一种自动实时的物联网在野漏洞攻击检测方法  被引量：1

作　　者：何清林 王丽宏 陈艳姣 王星[4] HE Qinglin;WANG Lihong;CHEN Yanjiao;WANG Xing(CNCERT/CC,Beijing 102299,China;School of Computer Science and Engineering,Beihang University,Beijing 100191,China;College of Electrical Engineering,Zhejiang University,Hangzhou 310007,China;School of Cybersecurity,Northwestern Polytechnical University,Xi’an 710072,China)

机构地区：[1]国家互联网应急中心,北京102299 [2]北京航空航天大学计算机学院,北京100191 [3]浙江大学电气工程学院,杭州310007 [4]西北工业大学网络空间安全学院,西安710072

出　　处：《北京航空航天大学学报》2024年第7期2195-2205,共11页Journal of Beijing University of Aeronautics and Astronautics

摘　　要：与互联网相连的海量物联网(IoT)设备容易被黑客攻击和利用,进而造成关键IoT应用的瘫痪。漏洞利用是一种常用的针对IoT设备的攻击方式,然而由于在野的漏洞利用形式多样、变异性和伪装性强,如何快速自动识别针对IoT设备的在野漏洞攻击极具挑战。为此,提出一种基于混合深度学习判别和开源情报关联的IoT漏洞攻击检测方法,所提检测方法可以实时判别网络流量中的IoT在野漏洞攻击行为,并且能够精准识别漏洞攻击行为的具体类别。实验结果表明:所提检测方法在大规模数据集上的判别准确率超过99.99%。所提检测方法在真实场景中应用效果显著,在不到1个月时间内发现了13种新的在野漏洞攻击。The vast number of Internet-connected internet of things(IoT) devices are susceptible to hacking and exploitation,which can lead to the paralysis of critical IoT applications.Vulnerability exploitation is a common method of attack on IoT devices;however,due to the diverse,mutable,and highly disguised forms of in-the-wild vulnerability exploitations,it is extremely challenging to quickly and automatically identify ongoing vulnerability attacks targeting IoT devices.To address this,a detection method for IoT vulnerability attacks based on a hybrid deep learning discrimination and open-source intelligence correlation is proposed.This detection method can identify IoT in-the-wild vulnerability attack behaviors in network traffic in real-time and accurately identify the specific categories of vulnerability attack behaviors.Experimental results show that the proposed detection method achieves an accuracy rate of over 99.99% on large-scale datasets.The application of the proposed detection method in real-world scenarios has been significant,discovering 13 new in-the-wild vulnerability attacks within less than a month.

关 键 词：物联网 在野漏洞利用 攻击检测 混合深度学习 开源情报 

分 类 号：TP393.4[自动化与计算机技术—计算机应用技术] TP312[自动化与计算机技术—计算机科学与技术]