• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
高级检索

多源数据融合的物联网安全知识推理方法

张书钦, 白光耀, 李红, 张敏智

张书钦, 白光耀, 李红, 张敏智. 多源数据融合的物联网安全知识推理方法[J]. 计算机研究与发展, 2022, 59(12): 2735-2749. DOI: 10.7544/issn1000-1239.20210954
引用本文: 张书钦, 白光耀, 李红, 张敏智. 多源数据融合的物联网安全知识推理方法[J]. 计算机研究与发展, 2022, 59(12): 2735-2749. DOI: 10.7544/issn1000-1239.20210954
Zhang Shuqin, Bai Guangyao, Li Hong, Zhang Minzhi. IoT Security Knowledge Reasoning Method of Multi-Source Data Fusion[J]. Journal of Computer Research and Development, 2022, 59(12): 2735-2749. DOI: 10.7544/issn1000-1239.20210954
Citation: Zhang Shuqin, Bai Guangyao, Li Hong, Zhang Minzhi. IoT Security Knowledge Reasoning Method of Multi-Source Data Fusion[J]. Journal of Computer Research and Development, 2022, 59(12): 2735-2749. DOI: 10.7544/issn1000-1239.20210954
张书钦, 白光耀, 李红, 张敏智. 多源数据融合的物联网安全知识推理方法[J]. 计算机研究与发展, 2022, 59(12): 2735-2749. CSTR: 32373.14.issn1000-1239.20210954
引用本文: 张书钦, 白光耀, 李红, 张敏智. 多源数据融合的物联网安全知识推理方法[J]. 计算机研究与发展, 2022, 59(12): 2735-2749. CSTR: 32373.14.issn1000-1239.20210954
Zhang Shuqin, Bai Guangyao, Li Hong, Zhang Minzhi. IoT Security Knowledge Reasoning Method of Multi-Source Data Fusion[J]. Journal of Computer Research and Development, 2022, 59(12): 2735-2749. CSTR: 32373.14.issn1000-1239.20210954
Citation: Zhang Shuqin, Bai Guangyao, Li Hong, Zhang Minzhi. IoT Security Knowledge Reasoning Method of Multi-Source Data Fusion[J]. Journal of Computer Research and Development, 2022, 59(12): 2735-2749. CSTR: 32373.14.issn1000-1239.20210954

多源数据融合的物联网安全知识推理方法

基金项目: 河南省高校重点科研项目(21A520053,19A520048);河南省科技攻关项目(182102210526)
详细信息
  • 中图分类号: TP309.1

IoT Security Knowledge Reasoning Method of Multi-Source Data Fusion

Funds: This work was supported by the Key Program Research Fund of Higher Education of Henan Province (21A520053, 19A520048) and the Science and Technique Foundation of Henan Province (182102210526).
  • 摘要: 随着信息技术产业的发展和物联网设备数量的增长,物联网安全防御的难度与复杂度不断上升,针对物联网与供应链的重大安全事件时有发生,这些事件揭示了物联网供应链安全管理的复杂性.目前存在许多信息安全公开知识库可用于物联网安全威胁分析,但知识库的异构性使威胁评估十分困难.对多个信息安全知识库进行研究,将防御方所关注的安全知识来源与攻击者的战术、技术和攻击模式整合成一个统一的关系映射链接图知识库,并导入威胁情报,旨在利用已披露的威胁事件来提升物联网安全威胁要素评估能力.提出了一个物联网供应链风险分析本体RIoTSCO,并以此模型为基础设计了物联网安全下的推理规则,利用本体的表达能力建立物联网安全领域知识之间的语义关系,以解决多源知识的语义异质性问题.同时,在一个物联网环境示例中基于所提方法进行安全评估,自动化推理缓解措施以应对威胁事件,并描绘威胁事件所能波及到的上下游供应链情报全貌.
    Abstract: With the development of the information technology industry and the increase of the number of IoT devices, the difficulty and complexity of IoT security defense are rising continuously. Major security incidents for IoT and the supply chain occur frequently, which reveals the complexity of the security management of the IoT supply chain. Nowadays, there are kinds of public knowledge bases about information security which can be used for the IoT security threat analysis. However, the heterogeneity of these knowledge bases makes it difficult for threat assessment. Aiming at improving the capabilities of threat elements assessment of IoT security, which used disclosed threat events, we exploit multiple information security knowledge bases, integrate the sources of security knowledge which the defenders are concerned about, and the tactics, attack patterns, attack techniques of attackers into a unified relational mapping linkages graph knowledge base. An IoT security ontology, namely, Risk Analysis of IoT Supply Chain Ontology (RIoTSCO) is constructed. Based on RIoTSCO, the inference rules of IoT security are defined to establish the semantic relationship among the knowledge bases of IoT security which can solve the semantic heterogeneity of multi-source knowledge. Meanwhile, based on the IoT security knowledge reasoning method proposed above in this paper, we conduct a security threat assessment on an IoT supply chain scenario. Moreover, RIoTSCO can also automatically infer mitigations in respond to threats, and describe the overall perspective of the inbound and outbound supply chain intelligences related to the threat events.
  • 期刊类型引用(9)

    1. 邢琦. 基于ECC算法的安全芯片增强双向匿名认证方法. 电子设计工程. 2024(02): 176-180+186 . 百度学术
    2. 吴忠强,李孟亭. 基于CBAMTL-MobileNet V3的车载网络入侵检测. 计量学报. 2024(09): 1407-1415 . 百度学术
    3. 王凯,董建阔,肖甫,吉欣仪,胡昕. 面向物联网的认证密钥协商协议研究综述. 网络空间安全科学学报. 2024(05): 2-16 . 百度学术
    4. 姚海龙. 一种物联网轻量级匿名认证协议的仿冒攻击. 甘肃高师学报. 2023(02): 12-15 . 百度学术
    5. 况博裕,李雨泽,顾芳铭,苏铓,付安民. 车联网安全研究综述:威胁、对策与未来展望. 计算机研究与发展. 2023(10): 2304-2321 . 本站查看
    6. 蒋玉长,徐洋,李克资,秦庆凯,张思聪. 基于深度学习的轻量级车载网络入侵检测方法. 计算机工程与应用. 2023(22): 284-292 . 百度学术
    7. 谢绒娜,谭莉,武佳卉,史国振,李楚涵,邓烨. 面向天地一体化网络的认证与密钥协商协议. 密码学报. 2023(05): 1035-1051 . 百度学术
    8. 王理冬. 基于生成对抗网络的车载网络入侵检测系统. 安徽电子信息职业技术学院学报. 2023(04): 24-28 . 百度学术
    9. 杨文山,陈骁. 基于V2X的车联网安全互信体系架构分析. 信息安全与通信保密. 2022(07): 133-139 . 百度学术

    其他类型引用(3)

计量
  • 文章访问数:  234
  • HTML全文浏览量:  13
  • PDF下载量:  118
  • 被引次数: 12
出版历程
  • 发布日期:  2022-11-30

目录

    /

    返回文章
    返回