基于滑动时间窗的物联网设备流量分类算法

doi:10.19678/j.issn.1000-3428.0064882

摘要/Abstract

摘要：

现有的物联网设备流量分类方案多依赖完整的流或流的前几个数据包。依赖完整的流会使流量数据增多，从而增加计算复杂度与存储资源的消耗，但物联网设备的存储空间与CPU性能都十分有限；而依赖流的前几个数据包，若其部分数据包丢失就会导致分类效果变差。针对上述问题，提出一种基于滑动时间窗口的随机森林物联网设备流量分类算法，利用物联网流量信息来表征各种设备的属性。首先，基于物联网设备流量时间依赖性的特点，利用滑动时间窗口将流划分为多个时间周期为T的子流；然后，基于物联网设备流量的加密特性，从子流中提取流信息与流头部的数据包信息建立特征向量；最后，基于随机森林随机抽样和随机选特征的特性构建分类模型，以增强模型的泛化能力，进一步提高分类性能。在公开数据集UNSW上的实验结果表明，该算法的分类准确率为96.23%、精确率为94.8%、召回率为91.47%、F1值为93%，具有较好的分类效果。

关键词: 物联网, 流量分类, 网络安全, 随机森林, 设备管理, 服务质量

Abstract:

Existing traffic classification schemes for Internet of Things(IoT) devices rely mostly on the complete flow or the first few packets of the flow.If the scheme relies on the complete flow, this will lead to more data, thus increasing the computing complexity and storage resource consumption, however, the storage space and CPU performance of IoT devices are very limited; if the scheme relies on the first few packets of the flow, if some of the first several packets that depend on the flow are lost, the classification effect is poor. To solve these problems, this paper proposes a random forest traffic classification algorithm for IoT devices based on sliding time window.This algorithm uses IoT traffic information to characterize the attributes of various devices.First, based on the time-dependent characteristics of the flow of IoT devices, the flow is divided into several sub-flows with a period of T using a sliding time window. Second, based on the encryption characteristics of the IoT device traffic, the flow and packet information of the flow head are extracted from the sub-flow to establish the feature vector. Finally, a classification model is constructed based on the characteristics of random sampling and randomly selected features of the random forest to enhance the generalization ability of the model and further improve the classification performance. The experimental results on the public dataset UNSW show that the classification accuracy, precision, recall rate, and F1 value are 96.23%, 94.8%, 91.47%, and 93%, respectively, indicating good classification accuracy.

Key words: Internet of Things(IoT), traffic classification, network security, random forest, device management, Quality of Service(QoS)

余长宏, 陆雅, 王海鑫, 高明. 基于滑动时间窗的物联网设备流量分类算法[J]. 计算机工程, 2023, 49(7): 259-268.

Changhong YU, Ya LU, Haixin WANG, Ming GAO. Traffic Classification Algorithm for IoT Device Based on Sliding Time Window[J]. Computer Engineering, 2023, 49(7): 259-268.

