NL2024474B1 - A malicious node identification method based on the edge computing - Google Patents
A malicious node identification method based on the edge computing Download PDFInfo
- Publication number
- NL2024474B1 NL2024474B1 NL2024474A NL2024474A NL2024474B1 NL 2024474 B1 NL2024474 B1 NL 2024474B1 NL 2024474 A NL2024474 A NL 2024474A NL 2024474 A NL2024474 A NL 2024474A NL 2024474 B1 NL2024474 B1 NL 2024474B1
- Authority
- NL
- Netherlands
- Prior art keywords
- channel information
- sample set
- node
- edge computing
- channel
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/79—Radio fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
Abstract
This invention discloses A malicious node identification method based on the edge computing, which includes collecting channel information dataset of the kth node, generating an input sample set enhanced by average data augmentation algorithm, generating an output 5 sample set by average sample constructing, and constructing new channel information data to training and identification. In the present invention, the correlation between successively collected multi-frame channel information is used to construct a new channel response information vector, that is, to average two or more timeslot channel frequency response vectors to obtain some new channel response vectors. It overcomes the shortcomings of low 10 identification rate caused by insufficient data in channel information extraction, when proceeding the malicious node identification of channel characteristics.
Description
A malicious node identification method based on the edge computing Technical field The invention relates to the security computing of edge computing, and in particular to A malicious node identification method based on the edge computing.
Technical background Edge computing utilizes the characteristics of near-node deployment and proximity to IoT nodes to overcome long-distance transmission delays and computing loads in cloud computing and reduce network congestion in cloud computing centers.
It migrates some or all of the computing tasks of the original cloud computing model to the edge devices of the network, which cause the Internet of Things can better meet the needs of matching massive edge data, real-time nature, privacy protection, energy consumption, etc.
Therefore, edge computing has rich application scenarios, such as smart home, video surveillance, smart medical, intelligent transportation, unmanned factories, smart grid applications.
However, edge computing is close to many nodes, which deployed in various application scenarios.
They are terminals that collect data or execute commands from execution systems, which are very vulnerable to attacks due to their widespread distribution.
On the other hand, because of limited energy and computational storage, the weak security protection makes edge computing nodes face a series of security challenges, such as clone nodes and Sybil node attacks.
The principle of the clone node attack is that the attacker captures legal nodes in the network and obtains all their legal information.
A captured hardware node clones several hardware nodes with the same ID and key information, and places these cloned hardware nodes in the different locations of the network to launch the attack on edge computing devices, which caused the network to be paralyzed.
Sybil node attacks used a hardware node which carries a large number of captured IDs to implement a multi- network attack.
How to quickly and efficiently identify these malicious attacks and isolate the nodes has become the key to prevent malicious node attacks and improve the security of edge computing.
Because these attack methods adopt the method of capturing hardware nodes and possess the same ID and key information as legitimate nodes, traditional cryptographic security mechanisms cannot identify these attack methods.
The physical layer feature identification method utilizes the space-time uniqueness of wireless channel information, and identifies users by comparing the similarity of channel information between consecutive frames without the need for complicated upper-layer encryption operations. It has the advantages of fast and efficient, and is very suitable for resources restricted miniature terminal. However, in practical applications, the limited availability of channel information data makes it more time-consuming for feature extraction to have a certain amount of data. If the amount of data 1s insufficient, it can also lead to low identification accuracy, which affects the accuracy of identification. Invention contents The purpose of the present invention is to overcome the shortcomings of the prior art, and provide a method for identifying malicious nodes in edge computing. The method is the improvement of the method of identifying malicious nodes with their unique channel information characteristics in the packet transmission. The method of judging the location characteristics of each terminal in the edge system by using unique channel information requires a certain amount of channel information data to extract the channel characteristics. The currently adopted method is to extract channel information through channel estimation from the demodulated synchronization header. Insufficient channel characteristic data obtained in this way will result in low identification accuracy. This method uses the correlation between consecutive multi-frame channel information to construct a new channel response information vector. More specifically, two or more timeslot channel frequency response vectors are averaged to obtain a new channel response vector. It has the advantages of low computational complexity and high identification accuracy. The malicious node identification method in edge computing, comprising the following steps: S1: Collect the input sample set X, and output sample set ¥, of the k!! node channel information to constitute the k™ node channel information dataset D:D, ={X_Y,}, where X, = EK: LH HL |. Y,=[1,, 11], Hy represents the channel frequency response vector
M of the k™ node in time slot 7, N, denotes the number of channel frequency response of the k' node, , that is, the total number of time slots, I, = 0 0,---.0,1,0,- : ; Ae
S2: Generating an average data augmented input sample set X;'”' according to the input sample set X, obtained by channel information; $3: Generating an average sample constructed output sample set Y;'”* according to the output sample set ¥, obtained by channel information labels; S4: A new channel information dataset D:D "> ={X;" ¥"™} is constructed from the input sample set X;” and the output sample set ¥,*”*, using for the training of identification.
Furthermore, in the malicious node identification method in edge computing, the step S2 includes the following sub-steps: S21: Averaging the multiple input samples obtained by continuous multi-frame channel information ~ ~ 1 Ht . toget H; where H; => H, , 1<q,<N,, n+a,<N,; ao, HLT $22: Constructing the input sample set X;™, where X= |H LH HY H.-H |, M, denotes the number of channel information vectors after average data augmentation.
Furthermore, in the malicious node identification method in edge computing, the step S3 comprises constructing an output sample set Y;**, where Y/”! =[I,,I,,--.1,]. _
NÀ Furthermore, in the malicious node identification method in edge computing, the method of estimating node channel information adopts the Minimum Mean Square Error (MMSE) method or the Least Square (LS) method.
Furthermore, in the malicious node identification method in edge computing, the input sample set X, is a channel information matrix composed of channel frequency response vectors, and the output sample set Y, is label matrix composed of corresponding node labels.
Beneficial effects of the present invention: In the present invention, the correlation between successively collected multi-frame channel information is used to construct a new channel response information vector, that is, to average two or more timeslot channel frequency response vectors to obtain a new channel response vector. It overcomes the shortcomings of low identification rate caused by insufficient data in channel information extraction, when proceeding the malicious node identification of channel characteristics.
Figure description Figure 1 is a deep neural network model.
Figure 2 is a deep neural network-based channel frequency response malicious node identification model combined with data augmentation.
Figure 3 is a flowchart of the present invention.
Figure 4 is the identification accuracy of the present invention in a practical factory environment. Implementation details In order to have a clearer understanding of the technical features, objectives, and effects of the present invention, the technical solution of the present invention is further described in detail below in combination with the identification of malicious nodes by channel frequency response based on deep neural network. However, the scope of the present invention is not limited to the following.
As shown in Figure 1, the deep neural network has excellent fitting and classification capabilities, so the use of deep neural networks for malicious node recognition has good performance. However, when the dataset is relatively small, the deep neural network has its limitations, and the time correlation requirement of wireless channel information or some other restrictive requirements make the system unable to obtain a relatively large channel sample set. Then, it is very important to obtain enough datasets from the collection channel response in the relevant time. Data augmentation can regenerate the dataset from the existing dataset through some calculation operations. This is an effective way to extend the limited training dataset to implement neural network training and improve the identification rate.
As shown in Figure 2, in a feasible embodiment, a malicious node identification of channel frequency response method based on deep neural network combined with data augmentation is divided into two phases, namely a training phase and an authentication phase. There are three steps in the training phase: First, obtain the channel frequency response vector of the received signal of the known sending node and its corresponding label. Then, the data augmentation module is used to construct some new effective channel information vectors. In this embodiment, the effective channel information vectors are averaged by using two or more timeslot channel frequency response vectors to obtain new channel response vectors. The newly generated channel information vector and the original channel information vector have the same label, that is, they belong to the same node. Finally,
an input matrix composed of all channel information vectors and an output matrix composed of its corresponding labels are used to train a deep neural network.
Specifically, the method for constructing the new effective channel information vector is as follows: 5 As shown in Figure 3, in this embodiment, the malicious node identification method in edge computing includes the following steps: S1: Collect the input sample set X, and output sample set ¥, of the k™ node channel information to constitute the k™ node channel information dataset D:D ={X_Y,}, where X, = [A LH HN |, Y,=[I..1,,-- I]. Hy represents the channel frequency response vector _ a — Ne of the kf! node in time slot £, N, denotes the number of channel frequency response of the k'™ node, 7 that is, the total number of time slots, I, = 0 0,---,0,1,0,-- : : kJ S2: Generating an average data augmented input sample set X/'** according to the input sample set X, obtained by channel information; S3: Generating an average sample constructed output sample set ¥;** according to the output sample set ¥, obtained by channel information labels; S4: A new channel information dataset D:D = {X* ¥/™} is constructed from the input sample set X;* and the output sample set ¥"', using for the training of identification.
Specifically, the step S2 includes: Averaging the multiple input samples obtained by continuous a A 1 +c multi-frame channel information to get A, where H, = — 2H IS <N,, n+ta,<N, a, + =H Constructing the input sample set X;”*, where X/%* = |H LH HY HD Bs | M, denotes the number of channel information vectors after average data augmentation.
Specifically, the step S2 comprises constructing an output sample set ¥' where ri = [7 I.
I] —_ Ny +3,
As shown in Figure 4, it is the identification of malicious nodes in a multi-user dataset under dynamic conditions in a factory environment. Under the condition of two users, the recognition rate is more than 90%, which is about 5% higher than the existing results. The data augmentation achieves better recognition performance.
The basic principles, main features and the advantages of the present invention have been shown and described above. Those skilled in the art should understand that the present invention is not limited by the foregoing embodiments. What is described in the above embodiments and the description is only to explain the principles of the present invention. The present invention will also have various changes and improvements fall within the scope of the claimed invention. The scope of protection of the invention is defined by the appended claims and their equivalents.
Claims (5)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
NL2024474A NL2024474B1 (en) | 2019-12-17 | 2019-12-17 | A malicious node identification method based on the edge computing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
NL2024474A NL2024474B1 (en) | 2019-12-17 | 2019-12-17 | A malicious node identification method based on the edge computing |
Publications (1)
Publication Number | Publication Date |
---|---|
NL2024474B1 true NL2024474B1 (en) | 2020-10-15 |
Family
ID=70295978
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
NL2024474A NL2024474B1 (en) | 2019-12-17 | 2019-12-17 | A malicious node identification method based on the edge computing |
Country Status (1)
Country | Link |
---|---|
NL (1) | NL2024474B1 (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070021126A1 (en) * | 2005-07-25 | 2007-01-25 | Sanjiv Nanda | Method and apparatus for maintaining a fingerprint for a wireless network |
WO2013036794A1 (en) * | 2011-09-08 | 2013-03-14 | Drexel University | Reconfigurable antenna based solutions for device authentication and instrusion detection in wireless networks |
WO2016054626A1 (en) * | 2014-10-03 | 2016-04-07 | Nokomis, Inc. | Detection of malicious software, firmware, ip cores and circuitry via unintended emissions |
US20170251364A1 (en) * | 2015-08-19 | 2017-08-31 | University Of Electronic Science And Technology Of China | Cross-layer Authentication Method based on Radio Frequency Fingerprint |
-
2019
- 2019-12-17 NL NL2024474A patent/NL2024474B1/en active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070021126A1 (en) * | 2005-07-25 | 2007-01-25 | Sanjiv Nanda | Method and apparatus for maintaining a fingerprint for a wireless network |
WO2013036794A1 (en) * | 2011-09-08 | 2013-03-14 | Drexel University | Reconfigurable antenna based solutions for device authentication and instrusion detection in wireless networks |
WO2016054626A1 (en) * | 2014-10-03 | 2016-04-07 | Nokomis, Inc. | Detection of malicious software, firmware, ip cores and circuitry via unintended emissions |
US20170251364A1 (en) * | 2015-08-19 | 2017-08-31 | University Of Electronic Science And Technology Of China | Cross-layer Authentication Method based on Radio Frequency Fingerprint |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Chen et al. | Physical-layer security based mobile edge computing for emerging cyber physical systems | |
CN102202064B (en) | Method for extracting behavior characteristics of Trojan communication based on network data flow analysis | |
Babun et al. | Z-iot: Passive device-class fingerprinting of zigbee and z-wave iot devices | |
CN108965248B (en) | P2P botnet detection system and method based on traffic analysis | |
CN103491107B (en) | Wooden horse communication feature rapid extracting method based on network data flow bunch cluster | |
Zhang et al. | Modulated autocorrelation convolution networks for automatic modulation classification based on small sample set | |
Hou et al. | An intrusion tracking watermarking scheme | |
CN107968776B (en) | Dynamic attack surface transformation method based on bidirectional control function | |
CN111200600A (en) | Internet of things equipment flow sequence fingerprint feature extraction method | |
Chen et al. | A novel terminal security access method based on edge computing for IoT | |
Chetan et al. | A comprehensive survey on exiting solution approaches towards security and privacy requirements of IoT | |
NL2024474B1 (en) | A malicious node identification method based on the edge computing | |
CN114580011A (en) | Power facility security situation sensing method and system based on federal privacy training | |
LU101534B1 (en) | Data enhancement method of malicious node identification in the edge computing | |
CN110912906B (en) | Edge calculation malicious node identification method | |
Zhu et al. | Learning-empowered privacy preservation in beyond 5G edge intelligence networks | |
CN109787996B (en) | Camouflage attack detection method based on DQL algorithm in fog calculation | |
CN105099799A (en) | Botnet detection method and controller | |
CN110838913A (en) | Time type network covert channel detection method based on secret sharing | |
CN105049456A (en) | Covert communication method based on webpage link request | |
Lei et al. | Can Wavelet Transform Detect LDDoS Abnormal Traffic in Multipath TCP Transmission System? | |
Zhang et al. | The proactive defense of energy Internet terminals edge-access using the network topology autoassociation | |
Xu et al. | A Malicious Node Identification Method Based on Edge Computing | |
Wang et al. | Active defense by mimic association transmission in edge computing | |
Strelkovskaya et al. | Comparative analysis of the methods of wavelet-and spline-extrapolation in problems of predicting self-similar traffic |