基于BagR-CNN检测模型的物联网网关安全加固方法  被引量：4

作　　者：赵静[1,2] 李俊 龙春[1,2] 吴玉磊 万巍[1,2] 魏金侠 王显珉 ZHAO Jing;LI Jun;LONG Chun;WU Yulei;WAN Wei;WEI Jinxia;WANG Xianmin(Computer Network Information Center,Chinese Academy of Sciences,Beijing 100190;School of Computer and Control Engineering,University of Chinese Academy of Sciences,Beijing 100190;College of Engineering,Mathematics and Physical Sciences,University of Exeter,Exeter,EX44QF,UK;Institute of Artificial Intelligence and Blockchain,Guangzhou University,Guangzhou 511442)

机构地区：[1]中国科学院计算机网络信息中心,北京100190 [2]中国科学院大学计算机科学与技术学院,北京100190 [3]College of Engineering,Mathematics and Physical Sciences,University of Exeter,Exeter,EX44QF,UK [4]广州大学人工智能与区块链研究院,广州511442

出　　处：《高技术通讯》2023年第1期1-14,共14页Chinese High Technology Letters

基　　金：国家自然科学基金(62072127);京津冀协同创新区综合科技服务平台研发与应用示范(YFB1405100)资助项目。

摘　　要：物联网(IoT)网关作为多种网络间异构数据传输与交换的关键节点近年来长期遭受大规模攻击,可靠性差,大规模流量处理延时大、抗攻击能力差等问题显著。而现有对物联网网关的可靠性研究主要集中在加密技术和可信认证机制方面,没有解决大规模攻击环境下物联网的可靠性及安全性问题。因此,本文提出了基于BagR-CNN检测模型的物联网网关安全加固方法,设计了可低功耗集成在物联网网关上并能够快速检测出大规模多步骤攻击的模型。首先,不同于传统的单一流量分类,本方法将相关流量聚合到一个包中,并利用基于信息熵相关性的特征增强算法提高检测准确率。其次,区别于传统的特征提取与约简方法,本文提出基于包内相似度的特征扩展方法,挖掘出隐藏的关联信息并能保证包内数据在噪声扰动下的不变性。最后,本文提出基于高斯混合模型(GMM)的特征压缩算法,将聚合包映射为一维向量并由此训练简单的卷积神经网络,以提高检测效率。实验结果表明,基于BagR-CNN检测模型在准确率、召回率和F1值等方面均优于目前对于大规模多步骤攻击的检测方法。同时,在模拟网关上运行时平均CPU利用率(不使用GPU)低于20%,证明该方法适合集成到网关而不影响网关正常的数据传输工作。The reliability of Internet of Things(IoT)gateways has been significantly affected by large-scale attacks,re-sulting in poor reliability,high delay in processing large-scale traffic,and weak anti-attack capabilities.Existing research on the reliability of IoT gateways has mainly focused on encryption technology and trusted authentication mechanisms,without addressing the reliability and security issues of IoT in the context of large-scale attacks.Therefore,this paper proposes a security reinforcement method for IoT gateways based on the BagR-CNN detection model,which is designed to be low-power and integrated into IoT gateways,and can quickly detect large-scale multi-step attacks.Firstly,different from traditional single traffic classification,this method aggregates relevant traffic into a package and uses a feature enhancement algorithm based on information entropy correlation to improve detection accuracy.Secondly,unlike traditional feature extraction and reduction methods,this paper proposes a feature extension method based on intra-package similarity,which can mine hidden correlation information and en-sure the invariance of package data under noise perturbation.Finally,this paper proposes a feature compression al-gorithm based on Gaussian mixed model(GMM),which maps the aggregated package to a one-dimensional vector and trains a simple convolutional neural network to improve detection efficiency.The experimental results show that the BagR-CNN detection model is superior to current detection methods for large-scale multi-step attacks in terms of accuracy,recall rate,and F1 value.Meanwhile,when running on a simulated gateway,the average CPU utiliza-tion rate(without GPU)is less than 20%,proving that this method is suitable for integration into the gateway with-out affecting the normal data transmission work of the gateway.

关 键 词：物联网(IoT)网关 安全性 可靠性 大规模攻击 聚合包表示 卷积神经网络(CNN) 

分 类 号：TN915.08[电子电信—通信与信息系统] TP391.44[电子电信—信息与通信工程]