基于流量指纹的物联网设备识别方法和物联网安全模型

doi:10.11896/jsjkx.190700199

Abstract

Abstract: The large-scale deployment of the Internet of Things makes it possible for vulnerable IoT devices to be connected to the network.When an attacker uses a vulnerable device to access the target internal network,it can lurk to wait for an attack.To prevent such attacks,it is necessary to develop a security mechanism for access control of suspicious devices and management of internal devices.Firstly,in order to realize the access control of suspicious devices,a device identification method is given in this paper.By setting a white list,a communication traffic feature fingerprint is constructed,and a random forest method is used to train the device identification model.Secondly,to manage internal devices,an intelligent security management model is proposed to build an ontology threat model based on assets,vulnerabilities and security mechanisms.Finally,the experimental results verify the detection performance of the device recognition model,the recognition accuracy rate is above 96%.Compared with theexisting similar methods,the results prove that the proposed method has better detection stability.

Key words: IoT device identification, Ontology threat modeling, Random forest, Traffic feature extraction, White list

CLC Number:

TP393

YANG Wei-chao, GUO Yuan-bo, LI Tao, ZHU Ben-quan. Method Based on Traffic Fingerprint for IoT Device Identification and IoT Security Model[J].Computer Science, 2020, 47(7): 299-306.

References

[1]HOWELL J.Number of connected iot devices will surge to 125 billion by 2030.[EB/OL].(2018-11-07)[2019-07-15].https://technology.ihs.com/596542/.
[2]BORGIA E.The Internet of Things vision:Key features,applications and open issues[J].Computer Communications,2014,1(1):1-31.
[3]RESTUCCIA F,D’ORO S,MELODIA T.Securing the internet of things:New perspectives and research challenges[J].IEEE Internet of Things Journal,2018,1(1):1-14.
[4]STANKOVIC J A.Research directions for the internet of things[J].IEEE Internet of Things Journal,2014,1(1):3-9.
[5]PACHECO J,HARIRI S.IoT security framework for smart cyber infrastructures[C]//2016 IEEE 1st International Workshops on Foundations and Applications of Self^* Systems (FAS*W).IEEE,2016:242-247.
[6]CALERO.3 Ways the Internet of Things will Impact Enterprise Security[EB/OL].(2018-06-17)[2019-7-15].https://www.calero.com/mobility-service-support/3-ways-the-internet-of-things-will-impact-enterprise-security/.
[7]BOZTAS A,RIETHOVEN A,ROELOFFS M.Smart TV forensics:Digital traces on televisions.[EB/OL].https://doi.org/10.1016/j.diin.2015.01.012.
[8]SAM B.WikiLeaks Dump Shows CIA Could Turn Smart TVs into Listening Devices[EB/OL].https://theintercept.com/2017/03/07/wikileaks-dump-shows-cia-could-turn-smart-tvs-into-listening-devices.
[9]CACHE J.Fingerprinting 802.11 implementations via statistical analysis of the duration field[J].Uninformed.org,2006,5.
[10]FRANKLIN J,MCCOY D,TABRIZ P,et al.Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting[C]//USENIX Security Symposium.2006:16-89.
[11]BOJINOV H,MICHALEVSKY Y,NAKIBLY G,et al.Mobile device identification via sensor fingerprinting[J].arXiv:1408.1416.
[12]VAN G T,SCHEEPERS W,PREUVENEERS D,et al.Accelerometer-based device fingerprinting for multi-factor mobile authentication[C]//International Symposium on Engineering Secure Software and Systems.Cham:Springer,2016:106-121.
[13]MEIDAN Y,BOHADANA M,SHABTAI A,et al.Detection of unauthorized iot devices using machine learning techniques[J].arXiv:1709.04647.
[14]NGUYEN T D,MARCHAL S,MIETTINEN M,et al.Diot:A crowdsourced self-learning approach for detecting compromised iot devices[J].arXiv:1804.07474.
[15]MEIDAN Y,BOHADANA M,SHABTAI A,et al.ProfilIoT:a machine learning approach for IoT device identification based on network traffic analysis[C]//Proceedings of the Symposium on Applied Computing.ACM,2017:506-509.
[16]SHAIKH F,BOU-HARB E,CRICHIGNO J,et al.A Machine Learning Model for Classifying Unsolicited IoT Devices by Observing Network Telescopes[C]//2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC).IEEE,2018:938-943.
[17]SALMAN O,CHADDAD L,ELHAJJ I H,et al.Pushing intelligence to the network edge[C]//2018 Fifth International Conference on Software Defined Systems (SDS).IEEE,2018:87-92.
[18]THANGAVELU V,DIVAKARAN D M,SAIRAM R,et al.Deft:A distributed iot fingerprinting technique[J].IEEE Internet of Things Journal,2018,6(1):940-952.
[19]MIETTINEN M,MARCHAL S,HAFEEZ I,et al.IoT Senti-nel:Automated device-type identification for security enforcement in IoT[C]//2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).IEEE,2017:2177-2184.
[20]DIRO A A,CHILAMKURTI N.Distributed attack detectionscheme using deep learning approach for Internet of Things[J].Future Generation Computer Systems,2018,82(1):761-768.
[21]FAURI D,KAPSALAKIS M,DOSSANTOS D R,et al.Role In-ference+ Anomaly Detection= Situational Awareness in BAC-
net Networks[C]//International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment.Cham:Springer,2019:461-481.
[22]MILOSLAVSKAYA N,TOLSTOY A.Internet of Things:information security challenges and solutions[J].Cluster Computing,2019,1(1):1-17.
[23]NAWIR M,AMIR A,YAAKOB N,et al.Internet of Things(IoT):Taxonomy of security attacks[C]//2016 3rd International Conference on Electronic Design (ICED).IEEE,2016:321-326.
[24]PACHECO J,ZHU X,BADR Y,et al.Enabling risk management for smart infrastructures with an anomaly behavior analysis intrusion detection system[C]//2017 IEEE 2nd International Workshops on Foundations and Applications of Self^* Systems (FAS* W).IEEE,2017:324-328.
[25]MOZZAQUATRO B,AGOSTINHO C,GONCALVES D,et al.An Ontology-Based Cybersecurity Framework for the Internet of Things[J].Sensors,2018,18(9):3053-3061.
[26]MOZZAQUATRO B A,JARDIM-GONCALVES R,Agostinho C.Towards a Reference Ontology for Security in the Internet of Things[C]//IEEE International Workshop on Measurement & Networking 2015.IEEE,2015:289-296.
[27]HERZOG A,SHAHMEHRI N,DUMA C.An ontology of information security[J].International Journal of Information Security and Privacy (IJISP),2007,1(4):1-23.
[28]FENZ S,EKELHART A.Formalizing information securityknowledge[C]//Proceedings of the 4th International Symposiumon Information,Computer,and Communications Security.ACM,2009:183-194.
[29]UNDERCOFFER J,JOSHI A,PINKSTON J.Modeling com-puter attacks:An ontology for intrusion detection[C]//International Workshop on Recent Advances in Intrusion Detection.Berlin:Springer,2003:113-135.
[30]ACRIS.IoT devices setup captures (IoT Sentinel experiments) [EB/OL].https:// research.Aalto.fi/files/1150458/captures IoT Sentinel.zip.

