计算机科学

计算机科学 ›› 2020, Vol. 47 ›› Issue (7): 299-306.doi: 10.11896/jsjkx.190700199

所属专题: 物联网技术 虚拟专题

• 信息安全 • 上一篇    下一篇

基于流量指纹的物联网设备识别方法和物联网安全模型

杨威超1,2, 郭渊博1, 李涛1, 朱本全2   

  1. 1 信息工程大学密码工程学院 郑州450000
    2 61213部队 山西 临汾041000
  • 收稿日期:2019-07-29 出版日期:2020-07-15 发布日期:2020-07-16
  • 通讯作者: 郭渊博(yuanbo_g@hotmail.com)
  • 作者简介:79579@163.com
  • 基金资助:
    信息保障技术重点实验室基金(614211203010417)

Method Based on Traffic Fingerprint for IoT Device Identification and IoT Security Model

YANG Wei-chao1,2, GUO Yuan-bo1, LI Tao1, ZHU Ben-quan2   

  1. 1 School of Cryptography,University of Information Engineering,Zhengzhou 450000,China
    2 61213 Troops of the Chinese People’s Liberation Army,Linfen,Shanxi 041000,China
  • Received:2019-07-29 Online:2020-07-15 Published:2020-07-16
  • About author:YANG Wei-chao,born in 1991,M.S.candidate.His research interests include security of internet of things and so on.
    GUO Yuan-bo,born in 1975,Ph.D,professor.His research interests include network attack and defense and so on.
  • Supported by:
    This work was supported by Foundation of Science and Technology on Information Assurance Laboratory (614211203010417)

PDF (PC)

3079

摘要: 物联网(Internet of Things,IoT)的大规模部署应用,使得有漏洞的物联网设备也可能联入网中。攻击者利用有漏洞的设备接入目标内部网络,就可潜伏伺机发起进一步的攻击。为防范这类攻击,需要开发一种对可疑设备接入控制并管理内部设备的安全机制。首先,为实现对可疑设备的接入控制,文中给出了一种设备识别方法,通过设置白名单,构建通信流量特征指纹,使用随机森林方法来训练设备识别模型;其次,为管理内部设备,提出了一种智能安全管理模型,构建基于资产、漏洞、安全机制等的本体威胁模型;最后,通过实验验证了设备识别模型的检测效果,其识别准确率达到96%以上,并将其与已有类似方法进行对比,结果证明了所提方法具有更好的检测稳定性。

关键词: 白名单, 本体威胁建模, 流量特征提取, 随机森林, 物联网设备识别

Abstract: The large-scale deployment of the Internet of Things makes it possible for vulnerable IoT devices to be connected to the network.When an attacker uses a vulnerable device to access the target internal network,it can lurk to wait for an attack.To prevent such attacks,it is necessary to develop a security mechanism for access control of suspicious devices and management of internal devices.Firstly,in order to realize the access control of suspicious devices,a device identification method is given in this paper.By setting a white list,a communication traffic feature fingerprint is constructed,and a random forest method is used to train the device identification model.Secondly,to manage internal devices,an intelligent security management model is proposed to build an ontology threat model based on assets,vulnerabilities and security mechanisms.Finally,the experimental results verify the detection performance of the device recognition model,the recognition accuracy rate is above 96%.Compared with theexisting similar methods,the results prove that the proposed method has better detection stability.

Key words: IoT device identification, Ontology threat modeling, Random forest, Traffic feature extraction, White list

中图分类号: 

  • TP393
[1]HOWELL J.Number of connected iot devices will surge to 125 billion by 2030.[EB/OL].(2018-11-07)[2019-07-15].https://technology.ihs.com/596542/.
[2]BORGIA E.The Internet of Things vision:Key features,applications and open issues[J].Computer Communications,2014,1(1):1-31.
[3]RESTUCCIA F,D’ORO S,MELODIA T.Securing the internet of things:New perspectives and research challenges[J].IEEE Internet of Things Journal,2018,1(1):1-14.
[4]STANKOVIC J A.Research directions for the internet of things[J].IEEE Internet of Things Journal,2014,1(1):3-9.
[5]PACHECO J,HARIRI S.IoT security framework for smart cyber infrastructures[C]//2016 IEEE 1st International Workshops on Foundations and Applications of Self* Systems (FAS*W).IEEE,2016:242-247.
[6]CALERO.3 Ways the Internet of Things will Impact Enterprise Security[EB/OL].(2018-06-17)[2019-7-15].https://www.calero.com/mobility-service-support/3-ways-the-internet-of-things-will-impact-enterprise-security/.
[7]BOZTAS A,RIETHOVEN A,ROELOFFS M.Smart TV forensics:Digital traces on televisions.[EB/OL].https://doi.org/10.1016/j.diin.2015.01.012.
[8]SAM B.WikiLeaks Dump Shows CIA Could Turn Smart TVs into Listening Devices[EB/OL].https://theintercept.com/2017/03/07/wikileaks-dump-shows-cia-could-turn-smart-tvs-into-listening-devices.
[9]CACHE J.Fingerprinting 802.11 implementations via statistical analysis of the duration field[J].Uninformed.org,2006,5.
[10]FRANKLIN J,MCCOY D,TABRIZ P,et al.Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting[C]//USENIX Security Symposium.2006:16-89.
[11]BOJINOV H,MICHALEVSKY Y,NAKIBLY G,et al.Mobile device identification via sensor fingerprinting[J].arXiv:1408.1416.
[12]VAN G T,SCHEEPERS W,PREUVENEERS D,et al.Accelerometer-based device fingerprinting for multi-factor mobile authentication[C]//International Symposium on Engineering Secure Software and Systems.Cham:Springer,2016:106-121.
[13]MEIDAN Y,BOHADANA M,SHABTAI A,et al.Detection of unauthorized iot devices using machine learning techniques[J].arXiv:1709.04647.
[14]NGUYEN T D,MARCHAL S,MIETTINEN M,et al.Diot:A crowdsourced self-learning approach for detecting compromised iot devices[J].arXiv:1804.07474.
[15]MEIDAN Y,BOHADANA M,SHABTAI A,et al.ProfilIoT:a machine learning approach for IoT device identification based on network traffic analysis[C]//Proceedings of the Symposium on Applied Computing.ACM,2017:506-509.
[16]SHAIKH F,BOU-HARB E,CRICHIGNO J,et al.A Machine Learning Model for Classifying Unsolicited IoT Devices by Observing Network Telescopes[C]//2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC).IEEE,2018:938-943.
[17]SALMAN O,CHADDAD L,ELHAJJ I H,et al.Pushing intelligence to the network edge[C]//2018 Fifth International Conference on Software Defined Systems (SDS).IEEE,2018:87-92.
[18]THANGAVELU V,DIVAKARAN D M,SAIRAM R,et al.Deft:A distributed iot fingerprinting technique[J].IEEE Internet of Things Journal,2018,6(1):940-952.
[19]MIETTINEN M,MARCHAL S,HAFEEZ I,et al.IoT Senti-nel:Automated device-type identification for security enforcement in IoT[C]//2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).IEEE,2017:2177-2184.
[20]DIRO A A,CHILAMKURTI N.Distributed attack detectionscheme using deep learning approach for Internet of Things[J].Future Generation Computer Systems,2018,82(1):761-768.
[21]FAURI D,KAPSALAKIS M,DOSSANTOS D R,et al.Role In-ference+ Anomaly Detection= Situational Awareness in BAC-
net Networks[C]//International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment.Cham:Springer,2019:461-481.
[22]MILOSLAVSKAYA N,TOLSTOY A.Internet of Things:information security challenges and solutions[J].Cluster Computing,2019,1(1):1-17.
[23]NAWIR M,AMIR A,YAAKOB N,et al.Internet of Things(IoT):Taxonomy of security attacks[C]//2016 3rd International Conference on Electronic Design (ICED).IEEE,2016:321-326.
[24]PACHECO J,ZHU X,BADR Y,et al.Enabling risk management for smart infrastructures with an anomaly behavior analysis intrusion detection system[C]//2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems (FAS* W).IEEE,2017:324-328.
