| With the rapid development of mobile communication technology,big data and cloud computing,the Internet of Things technology has also been popularized.It integrates sensors,intelligent terminals,automatic control equipment,computer networks and other equipment organically to achieve automatic detection,automatic control,remote monitoring and other functions,and is applied to smart home,smart industry,smart city and other fields.Greatly improve people’s quality of life and work efficiency.At the same time,Internet of Things security risk events also occur frequently,threatening people’s life and property safety.Internet of Things devices are characterized by large base,wide distribution,wide variety,strong openness,limited computing resources,and insufficient security protection means.A large number of terminal devices with insufficient protection means are easy to be used by criminals and become tools or springboards for network attacks,leading to information leakage,terminal hijacking,abnormal control commands and other security incidents.Even more serious will lead to the Internet of Things system disaster.Internet of Things system is faced with serious security risks,so it is imperative to ensure the security of Internet of Things terminal equipment.Therefore,based on the real power Internet of Things traffic data,this thesis studies the anomaly detection technology suitable for Internet of Things traffic to deal with the abnormal network traffic caused by various malicious attacks,so as to ensure the security of Internet of Things terminal equipment.The work carried out in this thesis is as follows:(1)Hierarchical anomaly detection algorithm based on neural networkA hierarchical anomaly detection algorithm based on neural network was proposed according to the characteristics of periodicity and time trend of traffic data of power Internet of Things and the fixed working mode and strong regularity of terminal equipment.At the macro level,the traffic prediction model based on LSTM neural network is trained to represent the activity state of the entire network.Under the premise of high accuracy,the predicted value is regarded as normal value,the residual difference between the predicted value and the actual value is calculated,and the residual is single classified to achieve the purpose of anomaly detection.At the micro level,the flow characteristics of each type of terminal device are extracted,and the characteristics are manually labeled.The depth autoencoder of each type of terminal device data is trained respectively for data reconstruction,and the reconstruction error is compared with the set threshold to realize anomaly detection.The experimental results show that this method has high accuracy,low false alarm rate and false alarm rate,and good abnormal detection performance.(2)Anomaly detection method based on multi-layer whitelist self-learningAiming at the characteristics of "limited states" and "limited behaviors" of Internet of Things terminal devices and the defect that blacklist cannot deal with unknown attacks,an anomaly detection method based on multi-layer whitelist self-learning is proposed.First,the network connection whitelist is constructed according to the network traffic quintuple.Secondly,the whitelist of service protocol is constructed according to the communication protocol of terminal equipment and the frequent pattern mining of apriori algorithm.Finally,the traffic feature whitelist is constructed from the packet sending rate,byte rate,and session duration.Therefore,the whitelist traffic is allowed to pass and any illegal traffic is rejected.(3)Design and implementation of abnormal traffic monitoring system for Internet of ThingsFinally,this thesis designs and implements the abnormal traffic monitoring system of the Internet of Things.From the overall structure of the system,the design of each function module,the realization of the system and the effect are described. |
PDF Full Text Request