摘要
为进一步提高对通过物联网设备注入物联网的恶意流量检测的准确性,提出综合利用基于密度的带噪声空间聚类应用、Page-Hinkley测试和主成分分析的恶意流量检测新方法。该方法在数据收集阶段,捕获设备收到的流量数据,并根据协议将数据分成若干组。在聚类阶段,对获得的数据进行归一化处理,并执行基于密度的带噪声空间聚类应用方法定义聚类和异常值。在检测阶段,使用主成分分析方法降低每个数据实例的维度,然后使用Page-Hinkley测试检测聚类和异常值之间的距离随时间的变化情况;并依据该变化实现恶意流量数据包的准确识别。实验验证结果表明,所提方法对通过5种典型物联网设备注入物联网的恶意流量的检测均具有较高的检测精确度、召回率和F1分数,且比所对比的方法具有更高的检测精确度、召回率和F1分数。
To further improve the detection accuracy of malicious traffic injected into Internet of things(IoT)through IoT devices,a novel detection method for malicious traffic is proposed based on density-based spatial clustering of applications with noise(DBSCAN),Page-Hinkley test and principal component analysis.This method captures the traffic packets received by the devices in the collection stage and divides the packets into several groups according to the network protocols.The obtained data are normalized in the clustering stage.Then,DBSCAN is performed to define clusters and outliers.Principal component analysis is used to reduce the dimensionality of each data instance during the detection phase,and Page-Hinkley test is then applied to detect sudden changes in the distance between the clusters and the outliers over time.According to the detected sudden changes,the malicious traffic packets can be accurately identified.Test verification results show that the proposed method has higher detection accuracy,recall rate and F1 score for the malicious traffic injected into IoT through five typical IoT devices.In addition,the proposed method has higher detection accuracy,recall rate and F1 score than the compared methods.
作者
胡平
孙晓
HU Ping;SUN Xiao(School of Smart Finance and Business,Hefei College of Finance&Economics,Hefei 230601,China;School of Computer and Information,Hefei University of Technology,Hefei 230009,China)
出处
《太原学院学报(自然科学版)》
2026年第2期159-167,共9页
Journal of TaiYuan University:Natural Science Edition
基金
安徽省高等学校重点课题项目(2024AH053350)。
