| 基于流量特征识别的哑终端安全管控系统 |
| |
| 引用本文: | 宋宇波,杨俊杰,张仕奇,祁欣妤,胡爱群. 基于流量特征识别的哑终端安全管控系统[J]. 北京理工大学学报, 2020, 40(10): 1081-1087. DOI: 10.15918/j.tbit1001-0645.2019.251 |
| |
| 作者姓名: | 宋宇波 杨俊杰 张仕奇 祁欣妤 胡爱群 |
| |
| 作者单位: | 1. 东南大学 网络空间安全学院, 江苏省计算机网络技术重点实验室, 江苏, 南京 211189; |
| |
| 基金项目: | 国家电网总部科技资助项目(SGGR0000XTJS1800079) |
| |
| 摘 要: | 网络摄像头、网络打印机这类基于IP协议无用户交互界面的物联网哑终端通常基于嵌入式系统开发,存在程序固化难以更新、计算资源有限、采用简单的安全认证机制等问题,出现安全漏洞难以进行升级很容易被攻击者控制发起网络攻击.针对上述问题,本文设计并实现了基于流量特征识别的哑终端安全管控系统.该系统提取终端的流量特征,实现终端的身份鉴别和行为监管.在设备接入时,提取终端的流量静态特征实现身份鉴别;在设备接入后通过分析流量动态行为特征判断其是否存在异常行为.发现异常行为后阻断会话连接.该系统在实验环境和实测环境下性能均表现较好,设备识别准确率达到96.6%,异常检测准确率达到97.7%,可有效检测DOS、端口扫描等网络攻击行为.
|
| 关 键 词: | 哑终端 流量特征 终端分类 异常检测 设备阻断 |
| 收稿时间: | 2019-10-09 |
Dumb Terminal Security Management System Based on Traffic Feature Recognition |
| |
| SONG Yu-bo,YANG Jun-jie,ZHANG Shi-qi,QI Xin-yu,HU Ai-qun. Dumb Terminal Security Management System Based on Traffic Feature Recognition[J]. Journal of Beijing Institute of Technology(Natural Science Edition), 2020, 40(10): 1081-1087. DOI: 10.15918/j.tbit1001-0645.2019.251 |
| |
| Authors: | SONG Yu-bo YANG Jun-jie ZHANG Shi-qi QI Xin-yu HU Ai-qun |
| |
| Affiliation: | 1. Jiangsu Key Laboratory of Computer Networking Technology, School of Cyber Science and Engineering, Southeast University, Nanjing, Jiangsu 211189, China;2. Network Communication and Security Purple Mountain Laboratory, Nanjing, Jiangsu 211189, China |
| |
| Abstract: | Internet of things dumb terminals based on the IP protocol and without user interaction interface is usually based on embedded system with difficulty in updating the program, limited computing resources, and simple security authentication. Aiming at the above problems, a dumb terminal security management system based on traffic feature recognition was designed and implemented to extract the traffic characteristics of the terminal, and implements identification and behavior supervision of the terminal. The system was arranged that, the static characteristics of the traffic of the terminal were extracted for implement legality authentication during equipment access, and the traffic dynamic behavior characteristics were extracted to determine abnormal behavior after equipment access. Finding abnormal behavior, the system could block the session connection. Under experiment and measuring condition, the results show that, the accuracy of equipment identification can reach 96.6% and the accuracy of abnormal behavior detection can reach 97.7%, and can effectively detect DOS, port scanning and other network attacks. |
| |
| Keywords: | dumb terminal traffic characteristics equipment identification abnormal behavior detection device blocking |
|
| 点击此处可从《北京理工大学学报》浏览原始摘要信息 |
|
点击此处可从《北京理工大学学报》下载全文 |
|
