计算机科学

计算机科学 ›› 2025, Vol. 52 ›› Issue (6): 397-404.doi: 10.11896/jsjkx.240400133

• 信息安全 • 上一篇    下一篇

物联网数据流威胁致效机理研究

孙瑞杰1, 李鹏1,2,3, 朱枫1   

  1. 1 南京邮电大学计算机学院 南京 210023
    2 国家高性能计算中心南京分中心 南京 210023
    3 南京邮电大学网络安全和可信计算研究所 南京 210023
  • 收稿日期:2024-04-17 修回日期:2024-10-08 出版日期:2025-06-15 发布日期:2025-06-11
  • 通讯作者: 李鹏(lipeng@njupt.edu.cn)
  • 作者简介:(2023040512@njupt.edu.cn)
  • 基金资助:
    江苏省六大人才高峰高层次人才项目(RJFW-111);江苏省研究生科研与实践创新计划项目(KYCX24_1227)

Study on Efficacy Mechanism for IoT Data Flow Threats

SUN Ruijie1, LI Peng1,2,3, ZHU Feng1   

  1. 1 School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China
    2 Nanjing Center of HPC China,Nanjing 210023,China
    3 Institute of Network Security and Trusted Computing of NUPT,Nanjing 210023,China
  • Received:2024-04-17 Revised:2024-10-08 Online:2025-06-15 Published:2025-06-11
  • About author:SUN Ruijie,born in 2000,postgraguate.His main research interests include network traffic security and watermark of large language models.
    LI Peng,born in 1979,Ph.D,professor,Ph.D supervisor,is a member of CCF(No.48573M).His main research interests include computer communication networks,cloud computing and information security.
  • Supported by:
    Six Talent Peaks Project of Jiangsu Province(RJFW-111) and Postgraduate Research and Practice Innovation Program of Jiangsu Province(KYCX24_1227).

PDF (PC)

101

摘要: 随着物联网设备的数量呈爆炸性增长,针对物联网设备的攻击手段也开始变得多样且隐蔽。基于机器学习的检测方法已经得到广泛的研究,并具有巨大的潜力。然而,这些模型被认为是黑匣子,很难解释其分类结果,因此无法说明物联网威胁特有的手段与模式。为了解决这个问题,文中基于ATT&CK框架,构建了技术-特征字典,将攻击技术进行了流量的特征化描述;并构建了威胁-技术数据库,将网络威胁分解到了攻击技术层面。文中设计了基于致效机理的威胁检测模型,构建了实时流量特征矩阵,归纳了流量受到的攻击技术,将技术序列代入威胁-技术数据库,得到可能受到的威胁及其概率。实验结果表明,所提模型对于数据集中的威胁检测率高达99.595%,与传统方法效果相当,并且可以根据实验环境需要调节误报率,为分析人员提供了可靠的攻击路径解释。

关键词: 物联网数据流, 威胁检测, 致效机理, ATT&CK框架

Abstract: With the explosive growth in the number of IoT devices,the means of attacking IoT devices have also become diverse and covert.Machine learning-based detection methods have been actively researched and shown great potential.However,these models are considered black boxes,making it difficult to explain their classification results and thus unable to explain the specific means and patterns of IoT threats.To address this issue,this paper constructs a technology-feature dictionary based on ATT&CK framework,characterizing attack techniques with traffic features,and builds a threat-technology database,decomposing network threats into the level of attack techniques.This paper designs a threat detection model based on an efficacy mechanism,constructs a real-time traffic feature matrix,summarizes the attack techniques suffered by the traffic,and inputs the technical sequence into the threat-technology database to obtain the possible threats and their probabilities.Experimental results show that the proposed model achieves a threat detection rate as high as 99.595% in the dataset,which is compared to traditional methods.Moreover,it can adjust the false positive rate according to the experimental environment and provides reliable attack path explanations for analysts.

Key words: IoT data flow, Threat detection, Efficacy mechanism, ATT&CK framework

中图分类号: 

  • TP393.08
[1]SHANG Y,LI P,ZHU F,et al.Overview of IoT traffic attack detection technology based on fuzzy logic[J].Computer Science,2024,51(3):3-13.
[2]ANITHA V,KUMAR C G N,KUCHIPUDI R,et al.Cybersecurity in Internet of Things Networks using Deep Learning Models[C]//2023 International Conference on Sustainable Computing and Data Communication Systems(ICSCDS).IEEE,2023:1090-1095.
[3]DIRO A,CHILAMKURTI N,NGUYEN V D,et al.A comprehensive study of anomaly detection schemes in IoT networks using machine learning algorithms[J].Sensors,2021,21(24):8320.
[4]DEORANKAR A V,THAKARE S S.Survey on anomaly detec-tion of(iot)-internet of things cyberattacks using machine lear-ning[C]//2020 Fourth International Conference on Computing Methodologies and Communication(ICCMC).IEEE,2020:115-117.
[5]GU Z,WANG Z,GUO J,et al.5G power failure terminal threat detection based on atomized zero-trust component[J].Computer Engineering,2023,49(2):161-168.
[6]DING D,SAVI M,SIRACUSA D.Tracking normalized network traffic entropy to detect DDoS attacks in P4[J].IEEE Transactions on Dependable and Secure Computing,2021,19(6):4019-4031.
[7]VUGRIN E D,HANSON S,CRUZ J,et al.Experimental Validation of a Command and Control Traffic Detection Model[J].IEEE Transactions on Dependable and Secure Computing,2023,21(3):1084-1097.
[8]HAJI S H,AMEEN S Y.Attack and anomaly detection in IoTnetworks using machine learning techniques:A review[J].Asian Journal of Research in Computer Science,2021,9(2):30-46.
[9]XIAO X,XIAO W,LI R,et al.EBSNN:Extended byte segment neural network for network traffic classification[J].IEEE Transactions on Dependable and Secure Computing,2021,19(5):3521-3538.
[10]QIU X,ZHANG L,REN Y,et al.Ensemble deep learning forregression and time series forecasting[C]//2014 IEEE Sympo-sium on Computational Intelligence in Ensemble learning(CIEL).IEEE,2014:1-6.
[11]XIONG W,LEGRAND E,ÅBERG O,et al.Cyber security threatmodeling based on the MITRE Enterprise ATT&CK Matrix[J].Software and Systems Modeling,2022,21(1):157-177.
[12]AL-SHAER R,SPRING J M,CHRISTOU E.Learning the associations of mitre att & ck adversarial techniques[C]//2020 IEEE Conference on Communications and Network Security(CNS).IEEE,2020:1-9.
[13]GEORGIADOU A,MOUZAKITIS S,ASKOUNIS D.Assessing mitre att&ck risk using a cyber-security culture framework[J].Sensors,2021,21(9):3267.
[14]KWON R,ASHLEY T,CASTLEBERRY J,et al.Cyber threatdictionary using mitre att&ck matrix and nist cybersecurity framework mapping[C]//2020 Resilience Week(RWS).IEEE,2020:106-112.
[15]HAQUE M A,SHETTY S,KAMHOUA C A,et al.Adversarial Technique Validation & Defense Selection Using Attack Graph & ATT&CK Matrix[C]//2023 International Conference on Computing,Networking and Communications(ICNC).IEEE,2023:181-187.
[16]NOUR M.The UNSW-NB15 Dataset [EB/OL].https://paperswithcode.com/dataset/unsw-nb15.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发