基于LCNN和LSTM混合结构的物联网设备识别方法

doi:10.3969/j.issn.1671-1122.2023.06.005

摘要/Abstract

摘要：

随着物联网设备数量的与日俱增，物联网环境中网络流量的规模也随之剧增，为了从海量的网络流量中高效地实现物联网设备的识别和分类，文章提出一种物联网设备识别方法。首先，为了消除网络流量中不规范的数据样本，研究并提出一种基于滑动窗口的数据预处理（Sliding Window-Based Data Pre-Processing，SW-Based DPP）算法，使用SW-Based DPP算法对数据进行清洗；然后，为了降低物联网设备识别方法的复杂度，通过把轻量级卷积神经网络（Lightwight Convolution Neural Network，LCNN）和LSTM结构进行结合，提出一种基于LCNN-LSTM混合结构的神经网络模型；接着，将数据预处理后的网络流量输入到LCNN-LSTM模型中进行物联网设备分类；最后，基于上述混合结构的神经网络模型，进一步提出一种基于LCNN和LSTM混合结构的物联网设备识别（Internet of Things Devices Identification Based on LCNN and LSTM Hybrid Structure，LCNN-LSTM-Based IoTDI）方法。该方法通过迭代训练LCNN-LSTM模型，深度挖掘网络流量中的时间和空间双重特征，并使用softmax分类器实现物联网设备识别的目标。实验结果表明，在UNSW、CIC IoT和Laboratory数据集上，LCNN-LSTM模型的运行时间与CNN-LSTM模型相比平均降低了约47.63%，并且LCNN-LSTM-Based IoTDI方法的F1值分别为88.6%、95.6%和99.7%。证明了该方法具有高效的设备识别能力。

关键词: 物联网, 设备识别, 卷积神经网络, 长短期记忆, 网络流量

Abstract:

With the increasing number of IoT devices, the scale of network traffic in IoT environments has also skyrocketed. In order to efficiently identify and classify IoT devices from massive network traffic, this paper proposed a IoT devices recognition method. Firstly, in order to eliminate non-standard data samples in network traffic, a sliding window based data pre processing (SW based DPP) algorithm is studied and proposed, which uses the SW based DPP algorithm to clean the data; Then, in order to reduce the complexity of IoT devices recognition methods, a lightweight convolutional neural network (LCNN) was proposed, and a neural network model based on LCNN-LSTM hybrid structure was proposed by combining LCNN and LSTM structures; Input the preprocessed network traffic into the LCNN-LSTM model for IoT devices classification; Finally, based on the aforementioned hybrid structure neural network model, a further Internet of Things Devices Identification based on LCNN and LSTM Hybrid Structure (LCNN-LSTM-based IoTDI) method was proposed. The LCNN-LSTM-Based IoTDI method iteratively traind the LCNN-LSTM model to deeply mine the temporal and spatial dual features in network traffic, and used a softmax classifier to achieve the goal of IoT devices recognition. The experimental results show that on the UNSW, CIC IoT, and Laboratory datasets, the running time of the LCNN-LSTM model decreased by an average of about 47.63% compared to the CNN-LSTM model, and the F1 values of the LCNN-LSTM-Based IoTDI method are 88.6%, 95.6% and 99.7%. It has been proven that the LCNN-LSTM-Based IoTDI method has efficient devices recognition capabilities.

Key words: Internet of Things, devices identification, CNN, LSTM, network flow

中图分类号:

TP309

李志华, 王志豪. 基于LCNN和LSTM混合结构的物联网设备识别方法[J]. 信息网络安全, 2023, 23(6): 43-54.

LI Zhihua, WANG Zhihao. IoT Device Identification Method Based on LCNN and LSTM Hybrid Structure[J]. Netinfo Security, 2023, 23(6): 43-54.

图/表 13

图1

图2

图3

图4

表1

表2

表3

图5

图6

图7

表4

表5

表6

参考文献 24

[1]	STATISTA R D. Internet of Things-Number of Connected Devices Worldwide 2015-2025[EB/OL]. (2016-11-27)[2023-03-02]. https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/,2019.
[2]	NGUYEN-AN H, SILVERSTON T, YAMAZAKI T, et al. Entropy-Based IoT Devices Identification[C]// IEEE. 2020 21st Asia-Pacific Network Operations and Management Symposium (APNOMS). New York:IEEE, 2020: 73-78.
[3]	LI Weiyuan, LI Qin, LIU Rongxin. IoT Devices Identification Based on Machine Learning[C]// IEEE. 2021 IEEE 21st International Conference on Communication Technology (ICCT). New York:IEEE, 2021: 770-777.
[4]	AMMAR N, NOIRIE L, TIXEUIL S. Autonomous Identification of IoT Device Types Based on a Supervised Classification[C]// IEEE. ICC 2020-2020 IEEE International Conference on Communications (ICC). New York:IEEE, 2020: 1-6.
[5]	ULLAH I, MAHMOUD Q H. Network Traffic Flow Based Machine Learning Technique for IoT Device Identification[C]// IEEE. 2021 IEEE International Systems Conference (SysCon). New York:IEEE, 2021: 1-8.
[6]	SUN Yizhen, FU Shupo, ZHANG Shigeng, et al. Accurate IoT Device Identification from Merely Packet Length[C]// IEEE. 2020 16th International Conference on Mobility, Sensing and Networking (MSN). New York:IEEE, 2020: 774-778.
[7]	ZHANG Liwu, GONG Liangliang, QIAN Hankun. An Effiective IoT Device Identification Using Machine Learning Algorithm[C]// IEEE. 2020 IEEE 6th International Conference on Computer and Communications (ICCC). New York:IEEE, 2020: 874-877.
[8]	NGUYEN T D, MARCHAL S, MIETTINEN M, et al. DIoT: A Federated Self-Learning Anomaly Detection system for IoT[C]// IEEE. 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS). New York:IEEE, 2019: 756-767.
[9]	YIN Feihong, LI Yang, WANG Yuchen, et al. IoT etei: End-to-End IoT Device Identification Method[C]// IEEE. 2021 IEEE Conference on Dependable and Secure Computing (DSC). New York:IEEE, 2021: 1-8.
[10]	CHEN Qinggang, DU Yanhui, HAN Yi, et al. IoT Device Recognition Model Based on Depthwise Separable Convolution[J]. Netinfo Seurity, 2021, 21(9): 67-73.
	陈庆港, 杜彦辉, 韩奕, 等. 基于深度可分离卷积的物联网设备识别模型[J]. 信息网络安全, 2021, 21(9): 67-73.
[11]	QING Guangwei, WANG Huifang, GUO Liang, et al. Device Type Identification via Network Traffic and Lightweight Convolutional Neural Network for Internet of Things[J]. IEEE Access, 2020, 8: 200219-200228. doi: 10.1109/Access.6287639 URL
[12]	RADHAKRISHNAN S V, ULUAGAC A S, BEYAH R. GTID: A Technique for Physical Device and Device Type Fingerprinting[J]. IEEE Transactions on Dependable and Secure Computing, 2014, 12(5): 519-532. doi: 10.1109/TDSC.2014.2369033 URL
[13]	KOHNO T, BROIDO A, CLAFFY K C. Remote Physical Device Fingerprinting[J]. IEEE Transactions on Dependable and Secure Computing, 2005, 2(2): 93-108. doi: 10.1109/TDSC.2005.26 URL
[14]	LANZE F, PANCHENKO A, BRAATZ B, et al. Clock Skew Based Remote Device Fingerprinting Demystified[C]// IEEE. 2012 IEEE Global Communications Conference (GLOBECOM). New York:IEEE, 2012: 813-819.
[15]	FENG Xuan, LI Qiang, ZHU Hongsong, et al. Active Profiling of Physical Devices at Internet Scale[C]// IEEE. 2016 25th International Conference on Computer Communication and Networks (ICCCN). New York:IEEE, 2016: 1-9.
[16]	AMMAR N, NOIRIE L, TIXEUIL S. Network-Protocol-Based IoT Device Identification[C]// IEEE. 2019 Fourth International Conference on Fog and Mobile Edge Computing (FMEC). New York:IEEE, 2019: 204-209.
[17]	YU Changhong, LU Ya, WANG Haixin, et al. IoT Device Traffic Classification Algorithm Based on Sliding Time Window[J]. Computer Engineering, 2022, 10(8): 1-13. doi: 10.1007/BF01206535 URL
	余长宏, 陆雅, 王海鑫, 高明. 基于滑动时间窗的物联网设备流量分类算法[J]. 计算机工程: 2022, 10(8): 1-13.
[18]	MIETTINEN M, MARCHAL S, HAFEEZ I, et al. IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT[C]// IEEE. 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS). New York:IEEE, 2017: 2177-2184.
[19]	LI Ruiguang, DUAN Pengyu, SHEN Meng, et al. Traffic Classification Algorithm of Internet of Things Devices Based on Random Forest[J]. Journal of Beijing University of Aeronautics and Astronautics, 2022, 48(2): 233-239.
	李锐光, 段鹏宇, 沈蒙, 等. 基于随机森林的物联网设备流量分类算法[J]. 北京航空航天大学学报, 2022, 48(2): 233-239.
[20]	KOSTAS K, JUST M, Lones M A. IoTDevID: A Behavior-Based Device Identification Method for the IoT[J]. IEEE Internet of Things Journal, 2022, 9(23): 23741-23749. doi: 10.1109/JIOT.2022.3191951 URL
[21]	HOWARD A G, ZHU Menglong, CHEN Bo, et al. Mobilenets: Efficient Convolutional Neural Networks for Mobile Vision Applications[EB/OL]. (2017-04-17)[2023-03-02]. http://arxiv.org/abs/1704.04861, 2017-04-17.
[22]	GREFF K, SRIVASTAVA R K, KOUTNÍK J, et al. LSTM: A Search Space Odyssey[J]. IEEE Transactions on Neural Networks and Learning Systems, 2016, 28(10): 2222-2232. doi: 10.1109/TNNLS.2016.2582924 URL
[23]	SIVANATHAN A, SHERRATT D, GHARAKHEILI H H, et al. Characterizing and Classifying IoT Traffic in Smart Cities and Campuses[C]// IEEE. 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). New York:IEEE, 2017: 559-564.
[24]	DADKHAH S, MAHDIKHANI H, DANSO P K, et al. Towards the Development of a Realistic Multidimensional IoT Profiling Dataset[C]// IEEE. 2022 19th Annual International Conference on Privacy, Security & Trust (PST). New York:IEEE, 2022: 1-11.

类型	特征
链路层协议	ARP/LLC
网络层协议	IP/ICMP/ICMP6/EAPOL/payload_l
传输层协议	TCP/UDP/TCP_w_size
应用层协议	HTTP/HTTPS/DHCP/BOOTP/SSDP/DNS/MDPS/NTP
IP选择	Padding/RouterAlert/count
包内容	Size/Raw data
IP地址	Destination IP counter
端口类型	Source/Destination

数据集名称	流量样本数	物联网设备种类数
UNSW	780007	16
CIC IoT	226468	26
Laboratory	1699405	8

软硬件类型	版本
系统	Windows 10
内存	32 GB
GPU	NVIDIA GTX 1660
开发语言	Python 3.8
深度学习框架	Tensorflow 2.10.0

神经网络模型名称	CNN-LSTM	LCNN-LSTM	降低百分比
FLOPs	5,146,461	1,761,885	65.77%
参数量	731,167	600,863	17.82%
运行时间/s	112.269	57.921	48.41%
模型大小/个	8614	7089	17.70%

神经网络模型名称	CNN-LSTM	LCNN-LSTM	降低百分比
FLOPs	8,109,646	2,772,302	65.81%
参数量	729,882	599,578	17.85%
运行时间/s	45.387	24.954	45.02%
模型大小/个	8602	7074	17.76%