[25]MOZZAQUATRO B,AGOSTINHO C,GONCALVES D,et al.An Ontology-Based Cybersecurity Framework for the Internet of Things[J].Sensors,2018,18(9):3053-3061.
[26]MOZZAQUATRO B A,JARDIM-GONCALVES R,Agostinho C.Towards a Reference Ontology for Security in the Internet of Things[C]//IEEE International Workshop on Measurement & Networking 2015.IEEE,2015:289-296.
[27]HERZOG A,SHAHMEHRI N,DUMA C.An ontology of information security[J].International Journal of Information Security and Privacy (IJISP),2007,1(4):1-23.
[28]FENZ S,EKELHART A.Formalizing information securityknowledge[C]//Proceedings of the 4th International Symposiumon Information,Computer,and Communications Security.ACM,2009:183-194.
[29]UNDERCOFFER J,JOSHI A,PINKSTON J.Modeling com-puter attacks:An ontology for intrusion detection[C]//International Workshop on Recent Advances in Intrusion Detection.Berlin:Springer,2003:113-135.
[30]ACRIS.IoT devices setup captures (IoT Sentinel experiments) [EB/OL].https:// research.Aalto.fi/files/1150458/captures IoT Sentinel.zip.
[1] 高振卓, 王志海, 刘海洋.
嵌入典型时间序列特征的随机Shapelet森林算法
Random Shapelet Forest Algorithm Embedded with Canonical Time Series Features
计算机科学, 2022, 49(7): 40-49. https://doi.org/10.11896/jsjkx.210700226
[2] 胡艳羽, 赵龙, 董祥军.
一种用于癌症分类的两阶段深度特征选择提取算法
Two-stage Deep Feature Selection Extraction Algorithm for Cancer Classification
计算机科学, 2022, 49(7): 73-78. https://doi.org/10.11896/jsjkx.210500092
[3] 王文强, 贾星星, 李朋.
自适应的集成定序算法
Adaptive Ensemble Ordering Algorithm
计算机科学, 2022, 49(6A): 242-246. https://doi.org/10.11896/jsjkx.210200108
[4] 阙华坤, 冯小峰, 刘盼龙, 郭文翀, 李健, 曾伟良, 范竞敏.
Grassberger熵随机森林在窃电行为检测的应用
Application of Grassberger Entropy Random Forest to Power-stealing Behavior Detection
计算机科学, 2022, 49(6A): 790-794. https://doi.org/10.11896/jsjkx.210800032
[5] 章晓庆, 方建生, 肖尊杰, 陈浜, RisaHIGASHITA, 陈婉, 袁进, 刘江.
基于眼前节相干光断层扫描成像的核性白内障分类算法
Classification Algorithm of Nuclear Cataract Based on Anterior Segment Coherence Tomography Image
计算机科学, 2022, 49(3): 204-210. https://doi.org/10.11896/jsjkx.201100085
[6] 刘振宇, 宋晓莹.
一种可用于分类型属性数据的多变量回归森林
Multivariate Regression Forest for Categorical Attribute Data
计算机科学, 2022, 49(1): 108-114. https://doi.org/10.11896/jsjkx.201200189
[7] 杨小琴, 刘国军, 郭建慧, 马文涛.
基于随机森林的空域-频域联合特征全参考彩色图像质量评价方法
Full Reference Color Image Quality Assessment Method Based on Spatial and Frequency Domain Joint Features with Random Forest
计算机科学, 2021, 48(8): 99-105. https://doi.org/10.11896/jsjkx.200700106
[8] 郑建华, 李小敏, 刘双印, 李迪.
融合级联上采样与下采样的改进随机森林不平衡数据分类算法
Improved Random Forest Imbalance Data Classification Algorithm Combining Cascaded Up-sampling and Down-sampling
计算机科学, 2021, 48(7): 145-154. https://doi.org/10.11896/jsjkx.200800120
[9] 李娜娜, 王勇, 周林, 邹春明, 田英杰, 郭乃网.
基于特征重要度二次筛选的DDoS攻击随机森林检测方法
DDoS Attack Random Forest Detection Method Based on Secondary Screening of Feature Importance
计算机科学, 2021, 48(6A): 464-467. https://doi.org/10.11896/jsjkx.200900101
[10] 曹扬晨, 朱国胜, 祁小云, 邹洁.
基于随机森林的入侵检测分类研究
Research on Intrusion Detection Classification Based on Random Forest
计算机科学, 2021, 48(6A): 459-463. https://doi.org/10.11896/jsjkx.200600161
[11] 徐佳庆, 胡小月, 唐付桥, 王强, 何杰.
基于随机森林的高性能互连网络阻塞故障检测
Detecting Blocking Failure in High Performance Interconnection Networks Based on Random Forest
计算机科学, 2021, 48(6): 246-252. https://doi.org/10.11896/jsjkx.201200142
[12] 周益旻, 刘方正, 王勇.
基于混合方法的IPSec VPN加密流量识别
IPSec VPN Encrypted Traffic Identification Based on Hybrid Method
计算机科学, 2021, 48(4): 295-302. https://doi.org/10.11896/jsjkx.200700189
[13] 张天瑞, 魏铭琦, 高秀秀.
基于IPSO-WRF的选择性激光烧结件气泡溶解时间预测模型
Prediction Model of Bubble Dissolution Time in Selective Laser Sintering Based on IPSO-WRF
计算机科学, 2021, 48(11A): 638-643. https://doi.org/10.11896/jsjkx.210300080
[14] 刘振鹏, 苏楠, 秦益文, 卢家欢, 李小菲.
FS-CRF:基于特征切分与级联随机森林的异常点检测模型
FS-CRF:Outlier Detection Model Based on Feature Segmentation and Cascaded Random Forest
计算机科学, 2020, 47(8): 185-188. https://doi.org/10.11896/jsjkx.190600162
[15] 王晓晖, 张亮, 李俊清, 孙玉翠, 田捷, 韩睿毅.
基于遗传算法与随机森林的XGBoost改进方法研究
Study on XGBoost Improved Method Based on Genetic Algorithm and Random Forest
计算机科学, 2020, 47(11A): 454-458. https://doi.org/10.11896/jsjkx.200600002
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发