当前位置:
X-MOL 学术
›
IEEE Trans. Netw. Serv. Manag.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Managing IoT Cyber-Security using Programmable Telemetry and Machine Learning
IEEE Transactions on Network and Service Management ( IF 4.7 ) Pub Date : 2020-03-01 , DOI: 10.1109/tnsm.2020.2971213 Arunan Sivanathan , Hassan Habibi Gharakheili , Vijay Sivaraman
IEEE Transactions on Network and Service Management ( IF 4.7 ) Pub Date : 2020-03-01 , DOI: 10.1109/tnsm.2020.2971213 Arunan Sivanathan , Hassan Habibi Gharakheili , Vijay Sivaraman
Cyber-security risks for Internet of Things (IoT) devices sourced from a diversity of vendors and deployed in large numbers, are growing rapidly. Therefore, management of these devices is becoming increasingly important to network operators. Existing network monitoring technologies perform traffic analysis using specialized acceleration on network switches, or full inspection of packets in software, which can be complex, expensive, inflexible, and unscalable. In this paper, we use SDN paradigm combined with machine learning to leverage the benefits of programmable flow-based telemetry with flexible data-driven models to manage IoT devices based on their network activity. Our contributions are three-fold: (1) We analyze traffic traces of 17 real consumer IoT devices collected in our lab over a six-month period and identify a set of traffic flows (per-device) whose time-series attributes computed at multiple timescales (from a minute to an hour) characterize the network behavior of various IoT device types, and their operating states (i.e., booting, actively interacted with user, or being idle); (2) We develop a multi-stage architecture of inference models that use flow-level attributes to automatically distinguish IoT devices from non-IoTs, classify individual types of IoT devices, and identify their states during normal operations. We train our models and validate their efficacy using real traffic traces; and (3) We quantify the trade-off between performance and cost of our solution, and demonstrate how our monitoring scheme can be used in operation for detecting behavioral changes (firmware upgrade or cyber attacks).
中文翻译:
使用可编程遥测和机器学习管理物联网网络安全
来自各种供应商并大量部署的物联网 (IoT) 设备的网络安全风险正在迅速增长。因此,这些设备的管理对网络运营商来说变得越来越重要。现有的网络监控技术在网络交换机上使用专门的加速来执行流量分析,或者在软件中对数据包进行全面检查,这可能是复杂、昂贵、不灵活和不可扩展的。在本文中,我们将 SDN 范式与机器学习相结合,利用基于可编程流的遥测技术和灵活的数据驱动模型的优势,根据其网络活动来管理物联网设备。我们的贡献有三方面:(1) 我们分析了实验室在六个月内收集的 17 个真实消费者物联网设备的流量轨迹,并确定了一组流量流(每个设备),其时间序列属性在多个时间尺度(从一分钟到一分钟)计算小时)表征各种物联网设备类型的网络行为及其运行状态(即启动、主动与用户交互或空闲);(2) 我们开发了推理模型的多阶段架构,使用流级属性自动区分物联网设备和非物联网设备,对各种类型的物联网设备进行分类,并在正常运行期间识别它们的状态。我们训练我们的模型并使用真实的交通轨迹验证它们的功效;(3) 我们量化了我们解决方案的性能和成本之间的权衡,
更新日期:2020-03-01
中文翻译:
使用可编程遥测和机器学习管理物联网网络安全
来自各种供应商并大量部署的物联网 (IoT) 设备的网络安全风险正在迅速增长。因此,这些设备的管理对网络运营商来说变得越来越重要。现有的网络监控技术在网络交换机上使用专门的加速来执行流量分析,或者在软件中对数据包进行全面检查,这可能是复杂、昂贵、不灵活和不可扩展的。在本文中,我们将 SDN 范式与机器学习相结合,利用基于可编程流的遥测技术和灵活的数据驱动模型的优势,根据其网络活动来管理物联网设备。我们的贡献有三方面:(1) 我们分析了实验室在六个月内收集的 17 个真实消费者物联网设备的流量轨迹,并确定了一组流量流(每个设备),其时间序列属性在多个时间尺度(从一分钟到一分钟)计算小时)表征各种物联网设备类型的网络行为及其运行状态(即启动、主动与用户交互或空闲);(2) 我们开发了推理模型的多阶段架构,使用流级属性自动区分物联网设备和非物联网设备,对各种类型的物联网设备进行分类,并在正常运行期间识别它们的状态。我们训练我们的模型并使用真实的交通轨迹验证它们的功效;(3) 我们量化了我们解决方案的性能和成本之间的权衡,
京公网安备 11010802027423号