Design And Implementation Of Collaborative Anomaly Detection Method In Internet Of Things Environment

Internet of Things(Io T)technology has become an important part of the country's "New Infrastructure".Due to the limited computing and storage capacity of Io T terminal devices,only lightweight security measures can be deployed on them.At the same time,there are a lot of security loopholes in the products of the Internet of Things.Attackers usually attack remote control Io T devices to form botnets which can be used to launch a larger scale of network attacks,causing network outages,network extortion and other criminal activities.Detecting such attacks has become important and urgent for the Io T healthy development.In order to deal with the security threats and detection problems in the Io T environment,this paper proposes a collaborative anomaly detection method based on the Internet of Things,which effectively improves the security.The main research results are as follows:(1)A collaborative anomaly detection framework based on Internet of Things is proposed.The overall security protection capability of the physical network is improved mainly through the vertical collaboration between the edge and end layers of the Internet of Things,and the horizontal collaboration between devices of the Internet of Things.Due to the limited computing and storage capacity of Io T terminal devices,OSSEC can be deployed.OSSEC is a simple and efficient rule matching detection method can be adopted.However,the method is too simple to generate false positives and missed positives.In order to reduce the false alarm rate,this paper proposes to transfer the original network data generated by the terminal device layer to the edge computing layer,and use machine learning method to further correct the terminal alarm.In addition,when the performance of the Io T device is reduced and other abnormal state,the device state information is captured and transmitted to the edge computing layer for depth detection,so as to find the missing event.When the edge computing layer finds false positives or missed positives,it updates the OSSEC rule base of Io T devices to improve the security detection ability.The overall false alarm rate and missing alarm rate are reduced through vertical synergy.After an Io T device is confirmed to have a security incident through edge layer detection,other Io T devices begin to collect network traffic and process information and transmit data to edge computing layer for further detection.The overall detection and discovery capability of Io T is improved through horizontal collaboration between Io T devices and devices.(2)The anomaly detection algorithm based on image is studied.After vectorization,the NS-KDD dataset is converted into 316 dimensional binary numbers,and then converted into the form of grayscale image.The grayscale image is used to train the convolutional neural network(CNN)model.The mixed sampling method combining random sampling,unilateral selection and SMOTE,has effectively alleviated the problem of NL-KDD imbalance.The recall rate and accuracy of the optimized CNN model are above 99.9%,and the accuracy rate is 87.47%,which provides support for the integration engine of the edge computing layer.(3)An integrated detection engine based on network traffic and system call sequence is designed in the edge computing layer.This not only realizes the complementary advantages of process anomaly detection and traffic anomaly detection,but also improves the detection and discovery ability.By comparing the collaborative anomaly detection method based on the Internet of Things with the traditional intrusion detection method,the results show that the proposed detection scheme can detect most of the current attacks.This architecture has better timeliness and unknown attack detection capability.