摘要
物联网的广泛应用带来了新的安全风险,为了在不干扰系统正常运行的前提下实时洞察网络的异常状态,基于流量的异常检测方案应运而生,然而当前检测方案普遍存在通用性欠缺、攻击样本依赖性强的问题。基于此,依据物联网系统运行的物理限制与领域规范,创新性地提出了一种图结构下基于通信模式匹配的物联网异常流量检测方法,在通信图构建的基础上利用子图挖掘、同构子图发现等算法分析表征物联网系统中固定、周期、自动运转的通信模式来构建检测基准,并利用社区检测算法高效、精准地发现实时流量中存在的异常数据。在BoT-IoT和IoT-23数据集上从不同数据集上的效果对比、不同检测方案的效果对比以及不同时间窗口下的实时检测效率三个方面对方案进行了评估,99%的检测准确率和秒级的实时检测时间充分证明了本方案的高效性和可用性。
The wide application of the Internet of Things has brought new security risks.In order to gain a real-time insight into the abnormal state of the network without interfering with the normal operation of the system,the anomaly detection scheme based on traffic came into being.However,the current detection scheme generally has problems such as lack of universality and strong dependence on attack samples.Based on this,according to the physical limitations and domain specifications of the operation of the Internet of Things system,this study innovatively proposed a method of abnormal traffic detection of the Internet of Things based on communication pattern matching under the graph structure.On the basis of the construction of the communication graph,subgraph mining,isomorphic subgraph discovery and other algorithms are used to analyze and characterize the communication mode of fixed,periodic and automatic operation in the Internet of Things system to build the detection benchmark.And the community detection algorithm is used to find the abnormal data in real-time traffic efficiently and accurately.The scheme was evaluated on BoT-IoT data set and IoT-23 data set from three aspects:effect comparison on different data sets,effect comparison of different detection schemes,and real-time detection efficiency under different time windows.The detection accuracy rate of 99%and real-time detection time of seconds fully proved the efficiency and availability of the scheme.
作者
靳文京
周成胜
刘美伶
Jin Wenjing;Zhou Chengsheng;Liu Meiling(China Academy of Information and Communications Technology,Beijing 100083,China;Beijing Youkun Technology Co.,Ltd.,Beijing 100195,China)
出处
《网络安全与数据治理》
2024年第6期8-15,共8页
CYBER SECURITY AND DATA GOVERNANCE
基金
2022年工业和信息化部制造业专项(20230049)。
关键词
通信模式
物联网
子图挖掘
社区检测
同构子图
communication patterns
Internet of Things
subgraph mining
community detection
isomorphic subgraph