CN115086019A - Industrial Internet of things physical layer data waveform feature intrusion detection method - Google Patents
Industrial Internet of things physical layer data waveform feature intrusion detection method Download PDFInfo
- Publication number
- CN115086019A CN115086019A CN202210666461.7A CN202210666461A CN115086019A CN 115086019 A CN115086019 A CN 115086019A CN 202210666461 A CN202210666461 A CN 202210666461A CN 115086019 A CN115086019 A CN 115086019A
- Authority
- CN
- China
- Prior art keywords
- physical layer
- data
- industrial internet
- things
- steps
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 36
- 238000000034 method Methods 0.000 claims abstract description 19
- 238000012549 training Methods 0.000 claims abstract description 17
- 239000013598 vector Substances 0.000 claims description 14
- 238000012360 testing method Methods 0.000 claims description 11
- 238000001914 filtration Methods 0.000 claims description 3
- 238000007781 pre-processing Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 abstract description 7
- 238000012545 processing Methods 0.000 abstract description 4
- 238000005070 sampling Methods 0.000 abstract description 4
- 238000000605 extraction Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000000630 rising effect Effects 0.000 description 2
- 230000002411 adverse Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/16—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Medical Informatics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Probability & Statistics with Applications (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Mathematical Optimization (AREA)
- Mathematical Analysis (AREA)
- General Physics & Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Algebra (AREA)
- Artificial Intelligence (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Databases & Information Systems (AREA)
- Evolutionary Computation (AREA)
- Software Systems (AREA)
- Alarm Systems (AREA)
Abstract
The invention provides a method for detecting intrusion of data waveform characteristics of an industrial Internet of things physical layer, which comprises the steps that a physical layer detector collects data waveform signals according to characteristics, the collected data are preprocessed, then the processed data and the training data set are transmitted to a database through a decision model, whether the data transmitted by the equipment is legal or not is judged, and further operation is decided according to the judgment result, the invention ensures the safe operation of the industrial Internet of things through intrusion detection based on the physical layer of the industrial Internet of things, safety detection is provided for the industrial Internet of things edge equipment by introducing a detection method of a physical layer based on data waveform characteristics, namely, a method for extracting dynamic characteristics of data transmission of a physical layer by adopting a channel electromagnetic waveform improves the accuracy of intrusion detection, and improving the sampling algorithm on data processing to adjust the number of the minority class samples to improve the misjudgment rate of detection.
Description
Technical Field
The invention relates to the technical field of industrial Internet of things safety, in particular to a data waveform characteristic intrusion detection method for an industrial Internet of things physical layer.
Background
The safety risk of the industrial Internet of things is far greater than that of the traditional Internet, and the safety risk is mainly reflected in terminal safety high-risk loopholes and insufficient terminal safety protection measures. Because the quantity of edge equipment in the industrial Internet of things is large, the types are multiple, the environment is complex, most resources are limited, and the industrial Internet of things is easy to be subjected to security threats such as counterfeit attacks, reverse engineering or IP hijacking. In recent years, industrial internet of things security events are in endless and show a continuously rising trend. The industrial internet of things brings new opportunity for global development and also brings potential safety hazards such as industrial core data leakage and illegal operation and control of an interconnection terminal. Due to the openness of the wireless communication medium, any illegal user can attack hardware or a physical medium so as to influence the normal communication of a physical layer;
the existing research aiming at intrusion detection of the physical layer of the industrial Internet of things still cannot well solve the problems of spool attack, malicious node identification, instability of electromagnetic signals of the physical layer, difficulty in extracting multidimensional characteristics and the like, and cannot meet the physical layer security requirement of a complex application scene of the industrial Internet of things. Extracting more features from weak physical electromagnetic signal waveforms with multiple environmental interference factors to construct the intrusion detection device suitable for the physical layer of the industrial internet of things is a current major challenge. In order to better prevent security threats brought by a physical layer, aiming at the problems of low intrusion detection feature extraction, low detection efficiency, high intrusion misjudgment and the like in the industrial Internet of things, a channel electromagnetic waveform is adopted to carry out dynamic feature extraction on data transmission of the physical layer, so that the accuracy of intrusion detection is improved, and a sampling algorithm is improved in data processing and is used for adjusting the number of a few types of samples to improve the misjudgment rate of detection.
Disclosure of Invention
In view of the above problems, the present invention provides an intrusion detection method for data waveform characteristics of physical layers of an industrial internet of things, which adopts a channel electromagnetic waveform to perform a dynamic characteristic extraction method for data transmission of the physical layers, so as to improve accuracy of intrusion detection, improve a sampling algorithm for data processing to adjust the number of a few types of samples to improve a detection misjudgment rate, and solve the problems in the prior art.
In order to realize the purpose of the invention, the invention is realized by the following technical scheme: a method for detecting intrusion of data waveform characteristics of an industrial Internet of things physical layer comprises the following steps:
the method comprises the following steps: the method comprises the following steps that a physical layer detector is arranged in a physical layer, when the physical layer continuously obtains data characteristic waveform signals, radio frequency signals of data sent by the Internet of things equipment are collected through the arranged physical layer detector, and a data set consisting of collected data is obtained;
step two: performing data preprocessing in a physical layer detector, namely filtering and normalizing the data set obtained in the step one by the physical layer detector;
step three: generating training and testing sets through the data detection platform, namely using the normalized data sets in the step two by the data detection platform
Generating a feature vector as a training and testing data set T;
step four: the physical layer detector stores the decision model and the data set in a legal radio frequency characteristic database;
step five: matching and identifying a group of detected feature vectors in a legal radio frequency feature database in the step five by the physical layer detector, and determining whether the detected feature vectors are legal or not according to matching and identifying results;
step six: and C, according to the result determined in the step five, the physical layer detector performs corresponding operation.
The further improvement lies in that: in the first step, a group of eigenvectors detected by all physical layer detectors are used as an intrusion detection input, and each eigenvector has an associated acceptance time and a data waveform identifier.
The further improvement lies in that: in the first step, the feature vector of the ith set of the ith terminal device is:
ξ i <l>T =(ξ 0 ,ξ 1 ,...,ξ N )
the L-time acquired data sets of the 1 st terminal device are:
ξ i <l>T =(ξ i <1>T ,ξ i <2>T ,...,ξ i <L>T ),l=(1,2,...,L)。
the further improvement lies in that: in the second step, the average value E (xi) is obtained according to the data set i <l>T ) And standard deviation of
From the data set
Deleting outliers therein, which will later be
And
is changed into
And
wherein m is 1,2<L。
The further improvement lies in that: in the third step, T is a training data set finally generated, and its expression is:
where M ═ M (1,2,.., M),y i ∈Υ={0,1}。
The further improvement lies in that: in the third step, the decision model is trained and tested according to the training and testing data set T, and then the trained decision model can be obtained.
The further improvement lies in that: in the sixth step, when the identification result is legal, the physical layer detector judges that the equipment is legal and agrees to the access request.
The further improvement lies in that: in the sixth step, when the identification result is illegal, the physical layer detector judges that the equipment is illegal, rejects the access request and sends alarm information.
The beneficial effects of the invention are as follows: the data waveform characteristic intrusion detection method for the physical layer of the industrial Internet of things ensures the safe operation of the industrial Internet of things through intrusion detection based on the physical layer of the industrial Internet of things, safety detection is provided for the industrial Internet of things edge equipment by introducing a detection method of a physical layer based on data waveform characteristics, namely, a method for extracting dynamic characteristics of data transmission of a physical layer by adopting a channel electromagnetic waveform improves the accuracy of intrusion detection, and improving the sampling algorithm on data processing for adjusting the number of the minority class samples to improve the misjudgment rate of detection, meanwhile, the physical layer transmission waveform is applied to the dynamic intrusion detection method of the industrial Internet of things, the acquisition and detection of the data transmission waveform of the physical layer are organically combined with the industrial Internet of things by depending on the terminal-edge architecture of the industrial Internet of things, and the data safety of the node user is protected on the premise of ensuring the training efficiency.
Drawings
FIG. 1 is a schematic of the process of the present invention.
Detailed Description
In order to further understand the present invention, the following detailed description will be made with reference to the following examples, which are only used for explaining the present invention and are not to be construed as limiting the scope of the present invention.
As shown in fig. 1, the embodiment provides an intrusion detection method for data waveform characteristics of a physical layer of an industrial internet of things, which includes the following steps:
the method comprises the following steps: the physical layer detector is arranged in the physical layer, when the physical layer continuously acquires data characteristic waveform signals, radio frequency signals of data transmitted by the Internet of things equipment are collected through the arranged physical layer detector, namely the physical layer detector continuously collects the radio frequency characteristic signals of data transmitted by the IoT equipment with data waveforms, the inherent data waveform characteristics such as frequency offset or rising edge time of the waveform can be changed due to low signal intensity of data transmission, false intrusion alarm is caused, adverse effects caused by low signal intensity can be relieved by using multiple measurements of each inherent characteristic from different antennas or detectors, a data set consisting of collected data is obtained, a group of characteristic vectors detected by all the physical layer detectors serve as intrusion detection input, each characteristic vector has an associated acceptance time and a data waveform identifier, (ii) a
The feature vector of the ith set of terminal devices is:
ξ i <l>T =(ξ 0 ,ξ 1 ,...,ξ N )
the L-time acquired data sets of the 1 st terminal device are:
ξ i <l>T =(ξ i <1>T ,ξ i <2>T ,...,ξ i <L>T ),l=(1,2,...,L);
step two: performing data preprocessing in the physical layer detector, namely filtering and normalizing the data set obtained in the step one by the physical layer detector, and acquiring an average value E (xi) according to the data set i <l>T ) And standard deviation of
From the data set
Deleting outliers therein, which will later be
And
is changed into
And
wherein m is 1,2<L;
In turn, the user can then,
is renormalized to a new value, which is expressed as:
then, will
And
the method is changed as follows:
in the formula, i is represented as the ith edge terminal device of the industrial Internet of things, T is a training data set, N is a discrete point of signal acquisition, and sigma is a standard deviation;
step three: generating training and testing sets through the data detection platform, namely using the normalized data sets in the step two by the data detection platform
The feature vectors are generated as training and testing data sets T, as follows:
T is the training data set which is finally generated, and the expression is as follows:
wherein M ═ 1,2,. multidot.m), y i ∈Υ={0,1};
Continuously carrying out iterative training and testing on the decision model according to the training and testing data set T, obtaining the trained decision model after certain training and testing, and then carrying out subsequent matching and identification by using the trained decision model;
step four: the physical layer detector stores the trained decision model and the trained data set in a legal radio frequency characteristic database, so that subsequent calling is facilitated, namely, the trained decision model is used for transmitting the processed data and the trained data set to the legal radio frequency characteristic database, and judging whether the data transmitted by the equipment is legal or not;
step five: matching and identifying a group of detected feature vectors in a legal radio frequency feature database in the step five by the physical layer detector, and determining whether the detected feature vectors are legal or not according to matching and identifying results;
step six: and C, according to the result determined in the step five, the physical layer detector performs corresponding operation, when the identification result is legal, the physical layer detector judges that the equipment is legal and agrees with the access request, and when the identification result is illegal, the physical layer detector judges that the equipment is illegal and refuses the access request, and meanwhile, alarm information is sent out.
The foregoing illustrates and describes the principles, general features, and advantages of the present invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (8)
1. A data waveform characteristic intrusion detection method for an industrial Internet of things physical layer is characterized by comprising the following steps: the method comprises the following steps:
the method comprises the following steps: the method comprises the following steps that a physical layer detector is arranged in a physical layer, when the physical layer continuously obtains data characteristic waveform signals, radio frequency signals of data sent by the Internet of things equipment are collected through the arranged physical layer detector, and a data set consisting of collected data is obtained;
step two: performing data preprocessing in a physical layer detector, namely filtering and normalizing the data set obtained in the step one by the physical layer detector;
step three: generating training and testing sets through the data detection platform, namely using the normalized data sets in the step two by the data detection platform
Generating a feature vector as a training and testing data set T;
step four: the physical layer detector stores the decision model and the data set in a legal radio frequency characteristic database;
step five: matching and identifying a group of detected feature vectors in a legal radio frequency feature database in the step five by the physical layer detector, and determining whether the detected feature vectors are legal or not according to matching and identifying results;
step six: and C, according to the result determined in the step five, the physical layer detector performs corresponding operation.
2. The method for detecting intrusion of data waveform characteristics of the physical layer of the industrial internet of things according to claim 1, characterized by comprising the following steps: in the first step, a group of eigenvectors detected by all physical layer detectors are used as an intrusion detection input, and each eigenvector has an associated acceptance time and a data waveform identifier.
3. The method for detecting intrusion of data waveform characteristics of the physical layer of the industrial internet of things according to claim 1, characterized by comprising the following steps: in the first step, the feature vector of the ith set of the ith terminal device is:
the L-time acquired data sets of the 1 st terminal device are:
4. the method for detecting intrusion of data waveform characteristics of the physical layer of the industrial internet of things according to claim 1, characterized by comprising the following steps: in the second step, the average value is obtained according to the data set
And standard deviation of
From the data set
Deleting outliers therein, which will later be
And
is changed into
And
wherein m is 1,2<L。
5. The method for detecting intrusion of data waveform characteristics of the physical layer of the industrial internet of things according to claim 1, characterized by comprising the following steps: in the third step, T is a training data set finally generated, and its expression is:
wherein M ═ 1,2,. multidot.m), y i ∈Υ={0,1}。
6. The method for detecting intrusion of data waveform characteristics of the physical layer of the industrial internet of things according to claim 1, characterized by comprising the following steps: in the third step, the decision model is trained and tested according to the training and testing data set T, and then the trained decision model can be obtained.
7. The method for detecting intrusion of data waveform characteristics of the physical layer of the industrial internet of things according to claim 1, characterized by comprising the following steps: in the sixth step, when the identification result is legal, the physical layer detector judges that the equipment is legal and agrees to the access request.
8. The method for detecting intrusion of data waveform characteristics of the physical layer of the industrial internet of things according to claim 1, characterized by comprising the following steps: in the sixth step, when the identification result is illegal, the physical layer detector judges that the equipment is illegal, rejects the access request and sends alarm information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210666461.7A CN115086019A (en) | 2022-06-14 | 2022-06-14 | Industrial Internet of things physical layer data waveform feature intrusion detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210666461.7A CN115086019A (en) | 2022-06-14 | 2022-06-14 | Industrial Internet of things physical layer data waveform feature intrusion detection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115086019A true CN115086019A (en) | 2022-09-20 |
Family
ID=83251646
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210666461.7A Pending CN115086019A (en) | 2022-06-14 | 2022-06-14 | Industrial Internet of things physical layer data waveform feature intrusion detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115086019A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107506790A (en) * | 2017-08-07 | 2017-12-22 | 西京学院 | Greenhouse winter jujube plant disease prevention model based on agriculture Internet of Things and depth belief network |
| CN112203282A (en) * | 2020-08-28 | 2021-01-08 | 中国科学院信息工程研究所 | 5G Internet of things intrusion detection method and system based on federal transfer learning |
| US20210203568A1 (en) * | 2019-12-28 | 2021-07-01 | Picovista Innovation Corp. | Method and Apparatus for Topology Discovery Enabled Intrusion Detection |
| CN113449837A (en) * | 2020-11-12 | 2021-09-28 | 江西理工大学 | Intrusion detection method, system, equipment and readable storage medium |
| CN113794683A (en) * | 2021-08-06 | 2021-12-14 | 四川大学 | Industrial Internet of things intrusion detection method, device, equipment and storage medium |
-
2022
- 2022-06-14 CN CN202210666461.7A patent/CN115086019A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107506790A (en) * | 2017-08-07 | 2017-12-22 | 西京学院 | Greenhouse winter jujube plant disease prevention model based on agriculture Internet of Things and depth belief network |
| US20210203568A1 (en) * | 2019-12-28 | 2021-07-01 | Picovista Innovation Corp. | Method and Apparatus for Topology Discovery Enabled Intrusion Detection |
| CN112203282A (en) * | 2020-08-28 | 2021-01-08 | 中国科学院信息工程研究所 | 5G Internet of things intrusion detection method and system based on federal transfer learning |
| CN113449837A (en) * | 2020-11-12 | 2021-09-28 | 江西理工大学 | Intrusion detection method, system, equipment and readable storage medium |
| CN113794683A (en) * | 2021-08-06 | 2021-12-14 | 四川大学 | Industrial Internet of things intrusion detection method, device, equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 党小超等: "一张新的入侵检测报警关联分析方法", 知网, 30 November 2010 (2010-11-30) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Nie et al. | UAV detection and identification based on WiFi signal and RF fingerprint | |
| CN104135327B (en) | frequency spectrum sensing method based on support vector machine | |
| Wang et al. | Deep neural networks for CSI-based authentication | |
| CN110929842B (en) | Accurate intelligent detection method for non-cooperative radio signal burst time region | |
| WO2018139887A1 (en) | Method and device for adaptively configuring threshold for object detection by means of radar | |
| Chen et al. | Identification of wireless transceiver devices using radio frequency (RF) fingerprinting based on STFT analysis to enhance authentication security | |
| CN110856178B (en) | Behavior identification method based on wireless network physical layer IQ signal | |
| CN110968845A (en) | Detection method for LSB steganography based on convolutional neural network generation | |
| CN112733954A (en) | Abnormal traffic detection method based on generation countermeasure network | |
| Guo et al. | Survey of mobile device authentication methods based on RF fingerprint | |
| Bassey et al. | Device authentication codes based on RF fingerprinting using deep learning | |
| Wang et al. | Specific emitter identification based on deep adversarial domain adaptation | |
| CN108199757B (en) | A method of it is invaded using channel state information detection consumer level unmanned plane | |
| Zhang et al. | Data augmentation aided few-shot learning for specific emitter identification | |
| CN111934797B (en) | Collaborative spectrum sensing method based on covariance eigenvalue and mean shift clustering | |
| CN106877901B (en) | A kind of detection method of low noise than direct sequence signal | |
| CN115086019A (en) | Industrial Internet of things physical layer data waveform feature intrusion detection method | |
| CN110910271B (en) | Power terminal fingerprint construction method based on power consumption and EMI | |
| CN110837028B (en) | Method for rapidly identifying partial discharge mode | |
| CN109598216A (en) | A kind of radio-frequency fingerprint feature extracting method based on convolution | |
| CN112489330B (en) | Warehouse anti-theft alarm method | |
| KR102182675B1 (en) | Wireless device identification method and system using machine learning | |
| CN110298204B (en) | ASIC chip hardware Trojan diagnosis method based on temperature field time-space effect | |
| CN114759991B (en) | Cyclostationary signal detection and modulation identification method based on visibility graph | |
| Wu et al. | Detecting obfuscated suspicious JavaScript based on collaborative training |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |