Privacy Preserving And Anomaly Detection For Intelligent Communication Devices

With the rapid development of the communications industry,communication devices are becoming more and more intelligent.Among them,routers,firewalls,and mobile terminals are typical applications in communication devices.With the development and maturity of wireless networks,4G and 5G technologies,users are increasingly demanding the security of communication devices based on the diversification and individuation of user demands.However,attackers have a wide range of attack methods for communication devices,such as device monitoring,password cracking,and bug implantation.The influence of the attacks is expanding and the losses to users are also very serious.Therefore,how to protect the privacy of communication devices in the network,detect the attacks on the devices in time,and accurately identify the attacks are extremely important for protecting the security of users.However,there is a contradiction between the verification and detection of the device and the privacy protection of the device.The traditional method of detecting the device also reveals the privacy data of the device,or introduces a third party to monitor the device,but the equipment needs to perform self-verification in a distributed environment(e.g.in MANETs).Therefore,realizing accurate anomaly detection of a communication device without revealing the user's privacy and achieving collaborative self-authentication of the device have become the research hot spots in the field of information security.For different applications and security requirements,this paper mainly studies the log of communication devices,log detection,log reasoning,privacy protection and verification,communication protocol security,and device attacks.It also designs privacy protection and anomaly detection approaches for communication devices in different scenarios.The main research contributions are as follows:1.Aiming at the problem that existing log auditing methods cannot extract log templates accurately and need to introduce manual intervention,an approach for detecting router anomalies based on log learning and cluster analysis is proposed.Due to the large number of router logs,the variety of log forms,the unstructured log lacking homogeneity,and low log levels,they pose significant difficulties for template extraction and anomaly detection of logs.This paper combines predefined regular expressions and a dynamic learning log tree to achieve template extraction,learning,and anomaly detection.By converting the logs into network events,feature extraction and cluster analysis can be performed to learn the characteristics of normal events and abnormal events.Therefore,according to the learning results,anomaly detection and classification are performed which can be used for later device protection.2.It is difficult to identify the types of attacks based on log anomaly classification.This paper launches attacks to the routers and collects the logs after attacks to learn and analyze log information.In addition to using existing attack tools to attack router devices,we also identify the vulnerabilities of administrator login authentication for the Cisco wireless router's front-end web page.We write the corresponding attack code to perform a specific attack on the router,get the post-attack log and analyze the log characteristics.For the first time,this paper studies the attack logs of routers,translates the logs into network events for analysis,and verifies the accuracy of extracting log templates by decompiling the router firmware.3.To solve the problem of disclosing privacy during verification of intelligent devices in MANETs,this paper proposes a privacy protection verification method based on Merkle hash tree.During the verification process,the plain-text information will be checked and this introduces the problem of privacy protection.Thus,we need to analyse log structure,code the log and build a hash tree with the codes.The verification is done on the verifier and the prover is responsible for providing the parameters using DSA,which guarantees the integrity of parameters.We can achieve the goal of confidential verification and privacy protection by calculating the hash value of merkle hash tree.4.In order to get the normal node to obtain the routing permission,the single node or collusion nodes will deceive the source node and launch attack.Due to this,the paper proposes a node verification and route selection method during the route discovery phase.Because the existing routing protocol does not verify the data packet,the source node is vulnerable to a route discovery attack such as a black hole attack in the route discovery stage.In this regard,this paper combines the dynamic learning method to learn and train the current routing state with the existing AODV protocol to distinguish between the real destination node and the malicious node.Our approach finds the collusion attack node by constructing a trust table for the node,and realizes the correct path selection and abnormal node detection in the route discovery phase.5.For the situation that the communication equipment in the wireless ad hoc network is vulnerable to active and passive attacks,an anomaly detection method based on provenance reasoning is proposed.Due to the distributed and non-centralized nature of ad hoc networks,the introduction of third parties for verification will bring additional overhead and security issues.To solve the above problems,the paper formulates the network transmission protocol as corresponding reasoning rules based on the NDlog language,and utilizes the trusted log on the source node to perform log inference on the destination node and the intermediate forwarding nodes.The approach compares the inferred log information with the real log to detect whether there are active or passive attacks in the network.