摘要
物联网(Internet of Things,IoT)的大规模部署应用,使得有漏洞的物联网设备也可能联入网中。攻击者利用有漏洞的设备接入目标内部网络,就可潜伏伺机发起进一步的攻击。为防范这类攻击,需要开发一种对可疑设备接入控制并管理内部设备的安全机制。首先,为实现对可疑设备的接入控制,文中给出了一种设备识别方法,通过设置白名单,构建通信流量特征指纹,使用随机森林方法来训练设备识别模型;其次,为管理内部设备,提出了一种智能安全管理模型,构建基于资产、漏洞、安全机制等的本体威胁模型;最后,通过实验验证了设备识别模型的检测效果,其识别准确率达到96%以上,并将其与已有类似方法进行对比,结果证明了所提方法具有更好的检测稳定性。
The large-scale deployment of the Internet of Things makes it possible for vulnerable IoT devices to be connected to the network.When an attacker uses a vulnerable device to access the target internal network,it can lurk to wait for an attack.To prevent such attacks,it is necessary to develop a security mechanism for access control of suspicious devices and management of internal devices.Firstly,in order to realize the access control of suspicious devices,a device identification method is given in this paper.By setting a white list,a communication traffic feature fingerprint is constructed,and a random forest method is used to train the device identification model.Secondly,to manage internal devices,an intelligent security management model is proposed to build an ontology threat model based on assets,vulnerabilities and security mechanisms.Finally,the experimental results verify the detection performance of the device recognition model,the recognition accuracy rate is above 96%.Compared with the exi sting similar methods,the results prove that the proposed method has better detection stability.
作者
杨威超
郭渊博
李涛
朱本全
YANG Wei-chao;GUO Yuan-bo;LI Tao;ZHU Ben-quan(School of Cryptography,University of Information Engineering,Zhengzhou 450000,China;261213 Troops of the Chinese People’s Liberation Army,Linfen,Shanxi 041000,China)
出处
《计算机科学》
CSCD
北大核心
2020年第7期299-306,共8页
Computer Science
基金
信息保障技术重点实验室基金(614211203010417)。
关键词
本体威胁建模
物联网设备识别
流量特征提取
白名单
随机森林
Ontology threat modeling
IoT device identification
Traffic feature extraction
White list
Random forest
作者简介
YANG Wei-chao,born in 1991,M.S.candidate.His research interests include security of internet of things and so on.(79579@163.com);通信作者:郭渊博(yuanbo_g@hotmail.com),born in 1975,Ph.D,professor.His research interests include network attack and defense and so on.
