基于实用拜占庭容错的物联网入侵检测方法
|
摘要
物联网入侵的检测率虽高,但面临节点能力消耗过大的问题,为此提出一种基于共识的实用拜占庭容错(PBFT)算法的入侵检测方法。首先,使用支持向量机(SVM)进行预训练得到入侵检测判定规则,并将训练规则应用于物联网中的每个节点;然后,选举出部分节点对网络中其他节点进行主动入侵检测,同时将自身的检测结果向其他节点公布;最后,每个节点依据PBFT算法判断其他节点的状态,使检测结果在系统内达到一致性。在NSL-KDD数据集上使用TinyOS进行仿真的实验结果表明,所提方法与集成入侵检测系统(IIDS)和双重降维双重检测(TDTC)方法相比,能量消耗平均降低12.2%和7.6%,能够有效地降低物联网的能量消耗。
Current Internet of Things(IoT) networks have high detection rate of known types of attacks but the network node energy consumption is high. Aiming at this fact, an intrusion detection approach based on Practical Byzantine Fault Tolerance(PBFT) algorithm was proposed. Firstly, Support Vector Machine(SVM) was used for pre-training to obtain the intrusion detection decision rule, and the trained rule was applied to each node in IoT. Then, some nodes were voted to perform the active intrusion detection on other nodes in the network, while announce their detection results to other nodes. Finally, each node judged the state of other nodes according to PBFT algorithm, making the detection results reach consistency in the system. The simulation results on NSL-KDD dataset by TinyOS show that the proposed approach reduces the energy consumption by 12.2% and 7.6% averagely and respectively compared with Integrated Intrusion Detection System(IIDS) and Two-layer Dimension reduction and Two-tier Classification(TDTC) approach, effectively reducing the energy consumption of IoT.
Current Internet of Things(IoT) networks have high detection rate of known types of attacks but the network node energy consumption is high. Aiming at this fact, an intrusion detection approach based on Practical Byzantine Fault Tolerance(PBFT) algorithm was proposed. Firstly, Support Vector Machine(SVM) was used for pre-training to obtain the intrusion detection decision rule, and the trained rule was applied to each node in IoT. Then, some nodes were voted to perform the active intrusion detection on other nodes in the network, while announce their detection results to other nodes. Finally, each node judged the state of other nodes according to PBFT algorithm, making the detection results reach consistency in the system. The simulation results on NSL-KDD dataset by TinyOS show that the proposed approach reduces the energy consumption by 12.2% and 7.6% averagely and respectively compared with Integrated Intrusion Detection System(IIDS) and Two-layer Dimension reduction and Two-tier Classification(TDTC) approach, effectively reducing the energy consumption of IoT.
引文
[1]刘海燕,张钰,毕建权,等.基于分布式及协同式网络入侵检测技术综述[J].计算机工程与应用,2018,54(8):1-6,20.(LIUH Y,ZHANG Y,BI J Q,et al.Review of technology based on distributed and collaborative network intrusion detection[J].Computer Engineering and Applications,2018,54(8):1-6,20.)
[2]JOKAR P,LEUNG V C M.Intrusion detection and prevention for Zig Bee-based home area networks in smart grids[J].IEEE Transactions on Smart Grid,2016,9(3):1800-1811.
[3]SEDJELMACI H,SENOUCI S M.Efficient and lightweight intrusion detection based on nodes'behaviors in wireless sensor networks[C]//Proceedings of the IEEE 2013 Global Information Infrastructure Symposium.Piscataway,NJ:IEEE,2013:1-6.
[4]ARRINGTON B,BARNETT L E,RUFUS R,et al.Behavioral Modeling Intrusion Detection System(BMIDS)using Internet of Things(Io T)behavior-based anomaly detection via immunity-inspired algorithms[C]//Proceedings of the IEEE 2016 25th International Conference on Computer Communication and Networks.Piscataway,NJ:IEEE,2016:1-6.
[5]WANG S S,YAN K Q,WANG S C,et al.An integrated intrusion detection system for cluster-based wireless sensor networks[J].Expert Systems with Applications,2011,38(12):15234-15243.
[6]LOO C E,NG M Y,LECKIE C.Intrusion detection for routing attacks in sensor networks[J].International Journal of Distributed Sensor Networks,2006,2(4):313-332.
[7]PAJOUH H H,JAVIDAN R,KHAYMAI R,et al.A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in Io T backbone networks[EB/OL].[2018-08-18].https://core.ac.uk/download/pdf/74220285.pdf.
[8]SEDJELMACI H,SENOUCI S M,TALEB T.An accurate security game for low-resource Io T devices[J].IEEE Transactions on Vehicular Technology,2017,66(10):9381-9393.
[9]刘雅菲,刘宴兵.WSN中一种新的基于重复博弈的入侵检测研究[J].计算机应用研究,2013,30(5):1540-1543.(LIU Y F,LIU Y B.Novel research of intrusion detection based on repeated game in wireless sensor network[J].Application Research of Computers,2013,30(5):1540-1543.)
[10]LIN Y-D,LAI Y-C,HO C-Y,et al.Creditability-based weighted voting for reducing false positives and negatives in intrusion detection[J].Computers&Security,2013,39(Part B):460-474.
[11]COWLING J,MYERS D,LISKOV B,et al.HQ replication:a hybrid quorum protocol for byzantine fault tolerance[C]//Proceedings of the 2006 7th USENIX Symposium on Operating Systems Design&Implementation.Berkeley,CA:USENIX Association,2006:177-190.
[12]范捷,易乐天,舒继武.拜占庭系统技术研究综述[J].软件学报,2013,24(6):1346-1360.(FAN J,YI L T,SHU J W.Research on the technologies of Byzantine system[J].Journal of Software,2013,24(6):1346-1360.)
[13]DHANABAL L,SHANTHARAJAH D S.A study on NSL-KDDdataset for intrusion detection system based on classification algorithms[J].International Journal of Advanced Research in Computer and Communication Engineering,2015,4(6):446-452.
[14]柳亚男,王箭,张楠楠.层次型传感器网络簇内密钥协商方法[J].系统工程与电子技术,2011,33(7):1633-1637.(LIU YN,WANG J,ZHANG N N.Intra-cluster key agreement in hierarchical sensor networks[J].Systems Engineering and Electronics,2011,33(7):1633-1637.)
[15]LEVIS P,LEE N,WELSH M,et al.TOSSIM:accurate and scalable simulation of entire Tiny OS applications[C]//Sen Sys 2003:Proceedings of the 1st International Conference on Embedded Networked Sensor Systems.New York:ACM,2003:126-137.
[2]JOKAR P,LEUNG V C M.Intrusion detection and prevention for Zig Bee-based home area networks in smart grids[J].IEEE Transactions on Smart Grid,2016,9(3):1800-1811.
[3]SEDJELMACI H,SENOUCI S M.Efficient and lightweight intrusion detection based on nodes'behaviors in wireless sensor networks[C]//Proceedings of the IEEE 2013 Global Information Infrastructure Symposium.Piscataway,NJ:IEEE,2013:1-6.
[4]ARRINGTON B,BARNETT L E,RUFUS R,et al.Behavioral Modeling Intrusion Detection System(BMIDS)using Internet of Things(Io T)behavior-based anomaly detection via immunity-inspired algorithms[C]//Proceedings of the IEEE 2016 25th International Conference on Computer Communication and Networks.Piscataway,NJ:IEEE,2016:1-6.
[5]WANG S S,YAN K Q,WANG S C,et al.An integrated intrusion detection system for cluster-based wireless sensor networks[J].Expert Systems with Applications,2011,38(12):15234-15243.
[6]LOO C E,NG M Y,LECKIE C.Intrusion detection for routing attacks in sensor networks[J].International Journal of Distributed Sensor Networks,2006,2(4):313-332.
[7]PAJOUH H H,JAVIDAN R,KHAYMAI R,et al.A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in Io T backbone networks[EB/OL].[2018-08-18].https://core.ac.uk/download/pdf/74220285.pdf.
[8]SEDJELMACI H,SENOUCI S M,TALEB T.An accurate security game for low-resource Io T devices[J].IEEE Transactions on Vehicular Technology,2017,66(10):9381-9393.
[9]刘雅菲,刘宴兵.WSN中一种新的基于重复博弈的入侵检测研究[J].计算机应用研究,2013,30(5):1540-1543.(LIU Y F,LIU Y B.Novel research of intrusion detection based on repeated game in wireless sensor network[J].Application Research of Computers,2013,30(5):1540-1543.)
[10]LIN Y-D,LAI Y-C,HO C-Y,et al.Creditability-based weighted voting for reducing false positives and negatives in intrusion detection[J].Computers&Security,2013,39(Part B):460-474.
[11]COWLING J,MYERS D,LISKOV B,et al.HQ replication:a hybrid quorum protocol for byzantine fault tolerance[C]//Proceedings of the 2006 7th USENIX Symposium on Operating Systems Design&Implementation.Berkeley,CA:USENIX Association,2006:177-190.
[12]范捷,易乐天,舒继武.拜占庭系统技术研究综述[J].软件学报,2013,24(6):1346-1360.(FAN J,YI L T,SHU J W.Research on the technologies of Byzantine system[J].Journal of Software,2013,24(6):1346-1360.)
[13]DHANABAL L,SHANTHARAJAH D S.A study on NSL-KDDdataset for intrusion detection system based on classification algorithms[J].International Journal of Advanced Research in Computer and Communication Engineering,2015,4(6):446-452.
[14]柳亚男,王箭,张楠楠.层次型传感器网络簇内密钥协商方法[J].系统工程与电子技术,2011,33(7):1633-1637.(LIU YN,WANG J,ZHANG N N.Intra-cluster key agreement in hierarchical sensor networks[J].Systems Engineering and Electronics,2011,33(7):1633-1637.)
[15]LEVIS P,LEE N,WELSH M,et al.TOSSIM:accurate and scalable simulation of entire Tiny OS applications[C]//Sen Sys 2003:Proceedings of the 1st International Conference on Embedded Networked Sensor Systems.New York:ACM,2003:126-137.