信息网络安全 ›› 2021, Vol. 21 ›› Issue (8): 82-90.doi: 10.3969/j.issn.1671-1122.2021.08.010

• 技术研究 • 上一篇    下一篇

一种基于聚类分类的物联网恶意攻击检测方法

李群1, 董佳涵1, 关志涛2(), 王超1   

  1. 1.国网北京电力科学研究院,北京 100075
    2.华北电力大学控制与计算机工程学院,北京 102206
  • 收稿日期:2021-02-21 出版日期:2021-08-10 发布日期:2021-09-01
  • 通讯作者: 关志涛 E-mail:guan@ncepu.edu.cn
  • 作者简介:李群(1987—),女,山东,高级工程师,硕士,主要研究方向为网络信息安全|董佳涵(1993—),女,山东,工程师,硕士,主要研究方向为工控安全|关志涛(1979—),男,辽宁,副教授,博士,主要研究方向为物联网安全|王超(1982—),男,北京,高级工程师,本科,主要研究方向为网络信息安全
  • 基金资助:
    国家自然科学基金(61972148)

A Clustering and Classification-based Malicious Attack Detection Method for Internet of Things

LI Qun1, DONG Jiahan1, GUAN Zhitao2(), WANG Chao1   

  1. 1. State Grid Beijing Electric Power Company, Beijing 100075, China
    2. School of Control and Computer Engineering, North China Electric Power University, Beijing 102206, China
  • Received:2021-02-21 Online:2021-08-10 Published:2021-09-01
  • Contact: GUAN Zhitao E-mail:guan@ncepu.edu.cn

摘要:

物联网设备数量庞大,分布广泛,防护能力较弱,容易受到恶意攻击。同时,攻击者可以通过俘获大量物联网终端设备发起海量流量攻击。针对上述问题,文章提出一种基于聚类+分类的物联网恶意攻击检测方法。首先,对物联网流量数据进行预处理,采用随机森林进行特征重要性评估,并采用主成分分析法进行部分特征降维;然后,采用改进的k-means算法对流量预处理结果进行攻击聚类,对不同的攻击簇,基于CART决策树实现攻击分类。文章基于物联网恶意攻击数据集Bot-IoT和网络攻击数据集KDD CUP 99进行实验验证,结果表明,文章方法具有良好的攻击检测效果,尤其可有效提升低频攻击的检测准确率。

关键词: 物联网, 聚类, 分类, 入侵检测, Bot-IoT

Abstract:

The Internet of things (IoT) devices are large in number, widely distributed, weak in protection, and vulnerable to malicious attacks. At the same time, attackers can capture a large number of the IoT terminal devices to launch massive attack traffic. To solve the above problems, this paper proposes a malicious attack detection method for IoT based on clustering and classification. Firstly, the traffic data of the IoT is preprocessed, random forest is used to evaluate the importance of features, and principal component analysis is used to reduce the dimensionality of some features. Then, the improved k-means algorithm is applied to cluster the results of traffic preprocessing. For different attack clusters, attack classification is implemented based on CART decision tree. Based on Bot-IoT and KDD CUP 99, the experimental results show that the proposed method has good attack detection effect, especially can effectively improve the detection accuracy of low-frequency attacks.

Key words: Internet of things, clustering, classification, intrusion detection, Bot-IoT

中图分类号: