IoTGuardEye:一种面向物联网服务的Web攻击检测方法  被引量：7

作　　者：刘新[1] 黄缘缘 刘子昂 周睿[1] LIU Xin;HUANG Yuan-yuan;LIU Zi-ang;ZHOU Rui(School of Information Science&Engineering,Lanzhou University,Lanzhou 730000,China)

机构地区：[1]兰州大学信息科学与工程学院,兰州730000

出　　处：《计算机科学》2021年第2期324-329,共6页Computer Science

基　　金：国家重点研发计划资助(2020YFC0832500);国家自然科学基金项目(61402210);教育部-中国移动科研基金项目(MCM20170206);国家电网公司科技项目资助(SGGSKY00WYJS2000062)。

摘　　要：在包括物联网(Internet of Things,IoT)设备的绝大部分边缘计算应用中,基于互联网应用技术(通常被称为Web技术)开发的应用程序接口(Application Programming Interface,API)是设备与远程服务器进行信息交互的核心。相比传统的Web应用,大部分用户无法直接接触到边缘设备使用的API,使得其遭受的攻击相对较少。但随着物联网设备的普及,针对API的攻击逐渐成为热点。因此,文中提出了一种面向物联网服务的Web攻击向量检测方法,用于对物联网服务收到的Web流量进行检测,并挖掘出其中的恶意流量,从而为安全运营中心(Security Operation Center,SOC)提供安全情报。该方法在对超文本传输协议(Hypertext Transfer Protocol,HTTP)请求的文本序列进行特征抽取的基础上,针对API请求的报文格式相对固定的特点,结合双向长短期记忆网络(Bidirectional Long Short-Term Memory,BLSTM)实现对Web流量的攻击向量检测。实验结果表明,相比基于规则的Web应用防火墙(Web Application Firewall,WAF)和传统的机器学习方法,所提方法针对面向物联网服务API的攻击具有更好的识别能力。In most of the edge computing applications including Internet of Things(IoT)devices,the application programming interface(API)based on Internet application technologies,which are commonly known as Web Technologies,is the core of information interaction between devices and remote servers.Compared with traditional web applications,most users cannot directly access APIs used by edge devices,which makes them suffer fewer attacks.However,with the popularity of edge computing,the attack based on API has gradually become a hot spot.Therefore,this paper proposes a web attack vector detection method for IoT service providers.It can be utilized to detect malicious traffic against its API services and provide security intelligence for the security operation center(SOC).Based on the feature extraction of text sequence requested by hypertext transfer protocol(HTTP),this method combines bidirectional long short-term memory(BLSTM)to detect the attack vector of web traffic according to the relatively fixed format of API request message.Experimental results show that,compared with the rule-based Web application firewall(WAF)and traditional machine learning methods,the proposed method has better recognition ability for attacks on IoT service APIs.

关 键 词：威胁感知 双向长短期记忆 边缘计算 WEB攻击 物联网 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]