| 摘要: |
| 随着国家关键基础设施中物联网设备的爆炸式增长,其安全高效的设备管理变得至关重要。传统的基于人工操作的设备识别方法已难以应对海量设备的管理需求,亟需开发自动化和智能化的物联网设备识别技术。然而,关键领域的通信流量通常采用加密传输,一般基于明文流量的设备识别方法无法直接应用。为突破此类方法依赖解密操作的限制,提出了一种基于流量包长度特征的物联网设备识别方法,仅利用通信数据包物理层的MAC地址和数据包长度信息,构建了基于物联网设备业务的“设备行为-流量分布”表征模型,设计了结合流量包长分布、持续时间和带宽特征的识别方法,并基于随机森林分类模型实现了物联网设备的准确识别。通过在5种物联网设备真实流量上进行的实验验证,所提方法可实现超过98%的识别准确率。 |
| 关键词: 物联网 设备识别 通信流量 包长特征 机器学习 |
| DOI:10.20079/j.issn.1001-893x.241108001 |
|
| 基金项目: |
|
| IoT Device Detection Based on Traffic Package Length Feature |
| CHEN Rongjun,WANG Zeyang,LI Xiaozhen,HUANG Xiaoxiao,BAI Zhehao,LI Bing,SHAO Shiyu |
| (1.Zhejiang Huayun Information Technology Co.,Ltd.,Hangzhou 310007,China;2.Tianchenwei TechnologyHangzhou Co.,Ltd.,Hangzhou 310018,China;3.State Grid Zhejiang Hangzhou Fuyang Power Supply Company Co.,Ltd.,Hangzhou 311400,China) |
| Abstract: |
| With the explosive growth of Internet of Things(IoT) devices in national critical infrastructure,their secure and efficient management has become critically significant.Traditional IoT device identification relies on manual operations,which cannot cope with the management of massive accessed IoT devices and creates an urgent need for automated device identification.However,cyber traffic in critical infrastructures is typically encrypted,making it challenging to directly extract sufficient plaintext information for device identification.To overcome the limitations of such methods,an IoT device identification method based on traffic packet length features is proposed.By utilizing only the MAC addresses and packet length information at the physical layer of traffic packets,a “behavior-traffic” characterization model based on IoT device tasks is established.Then,a recognition method incorporating packet length distribution,duration,and bandwidth features is proposed,and achieve accurate identification of IoT devices is achieved by using a random forest classification model.Evaluation of real-world traffic from five types of IoT devices demonstrates that the proposed method achieves an identification accuracy exceeding 98%. |
| Key words: Internet of Things device identification cyber traffic package length feature machine learning |
《电讯技术》编辑部 