Netinfo Security ›› 2021, Vol. 21 ›› Issue (8): 82-90.doi: 10.3969/j.issn.1671-1122.2021.08.010

Previous Articles     Next Articles

A Clustering and Classification-based Malicious Attack Detection Method for Internet of Things

LI Qun1, DONG Jiahan1, GUAN Zhitao2(), WANG Chao1   

  1. 1. State Grid Beijing Electric Power Company, Beijing 100075, China
    2. School of Control and Computer Engineering, North China Electric Power University, Beijing 102206, China
  • Received:2021-02-21 Online:2021-08-10 Published:2021-09-01
  • Contact: GUAN Zhitao E-mail:guan@ncepu.edu.cn

Abstract:

The Internet of things (IoT) devices are large in number, widely distributed, weak in protection, and vulnerable to malicious attacks. At the same time, attackers can capture a large number of the IoT terminal devices to launch massive attack traffic. To solve the above problems, this paper proposes a malicious attack detection method for IoT based on clustering and classification. Firstly, the traffic data of the IoT is preprocessed, random forest is used to evaluate the importance of features, and principal component analysis is used to reduce the dimensionality of some features. Then, the improved k-means algorithm is applied to cluster the results of traffic preprocessing. For different attack clusters, attack classification is implemented based on CART decision tree. Based on Bot-IoT and KDD CUP 99, the experimental results show that the proposed method has good attack detection effect, especially can effectively improve the detection accuracy of low-frequency attacks.

Key words: Internet of things, clustering, classification, intrusion detection, Bot-IoT

CLC Number: