基于加权贝叶斯分类器的LTE接入网中间人攻击检测研究  被引量：1

作　　者：彭诚 范伟[1,2] 朱大立 杨芬[3] PENG Cheng;FAN Wei;ZHU Dali;YANG Fen(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100085,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China;China Electronics Cyberspace Great Wall Co.,Ltd.,Beijing 102209,China)

机构地区：[1]中国科学院信息工程研究所,北京100085 [2]中国科学院大学网络空间安全学院,北京100049 [3]中电长城网际系统应用有限公司,北京102209

出　　处：《信息网络安全》2023年第2期1-10,共10页Netinfo Security

基　　金：国家重点研发计划[2019YFB1005204]。

摘　　要：由于LTE接入网的开放特性,任何人都可以访问其空中接口,因此很容易受到攻击者的控制并遭受网络攻击。其中,中间人攻击是典型的攻击方式之一。文章以检测LTE接入网的中间人攻击为研究目的,以较容易受到中间人攻击的接入过程为研究对象,分析信令和参数变化,并提取8个具有可识别性的特征。由于每个特征对分类结果的影响不同,因此文章利用遗传算法在组合优化问题上的优势,求解加权贝叶斯分类器的权值最优组合,改进加权参数的计算方法,从信令和日志角度提出了一种中间人攻击检测算法。文章将所提基于加权贝叶斯分类器的检测算法与常用中间人检测方法进行对比验证,结果表明,该算法在准确率和漏报率指标上明显优于其他算法。The air interface of radio access network is exposed to the outdoors and can be accessed to anyone,which is easy to be controlled and attacked by others.Man-inthe-middle(MITM)attack is one of the typical attacks.This paper aimed to detect MITM attack on the air interface of LTE access network,and focused on the access process that was vulnerable to MITM attack.It analyzed the changes of signaling and parameters and extracted eight identifiable features.Considering the different effects of each feature on the classification results,this paper used the advantages of genetic algorithm in combination optimization problem to solve the optimal weights combination of weighted Bayesian classifiers,improved the calculation method of weighted parameters,and proposed a new MITM attack detection algorithm from the perspective of signaling and logging.Finally,this paper compared the detection algorithm based on the weighted Bayesian classifier with the common detection methods of MITM attack.The result shows that the algorithm in this paper is obviously superior to other algorithms in terms of accuracy and false negatives.

关 键 词：LTE接入网 中间人检测 加权的朴素贝叶斯 遗传算法 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]