计算机科学 ›› 2023, Vol. 50 ›› Issue (3): 371-379.doi: 10.11896/jsjkx.211200280
崔竞松1, 张童桐1, 郭迟2, 郭文飞2
CUI Jingsong1, ZHANG Tongtong1, GUO Chi2, GUO Wenfei2
摘要: 随着互联网的飞速发展,网络设备的安全问题受到了广泛关注。针对现有的网络设备异常检测技术存在破坏性强、检测难度大的问题,文中以网络设备传输处理数据包所花费的时延作为检测依据,提出了一种基于时延特征的异常检测方案。所提方案采用了侧信道分析的方法,无须对网络设备进行升级改造,具有非侵入、易实施、广域性等特点。首先,使用高精度授时技术时戳机采集家庭路由器传输数据包时的时延变化信息,采用遗传算法提取时延分布的峰值位置特征;然后,针对数据集不平衡的问题,使用一类支持向量机算法构建异常检测算法;最后,通过搭建实验平台验证了检测方案的有效性,并对实验结果进行了评估。实验结果表明,所提方法具备可行性和有效性。
中图分类号:
[1]CNCERT.Summary of China's Internet Network Security Situation in 2020[EB/OL].(2021-05-26)[2021-12-02].http://www.cac.gov.cn/2021-05/26/c_1623610314656045.htm. [2]LIU H,LANG B.Machine Learning and Deep Learning Me-thods for Intrusion Detection Systems:A survey [J].Applied Sciences,2019,9(20):4396-4420. [3]KHRAISAT A,GONDAL I,VAMPLEW P,et al.Survey of Intrusion Detection Systems:Techniques,Datasets and Challenges[J].Cybersecurity,2019,2(1):1-22. [4]CHOUDHARY S,KESSWANI N.A Survey:Intrusion Detec-tion Techniques for Internet of Things [J].International Journal of Information Security and Privacy(IJISP),2019,13(1):86-105. [5]ADITHYAN A,NAGENDRAN K,CHETHANA R,et al.Reverse Engineering and Backdooring Router Firmwares[C]//2020 6th International Conference on Advanced Computing and Communication Systems(ICACCS).IEEE,2020:189-193. [6]ESKANDARI M,JANJUA Z H,VECCHIO M,et al.Passban IDS:An Intelligent Anomaly-Based Intrusion Detection System for IoT Edge Devices [J].IEEE Internet of Things Journal,2020,7(8):6882-6897. [7]YAN Z T,FANG B X,LIU Q X,et al.A Wireless Router-Based Lightweight Defense Framework for IoT Devices[J].Journal of University of Chinese Academy of Sciences,2017,34(6):759-770. [8]DUNLAP S,BUTTS J,LOPEZ J,et al.Using Timing-BasedSide Channels for Anomaly Detection in Industrial Control Systems [J].International Journal of Critical Infrastructure Protection,2016(15):12-26. [9]NI M T,ZHAO B,WU F S,et al.CREBAD:Chip Radio Emission Based Anomaly Detection Scheme of IoT Devices[J].Journal of Computer Research and Development,2018,55(7):1451-1461. [10]YANG J G,LIANG L,LIU G J,et al.Method for Router Online Security Risk Assessment Quantification[J].Journal on Communications,2013,34(11):59-70. [11]HEFFNER C.Binwalk-Firmware Analysis Tool[EB/OL].(2021-09-11)[2021-12-12].https://github.com/ReFirmLabs/binwalk. [12]COLLAKE J,HEFFNER C.Firmware modification kit[EB/OL].(2021-05-20) [2021-12-12].https://github.com/rampageX/firmware-mod-kit. [13]SHOSHITAISHVILI Y,WANG R,HAUSER C,et al.Firma-lice-Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware[C]//NDSS.2015:1.1-8.1. [14]HU C J,XUE Y B,ZHAO L,et al.Backdoor Detection in Embedded System Firmware without File System[J].Journal on Communications,2013,34(8):140-145. [15]ANGRISANI L,VENTRE G,PELUSO L,et al.Measurement of Processing and Queuing Delays Introduced by an Open-Source Router in a Single-Hop Network [J].IEEE transactions on instrumentation and measurement,2006,55(4):1065-1076. [16]BREUER J,VIGNER V,ROZTOČIL J.Precise Packet Delay Measurement in an Ethernet Network [J].Measurement,2014(54):215-221. [17]EIDSON J C,FISCHER M,WHITE J.IEEE-1588TM Stanard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems[C]//Proceedings of the 34th Annual Precise Time and Time Interval Systems and Applications Meeting.Reston,Virginia,2002:243-254. [18]CHEN X,CHASAKI D,WOLF T.External Monitoring ofHighly Parallel Network Processors[C]//Proceedings of the 2013 IEEE 14th International Conference on High Performance Switching and Routing(HPSR).IEEE,2013:197-204. [19]BASNIGHT Z,BUTTS J,LOPEZ JR J,et al.Firmware Modification Attacks on Programmable Logic Controllers [J].International Journal of Critical Infrastructure Protection,2013,6(2):76-84. [20]SCHÖLKOPF B,PLATT J C,SHAWE-TAYLOR J,et al.Estimating The Support of a High-Dimensional Distribution[J].Neural Computation,2001,13(7):1443-1471. [21]MATJELO N J,MOKHOMO M.Gaussian Mixture Model Fitting Using Differential Linear Regression[J/OL].International Research Journal of Engineering and Technology(IRJET),2021,8(7).https://www.irjet.net/archives/V8/i7/IRJET-V8I7253.pdf. [22]KATOCH S,CHAUHAN S S,KUMAR V.A Review on Genetic Algorithm:Past,Present,and Future [J].Multimedia Tools and Applications,2021,80(5):8091-8126. [23]VAPNIK V N.An Overview of Statistical Learning Theory [J].IEEE Transactions on Neural Networks,1999,10(5):988-99. |
[1] | 饶丹, 时宏伟. 基于深度聚类的航空交通流识别与异常检测研究 Study on Air Traffic Flow Recognition and Anomaly Detection Based on Deep Clustering 计算机科学, 2023, 50(3): 121-128. https://doi.org/10.11896/jsjkx.220100086 |
[2] | 徐天慧, 郭强, 张彩明. 基于全变分比分隔距离的时序数据异常检测 Time Series Data Anomaly Detection Based on Total Variation Ratio Separation Distance 计算机科学, 2022, 49(9): 101-110. https://doi.org/10.11896/jsjkx.210600174 |
[3] | 李其烨, 邢红杰. 基于最大相关熵的KPCA异常检测方法 KPCA Based Novelty Detection Method Using Maximum Correntropy Criterion 计算机科学, 2022, 49(8): 267-272. https://doi.org/10.11896/jsjkx.210700175 |
[4] | 王馨彤, 王璇, 孙知信. 基于多尺度记忆残差网络的网络流量异常检测模型 Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network 计算机科学, 2022, 49(8): 314-322. https://doi.org/10.11896/jsjkx.220200011 |
[5] | 杜航原, 李铎, 王文剑. 一种面向电商网络的异常用户检测方法 Method for Abnormal Users Detection Oriented to E-commerce Network 计算机科学, 2022, 49(7): 170-178. https://doi.org/10.11896/jsjkx.210600092 |
[6] | 方韬, 杨旸, 陈佳馨. D2D辅助移动边缘计算下的卸载策略优化 Optimization of Offloading Decisions in D2D-assisted MEC Networks 计算机科学, 2022, 49(6A): 601-605. https://doi.org/10.11896/jsjkx.210200114 |
[7] | 胥昊, 曹桂均, 闫璐, 李科, 王振宏. 面向铁路集装箱的高可靠低时延无线资源分配算法 Wireless Resource Allocation Algorithm with High Reliability and Low Delay for Railway Container 计算机科学, 2022, 49(6): 39-43. https://doi.org/10.11896/jsjkx.211200143 |
[8] | 武玉坤, 李伟, 倪敏雅, 许志骋. 单类支持向量机融合深度自编码器的异常检测模型 Anomaly Detection Model Based on One-class Support Vector Machine Fused Deep Auto-encoder 计算机科学, 2022, 49(3): 144-151. https://doi.org/10.11896/jsjkx.210100142 |
[9] | 冷佳旭, 谭明圮, 胡波, 高新波. 基于隐式视角转换的视频异常检测 Video Anomaly Detection Based on Implicit View Transformation 计算机科学, 2022, 49(2): 142-148. https://doi.org/10.11896/jsjkx.210900266 |
[10] | 马力文, 周颖. 改善STARTUP阶段空窗现象的BBR单边适应算法 BBR Unilateral Adaptation Algorithm for Improving Empty Window Phenomenon in STARTUP Phase 计算机科学, 2022, 49(2): 321-328. https://doi.org/10.11896/jsjkx.201200266 |
[11] | 周士金, 邢红杰. 基于记忆增强 GAN 的异常检测 Memory-augmented GAN-based Anomaly Detection 计算机科学, 2022, 49(11A): 211000202-9. https://doi.org/10.11896/jsjkx.211000202 |
[12] | 刘意, 毛莺池, 程杨堃, 高建, 王龙宝. 基于邻域一致性的异常检测序列集成方法 Locality and Consistency Based Sequential Ensemble Method for Outlier Detection 计算机科学, 2022, 49(1): 146-152. https://doi.org/10.11896/jsjkx.201000156 |
[13] | 李双秋, 余志斌, 杨玲, 张译方, 刘莉萍. 无线帧间隔特征提取方法 Extraction Method of Wireless Frame Interval Feature 计算机科学, 2021, 48(9): 286-291. https://doi.org/10.11896/jsjkx.201100130 |
[14] | 张叶, 李志华, 王长杰. 基于核密度估计的轻量级物联网异常流量检测方法 Kernel Density Estimation-based Lightweight IoT Anomaly Traffic Detection Method 计算机科学, 2021, 48(9): 337-344. https://doi.org/10.11896/jsjkx.200600108 |
[15] | 侯春萍, 赵春月, 王致芃. 基于自反馈最优子类挖掘的视频异常检测算法 Video Abnormal Event Detection Algorithm Based on Self-feedback Optimal Subclass Mining 计算机科学, 2021, 48(7): 199-205. https://doi.org/10.11896/jsjkx.200800146 |
|