计算机科学 ›› 2021, Vol. 48 ›› Issue (2): 324-329.doi: 10.11896/jsjkx.200800030

所属专题: 物联网技术 虚拟专题

• 信息安全 • 上一篇    下一篇

IoTGuardEye:一种面向物联网服务的Web攻击检测方法

刘新, 黄缘缘, 刘子昂, 周睿   

  1. 兰州大学信息科学与工程学院 兰州730000
  • 收稿日期:2020-08-05 修回日期:2020-11-25 出版日期:2021-02-15 发布日期:2021-02-04
  • 通讯作者: 周睿(zr@lzu.edu.cn)
  • 作者简介:xliu2019@lzu.edu.cn
  • 基金资助:
    国家重点研发计划资助(2020YFC0832500);国家自然科学基金项目(61402210);教育部-中国移动科研基金项目(MCM20170206);国家电网公司科技项目资助(SGGSKY00WYJS2000062)

IoTGuardEye:A Web Attack Detection Method for IoT Services

LIU Xin, HUANG Yuan-yuan, LIU Zi-ang, ZHOU Rui   

  1. School of Information Science & Engineering,Lanzhou University,Lanzhou 730000,China
  • Received:2020-08-05 Revised:2020-11-25 Online:2021-02-15 Published:2021-02-04
  • About author:LIU Xin,born in 1995,Ph.D student.His main research interests include web security,IoT security and blockchain security.
    ZHOU Rui,born in 1981,associate professor.His main research interests include distributed systems,embedded systems and machine learning.
  • Supported by:
    The National Key R&D Program of China(2020YFC0832500),National Natural Science Foundation of China(61402210),Ministry of Education-China Mobile Research Foundation(MCM20170206) andState Grid Corporation of China Science and Technology Project(SGGSKY00WYJS2000062).

摘要: 在包括物联网(Internet of Things,IoT)设备的绝大部分边缘计算应用中,基于互联网应用技术(通常被称为Web技术)开发的应用程序接口(Application Programming Interface,API)是设备与远程服务器进行信息交互的核心。相比传统的Web应用,大部分用户无法直接接触到边缘设备使用的API,使得其遭受的攻击相对较少。但随着物联网设备的普及,针对API的攻击逐渐成为热点。因此,文中提出了一种面向物联网服务的Web攻击向量检测方法,用于对物联网服务收到的Web流量进行检测,并挖掘出其中的恶意流量,从而为安全运营中心(Security Operation Center,SOC)提供安全情报。该方法在对超文本传输协议(Hypertext Transfer Protocol,HTTP)请求的文本序列进行特征抽取的基础上,针对API请求的报文格式相对固定的特点,结合双向长短期记忆网络(Bidirectional Long Short-Term Memory,BLSTM)实现对Web流量的攻击向量检测。实验结果表明,相比基于规则的Web应用防火墙(Web Application Firewall,WAF)和传统的机器学习方法,所提方法针对面向物联网服务API的攻击具有更好的识别能力。

关键词: Web攻击, 边缘计算, 双向长短期记忆, 威胁感知, 物联网

Abstract: In most of the edge computing applications including Internet of Things (IoT) devices,the application programming interface (API) based on Internet application technologies,which are commonly known as Web Technologies,is the core of information interaction between devices and remote servers.Compared with traditional web applications,most users cannot directly access APIs used by edge devices,which makes them suffer fewer attacks.However,with the popularity of edge computing,the attack based on API has gradually become a hot spot.Therefore,this paper proposes a web attack vector detection method for IoT service providers.It can be utilized to detect malicious traffic against its API services and provide security intelligence for the security operation center (SOC).Based on the feature extraction of text sequence requested by hypertext transfer protocol (HTTP),this method combines bidirectional long short-term memory (BLSTM) to detect the attack vector of web traffic according to the relatively fixed format of API request message.Experimental results show that,compared with the rule-based Web application firewall (WAF) and traditional machine learning methods,the proposed method has better recognition ability for attacks on IoT service APIs.

Key words: BLSTM, Edge computing, Internet of Things, Threat awareness, Web attack

中图分类号: 

  • TP393
[1] ALFONSO V,JAMES F H,HUNG L H,et al.Predicts 2015:The Internet of Things[EB/OL].(2014-12-30) [2020-07-28].https:∥www.gartner.com/doc/2952822/predicts-internet-things.
[2] ALAN N,ALEX S,Internet security threat report[EB/OL].(2019-02) [2020-07-28].https:∥symantec.broadcom.com/symc-istr-v24-2019-6819.
[3] WAKEFIELDR L.Computer monitoring and surveillance[J].The CPA Journal,2004,74(7):52.
[4] DENNING D E.An Intrusion-Detection Model[J].IEEE Transactions on Software Engineering,1987,SE-13(2):222-232.
[5] YU F,CHEN Z F,DIAO Y L,et al.Fast and memory-efficient regular expression matching for deep packet inspection[C]//2006 ACM/IEEE symposium on Architecture for networking and communications systems (ANCS'06).2006:93-102.
[6] ROESCH M.Snort - Lightweight Intrusion Detection for Networks[C]// In Proceedings of the 13th USENIX conference on System administration (LISA '99).Association,USA,1999:229-238.
[7] KRUEGEL C,TOTH T.Using Decision Trees to Improve Signature-Based Intrusion Detection[C]//Recent Advances in Intrusion Detection(RAID 2003).Lecture Notes in Computer Science,2003:173-191.
[8] CHEN W H,HSU S H,SHEN H P.Application of SVM and ANN for intrusion detection[J].Computers & Operations Research,2005,32(10):2617-2634.
[9] LIANG J,ZHAO W,YE W.Anomaly-Based Web Attack Detection:A Deep Learning Approach[C]//The 2017 VI International Conference on Network,Communication and Computing (ICNCC 2017).2017:80-85.
[10] SAXE J,BERLIN K.Deep Neural Network Based Malware Detection Using Two Dimensional Binary Program Features[C]// 2015 10th International Conference on Malicious and Unwanted Software (MALWARE).Fajardo,2015:11-20.
[11] TIAN Z,LUO C,QIU J,et al.A Distributed Deep Learning System for Web Attack Detection on Edge Devices[J].IEEE Transactions on Industrial Informatics,2020,16(3):1963-1971.
[12] TAMA B A,NKENYEREYE L,ISLAM S M R,et al.An Enhanced Anomaly Detection in Web Traffic Using a Stack of Classifier Ensemble[J].IEEE Access,2020,8:24120-24134.
[13] MOHAMMADI S,NAMADCHIAN A.Anomaly-based WebAttack Detection:The Application of Deep Neural Network Seq2Seq With Attention Mechanism[J].The ISC International Journal of Information Security,2020,12(1):44-54.
[14] DU M,LI F,ZHENG G,et al.DeepLog:Anomaly Detection and Diagnosis from System Logs through Deep Learning[C]// The 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS'17).2017:1285-1298.
[15] JIANG F,FU Y,GUPTAB B,et al.Deep Learning based Multi-channel intelligent attack detection for Data Security[J].IEEE Transactions on Sustainable Computing,2020,5(2):204-212.
[16] JIN X,CUI B,YANG J,et al.Payload-Based Web Attack Detection Using Deep Neural Network[C]//Advances on Broad-Band Wireless Computing,Communication and Applications(BWCCA 2017).Lecture Notes on Data Engineering and Communications Technologies,2018:482-488.
[17] SKARUZ J,SEREDYNSKI F.Recurrent neural networks towards detection of SQL attacks[C]//2007 IEEE International Parallel and Distributed Processing Symposium.Rome,2007:1-8.
[18] LIU H Y,LANG B,LIU M,et al.CNN and RNN based payload classification methods for attack detection[J].Knowledge-Based Systems,2019,163(1):332-341.
[19] LI Z,ZOU D,XU S,et al.VulDeePecker:A Deep Learning-Based System for Vulnerability Detection[C]// Network and Distributed System Security Symposium.2018:23158.
[20] HOCHREITER S,SCHMIDHUBER J.Long Short-Term Me-mory[J].Neural Computation,1997,9(8):1735-1780.
[21] YONG B,LIU X,YU Q,et al.Malicious Web traffic detection for Internet of Things environments[J].Computers & Electrical Engineering,2019,77:260-272.
[1] 孙慧婷, 范艳芳, 马孟晓, 陈若愚, 蔡英.
VEC中基于动态定价的车辆协同计算卸载方案
Dynamic Pricing-based Vehicle Collaborative Computation Offloading Scheme in VEC
计算机科学, 2022, 49(9): 242-248. https://doi.org/10.11896/jsjkx.210700166
[2] 于滨, 李学华, 潘春雨, 李娜.
基于深度强化学习的边云协同资源分配算法
Edge-Cloud Collaborative Resource Allocation Algorithm Based on Deep Reinforcement Learning
计算机科学, 2022, 49(7): 248-253. https://doi.org/10.11896/jsjkx.210400219
[3] 张翀宇, 陈彦明, 李炜.
边缘计算中面向数据流的实时任务调度算法
Task Offloading Online Algorithm for Data Stream Edge Computing
计算机科学, 2022, 49(7): 263-270. https://doi.org/10.11896/jsjkx.210300195
[4] 李梦菲, 毛莺池, 屠子健, 王瑄, 徐淑芳.
基于深度确定性策略梯度的服务器可靠性任务卸载策略
Server-reliability Task Offloading Strategy Based on Deep Deterministic Policy Gradient
计算机科学, 2022, 49(7): 271-279. https://doi.org/10.11896/jsjkx.210600040
[5] 赵冬梅, 吴亚星, 张红斌.
基于IPSO-BiLSTM的网络安全态势预测
Network Security Situation Prediction Based on IPSO-BiLSTM
计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103
[6] 袁昊男, 王瑞锦, 郑博文, 吴邦彦.
基于Fabric的电子病历跨链可信共享系统设计与实现
Design and Implementation of Cross-chain Trusted EMR Sharing System Based on Fabric
计算机科学, 2022, 49(6A): 490-495. https://doi.org/10.11896/jsjkx.210500063
[7] 张翕然, 刘万平, 龙华.
物联网僵尸网络病毒的传播动力学模型与分析
Dynamic Model and Analysis of Spreading of Botnet Viruses over Internet of Things
计算机科学, 2022, 49(6A): 738-743. https://doi.org/10.11896/jsjkx.210300212
[8] 方韬, 杨旸, 陈佳馨.
D2D辅助移动边缘计算下的卸载策略优化
Optimization of Offloading Decisions in D2D-assisted MEC Networks
计算机科学, 2022, 49(6A): 601-605. https://doi.org/10.11896/jsjkx.210200114
[9] 刘漳辉, 郑鸿强, 张建山, 陈哲毅.
多无人机使能移动边缘计算系统中的计算卸载与部署优化
Computation Offloading and Deployment Optimization in Multi-UAV-Enabled Mobile Edge Computing Systems
计算机科学, 2022, 49(6A): 619-627. https://doi.org/10.11896/jsjkx.210600165
[10] 谢万城, 李斌, 代玥玥.
空中智能反射面辅助边缘计算中基于PPO的任务卸载方案
PPO Based Task Offloading Scheme in Aerial Reconfigurable Intelligent Surface-assisted Edge Computing
计算机科学, 2022, 49(6): 3-11. https://doi.org/10.11896/jsjkx.220100249
[11] 周天清, 岳亚莉.
超密集物联网络中多任务多步计算卸载算法研究
Multi-Task and Multi-Step Computation Offloading in Ultra-dense IoT Networks
计算机科学, 2022, 49(6): 12-18. https://doi.org/10.11896/jsjkx.211200147
[12] 董丹丹, 宋康.
RIS辅助双向物联网通信系统性能分析
Performance Analysis on Reconfigurable Intelligent Surface Aided Two-way Internet of Things Communication System
计算机科学, 2022, 49(6): 19-24. https://doi.org/10.11896/jsjkx.220100064
[13] 沈家芳, 钱丽萍, 杨超.
面向集能型中继窄带物联网的非正交多址接入和多维网络资源优化
Non-orthogonal Multiple Access and Multi-dimension Resource Optimization in EH Relay NB-IoT Networks
计算机科学, 2022, 49(5): 279-286. https://doi.org/10.11896/jsjkx.210400239
[14] 彭冬阳, 王睿, 胡谷雨, 祖家琛, 王田丰.
视频缓存策略中QoE和能量效率的公平联合优化
Fair Joint Optimization of QoE and Energy Efficiency in Caching Strategy for Videos
计算机科学, 2022, 49(4): 312-320. https://doi.org/10.11896/jsjkx.210800027
[15] 张振超, 刘亚丽, 殷新春.
适用于物联网环境的无证书广义签密方案
New Certificateless Generalized Signcryption Scheme for Internet of Things Environment
计算机科学, 2022, 49(3): 329-337. https://doi.org/10.11896/jsjkx.201200256
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!