计算机工程与应用 ›› 2024, Vol. 60 ›› Issue (17): 117-128.DOI: 10.3778/j.issn.1002-8331.2306-0161

• 模式识别与人工智能 • 上一篇    下一篇

IDFE:面向物联网设备识别的指纹深度提取方法

唐跃中,卢士达,钱李烽,位雪银,顾荣斌,黄君,李静   

  1. 1.国网上海市电力公司,上海 200122
    2.南京航空航天大学 计算机科学与技术学院/人工智能学院,南京 211106
    3.国网上海市电力公司 信息通信公司,上海 200072
  • 出版日期:2024-09-01 发布日期:2024-08-30

IDFE:Fingerprint Deep Extraction Method for IoT Device Identification

TANG Yuezhong, LU Shida, QIAN Lifeng, WEI Xueyin, GU Rongbin, HUANG Jun, LI Jing   

  1. 1.State Grid Shanghai Municipal Electric Power Company, Shanghai 200122, China
    2.College of Computer Science and Technology/College of Artificial Intelligence, Nanjing University of Aeronautics and Astronautics, Nanjing 211106, China
    3.Information Communication Company, State Grid Shanghai Municipal Electric Power Company, Shanghai 200072, China
  • Online:2024-09-01 Published:2024-08-30

摘要: 传统物联网设备指纹提取方法通常将流量中的隐私数据用于生成设备指纹并且采用手工设计特征的方式,在形成安全隐患的同时限制了模型的性能。针对上述问题,提出一种基于设备行为的物联网设备指纹深度提取方法(IoT device deep fingerprint extraction,IDFE)。IDFE将网络流量pcap文件划分为多个会话(sessions),并提取非隐私信息构建会话信息矩阵,设计了会话信息矩阵不同信息序列之间的依赖关系和会话数据包之间的时序依赖关系建模方法和融合方法,利用设计的全卷积Transformer提取融合后的会话特征矩阵中设备行为特征并生成设备指纹。在UNSW和YourThings两个公开数据集上进行了广泛的实验,验证了该方法的有效性。

关键词: 物联网设备, 安全隐患, 行为特征, 信息融合, 设备指纹

Abstract: Traditional IoT device fingerprint extraction methods usually use the private data in traffic to generate device fingerprints and adopt the method of manually designing features. It also limits the performance of the model while creating security risks. Aiming at the above problems, the IoT device deep fingerprint extraction (IDFE) method based on network traffic is proposed. IDFE first divides the network traffic pcap file into multiple sessions, and extracts the non-private information to build the session information matrix. Then it designs the modeling method and fusion method of the dependency between the different information sequences of the session information matrix and the temporal dependency between the session data packets. Finally, the designed full convolution transformer is used to extract the device behavior features in the fused session feature matrix and generate the device fingerprint.

Key words: IoT devices, security risks, behavior features, information fusion, device fingerprint