Research On Malicious Node Detection Technique Of Internet Of Things Based On Traffic Analysis

Due to the limited resources and heterogeneity of the Internet of Things(Io T),Io T devices are vulnerable to various attacks and become malicious nodes,threatening the security of the Io T system.How to identify malicious nodes by analyzing the traffic generated by devices is an important research direction in the field of Io T security.The current solutions mainly start from data packets or data streams,extract statistical features for analysis to detect malicious nodes,but there are problems such as difficulty in high-dimensional feature calculation,feature definition relying on expert knowledge,and high computational cost for feature extraction.To solve the above problems,this thesis studies the malicious node detection technique of Io T based on traffic analysis on the basis of domestic and foreign research.The main contents are as follows:To solve the problem of difficult calculation of high-dimensional features,a detection model based on self encoder and adaptive kernel density estimation is proposed in this thesis.The model uses autoencoder to compress and reconstruct high-dimensional features,combines the compressed low-dimensional representation of potential space with reconstruction error as the low-dimensional representation of high-dimensional features,then models the probability density function of low-dimensional features through adaptive kernel density estimation model,and calculates the probability density as anomaly score for detection.The experimental results prove that compared with other models,the proposed model can achieve better detection performance on a variety of datasets.To solve the problem that the feature design relies on expert knowledge and the computational cost of feature extraction is high,this thesis proposes a detection method based on the original traffic features.The method takes the header bytes of the data packets in the early stage of the data stream as the original features of each data stream,and then uses a model based on attention convolutional neural network and variational autoencoder to extract high-level features and calculate the reconstruction loss as anomaly score for detection.The experimental results prove that the method proposed in this thesis can achieve better detection performance than other methods by using the original traffic characteristics without greatly increasing the detection time.Combined with the actual requirements of Io T security,a detection system of Io T malicious nodes based on traffic analysis is designed and implemented.The system integrates the detection method based on the original characteristics of traffic,detects malicious nodes by collecting and analyzing network traffic in various Io T scenarios,and intuitively displays the detection results through a visual interface.Users can use the system to control the security status of different Io T scenarios conveniently.