基于HTTP响应报文的物联网终端设备识别方法

Methods for Identifying Internet of Things Terminal Device Based on HTTP Response Messages

随着物联网的快速发展,物联网终端设备的识别技术研究已经成为网络空间安全领域的热点之一。针对类型、品牌、型号等不同层面的设备识别需求,传统物联网终端设备识别方法局限于高维特征向量和单一分类算法的固定组合,为了提高算法效率并寻找较优算法组合,本文提出一种基于HTTP协议响应报文的物联网终端设备识别方法,以HTTP协议响应报文的相关协议字段特征作为输入并进行归一化、标准化处理,通过随机森林算法对特征进行筛选排序得到特征序列,最终基于特征序列,结合不同的分类算法和特征组合对物联网设备进行分类识别。实验结果显示,在收集的数据集中,该方法在设备类型、品牌、型号3个层面分别采用5个、3个和7个不同特征组合并结合不同分类算法,平均提升设备识别准确率18.6%并大大节省了特征空间,实现了低维度特征下稳定高效的识别效果。

With the rapid development of Internet of things(IoT),the research on the identification technology of IoT terminal devices has become one of the hot spots in the field of cyberspace security.Traditional IoT terminal device identification methods are limited to a fixed combination of high-dimensional feature vectors and a single classification algorithm to meet different levels of device identification needs such as type,brand and model.To improve the efficiency of the algorithm and find a better combination of algorithms,an IoT terminal device identification method was proposed based on HTTP protocol response messages.The relevant protocol field characteristics of the HTTP protocol response message was taken as input and performed normalization and standardization process.Then the features were screened and sorted through the random forest algorithm to obtain the feature sequence.Finally,based on the feature sequence,IoT devices were classified and identified by combining different clustering recognition algorithms and feature combinations.The result showed that in the collected data set,the method adopted 5,3,and 7 different features at the three levels of device type,brand,and model,respectively.By combining different classification algorithms,the device recognition accuracy could be improved by 18.6%on average and the feature space was greatly saved,achieving a stable and efficient recognition effect under low-dimensional features.