计算机科学 ›› 2021, Vol. 48 ›› Issue (2): 324-329.doi: 10.11896/jsjkx.200800030
所属专题: 物联网技术 虚拟专题
刘新, 黄缘缘, 刘子昂, 周睿
LIU Xin, HUANG Yuan-yuan, LIU Zi-ang, ZHOU Rui
摘要: 在包括物联网(Internet of Things,IoT)设备的绝大部分边缘计算应用中,基于互联网应用技术(通常被称为Web技术)开发的应用程序接口(Application Programming Interface,API)是设备与远程服务器进行信息交互的核心。相比传统的Web应用,大部分用户无法直接接触到边缘设备使用的API,使得其遭受的攻击相对较少。但随着物联网设备的普及,针对API的攻击逐渐成为热点。因此,文中提出了一种面向物联网服务的Web攻击向量检测方法,用于对物联网服务收到的Web流量进行检测,并挖掘出其中的恶意流量,从而为安全运营中心(Security Operation Center,SOC)提供安全情报。该方法在对超文本传输协议(Hypertext Transfer Protocol,HTTP)请求的文本序列进行特征抽取的基础上,针对API请求的报文格式相对固定的特点,结合双向长短期记忆网络(Bidirectional Long Short-Term Memory,BLSTM)实现对Web流量的攻击向量检测。实验结果表明,相比基于规则的Web应用防火墙(Web Application Firewall,WAF)和传统的机器学习方法,所提方法针对面向物联网服务API的攻击具有更好的识别能力。
中图分类号:
[1] ALFONSO V,JAMES F H,HUNG L H,et al.Predicts 2015:The Internet of Things[EB/OL].(2014-12-30) [2020-07-28].https:∥www.gartner.com/doc/2952822/predicts-internet-things. [2] ALAN N,ALEX S,Internet security threat report[EB/OL].(2019-02) [2020-07-28].https:∥symantec.broadcom.com/symc-istr-v24-2019-6819. [3] WAKEFIELDR L.Computer monitoring and surveillance[J].The CPA Journal,2004,74(7):52. [4] DENNING D E.An Intrusion-Detection Model[J].IEEE Transactions on Software Engineering,1987,SE-13(2):222-232. [5] YU F,CHEN Z F,DIAO Y L,et al.Fast and memory-efficient regular expression matching for deep packet inspection[C]//2006 ACM/IEEE symposium on Architecture for networking and communications systems (ANCS'06).2006:93-102. [6] ROESCH M.Snort - Lightweight Intrusion Detection for Networks[C]// In Proceedings of the 13th USENIX conference on System administration (LISA '99).Association,USA,1999:229-238. [7] KRUEGEL C,TOTH T.Using Decision Trees to Improve Signature-Based Intrusion Detection[C]//Recent Advances in Intrusion Detection(RAID 2003).Lecture Notes in Computer Science,2003:173-191. [8] CHEN W H,HSU S H,SHEN H P.Application of SVM and ANN for intrusion detection[J].Computers & Operations Research,2005,32(10):2617-2634. [9] LIANG J,ZHAO W,YE W.Anomaly-Based Web Attack Detection:A Deep Learning Approach[C]//The 2017 VI International Conference on Network,Communication and Computing (ICNCC 2017).2017:80-85. [10] SAXE J,BERLIN K.Deep Neural Network Based Malware Detection Using Two Dimensional Binary Program Features[C]// 2015 10th International Conference on Malicious and Unwanted Software (MALWARE).Fajardo,2015:11-20. [11] TIAN Z,LUO C,QIU J,et al.A Distributed Deep Learning System for Web Attack Detection on Edge Devices[J].IEEE Transactions on Industrial Informatics,2020,16(3):1963-1971. [12] TAMA B A,NKENYEREYE L,ISLAM S M R,et al.An Enhanced Anomaly Detection in Web Traffic Using a Stack of Classifier Ensemble[J].IEEE Access,2020,8:24120-24134. [13] MOHAMMADI S,NAMADCHIAN A.Anomaly-based WebAttack Detection:The Application of Deep Neural Network Seq2Seq With Attention Mechanism[J].The ISC International Journal of Information Security,2020,12(1):44-54. [14] DU M,LI F,ZHENG G,et al.DeepLog:Anomaly Detection and Diagnosis from System Logs through Deep Learning[C]// The 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS'17).2017:1285-1298. [15] JIANG F,FU Y,GUPTAB B,et al.Deep Learning based Multi-channel intelligent attack detection for Data Security[J].IEEE Transactions on Sustainable Computing,2020,5(2):204-212. [16] JIN X,CUI B,YANG J,et al.Payload-Based Web Attack Detection Using Deep Neural Network[C]//Advances on Broad-Band Wireless Computing,Communication and Applications(BWCCA 2017).Lecture Notes on Data Engineering and Communications Technologies,2018:482-488. [17] SKARUZ J,SEREDYNSKI F.Recurrent neural networks towards detection of SQL attacks[C]//2007 IEEE International Parallel and Distributed Processing Symposium.Rome,2007:1-8. [18] LIU H Y,LANG B,LIU M,et al.CNN and RNN based payload classification methods for attack detection[J].Knowledge-Based Systems,2019,163(1):332-341. [19] LI Z,ZOU D,XU S,et al.VulDeePecker:A Deep Learning-Based System for Vulnerability Detection[C]// Network and Distributed System Security Symposium.2018:23158. [20] HOCHREITER S,SCHMIDHUBER J.Long Short-Term Me-mory[J].Neural Computation,1997,9(8):1735-1780. [21] YONG B,LIU X,YU Q,et al.Malicious Web traffic detection for Internet of Things environments[J].Computers & Electrical Engineering,2019,77:260-272. |
[1] | 孙慧婷, 范艳芳, 马孟晓, 陈若愚, 蔡英. VEC中基于动态定价的车辆协同计算卸载方案 Dynamic Pricing-based Vehicle Collaborative Computation Offloading Scheme in VEC 计算机科学, 2022, 49(9): 242-248. https://doi.org/10.11896/jsjkx.210700166 |
[2] | 于滨, 李学华, 潘春雨, 李娜. 基于深度强化学习的边云协同资源分配算法 Edge-Cloud Collaborative Resource Allocation Algorithm Based on Deep Reinforcement Learning 计算机科学, 2022, 49(7): 248-253. https://doi.org/10.11896/jsjkx.210400219 |
[3] | 张翀宇, 陈彦明, 李炜. 边缘计算中面向数据流的实时任务调度算法 Task Offloading Online Algorithm for Data Stream Edge Computing 计算机科学, 2022, 49(7): 263-270. https://doi.org/10.11896/jsjkx.210300195 |
[4] | 李梦菲, 毛莺池, 屠子健, 王瑄, 徐淑芳. 基于深度确定性策略梯度的服务器可靠性任务卸载策略 Server-reliability Task Offloading Strategy Based on Deep Deterministic Policy Gradient 计算机科学, 2022, 49(7): 271-279. https://doi.org/10.11896/jsjkx.210600040 |
[5] | 赵冬梅, 吴亚星, 张红斌. 基于IPSO-BiLSTM的网络安全态势预测 Network Security Situation Prediction Based on IPSO-BiLSTM 计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103 |
[6] | 袁昊男, 王瑞锦, 郑博文, 吴邦彦. 基于Fabric的电子病历跨链可信共享系统设计与实现 Design and Implementation of Cross-chain Trusted EMR Sharing System Based on Fabric 计算机科学, 2022, 49(6A): 490-495. https://doi.org/10.11896/jsjkx.210500063 |
[7] | 张翕然, 刘万平, 龙华. 物联网僵尸网络病毒的传播动力学模型与分析 Dynamic Model and Analysis of Spreading of Botnet Viruses over Internet of Things 计算机科学, 2022, 49(6A): 738-743. https://doi.org/10.11896/jsjkx.210300212 |
[8] | 方韬, 杨旸, 陈佳馨. D2D辅助移动边缘计算下的卸载策略优化 Optimization of Offloading Decisions in D2D-assisted MEC Networks 计算机科学, 2022, 49(6A): 601-605. https://doi.org/10.11896/jsjkx.210200114 |
[9] | 刘漳辉, 郑鸿强, 张建山, 陈哲毅. 多无人机使能移动边缘计算系统中的计算卸载与部署优化 Computation Offloading and Deployment Optimization in Multi-UAV-Enabled Mobile Edge Computing Systems 计算机科学, 2022, 49(6A): 619-627. https://doi.org/10.11896/jsjkx.210600165 |
[10] | 谢万城, 李斌, 代玥玥. 空中智能反射面辅助边缘计算中基于PPO的任务卸载方案 PPO Based Task Offloading Scheme in Aerial Reconfigurable Intelligent Surface-assisted Edge Computing 计算机科学, 2022, 49(6): 3-11. https://doi.org/10.11896/jsjkx.220100249 |
[11] | 周天清, 岳亚莉. 超密集物联网络中多任务多步计算卸载算法研究 Multi-Task and Multi-Step Computation Offloading in Ultra-dense IoT Networks 计算机科学, 2022, 49(6): 12-18. https://doi.org/10.11896/jsjkx.211200147 |
[12] | 董丹丹, 宋康. RIS辅助双向物联网通信系统性能分析 Performance Analysis on Reconfigurable Intelligent Surface Aided Two-way Internet of Things Communication System 计算机科学, 2022, 49(6): 19-24. https://doi.org/10.11896/jsjkx.220100064 |
[13] | 沈家芳, 钱丽萍, 杨超. 面向集能型中继窄带物联网的非正交多址接入和多维网络资源优化 Non-orthogonal Multiple Access and Multi-dimension Resource Optimization in EH Relay NB-IoT Networks 计算机科学, 2022, 49(5): 279-286. https://doi.org/10.11896/jsjkx.210400239 |
[14] | 彭冬阳, 王睿, 胡谷雨, 祖家琛, 王田丰. 视频缓存策略中QoE和能量效率的公平联合优化 Fair Joint Optimization of QoE and Energy Efficiency in Caching Strategy for Videos 计算机科学, 2022, 49(4): 312-320. https://doi.org/10.11896/jsjkx.210800027 |
[15] | 张振超, 刘亚丽, 殷新春. 适用于物联网环境的无证书广义签密方案 New Certificateless Generalized Signcryption Scheme for Internet of Things Environment 计算机科学, 2022, 49(3): 329-337. https://doi.org/10.11896/jsjkx.201200256 |
|