ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2018, Vol. 55 ›› Issue (7): 1451-1461.doi: 10.7544/issn1000-1239.2018.20180067

所属专题: 2018物联网安全专题

• 信息安全 • 上一篇    下一篇

CREBAD:基于芯片辐射的物联网设备异常检测方案

倪明涛1,2,3,赵波1,2,吴福生1,2,樊佩茹1,2   

  1. 1(武汉大学国家网络安全学院 武汉 430072); 2(空天信息安全与可信计算教育部重点实验室(武汉大学) 武汉 430072); 3(乐山师范学院计算机科学学院 四川乐山 614000) (nmt@whu.edu.cn)
  • 出版日期: 2018-07-01
  • 基金资助: 
    国家“八六三”高技术研究发展计划基金项目(2015AA016002);国家“九七三”重点基础研究发展计划基金项目(2014CB340600,2014CB340601)

CREBAD: Chip Radio Emission Based Anomaly Detection Scheme of IoT Devices

Ni Mingtao1,2,3, Zhao Bo1,2, Wu Fusheng1,2, Fan Peiru1,2   

  1. 1(School of Cyber Science and Engineering, Wuhan University, Wuhan 430072); 2(Key Laboratory of Aerospace Information Security and Trusted Computing (Wuhan University), Ministry of Education, Wuhan 430072); 3(School of Computer Science, Leshan Normal University, Leshan, Sichuan 614000)
  • Online: 2018-07-01

摘要: 随着物联网的飞速发展,物联网设备的安全问题受到了广泛的关注.物联网设备的软硬件特性导致其极易遭受各类攻击.对物联网设备的异常检测成为近年的热点,传统的基于入侵检测、流量分析等防护方式无法适用于物联网设备的软硬件环境.针对这一问题,提出了基于芯片辐射的异常检测方案,以物联网设备在工作时向外辐射的电磁波信号作为检测依据,采用遗传算法和近似熵理论对原始信号进行特征提取和选择后,利用一类支持向量机对正常行为产生的辐射信号进行训练.该方案具有无侵入的特性,无需对原有系统进行任何软硬件改造,适用于现有物联网设备.最后的实验结果表明:与其他常用的异常检测方案相比,该方案能够更有效地检测物联网设备的异常行为,具有较高的准确性和较低的误报率.

关键词: 异常检测, 物联网设备, 无线电辐射, 一类支持向量机, 聚类

Abstract: with the rapid development of the Internet of things (IoT), IoT security issues have received widespread attention. The hardware and software features of IoT devices make them extremely vulnerable to all types of attacks. Anomaly detection of IoT devices has become a hot spot in recent years. The traditional protection methods based on intrusion detection and traffic analysis can not adapt to the hardware and software environment of IoT devices. In order to solve this problem, an anomaly detection scheme based on chip radiation is proposed. By using the electromagnetic wave signals of IoT devices radiating outwards during operation as detection basis, the original signals are extracted and selected by genetic algorithm and approximate entropy. Finally, the signal of normal behavior radiation is trained using a one-class support vector machine algorithm. The program has non-invasive features, without the need for any transformation of the original system hardware and software, applying to the existing IoT devices. The final experimental results show that compared with other commonly used anomaly detection schemes, this scheme can detect the abnormal behavior of IoT devices more effectively, with higher accuracy and lower false alarm rate.

Key words: anomaly detection, IoT device, radio emission, one-class SVM, clustering

中图分类号: