面向物联网Mirai僵尸网络的轻量级检测方法  

作　　者：李志华 陈亮 卢徐霖 方朝晖 钱军浩[3] LI Zhihua;CHEN Liang;LU Xulin;FANG Zhaohui;QIAN Junhao(School of Artificial Intelligence and Computer,Jiangnan University,Wuxi 214122,China;Hunan Bojiang Information Technology Co.,Ltd.,Changsha 410073,China;School of Internet of Things Engineering,Jiangnan University,Wuxi 214122,China)

机构地区：[1]江南大学人工智能与计算机学院,无锡214122 [2]湖南博匠信息科技有限公司,长沙410073 [3]江南大学物联网工程学院,无锡214122

出　　处：《信息网络安全》2024年第5期667-681,共15页Netinfo Security

基　　金：工业和信息化部智能制造项目[ZH-XZ-180004];中央高校基本科研业务费专项资金[JUSRP211A41,JUSRP42003]。

摘　　要：针对物联网Mirai僵尸网络流量数据的高维度和大规模数据导致传统检测方法存在检测时间长、资源消耗大和准确性欠佳的不足,文章提出了一种基于集成特征选择的物联网僵尸网络流量检测(IoT Botnet Traffic Detection Based on Ensemble Feature Selection,IBTD-EFS)方法。首先,为了降低网络流量数据样本的特征维度以便获取最优特征子集,文章提出了一种基于特征分组和遗传算法相结合的集成特征选择(Ensemble Feature Selection Based on Feature Group and Genetic Algorithm,EFS-FGGA)算法;然后,为了高效地检测Mirai僵尸网络流量,提出了基于极限梯度提升的物联网僵尸网络流量分类(IoT Botnet Traffic Classification Based on eXtreme Gradient Boosting,IBTC-XGB)算法;最后,联合上述算法,进一步提出了物联网僵尸网络流量检测IBTD-EFS方法。实验结果表明,IBTD-EFS方法能屏蔽物联网设备的异构性,对Mirai僵尸网络流量检测达到99.95%的准确率,而且保持了较低的时间开销。Aiming at the shortcomings of traditional detection methods for IoT Mirai botnet traffic data,which include long detection times,high resource consumption,and inadequate accuracy due to the high dimensionality and large scale of data,this study researched and proposed an IoT botnet traffic detection(IBTD-EFS)method based on integrated feature selection.Firstly,to reduce the feature dimension of network traffic data samples and obtain an optimal subset of features,an integrated feature selection(EFS-FGGA)algorithm combining feature grouping and genetic algorithm was proposed.Then,to efficiently detect Mirai botnet traffic,an IoT botnet traffic classification(IBTC-XGB)algorithm based on extreme gradient boosting was introduced.Lastly,by combining the aforementioned EFS-FGGA and IBTC-XGB algorithms,the IBTD-EFS method for IoT botnet traffic detection was further proposed.Experimental results indicate that the IBTD-EFS method can overcome the heterogeneity of IoT devices,achieving a detection accuracy of 99.95%for Mirai botnet traffic and keeps the time overhead low.It is evident that the IBTD-EFS method provides an efficient solution for IoT Mirai botnet traffic detection.

关 键 词：物联网 僵尸网络 特征选择 遗传算法 流量检测 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]