基于流量和文本指纹的两层物联网设备分类识别模型

Two-layer IoT Device Classification Recognition Model Based on Traffic and Text Fingerprints

为及时隔离局域网内易受攻击的异常物联网设备,对网络管理员而言,具备高效的设备分类识别能力至关重要。现有方法中所选择的特征与设备关联性不高,且设备状态的差异会导致样本数据不平衡。针对上述问题,文中提出了一种基于流量和文本指纹的物联网设备分类识别模型FT-DRF(Flow Text-Double Random Forest)。首先设计特征挖掘模型,选取稳定的流统计数据作为设备流量指纹;其次基于HTTP,DNS和DHCP等应用层协议头部字段中的敏感文本信息生成设备文本指纹;在此基础上,对数据进行预处理并生成特征向量;最后,设计基于双层随机森林的机器学习算法对设备进行分类识别。对由13个物联网设备组成的模拟智能家居环境数据集和公共数据集进行有监督分类识别实验,结果表明,FT-DRF模型能够识别网络摄像头、智能音箱等物联网设备,平均准确率可达99.81%,相比现有典型方法提升了2%~5%。

In order to isolate the vulnerable and abnormal IoT devices in the local area network in time,efficient device classification and identification capability is very important for network administrators.The features selected in the existing methods are not highly correlated with equipment,and the sample data is unbalanced due to differences in equipment status.Aiming at the above problems,this paper proposes an IoT device classification and identification model FT-DRF based on traffic and text fingerprints.This method firstly designs a feature mining model,selects stable flow statistics as device traffic fingerprints,and then generates device text fingerprints based on sensitive text information in the header fields of application layer protocols such as HTTP,DNS,and DHCP.On this basis,the data is preprocessed and the feature vector is generated.Finally,a machine learning algorithm based on double-layer random forest is designed to classify and identify the devices.A supervised classification and re-cognition experiment is conducted on the simulated smart home environment dataset composed of 13 IoT devices and public dataset.The results show that the FT-DRF model can identify IoT devices such as network cameras and smart speakers,with an ave-rage accuracy rate of 99.81%,which is 2%~5%higher than that of the existing typical methods.