基于Bi-LSTM的在线物联网设备识别方法

Online IoT device identification method based on Bi-LSTM

为了提高在线物联网设备识别准确率和识别粒度,提出一种基于Bi-LSTM的在线物联网设备识别方法,通过探测目标端口获取响应报文,经分词处理后利用二阶段算法模型精准识别设备型号。第一阶段利用TF-IDF算法剔除应用层低权重报文字段,得到应用层指纹,并利用Bi-LSTM神经网络能够捕获长远上下文信息的优点,提取指纹深层次特征识别设备厂商;第二阶段建立型号知识库,采用Jaro-Winkler文本相似度匹配算法识别型号和设备类型,通过设备厂商精准判别设备型号,达到在线物联网设备识别的目的。结果表明:方法整体准确率为98.8%,召回率为96.5%,与传统的流量指纹加机器学习识别方式相比平均准确率高出4.7%,识别设备型号覆盖率达到97%,细化了在线物联网设备识别粒度。该方法有助于同型号物联网设备与漏洞做更精准的关联匹配,在漏洞爆发时及时制定相应的防护措施。

In order to improve the identification accuracy and identification granularity of online IoT devices,an online IoT device identification method based on Bi-LSTM is proposed.The the response message is obtained by detecting the target port,and the two-stage algorithm model is used to accurately identify the device model after word segmentation.In the first stage,the TF-IDF algorithm is used to eliminate the low-weight message fields of the application layer to obtain the application layer message fingerprint.For the advantages that Bi-LSTM neural network can capture long-term context information,the deep-seated features of fingerprints are extracted to identify device manufacturers.In the second stage,the model knowledge base is established,the Jaro-Winkler text similarity matching algorithm is introduced to identify the model and device type,and the device model is accurately identified through the device manufacturer,with the purpose of online IoT device identification achieved.The results indicate that the overall accuracy of the method is 98.8%,the recall rate is 96.5%,the average accuracy is 4.7%higher than that by the traditional traffic fingerprint plus machine learning identification method.The coverage rate of the identification device model is 97%,which refined the identification granularity of online IoT devices.This method helps to make more accurate association matches between the same model of IoT devices and vulnerabilities,and to formulate relevant protective measures in a timely manner when a vulnerability breaks out.