E S,et al.An Extremely Lightweight Approach for DDoS Detection at Home Gateways[C]//2019 IEEE International Conference on Big Data (Big Data).IEEE,2019:5012-5021. [19]SILVERMAN B W.Density estimation for statistics and dataanalysis[M]//Boca Raton.CRC Press,1986:9-15. [20]MAATEN L,HINTON G.Visualizing data using t-SNE[J].Journal of Machine Learning Research,2008,9(11):2579-2605. |
[1] | 徐天慧, 郭强, 张彩明. 基于全变分比分隔距离的时序数据异常检测 Time Series Data Anomaly Detection Based on Total Variation Ratio Separation Distance 计算机科学, 2022, 49(9): 101-110. https://doi.org/10.11896/jsjkx.210600174 |
[2] | 李其烨, 邢红杰. 基于最大相关熵的KPCA异常检测方法 KPCA Based Novelty Detection Method Using Maximum Correntropy Criterion 计算机科学, 2022, 49(8): 267-272. https://doi.org/10.11896/jsjkx.210700175 |
[3] | 王馨彤, 王璇, 孙知信. 基于多尺度记忆残差网络的网络流量异常检测模型 Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network 计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011 |
[4] | 李斌, 万源. 基于相似度矩阵学习和矩阵校正的无监督多视角特征选择 Unsupervised Multi-view Feature Selection Based on Similarity Matrix Learning and Matrix Alignment 计算机科学, 2022, 49(8): 86-96. https://doi.org/10.11896/jsjkx.210700124 |
[5] | 杜航原, 李铎, 王文剑. 一种面向电商网络的异常用户检测方法 Method for Abnormal Users Detection Oriented to E-commerce Network 计算机科学, 2022, 49(7): 170-178. https://doi.org/10.11896/jsjkx.210600092 |
[6] | 张翀宇, 陈彦明, 李炜. 边缘计算中面向数据流的实时任务调度算法 Task Offloading Online Algorithm for Data Stream Edge Computing 计算机科学, 2022, 49(7): 263-270. https://doi.org/10.11896/jsjkx.210300195 |
[7] | 胡艳羽, 赵龙, 董祥军. 一种用于癌症分类的两阶段深度特征选择提取算法 Two-stage Deep Feature Selection Extraction Algorithm for Cancer Classification 计算机科学, 2022, 49(7): 73-78. https://doi.org/10.11896/jsjkx.210500092 |
[8] | 张翕然, 刘万平, 龙华. 物联网僵尸网络病毒的传播动力学模型与分析 Dynamic Model and Analysis of Spreading of Botnet Viruses over Internet of Things 计算机科学, 2022, 49(6A): 738-743. https://doi.org/10.11896/jsjkx.210300212 |
[9] | 康雁, 王海宁, 陶柳, 杨海潇, 杨学昆, 王飞, 李浩. 混合改进的花授粉算法与灰狼算法用于特征选择 Hybrid Improved Flower Pollination Algorithm and Gray Wolf Algorithm for Feature Selection 计算机科学, 2022, 49(6A): 125-132. https://doi.org/10.11896/jsjkx.210600135 |
[10] | 周天清, 岳亚莉. 超密集物联网络中多任务多步计算卸载算法研究 Multi-Task and Multi-Step Computation Offloading in Ultra-dense IoT Networks 计算机科学, 2022, 49(6): 12-18. https://doi.org/10.11896/jsjkx.211200147 |
[11] | 董丹丹, 宋康. RIS辅助双向物联网通信系统性能分析 Performance Analysis on Reconfigurable Intelligent Surface Aided Two-way Internet of Things Communication System 计算机科学, 2022, 49(6): 19-24. https://doi.org/10.11896/jsjkx.220100064 |
[12] | 沈家芳, 钱丽萍, 杨超. 面向集能型中继窄带物联网的非正交多址接入和多维网络资源优化 Non-orthogonal Multiple Access and Multi-dimension Resource Optimization in EH Relay NB-IoT Networks 计算机科学, 2022, 49(5): 279-286. https://doi.org/10.11896/jsjkx.210400239 |
[13] | 储安琪, 丁志军. 基于灰狼优化算法的信用评估样本均衡化与特征选择同步处理 Application of Gray Wolf Optimization Algorithm on Synchronous Processing of Sample Equalization and Feature Selection in Credit Evaluation 计算机科学, 2022, 49(4): 134-139. https://doi.org/10.11896/jsjkx.210300075 |
[14] | 孙林, 黄苗苗, 徐久成. 基于邻域粗糙集和Relief的弱标记特征选择方法 Weak Label Feature Selection Method Based on Neighborhood Rough Sets and Relief 计算机科学, 2022, 49(4): 152-160. https://doi.org/10.11896/jsjkx.210300094 |
[15] | 武玉坤, 李伟, 倪敏雅, 许志骋. 单类支持向量机融合深度自编码器的异常检测模型 Anomaly Detection Model Based on One-class Support Vector Machine Fused Deep Auto-encoder 计算机科学, 2022, 49(3): 144-151. https://doi.org/10.11896/jsjkx.210100142 |
|