Data Driven IOT Security Threat Detection And Modeling

The popularity of the Internet of Things has caused a large number of vulnerable devices to connect to the Internet,which has brought a lot of security risks.The security of the Internet of Things has become the key to the large-scale application of the Internet of Things.With the development of big data and artificial intelligence(AI),the Internet of Things(IOT)presents the development trend of AIOT,and the IoT infrastructure will become a new generation of information infrastructure.In the future,it will also form the Trinity architecture of " Internet of Things " ? " Internet of Data " and “Internet of Intelligence”.the security solution of the Internet of Things will inevitably conform to the development trend of the Internet of Things,and realize the security solution of the Internet of Things driven by intelligent algorithms and IOT security data.In recent years,researchers have done a lot of research on the IoT security and have achieved some important results,but there are still some problems.For example,in terms of security management architecture,with the maturity of edge computing and fog computing technology,distributed security management architecture has become the main direction of IoT security research.In traffic analysis,most of the research will be based on deep packets analysis.Other traditional internet traffic analysis techniques are directly applied to IoT traffic anomaly detection,but rarely consider the lightweight detection requirements of IoT traffic characteristics;Threat perception and knowledge modeling are hotspots in the current security field,mainly for potential threat discovery?correlation and evaluation,the current research results can analyze the relevant safety information of assets for risk analysis and evaluation,but can not achieve the correlation and reasoning between knowledge,and can not automatically discover and update safety knowledge in time.This dissertation focuses on the research ideas of data-driven IoT security.Firstly,it summarizes the knowledge and data types of IoT.Secondly,based on IoT traffic data and IoT security knowledge base data,machine learning algorithms such as random forest and intelligent technologies such as knowledge graph are used to study the device identification module,anomaly detection module,threat perception and security knowledge management module.Finally,a distributed Security management model of Internet of Things is designed based on the typical characteristics.The main contents are as follows:1.A summary analysis of IoT security knowledge and data types,the four types of knowledge data including IoT system and network basic knowledge data,security threat knowledge data,security protection knowledge data,and security core data are sorted out.Which provides data theory basis for subsequent research content,such as device identification and abnormality detection,knowledge graph threat modeling etc.2.The problem of IoT device identification to prevent suspicious device access is studied.Firstly,an IoT device identification method is established by setting a white list and constructing a communication traffic characteristic fingerprint.Secondly,a method of training a device identification model using a random forest method is proposed.Finally,the device identification model is verified by experiments and have high detection accuracy.3.The traffic anomaly detection method for effectively responding to IOT security threats such as DDOS attacks is studied.A traffic anomaly detection model based on device model is proposed.Firstly,the time statistics feature is extracted and the fingerprint is constructed by using the damping time window.The fingerprint is classified according to the device type.Then the principal component analysis method is used to reduce the dimension and the BP neural network algorithm is used to perform training and recognition of anomaly detection.By comparing the effects of random forest and support vector machine in the detection,experiments show that BP neural network has the best detection effect in the detection of abnormality based on device model.4.A knowledge management model capable of handling complex security relationships and having a dynamic update mechanism is proposed.Firstly,the construction process of top-down IoT security knowledge graph is studied,focusing on IoT security ontology modeling,knowledge extraction,knowledge fusion and knowledge reasoning.Secondly,the building process of IoT security knowledge graph is designed and implemented.including crawling information,triple data storage and Neo4 j knowledge base visualization;finally,using cypher query language to test the query effect on various security attributes and relationships.The experiment verifies that the method can quickly and accurately query the IoT security information and provide reliable security guidance for security management personnel.5.A distributed IoT security management system was designed and implemented.There are three main modules: device identification module,anomaly detection module and threat perception module,which correspond to the three main research contents of this paper.The system includes a security gateway and a security server.The security gateway is responsible for monitoring devices,obtaining traffic,building fingerprints,and detecting device anomalies.According to the traffic,fingerprint and anomaly detection results provided by the security gateway,the security server is used to perform device type identification,construct an anomaly detection model and complete the association of the security information knowledge base.