物联网场景下基于蜜场的分布式网络入侵检测系统研究

doi:10.11959/j.issn.1000-436x.2024020

通信学报 ›› 2024, Vol. 45 ›› Issue (1): 106-118.doi: 10.11959/j.issn.1000-436x.2024020

• 学术论文 • 上一篇

物联网场景下基于蜜场的分布式网络入侵检测系统研究

吴昊¹^,², 郝佳佳¹^,², 卢云龙¹^,²

¹ 先进轨道交通自主运行全国重点实验室，北京 100044
² 北京交通大学电子信息工程学院，北京 100044

修回日期:2023-12-13 出版日期:2024-01-01 发布日期:2024-01-01
作者简介:吴昊（1973- ），女，江苏常熟人，博士，北京交通大学教授、博士生导师，主要研究方向为云边协同智能、异构网络安全等
郝佳佳（1999- ），男，河南洛阳人，北京交通大学硕士生，主要研究方向为主动防御技术、物联网安全等
卢云龙（1991- ），男，山东日照人，博士，北京交通大学副教授、硕士生导师，主要研究方向为移动通信、边缘智能、网络安全等
基金资助:
中央高校基本科研业务费专项资金资助项目(2022JBQY004);基础科研基金资助项目(JCKY2022XXXX145);国家自然科学基金资助项目(62221001);中国国家铁路集团有限公司科技研究开发计划基金资助项目(K2022G018);北京市自然科学基金资助项目(L211013);中国博士后科学基金资助项目(2021TQ0028)

Research on distributed network intrusion detection system for IoT based on honeyfarm

Hao WU¹^,², Jiajia HAO¹^,², Yunlong LU¹^,²

¹ State Key Laboratory of Advanced Rail Autonomous Operation, Beijing 100044, China
² School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China

Revised:2023-12-13 Online:2024-01-01 Published:2024-01-01
Supported by:
The Fundamental Research Funds for the Central Universities(2022JBQY004);The Basic Research Program(JCKY2022XXXX145);The National Natural Science Foundation of China(62221001);The Science and Technology Research and Development Plan of China Railway Co., Ltd.(K2022G018);Beijing Natural Science Foundation(L211013);China Postdoctoral Science Foundation(2021TQ0028)

摘要/Abstract

摘要：

为了解决物联网网络入侵检测系统无法识别新型攻击、灵活性有限等问题，基于蜜场提出了一种能有效识别异常流量和具备持续学习能力的网络入侵检测系统。首先，结合卷积块注意力模块的特点，构建专注于通道和空间双维度的异常流量检测模型，从而提高模型的识别能力。其次，利用联邦学习下的模型训练方案，提高模型的泛化能力。最后，基于蜜场对边缘节点的异常流量检测模型进行更新迭代，从而提高系统对新型攻击流量的识别准确度。实验结果表明，所提系统不仅能有效检测出网络流量中的异常行为，还可以持续提高对异常流量的检测性能。

关键词: 网络入侵检测系统, 联邦学习, 蜜场, 卷积块注意力模块, 物联网

Abstract:

To solve the problems that the network intrusion detection system in the Internet of things couldn’t identify new attacks and has limited flexibility, a network intrusion detection system based on honeyfarm was proposed, which could effectively identify abnormal traffic and have continuous learning ability.Firstly, considering the characteristics of the convolutional block attention module, an abnormal traffic detection model was developed, focusing on both channel and spatial dimensions, to enhance the model’s recognition abilities.Secondly, a model training scheme utilizing federated learning was employed to enhance the model’s generalization capabilities.Finally, the abnormal traffic detection model at the edge nodes was continuously updated and iterated based on the honeyfarm, so as to improve the system’s accuracy in recognizing new attack traffic.The experimental results demonstrate that the proposed system not only effectively detects abnormal behavior in network traffic, but also continually enhances performance in detecting abnormal traffic.

Key words: NIDS, federated learning, honeyfarm, convolutional block attention module, IoT

中图分类号:

TN929.5

吴昊, 郝佳佳, 卢云龙. 物联网场景下基于蜜场的分布式网络入侵检测系统研究[J]. 通信学报, 2024, 45(1): 106-118.

Hao WU, Jiajia HAO, Yunlong LU. Research on distributed network intrusion detection system for IoT based on honeyfarm[J]. Journal on Communications, 2024, 45(1): 106-118.

图/表 18

图1

图2

图3

图4

图5

图6

图7

表1

图8

表2

表3

图9

图10

图11

图12

图13

表4

表5

参考文献 28

[1]	SISINNI E , SAIFULLAH A , HAN S ,et al. Industrial Internet of things:challenges,opportunities,and directions[J]. IEEE Transactions on Industrial Informatics, 2018,14(11): 4724-4734.
[2]	GATOUILLAT A , BADR Y , MASSOT B ,et al. Internet of medical things:a review of recent contributions dealing with cyber-physical systems in medicine[J]. IEEE Internet of Things Journal, 2018,5(5): 3810-3822.
[3]	ARASTEH H , HOSSEINNEZHAD V , LOIA V ,et al. IoT-based smart cities:a survey[C]// Proceedings of 2016 IEEE 16th International Conference on Environment and Electrical Engineering (EEEIC). Piscataway:IEEE Press, 2016: 1-6.
[4]	ALAA M , ZAIDAN A A , ZAIDAN B B ,et al. A review of smart home applications based on Internet of things[J]. Journal of Network and Computer Applications, 2017,97: 48-65.
[5]	SCHILLER E , AIDOO A , FUHRER J ,et al. Landscape of IoT security[J]. Computer Science Review, 2022,44:100467.
[6]	NGUYEN X H , NGUYEN X D , HUYNH H H ,et al. Realguard:a lightweight network intrusion detection system for IoT gateways[J]. Sensors, 2022,22(2): 432.
[7]	CAO B , LI C , SONG Y ,et al. Network intrusion detection model based on CNN and GRU[J]. Applied Sciences, 2022,12(9): 4184.
[8]	MUHAMMAD G , HOSSAIN M S , GARG S . Stacked autoencoder-based intrusion detection system to combat financial fraudulent[J]. IEEE Internet of Things Journal, 2023,10(3): 2071-2078.
[9]	SABIR M , AHMAD J , ALGHAZZAWI D . A lightweight deep autoencoder scheme for cyberattack detection in the Internet of things[J]. Computer Systems Science and Engineering, 2023,46(1): 57-72.
[10]	YAO W , HU L , HOU Y ,et al. A lightweight intelligent network intrusion detection system using one-class autoencoder and ensemble learning for IoT[J]. Sensors, 2023,23(8): 4141.
[11]	KHAN F A , GUMAEI A , DERHAB A ,et al. A novel two-stage deep learning model for efficient network intrusion detection[J]. IEEE Access, 2019,7: 30373-30385.
[12]	BASATI A , FAGHIH M M . PDAE:efficient network intrusion detection in IoT using parallel deep auto-encoders[J]. Information Sciences, 2022,598: 57-74.
[13]	SHONE N , NGOC T N , PHAI V D ,et al. A deep learning approach to network intrusion detection[J]. IEEE Transactions on Emerging Topics in Computational Intelligence, 2018,2(1): 41-50.
[14]	MOTHUKURI V , PARIZI R M , POURIYEH S ,et al. A survey on security and privacy of federated learning[J]. Future Generation Computer Systems, 2021,115: 619-640.
[15]	HUONG T T , BAC T P , LONG D M ,et al. Detecting cyberattacks using anomaly detection in industrial control systems:a federated learning approach[J]. Computers in Industry, 2021,132:103509.
[16]	QIN Y , KONDO M . Federated learning-based network intrusion detection with a feature selection approach[C]// Proceedings of 2021 International Conference on Electrical,Communication,and Computer Engineering (ICECCE). Piscataway:IEEE Press, 2021: 1-6.
[17]	CETIN B , LAZAR A , KIM J ,et al. Federated wireless network intrusion detection[C]// Proceedings of 2019 IEEE International Conference on Big Data (Big Data). Piscataway:IEEE Press, 2019: 6004-6006.
[18]	MCMAHAN H B , MOORE E , RAMAGE D ,et al. Communication-efficient learning of deep networks from decentralized data[J]. arXiv Preprint,arXiv:1602.05629, 2016.
[19]	CHOLAKOSKA A , PFITZNER B , GJORESKI H ,et al. Differentially private federated learning for anomaly detection in e-health networks[C]// Proceedings of the 2021 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2021 ACM International Symposium on Wearable Computers. New York:ACM Press, 2021: 514-518.
[20]	AMAL M R , VENKADESH P . H-doctor:honeypot based firewall tuning for attack prevention[J]. Measurement:Sensors, 2023,25:100664.
[21]	PASHAEI A , AKBARI M E , ZOLFY L M ,et al. Early intrusion detection system using honeypot for industrial control networks[J]. Results in Engineering, 2022,16:100576.
[22]	ELLOUH M , GHALEB M , FELEMBAN M . IoTZeroJar:towards a honeypot architecture for detection of zero-day attacks in IoT[C]// Proceedings of 2022 14th International Conference on Computational Intelligence and Communication Networks (CICN). Piscataway:IEEE Press, 2022: 765-771.
[23]	ALMOHANNADI H , AWAN I , AL HAMAR J ,et al. Cyber threat intelligence from honeypot data using elasticsearch[C]// Proceedings of 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA). Piscataway:IEEE Press, 2018: 900-906.
[24]	ALBASEER A , ABDALLAH M . Fine-tuned LSTM-based model for efficient honeypot-based network intrusion detection system in smart grid networks[C]// Proceedings of 2022 5th International Conference on Communications,Signal Processing,and their Applications (ICCSPA). Piscataway:IEEE Press, 2022: 1-6.
[25]	WOO S , PARK J , LEE J-Y ,et al. CBAM:convolutional block attention module[J]. arXiv Preprint,arXiv:1807.06521, 2018.
[26]	MOUSTAFA N , SLAY J . UNSW-NB15:a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]// Proceedings of 2015 Military Communications and Information Systems Conference (MilCIS). Piscataway:IEEE Press, 2015: 1-6.
[27]	MOUSTAFA N , SLAY J . The evaluation of network anomaly detection systems:statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set[J]. Information Security Journal:A Global Perspective, 2016,25(1-3): 18-31.
[28]	WANG Z , WANG P , SUN Z . SDN traffic anomaly detection method based on convolutional autoencoder and federated learning[C]// Proceedings of 2022 IEEE Global Communications Conference. Piscataway:IEEE Press, 2022: 4154-4160.

数据集	标签类别		总和
数据集	异常流量	正常流量	总和
训练集	19 488	61 685	81 173
测试集	9 625	25 554	35 179
总和	29 113	87 239	116 352

模型参数	参数设置
批次大小	64
损失函数	二分类交叉熵
优化器	随机梯度下降
学习速率	0.005
联邦学习全局训练轮次	100
联邦学习本地训练轮次	1
节点数目	10
本地独立训练轮次	100

NIDS模型	Accuracy		异常流量样本			正常流量样本
NIDS模型	Accuracy	Precision	Recall	F1-score	Precision	Recall	F1-score
LocalCBAM	88.88%	99.93%	59.39%	74.50%	86.73%	99.98%	92.89%
FedAE	91.98%	99.98%	70.70%	82.83%	90.06%	99.99%	94.77%
FedCAE	93.19%	99.82%	75.26%	85.81%	91.47%	99.94%	95.52%
FedCBAM	94.47%	98.76%	80.81%	88.89%	93.24%	99.62%	96.32%

模型	每轮平均训练时间/s	训练总时间/s
FedAE模型	56.97	579
FedCAE模型	61.58	451
FedCBAM模型	67.65	290

NIDS模型	Accuracy		攻击样本			正常样本
NIDS模型	Accuracy	Precision	Recall	F1-score	Precision	Recall	F1-score
FedCBAM-o模型	92.19%	99.79%	71.59%	83.37%	90.33%	99.94%	94.89%
FedCBAM-n模型	94.47%	98.76%	80.81%	88.89%	93.24%	99.62%	96.32%

物联网场景下基于蜜场的分布式网络入侵检测系统研究

Research on distributed network intrusion detection system for IoT based on honeyfarm

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 18

参考文献 28

相关文章 15

Metrics

推荐阅读 0

[1]	陈晓霖, 昝道广, 吴炳潮, 关贝, 王永吉. 面向纵向联邦学习的对抗样本生成算法[J]. 通信学报, 2023, 44(8): 1-13.
[2]	马卓, 金嘉玉, 杨易龙, 刘洋, 应作斌, 李腾, 张俊伟. 基于门限同态加密的自适应联邦学习安全聚合方案[J]. 通信学报, 2023, 44(7): 76-85.
[3]	张世铂, 高洪元, 苏雨萌, 程建华, 赵立帅. 安全雾计算物联网的联合资源配置方法[J]. 通信学报, 2023, 44(7): 26-37.
[4]	金彪, 李逸康, 姚志强, 陈瑜霖, 熊金波. GenFedRL：面向深度强化学习智能体的通用联邦强化学习框架[J]. 通信学报, 2023, 44(6): 183-197.
[5]	马鑫迪, 李清华, 姜奇, 马卓, 高胜, 田有亮, 马建峰. 面向Non-IID数据的拜占庭鲁棒联邦学习[J]. 通信学报, 2023, 44(6): 138-153.
[6]	张佳乐, 朱诚诚, 孙小兵, 陈兵. 基于GAN的联邦学习成员推理攻击与防御方法[J]. 通信学报, 2023, 44(5): 193-205.
[7]	田有亮, 吴柿红, 李沓, 王林冬, 周骅. 基于激励机制的联邦学习优化算法[J]. 通信学报, 2023, 44(5): 169-180.
[8]	姜慧, 何天流, 刘敏, 孙胜, 王煜炜. 面向异构流式数据的高性能联邦持续学习算法[J]. 通信学报, 2023, 44(5): 123-136.
[9]	余晟兴, 陈泽凯, 陈钟, 刘西蒙. DAGUARD：联邦学习下的分布式后门攻击防御方案[J]. 通信学报, 2023, 44(5): 110-122.
[10]	李开菊, 许强, 王豪. 冗余数据去除的联邦学习高效通信方法[J]. 通信学报, 2023, 44(5): 79-93.
[11]	王冬, 秦倩倩, 郭开天, 刘容轲, 颜伟鹏, 任一支, 罗清彩, 申延召. 联邦学习中的模型逆向攻防研究综述[J]. 通信学报, 2023, 44(11): 94-109.
[12]	马千飘, 贾庆民, 刘建春, 徐宏力, 谢人超, 黄韬. 异构边缘计算环境下异步联邦学习的节点分组与分时调度策略[J]. 通信学报, 2023, 44(11): 79-93.
[13]	汤凌韬, 王迪, 刘盛云. 面向非独立同分布数据的联邦学习数据增强方案[J]. 通信学报, 2023, 44(1): 164-176.
[14]	余晟兴, 陈钟. 基于同态加密的高效安全联邦学习聚合框架[J]. 通信学报, 2023, 44(1): 14-28.
[15]	范绍帅, 吴剑波, 田辉. 面向能量受限工业物联网设备的联邦学习资源管理[J]. 通信学报, 2022, 43(8): 65-77.