基于子图拉普拉斯谱的异常传感器检测及识别方法

无线传感器网络中传感器异常检测是确保数据可靠性和系统正常运行的重要环节.将无线传感器网络用图模型描述,针对图上边缘区或稀疏区的异常传感器难以检测及识别的问题,本文提出了一种基于子图拉普拉斯谱的异常传感器检测及识别方法.该方法首先对系统图进行子图划分,再将图上信号转换至拉普拉斯谱信号,然后经低通滤波器处理,将图频域信号还原至节点域信号,通过比较还原信号与采集信号来判断子图的异常情况,最后对异常子图进行分析识别.基于公开数据集验证,本文所提方法对于无线传感器网络中单个异常传感器的检测率可以达到95％以上,其漏检率与误检率为15％以下,检测效果优于其他现有方法.     

基于物联网的异构传感数据入侵风险识别方法

异构传感数据入侵风险识别过程中未对采集的异构传感数据进行融合处理,导致数据入侵风险识别完整性较差,为此,本文引入物联网技术,提出一种新的异构传感数据入侵风险识别方法。根据物联网的组成层次,构建物联网结构模型。依据不同网络入侵攻击类型,设置风险类型识别标准。在物联网结构模型下,采集异构传感数据,得出初始数据的融合处理结果。从传感数据结构以及数据时域变化两个方面,提取异构传感数据特征,计算入侵风险值。最终输出可视化的异构传感数据入侵风险等级以及类型的识别结果。实验结果表明,设计识别方法的风险值识别误差降低了0.015,风险类型识别正确率提高了1.6%,且风险识别方法的响应时间更短,即优化设计的入侵风险识别方法在精度和时效性两个方面更加具有优势。     

互联网加密流量检测、分类与识别研究综述

互联网流量分析是网络管理与安全的核心途径,传统基于明文的分析方法在加密流量大势所趋的环境下已基本失效.虽有部分针对加密流量的分析方法,但其忽略了不同加密流量分析目标需求内在的逻辑性与层次性,并缺乏对加密流量本质特征的研究,难以系统化地解决加密流量分析的难题.本文首先面向网络管理与安全监管的实际需求,将互联网加密流量分析按照目标需求划分为检测、分类、识别三个阶段,并描述其目标与方法上的差异;接着基于现有研究成果,分别对现有检测、分类、识别方法从多个粒度、角度进行划分,系统性地归纳与比较现有研究的优缺点;最后,本文基于目前研究,结合未来互联网网络环境发展趋势和加密流量概念漂移的实际问题,从加密流量样本数据集完善、复杂新型网络协议下的加密流量分类与识别、基于应用层特征的加密流量分类与识别、多点协同分布式加密流量分类与识别四个方面分析与展望了未来互联网加密流量检测、分类与识别中可能的研究方向.     

基于灰狼算法优化DBN的医院网络异常流量识别

为了提高医院网络异常流量识别的精度,提出一种基于灰狼算法优化DBN的医院网络异常流量识别方法。针对DBN模型性能受权值和偏置参数的影响,运用灰狼算法对DBN模型的权值和偏置进行优化选择,将医院网络流量特征数据作为DBN模型的输入向量,网络异常流量的类型作为DBN模型的输出向量,建立GWO-DBN的医院网络异常流量识别模型。研究结果表明,GWO-DBN进行医院网络异常流量识别具有更高的准确率、检测率和更低的误报率。     

基于低秩分解的网络异常检测综述

异常检测对于网络管理与安全至关重要.国内外大量研究提出了一系列网络异常检测方法,其中大多数方法更关注数据包及其独立时序数据流的分析、检测与告警,这类方法仅仅利用了网络数据之间的时间相关性,无法检测新类型的网络异常,且难以定位以及剔除异常数据.为了解决上述问题,相关研究融合多时间序列数据流,提出基于低秩分解的网络异常检测方法.该方法充分利用网络数据之间的时间-空间相关性,无监督地定位异常数据所在位置,同时将异常数据剔除,从而还原网络正常数据.首先,根据其对正常数据与异常数据的不同类型约束,将基于低秩分解的异常检测方法分为4类,并介绍每一类方法的基本思想和优缺点;然后,探讨现有基于低秩分解的异常检测方法存在的挑战;最后,对未来可能的发展趋势进行了展望.     