http://www.ecice06.com/CN/Y2023/V49/I7/259

图/表 16

图1 物联网设备流量分类流程

Fig.1 IoT device traffic classification procedure

图2 设备产生单个数据包的平均时间

Fig.2 The average time for the device to generate a single packet

图3

$ {\mathit{S}}_{{\mathit{d}}_{\mathit{m}}}^{\mathit{j}} $

流量分割过程

Fig.3

$ {\mathit{S}}_{{\mathit{d}}_{\mathit{m}}}^{\mathit{j}} $

traffic splitting process

图4 单个数据包包长分布

Fig.4 Packet length distribution of a single data packet

图5 随机森林模型

Fig.5 Random forest model

图6 样本分布

Fig.6 Sample distribution

图7 样本分类情况

Fig.7 Sample classification

表1 算法分类效果

Table 1 Algorithm classification effect %

序号	设备名称	精确率	召回率	F1值
1	Smart Things	97	98	98
2	Amazon Echo	80	94	86
3	Netatmo Welcome	95	73	83
4	TP-Link Day Night Cloud Camera	100	100	100
5	Samsung SmartCam	100	100	100
6	Dropcam	99	97	98
7	Insteon Camera	98	95	97
8	Withings Smart Baby Monitor	87	79	83
9	Belkin Wemo Switch	100	76	86
10	TP-Link Smart Plug	100	98	99
11	iHome	96	100	98
12	Belkin Wemo Motion Sensor	100	82	90
13	NEST Protect Smoke Alarm	99	97	98
14	Netatmo Weather Station	97	100	99
15	Withings Smart Scale	100	90	95
16	Blipcare Blood Pressure Meter	100	97	99
17	Withings Aura Smart Sleep Sensor	79	81	80
18	Light Bulbs LiFX Smart Bulb	100	100	100
19	Triby Speaker	94	96	95
20	PIX-STAR Photo-frame	99	86	92
21	HP Printer	71	82	76
平均值		95	91	93

图8 相同厂家不同设备性能对比

Fig.8 Performance comparison of different equipments from the same manufacturer

图9 混淆矩阵

Fig.9 Confusion matrix

表2 流量分类效果对比

Table 2 Comparison of traffic classification effect

算法	准确率/%	召回率/%	F1值/%	运算时间/s
本文算法(21类)	96.23	91.47	93	20
本文算法(14类)	98.00	94.00	96	—
文献[25]算法	96.00	96.00	96	—
文献[27]算法	82.00	67.00	74	18

图10 各设备分类效果对比

Fig.10 Comparison of each equipment classification effect

图11 流量统计图

Fig.11 Traffic statistics diagram

表3 流信息对比

Table 3 Flow information comparison %

特征向量	准确率	精确率	召回率	F1值
流信息特征	98	98	94	96
无流信息特征	96	96	94	95

表4 分类模型对比

Table 4 Classification model comparison

模型	准确率/%	精确率/%	召回率/%	F1值/%	训练时间/s
决策树	96.00	95.8	90.30	93	2.10
随机森林	96.23	94.8	91.47	93	12.23
KNN	95.68	87.0	85.00	86	6.50
SVM	93.15	93.0	86.15	89	7 865.00

图12 时间窗口对比

Fig.12 Comparison of time window

参考文献 28

1	吴吉义, 李文娟, 曹健, 等. 智能物联网AIoT研究综述. 电信科学, 2021, 37 (8): 1- 17.
	WU J Y, LI W J, CAO J, et al. AIoT: a taxonomy, review and future directions. Telecommunications Science, 2021, 37 (8): 1- 17.
2	LI Q, FENG X, WANG R, et al. Towards fine-grained fingerprinting of firmware in online embedded devices[C]//Proceedings of IEEE Conference on Computer Communications. Washington D. C., USA: IEEE Press, 2018: 2537-2545.
3	LOTFOLLAHI M, SIAVOSHANI M J, ZADE R S H, et al. Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft Computing, 2020, 24 (3): 1999- 2012. doi: 10.1007/s00500-019-04030-2
4	WANG W, ZHU M, ZENG X W, et al. Malware traffic classification using convolutional neural network for representation learning[C]//Proceedings of International Conference on Information Networking. Washington D. C., USA: IEEE Press, 2017: 712-717.
5	MADHUKAR A, WILLIAMSON C. A longitudinal study of P2P traffic classification[C]//Proceedings of the 14th IEEE International Symposium on Modeling, Analysis, and Simulation. Washington D. C., USA: IEEE Press, 2006: 179-188.
6	MSADEK N, SOUA R, ENGEL T. IoT device fingerprinting: machine learning based encrypted traffic analysis[C]//Proceedings of IEEE Wireless Communi-cations and Networking Conference. Washington D. C., USA: IEEE Press, 2019: 1-8.
7	LAVRENOVS A, GRAF R, HEINÄARO K. Towards classifying devices on the Internet using artificial intelligence[C]//Proceedings of the 12th International Conference on Cyber Conflict. Washington D. C., USA: IEEE Press, 2020: 309-325.
8	THOMSEN M D, GIARETTA A, DRAGONI N. Smart lamp or security camera? Automatic identification of IoT devices[C]//Proceedings of International Networking Conference. Berlin, Germany: Springer, 2020: 85-99.
9	崔景洋, 陈振国, 田立勤, 等. 基于机器学习的用户与实体行为分析技术综述. 计算机工程, 2022, 48 (2): 10- 24. URL
	CUI J Y, CHEN Z G, TIAN L Q, et al. Overview of user and entity behavior analytics technology based on machine learning. Computer Engineering, 2022, 48 (2): 10- 24. URL
10	MIETTINEN M, MARCHAL S, HAFEEZ I, et al. IoT SENTINEL: automated device-type identification for security enforcement in IoT[C]//Proceedings of the 37th IEEE International Conference on Distributed Computing Systems. Washington D. C., USA: IEEE Press, 2017: 2177-2184.
11	SALMAN O, ELHAJJ I H, CHEHAB A, et al. A machine learning based framework for IoT device identification and abnormal traffic detection. Transactions on Emerging Telecommunications Technologies, 2019, 33 (3): 1- 10.
12	MEIDAN Y, BOHADANA M, SHABTAI A, et al. Detection of unauthorized IoT devices using machine learning techniques[EB/OL]. [2022-04-01]. https://arxiv.org/abs/1709.04647.
13	WANG S H, SUN C, MENG Z L, et al. Martini: bridging the gap between network measurement and control using switching ASICs[C]//Proceedings of the 28th International Conference on Network Protocols. Washington D. C., USA: IEEE Press, 2020: 1-12.
14	SIVANATHAN A, SHERRATT D, GHARAKHEILI H H, et al. Characterizing and classifying IoT traffic in smart cities and campuses[C]//Proceedings of IEEE Conference on Computer Communications Workshops. Washington D. C., USA: IEEE Press, 2017: 559-564.
15	BARNETT R J, IRWIN B. Towards a taxonomy of network scanning techniques[C]//Proceedings of the 2008 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on IT Research in Developing Countries: Riding the Wave of Technology. New York, USA: ACM Press, 2008: 1-7.
16	BEZAWADA B, BACHANI M, PETERSON J, et al. Behavioral fingerprinting of IoT devices[C]//Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security. New York, USA: ACM Press, 2018: 41-50.
17	LI W, MOORE A W. A machine learning approach for efficient traffic classification[C]//Proceedings of the 15th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems. Washington D. C., USA: IEEE Press, 2008: 310-317.
18	MAITI R R, SIBY S, SRIDHARAN R, et al. Link-layer device type classification on encrypted wireless traffic with COTS radios[C]//Proceedings of ESORICS'17. Berlin, Germany: Springer, 2017: 247-264.
19	APTHORPE N, REISMAN D, FEAMSTER N. A smart home is no castle: privacy vulnerabilities of encrypted IoT traffic[EB/OL]. [2022-04-01]. https://arxiv.org/abs/1705.06805.
20	PENG L Z, YANG B, CHEN Y H. Effective packet number for early stage Internet traffic identification. Neurocomputing, 2015, 156 (C): 252- 267.
21	WANG L L, PENG L Z, SU M J, et al. On the impact of packet inter arrival time for early stage traffic identification[C]//Proceedings of IEEE International Conference on Internet of Things(iThings) and IEEE Green Computing and Communications(GreenCom) and IEEE Cyber, Physical and Social Computing(CPSCom) and IEEE Smart Data (SmartData). Washington D. C., USA: IEEE Press, 2017: 510-515.
22	陈良臣, 高曙, 刘宝旭, 等. 网络流量异常检测中的维数约简研究. 计算机工程, 2020, 46 (2): 11- 20. URL
	CHEN L C, GAO S, LIU B X, et al. Research on dimensionality reduction in network traffic anomaly detection. Computer Engineering, 2020, 46 (2): 11- 20. URL
23	BUCZAK A L, GUVEN E. A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 2015, 18 (2): 1153- 1176.
24	SHAHID M R, BLANC G, ZHANG Z H, et al. IoT devices recognition through network traffic analysis[C]//Proceedings of IEEE International Conference on Big Data. Washington D. C., USA: IEEE Press, 2019: 5187-5192.
25	PINHEIRO A J, BEZERRA J D M, BURGARDT C A P, et al. Identifying IoT devices and events based on packet length from encrypted traffic. Computer Communications, 2019, 144 (C): 8- 17.
26	BAI L, YAO L N, KANHERE S S, et al. Automatic device classification from network traffic streams of Internet of Things[C]//Proceedings of the 43rd Conference on Local Computer Networks. Washington D. C., USA: IEEE Press, 2019: 1-9.
27	李锐光, 段鹏宇, 沈蒙, 等. 基于随机森林的物联网设备流量分类算法. 北京航空航天大学学报, 2022, 48 (2): 233- 239. URL
	LI R G, DUAN P Y, SHEN M, et al. Traffic classification algorithm of Internet of Things based on random forest. Journal of Beijing University of Aeronautics and Astronautics, 2022, 48 (2): 233- 239. URL
28	顾玥, 李丹, 高凯辉. 基于机器学习和深度学习的网络流量分类研究. 电信科学, 2021, 37 (3): 105- 113. URL
	GU Y, LI D, GAO K H. Research on network traffic classification based on machine learning and deep learning. Telecommunications Science, 2021, 37 (3): 105- 113. URL

