计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (8): 379-386.doi: 10.11896/jsjkx.230700197

• 信息安全 • 上一篇    下一篇

面向物联网僵尸网络多阶段攻击的异常流量检测方法

陈亮, 李志华   

  1. 江南大学人工智能与计算机学院 江苏 无锡 214112
  • 收稿日期:2023-07-26 修回日期:2023-11-11 出版日期:2024-08-15 发布日期:2024-08-13
  • 通讯作者: 李志华(jswxzhli@aliyun.com)
  • 作者简介:(chenliang006@qq.com)
  • 基金资助:
    工业和信息化部智能制造项目(ZH-XZ-180004);中央高校基本科研业务费专项资金(JUSRP211A41,JUSRP42003)

Abnormal Traffic Detection Method for Multi-stage Attacks of Internet of Things Botnets

CHEN Liang, LI Zhihua   

  1. School of Artificial Intelligence and Computer,Jiangnan University,Wuxi,Jiangsu 214122,China
  • Received:2023-07-26 Revised:2023-11-11 Online:2024-08-15 Published:2024-08-13
  • About author:CHEN Liang,born in 1994,postgra-duate.His main research interests include network security and information security.
    LI Zhihua,born in 1969,Ph.D,professor,master supervisor.His main research interests include key technologies and information security of the end edge cloud,and its intersection with cutting-edge disciplines such as artificial intelligence.
  • Supported by:
    Intelligent Manufacturing Project of the Ministry of Industry and Information Technology(ZH-XZ-180004)and Fundamental Research Funds for the Central Universities of Ministry of Education of China(JUSRP211A41,JUSRP42003).

PDF (PC)

363

摘要: 针对如何从海量的网络流量数据中高效检测出物联网僵尸网络多阶段攻击行为,提出了一种基于多尺度混合残差网络(Multi-scale Hybrid Residual Network,MHRN)的物联网僵尸网络攻击检测(IoT Botnet Attack Detection based on MHRN,IBAD-MHRN)方法。首先,为了减少检测模型的计算参数,在数据预处理中提出基于方差阈值法的特征选择(Feature Selection based on Variance Threshold,FS-VT)算法;其次,采取一种将数据样本转换为图像样本的数据图像化处理策略,充分挖掘深度学习模型的潜能;然后,为了弥补传统僵尸网络检测模型表征能力有限的不足,提出了一种基于多尺度混合残差网络的物联网僵尸网络多阶段攻击检测模型,该模型通过混合方式融合了不同尺度深度提取的特征信息,再通过残差连接消除网络加深造成的网络退化影响;最后,集成上述模型和算法,进一步提出了一种物联网僵尸网络攻击检测方法IBAD-MHRN。实验结果表明,IBAD-MHRN方法的检测准确率和F1值均达到了99.8%,与表现较好的卷积神经网络方法相比在准确率和F1值上分别有0.14%和0.36%的提升,能够有效且高效地检测物联网僵尸网络多阶段攻击。

关键词: 物联网, 僵尸网络, 方差阈值法, 残差网络, 多阶段攻击

Abstract: To address the problem of how to efficiently detect multi-stage attack behavior of IoT botnet from massive network traffic data,an IoT botnet attack detection method based on multi-scale hybrid residual network(IBAD-MHRN)is proposed.Firstly,in order to reduce the calculation parameters of the detection model,a feature selection algorithm based on variance threshold(FS-VT)method is proposed in data preprocessing.Secondly,a data image processing strategy that converts data samples into image samples is adopted to fully tap the potential of the deep learning model.Then,in order to solve the deficiency of the traditional botnet detection model with limited representation ability,a multi-stage attack detection model of IoT botnet based on multi-scale hybrid residual network is proposed.The model integrates the feature information extracted at different scales and depths in a hybrid way,and then eliminates the effect of network degradation caused by network deepening through residual connection.Finally,an IBAD-MHRN method for IoT botnet attack detection is proposed by integrating the above models and algorithms.Experimental results show that the detection accuracy and F1 value of the proposed IBAD-MHRN method reaches 99.8%,and the accuracy and F1 value is improved by 0.14% and 0.36% respectively compared with the better convolutional neural network method,which can effectively and efficiently detect multi-stage attacks of Internet of Things botnets.

Key words: Internet of Things, Botnet, Variance threshold method, Residual network, Multi-stage attacks

中图分类号: 

  • TP393.08
[1]GSM ASSOCIATION.IoT Connections Forecast:The Rise ofEnterprise[OL].https://www.gsma.com/iot/resources/iot-connections-forecast-the-riseof-enterprise.
[2]ROHIT M H,FAHIM S M,KHAN A H A.Mitigating and detecting ddos attack on iot environment[C]//2019 IEEE International Conference on Robotics,Automation,Artificial-intelligence and Internet-of-Things(RAAICON).IEEE,2019:5-8.
[3]DANGE S,CHATTERJEE M.IoT botnet:The largest threat to the IoT network[M]//Data Communication and Networks:Proceedings of GUCON 2019.Singapore:Springer Singapore,2019:137-157.
[4]WAZZAN M,ALGAZZAWI D,ALBESHRI A,et al.CrossDeep Learning Method for Effectively Detecting the Propagation of IoT Botnet[J].Sensors,2022,22(10):3895.
[5]HUSSAIN F,ABBAS S G,PIRES I M,et al.A two-fold machine learning approach to prevent and detect IoT botnet attacks[J].IEEE Access,2021,9:163412-163430.
[6]BORYS A,KAMRUZZAMAN A,THAKUR H N,et al.AnEvaluation of IoT DDoS Cryptojacking Malware and Mirai Botnet[C]//2022 IEEE World AI IoT Congress(AIIoT).IEEE,2022:725-729.
[7]ZHENG J,LI Q,GU G,et al.Realtime DDoS defense usingCOTS SDN switches via adaptive correlation analysis[J].IEEE Transactions on Information Forensics and Security,2018,13(7):1838-1853.
[8]ZAINUDIN A,AHAKONYE L A C,AKTER R,et al.An efficient hybrid-dnn for ddos detection and classification in software-defined iiot networks[J].IEEE Internet of Things Journal,2023,10(10):8491-8504.
[9]AYDIN H,ORMAN Z,AYDIN M A.A long short-term memory(LSTM)-based distributed denial of service(DDoS)detection and defense system design in public cloud network environment[J].Computers & Security,2022,118:102725.
[10]DONG S,SAREM M.DDoS attack detection method based on improved KNN with the degree of DDoS attack in software-defined networks[J].IEEE Access,2019,8:5039-5048.
[11]JIAN S J,LU Z G,DU D,et al.Review on network intrusion detection technology [J].Journal of Information Security,2020,5(4):96-122.
[12]ALQAHTANI M,MATHKOUR H,BEN ISMAIL M M.IoT botnet attack detection based on optimized extreme gradient boosting and feature selection[J].Sensors,2020,20(21):6336.
[13]ALSHAMKHANY M,ALSHAMKHANY W,MANSOUR M,et al.Botnet attack detection using machine learning[C]//2020 14th International Conference on Innovations in Information Technology(IIT).IEEE,2020:203-208.
[14]WU Z J,XU Q,WANG J J,et al.Low-rate DDoS attack detection based on factorization machine in software defined network[J].IEEE Access,2020,8:17404-17418.
[15]IDRISSI I,BOUKABOUS M,AZIZI M,et al.Toward a deep learning-based intrusion detection system for IoT against botnet attacks[J].IAES International Journal of Artificial Intelligence,2021,10(1):110-120.
[16]RA W,UK S.Detection of IoT Botnet using Machine learning and Deep Learning Techniques[J/OL].https://doi.org/10.21203/rs.3.rs-2630988/v1.
[17]TORRES P,CATANIA C,GARCIA S,et al.An analysis of recurrent neural networks for botnet detection behavior[C]//2016 IEEE Biennial Congress of Argentina(ARGENCON).IEEE,2016:1-6.
[18]ALKAHTANI H,ALDHYANI T H H.Botnet attack detection by using CNN-LSTM model for Internet of Things applications[J].Security and Communication Networks,2021,2021:1-23.
[19]CHAMOU D,TOUPAS P,KETZAKI E,et al.Intrusion detection system based on network traffic using deep neural networks[C]//2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks(CAMAD).IEEE,2019:1-6.
[20]HE K,ZHANG X,REN S,et al.Identity mappings in deep residual networks[C]//Computer Vision-ECCV 2016:14th European Conference,Amsterdam,The Netherlands,October 11-14,2016,Proceedings,Part IV 14.Springer International Publi-shing,2016:630-645.
[21]POERNOMO A,KANG D K.Biased dropout and crossmapdropout:learning towards effective dropout regularization in convolutional neural network[J].Neural Networks,2018,104:60-67.
[22]WANG X,YIN S,LI H,et al.A network intrusion detectionmethod based on deep multi-scale convolutional neural network[J].International Journal of Wireless Information Networks,2020,27:503-517.
[23]HE K,ZHANG X,REN S,et al.Deep residual learning forimage recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:770-778.
[24]MA W G,ZHANG Y D,GUO J.Abnormal traffic detectionmethod based on LSTM and Improved residual network optimization [J].Journal of Communications,2021,42(5):23-40.
[25]LASHKARI A H,ZANG Y,OWHUO G,et al.CICFlowMeter[EB/OL].https://github.com/ahlashkari/CICFlowMeter/blob/master/ReadMe.txt,2017.
[26]FIDA M A F A,AHMAD T,NTAHOBARI M.VarianceThreshold as Early Screening to Boruta Feature Selection for Intrusion Detection System[C]//2021 13th International Confe-rence on Information & Communication Technology and System(ICTS).IEEE,2021:46-50.
[27]LUCKY G,JJUNJU F,MARSHALL A.A lightweight decision-tree algorithm for detecting DDoS flooding attacks[C]//2020 IEEE 20th International Conferenceon Software Quality,Reliability and Security Companion(QRS-C).IEEE,2020:382-389.
[28]HUSSAIN F,ABBAS S G,HUSNAIN M,et al.IoT DoS andDDoS attack detection using ResNet[C]//2020 IEEE 23rd International Multitopic Conference(INMIC).IEEE,2020:1-6.
[29]WANG X T,WANG X,SUN Z X.Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network[J].Computer Science,2022,49(8):314-322.
[30]PETERSON J M,LEEVY J L,KHOSHGOFTAAR T M.A review and analysis of the bot-iot dataset[C]//2021 IEEE International Conference on Service-Oriented System Engineering(SOSE).IEEE,2021:20-27.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发