基于改进KNN算法的网络数据流异常识别方法

传统识别方法未对异常数据流进行分类，导致识别正确率不高，提出基于改进K最邻近（K-Nearest Neighbor,KNN）算法的网络数据流异常识别方法。通过预处理异常数据流，提取异常数据流的特征，并以此作为基础，利用KNN算法统计异常数据流的类别，并分类所出现的异常数据。之后，通过计算不同网络环境下识别异常数据的时长，完成网络异常数据流的识别。在仿真实验中，与以往的网络数据流异常识别方法相比，提出的基于改进KNN算法的网络数据流异常识别方法具有更好的识别效果，识别正确率更高。     

边缘检测和Snake Model结合的轮廓识别

基于主动轮廓识别和被动轮廓识别方法各自的优缺点,提出结合主动和被动的方法,先对图像进行被动轮廓的预处理,然后再应用主动轮廓的方法,通过比较选出Canny算子进行预处理,再通过基于概率的方法分割图像,最后再应用Snake模型进行轮廓提取。并取得较好的应用。     

基于相似度聚类的网络异常快速识别方法研究

传统网络异常识别方法速度慢、准确率低。为此,笔者提出基于相似度聚类的网络异常快速识别方法,经过详细分析相似度聚类算法,提出网络异常快速识别五步流程;并对网络安全权限机制识别和签名机制进行强化设计。实验对比表明,提出的识别方法能在短时间内识别网络异常,准确率高,对于保证网络安全有重要意义。     

基于词袋模型聚类的异常流量识别方法

针对现有异常流量检测方法的识别准确率低且快速识别需要确定阈值等问题,基于词袋模型聚类,提出一种改进的网络异常流量识别方法。通过对已有的异常流量和正常流量进行K-means均值聚类,得到网络流量中的流量关键点,将网络流量转化映射到相应流量关键点后建立直方图,并采用半监督学习方式对异常流量进行检测。实验结果表明,与基于朴素贝叶斯、支持向量机等的识别方法相比,该方法具有更好的异常流量识别效果。     

基于物联网定位模型的网络节点能耗感知识别

由于现有网络节点能耗感知识别方没有对网络节点信号进行映射,不能获取节点对应的物理坐标位置,导致在网络节点能耗感知识别速度较慢,识别结果不理想.提出基于物联网定位模型的网络节点能耗感知识别方法,建立物联网定位模型,对网络节点信号进行映射,获取网络节点对应的物理坐标位置,将全局网络非线性问题进行优化,分别进行求解;结合网络节点能耗感知识别方法选择对应簇首节点,将该节点作为依据设定感知识别区域并对相关节点数据进行提取,建立数据回传节点集,对感知识别区域内数据回传节点集进行分析,通过数据回传节点集完成网络节点能耗的感知与识别.实验结果表明,所提方法的感知识别速度较快,感知识别结果的可信度较高以及准确性更高.     

物联网固件安全缺陷检测研究进展

固件是物联网设备的基础使能软件,其中存在的安全缺陷是物联网设备遭受攻击的根本原因之一。由于物联网设备资源受限,难以部署完善的安全防护机制,身处不安全的网络环境中,其固件缺陷一旦被恶意利用,轻则使设备宕机,重则威胁安全攸关领域基础设施,造成巨大的生命财产损失。因此,有效的固件安全缺陷检测已然成为保障物联网设备安全的关键,也成为学术界和工业界研究的热点。面对物联网设备数量的高速增长、固件自身规模和复杂性的不断攀升、固件类型的日益多样化、固件缺陷的持续增多,现有的物联网固件安全缺陷检测研究面临挑战。本文归纳了典型物联网固件实现缺陷类型,分析了典型缺陷产生机理,从静态分析、符号执行、模糊测试、程序验证、基于机器学习的方法等角度综述了现有固件缺陷检测方法。通过对不同方法优势与不足的分析,为进一步提升固件安全缺陷检测方法的智能化、精准化、自动化、有效性、可扩展性提供指导。在此基础上,本文展望了未来可以开展的研究工作。     

HA2:层次化的物联网感知设备固件异常分析技术

物联网底层一般包含大量的感知终端,这些设备是物联网应用与服务的基础。然而,由于在计算、存储、传输带宽等资源上的限制,感知设备固件程序运行时可获得状态非常有限,一旦这些设备出现异常,相关人员往往缺乏足够的手段对其开展分析。针对这一问题,提出一种层次化的物联网感知设备固件异常分析技术（Hierarchical Anomaly Analysis,HA2）。该方法以物联网感知节点程序静态结构及动态运行轨迹特征为基础,借助一分类支持向量机和统计推断方法,可以实现区间、任务和函数三个层次的异常检测,并生成相应的异常分析报告。实验表明该方法与现有方法相比,在收集异常分析特征方面具有较小的存储及运行开销。开源代码库中的缺陷实例分析表明,与现有方法相比HA2的层次化异常分析报告可以大大缩小异常分析范围,为用户分析、修复异常提供有效帮助。     

