针对如何从海量的网络流量数据中高效检测出物联网僵尸网络多阶段攻击行为,提出了一种基于多尺度混合残差网络(Multi-scale Hybrid Residual Network,MHRN)的物联网僵尸网络攻击检测(IoT Botnet Attack Detection based on MHRN,IBAD-MHRN)方法.首先,为了减少检测模型的计算参数,在数据预处理中提出基于方差阈值法的特征选择(Feature Selection based on Variance Threshold,FS-VT)算法;其次,采取一种将数据样本转换为图像样本的数据图像化处理策略,充分挖掘深度学习模型的潜能;然后,为了弥补传统僵尸网络检测模型表征能力有限的不足,提出了一种基于多尺度混合残差网络的物联网僵尸网络多阶段攻击检测模型,该模型通过混合方式融合了不同尺度深度提取的特征信息,再通过残差连接消除网络加深造成的网络退化影响;最后,集成上述模型和算法,进一步提出了一种物联网僵尸网络攻击检测方法IBAD-MHRN.实验结果表明,IBAD-MHRN方法的检测准确率和F1值均达到了 99.8%,与表现较好的卷积神经网络方法相比在准确率和F1值上分别有0.14%和0.36%的提升,能够有效且高效地检测物联网僵尸网络多阶段攻击.
Abnormal Traffic Detection Method for Multi-stage Attacks of Internet of Things Botnets
To address the problem of how to efficiently detect multi-stage attack behavior of IoT botnet from massive network traffic data,an IoT botnet attack detection method based on multi-scale hybrid residual network(IBAD-MHRN)is proposed.Firstly,in order to reduce the calculation parameters of the detection model,a feature selection algorithm based on variance threshold(FS-VT)method is proposed in data preprocessing.Secondly,a data image processing strategy that converts data sam-ples into image samples is adopted to fully tap the potential of the deep learning model.Then,in order to solve the deficiency of the traditional botnet detection model with limited representation ability,a multi-stage attack detection model of IoT botnet based on multi-scale hybrid residual network is proposed.The model integrates the feature information extracted at different scales and depths in a hybrid way,and then eliminates the effect of network degradation caused by network deepening through residual con-nection.Finally,an IBAD-MHRN method for IoT botnet attack detection is proposed by integrating the above models and algo-rithms.Experimental results show that the detection accuracy and F1 value of the proposed IBAD-MHRN method reaches 99.8%,and the accuracy and F1 value is improved by 0.14%and 0.36%respectively compared with the better convolutional neural network method,which can effectively and efficiently detect multi-stage attacks of Internet of Things botnets.
Internet of ThingsBotnetVariance threshold methodResidual networkMulti-stage attacks
万方数据
维普
