Secure IoT edge: Threat situation awareness based on network traffic

Threat situation awareness is one of the new major technologies to avoid network attacks and ensure equipment security. Facing the current IoT network architecture which is characterized by end equipments’ complex services, huge traffic and computing marginalization, real time threat situation aware...

Full description

Saved in:
Bibliographic Details
Published in:Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2021-12, Vol.201, p.108525, Article 108525
Main Authors: Zhao, Yuyu, Cheng, Guang, Duan, Yu, Gu, Zhouchao, Zhou, Yuyang, Tang, Lu
Format: Article
Language:English
Subjects:
Algorithms
Business machines
Central processing units
Cleaning
Closed loops
Communications traffic
Computer architecture
CPUs
Edge computing
Field programmable gate arrays
FPGA
Intelligence gathering
IoT edge
Machine learning
Network traffic
Performance degradation
Pipelining (computers)
Real time
Situational awareness
Threat evaluation
Threat situation awareness
Traffic speed
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Threat situation awareness is one of the new major technologies to avoid network attacks and ensure equipment security. Facing the current IoT network architecture which is characterized by end equipments’ complex services, huge traffic and computing marginalization, real time threat situation awareness based on network traffic can effectively warn and clean latent threat. However, the existing threat situation awareness methods are mostly unitary and dependent on the central node for collection, detection and cleaning. First, it takes too much bandwidth and is not suitable for high-speed scenes. Second, the transmission of traffic or log leads to poor privacy and risk of leakage. Most of all, the perception time is too long, which leads to the performance degradation. This paper proposes a threat situation awareness architecture based on IoT edge and network traffic. Firstly, this paper designs an edge computing device SIE based on CPU and FPGA, the FPGA pipeline is used to analyze the traffic and summarize it in real time. A fast threat situation detection method deployed on SIE’s CPU is proposed which uses flow entropy algorithm to generate situation information. Secondly, this paper introduces the threat situation understanding method based on machine learning. It improves the AdaBoost algorithm and uses uploaded situation information to judge the threat in the traffic. Finally, the method obtains the defensive measure according to the threat intelligence. It can issue the SIE for situation projection and completes threat situation awareness closed loop. Experimental results on KDD99, UNSW-NB15 show that under the premise of ensuring the normal business of IoT equipment and the second level early warning ability, the proposed method can still show good performance under the recognition recall rate, success rate of cleaning threat and other indicators.
ISSN:1389-1286
1872-7069
DOI:10.1016/j.comnet.2021.108525