Intrusion Detection For Internet Of Things Based On Network Traffic Anomaly Analysis

With the rapid development of Wireless Sensor Networks(WSNs),5G communication technology,big data processing technology and artificial intelligence technology,the Internet of Thing(IoT)has been widely used in all aspects of human production and life.Due to the existence of various vulnerabilities in IoT devices,IoT is faced with serious security problems,such as malicious attacks and privacy leakage.Compared with Internet,IoT has large scale devices,multi-source heterogeneous traffic and many new attack types.These characteristics lead to the poor application effect of traditional intrusion detection algorithms in IoT.Therefore,how to establish a complete IoT security guarantee mechanism and an effective intrusion detection strategy limits the large-scale development of IoT.This thesis intends to explore the association pattern between key features of traffic of IoT and network anomalies.A two-stage distributed anomaly detection algorithm based on Gaussian distribution model and Adversarial Learned Detection Based on Wasserstein Distance(WALAD)is constructed.To realize IoT intrusion detection based on network traffic anomaly analysis.The main work is divided into the following points:(1)The sliding window algorithm is used to extract the multi-dimensional features of traffic of IoT.Stack Autoencoder(SAE)is used to reduce the dimension of features,and the correlation model between key features of traffic and network anomalies is established.Then,experiments are carried out based on a variety of classifiers,and it proves that there is a strong correlation between the features of traffic selected in this thesis and anomalies of network,which verifies the feasibility of malicious intrusion identification based on network traffic anomalies analysis.(2)Because of the distributed architecture of IoT and different device types,a twostage distributed anomaly detection algorithm based on Gaussian distribution model for device-level edge anomaly detection and WALAD based gateway-level centralized anomaly detection is proposed.Deploy the device-level edge anomaly detection algorithm on the smart devices with strong performance to find the malicious traffic data at the data source in time and improve the real-time detection of malicious attacks.In IoT gateway,the gateway-level centralized anomaly detection algorithm is deployed to realize the comprehensive judgment of the whole network traffic in a semi-supervised way and reduce the false alarm rate and missing alarm rate of the system.Experimental results show that,compared with traditional anomaly detection algorithms,the proposed algorithm can effectively improve the real-time and accuracy of IoT anomaly detection,and has strong environmental robustness,so it can be used in different IoT application scenarios.The results of this work effectively improve the accuracy of IoT traffic anomaly detection.And it provides theoretical and technical support for IoT malicious intrusion detection,and can be widely used in smart home,smart medical care,smart transportation,smart city,industrial Internet and other scenarios.