Citation: | HE Q L,WANG L H,CHEN Y J,et al. An automatic and real-time detection method of IoT in-the-wild vulnerability attack[J]. Journal of Beijing University of Aeronautics and Astronautics,2024,50(7):2195-2205 (in Chinese) doi: 10.13700/j.bh.1001-5965.2022.0592 |
The vast number of Internet-connected internet of things (IoT) devices are susceptible to hacking and exploitation, which can lead to the paralysis of critical IoT applications. Vulnerability exploitation is a common method of attack on IoT devices; however, due to the diverse, mutable, and highly disguised forms of in-the-wild vulnerability exploitations, it is extremely challenging to quickly and automatically identify ongoing vulnerability attacks targeting IoT devices. To address this, a detection method for IoT vulnerability attacks based on a hybrid deep learning discrimination and open-source intelligence correlation is proposed. This detection method can identify IoT in-the-wild vulnerability attack behaviors in network traffic in real-time and accurately identify the specific categories of vulnerability attack behaviors. Experimental results show that the proposed detection method achieves an accuracy rate of over 99.99% on large-scale datasets. The application of the proposed detection method in real-world scenarios has been significant, discovering 13 new in-the-wild vulnerability attacks within less than a month.
[1] |
绿盟科技. 2020物联网安全年报[EB/OL]. (2021-01-08)[2022-05-28]. https://www.nsfocus.com.cn/html/2021/92_0118/147.html.
NSFOCUS. 2020 IoT Security annual report[EB/OL]. (2021-01-08)[2022-05-28]. https://www.nsfocus.com.cn/html/2021/92_0118/147.html(in Chinese).
|
[2] |
CVE-CVE [EB/OL]. (2022-05-28) [2022-05-29]. https://cve.mitre.org/.
|
[3] |
Exploit-DB - exploits for penetration testers[EB/OL]. (2022-05-28) [2022-05-29]. https://www.exploit-db.com/.
|
[4] |
Packet storm-exploits the possibilities[EB/OL]. (2022-05-29) [2022-05-30]. https://packetstormsecurity.com/.
|
[5] |
Snort - network intrusion detection & prevention system[EB/OL]. (2022-05-01) [2022-05-30]. https://www.snort.org/.
|
[6] |
Yara-the pattern matching swiss knife for malware researchers[EB/OL]. (2022-05-01) [2022-05-30]. https://virustotal.github.io/yara/.
|
[7] |
KDD cup 1999 data [EB/OL]. (2000-09-18) [2022-05-30]. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
|
[8] |
SHIRAVI A, SHIRAVI H, TAVALLAEE M, et al. Toward developing a systematic approach to generate benchmark datasets for intrusion detection[J]. Computers and Security, 2012, 31(3): 357-374. doi: 10.1016/j.cose.2011.12.012
|
[9] |
RING M, WUNDERLICH S, GRUEDL D, et al. Technical report cidds-001 data set[EB/OL]. (2017-04-28) [2022-05-30]. https://www.hs-coburg.de/fileadmin/hscoburg/Forschung/WISENT_cidds_Technical_Report.pdf.
|
[10] |
LEE W K, STOLFO S J. Data mining approaches for intrusion detection[C]//Proceedings of the Conference on USENIX Security Symposium . New York: ACM, 1998: 6.
|
[11] |
KHAN L, AWAD M, THURAISINGHAM B. A new intrusion detection system using support vector machines and hierarchical clustering[J]. The VLDB Journal, 2007, 16(4): 507-521. doi: 10.1007/s00778-006-0002-5
|
[12] |
NGUYEN TTT, ARMITAGE G. A survey of techniques for Internet traffic classification using machine learning[J]. IEEE Communications Surveys & Tutorials, 2008, 10(4): 56-76.
|
[13] |
SOMMER R, PAXSON V. Outside the closed world: On using machine learning for network intrusion detection[C]//Proceedings of the IEEE Symposium on Security and Privacy. Piscataway: IEEE Press, 2010: 305-316.
|
[14] |
SUTHAHARAN S. Big data classification[C]//Proceedings of the Measurement and Modeling of Computer Systems. New York: ACM, 2014, 41(4): 70-73.
|
[15] |
MA J, SAUL L K, SAVAGE S, et al. Identifying suspicious URLs: An application of large-scale online learning[C]//Proceedings of the Annual International Conference on Machine Learning. Montreal : ICML , 2009: 681-688.
|
[16] |
MA J, SAUL L K, SAVAGE S, et al. Byond blacklists: Learning to detect malicious web sites from suspicious URLs[C]//Proceedings of the Acm Sigkdd International Conference on Knowledge Discovery & Data Mining. New York: ACM, 2009: 1245-1254.
|
[17] |
ZHAO P L, HOI S C H. Cost-sensitive online active learning with application to malicious URL detection[C]//Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. New York: ACM, 2013: 919-927.
|
[18] |
李佳, 云晓春, 李书豪, 等. 基于混合结构深度神经网络的HTTP恶意流量检测方法[J]. 通信学报, 2019, 40(1): 24-33. doi: 10.11959/j.issn.1000-436x.2019019
LI J, YUN X C, LI S H, et al. HTTP malicious traffic detection method based on hybrid structure deep neural network[J]. Journal on Communications, 2019, 40(1): 24-33(in Chinese). doi: 10.11959/j.issn.1000-436x.2019019
|
[19] |
HODO E, BELLEKENS X, HAMILTON A, et al. Threat analysis of IoT networks using artificial neural network intrusion detection system[C]//Proceedings of the International Symposium on Networks, Computers and Communications. Piscataway: IEEE Press, 2016: 1-6.
|
[20] |
THAMILARASU G, CHAWLA S. Towards deep-learning-driven intrusion detection for the Internet of Things[J]. Sensors, 2019, 19(9): 1977. doi: 10.3390/s19091977
|
[21] |
AL-HAWAWREH M, MOUSTAFA N, SITNIKOVA E. Identification of malicious activities in industrial Internet of Things based on deep learning models[J]. Journal of Information Security and Applications, 2018, 41: 1-11. doi: 10.1016/j.jisa.2018.05.002
|
[22] |
ABDEL-BASSET M, HAWASH H, CHAKRABORTTY R K, et al. Semi-supervised spatiotemporal deep learning for intrusions detection in IoT networks[J]. IEEE Internet of Things Journal, 2021, 8(15): 12251-12265. doi: 10.1109/JIOT.2021.3060878
|
[23] |
TSIMENIDIS S, LAGKAS T, RANTOS K. Deep learning in IoT intrusion detection[J]. Journal of Network and Systems Management, 2021, 30(1): 8.
|
[24] |
CVE-2021-20090[EB/OL]. (2022-06-14) [2022-06-15]. https://medium.com/tenable-teblog/bypassing-authentication-on-arcad-an-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2.
|
[25] |
IoT_Exploits_Founder[EB/OL]. (2022-1-12) [2022-06-15]. https://github.com/bennyhee/IoT_Exploits_Founder.git.
|
[26] |
ZHAO Y C, WANG G T, TANG C X, et al. A battle of network structures: an empirical study of CNN, transformer, and MLP[EB/OL]. (2021-08-30) [2022-06-17]. http://arxiv.org/abs/2108.13002.
|
[27] |
KIM Y. Convolutional neural networks for sentence classification[EB/OL]. (2014-08-25) [2022-06-15]. http://arxiv.org/abs/1408.5882.
|
[28] |
VASWANI A, SHAZEER N, PARMAR N, et al. Attention is all you need[EB/OL]. (2017-06-12) [2022-06-15]. http://arxiv.org/abs/1706.03762.
|
[29] |
DEVLIN J, CHANG M W, LEE K, et al. BERT: Pre-training of deep bidirectional transformers for language understanding[EB/OL]. (2018-10-11) [2022-06-15]. http://arxiv.org/abs/1810.04805.
|
[30] |
崔琳, 杨黎斌, 何清林, 等. 基于开源信息平台的威胁情报挖掘综述[J]. 信息安全学报, 2022, 7(1): 1-26.
CUI L, YANG L B, HE Q L, et al. Survey of cyber threat intelligence mining based on open source information platform[J]. Journal of Cyber Security, 2022, 7(1): 1-26(in Chinese).
|