计算机科学

计算机科学 ›› 2025, Vol. 52 ›› Issue (2): 380-387.doi: 10.11896/jsjkx.231200168

• 信息安全 • 上一篇    

基于RFFAD_DeepSVDD的低功耗蓝牙欺骗攻击检测技术

闫廷聚, 曹琰, 王依菁   

  1. 郑州大学网络空间安全学院 郑州 450002
  • 收稿日期:2023-12-23 修回日期:2024-06-24 出版日期:2025-02-15 发布日期:2025-02-17
  • 通讯作者: 曹琰(ieycao@zzu.edu.cn)
  • 作者简介:(857855762@qq.com)
  • 基金资助:
    嵩山实验室资助项目(232102210124);河南省重大科技专项(241110210100)

Low-power Bluetooth Spoofing Attack Detection Technology Based on RFFAD_DeepSVDD

YAN Tingju, CAO Yan, WANG Yijing   

  1. School of Cyber Science and Engineering,Zhengzhou University,Zhengzhou 450002,China
  • Received:2023-12-23 Revised:2024-06-24 Online:2025-02-15 Published:2025-02-17
  • About author:YAN Tingju,born in 1999,postgraduate.His main research interests include Bluetooth low energy physical layer security and radio frequency fingerprin-ting.
    CAO Yan,born in 1983,Ph.D,is a member of CCF(No 17447S).His main research interests include network and system security,binary reverse and vulnerability discovery.
  • Supported by:
    Songshan Laboratory Funded Project(232102210124) and Major Science and Technology Projects of Henan Province(241110210100).

PDF (PC)

106

摘要: 针对现有低功耗蓝牙(BLE)欺骗攻击检测技术准确率低的问题,提出了一种基于异常指纹的BLE欺骗攻击检测技术,将攻击者的射频指纹作为异常数据,把欺骗攻击检测建模为异常检测问题;设计了一种基于深度支持向量描述(Deep Support Vector Data Description,DeepSVDD)的异常指纹检测模型——RFFAD_DeepSVDD,并使用残差单元构建网络模型,有效缓解了机器学习异常检测算法非线性特征提取不足的问题。采用预训练自编码器获取最优初始化参数,极大增强了模型边界决策能力。在异常检测实验中,该模型准确率达到95.47%,相比基于机器学习的异常检测模型平均提升8.92%;在欺骗攻击检测实验中,该方法相比现有欺骗攻击检测技术在攻击节点运动与静止状态下均表现出更好的性能,能够准确检测并识别出中间人攻击、冒充攻击、重连接欺骗攻击3种欺骗攻击。

关键词: BLE, 欺骗攻击, 射频指纹, 异常检测, DeepSVDD

Abstract: Aiming at the problem of low accuracy rate of existing low-power Bluetooth spoofing attack detection techniques,a BLE spoofing attack detection technique based on anomalous fingerprints is proposed,which takes the attacker's RF fingerprints as anomalous data and models spoofing attack detection as an anomalous detection problem.This paper designs an anomalous fingerprint detection model—RFFAD_DeepSVDD,based on deep support vector data description(DeepSVDD),which uses the residual unit to construct a network model,effectively alleviating the problem of insufficient nonlinear feature extraction of machine learning anomaly detection algorithm.Pre-trained auto-encoder is used to obtain the optimal initialization parameter,which greatly enhances the model's boundary decision-making ability.In the anomaly detection experiments,the accuracy of the model reaches 95.47%,an average improvement of 8.92% compared with the machine learning-based anomaly detection model;in the spoofing attack detection experiments,compared with the existing spoofing attack detection techniques in the attack node movement and stationary state,the proposed method shows better performance,and can accurately detect and identify man-in-the-middle attack,impersonation attack,and reconnection spoofing attackthree kinds of spoofing attacks.

Key words: BLE, Spoofing attack, RF fingerprint, Anomaly detection, DeepSVDD

中图分类号: 

  • TP309
[1]MELAMED T.An active man-in-the-middle attack on bluetooth smart devices[J].Safety and Security Studies,2018,8(2):200-211.
[2]OLIFF W,FILIPPOUPOLITIS A,LOUKAS G.Evaluating the impact of malicious spoofing attacks on Bluetooth low energy based occupancy detection systems[C]//2017 IEEE 15th International Conference on Software Engineering Research,Management and Applications(SERA).IEEE,2017:379-385.
[3]WU J,NAN Y,KUMAR V,et al.{BLESA}:Spoofing attacksagainst reconnections in bluetooth low energy[C]//14th USENIX Workshop on Offensive Technologies(WOOT 20).2020.
[4]XU W,TRAPPE W,ZHANG Y,et al.The feasibility of launching and detecting jamming attacks in wireless networks[C]//Proceedings of the 6th ACM international symposium on Mobile ad hoc networking and computing.2005:46-57.
[5]YURDAGUL M A,SENCAR H T.BLEKeeper:Response Time Behavior Based Man-In-The-Middle Attack Detection[C]//2021 IEEE Security and Privacy Workshops(SPW).IEEE,2021:214-220.
[6]WU J,NAN Y,KUMAR V,et al.{BlueShield}:Detecting spoofing attacks in bluetooth low energy networks[C]//23rd International Symposium on Research in Attacks,Intrusions and Defenses(RAID 2020).2020:397-411.
[7]ZHOU X,HU A,LI G,et al.A robust radio-frequency fingerprint extractionscheme for practical device recognition[J].IEEE Internet of Things Journal,2021,8(14):11276-11289.
[8]SHEN G,ZHANG J,MARSHALL A,et al.Towards scalable and channel-robust radio frequency fingerprint identification for LoRa[J].IEEE Transactions on Information Forensics and Security,2022,17:774-787.
[9]ZHANG J,SHEN G,SAAD W,et al.Radio Frequency Fingerprint Identification for Device Authentication in the Internet of Things[J].IEEE Communications Magazine,2023,61(10):110-115.
[10]TIAN Q,LIN Y,GUO X,et al.New security mechanisms ofhigh-reliability IoT communication based on radio frequency fingerprint[J].IEEE Internet of Things Journal,2019,6(5):7980-7987.
[11]NILSSON D,YAN W.Identifying Bluetooth Low Energy Devices[C]//Proceedings of the 19th ACM Conference on Embedded Networked Sensor Systems.2021:375-376.
[12]NILSSON D.Identifying Bluetooth Low Energy Devices viaPhysical-Layer Hardware Impairments[J/OL].https://www.diva-portal.org/smash/record.jsf?pid=diva2%3A1648267&dswid=-1696.
[13]TU Y,ZHANG Z,LI Y,et al.Research on the Internet ofThings device recognition based on RF-fingerprinting[J].IEEE Access,2019,7:37426-37431.
[14]ZHANG X,HUANG Y,TIAN Y,et al.Noise-like Features Assisted GNSS Spoofing Detection Based on Convolutional Autoencoder[J].IEEE Sensors Journal,2023,23(20):25473-25486.
[15]QI L,YANG Y,ZHOU X,et al.Fast anomaly identificationbased on multiaspect data streams for intelligent intrusion detection toward secure industry 4.0[J].IEEE Transactions on Industrial Informatics,2021,18(9):6503-6511.
[16]HWANG C,LEE T.E-SFD:Explainable sensor fault detection in the ICS anomaly detection system[J].IEEE Access,2021,9:140470-140486.
[17]SARMADI H,KARAMODIN A.A novel anomaly detectionmethod based on adaptive Mahalanobis-squared distance and one-class kNNrule for structural health monitoring under environmental effects[J].Mechanical Systems and Signal Proces-sing,2020,140:106495.
[18]XU H,PANG G,WANG Y,et al.Deep isolation forest for anomaly detection[C]//IEEE Transactions on Knowledge and Data Engineering.2023:1-14.
[19]LI X,ZHANG H,MIAO Y,et al.Can bus messages abnormal detection using improved svdd in internet of vehicles[J].IEEE Internet of Things Journal,2021,9(5):3359-3371.
[20]CHALAPATHY R,MENON A K,CHAWLA S.Anomaly detection using one-class neural networks[J].arXiv:1802.06360,2018.
[21]RUFF L,VANDERMEULEN R,GOERNITZ N,et al.Deepone-classclassification[C]//International Conference on Machine Learning.PMLR,2018:4393-4402.
[22]OZA P,PATEL V M.One-class convolutional neural network[J].IEEE Signal Processing Letters,2018,26(2):277-281.
[23]ERFANI M,SHOELEH F,GHORBANI A A.Financial frauddetection using deep support vector data description[C]//2020 IEEE International Conference on Big Data(Big Data).IEEE,2020:2274-2282.
[24]CHEN X,CAO C,MAI J.Network anomaly detection based on deep support vector data description[C]//2020 5th IEEE International Conference on Big Data Analytics(ICBDA).IEEE,2020:251-255.
[25]Konstantin Tcholokachvili,Damien Cauquil.GitHub - DigitalSecurity/btlejuice:BtleJuice Bluetooth Smart(LE) Man-in-the-Middle framework[EB/OL].[2023-12-22].https://github.com/DigitalSecurity/btlejuice.
[26]BINBUSAYYIS A,VAIYAPURI T.Unsupervised deep lear-ning approach for network intrusion detection combining convolutional autoencoder and one-class SVM[J].Applied Intelligence,2021,51(10):7094-7108.
[27]YANG J,YANG X,ZHANG Z.A High-dimensional Anomaly Detection Algorithm Based on IForest with Autoencoder[C]//2022 4th International Conference on Data-driven Optimization of Complex Systems(DOCS).IEEE,2022:1-5.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发