Computer Science

Computer Science ›› 2025, Vol. 52 ›› Issue (6): 397-404.doi: 10.11896/jsjkx.240400133

• Information Security • Previous Articles     Next Articles

Study on Efficacy Mechanism for IoT Data Flow Threats

SUN Ruijie1, LI Peng1,2,3, ZHU Feng1   

  1. 1 School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China
    2 Nanjing Center of HPC China,Nanjing 210023,China
    3 Institute of Network Security and Trusted Computing of NUPT,Nanjing 210023,China
  • Received:2024-04-17 Revised:2024-10-08 Online:2025-06-15 Published:2025-06-11
  • About author:SUN Ruijie,born in 2000,postgraguate.His main research interests include network traffic security and watermark of large language models.
    LI Peng,born in 1979,Ph.D,professor,Ph.D supervisor,is a member of CCF(No.48573M).His main research interests include computer communication networks,cloud computing and information security.
  • Supported by:
    Six Talent Peaks Project of Jiangsu Province(RJFW-111) and Postgraduate Research and Practice Innovation Program of Jiangsu Province(KYCX24_1227).

PDF (PC)

63

Abstract: With the explosive growth in the number of IoT devices,the means of attacking IoT devices have also become diverse and covert.Machine learning-based detection methods have been actively researched and shown great potential.However,these models are considered black boxes,making it difficult to explain their classification results and thus unable to explain the specific means and patterns of IoT threats.To address this issue,this paper constructs a technology-feature dictionary based on ATT&CK framework,characterizing attack techniques with traffic features,and builds a threat-technology database,decomposing network threats into the level of attack techniques.This paper designs a threat detection model based on an efficacy mechanism,constructs a real-time traffic feature matrix,summarizes the attack techniques suffered by the traffic,and inputs the technical sequence into the threat-technology database to obtain the possible threats and their probabilities.Experimental results show that the proposed model achieves a threat detection rate as high as 99.595% in the dataset,which is compared to traditional methods.Moreover,it can adjust the false positive rate according to the experimental environment and provides reliable attack path explanations for analysts.

Key words: IoT data flow, Threat detection, Efficacy mechanism, ATT&CK framework

CLC Number: 

  • TP393.08
[1]SHANG Y,LI P,ZHU F,et al.Overview of IoT traffic attack detection technology based on fuzzy logic[J].Computer Science,2024,51(3):3-13.
[2]ANITHA V,KUMAR C G N,KUCHIPUDI R,et al.Cybersecurity in Internet of Things Networks using Deep Learning Models[C]//2023 International Conference on Sustainable Computing and Data Communication Systems(ICSCDS).IEEE,2023:1090-1095.
[3]DIRO A,CHILAMKURTI N,NGUYEN V D,et al.A comprehensive study of anomaly detection schemes in IoT networks using machine learning algorithms[J].Sensors,2021,21(24):8320.
[4]DEORANKAR A V,THAKARE S S.Survey on anomaly detec-tion of(iot)-internet of things cyberattacks using machine lear-ning[C]//2020 Fourth International Conference on Computing Methodologies and Communication(ICCMC).IEEE,2020:115-117.
[5]GU Z,WANG Z,GUO J,et al.5G power failure terminal threat detection based on atomized zero-trust component[J].Computer Engineering,2023,49(2):161-168.
[6]DING D,SAVI M,SIRACUSA D.Tracking normalized network traffic entropy to detect DDoS attacks in P4[J].IEEE Transactions on Dependable and Secure Computing,2021,19(6):4019-4031.
[7]VUGRIN E D,HANSON S,CRUZ J,et al.Experimental Validation of a Command and Control Traffic Detection Model[J].IEEE Transactions on Dependable and Secure Computing,2023,21(3):1084-1097.
[8]HAJI S H,AMEEN S Y.Attack and anomaly detection in IoTnetworks using machine learning techniques:A review[J].Asian Journal of Research in Computer Science,2021,9(2):30-46.
[9]XIAO X,XIAO W,LI R,et al.EBSNN:Extended byte segment neural network for network traffic classification[J].IEEE Transactions on Dependable and Secure Computing,2021,19(5):3521-3538.
[10]QIU X,ZHANG L,REN Y,et al.Ensemble deep learning forregression and time series forecasting[C]//2014 IEEE Sympo-sium on Computational Intelligence in Ensemble learning(CIEL).IEEE,2014:1-6.
[11]XIONG W,LEGRAND E,ÅBERG O,et al.Cyber security threatmodeling based on the MITRE Enterprise ATT&CK Matrix[J].Software and Systems Modeling,2022,21(1):157-177.
[12]AL-SHAER R,SPRING J M,CHRISTOU E.Learning the associations of mitre att & ck adversarial techniques[C]//2020 IEEE Conference on Communications and Network Security(CNS).IEEE,2020:1-9.
[13]GEORGIADOU A,MOUZAKITIS S,ASKOUNIS D.Assessing mitre att&ck risk using a cyber-security culture framework[J].Sensors,2021,21(9):3267.
[14]KWON R,ASHLEY T,CASTLEBERRY J,et al.Cyber threatdictionary using mitre att&ck matrix and nist cybersecurity framework mapping[C]//2020 Resilience Week(RWS).IEEE,2020:106-112.
[15]HAQUE M A,SHETTY S,KAMHOUA C A,et al.Adversarial Technique Validation & Defense Selection Using Attack Graph & ATT&CK Matrix[C]//2023 International Conference on Computing,Networking and Communications(ICNC).IEEE,2023:181-187.
[16]NOUR M.The UNSW-NB15 Dataset [EB/OL].https://paperswithcode.com/dataset/unsw-nb15.
[1] CHENG Kai, TANG Weidong, TAN Lintao, CHEN Jia, LI Xin. Network Attack Mitigation Framework Based on Normalized Processing and TrafficLLM [J]. Computer Science, 2025, 52(6A): 250200080-9.
[2] LI Yuanbo, HU Hongchao, YANG Xiaohan, GUO Wei, LIU Wenyan. Intrusion Tolerance Scheduling Algorithm for Microservice Workflow Based on Deep Reinforcement Learning [J]. Computer Science, 2025, 52(5): 375-383.
[3] SUI Jiaqi, HU Hongchao, SHI Xin, ZHOU Dacheng, CHEN Shangyu. Tor Network Path Selection Algorithm Based on Similarity Perception [J]. Computer Science, 2025, 52(3): 391-399.
[4] TANG Ying, WANG Baohui. Study on SSL/TLS Encrypted Malicious Traffic Detection Algorithm Based on Graph Neural Networks [J]. Computer Science, 2024, 51(9): 365-370.
[5] CHEN Liang, LI Zhihua. Abnormal Traffic Detection Method for Multi-stage Attacks of Internet of Things Botnets [J]. Computer Science, 2024, 51(8): 379-386.
[6] LI Wenting, XIAO Rong, YANG Xiao. Improving Transferability of Adversarial Samples Through Laplacian Smoothing Gradient [J]. Computer Science, 2024, 51(6A): 230800025-6.
[7] TAN Jingqi, XUE Lingyan, HUANG Haiping, CHEN Long, LI Yixuan. Data Security Management Scheme Based on Editable Medical Consortium Chain [J]. Computer Science, 2024, 51(6A): 240400056-8.
[8] LIU Daoqing, HU Hongchao, HUO Shumin. N-variant Architecture for Container Runtime Security Threats [J]. Computer Science, 2024, 51(6): 399-408.
[9] WU Fengyuan, LIU Ming, YIN Xiaokang, CAI Ruijie, LIU Shengli. Remote Access Trojan Traffic Detection Based on Fusion Sequences [J]. Computer Science, 2024, 51(6): 434-442.
[10] WANG Yu, WANG Zuchao, PAN Rui. Survey of DGA Domain Name Detection Based on Character Feature [J]. Computer Science, 2023, 50(8): 251-259.
[11] WANG Qingyu, WANG Hairui, ZHU Guifu, MENG Shunjian. Study on SQL Injection Detection Based on FlexUDA Model [J]. Computer Science, 2023, 50(6A): 220600172-6.
[12] WEI Tao, LI Zhihua, WANG Changjie, CHENG Shunhang. Cybersecurity Threat Intelligence Mining Algorithm for Open Source Heterogeneous Data [J]. Computer Science, 2023, 50(6): 330-337.
[13] BAI Zhixu, WANG Hengjun, GUO Kexiang. Adversarial Examples Generation Method Based on Image Color Random Transformation [J]. Computer Science, 2023, 50(4): 88-95.
[14] LIU Wen-he, JIA Hong-yong, PAN Yun-fei. Mimic Firewall Executor Scheduling Algorithm Based on Executor Defense Ability [J]. Computer Science, 2022, 49(11A): 211200296-6.
[15] LI Jia-rui, LING Xiao-bo, LI Chen-xi, LI Zi-mu, YANG Jia-hai, ZHANG Lei, WU Cheng-nan. Dynamic Network Security Analysis Based on Bayesian Attack Graphs [J]. Computer Science, 2022, 49(3): 62-69.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.