针对物联网Mirai僵尸网络流量数据的高维度和大规模数据导致传统检测方法存在检测时间长、资源消耗大和准确性欠佳的不足,文章提出了一种基于集成特征选择的物联网僵尸网络流量检测(IoT Botnet Traffic Detection Based on Ensemble Feature Selection,IBTD-EFS)方法.首先,为了降低网络流量数据样本的特征维度以便获取最优特征子集,文章提出了 一种基于特征分组和遗传算法相结合的集成特征选择(Ensemble Feature Selection Based on Feature Group and Genetic Algorithm,EFS-FGGA)算法;然后,为 了高效地检测Mirai僵尸网络流量,提出了基于极限梯度提升的物联网僵尸网络流量分类(IoT Botnet Traffic Classification Based on eXtreme Gradient Boosting,IBTC-XGB)算法;最后,联合上述算法,进一步提出了物联网僵尸网络流量检测IBTD-EFS方法.实验结果表明,IBTD-EFS方法能屏蔽物联网设备的异构性,对Mirai僵尸网络流量检测达到99.95%的准确率,而且保持了较低的时间开销.
Lightweight Detection Method for IoT Mirai Botnet
Aiming at the shortcomings of traditional detection methods for IoT Mirai botnet traffic data,which include long detection times,high resource consumption,and inadequate accuracy due to the high dimensionality and large scale of data,this study researched and proposed an IoT botnet traffic detection(IBTD-EFS)method based on integrated feature selection.Firstly,to reduce the feature dimension of network traffic data samples and obtain an optimal subset of features,an integrated feature selection(EFS-FGGA)algorithm combining feature grouping and genetic algorithm was proposed.Then,to efficiently detect Mirai botnet traffic,an IoT botnet traffic classification(IBTC-XGB)algorithm based on extreme gradient boosting was introduced.Lastly,by combining the aforementioned EFS-FGGA and IBTC-XGB algorithms,the IBTD-EFS method for IoT botnet traffic detection was further proposed.Experimental results indicate that the IBTD-EFS method can overcome the heterogeneity of IoT devices,achieving a detection accuracy of 99.95%for Mirai botnet traffic and keeps the time overhead low.It is evident that the IBTD-EFS method provides an efficient solution for IoT Mirai botnet traffic detection.
万方数据
维普
