NL2024474B1 - A malicious node identification method based on the edge computing - Google Patents

A malicious node identification method based on the edge computing Download PDF

Info

Publication number
NL2024474B1
NL2024474B1 NL2024474A NL2024474A NL2024474B1 NL 2024474 B1 NL2024474 B1 NL 2024474B1 NL 2024474 A NL2024474 A NL 2024474A NL 2024474 A NL2024474 A NL 2024474A NL 2024474 B1 NL2024474 B1 NL 2024474B1
Authority
NL
Netherlands
Prior art keywords
channel information
sample set
node
edge computing
channel
Prior art date
Application number
NL2024474A
Other languages
Dutch (nl)
Inventor
Xu Aidong
Wen Hong
Jiang Yixin
Liao Runfa
Zhang Yunan
Original Assignee
Electric Power Res Institute China Southern Power Grid Co Ltd
Univ Electronic Sci & Tech China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electric Power Res Institute China Southern Power Grid Co Ltd, Univ Electronic Sci & Tech China filed Critical Electric Power Res Institute China Southern Power Grid Co Ltd
Priority to NL2024474A priority Critical patent/NL2024474B1/en
Application granted granted Critical
Publication of NL2024474B1 publication Critical patent/NL2024474B1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/79Radio fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information

Abstract

This invention discloses A malicious node identification method based on the edge computing, which includes collecting channel information dataset of the kth node, generating an input sample set enhanced by average data augmentation algorithm, generating an output 5 sample set by average sample constructing, and constructing new channel information data to training and identification. In the present invention, the correlation between successively collected multi-frame channel information is used to construct a new channel response information vector, that is, to average two or more timeslot channel frequency response vectors to obtain some new channel response vectors. It overcomes the shortcomings of low 10 identification rate caused by insufficient data in channel information extraction, when proceeding the malicious node identification of channel characteristics.

Description

A malicious node identification method based on the edge computing Technical field The invention relates to the security computing of edge computing, and in particular to A malicious node identification method based on the edge computing.
Technical background Edge computing utilizes the characteristics of near-node deployment and proximity to IoT nodes to overcome long-distance transmission delays and computing loads in cloud computing and reduce network congestion in cloud computing centers.
It migrates some or all of the computing tasks of the original cloud computing model to the edge devices of the network, which cause the Internet of Things can better meet the needs of matching massive edge data, real-time nature, privacy protection, energy consumption, etc.
Therefore, edge computing has rich application scenarios, such as smart home, video surveillance, smart medical, intelligent transportation, unmanned factories, smart grid applications.
However, edge computing is close to many nodes, which deployed in various application scenarios.
They are terminals that collect data or execute commands from execution systems, which are very vulnerable to attacks due to their widespread distribution.
On the other hand, because of limited energy and computational storage, the weak security protection makes edge computing nodes face a series of security challenges, such as clone nodes and Sybil node attacks.
The principle of the clone node attack is that the attacker captures legal nodes in the network and obtains all their legal information.
A captured hardware node clones several hardware nodes with the same ID and key information, and places these cloned hardware nodes in the different locations of the network to launch the attack on edge computing devices, which caused the network to be paralyzed.
Sybil node attacks used a hardware node which carries a large number of captured IDs to implement a multi- network attack.
How to quickly and efficiently identify these malicious attacks and isolate the nodes has become the key to prevent malicious node attacks and improve the security of edge computing.
Because these attack methods adopt the method of capturing hardware nodes and possess the same ID and key information as legitimate nodes, traditional cryptographic security mechanisms cannot identify these attack methods.
The physical layer feature identification method utilizes the space-time uniqueness of wireless channel information, and identifies users by comparing the similarity of channel information between consecutive frames without the need for complicated upper-layer encryption operations. It has the advantages of fast and efficient, and is very suitable for resources restricted miniature terminal. However, in practical applications, the limited availability of channel information data makes it more time-consuming for feature extraction to have a certain amount of data. If the amount of data 1s insufficient, it can also lead to low identification accuracy, which affects the accuracy of identification. Invention contents The purpose of the present invention is to overcome the shortcomings of the prior art, and provide a method for identifying malicious nodes in edge computing. The method is the improvement of the method of identifying malicious nodes with their unique channel information characteristics in the packet transmission. The method of judging the location characteristics of each terminal in the edge system by using unique channel information requires a certain amount of channel information data to extract the channel characteristics. The currently adopted method is to extract channel information through channel estimation from the demodulated synchronization header. Insufficient channel characteristic data obtained in this way will result in low identification accuracy. This method uses the correlation between consecutive multi-frame channel information to construct a new channel response information vector. More specifically, two or more timeslot channel frequency response vectors are averaged to obtain a new channel response vector. It has the advantages of low computational complexity and high identification accuracy. The malicious node identification method in edge computing, comprising the following steps: S1: Collect the input sample set X, and output sample set ¥, of the k!! node channel information to constitute the k™ node channel information dataset D:D, ={X_Y,}, where X, = EK: LH HL |. Y,=[1,, 11], Hy represents the channel frequency response vector
M of the k™ node in time slot 7, N, denotes the number of channel frequency response of the k' node, , that is, the total number of time slots, I, = 0 0,---.0,1,0,- : ; Ae
S2: Generating an average data augmented input sample set X;'”' according to the input sample set X, obtained by channel information; $3: Generating an average sample constructed output sample set Y;'”* according to the output sample set ¥, obtained by channel information labels; S4: A new channel information dataset D:D "> ={X;" ¥"™} is constructed from the input sample set X;” and the output sample set ¥,*”*, using for the training of identification.
Furthermore, in the malicious node identification method in edge computing, the step S2 includes the following sub-steps: S21: Averaging the multiple input samples obtained by continuous multi-frame channel information ~ ~ 1 Ht . toget H; where H; => H, , 1<q,<N,, n+a,<N,; ao, HLT $22: Constructing the input sample set X;™, where X= |H LH HY H.-H |, M, denotes the number of channel information vectors after average data augmentation.
Furthermore, in the malicious node identification method in edge computing, the step S3 comprises constructing an output sample set Y;**, where Y/”! =[I,,I,,--.1,]. _
NÀ Furthermore, in the malicious node identification method in edge computing, the method of estimating node channel information adopts the Minimum Mean Square Error (MMSE) method or the Least Square (LS) method.
Furthermore, in the malicious node identification method in edge computing, the input sample set X, is a channel information matrix composed of channel frequency response vectors, and the output sample set Y, is label matrix composed of corresponding node labels.
Beneficial effects of the present invention: In the present invention, the correlation between successively collected multi-frame channel information is used to construct a new channel response information vector, that is, to average two or more timeslot channel frequency response vectors to obtain a new channel response vector. It overcomes the shortcomings of low identification rate caused by insufficient data in channel information extraction, when proceeding the malicious node identification of channel characteristics.
Figure description Figure 1 is a deep neural network model.
Figure 2 is a deep neural network-based channel frequency response malicious node identification model combined with data augmentation.
Figure 3 is a flowchart of the present invention.
Figure 4 is the identification accuracy of the present invention in a practical factory environment. Implementation details In order to have a clearer understanding of the technical features, objectives, and effects of the present invention, the technical solution of the present invention is further described in detail below in combination with the identification of malicious nodes by channel frequency response based on deep neural network. However, the scope of the present invention is not limited to the following.
As shown in Figure 1, the deep neural network has excellent fitting and classification capabilities, so the use of deep neural networks for malicious node recognition has good performance. However, when the dataset is relatively small, the deep neural network has its limitations, and the time correlation requirement of wireless channel information or some other restrictive requirements make the system unable to obtain a relatively large channel sample set. Then, it is very important to obtain enough datasets from the collection channel response in the relevant time. Data augmentation can regenerate the dataset from the existing dataset through some calculation operations. This is an effective way to extend the limited training dataset to implement neural network training and improve the identification rate.
As shown in Figure 2, in a feasible embodiment, a malicious node identification of channel frequency response method based on deep neural network combined with data augmentation is divided into two phases, namely a training phase and an authentication phase. There are three steps in the training phase: First, obtain the channel frequency response vector of the received signal of the known sending node and its corresponding label. Then, the data augmentation module is used to construct some new effective channel information vectors. In this embodiment, the effective channel information vectors are averaged by using two or more timeslot channel frequency response vectors to obtain new channel response vectors. The newly generated channel information vector and the original channel information vector have the same label, that is, they belong to the same node. Finally,
an input matrix composed of all channel information vectors and an output matrix composed of its corresponding labels are used to train a deep neural network.
Specifically, the method for constructing the new effective channel information vector is as follows: 5 As shown in Figure 3, in this embodiment, the malicious node identification method in edge computing includes the following steps: S1: Collect the input sample set X, and output sample set ¥, of the k™ node channel information to constitute the k™ node channel information dataset D:D ={X_Y,}, where X, = [A LH HN |, Y,=[I..1,,-- I]. Hy represents the channel frequency response vector _ a — Ne of the kf! node in time slot £, N, denotes the number of channel frequency response of the k'™ node, 7 that is, the total number of time slots, I, = 0 0,---,0,1,0,-- : : kJ S2: Generating an average data augmented input sample set X/'** according to the input sample set X, obtained by channel information; S3: Generating an average sample constructed output sample set ¥;** according to the output sample set ¥, obtained by channel information labels; S4: A new channel information dataset D:D = {X* ¥/™} is constructed from the input sample set X;* and the output sample set ¥"', using for the training of identification.
Specifically, the step S2 includes: Averaging the multiple input samples obtained by continuous a A 1 +c multi-frame channel information to get A, where H, = — 2H IS <N,, n+ta,<N, a, + =H Constructing the input sample set X;”*, where X/%* = |H LH HY HD Bs | M, denotes the number of channel information vectors after average data augmentation.
Specifically, the step S2 comprises constructing an output sample set ¥' where ri = [7 I.
I] —_ Ny +3,
As shown in Figure 4, it is the identification of malicious nodes in a multi-user dataset under dynamic conditions in a factory environment. Under the condition of two users, the recognition rate is more than 90%, which is about 5% higher than the existing results. The data augmentation achieves better recognition performance.
The basic principles, main features and the advantages of the present invention have been shown and described above. Those skilled in the art should understand that the present invention is not limited by the foregoing embodiments. What is described in the above embodiments and the description is only to explain the principles of the present invention. The present invention will also have various changes and improvements fall within the scope of the claimed invention. The scope of protection of the invention is defined by the appended claims and their equivalents.

Claims (5)

ConclusiesConclusions 1. De methode voor het identificeren van kwaadaardige knooppunten in edge computing, bestaat uit de volgende stappen: SI: Verzamel de ingevoerde sampleset X, en de uitgevoerde sampleset ¥, van het Kk! knooppunt kanaal informatie om de k™ knooppunt kanaal informatieset D, :D, ={X,,Y,}te vormen, waar X, =| Hy HH |, Y, =[I.1.-. 1] H; staat voor de — N; kanaalfrequentieresponsvector van het k™ knooppunt in tijdslot 7, N, geeft het aantal kanaalfrequentie-respons van het k™ knooppunt aan, door wijze van het totale aantal tijdslots, , I -|00910| k—1 S2: Genereer een gemiddelde dataverhoging van de ingevoerde sampleset X/“”* op basis van de ingevoerde sampleset X, verkregen door kanaalinformatie; S3: Genereer een gemiddelde dataverhoging van de ingevoerde sampleset ¥'" op basis van de ingevoerde sampleset ¥, verkregen door kanaalinformatie labels, S4: Een nieuwe kanaalinformatie dataset D:D, = {X/Y} wordt gebouwd van de ingevoerde sampleset Xen de uitgevoerde sampleset Y/'”*, voor de identificatietraining.1. The method for identifying malicious nodes in edge computing consists of the following steps: SI: Collect the input sampleset X, and the output sampleset ¥, from the Kk! node channel information to form the k ™ node channel information set D,: D, = {X ,, Y,}, where X, = | Hy HH |, Y, = [I.1. 1] H; stands for the - N; channel frequency response vector of the k ™ node in time slot 7, N, indicates the number of channel frequency response of the k ™ node, by way of the total number of time slots,, I - | 00910 | k — 1 S2: Generate an average data increment of the input sample set X / “” * based on the input sample set X, obtained by channel information; S3: Generate an average data increment of the input sampleset ¥ '"based on the input sampleset ¥, obtained by channel information labels, S4: A new channel information data set D: D, = {X / Y} is built from the input sampleset X, and the performed sample set Y / '”*, for identification training. 2. De methode voor het identificeren van kwaadaardige knooppunten in edge computing volgens claim 1, waarbij de stap S2 de volgende sub-stappen bevat: S21: Het berekenen van het gemiddelde van de meerdere ingevoerde samples verkregen door continue multi-frame kanaalinformatie om de volgende informatie te verkrijgen H . , waar ~ 1 H+ ] Hl=——>H,, 1<a,<N,_, n+a,<N,; CG +1 i= S22: Opbouw van de ingevoerde sampleset xX; waar X= |H LH HY HD HY ] ‚ M, het aantal kanaalinformatievectoren na gemiddelde dataverhoging aangeeft.2. The method for identifying malicious nodes in edge computing according to claim 1, wherein the step S2 includes the following sub-steps: S21: Calculating the average of the multiple input samples obtained by continuous multi-frame channel information to obtain information H. where ~ 1H +] H1 = ——> H, 1 <a, <N, _, n + a, <N ,; CG +1 i = S22: Structure of the entered sample set xX; where X = | H LH HY HD HY], M, indicates the number of channel information vectors after average data increment. 3. De methode voor het identificeren van kwaadaardige knooppunten in edge computing volgens claim 1, waarin de stap S3 bestaat uit het opbouwen van een sampleset voor de uitvoer yo , waar y= — [1.. I, ee I] | Ls 4] Ait,3. The method for identifying malicious nodes in edge computing according to claim 1, wherein the step S3 consists of building a sample set for the output yo, where y = - [1 .. I, ee I] | Ls 4] Ait, 4. De methode voor het identificeren van kwaadaardige knooppunten in edge computing volgens claim 1, waarin bij de methode voor het schatten van de informatie over het knooppunt kanaal de methode van de Minimum Mean Square Error (MMSE) of de methode van de Least Square (LS) wordt gebruikt.4. The method for identifying malicious nodes in edge computing according to claim 1, wherein the method for estimating the node channel information is the Minimum Mean Square Error (MMSE) method or the Least Square method ( LS) is used. 5. De methode voor het identificeren van kwaadaardige knooppunten in edge computing volgens claim 1, waarin de ingevoerde sampleset X een kanaalinformatiematrix is die bestaat uit kanaalfrequentieresponsvectoren, en de uitgevoerde sampleset Y, een labelmatrix is die bestaat uit overeenkomstige knooppunt-etiketten.The method for identifying malicious nodes in edge computing according to claim 1, wherein the input sample set X is a channel information matrix consisting of channel frequency response vectors, and the output sample set Y, is a label matrix consisting of corresponding node labels.
NL2024474A 2019-12-17 2019-12-17 A malicious node identification method based on the edge computing NL2024474B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
NL2024474A NL2024474B1 (en) 2019-12-17 2019-12-17 A malicious node identification method based on the edge computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
NL2024474A NL2024474B1 (en) 2019-12-17 2019-12-17 A malicious node identification method based on the edge computing

Publications (1)

Publication Number Publication Date
NL2024474B1 true NL2024474B1 (en) 2020-10-15

Family

ID=70295978

Family Applications (1)

Application Number Title Priority Date Filing Date
NL2024474A NL2024474B1 (en) 2019-12-17 2019-12-17 A malicious node identification method based on the edge computing

Country Status (1)

Country Link
NL (1) NL2024474B1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070021126A1 (en) * 2005-07-25 2007-01-25 Sanjiv Nanda Method and apparatus for maintaining a fingerprint for a wireless network
WO2013036794A1 (en) * 2011-09-08 2013-03-14 Drexel University Reconfigurable antenna based solutions for device authentication and instrusion detection in wireless networks
WO2016054626A1 (en) * 2014-10-03 2016-04-07 Nokomis, Inc. Detection of malicious software, firmware, ip cores and circuitry via unintended emissions
US20170251364A1 (en) * 2015-08-19 2017-08-31 University Of Electronic Science And Technology Of China Cross-layer Authentication Method based on Radio Frequency Fingerprint

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070021126A1 (en) * 2005-07-25 2007-01-25 Sanjiv Nanda Method and apparatus for maintaining a fingerprint for a wireless network
WO2013036794A1 (en) * 2011-09-08 2013-03-14 Drexel University Reconfigurable antenna based solutions for device authentication and instrusion detection in wireless networks
WO2016054626A1 (en) * 2014-10-03 2016-04-07 Nokomis, Inc. Detection of malicious software, firmware, ip cores and circuitry via unintended emissions
US20170251364A1 (en) * 2015-08-19 2017-08-31 University Of Electronic Science And Technology Of China Cross-layer Authentication Method based on Radio Frequency Fingerprint

Similar Documents

Publication Publication Date Title
Chen et al. Physical-layer security based mobile edge computing for emerging cyber physical systems
CN102202064B (en) Method for extracting behavior characteristics of Trojan communication based on network data flow analysis
Babun et al. Z-iot: Passive device-class fingerprinting of zigbee and z-wave iot devices
CN108965248B (en) P2P botnet detection system and method based on traffic analysis
CN103491107B (en) Wooden horse communication feature rapid extracting method based on network data flow bunch cluster
Zhang et al. Modulated autocorrelation convolution networks for automatic modulation classification based on small sample set
Hou et al. An intrusion tracking watermarking scheme
CN107968776B (en) Dynamic attack surface transformation method based on bidirectional control function
CN111200600A (en) Internet of things equipment flow sequence fingerprint feature extraction method
Chen et al. A novel terminal security access method based on edge computing for IoT
Chetan et al. A comprehensive survey on exiting solution approaches towards security and privacy requirements of IoT
NL2024474B1 (en) A malicious node identification method based on the edge computing
CN114580011A (en) Power facility security situation sensing method and system based on federal privacy training
LU101534B1 (en) Data enhancement method of malicious node identification in the edge computing
CN110912906B (en) Edge calculation malicious node identification method
Zhu et al. Learning-empowered privacy preservation in beyond 5G edge intelligence networks
CN109787996B (en) Camouflage attack detection method based on DQL algorithm in fog calculation
CN105099799A (en) Botnet detection method and controller
CN110838913A (en) Time type network covert channel detection method based on secret sharing
CN105049456A (en) Covert communication method based on webpage link request
Lei et al. Can Wavelet Transform Detect LDDoS Abnormal Traffic in Multipath TCP Transmission System?
Zhang et al. The proactive defense of energy Internet terminals edge-access using the network topology autoassociation
Xu et al. A Malicious Node Identification Method Based on Edge Computing
Wang et al. Active defense by mimic association transmission in edge computing
Strelkovskaya et al. Comparative analysis of the methods of wavelet-and spline-extrapolation in problems of predicting self-similar traffic