物联网让万物互联互通,为了避免恶意设备对网络系统的破坏,必须采取有效的访问控制。通过提取网络流量特征作为设备指纹进行设备识别,只需耗费较少网络资源,成为了当前最有效的设备识别方法。然而,现有的设备识别算法准确率不高,尤其对于相似的两种设备,往往会出现分类重叠问题。该文提出了一种基于流量特征的二阶段多分类设备识别算法。当出现分类重叠问题时,即采用最大相似度比较算法进行二次分类。实验结果表明,该算法的平均识别准确率达到了93.2%。
Abstract
The Internet of Things will have a large number of devices interconnected through the network with effective network access control needed to avoid damage from malicious devices on the system. At present, the most effective method is to extract network traffic characteristics as the device fingerprint for device identification since this method requires relatively few network resources. However, existing device identification algorithms are not very accurate, especially for similar devices since classification overlap is unavoidable. This paper presents a two-stage multi-classification algorithm that identifies the equipment according to its network traffic characteristics. When classification overlap occurs, the maximum similarity comparison algorithm is used for secondary classification. Tests show that the average recognition accuracy of this algorithm is 93.2%.
关键词
设备识别 /
多分类技术 /
最大相似度 /
机器学习
Key words
device identification /
multi-classification technology /
maximum similarity /
machine learning
{{custom_sec.title}}
{{custom_sec.title}}
{{custom_sec.content}}
参考文献
[1] BERTINO E, ISLAM N. Botnets and Internet of Things security[J]. Computer, 2017, 50(2):76-79.
[2] MINOLI D, SOHRABY K, OCCHIOGROSSO B. IoT considerations, requirements, and architectures for smart buildings:Energy optimization and next-generation building management systems[J]. IEEE Internet of Things Journal, 2017, 4(1):269-283.
[3] Gartner. Gartner says worldwide IoT security spending will reach $1.5 billion in 2018[N/OL].[2019-04-15]. https://www.gartner.com/en/newsroom/press-releases/2018-03-21-gartner-says-worldwide-iot-security-spending-will-reach-1-point-5-billion-in-2018.
[4] COPPI R, GIL M A, KIERS H A L. The fuzzy approach to statistical analysis[J]. Computational Statistics & Data Analysis, 2006, 51(1):1-14.
[5] JANA S, KASERA S K. On fast and accurate detection of unauthorized wireless access points using clock skews[J]. IEEE Transactions on Mobile Computing, 2010, 9(3):449-462.
[6] GAO K, CORBETT C, BEYAH R. A passive approach to wireless device fingerprinting[C]//2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN). Chicago, USA, 2010:383-392.
[7] KOHNO T, BROIDO A, CLAFFY K C. Remote physical device fingerprinting[J]. IEEE Transactions on Dependable and Secure Computing, 2005, 2(2):93-108.
[8] CORBETT C L, BEYAH R A, COPELAND J A. Passive classification of wireless NICs during active scanning[J]. International Journal of Information Security, 2008, 7(5):335-348.
[9] YANG K, LI Q, SUN L M. Towards automatic fingerprinting of IoT devices in the cyberspace[J]. Computer Networks, 2019, 148:318-327.
[10] AULD T, MOORE A W, GULL S F. Bayesian neural networks for Internet traffic classification[J]. IEEE Transactions on Neural Networks, 2007, 18(1):223-239.
[11] CELIK Z B, MCDANIEL P, BOWEN T. Malware modeling and experimentation through parameterized behavior[J]. The Journal of Defense Modeling and Simulation:Applications, Methodology, Technology, 2018, 15(1):31-48.
[12] LIU Z, WANG R Y, JAPKOWICZ N, et al. Mobile app traffic flow feature extraction and selection for improving classification robustness[J]. Journal of Network and Computer Applications, 2019, 125:190-208.
[13] MOORE A W, ZUEV D. Internet traffic classification using Bayesian analysis techniques[C]//Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems. Banff, Canada, 2005:50-60.
[14] SHAFIQ M, YU X Z, BASHIR A K, et al. A machine learning approach for feature selection traffic classification using security analysis[J]. The Journal of Supercomputing, 2018, 74(10):4867-4892.
[15] FORMBY D, SRINIVASAN P, LEONARD A, et al. Who's in control of your control system? Device fingerprinting for cyber-physical systems[C]//Network and Distributed System Security Symposium. San Diego, USA, 2016:1-15.
[16] RADHAKRISHNAN S V, ULUAGAC A S, BEYAH R. GTID:A technique for physical device and device type fingerprinting[J]. IEEE Transactions on Dependable and Secure Computing, 2015, 12(5):519-532.
[17] MIETTINEN M, MARCHAL S, HAFEEZ I, et al. IoT Sentinel:Automated device-type identification for security enforcement in IoT[C]//Proceedings of the 37th International Conference on Distributed Computing Systems (ICDCS). Atlanta, USA, 2017:2177-2184.
[18] HSU C W, LIN C J. A comparison of methods for multiclass support vector machines[J]. IEEE Transactions on Neural Networks, 2002, 13(2):415-425.
PDF(1177 KB)
