计算机科学

计算机科学 ›› 2021, Vol. 48 ›› Issue (9): 337-344.doi: 10.11896/jsjkx.200600108

• 信息安全 • 上一篇    下一篇

基于核密度估计的轻量级物联网异常流量检测方法

张叶, 李志华, 王长杰   

  1. 江南大学人工智能与计算机学院 江苏 无锡214122
  • 收稿日期:2020-06-17 修回日期:2020-08-28 出版日期:2021-09-15 发布日期:2021-09-10
  • 通讯作者: 李志华(jswxzhli@aliyun.com)
  • 作者简介:wxjncs_zy@aliyun.com
  • 基金资助:
    工业和信息化部智能制造项目(ZH-XZ-180004);中央高校基本科研业务费专项资金(JUSRP211A41);中央高校基本科研业务费专项资金(JUSRP42003); 111基地建设项目(B2018)

Kernel Density Estimation-based Lightweight IoT Anomaly Traffic Detection Method

ZHANG Ye, LI Zhi-hua, WANG Chang-jie   

  1. School of Artificial Intelligence and Computer,Jiangnan University,Wuxi,Jiangsu 214122,China
  • Received:2020-06-17 Revised:2020-08-28 Online:2021-09-15 Published:2021-09-10
  • About author:ZHANG Ye,born in 1996,postgra-duate,is a member of China Computer Federation.His main research interests include IoT security and information security.
    LI Zhi-hua,born in 1969,Ph.D,asso-ciate professor.His main research inte-rests include cloud computing and information security.
  • Supported by:
    Intelligent Manufacturing Project of Ministry of Industry and Information Technology(ZH-XZ-180004),Fundamental Research Funds for the Central Universities of Ministry of Education of China(JUSRP211A41),Fundamental Research Funds for the Central Universities of Ministry of Education of China (JUSRP42003) and 111 Base Construction Project(B2018).

PDF (PC)

724

摘要: 为了有效应对僵尸网络对家庭和个人物联网的安全威胁,尤其针对家用环境中用于异常检测的资源不足的客观问题,提出了一种基于核密度估计的轻量级物联网异常流量检测(Kernel Density Estimation-based Lightweight IoT Anomaly Traffic Detection,KDE-LIATD)方法。首先,KDE-LIATD方法使用高斯核密度估计方法估计了训练集中正常样本每一维特征的特征值概率密度函数以及对应的概率密度;然后,提出了基于核密度估计的特征选择算法(Kernel Density Estimation-based Feature Selection Algorithm,KDE-FS),获得了对异常检测贡献突出的特征,从而在提升异常检测准确率的同时降低了特征维度;最后,通过三次样条插值方法计算测试样本的异常评估值并进行异常检测,这一策略极大地减少了使用核密度估计方法计算测试样本异常评估值时所需要的计算开销与存储开销。仿真实验结果表明,提出的KDE-LIATD方法在面向异构的物联网设备的异常流量检测方面具有比较强的鲁棒性和兼容性,能够有效地对家庭和个人物联网僵尸网络的异常流量进行检测。

关键词: 核密度估计, 僵尸网络, 特征选择, 物联网, 异常检测

Abstract: In order to effectively deal with the security threats of home and personal Internet of Things(IoT) bot nets,especially for the objective problem of insufficient resources for anomaly detection in the home environment,a kernel density estimation-based lightweight IoT anomaly traffic detection (KDE-LIATD) method is proposed.Firstly,the KDE-LIATD method uses a Gaussian kernel density estimation method to estimate the probability density function and corresponding probability density of each dimension feature value of thenormal samples in the training set.Then,a kernel density estimation-based feature selection algorithm (KDE-FS) is proposed to obtain features that contribute significantly to anomaly detection,thereby reducing the feature dimension while improving the accuracy of anomaly detection.Finally,the cubic spline interpolation method is used to calculate the anomaly evaluation value of the test sample and perform anomaly detection.This strategy greatly reduces the computational overhead and storage overhead required to calculate the anomaly evaluation value of the test sample using the kernel density estimation method.Simulation experiment results show that the KDE-LIATD method has strong robustness and strong compatibility for anomaly traffic detection of heterogeneous IoT devices,and can effectively detect abnormal traffic in home and personal IoT bot nets.

Key words: Anomaly detection, Bot net, Feature selection, IoT, Kernel density estimation

中图分类号: 

  • TP309
[1]DAVIS G.Life with 50 billion connected devices[C]//2018IEEE International Conference on Consumer Electronics (ICCE).IEEE,2018:1.
[2]ANDREA I,CHRYSOSTOMOU C,HADJICHRISTOFI G,et al.Internet of things:Security vulnerabilities and challenges[C]//2015 IEEE Symposium on Computers and Communication (ISCC).IEEE,2015:180-187.
[3]MAKHDOOM I,ABOLHASAN M,LIPMAN J,et al.Anatomy of threats to the internet of things[J].IEEE Communications Surveys & Tutorials,2018,21(2):1636-1675.
[4]KOLIAS C,KAMBOURAKIS G,STAVROU A,et al.DDoS in the IoT:Mirai and Other Botnets[J].Computer,2017,50(7):80-84.
[5]VITALY S.Imperva Blocks Our Largest DDoS L7/Brute Force Attack Ever (Peaking at 292,000 RPS)[EB/OL].(2019-07-24)[2020-03-10].https://www.imperva.com/blog/imperva-blocks-our-largest-ddos-l7-brute-force-attack-ever-peaking-at-292000-rps.
[6]SILVEIRA F,DIOT C,TAFT N,et al.ASTUTE:Detecting a different class of traffic anomalies[J].ACM SIGCOMM Computer Communication Review,2010,40(4):267-278.
[7]LIASKOS C,KOTRONIS V,DIMITROPOULOS X.A novelframework for modeling and mitigating distributed link flooding attacks[C]//IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on Computer Communications.IEEE,2016:1-9.
[8]SEDJELMACI H,SENOUCI S M,TALEB T.An accurate security game for low-resource IoT devices[J].IEEE Transactions on Vehicular Technology,2017,66(10):9381-9393.
[9]SMMERVILLE D H,ZACH K M,CHEN Y.Ultra-lightweight deep packet anomaly detection for Internet of Things devices [C]//2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC).IEEE,2015:1-8.
[10]HASAN M,ISLAM M M,ZARIF M I I,et al.Attack andanomaly detection in IoT sensors in IoT sites using machine learning approaches[J].Internet of Things,2019,7:100059.
[11]YANG W C,GUO Y B,ZHONG Y,et al.IoT Traffic Anomaly Detection Based on Device Type Identification and BP Neural Network[J].Netinfo Security,2019,19(12):53-63.
[12]ÖZÇELIK M,CHALABIANLOO N,GÜR G.Software-Defined Edge Defense against IoT-Based DDoS[C]//2017 IEEE International Conference on Computer and Information Technology (CIT).IEEE,2017:308-313.
[13]MCDERMOTT C D,MAJDANI F,PETROVSKI A V.Botnet Detection in the Internet of Things using Deep Learning Approaches[C]//2018 International Joint Conference on Neural Networks (IJCNN).IEEE,2018:1-8.
[14]DOSHI R,APTHORPE N,FEAMSTER N.Machine Learning DDoS Detection for Consumer Internet of Things Devices[C]//2018 IEEE Security and Privacy Workshops(SPW).IEEE,2018:29-35.
[15]DIETZ C,CASTRO R L,STEINBERGER J,et al.IoT-Botnet Detection and Isolation by Access Routers[C]//2018 9th International Conference on the Network of the Future (NOF).IEEE,2018:88-95.
[16]APTHORPE N,REISMAN D,FEAMSTER N.Poster:A Smart Home is No Castle:Privacy Vulnerabilities of Encrypted IoT Traffic[J].arXiv:1705.06805,2017.
[17]MEIDAN Y,BOHADANA M,MATHOV Y,et al.N-BaIoT-Network-based Detection of IoT Botnet Attacks Using Deep
Autoencoders[J].IEEE Pervasive Computing,2018,17(3):12-22.
[18]MENDONÇA G,SANTOS G H A,SILVA E S,et al.An Extremely Lightweight Approach for DDoS Detection at Home Gateways[C]//2019 IEEE International Conference on Big Data (Big Data).IEEE,2019:5012-5021.
[19]SILVERMAN B W.Density estimation for statistics and dataanalysis[M]//Boca Raton.CRC Press,1986:9-15.
[20]MAATEN L,HINTON G.Visualizing data using t-SNE[J].Journal of Machine Learning Research,2008,9(11):2579-2605.
[1] 徐天慧, 郭强, 张彩明.
基于全变分比分隔距离的时序数据异常检测
Time Series Data Anomaly Detection Based on Total Variation Ratio Separation Distance
计算机科学, 2022, 49(9): 101-110. https://doi.org/10.11896/jsjkx.210600174
[2] 李其烨, 邢红杰.
基于最大相关熵的KPCA异常检测方法
KPCA Based Novelty Detection Method Using Maximum Correntropy Criterion
计算机科学, 2022, 49(8): 267-272. https://doi.org/10.11896/jsjkx.210700175
[3] 王馨彤, 王璇, 孙知信.
基于多尺度记忆残差网络的网络流量异常检测模型
Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network
计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011
[4] 李斌, 万源.
基于相似度矩阵学习和矩阵校正的无监督多视角特征选择
Unsupervised Multi-view Feature Selection Based on Similarity Matrix Learning and Matrix Alignment
计算机科学, 2022, 49(8): 86-96. https://doi.org/10.11896/jsjkx.210700124
[5] 杜航原, 李铎, 王文剑.
一种面向电商网络的异常用户检测方法
Method for Abnormal Users Detection Oriented to E-commerce Network
计算机科学, 2022, 49(7): 170-178. https://doi.org/10.11896/jsjkx.210600092
[6] 张翀宇, 陈彦明, 李炜.
边缘计算中面向数据流的实时任务调度算法
Task Offloading Online Algorithm for Data Stream Edge Computing
计算机科学, 2022, 49(7): 263-270. https://doi.org/10.11896/jsjkx.210300195
[7] 胡艳羽, 赵龙, 董祥军.
一种用于癌症分类的两阶段深度特征选择提取算法
Two-stage Deep Feature Selection Extraction Algorithm for Cancer Classification
计算机科学, 2022, 49(7): 73-78. https://doi.org/10.11896/jsjkx.210500092
[8] 张翕然, 刘万平, 龙华.
物联网僵尸网络病毒的传播动力学模型与分析
Dynamic Model and Analysis of Spreading of Botnet Viruses over Internet of Things
计算机科学, 2022, 49(6A): 738-743. https://doi.org/10.11896/jsjkx.210300212
[9] 康雁, 王海宁, 陶柳, 杨海潇, 杨学昆, 王飞, 李浩.
混合改进的花授粉算法与灰狼算法用于特征选择
Hybrid Improved Flower Pollination Algorithm and Gray Wolf Algorithm for Feature Selection
计算机科学, 2022, 49(6A): 125-132. https://doi.org/10.11896/jsjkx.210600135
[10] 周天清, 岳亚莉.
超密集物联网络中多任务多步计算卸载算法研究
Multi-Task and Multi-Step Computation Offloading in Ultra-dense IoT Networks
计算机科学, 2022, 49(6): 12-18. https://doi.org/10.11896/jsjkx.211200147
[11] 董丹丹, 宋康.
RIS辅助双向物联网通信系统性能分析
Performance Analysis on Reconfigurable Intelligent Surface Aided Two-way Internet of Things Communication System
计算机科学, 2022, 49(6): 19-24. https://doi.org/10.11896/jsjkx.220100064
[12] 沈家芳, 钱丽萍, 杨超.
面向集能型中继窄带物联网的非正交多址接入和多维网络资源优化
Non-orthogonal Multiple Access and Multi-dimension Resource Optimization in EH Relay NB-IoT Networks
计算机科学, 2022, 49(5): 279-286. https://doi.org/10.11896/jsjkx.210400239
[13] 储安琪, 丁志军.
基于灰狼优化算法的信用评估样本均衡化与特征选择同步处理
Application of Gray Wolf Optimization Algorithm on Synchronous Processing of Sample Equalization and Feature Selection in Credit Evaluation
计算机科学, 2022, 49(4): 134-139. https://doi.org/10.11896/jsjkx.210300075
[14] 孙林, 黄苗苗, 徐久成.
基于邻域粗糙集和Relief的弱标记特征选择方法
Weak Label Feature Selection Method Based on Neighborhood Rough Sets and Relief
计算机科学, 2022, 49(4): 152-160. https://doi.org/10.11896/jsjkx.210300094
[15] 武玉坤, 李伟, 倪敏雅, 许志骋.
单类支持向量机融合深度自编码器的异常检测模型
Anomaly Detection Model Based on One-class Support Vector Machine Fused Deep Auto-encoder
计算机科学, 2022, 49(3): 144-151. https://doi.org/10.11896/jsjkx.210100142
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发