Research And Implementation Of IoT Device Identification Technology Based On Network Traffic Analysis

With the application and promotion of 5G and AI technology,the Internet of things(IoT)technology has developed rapidly.A large number of IoT devices have been widely used in smart city,medical treatment,home,industry and other fields.However,due to its simple structure and insufficient defense mechanism,IoT devices have become the main attack target of hackers,which poses a great threat to people’s personal privacy,property security and even life security.At the same time,due to the large number and variety of IoT devices in the current cyberspace,how to accurately identify,distinguish and manage IoT devices,so that each IoT device can operate normally and avoid network intrusion and attack is the prerequisite for the interconnection of all things.Therefore,the research of IoT device identification technology is of great significance for the overall security evaluation and early warning of the network environment.After studying and analyzing the advantages and disadvantages of the existing IoT device identification methods based on network traffic,this thesis proposes a multi-dimensional device traffic feature extraction method,which combines the drift degree of feature relative uncertainty(ddfru)and the hybrid feature selection method of genetic algorithm to process the features,Then,with the help of machine learning classification algorithm,the method of classification and recognition of IoT device is realized.Finally,the IoT device identification system based on the above method is designed and implemented in detail.The research work of this thesis mainly includes the following contents:(1)This thesis proposes a multi-dimensional device traffic feature extraction technology,which mainly extracts the device traffic feature from three dimensions:TCP/IP protocol stack feature,network data flow statistical feature(quantity,length and time series)and application layer protocol feature.The characteristics of TCP/IP protocol stack describe some inherent properties of the device;The statistical characteristics of network data flow can well describe the communication flow behavior of devices from different angles;The characteristics of application layer protocol reflect the functional attributes of the device.(2)Because most of the existing feature selection methods focus on the distinguishing ability of each feature,they ignore the impact of drift caused by unstable network environment and different device function interaction habits.Therefore,this thesis adopts a hybrid feature selection method.Firstly,a new drift degree of feature relative uncertainty index for calculation and evaluation based on information entropy method is proposed,which is used as a time-varying stability index for evaluating device flow characteristics.Then it is used as the penalty factor to evaluate the stability of the feature,and combined with the information gain rate to filter out the features with high stability,and at the same time,it can also filter out the features with low correlation with the target.Next,genetic algorithm is used and a good fitness calculation function is designed to evaluate and select the final feature subset from the remaining features.(3)This thesis evaluates the above methods on the public IoT device traffic dataset,then compares and analyzes a variety of classical machine learning classification algorithms through experiments,selects the excellent random forest algorithm to build the Internet of things device identification model by using the evaluation criteria such as accuracy and recall,and then makes an experimental evaluation on the device identification accuracy and stability of the overall method.The experimental results show that this method not only improves the accuracy of device identification,but also greatly enhances the robustness of device identification.(4)Based on the experimental results of the above methods,this thesis designs and implements the IoT device identification system.After analyzing and designing the functional requirements and overall architecture of the system,the detailed design and implementation of the functions of each module of the system are completed.Finally,the test environment is deployed to test and evaluate the function and identification effect of the system.The test results show that the functional modules of the system operate normally,achieve good device identification effect,and can quickly and accurately identify IoT devices under limited resources.