Computer Science ›› 2023, Vol. 50 ›› Issue (3): 371-379.doi: 10.11896/jsjkx.211200280

• Information Security • Previous Articles     Next Articles

Network Equipment Anomaly Detection Based on Time Delay Feature

CUI Jingsong1, ZHANG Tongtong1, GUO Chi2, GUO Wenfei2   

  1. 1 Key Laboratory of Aerospace Information Security, Trusted Computing, Ministry of Education, School of Cyber Science, Engineering, Wuhan University, Wuhan 430079, China
    2 GNSS Research Center,Wuhan University,Wuhan 430079,China
  • Received:2021-12-27 Revised:2022-04-03 Online:2023-03-15 Published:2023-03-15
  • About author:CUI Jingsong,born in 1975,Ph.D,associate professor,master supervisor,is a member of China Computer Federation.His main research interests include information security,cloud security and chip security.
    GUO Chi,born in 1983,Ph.D,professor,Ph.D supervisor,is a senior member of China Computer Federation.His main research interests include Beidou application,unmanned system navigation and location-based service.
  • Supported by:
    National Key R & D Project of China During the 13th Five-Year Plan Period(2016YFB0501801).

Abstract: With the rapid development of the Internet,the security of network equipment has received extensive attention.Aiming at the problems of that the existing network equipment anomaly detection technology is destructive and difficult to detect,the paper uses the packets delay spent by the network equipment to transmit and process data packets as the detection basis,and proposes an anomaly detection scheme based on delay characteristics.The proposed scheme adopts side channel analysis,and it does not need to upgrade the equipment's software or hardware.It has the characteristics of non-intrusive and easy to implement.Firstly,the method uses the high-precision timing technology time stamp machine to collect the time delay information,and uses the genetic algorithm to extract the peak position feature of the delay distribution.Secondly,to solve the problem of the imbalance of data set,the method uses one-class support vector machine algorithm to construct anomaly detection algorithm.Finally,the validity of the method is verified by building an experimental platform,and the experimental results are evaluated.Experimental results show that the proposed method is feasible and effective.

Key words: Anomaly detection, Delay, Network equipment, One-class support vector machine, Peak position

CLC Number: 

  • TP181
[1]CNCERT.Summary of China's Internet Network Security Situation in 2020[EB/OL].(2021-05-26)[2021-12-02].http://www.cac.gov.cn/2021-05/26/c_1623610314656045.htm.
[2]LIU H,LANG B.Machine Learning and Deep Learning Me-thods for Intrusion Detection Systems:A survey [J].Applied Sciences,2019,9(20):4396-4420.
[3]KHRAISAT A,GONDAL I,VAMPLEW P,et al.Survey of Intrusion Detection Systems:Techniques,Datasets and Challenges[J].Cybersecurity,2019,2(1):1-22.
[4]CHOUDHARY S,KESSWANI N.A Survey:Intrusion Detec-tion Techniques for Internet of Things [J].International Journal of Information Security and Privacy(IJISP),2019,13(1):86-105.
[5]ADITHYAN A,NAGENDRAN K,CHETHANA R,et al.Reverse Engineering and Backdooring Router Firmwares[C]//2020 6th International Conference on Advanced Computing and Communication Systems(ICACCS).IEEE,2020:189-193.
[6]ESKANDARI M,JANJUA Z H,VECCHIO M,et al.Passban IDS:An Intelligent Anomaly-Based Intrusion Detection System for IoT Edge Devices [J].IEEE Internet of Things Journal,2020,7(8):6882-6897.
[7]YAN Z T,FANG B X,LIU Q X,et al.A Wireless Router-Based Lightweight Defense Framework for IoT Devices[J].Journal of University of Chinese Academy of Sciences,2017,34(6):759-770.
[8]DUNLAP S,BUTTS J,LOPEZ J,et al.Using Timing-BasedSide Channels for Anomaly Detection in Industrial Control Systems [J].International Journal of Critical Infrastructure Protection,2016(15):12-26.
[9]NI M T,ZHAO B,WU F S,et al.CREBAD:Chip Radio Emission Based Anomaly Detection Scheme of IoT Devices[J].Journal of Computer Research and Development,2018,55(7):1451-1461.
[10]YANG J G,LIANG L,LIU G J,et al.Method for Router Online Security Risk Assessment Quantification[J].Journal on Communications,2013,34(11):59-70.
[11]HEFFNER C.Binwalk-Firmware Analysis Tool[EB/OL].(2021-09-11)[2021-12-12].https://github.com/ReFirmLabs/binwalk.
[12]COLLAKE J,HEFFNER C.Firmware modification kit[EB/OL].(2021-05-20) [2021-12-12].https://github.com/rampageX/firmware-mod-kit.
[13]SHOSHITAISHVILI Y,WANG R,HAUSER C,et al.Firma-lice-Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware[C]//NDSS.2015:1.1-8.1.
[14]HU C J,XUE Y B,ZHAO L,et al.Backdoor Detection in Embedded System Firmware without File System[J].Journal on Communications,2013,34(8):140-145.
[15]ANGRISANI L,VENTRE G,PELUSO L,et al.Measurement of Processing and Queuing Delays Introduced by an Open-Source Router in a Single-Hop Network [J].IEEE transactions on instrumentation and measurement,2006,55(4):1065-1076.
[16]BREUER J,VIGNER V,ROZTOČIL J.Precise Packet Delay Measurement in an Ethernet Network [J].Measurement,2014(54):215-221.
[17]EIDSON J C,FISCHER M,WHITE J.IEEE-1588TM Stanard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems[C]//Proceedings of the 34th Annual Precise Time and Time Interval Systems and Applications Meeting.Reston,Virginia,2002:243-254.
[18]CHEN X,CHASAKI D,WOLF T.External Monitoring ofHighly Parallel Network Processors[C]//Proceedings of the 2013 IEEE 14th International Conference on High Performance Switching and Routing(HPSR).IEEE,2013:197-204.
[19]BASNIGHT Z,BUTTS J,LOPEZ JR J,et al.Firmware Modification Attacks on Programmable Logic Controllers [J].International Journal of Critical Infrastructure Protection,2013,6(2):76-84.
[20]SCHÖLKOPF B,PLATT J C,SHAWE-TAYLOR J,et al.Estimating The Support of a High-Dimensional Distribution[J].Neural Computation,2001,13(7):1443-1471.
[21]MATJELO N J,MOKHOMO M.Gaussian Mixture Model Fitting Using Differential Linear Regression[J/OL].International Research Journal of Engineering and Technology(IRJET),2021,8(7).https://www.irjet.net/archives/V8/i7/IRJET-V8I7253.pdf.
[22]KATOCH S,CHAUHAN S S,KUMAR V.A Review on Genetic Algorithm:Past,Present,and Future [J].Multimedia Tools and Applications,2021,80(5):8091-8126.
[23]VAPNIK V N.An Overview of Statistical Learning Theory [J].IEEE Transactions on Neural Networks,1999,10(5):988-99.
[1] RAO Dan, SHI Hongwei. Study on Air Traffic Flow Recognition and Anomaly Detection Based on Deep Clustering [J]. Computer Science, 2023, 50(3): 121-128.
[2] XU Tian-hui, GUO Qiang, ZHANG Cai-ming. Time Series Data Anomaly Detection Based on Total Variation Ratio Separation Distance [J]. Computer Science, 2022, 49(9): 101-110.
[3] WANG Xin-tong, WANG Xuan, SUN Zhi-xin. Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network [J]. Computer Science, 2022, 49(8): 314-322.
[4] DU Hang-yuan, LI Duo, WANG Wen-jian. Method for Abnormal Users Detection Oriented to E-commerce Network [J]. Computer Science, 2022, 49(7): 170-178.
[5] FANG Tao, YANG Yang, CHEN Jia-xin. Optimization of Offloading Decisions in D2D-assisted MEC Networks [J]. Computer Science, 2022, 49(6A): 601-605.
[6] XU Hao, CAO Gui-jun, YAN Lu, LI Ke, WANG Zhen-hong. Wireless Resource Allocation Algorithm with High Reliability and Low Delay for Railway Container [J]. Computer Science, 2022, 49(6): 39-43.
[7] SHEN Shao-peng, MA Hong-jiang, ZHANG Zhi-heng, ZHOU Xiang-bing, ZHU Chun-man, WEN Zuo-cheng. Three-way Drift Detection for State Transition Pattern on Multivariate Time Series [J]. Computer Science, 2022, 49(4): 144-151.
[8] WU Yu-kun, LI Wei, NI Min-ya, XU Zhi-cheng. Anomaly Detection Model Based on One-class Support Vector Machine Fused Deep Auto-encoder [J]. Computer Science, 2022, 49(3): 144-151.
[9] LENG Jia-xu, TAN Ming-pi, HU Bo, GAO Xin-bo. Video Anomaly Detection Based on Implicit View Transformation [J]. Computer Science, 2022, 49(2): 142-148.
[10] MA Li-wen, ZHOU Ying. BBR Unilateral Adaptation Algorithm for Improving Empty Window Phenomenon in STARTUP Phase [J]. Computer Science, 2022, 49(2): 321-328.
[11] WANG Bo, HUA Qing-yi, SHU Xin-feng. Study on Anomaly Detection and Real-time Reliability Evaluation of Complex Component System Based on Log of Cloud Platform [J]. Computer Science, 2022, 49(12): 125-135.
[12] ZHOU Shi-jin, XING Hong-jieHebei. Memory-augmented GAN-based Anomaly Detection [J]. Computer Science, 2022, 49(11A): 211000202-9.
[13] GAO Yue-hong, CHEN Lu. Survey of Research on Task Offloading in Mobile Edge Computing [J]. Computer Science, 2022, 49(11A): 220400161-7.
[14] ZHANG Ye, LI Zhi-hua, WANG Chang-jie. Kernel Density Estimation-based Lightweight IoT Anomaly Traffic Detection Method [J]. Computer Science, 2021, 48(9): 337-344.
[15] QING Lai-yun, ZHANG Jian-gong, MIAO Jun. Temporal Modeling for Online Anomaly Detection [J]. Computer Science, 2021, 48(7): 206-212.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!