Intrusion Detection Systems in Internet of Things and Mobile Ad-Hoc Networks

Internet of Things (IoT) devices work mainly in wireless mediums; requiring different Intrusion Detection System (IDS) kind of solutions to leverage 802.11 header information for intrusion detection. Wireless-specific traffic features with high information gain are primarily found in data link layers rather than application layers in wired networks. This survey investigates some of the complexities and challenges in deploying wireless IDS in terms of data collection methods, IDS techniques, IDS placement strategies, and traffic data analysis techniques. This paper’s main finding highlights the lack of available network traces for training modern machine-learning models against IoT specific intrusions. Specifically, the Knowledge Discovery in Databases (KDD) Cup dataset is reviewed to highlight the design challenges of wireless intrusion detection based on current data attributes and proposed several guidelines to future-proof following traffic capture methods in the wireless network (WN). The paper starts with a review of various intrusion detection techniques, data collection methods and placement methods. The main goal of this paper is to study the design challenges of deploying intrusion detection system in a wireless environment. Intrusion detection system deployment in a wireless environment is not as straightforward as in the wired network environment due to the architectural complexities. So this paper reviews the traditional wired intrusion detection deployment methods and discusses how these techniques could be adopted into the wireless environment and also highlights the design challenges in the wireless environment. The main wireless environments to look into would be Wireless Sensor Networks (WSN), Mobile Ad Hoc Networks (MANET) and IoT as this are the future trends and a lot of attacks have been targeted into these networks. So it is very crucial to design an IDS specifically to target on the wireless networks.     

基于多约束信息融合的特定网络检测方法设计

针对当前特定网络检测方法中没有对数据粒度进行过滤,数据粒度过于粗糙,检测过程的单一,致使检测效率低、检测正确性偏差等问题。提出一种基于多约束信息融合的特定网络检测方法,利用Windows中的Wpcap.dll获取特定网络中NIC相关信息,构建特定网络侦听,制定过滤条件实现特定网络数据的获取;根据Rough集理论对特定网络数据粒度进行过滤,减小数据粒度的粗糙程度;构建特定网络检测模型,结合D-S证据理论得到基本置信函数值并确定值的权重,代入D-S合成公式获得检测结果,引入群体信任法对检测结果再次过滤,实现网络异常数据的彻底检测和清除,解决检测方法的单一性。实验表明,该方法提高了网络检测的效率和正确性,有效解决了当前网络检测方法中存在的问题。     

IoT智能设备安全威胁及防护技术综述

伴随着物联网的产生和发展,IoT智能设备越来越多地出现,其大规模普及的同时,也给用户个人资产安全与隐私保护带来了极大地冲击和挑战。本文围绕智能设备,基于智能设备终端、云服务端和用户控制终端三端系统架构,综述目前智能设备安全威胁的主要来源和技术攻击手段,并针对性地梳理已有防护技术和安全研究现状。然后,针对现有IoT智能设备安全防护体系缺失和安全设计不足的问题,本文讨论提出了全生命周期的IoT智能设备系统防护模型设计思路。     

面向物联网移动终端设备的用户轨迹异常检测研究

为了有效地从物联网移动设备的数字信息中挖掘出用户在日常行为中的轨迹异常,针对现有用户异常轨迹检测算法效率低的问题,提出了一种双层聚类的用户轨迹异常检测方法。考虑到移动终端设备中的轨迹信息数据量大、分布不均匀等特点,该方法在特定的空间距离与时间间隔下提取出停留点集合,并对这些点进行层次聚类,根据结果划分出停留区域,进而发现其中的异常停留区域;最后,对停留区域之间发生的运动轨迹段进行二次层次聚类,发现异常轨迹段。实验结果表明,该方法在发现异常轨迹时,相较于传统算法,既全面地检测出异常轨迹,又加快了异常检测的速度。     

Processing capacity-based decision mechanism edge computing model for IoT applications

The handling of complex tasks in IoT applications becomes difficult due to the limited availability of resources in most IoT devices. There arises a need to offload the IoT tasks with huge processing and storage to resource enriched edge and cloud. In edge computing, factors such as arrival rate, nature and size of task, network conditions, platform differences and energy consumption of IoT end devices impacts in deciding an optimal offloading mechanism. A model is developed to make a dynamic decision for offloading of tasks to edge and cloud or local execution by computing the expected time, energy consumption and processing capacity. This dynamic decision is proposed as processing capacity-based decision mechanism (PCDM) which takes the offloading decisions on new tasks by scheduling all the available devices based on processing capacity. The target devices are then selected for task execution with respect to energy consumption, task size and network time. PCDM is developed in the EDGECloudSim simulator for four different applications from various categories such as time sensitiveness, smaller in size and less energy consumption. The PCDM offloading methodology is experimented through simulations to compare with multi-criteria decision support mechanism for IoT offloading (MEDICI). Strategies based on task weightage termed as PCDM-AI, PCDM-SI, PCDM-AN, and PCDM-SN are developed and compared against the five baseline existing strategies namely IoT-P, Edge-P, Cloud-P, Random-P, and Probabilistic-P. These nine strategies are again developed using MEDICI with the same parameters of PCDM. Finally, all the approaches using PCDM and MEDICI are compared against each other for four different applications. From the simulation results, it is inferred that every application has unique approach performing better in terms of response time, total task execution, energy consumption of device, and total energy consumption of applications.     

Logistic Regression Trust–A Trust Model for Internet-of-Things Using Regression Analysis

Internet of Things (IoT) is a popular social network in which devices are virtually connected for communicating and sharing information. This is applied greatly in business enterprises and government sectors for delivering the services to their customers, clients and citizens. But, the interaction is successful only based on the trust that each device has on another. Thus trust is very much essential for a social network. As Internet of Things have access over sensitive information, it urges to many threats that lead data management to risk. This issue is addressed by trust management that help to take decision about trustworthiness of requestor and provider before communication and sharing. Several trust-based systems are existing for different domain using Dynamic weight method, Fuzzy classification, Bayes inference and very few Regression analysis for IoT. The proposed algorithm is based on Logistic Regression, which provide strong statistical background to trust prediction. To make our stand strong on regression support to trust, we have compared the performance with equivalent sound Bayes analysis using Beta distribution. The performance is studied in simulated IoT setup with Quality of Service (QoS) and Social parameters for the nodes. The proposed model performs better in terms of various metrics. An IoT connects heterogeneous devices such as tags and sensor devices for sharing of information and avail different application services. The most salient features of IoT system is to design it with scalability, extendibility, compatibility and resiliency against attack. The existing works finds a way to integrate direct and indirect trust to converge quickly and estimate the bias due to attacks in addition to the above features.     

Elastic Smart Contracts in Blockchains

In this paper, we deal with questions related to blockchains in complex Internet of Things (IoT)-based ecosystems. Such ecosystems are typically composed of IoT devices, edge devices, cloud computing software services, as well as people, who are decision makers in scenarios such as smart cities. Many decisions related to analytics can be based on data coming from IoT sensors, software services, and people. However, they are typically based on different levels of abstraction and granularity. This poses a number of challenges when multiple blockchains are used together with smart contracts. This work proposes to apply our concept of elasticity to smart contracts and thereby enabling analytics in and between multiple blockchains in the context of IoT. We propose a reference architecture for Elastic Smart Contracts and evaluate the approach in a smart city scenario, discussing the benefits in terms of performance and self-adaptability of our solution.      

动态物联网环境下的联盟学习计算卸载优化

智能城市、智慧工厂等对物联网设备（Internet of Things，IoT）的性能和连接性提出了挑战。边缘计算的出现弥补了这些能力受限的设备，通过将密集的计算任务从它们迁移到边缘节点（Edge Node，EN），物联网设备能够在节约更多能耗的同时，仍保持服务质量。计算卸载决策涉及协作和复杂的资源管理，应该根据动态工作负载和网络环境实时确定计算卸载决策。采用模拟实验的方法，通过在物联网设备和边缘节点上都部署深度强化学习代理来最大化长期效用，并引入联盟学习来分布式训练深度强化学习代理。首先构建支持边缘计算的物联网系统，IoT从EN处下载已有模型进行训练，密集型计算任务卸载至EN进行训练；IoT上传更新的参数至EN，EN聚合该参数与EN处的模型得到新的模型；云端可在EN处获得新的模型并聚合，IoT也可以从EN获得更新的参数应用在设备上。经过多次迭代，该IoT能获得接近集中式训练的性能，并且降低了物联网设备和边缘节点之间的传输成本，实验证实了决策方案和联盟学习在动态物联网环境中的有效性。