Related Articles 15

[1]	GAO Zhen-zhuo, WANG Zhi-hai, LIU Hai-yang. Random Shapelet Forest Algorithm Embedded with Canonical Time Series Features [J]. Computer Science, 2022, 49(7): 40-49.
[2]	HU Yan-yu, ZHAO Long, DONG Xiang-jun. Two-stage Deep Feature Selection Extraction Algorithm for Cancer Classification [J]. Computer Science, 2022, 49(7): 73-78.
[3]	QUE Hua-kun, FENG Xiao-feng, LIU Pan-long, GUO Wen-chong, LI Jian, ZENG Wei-liang, FAN Jing-min. Application of Grassberger Entropy Random Forest to Power-stealing Behavior Detection [J]. Computer Science, 2022, 49(6A): 790-794.
[4]	WANG Wen-qiang, JIA Xing-xing, LI Peng. Adaptive Ensemble Ordering Algorithm [J]. Computer Science, 2022, 49(6A): 242-246.
[5]	ZHANG Xiao-qing, FANG Jian-sheng, XIAO Zun-jie, CHEN Bang, Risa HIGASHITA, CHEN Wan, YUAN Jin, LIU Jiang. Classification Algorithm of Nuclear Cataract Based on Anterior Segment Coherence Tomography Image [J]. Computer Science, 2022, 49(3): 204-210.
[6]	LIU Zhen-yu, SONG Xiao-ying. Multivariate Regression Forest for Categorical Attribute Data [J]. Computer Science, 2022, 49(1): 108-114.
[7]	YANG Xiao-qin, LIU Guo-jun, GUO Jian-hui, MA Wen-tao. Full Reference Color Image Quality Assessment Method Based on Spatial and Frequency Domain Joint Features with Random Forest [J]. Computer Science, 2021, 48(8): 99-105.
[8]	ZHENG Jian-hua, LI Xiao-min, LIU Shuang-yin, LI Di. Improved Random Forest Imbalance Data Classification Algorithm Combining Cascaded Up-sampling and Down-sampling [J]. Computer Science, 2021, 48(7): 145-154.
[9]	CAO Yang-chen, ZHU Guo-sheng, QI Xiao-yun, ZOU Jie. Research on Intrusion Detection Classification Based on Random Forest [J]. Computer Science, 2021, 48(6A): 459-463.
[10]	LI Na-na, WANG Yong, ZHOU Lin, ZOU Chun-ming, TIAN Ying-jie, GUO Nai-wang. DDoS Attack Random Forest Detection Method Based on Secondary Screening of Feature Importance [J]. Computer Science, 2021, 48(6A): 464-467.
[11]	XU Jia-qing, HU Xiao-yue, TANG Fu-qiao, WANG Qiang, HE Jie. Detecting Blocking Failure in High Performance Interconnection Networks Based on Random Forest [J]. Computer Science, 2021, 48(6): 246-252.
[12]	ZHOU Yi-min, LIU Fang-zheng , WANG Yong. IPSec VPN Encrypted Traffic Identification Based on Hybrid Method [J]. Computer Science, 2021, 48(4): 295-302.
[13]	ZHANG Tian-rui, WEI Ming-qi, GAO Xiu-xiu. Prediction Model of Bubble Dissolution Time in Selective Laser Sintering Based on IPSO-WRF [J]. Computer Science, 2021, 48(11A): 638-643.
[14]	LIU Zhen-peng, SU Nan, QIN Yi-wen, LU Jia-huan, LI Xiao-fei. FS-CRF:Outlier Detection Model Based on Feature Segmentation and Cascaded Random Forest [J]. Computer Science, 2020, 47(8): 185-188.
[15]	ZHAO Rui-jie, SHI Yong, ZHANG Han, LONG Jun, XUE Zhi. Webshell File Detection Method Based on TF-IDF [J]. Computer Science, 2020, 47(11A): 363-367.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

Comments

Recommended 0

No Suggested Reading articles found!

Method Based on Traffic Fingerprint for IoT Device Identification and IoT Security Model

PDF (PC)