| 赵静* **,李俊* **,龙春* **,吴玉磊***,万巍* **,魏金侠*,王显珉****.基于BagR-CNN检测模型的物联网网关安全加固方法[J].高技术通讯(中文),2023,33(1):1~14 |
| 基于BagR-CNN检测模型的物联网网关安全加固方法 |
| Security reinforcement method of IoT gateway based onBagR-CNN detection model |
| |
| DOI:10. 3772/ j. issn. 1002-0470. 2023. 01. 001 |
| 中文关键词: 物联网(IoT)网关;安全性;可靠性;大规模攻击;聚合包表示;卷积神经网络(CNN) |
| 英文关键词: Internet of Things (IoT) gateway, security, dependability, large-scale attack, bag-representation, convolutional neural network (CNN) |
| 基金项目: |
| 作者 | 单位 | | 赵静* ** | (*中国科学院计算机网络信息中心北京 100190)
(**中国科学院大学计算机科学与技术学院北京 100190)
(***College of Engineering, Mathematics and Physical Sciences, University of Exeter, Exeter, EX4 4QF, UK)
(****广州大学人工智能与区块链研究院广州 511442) | | 李俊* ** | (*中国科学院计算机网络信息中心北京 100190)
(**中国科学院大学计算机科学与技术学院北京 100190)
(***College of Engineering, Mathematics and Physical Sciences, University of Exeter, Exeter, EX4 4QF, UK)
(****广州大学人工智能与区块链研究院广州 511442) | | 龙春* ** | (*中国科学院计算机网络信息中心北京 100190)
(**中国科学院大学计算机科学与技术学院北京 100190)
(***College of Engineering, Mathematics and Physical Sciences, University of Exeter, Exeter, EX4 4QF, UK)
(****广州大学人工智能与区块链研究院广州 511442) | | 吴玉磊*** | (*中国科学院计算机网络信息中心北京 100190)
(**中国科学院大学计算机科学与技术学院北京 100190)
(***College of Engineering, Mathematics and Physical Sciences, University of Exeter, Exeter, EX4 4QF, UK)
(****广州大学人工智能与区块链研究院广州 511442) | | 万巍* ** | (*中国科学院计算机网络信息中心北京 100190)
(**中国科学院大学计算机科学与技术学院北京 100190)
(***College of Engineering, Mathematics and Physical Sciences, University of Exeter, Exeter, EX4 4QF, UK)
(****广州大学人工智能与区块链研究院广州 511442) | | 魏金侠* | (*中国科学院计算机网络信息中心北京 100190)
(**中国科学院大学计算机科学与技术学院北京 100190)
(***College of Engineering, Mathematics and Physical Sciences, University of Exeter, Exeter, EX4 4QF, UK)
(****广州大学人工智能与区块链研究院广州 511442) | | 王显珉**** | (*中国科学院计算机网络信息中心北京 100190)
(**中国科学院大学计算机科学与技术学院北京 100190)
(***College of Engineering, Mathematics and Physical Sciences, University of Exeter, Exeter, EX4 4QF, UK)
(****广州大学人工智能与区块链研究院广州 511442) |
|
| 摘要点击次数: 873 |
| 全文下载次数: 701 |
| 中文摘要: |
| 物联网(IoT)网关作为多种网络间异构数据传输与交换的关键节点近年来长期遭受大规模攻击,可靠性差,大规模流量处理延时大、抗攻击能力差等问题显著。而现有对物联网网关的可靠性研究主要集中在加密技术和可信认证机制方面,没有解决大规模攻击环境下物联网的可靠性及安全性问题。因此,本文提出了基于BagR-CNN检测模型的物联网网关安全加固方法,设计了可低功耗集成在物联网网关上并能够快速检测出大规模多步骤攻击的模型。首先,不同于传统的单一流量分类,本方法将相关流量聚合到一个包中,并利用基于信息熵相关性的特征增强算法提高检测准确率。其次,区别于传统的特征提取与约简方法,本文提出基于包内相似度的特征扩展方法,挖掘出隐藏的关联信息并能保证包内数据在噪声扰动下的不变性。最后,本文提出基于高斯混合模型(GMM)的特征压缩算法,将聚合包映射为一维向量并由此训练简单的卷积神经网络,以提高检测效率。实验结果表明,基于BagR-CNN检测模型在准确率、召回率和F1值等方面均优于目前对于大规模多步骤攻击的检测方法。同时,在模拟网关上运行时平均CPU利用率(不使用GPU)低于20%,证明该方法适合集成到网关而不影响网关正常的数据传输工作。 |
| 英文摘要: |
| The reliability of Internet of Things (IoT) gateways has been significantly affected by large scale attacks, resulting in poor reliability, high delay in processing large-scale traffic, and weak anti-attack capabilities. Existing research on the reliability of IoT gateways has mainly focused on encryption technology and trusted authentication mechanisms, without addressing the reliability and security issues of IoT in the context of large-scale attacks. Therefore, this paper proposes a security reinforcement method for IoT gateways based on the BagR-CNN detection model, which is designed to be low-power and integrated into IoT gateways, and can quickly detect large-scale multi-step attacks. Firstly, different from traditional single traffic classification, this method aggregates relevant traffic into a package and uses a feature enhancement algorithm based on information entropy correlation to improve detection accuracy. Secondly, unlike traditional feature extraction and reduction methods, this paper proposes a feature extension method based on intra-package similarity, which can mine hidden correlation information and ensure the invariance of package data under noise perturbation. Finally, this paper proposes a feature compression algorithm based on Gaussian mixed model (GMM), which maps the aggregated package to a one-dimensional vector and trains a simple convolutional neural network to improve detection efficiency. The experimental results show that the BagR-CNN detection model is superior to current detection methods for large-scale multi step attacks in terms of accuracy, recall rate, and F1 value. Meanwhile, when running on a simulated gateway, the average CPU utilization rate (without GPU) is less than 20%, proving that this method is suitable for integration into the gateway without affecting the normal data transmission work of the gateway. |
|
查看全文
查看/发表评论 下载PDF阅读器 |
| 关闭 |
|
|
|
