Behavior-based Security Risk Analysis In IoT

In recent years,IoT devices have been widely used in various fields,and various data,devices,services,and users in the IoT system have also shown explosive growth,but security issues have also become increasingly severe.Internet of Things device behavior analysis refers to the analysis of data generated by devices connected to the Internet of Things to understand the behavior patterns,trends,and abnormalities of devices.Significance.In the security analysis of the Internet of Things,the past detection methods based on abnormal data,traffic and behavior based on static characteristics can no longer meet the requirements.Machine learning technology can analyze and model the behavioral data of IoT devices to identify normal behavioral patterns of devices,detect abnormal behaviors and predict future behavioral trends.This paper uses machine learning technology to model the behavior of IoT devices under normal operation,extracts the behavior characteristics of different devices and users,and then combines the characteristics of various network attack behaviors to detect abnormal traffic.The main work includes:1)Model the behavior of IoT devices.The same device has different behaviors in different scenarios.Based on the category of IoT devices and network traffic characteristics,this paper models the normal behavior and abnormal behavior characteristics of devices,and develops the Internet of Things Abnormal behavior detection method in the scene;2)Apply the Xverse device traffic feature library,decision tree model and genetic algorithm to select and extract a large number of features based on normal traffic.And according to the extracted device category features,a feature set of IoT devices was established,and six machine learning methods of K-NN,SVM,NB,DT,RF and GB were used to classify,and the accuracy,precision,recall rate and Indicators such as F1 score comprehensively evaluate the performance of different classification algorithms;3)In order to improve the accuracy of device traffic classification,this paper improves the aggregation algorithm based on single flow packets based on the aggregability of device MAC/IP addresses and the performance labels of classification algorithms combined with clustering algorithms,and comprehensively evaluates the performance of the evaluation aggregation algorithm based on decision trees.The experimental results show that the improved aggregation algorithm effectively improves the classification accuracy and F1 score;4)In order to verify the above model and algorithm,the device traffic was analyzed,corresponding comparative experiments were designed,and the decision tree model was used to compare the individual traffic behavior and aggregated traffic behavior under various classification methods.The results show that the proposed model enables accurate detection of IoT device behavior.Behavior analysis based on IoT devices can improve IoT security through anomaly detection and intrusion detection,malicious behavior identification,security vulnerability discovery,security policy improvement,user behavior monitoring,etc.,and provide realtime monitoring,timely warning and monitoring of IoT security status.Respond quickly to protect IoT systems from potential threats and attacks.model is capable of accurate detection of IoT device behavior.