摘要
由于LTE接入网的开放特性,任何人都可以访问其空中接口,因此很容易受到攻击者的控制并遭受网络攻击。其中,中间人攻击是典型的攻击方式之一。文章以检测LTE接入网的中间人攻击为研究目的,以较容易受到中间人攻击的接入过程为研究对象,分析信令和参数变化,并提取8个具有可识别性的特征。由于每个特征对分类结果的影响不同,因此文章利用遗传算法在组合优化问题上的优势,求解加权贝叶斯分类器的权值最优组合,改进加权参数的计算方法,从信令和日志角度提出了一种中间人攻击检测算法。文章将所提基于加权贝叶斯分类器的检测算法与常用中间人检测方法进行对比验证,结果表明,该算法在准确率和漏报率指标上明显优于其他算法。
The air interface of radio access network is exposed to the outdoors and can be accessed to anyone,which is easy to be controlled and attacked by others.Man-inthe-middle(MITM)attack is one of the typical attacks.This paper aimed to detect MITM attack on the air interface of LTE access network,and focused on the access process that was vulnerable to MITM attack.It analyzed the changes of signaling and parameters and extracted eight identifiable features.Considering the different effects of each feature on the classification results,this paper used the advantages of genetic algorithm in combination optimization problem to solve the optimal weights combination of weighted Bayesian classifiers,improved the calculation method of weighted parameters,and proposed a new MITM attack detection algorithm from the perspective of signaling and logging.Finally,this paper compared the detection algorithm based on the weighted Bayesian classifier with the common detection methods of MITM attack.The result shows that the algorithm in this paper is obviously superior to other algorithms in terms of accuracy and false negatives.
作者
彭诚
范伟
朱大立
杨芬
PENG Cheng;FAN Wei;ZHU Dali;YANG Fen(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100085,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China;China Electronics Cyberspace Great Wall Co.,Ltd.,Beijing 102209,China)
出处
《信息网络安全》
CSCD
北大核心
2023年第2期1-10,共10页
Netinfo Security
基金
国家重点研发计划[2019YFB1005204]。
关键词
LTE接入网
中间人检测
加权的朴素贝叶斯
遗传算法
LTE access network
man-in-the-middle detection
weighted naive bayes
genetic algorithm