[1]	潘雪, 袁凌云, 黄敏敏. 基于区块链和域信任度的物联网跨域信任评估模型[J]. 计算机工程, 2023, 49(5): 181-190.
[2]	田秀霞, 杨明夷. 家庭物联网中基于智能合约的访问控制机制[J]. 计算机工程, 2023, 49(3): 18-28.
[3]	苏瑞国, 阳建, 秦继伟, 武晓雄, 贾振红. 基于物联网区块链的轻量级共识算法研究[J]. 计算机工程, 2023, 49(2): 175-180.
[4]	顾智敏, 王梓莹, 郭静, 郭雅娟, 冯景瑜. 雾化零信任组件的5G电力失陷终端威胁检测[J]. 计算机工程, 2023, 49(2): 161-168.
[5]	丁庆丰, 李晋国. 一种物联网环境下的分布式异常流量检测方案[J]. 计算机工程, 2022, 48(8): 152-159.
[6]	葛昕, 邹福泰, 郭万达, 谭越, 李林森. 社交僵尸网络发展综述[J]. 计算机工程, 2022, 48(8): 12-24.
[7]	奚智雯, 蔡晶晶, 阳文敏, 柴志雷. 基于微服务架构FPGA云平台的并发请求调度机制[J]. 计算机工程, 2022, 48(7): 206-213.
[8]	黄金瑶, 刘同来, 吴嘉鑫, 武继刚. 多周期家庭护理的路径规划与调度算法[J]. 计算机工程, 2022, 48(7): 292-299.
[9]	王奎宇, 宋晓勤, 缪娟娟, 张昕婷, 雷磊. 基于SDN的高性能QoS保障低轨道卫星星间路由算法[J]. 计算机工程, 2022, 48(5): 185-190,199.
[10]	张垿豪, 冯文龙, 黄梦醒, 刘伟. 基于区块链的科技服务质量信任评价方案[J]. 计算机工程, 2022, 48(5): 127-135,144.
[11]	刘晶, 朱炳旭, 梁佳杭, 任女尔, 季海鹏. 基于主侧链合作的区块链访问控制策略[J]. 计算机工程, 2022, 48(3): 10-16,22.
[12]	常硕, 张彦春. 基于袋外预测和扩展空间的随机森林改进算法[J]. 计算机工程, 2022, 48(3): 1-9.
[13]	崔景洋, 陈振国, 田立勤, 张光华. 基于机器学习的用户与实体行为分析技术综述[J]. 计算机工程, 2022, 48(2): 10-24.
[14]	杜欣欣, 胡晓辉, 赵佳楠. 一种软件定义车载自组织网络的QoS路由算法[J]. 计算机工程, 2022, 48(11): 184-191,200.
[15]	张稣荣, 卜佑军, 陈博, 孙重鑫, 王涵, 胡先君. 基于多层双向SRU与注意力模型的加密流量分类方法[J]. 计算机工程, 2022, 48(11): 127-136.

选择文件类型/文献管理软件名称

选择包含的内容