计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (11A): 240100137-9.doi: 10.11896/jsjkx.240100137

• 信息安全 • 上一篇    下一篇

基于加权特征融合的物联网设备识别方法

曹伟康1,2, 林宏刚1,2,3   

  1. 1 成都信息工程大学网络空间安全学院(芯谷产业学院) 成都 610225
    2 先进密码技术与系统安全四川省重点实验室 成都 610225
    3 网络空间安全态势感知与评估安徽省重点实验室 合肥 230037
  • 出版日期:2024-11-16 发布日期:2024-11-13
  • 通讯作者: 林宏刚(linhg@cuit.edu.cn)
  • 作者简介:(205105784@qq.com)
  • 基金资助:
    国家242信息安全计划项目(2021-037);网络空间安全态势感知与评估安徽省重点实验室课题(CSSAE-2021-002)

IoT Devices Identification Method Based on Weighted Feature Fusion

CAO Weikang1,2, LIN Honggang1,2,3   

  1. 1 School of Cyber Security(Xin Gu Industrial College),Chengdu University of Information Technology,Chengdu 610225,China
    2 Sichuan Provincial Key Laboratory of Advanced Cryptography and System Security,Chengdu 610225,China
    3 Anhui Key Laboratory of Cyberspace Security Situational Awareness and Assessment,Hefei 230037,China
  • Online:2024-11-16 Published:2024-11-13
  • About author:CAO Weikang,born in 1999,postgraduate.His main research interests include cyberspace security and so on.
    LIN Honggang,born in 1976,Ph.D,professor.His main research interests include Internet of things security,network and system security
  • Supported by:
    National 242 Information Security Program project(2021-037) and Cyberspace Security Situation Awareness and Assessment,Anhui Province Key Laboratory(CSSAE-2021-002).

PDF (PC)

156

摘要: 物联网设备识别在设备管理和网络安全等领域具有极为重要的作用,它不仅有助于管理员及时审查网络资产,还能将设备信息与潜在漏洞信息相互关联,及时发现潜在的安全风险。目前的物联网设备识别方法存在没有充分利用物联网设备的特征,并且在样本不平衡的情况下难以识别出样本较少的设备等问题。针对上述问题,文中提出了一种基于加权特征融合的物联网设备识别方法,设计了TextCNN-BiLSTM_Attention并行结构,分别提取物联网设备应用层服务信息的局部特征和上下文特征;提出了一种加权特征融合算法对不同模型提取的特征进行融合;最后采用多层感知机完成设备识别。实验结果表明,该方法能更全面地提取物联网设备特征,在数据不平衡的情况下识别出样本较少的设备,宏平均精准率比现有方法提升了2.6%~12.85%,具有良好的表征能力和泛化能力,且在识别效率方面优于CNN_LSTM等多模型方法。

关键词: 物联网, 设备识别, TextCNN, BiLSTM_Attention, 特征提取, 加权特征融合

Abstract: IoT device identification plays an extremely important role in the field of device management and network security,which not only helps administrators review network assets in a timely manner,but also correlates device information with potential vulnerability information to discover potential security risks in a timely manner.The current IoT device identification methods do not make full use of the characteristics of iot devices,and it is difficult to identify devices with fewer samples in the case of unbalanced samples.To solve the above problems,this paper proposes a weighted feature fusion based method for IoT device recognition.A parallel structure of TextCNN-BiLSTM_Attention is designed to extract the local features and context features of the application layer service information of networked devices respectively.A weighted feature fusion algorithm is proposed to fuse the features extracted from different models.Finally,multi-layer perceptron is used to recognize the device.Experimental results show that the proposed method can extract the features of networked devices more comprehensively,identify devices with fewer samples under the condition of data imbalance,and the macro average precision rate is improved by 2.6%~12.85% compared with the existing methods,which has good characterization and generalization abilities,and is superior to multi-model methods such as CNN_LSTM in recognition efficiency.

Key words: Internet of Things, Equipment identification, TextCNN, BiLSTM_Attention, Feature extraction, Weighted feature fusion

中图分类号: 

  • TP393
[1]KOUICEM D E,BOUABDALLAH A,LAKHLEF H.Internet of things security:A top-down survey[J].Computer Networks,2018,141:199-221.
[2]KHAN M A,QUASIM M T,ALGARNI F,et al.Internet ofthings:On the opportunities,applications and open challenges in Saudi Arabia[C]//2019 International Conference on Advances in the Emerging Computing Technologies(AECT).IEEE,2020:1-5.
[3]ANTONAKAKIS M,APRIL T,BAILEY M,et al.Understanding the mirai botnet[C]//26th USENIX Security Symposium(USENIX Security 17).2017:1093-1110.
[4]FAN L,ZHANG S,WU Y,et al.An IoT device identification method based on semi-supervised learning[C]//2020 16th International Conference on Network and Service Management(CNSM).IEEE,2020:1-7.
[5]FENG X,LI Q,WANG H,et al.Acquisitional rule-based engine for discovering {Internet-of-Things} devices[C]//27th USENIX security symposium(USENIX Security 18).2018:327-341.
[6]FAN L N,LI C L,WU Y C,et al.Iot equipment identification and anomaly detection research review [J/OL].Journal of software,2024(1):288-308.https://doi.org/10.13328/j.cnki.jos.006818.
[7]CHUNG W H,GU Y H,YOO S J.CHP Engine Anomaly Detection Based on Parallel CNN-LSTM with Residual Blocks and Attention[J].Sensors,2023,23(21):8746.
[8]BREMLER-BARR A,LEVY H,YAKHINI Z.Iot or not:Identifying iot devices in a short time scale[C]//2020 IEEE/IFIP Network Operations and Management Symposium(NOMS 2020).IEEE,2020:1-9.
[9]REDONDO J M,CUESTA D.Towards improving productivity in nmap security audits[J].Journal of Web Engineering,2019,18(7):539-577.
[10]DURUMERIC Z,ADRIAN D,MIRAIN A,et al.A search engine backed by Internet-wide scanning[C]//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security.2015:542-553.
[11]MIETTINEN M,MARCHAL S,HAFEEZ I,et al.Iot sentinel:Automated device-type identification for security enforcement in iot[C]//2017 IEEE 37th international conference on distributed computing systems(ICDCS).IEEE,2017:2177-2184.
[12]KOSTAS K,JUST M,LONES M A.IoTDevID:A behavior-based device identification method for the IoT[J].IEEE Internet of Things Journal,2022,9(23):23741-23749.
[13]SIVANATHAN A,SHERRATT D,GHARAKHEILI H H,et al.Characterizing and classifying IoT traffic in smart cities and campuses[C]//2017 IEEE Conference on Computer Communications Workshops(INFOCOM WKSHPS).IEEE,2017:559-564.
[14]LI R G,DUAN P Y,SHEN M,et al.Traffic classification algorithm for Internet of Things devices based on Random forest [J].Journal of Beijing University of Aeronautics and Astronautics,2022,48(2):233-239.
[15]ZHU B Y,CHEN X,SHA L T,et al.Two-layer iot device classification recognition Model based on traffic and text fingerprint [J].Computer Science,2023,50(8):304-313.
[16]LIU D D,HAN Y,LIU X Y,et al.Smart Home recognition method based on WiFi data frame feature [J].Computer Engineering and Applications,2023,59(15):274-280.
[17]YAO L,ZHUANG H,SU Q,et al.Automatic smart deviceidentification based on web fingerprint and neural network[C]//Proceedings of the 2021 3rd International Conference on Big-data Service and Intelligent Computation.2021:33-41.
[18]WAN S,LI Q,WANG H,et al.DevTag:A Benchmark for Fingerprinting IoT Devices[J].IEEE Internet of Things Journal,2022,10(7):6388-6399.
[19]CHEN Q G,DU Y H,HAN Y,et al.Iot device recognition mod-el based on deep separable Convolution [J].Information Network Security,201,21(9):67-73.
[20]YIN F,YANG L,WANG Y,et al.Iot etei:End-to-end iot device identification method[C]//2021 IEEE Conference on Dependable and Secure Computing(DSC).IEEE,2021:1-8.
[21]WANG Z H.Iot device identification method based on hybrid structure of LCNN and LSTM [J].Information Network Security,2023,23(6):43-54.
[22]TANG Y Z G,LU S D,QIAN L F,et al.IDFE:Fingerprint deep extraction method for iot device recognition [J/OL].Computer engineering and application:1-15.http://kns.cnki.net/kcms/detail/11.2127.tp.20230920.1333.054.html.
[23]DEVLIN J,CHANG M W,LEE K,et al.Bert:Pre-training of deep bidirectional transformers for language understanding[J].arXiv:1810.04805,2018.
[24]GREFF K,SRIVASTAVA R K,KOUTNÍK J,et al.LSTM:A search space odyssey[J].IEEE Transactions on Neural Networks and Learning Systems,2016,28(10):2222-2232.
[25]JOHNSON R,ZHANG T.Deep pyramid convolutional neuralnetworks for text categorization[C]//Proceedings of the 55th Annual Meeting of the Association for Computational Linguistics(Volume 1:Long Papers).2017:562-570.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发