物联网环境中的设备识别和异常检测

IF 8.9 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Internet of Things Journal Pub Date : 2024-12-25 DOI:10.1109/JIOT.2024.3522863

Mahdi Rabbani;Jinkun Gui;Fatemeh Nejati;Zeming Zhou;Arun Kaniyamattam;Mansur Mirani;Gunjan Piya;Igor Opushnyev;Rongxing Lu;Ali A. Ghorbani

{"title":"物联网环境中的设备识别和异常检测","authors":"Mahdi Rabbani;Jinkun Gui;Fatemeh Nejati;Zeming Zhou;Arun Kaniyamattam;Mansur Mirani;Gunjan Piya;Igor Opushnyev;Rongxing Lu;Ali A. Ghorbani","doi":"10.1109/JIOT.2024.3522863","DOIUrl":null,"url":null,"abstract":"As the Internet of Things (IoT) landscape continues to expand, a diverse range of devices with various functionalities is being integrated into the IoT ecosystem. When traditional systems, which involve human interaction, are replaced by devices, it becomes crucial to upgrade the conventional authorization and authentication mechanisms. Traditional approaches for device identification and anomaly detection often fail to address the dynamic behaviors of IoT devices due to the highly heterogeneous nature of the IoT environment. To address these challenges, this article proposes a novel and lightweight integrated model for simultaneous IoT device identification and anomaly detection. The proposed approach leverages both packet-based and flow-based feature extraction techniques to extract a diverse and significant set of features, which are crucial for robust anomaly detection and device classification. This novel combined feature set incorporates a wide range of attributes from various domains, including HTTPS-related features, handshake information, and user agent strings, specifically extracted for IoT device identification. In addition, the feature set includes specialized attributes for anomaly detection, such as stream, channel, and jitter metrics, which are calculated over different time intervals to enhance the model’s anomaly detection capabilities. Experimental analysis, conducted using real network traffic data from state-of-the-art datasets, demonstrates the model’s efficiency and scalability, which makes the model well-suited for real-time IoT threat detection and device management in resource-constrained environments.","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 10","pages":"13625-13643"},"PeriodicalIF":8.9000,"publicationDate":"2024-12-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Device Identification and Anomaly Detection in IoT Environments\",\"authors\":\"Mahdi Rabbani;Jinkun Gui;Fatemeh Nejati;Zeming Zhou;Arun Kaniyamattam;Mansur Mirani;Gunjan Piya;Igor Opushnyev;Rongxing Lu;Ali A. Ghorbani\",\"doi\":\"10.1109/JIOT.2024.3522863\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As the Internet of Things (IoT) landscape continues to expand, a diverse range of devices with various functionalities is being integrated into the IoT ecosystem. When traditional systems, which involve human interaction, are replaced by devices, it becomes crucial to upgrade the conventional authorization and authentication mechanisms. Traditional approaches for device identification and anomaly detection often fail to address the dynamic behaviors of IoT devices due to the highly heterogeneous nature of the IoT environment. To address these challenges, this article proposes a novel and lightweight integrated model for simultaneous IoT device identification and anomaly detection. The proposed approach leverages both packet-based and flow-based feature extraction techniques to extract a diverse and significant set of features, which are crucial for robust anomaly detection and device classification. This novel combined feature set incorporates a wide range of attributes from various domains, including HTTPS-related features, handshake information, and user agent strings, specifically extracted for IoT device identification. In addition, the feature set includes specialized attributes for anomaly detection, such as stream, channel, and jitter metrics, which are calculated over different time intervals to enhance the model’s anomaly detection capabilities. Experimental analysis, conducted using real network traffic data from state-of-the-art datasets, demonstrates the model’s efficiency and scalability, which makes the model well-suited for real-time IoT threat detection and device management in resource-constrained environments.\",\"PeriodicalId\":54347,\"journal\":{\"name\":\"IEEE Internet of Things Journal\",\"volume\":\"12 10\",\"pages\":\"13625-13643\"},\"PeriodicalIF\":8.9000,\"publicationDate\":\"2024-12-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Internet of Things Journal\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10816028/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10816028/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

随着物联网（IoT）领域的不断扩展，具有各种功能的各种设备正在被集成到物联网生态系统中。当涉及人机交互的传统系统被设备所取代时，对传统的授权和认证机制进行升级就变得至关重要。由于物联网环境的高度异构性，传统的设备识别和异常检测方法往往无法解决物联网设备的动态行为。为了应对这些挑战，本文提出了一种新的轻量级集成模型，用于同时进行物联网设备识别和异常检测。所提出的方法利用基于分组和基于流的特征提取技术来提取多样化和重要的特征集，这对于鲁棒异常检测和设备分类至关重要。这种新颖的组合功能集包含了来自不同领域的广泛属性，包括https相关功能，握手信息和用户代理字符串，专门为物联网设备识别提取。此外，特征集还包括用于异常检测的专门属性，例如流、通道和抖动度量，这些属性是在不同的时间间隔内计算的，以增强模型的异常检测能力。利用最新数据集的真实网络流量数据进行的实验分析证明了该模型的效率和可扩展性，这使得该模型非常适合资源受限环境下的实时物联网威胁检测和设备管理。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Device Identification and Anomaly Detection in IoT Environments

As the Internet of Things (IoT) landscape continues to expand, a diverse range of devices with various functionalities is being integrated into the IoT ecosystem. When traditional systems, which involve human interaction, are replaced by devices, it becomes crucial to upgrade the conventional authorization and authentication mechanisms. Traditional approaches for device identification and anomaly detection often fail to address the dynamic behaviors of IoT devices due to the highly heterogeneous nature of the IoT environment. To address these challenges, this article proposes a novel and lightweight integrated model for simultaneous IoT device identification and anomaly detection. The proposed approach leverages both packet-based and flow-based feature extraction techniques to extract a diverse and significant set of features, which are crucial for robust anomaly detection and device classification. This novel combined feature set incorporates a wide range of attributes from various domains, including HTTPS-related features, handshake information, and user agent strings, specifically extracted for IoT device identification. In addition, the feature set includes specialized attributes for anomaly detection, such as stream, channel, and jitter metrics, which are calculated over different time intervals to enhance the model’s anomaly detection capabilities. Experimental analysis, conducted using real network traffic data from state-of-the-art datasets, demonstrates the model’s efficiency and scalability, which makes the model well-suited for real-time IoT threat detection and device management in resource-constrained environments.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Internet of Things Journal Computer Science-Information Systems

CiteScore

17.60

自引率

13.20%

发文量

1982

期刊介绍： The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.