Computer Science ›› 2021, Vol. 48 ›› Issue (9): 337-344.doi: 10.11896/jsjkx.200600108

• Information Security • Previous Articles     Next Articles

Kernel Density Estimation-based Lightweight IoT Anomaly Traffic Detection Method

ZHANG Ye, LI Zhi-hua, WANG Chang-jie   

  1. School of Artificial Intelligence and Computer,Jiangnan University,Wuxi,Jiangsu 214122,China
  • Received:2020-06-17 Revised:2020-08-28 Online:2021-09-15 Published:2021-09-10
  • About author:ZHANG Ye,born in 1996,postgra-duate,is a member of China Computer Federation.His main research interests include IoT security and information security.
    LI Zhi-hua,born in 1969,Ph.D,asso-ciate professor.His main research inte-rests include cloud computing and information security.
  • Supported by:
    Intelligent Manufacturing Project of Ministry of Industry and Information Technology(ZH-XZ-180004),Fundamental Research Funds for the Central Universities of Ministry of Education of China(JUSRP211A41),Fundamental Research Funds for the Central Universities of Ministry of Education of China (JUSRP42003) and 111 Base Construction Project(B2018).

Abstract: In order to effectively deal with the security threats of home and personal Internet of Things(IoT) bot nets,especially for the objective problem of insufficient resources for anomaly detection in the home environment,a kernel density estimation-based lightweight IoT anomaly traffic detection (KDE-LIATD) method is proposed.Firstly,the KDE-LIATD method uses a Gaussian kernel density estimation method to estimate the probability density function and corresponding probability density of each dimension feature value of thenormal samples in the training set.Then,a kernel density estimation-based feature selection algorithm (KDE-FS) is proposed to obtain features that contribute significantly to anomaly detection,thereby reducing the feature dimension while improving the accuracy of anomaly detection.Finally,the cubic spline interpolation method is used to calculate the anomaly evaluation value of the test sample and perform anomaly detection.This strategy greatly reduces the computational overhead and storage overhead required to calculate the anomaly evaluation value of the test sample using the kernel density estimation method.Simulation experiment results show that the KDE-LIATD method has strong robustness and strong compatibility for anomaly traffic detection of heterogeneous IoT devices,and can effectively detect abnormal traffic in home and personal IoT bot nets.

Key words: Anomaly detection, Bot net, Feature selection, IoT, Kernel density estimation

CLC Number: 

  • TP309
[1]DAVIS G.Life with 50 billion connected devices[C]//2018IEEE International Conference on Consumer Electronics (ICCE).IEEE,2018:1.
[2]ANDREA I,CHRYSOSTOMOU C,HADJICHRISTOFI G,et al.Internet of things:Security vulnerabilities and challenges[C]//2015 IEEE Symposium on Computers and Communication (ISCC).IEEE,2015:180-187.
[3]MAKHDOOM I,ABOLHASAN M,LIPMAN J,et al.Anatomy of threats to the internet of things[J].IEEE Communications Surveys & Tutorials,2018,21(2):1636-1675.
[4]KOLIAS C,KAMBOURAKIS G,STAVROU A,et al.DDoS in the IoT:Mirai and Other Botnets[J].Computer,2017,50(7):80-84.
[5]VITALY S.Imperva Blocks Our Largest DDoS L7/Brute Force Attack Ever (Peaking at 292,000 RPS)[EB/OL].(2019-07-24)[2020-03-10].
[6]SILVEIRA F,DIOT C,TAFT N,et al.ASTUTE:Detecting a different class of traffic anomalies[J].ACM SIGCOMM Computer Communication Review,2010,40(4):267-278.
[7]LIASKOS C,KOTRONIS V,DIMITROPOULOS X.A novelframework for modeling and mitigating distributed link flooding attacks[C]//IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on Computer Communications.IEEE,2016:1-9.
[8]SEDJELMACI H,SENOUCI S M,TALEB T.An accurate security game for low-resource IoT devices[J].IEEE Transactions on Vehicular Technology,2017,66(10):9381-9393.
[9]SMMERVILLE D H,ZACH K M,CHEN Y.Ultra-lightweight deep packet anomaly detection for Internet of Things devices [C]//2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC).IEEE,2015:1-8.
[10]HASAN M,ISLAM M M,ZARIF M I I,et al.Attack andanomaly detection in IoT sensors in IoT sites using machine learning approaches[J].Internet of Things,2019,7:100059.
[11]YANG W C,GUO Y B,ZHONG Y,et al.IoT Traffic Anomaly Detection Based on Device Type Identification and BP Neural Network[J].Netinfo Security,2019,19(12):53-63.
[12]ÖZÇELIK M,CHALABIANLOO N,GÜR G.Software-Defined Edge Defense against IoT-Based DDoS[C]//2017 IEEE International Conference on Computer and Information Technology (CIT).IEEE,2017:308-313.
[13]MCDERMOTT C D,MAJDANI F,PETROVSKI A V.Botnet Detection in the Internet of Things using Deep Learning Approaches[C]//2018 International Joint Conference on Neural Networks (IJCNN).IEEE,2018:1-8.
[14]DOSHI R,APTHORPE N,FEAMSTER N.Machine Learning DDoS Detection for Consumer Internet of Things Devices[C]//2018 IEEE Security and Privacy Workshops(SPW).IEEE,2018:29-35.
[15]DIETZ C,CASTRO R L,STEINBERGER J,et al.IoT-Botnet Detection and Isolation by Access Routers[C]//2018 9th International Conference on the Network of the Future (NOF).IEEE,2018:88-95.
[16]APTHORPE N,REISMAN D,FEAMSTER N.Poster:A Smart Home is No Castle:Privacy Vulnerabilities of Encrypted IoT Traffic[J].arXiv:1705.06805,2017.
[17]MEIDAN Y,BOHADANA M,MATHOV Y,et al.N-BaIoT-Network-based Detection of IoT Botnet Attacks Using Deep
Autoencoders[J].IEEE Pervasive Computing,2018,17(3):12-22.
[18]MENDONÇA G,SANTOS G H A,SILVA E S,et al.An Extremely Lightweight Approach for DDoS Detection at Home Gateways[C]//2019 IEEE International Conference on Big Data (Big Data).IEEE,2019:5012-5021.
[19]SILVERMAN B W.Density estimation for statistics and dataanalysis[M]//Boca Raton.CRC Press,1986:9-15.
[20]MAATEN L,HINTON G.Visualizing data using t-SNE[J].Journal of Machine Learning Research,2008,9(11):2579-2605.
[1] XU Tian-hui, GUO Qiang, ZHANG Cai-ming. Time Series Data Anomaly Detection Based on Total Variation Ratio Separation Distance [J]. Computer Science, 2022, 49(9): 101-110.
[2] WANG Xin-tong, WANG Xuan, SUN Zhi-xin. Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network [J]. Computer Science, 2022, 49(8): 314-322.
[3] LI Bin, WAN Yuan. Unsupervised Multi-view Feature Selection Based on Similarity Matrix Learning and Matrix Alignment [J]. Computer Science, 2022, 49(8): 86-96.
[4] HU Yan-yu, ZHAO Long, DONG Xiang-jun. Two-stage Deep Feature Selection Extraction Algorithm for Cancer Classification [J]. Computer Science, 2022, 49(7): 73-78.
[5] DU Hang-yuan, LI Duo, WANG Wen-jian. Method for Abnormal Users Detection Oriented to E-commerce Network [J]. Computer Science, 2022, 49(7): 170-178.
[6] KANG Yan, WANG Hai-ning, TAO Liu, YANG Hai-xiao, YANG Xue-kun, WANG Fei, LI Hao. Hybrid Improved Flower Pollination Algorithm and Gray Wolf Algorithm for Feature Selection [J]. Computer Science, 2022, 49(6A): 125-132.
[7] ZHANG Xi-ran, LIU Wan-ping, LONG Hua. Dynamic Model and Analysis of Spreading of Botnet Viruses over Internet of Things [J]. Computer Science, 2022, 49(6A): 738-743.
[8] ZHOU Tian-qing, YUE Ya-li. Multi-Task and Multi-Step Computation Offloading in Ultra-dense IoT Networks [J]. Computer Science, 2022, 49(6): 12-18.
[9] Ran WANG, Jiang-tian NIE, Yang ZHANG, Kun ZHU. Clustering-based Demand Response for Intelligent Energy Management in 6G-enabled Smart Grids [J]. Computer Science, 2022, 49(6): 44-54.
[10] SHEN Jia-fang, QIAN Li-ping, YANG Chao. Non-orthogonal Multiple Access and Multi-dimension Resource Optimization in EH Relay NB-IoT Networks [J]. Computer Science, 2022, 49(5): 279-286.
[11] CHU An-qi, DING Zhi-jun. Application of Gray Wolf Optimization Algorithm on Synchronous Processing of Sample Equalization and Feature Selection in Credit Evaluation [J]. Computer Science, 2022, 49(4): 134-139.
[12] SHEN Shao-peng, MA Hong-jiang, ZHANG Zhi-heng, ZHOU Xiang-bing, ZHU Chun-man, WEN Zuo-cheng. Three-way Drift Detection for State Transition Pattern on Multivariate Time Series [J]. Computer Science, 2022, 49(4): 144-151.
[13] SUN Lin, HUANG Miao-miao, XU Jiu-cheng. Weak Label Feature Selection Method Based on Neighborhood Rough Sets and Relief [J]. Computer Science, 2022, 49(4): 152-160.
[14] WU Yu-kun, LI Wei, NI Min-ya, XU Zhi-cheng. Anomaly Detection Model Based on One-class Support Vector Machine Fused Deep Auto-encoder [J]. Computer Science, 2022, 49(3): 144-151.
[15] LENG Jia-xu, TAN Ming-pi, HU Bo, GAO Xin-bo. Video Anomaly Detection Based on Implicit View Transformation [J]. Computer Science, 2022, 49(2): 142-148.
Full text



No Suggested Reading articles found!