CN115086019B - Industrial Internet of things physical layer data waveform characteristic intrusion detection method - Google Patents
Industrial Internet of things physical layer data waveform characteristic intrusion detection method Download PDFInfo
- Publication number
- CN115086019B CN115086019B CN202210666461.7A CN202210666461A CN115086019B CN 115086019 B CN115086019 B CN 115086019B CN 202210666461 A CN202210666461 A CN 202210666461A CN 115086019 B CN115086019 B CN 115086019B
- Authority
- CN
- China
- Prior art keywords
- physical layer
- data
- industrial internet
- data set
- things
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 33
- 238000012549 training Methods 0.000 claims abstract description 20
- 238000007781 pre-processing Methods 0.000 claims abstract description 4
- 239000013598 vector Substances 0.000 claims description 18
- 238000012360 testing method Methods 0.000 claims description 13
- 238000000034 method Methods 0.000 claims description 10
- 230000008859 change Effects 0.000 claims description 5
- 238000001914 filtration Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 abstract description 8
- 230000006872 improvement Effects 0.000 description 6
- 238000000605 extraction Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 238000005070 sampling Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000000630 rising effect Effects 0.000 description 2
- 230000002411 adverse Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Abstract
The invention provides an industrial Internet of things physical layer data waveform characteristic intrusion detection method, which comprises the steps of collecting data characteristic waveform signals by a physical layer detector, preprocessing the collected data, transmitting the processed data and training data set into a database through a decision model, judging whether equipment transmission data is legal or not, and deciding further operation according to a judgment result.
Description
Technical Field
The invention relates to the technical field of industrial Internet of things security, in particular to an industrial Internet of things physical layer data waveform characteristic intrusion detection method.
Background
The safety risk of the industrial Internet of things is far greater than that of the traditional Internet, and the safety risk is mainly represented by terminal safety high-risk loopholes and terminal safety protection measures. As the industrial Internet of things has large number of edge devices, various types and complex environments, and most of the resources are limited, the industrial Internet of things is easy to be subjected to security threats such as counterfeit attack, reverse engineering or IP hijacking. In recent years, industrial Internet of things security event layers are endless and show a continuous rising trend. The industrial Internet of things brings new opportunities for global development and brings potential safety hazards such as industrial core data leakage and illegal control of interconnection terminals. Because of the openness of the wireless communication medium, any illegal user can attack the hardware or the physical medium to influence the normal communication of the physical layer;
The existing research on intrusion detection of the physical layer of the industrial Internet of things still can not well solve the problems of spooling attack, malicious node identification, unstable electromagnetic signals of the physical layer, difficulty in extracting multidimensional features and the like, and cannot meet the physical layer security requirement of complex industrial Internet of things application scenes. The construction of the physical layer intrusion detection method by extracting more features from the physical electromagnetic signal waveforms with multiple and weak environmental interference factors is a great challenge currently faced by the industrial Internet of things. Aiming at the problems of low intrusion detection characteristic extraction, low detection efficiency, high intrusion misjudgment and the like in the industrial Internet of things, the invention provides an industrial Internet of things physical layer waveform characteristic intrusion detection method for solving the problems in the prior art by adopting a channel electromagnetic waveform to carry out dynamic characteristic extraction on physical layer data transmission, improving the accuracy of intrusion detection and improving a sampling algorithm on data processing for adjusting the number of few types of samples to improve the misjudgment rate of detection.
Disclosure of Invention
Aiming at the problems, the invention aims to provide the method for detecting the characteristic intrusion of the physical layer data waveform of the industrial Internet of things, which adopts a channel electromagnetic waveform to carry out a dynamic characteristic extraction method on the physical layer data transmission, improves the accuracy of intrusion detection, improves a sampling algorithm on data processing and is used for adjusting the number of few types of samples to improve the misjudgment rate of detection, and solves the problems in the prior art.
In order to achieve the purpose of the invention, the invention is realized by the following technical scheme: the physical layer data waveform characteristic intrusion detection method of the industrial Internet of things comprises the following steps:
Step one: physical layer detectors are arranged in the physical layer, and when the physical layer continuously acquires data characteristic waveform signals, radio frequency signals of data sent by the Internet of things equipment are collected through the arranged physical layer detectors, and a data set consisting of the collected data is obtained;
Step two: performing data preprocessing in the physical layer detector, namely filtering and normalizing the data set obtained in the step one through the physical layer detector;
step three: generating a training and testing data set T through a data detection platform, namely using the normalized data set in the second step by the data detection platform And generating a feature vector as a training and testing data set T, wherein in the third step, T is a finally generated training data set, and the expression is as follows:
Where m= (1, 2, …, M), y i e y= {0,1};
Step four: the physical layer detector stores the decision model and the data set in a legal radio frequency characteristic database;
step five: matching and identifying a group of detected feature vectors in the legal radio frequency feature database in the fourth step by a physical layer detector, and determining whether the feature vectors are legal or not according to the matching and identifying results;
step six: and according to the result of the determination in the step five, the physical layer detector performs corresponding operation.
The further improvement is that: in the first step, a set of feature vectors detected by all physical layer detectors is used as intrusion detection input, each feature vector having an associated time of acceptance and data waveform identifier.
The further improvement is that: in the first step, the feature vector of the first set of the ith terminal equipment is:
ξi <l>T=(ξ0,ξ1,...,ξN)
the data set collected by the 1 st terminal device for L times is:
ξi <l>T=(ξi <1>T,ξi <2>T,...,ξi <L>T),l=(1,2,...,L).
The further improvement is that: in the second step, the average value E (ζ i <l>T) and the standard deviation are obtained according to the data set From the dataset/>To delete outliers, then will/>And/>Change to/>AndWhere m=1, 2,.. M M < L.
The further improvement is that: in the third step, training and testing are carried out on the decision model according to the training and testing data set T, and then a trained decision model is obtained.
The further improvement is that: in the sixth step, when the identification result is legal, the physical layer detector determines that the device is legal, and grants the access request.
The further improvement is that: in the sixth step, when the identification result is illegal, the physical layer detector judges that the equipment is illegal, and refuses the access request, and at the same time, sends out alarm information.
The beneficial effects of the invention are as follows: the physical layer data waveform characteristic intrusion detection method of the industrial Internet of things ensures the safe operation of the industrial Internet of things through intrusion detection based on the physical layer of the industrial Internet of things, provides safety detection for industrial Internet of things edge equipment by introducing a detection method based on the data waveform characteristic of the physical layer, namely adopts a channel electromagnetic waveform to carry out dynamic characteristic extraction method on physical layer data transmission, improves the accuracy of intrusion detection, improves a sampling algorithm on data processing to adjust the number of few types of samples so as to improve the false judgment rate of detection, and simultaneously applies the physical layer transmission waveform to the industrial Internet of things dynamic intrusion detection method, organically combines the physical layer data transmission waveform acquisition and detection with the industrial Internet of things by depending on the terminal-edge architecture of the industrial Internet of things, and protects the data safety of node users on the premise of ensuring training efficiency.
Drawings
FIG. 1 is a schematic representation of the process of the present invention.
Detailed Description
The present invention will be further described in detail with reference to the following examples, which are only for the purpose of illustrating the invention and are not to be construed as limiting the scope of the invention.
According to the embodiment shown in fig. 1, an intrusion detection method for waveform characteristics of physical layer data of an industrial internet of things is provided, which comprises the following steps:
Step one: physical layer detectors are arranged in the physical layer, when the physical layer continuously acquires data characteristic waveform signals, the physical layer detectors are arranged to collect radio frequency signals of data transmitted by the internet of things device, namely the physical layer detectors continuously collect radio frequency characteristic signals of data transmitted by the IoT device with data waveforms, and as low signal intensity of data transmission can change inherent data waveform characteristics such as frequency offset or rising edge time of waveforms, false intrusion alarms are caused, adverse effects caused by low signal intensity can be relieved by using multiple measurement of each inherent characteristic from different antennas or detectors, and then a data set consisting of collected data is obtained, and a group of characteristic vectors detected by all the physical layer detectors are used as intrusion detection input, wherein each characteristic vector has an associated receiving time and data waveform identifier;
the feature vector of the first set of the i-th terminal device is:
ξi <l>T=(ξ0,ξ1,...,ξN)
the data set collected by the 1 st terminal device for L times is:
ξi <l>T=(ξi <1>T,ξi <2>T,...,ξi <L>T),l=(1,2,...,L);
Step two: data preprocessing in the physical layer detector, namely filtering and normalizing the data set obtained in the step one by the physical layer detector, and obtaining an average value E (ζ i <l>T) and a standard deviation according to the data set From the dataset/>To delete outliers, then will/>And/>Altered to ζ i <m>T=(ξ0,ξ1,...,ξN) andWherein m=1, 2,.,. M M < L;
then, the process is carried out, Is renormalized to a new value, expressed as:
then, will And/>The modification is as follows:
in the formula, i is represented as an ith edge terminal device of the industrial Internet of things, T is a training data set, N is a discrete point of signal acquisition, and sigma is a standard deviation;
step three: generating a training and testing data set T through a data detection platform, namely using the normalized data set in the second step by the data detection platform Feature vectors are generated as training and test data sets T as follows:
Change to/> Then
Change to/>Then
T is the training dataset that is ultimately generated, and its expression is:
Where m= (1, 2, …, M), y i e y= {0,1};
According to the training and testing data set T, iterative training and testing are continuously carried out on the decision model, after certain training and testing are carried out, a trained decision model can be further obtained, and then subsequent matching and recognition can be carried out by utilizing the trained decision model;
step four: the physical layer detector stores the trained decision model and the data set in a legal radio frequency characteristic database, so that subsequent calling is facilitated, namely the processed data and the training data set are transmitted to the legal radio frequency characteristic database through the trained decision model, and whether the transmission data of the equipment is legal or not is judged;
step five: matching and identifying a group of detected feature vectors in the legal radio frequency feature database in the fourth step by a physical layer detector, and determining whether the feature vectors are legal or not according to the matching and identifying results;
Step six: and step five, according to the determined result, the physical layer detector performs corresponding operation, when the identified result is legal, the physical layer detector judges that the physical layer detector is legal equipment and agrees with the access request, and when the identified result is illegal, the physical layer detector judges that the physical layer detector is illegal equipment and refuses the access request, and meanwhile, alarm information is sent out.
The foregoing has shown and described the basic principles, principal features and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and that the above embodiments and descriptions are merely illustrative of the principles of the present invention, and various changes and modifications may be made without departing from the spirit and scope of the invention, which is defined in the appended claims. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (7)
1. A physical layer data waveform characteristic intrusion detection method of an industrial Internet of things is characterized in that: the method comprises the following steps:
Step one: physical layer detectors are arranged in the physical layer, and when the physical layer continuously acquires data characteristic waveform signals, radio frequency signals of data sent by the Internet of things equipment are collected through the arranged physical layer detectors, and a data set consisting of the collected data is obtained;
Step two: performing data preprocessing in the physical layer detector, namely filtering and normalizing the data set obtained in the step one through the physical layer detector;
step three: generating a training and testing data set T through a data detection platform, namely using the normalized data set in the second step by the data detection platform And generating a feature vector as a training and testing data set T, wherein in the third step, T is a finally generated training data set, and the expression is as follows:
Where m= (1, 2, …, M), y i e y= {0,1};
Step four: the physical layer detector stores the decision model and the data set in a legal radio frequency characteristic database;
step five: matching and identifying a group of detected feature vectors in the legal radio frequency feature database in the fourth step by a physical layer detector, and determining whether the feature vectors are legal or not according to the matching and identifying results;
step six: and according to the result of the determination in the step five, the physical layer detector performs corresponding operation.
2. The method for detecting the intrusion of the physical layer data waveform characteristics of the industrial internet of things according to claim 1, which is characterized in that: in the first step, a set of feature vectors detected by all physical layer detectors is used as intrusion detection input, each feature vector having an associated time of acceptance and data waveform identifier.
3. The method for detecting the intrusion of the physical layer data waveform characteristics of the industrial internet of things according to claim 1, which is characterized in that: in the first step, the feature vector of the first set of the ith terminal equipment is:
ξi <l>T=(ξ0,ξ1,…,ξN)
the data set collected by the 1 st terminal device for L times is:
ξi <l>T=(ξi <1>T,ξi <2>T,...,ξi <L>T),l=(1,2,...,L).
4. The method for detecting the intrusion of the physical layer data waveform characteristics of the industrial internet of things according to claim 1, which is characterized in that: in the second step, the average value E (ζ i <l>T) and the standard deviation are obtained according to the data set From the dataset/>To delete outliers, then will/>And/>Change to/>And/>Where m=1, 2,..m, M < L.
5. The method for detecting the intrusion of the physical layer data waveform characteristics of the industrial internet of things according to claim 1, which is characterized in that: in the third step, training and testing are carried out on the decision model according to the training and testing data set T, and then a trained decision model is obtained.
6. The method for detecting the intrusion of the physical layer data waveform characteristics of the industrial internet of things according to claim 1, which is characterized in that: in the sixth step, when the identification result is legal, the physical layer detector determines that the device is legal, and grants the access request.
7. The method for detecting the intrusion of the physical layer data waveform characteristics of the industrial internet of things according to claim 1, which is characterized in that: in the sixth step, when the identification result is illegal, the physical layer detector judges that the equipment is illegal, and refuses the access request, and at the same time, sends out alarm information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210666461.7A CN115086019B (en) | 2022-06-14 | Industrial Internet of things physical layer data waveform characteristic intrusion detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210666461.7A CN115086019B (en) | 2022-06-14 | Industrial Internet of things physical layer data waveform characteristic intrusion detection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115086019A CN115086019A (en) | 2022-09-20 |
| CN115086019B true CN115086019B (en) | 2024-06-04 |
Family
ID=
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107506790A (en) * | 2017-08-07 | 2017-12-22 | 西京学院 | Greenhouse winter jujube plant disease prevention model based on agriculture Internet of Things and depth belief network |
| CN112203282A (en) * | 2020-08-28 | 2021-01-08 | 中国科学院信息工程研究所 | 5G Internet of things intrusion detection method and system based on federal transfer learning |
| CN113449837A (en) * | 2020-11-12 | 2021-09-28 | 江西理工大学 | Intrusion detection method, system, equipment and readable storage medium |
| CN113794683A (en) * | 2021-08-06 | 2021-12-14 | 四川大学 | Industrial Internet of things intrusion detection method, device, equipment and storage medium |
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107506790A (en) * | 2017-08-07 | 2017-12-22 | 西京学院 | Greenhouse winter jujube plant disease prevention model based on agriculture Internet of Things and depth belief network |
| CN112203282A (en) * | 2020-08-28 | 2021-01-08 | 中国科学院信息工程研究所 | 5G Internet of things intrusion detection method and system based on federal transfer learning |
| CN113449837A (en) * | 2020-11-12 | 2021-09-28 | 江西理工大学 | Intrusion detection method, system, equipment and readable storage medium |
| CN113794683A (en) * | 2021-08-06 | 2021-12-14 | 四川大学 | Industrial Internet of things intrusion detection method, device, equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 一张新的入侵检测报警关联分析方法;党小超等;知网;20101130;全文 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104135327B (en) | frequency spectrum sensing method based on support vector machine | |
| CN113283476B (en) | Internet of things network intrusion detection method | |
| CN107979842B (en) | A kind of mobile phone individual discrimination method based on bispectrum feature and deep learning | |
| CN109922065B (en) | Quick identification method for malicious website | |
| CN112732748B (en) | Non-invasive household appliance load identification method based on self-adaptive feature selection | |
| CN110929842B (en) | Accurate intelligent detection method for non-cooperative radio signal burst time region | |
| CN113094707B (en) | Lateral movement attack detection method and system based on heterogeneous graph network | |
| Chen et al. | Identification of wireless transceiver devices using radio frequency (RF) fingerprinting based on STFT analysis to enhance authentication security | |
| WO2018139887A1 (en) | Method and device for adaptively configuring threshold for object detection by means of radar | |
| CN110856178B (en) | Behavior identification method based on wireless network physical layer IQ signal | |
| WO2021012859A1 (en) | Spectrum sensing method based on symmetric peaks of cyclic autocorrelation function of modulation signal | |
| CN114143040A (en) | Confrontation signal detection method based on multi-channel feature reconstruction | |
| CN112733954A (en) | Abnormal traffic detection method based on generation countermeasure network | |
| CN116437355A (en) | Radio frequency fingerprint-based wireless equipment identity authentication method and device | |
| Wang et al. | Specific emitter identification based on deep adversarial domain adaptation | |
| CN115086019B (en) | Industrial Internet of things physical layer data waveform characteristic intrusion detection method | |
| CN111934797B (en) | Collaborative spectrum sensing method based on covariance eigenvalue and mean shift clustering | |
| CN106877901A (en) | A kind of detection method of low noise than direct sequence signal | |
| CN115086019A (en) | Industrial Internet of things physical layer data waveform feature intrusion detection method | |
| CN116192530A (en) | Unknown threat self-adaptive detection method based on deceptive defense | |
| Ji | Malicious Intrusion Data Mining Algorithm of Wireless Personal Communication Network Supported by Legal Big Data | |
| CN112489330B (en) | Warehouse anti-theft alarm method | |
| Hao et al. | Contrastive self-supervised clustering for specific emitter identification | |
| CN115842645A (en) | UMAP-RF-based network attack traffic detection method and device and readable storage medium | |
| Huang et al. | Research on Malicious URL Identification and Analysis for Network Security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |