面向物联网的多协议僵尸网络检测方法
A Multi-Protocol Botnet Detection Method for IoT
- 电子学报 2023年51卷第5期 页码:1198-1206
- 作者机构:
1.中国民航大学安全科学与工程学院,天津 300300
2.中国民航大学计算机科学与技术学院,天津 300300
3.亚利桑那大学信息学院,美国亚利桑那州图森市 85721
4.扬州大学信息工程学院,江苏扬州 225127
5.江苏省知识管理与智能服务工程研究中心,江苏扬州 225127
- 作者简介:
[ "杨宏宇 男,1969年12月生,吉林长春人.博士,中国民航大学教授.主要研究方向为网络与系统安全、漏洞分析与评估、云计算与大数据安全. E-mail: yhyxlx@hotmail.com" ]
[ "王泽霖 男,1998年6月生,黑龙江哈尔滨人.中国民航大学硕士研究生.主要研究方向为网络与系统安全、物联网安全、僵尸网络检测. E-mail: cauc_wzl@hotmail.com" ]
[ "张良 男,1987年6月生,天津人.博士,亚利桑那大学博士后研究员.主要研究方向为强化学习、基于深度学习的信号处理. E-mail: liangzh@arizona.edu" ]
[ "成翔(通讯作者) 男,1988年9月生,新疆乌鲁木齐人.博士,扬州大学实验师.主要研究方向为网络与系统安全、网络安全态势感知、联邦学习、边缘计算." ]
- 基金信息:国家自然科学基金(U1833107)
DOI:10.12263/DZXB.20220881
中图分类号: TP393.08收稿:2022-07-25,
修回:2022-10-08,
纸质出版:2023-05-25
- 稿件说明:
移动端阅览
杨宏宇,王泽霖,张良等.面向物联网的多协议僵尸网络检测方法[J].电子学报,2023,51(05):1198-1206.
YANG Hong-yu,WANG Ze-lin,ZHANG Liang,et al.A Multi-Protocol Botnet Detection Method for IoT[J].ACTA ELECTRONICA SINICA,2023,51(05):1198-1206.
杨宏宇,王泽霖,张良等.面向物联网的多协议僵尸网络检测方法[J].电子学报,2023,51(05):1198-1206. DOI: 10.12263/DZXB.20220881.
YANG Hong-yu,WANG Ze-lin,ZHANG Liang,et al.A Multi-Protocol Botnet Detection Method for IoT[J].ACTA ELECTRONICA SINICA,2023,51(05):1198-1206. DOI: 10.12263/DZXB.20220881.
摘要
针对现有僵尸网络检测方法采样不均、特征选择差、泛化能力较弱,导致检测分类效果偏低且对计算和存储资源受限的物联网环境的适应性较差等不足,本文提出了一种面向物联网的多协议僵尸网络检测方法.通过所设计的基于地址三元组和时间窗口的IP聚合与特征重构方法整合从物联网网关中获取的网络流量,得到重构样本集.采用所提出的自修正混合加权采样算法平衡重构样本集中正常流量与僵尸流量,得到重采样样本集.采用所提出的基于多属性决策和邻接关系链的序列前向选择算法剔除重采样样本集中的冗余特征,得到最优特征子集.采用所设计的基于阵发混沌的秃鹰搜索算法优化后的两阶段混合异构模型,对经最优特征子集筛选后的重采样样本集进行检测分类.实验结果表明,所提方法对僵尸网络的检测效果较好,检测准确率为99.24%,马修斯相关系数为98.49%,误报率为0.17%,漏报率为1.29%,优于现有方法.该方法能够有效降低采样与特征选择的时空开销,可较好地适应资源受限的物联网环境.
Abstract
In order to solve the problems of uneven sampling
poor feature selection
and weak generalization ability to the existing botnet detection methods
this paper proposes a multi-protocol botnet detection method for internet of things(IoT). The designed IP aggregation and feature reconstruction method using address triples and time windows is used to integrate the network traffic samples obtained from the IoT gateway to obtain the reconstructed sample set. The proposed self-correcting hybrid weighted sampling algorithm balances the normal and botnet flow samples to get the resampling sample set. The proposed multi-attribute decision making and adjacency relation chain-based sequential forward selection algorithm is used to eliminate the redundant features and obtain the optimal feature subset. The resampling sample set filtered by the optimal feature subset is detected and classified through the designed two-stage hybrid heterogeneous model optimized by the intermittent chaos-based bald eagle search algorithm. Experimental results show that the proposed method has a good detection effect on the botnet. The detection accuracy is 99.24%
Matthews correlation coefficient is 98.49%
false positive rate is 0.17%
and false negative rate is 1.29%
which are better than the existing methods. This method can effectively reduce sampling and feature selection time and space overhead and better adapt to the resource-constrained IoT environment.
关键词
Keywords
references
XU G Q , BAI H P , XING J , et al . SG-PBFT: A secure and highly efficient distributed blockchain PBFT consensus algorithm for intelligent Internet of vehicles [J]. Journal of Parallel and Distributed Computing , 2022 , 164 : 1 - 11 .
ZHAO B , JI S , LEE W H , et al . A large-scale empirical study on the vulnerability of deployed IoT devices [J]. IEEE Transactions on Dependable and Secure Computing , 2022 , 19 ( 3 ): 1826 - 1840 .
QIAO H , NOVIKOV B , BLECH J O . Concept drift analysis by dynamic residual projection for effectively detecting botnet cyber-attacks in IoT scenarios [J]. IEEE Transactions on Industrial Informatics , 2021 , 18 ( 6 ): 3692 - 3701 .
WANG Q , WANG D , CHENG C , et al . Quantum2fa: efficient quantum-resistant two-factor authentication scheme for mobile devices [J/OL]. IEEE Transactions on Dependable and Secure Computing , 2021 . DOI: 10.1109/TDSC.2021.3129512 http://dx.doi.org/10.1109/TDSC.2021.3129512 .
MIAO Y , CHEN C , PAN L , et al . Machine learning-based cyber attacks targeting on controlled information: a survey [J]. ACM Computing Surveys (CSUR) , 2021 , 54 ( 7 ): 1 - 36 .
陈书仪 , 刘亚丽 , 林昌露 , 等 . 面向物联网的轻量级可验证群组认证方案 [J]. 电子学报 , 2022 , 50 ( 4 ): 990 - 1001 .
CHEN Shu-yi , LIU Ya-li , LIN Chang-lu , et al . Lightweight verifiable group authentication scheme for the internet of things [J]. Acta Electronica Sinica , 2022 , 50 ( 4 ): 990 - 1001 . (in Chinese)
DOSHI K , YILMAZ Y , ULUDAG S . Timely detection and mitigation of stealthy DDoS attacks via IoT networks [J]. IEEE Transactions on Dependable and Secure Computing , 2021 , 18 ( 5 ): 2164 - 2176 .
JOSHI C , RANJAN R K , BHARTI V . A fuzzy logic based feature engineering approach for botnet detection using ANN [J/OL]. Journal of King Saud University-Computer and Information Sciences , 2021 . DOI: 10.1016/j.jksuci.2021.06.018 http://dx.doi.org/10.1016/j.jksuci.2021.06.018 .
PALMIERI F . Network anomaly detection based on logistic regression of nonlinear chaotic invariants [J]. Journal of Network and Computer Applications , 2019 , 148 : 102460 - 102473 .
IKRAM S T , PRIYA V , ANBARASU B , et al . Prediction of IIoT traffic using a modified whale optimization approach integrated with random forest classifier [J]. The Journal of Supercomputing , 2022 , 78 ( 8 ): 10725 - 10756 .
MAJUMDAR P , SINGH A , PANDEY A , et al . A Deep Learning Approach against Botnet Attacks to Reduce the Interference Problem of IoT [M]// Intelligent Computing and Applications . Singapore : Springer , 2021 : 645 - 655 .
吴迪 , 方滨兴 , 崔翔 , 等 . BotCatcher: 基于深度学习的僵尸网络检测系统 [J]. 通信学报 , 2018 , 39 ( 8 ): 18 - 28 .
WU Di , FANG Bin-xing , CUI Xiang , et al . BotCatcher: Botnet detection system based on deep learning [J]. Journal on Communications , 2018 , 39 ( 8 ): 18 - 28 . (in Chinese)
牛伟纳 , 蒋天宇 , 张小松 , 等 . 基于流量时空特征的fast-flux僵尸网络检测方法 [J]. 电子与信息学报 , 2020 , 42 ( 8 ): 1872 - 1880 .
NIU Wei-na , JIANG Tian-yu , ZHANG Xiao-song , et al . Fast-flux botnet detection method based on spatiotemporal feature of network traffic [J]. Journal of Electronics & Information Technology , 2020 , 42 ( 8 ): 1872 - 1880 . (in Chinese)
朱艳 . 优化觅食算法改进支持向量机的僵尸网络检测模型研究 [D]. 兰州 : 兰州大学 , 2018 .
ZHU Yan . Research on Botnet Detection Model Based on Support Vector Machine Improved by Optimal Foraging Algorithm [D]. Lanzhou : Lanzhou University , 2018 . (in Chinese)
TORRES J L G , CATANIA C A , VEAS E . Active learning approach to label network traffic datasets [J]. Journal of Information Security and Applications , 2019 , 49 : 102388 - 102400 .
Al S , DENER M . STL-HDL: A new hybrid network intrusion detection system for imbalanced dataset on big data environment [J]. Computers & Security , 2021 , 110 : 102435 - 102455 .
KANNANGARA K K P M , ZHOU W , DING Z , et al . Investigation of feature contribution to shield tunneling-induced settlement using shapley additive explanations method [J]. Journal of Rock Mechanics and Geotechnical Engineering , 2022 , 14 ( 4 ): 1052 - 1063 .
GAN M , ZHANG L . Iteratively local Fisher score for feature selection [J]. Applied Intelligence , 2021 , 51 ( 8 ): 6167 - 6181 .
杨宏宇 , 袁海航 , 张良 . 基于攻击图的主机安全评估方法 [J]. 通信学报 , 2022 , 43 ( 2 ): 89 - 99 .
YANG Hong-yu , YUAN Hai-hang , ZHANG Liang . Host security assessment method based on attack graph [J]. Journal on Communications , 2022 , 43 ( 2 ): 89 - 99 . (in Chinese)
杨宏宇 , 张旭高 . 基于自修正系数修匀法的网络安全态势预测 [J]. 通信学报 , 2020 , 41 ( 5 ): 196 - 204 .
YANG Hong-yu , ZHANG Xu-gao . Self-corrected coefficient smoothing method based network security situation prediction [J]. Journal on Communications , 2020 , 41 ( 5 ): 196 - 204 . (in Chinese)
ZHU D , WANG R , DUAN J , et al . Comprehensive weight method based on game theory for identify critical transmission lines in power system [J]. International Journal of Electrical Power & Energy Systems , 2021 , 124 : 106362 - 106369 .
ZELENKOV Y , VOLODARSKIY N . Bankruptcy prediction on the base of the unbalanced data using multi-objective selection of classifiers [J]. Expert Systems with Applications , 2021 , 185 : 115559 - 115570 .
YANG H Y , ZHANG Z X , XIE L X , et al . Network security situation assessment with network attack behavior classification [J]. International Journal of Intelligent Systems , 2022 , 37 ( 10 ): 6909 - 6927 .
YANG H Y , ZENG R Y , XU G Q , et al . A network security situation assessment method based on adversarial deep learning [J]. Applied Soft Computing , 2021 , 102 : 107096 - 107104 .
ALSATTAR H A , ZAIDAN A A , ZAIDAN B B . Novel meta-heuristic bald eagle search optimization algorithm [J]. Artificial Intelligence Review , 2020 , 53 ( 3 ): 2237 - 2264 .
YANG Z , LIU X , LI T , et al . A systematic literature review of methods and datasets for anomaly-based network intrusion detection [J]. Computers & Security , 2022 , 116 : 102675 - 102694 .
张鑫 , 李占山 . 自然进化策略的特征选择算法研究 [J]. 软件学报 , 2020 , 31 ( 12 ): 3733 - 3752 .
ZHANG Xin , LI Zhan-shan . Research on feature selection algorithm based on natural evolution strategy [J]. Journal of Software , 2020 , 31 ( 12 ): 3733 - 3752 . (in Chinese)
WANG X L , GONG J , SONG Y , et al . Adaptively weighted three-way decision oversampling: A cluster imbalanced-ratio based approach [J/OL]. Applied Intelligence , 2022 . DOI: 10.1007/s10489-022-03394-7 http://dx.doi.org/10.1007/s10489-022-03394-7 .
IDAKWO G , THANGAPANDIAN S , LUTTRELL J , et al . Structure⁃activity relationship-based chemical classification of highly imbalanced Tox21 datasets [J]. Journal of Cheminformatics , 2020 , 12 ( 1 ): 1 - 19 .
ROFFO G , MELZI S , CASTELLANI U , et al . Infinite feature selection: A graph-based feature filtering approach [J]. IEEE Transactions on Pattern Analysis and Machine Intelligence , 2020 , 43 ( 12 ): 4396 - 4410 .
LI A D , XUE B , ZHANG M . Improved binary particle swarm optimization for feature selection with new initialization and search space reduction strategies [J]. Applied Soft Computing , 2021 , 106 : 107302 - 107339 .
LIU W , WANG J . Recursive elimination‑election algorithms for wrapper feature selection [J]. Applied Soft Computing , 2021 , 113 : 107956 - 107968 .
0
浏览量
15
下载量
2
CSCD
- 网络PDF下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies