Netinfo Security ›› 2019, Vol. 19 ›› Issue (12): 53-63.doi: 10.3969/j.issn.1671-1122.2019.12.007

Previous Articles     Next Articles

IoT Traffic Anomaly Detection Based on Device Type Identification and BP Neural Network

Weichao YANG(), Yuanbo GUO, Ya ZHONG, Shuaihui ZHEN   

  1. School of Crytography, Information Engineering University, Zhengzhou Henan 450000, China
  • Received:2019-08-10 Online:2019-12-10 Published:2020-05-11

Abstract:

The rapid development of the Internet of Things has brought about numerous security threats. In particular, it is not uncommon for an attacker to use a device vulnerability to invade a device in advance and launch a network attack. In order to effectively deal with the security threat of the Internet of Things, combined with the characteristics of the Internet of Things system, In this paper, the traffic anomaly detection model based on the device model is designed. The model uses the method of setting the damped time window to extract the time statistical features and construct the fingerprint. Then the fingerprint is classified according to the device type. Finally, the principal component analysis method is used to reduce the features and use BP neural network algorithm for training and identification of anomaly detection. In order to further verify the contribution of equipment model classification to anomaly detection, this paper compares the effects of random forest, support vector machine in detection and evaluates the experimental results. The results show that the accuracy of anomaly detection based on equipment model can be increased by 10%. BP neural network has the best detection effect, with an average of more than 90%.

Key words: anomaly detection, device type identification, BP neural network, principal component analysis, damped time window

CLC Number: