上海交通大学学报

上海交通大学学报 >

2018 , Vol. 52 >Issue 10: 1307 - 1313

DOI: https://doi.org/10.16183/j.cnki.jsjtu.2018.10.020

学报(中文)

物联网安全检测与防护机制综述

展开
  • 上海交通大学 网络空间安全学院, 上海 200240
化存卿(1976-),男,教授,博士生导师,主要研究方向为无线通信、无线网络及安全. 电话(Tel.): 021-34204881;E-mail:cqhua@sjtu.edu.cn.
收起

A Survey of Security Detection and Protection for Internet of Things

Expand
  • School of Cyberspace Security, Shanghai Jiao Tong University, Shanghai 200240, China
Fold

摘要

物联网是一种新型产业方向,是信息技术发展的一个新阶段.首先从物联网的设备固件及应用漏洞,以及无线信道的开放共享特性两个方面,阐述了物联网所面临的安全性和可用性的风险和威胁.其次,对国内外学术界在物联网设备及固件安全分析、机器学习与安全检测等领域的前沿研究方向进行了综述.然后从网络安全防护的角度,讨论了复杂攻击情况下的物联网物理层、数据链路层和网络层防护机制.最后总结了物联网安全检测与防护机制的挑战问题及未来发展趋势.

关键词: 物联网; 安全检测; 防护机制; 机器学习

本文引用格式

化存卿 . 物联网安全检测与防护机制综述[J]. 上海交通大学学报, 2018 , 52(10) : 1307 -1313 . DOI: 10.16183/j.cnki.jsjtu.2018.10.020

Abstract

Internet of Things (IoTs) are a new stage of information technology development. In this paper, we firstly discuss the vulnerabilities in firmware and application of IoTs devices, as well as the open and shared nature of wireless spectrum, and point out that the security and availability of IoTs devices. We then review the recent progress on device and firmware security analysis, machine learning algorithms for IoTs security. We discuss different countermeasures from physical, link and network layers in the face of sophisticated attacks in IoTs. Finally, we summarize the challanging problems for security detection and protection for IoTs and discuss some potential trends in future development.

Key words: Internet of Things (IoTs); security detection; security protection; machine learning

参考文献

[1]XU W, TRAPPE W, ZHANG Y, et al. The feasibility of launching and detecting jamming attacks in wireless networks[C]//Proceedings of the 6th ACM International Symposium on Mobile Ad Hoc Networking and Computing. ACM, 2005: 46-57. [2]BROWN T X, JAMES J E, SETHI A. Jamming and sensing of encrypted wireless ad hoc networks[C]//Proceedings of the 7th ACM International Symposium on Mobile Ad Hoc Networking and Computing. ACM, 2006: 120-130. [3]MISHRA A, NADKARNI K, PATCHA A. Intrusion detection in wireless ad hoc networks[J]. IEEE Wireless Communications, 2004, 11(1): 48-60. [4]COSTIN A, ZADDACH J, FRANCILLON A, et al. A large-scale analysis of the security of embedded firmwares[C]//Proceedings of USENIX Security Symposium, 2014: 95-110. [5]BOJINOV H, BURSZTEIN E, LOVETT E, et al. Embedded management interfaces: Emerging massive insecurity[J]. BlackHat USA, 2009, 1(8): 14. [6]CUI A, SONG Y, PRABHU P V, et al. Brave new world: Pervasive insecurity of embedded network devices[C]//International Workshop on Recent Advances in Intrusion Detection. Springer, Berlin, Heidelberg, 2009: 378-380. [7]CUI A, STOLFO S J. A quantitative analysis of the insecurity of embedded network devices: Results of a wide-area scan[C]//Proceedings of the 26th Annual Computer Security Applications Conference. ACM, 2010: 97-106. [8]CHEN D, WOO M, BRUMLEY D, et al. Towards automated dynamic analysis for Linux-based embedded firmware[C]//NDSS, 2016. [9]HENIGER N, DURUMERIC Z, WUSTROW E, et al. Mining your Ps and Qs: Detection of widespread weak keys in network devices[C]//USENIX Security Symposium, 2013: 35-35. [10]ZADDACH J, BRUNO L, FRANCILLON A, et al. AVATAR: A framework to support dynamic security analysis of embedded systems’ firmwares[C]//Network and Distributed System Security Symposium, 2014. [11]KAMMERSTETTER M, PLATZER C, KASTNER W. PROSPECT: Peripheral proxying supported embedded code testing[C]//Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. ACM, 2014: 329-340. [12]LI H, TONG D, HUANG K, et al. FEMU: A firmware-based emulation framework for SoC verification[C]//International Conference on Hardware/Software Codesign and System Synthesis. IEEE, 2010: 257-266. [13]SHOSHITAISHVILI Y, WANG R, HAUSER C, et al. Firmalice—Automatic detection of authentication bypass vulnerabilities in binary firmware[C]//Network and Distributed System Security Symposium, 2015. [14]DAVIDSON D, MOENCH B, RISTENPART T, et al. FIE on firmware: Finding vulnerabilities in embedded systems using symbolic execution[C]//USENIX Conference on Security. USENIX Association, 2013: 463-478. [15]KRIZHEVSKY A, SUTSKEVER I, HINTON G E. ImageNet classification with deep convolutional neural networks[C]//International Conference on Neural Information Processing Systems. Curran Associates Inc. 2012: 1097-1105. [16]SUTSKEVER I, VINYALS O, LE Q V. Sequence to sequence learning with neural networks[C]//In NIPS, 2014, 4: 3104-3112. [17]TEGELER F, FU X, VIGNA G, et al. BotFinder: Finding bots in network traffic without deep packet inspection[C]//Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies, 2012: 349-360. [18]MA J, SAUL L K, SAVAGE S, et al. Learning to detect malicious URLs[J]. ACM Transactions on Intelligent Systems & Technology, 2011, 2(3): 1-24. [19]BILGE L, KIRDA E, KRUEGEL C, et al. EXPOSURE: Finding malicious domains using passive DNS analysis[C]//Network and Distributed System Security Symposium. San Diego, California, USA, 2011. [20]WANG K, STOLFO S J. One-class training for masquerade detection[C]//IEEE Conference Data Mining Workshop on Data Mining for Computer Security, 2003: 10-19. [21]FRANK M, BIEDERT R, MA E, et al. Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication[J]. IEEE Transactions on Information Forensics & Security, 2013, 8(1): 136-148. [22]ZHENG N, PALOSKI A, WANG H. An efficient user verification system using angle-based mouse movement biometrics[J]. ACM Transactions on Information & System Security, 2016, 18(3): 1-27. [23]KRUEGEL C, VIGNA G, ROBERTSON W. A multi-model approach to the detection of web-based attacks[J]. Computer Networks, 2005, 48(5): 717-738. [24]HAI T N, FRANKE K. Adaptive Intrusion Detection System via online machine learning[C]//International Conference on Hybrid Intelligent Systems. IEEE, 2013: 271-277. [25]PICKHOLTZ R, SCHILLING D, MILSTEIN L. Revisions to “Theory of Spread-Spectrum Communications—A Tutorial”[J]. IEEE Transactions on Communications, 1984, 32(2): 211-212. [26]OPPERMANN I, STOICA L, RABBACHIN A, et al. UWB wireless sensor networks: UWEN—A practical example[J]. IEEE Communications Magazine, 2004, 42(12): S27-S32. [27]GU P, HUA C, KHATOUN R, et al. Cooperative relay beamforming for control channel jamming in vehicular networks[C]//International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, 2018: 1-7. [28]GU P, HUA C, RIDA K, et al. Cooperative anti-jamming relaying for control channel jamming in vehicular networks[J]. IEEE Transactions on Vehicular Technology, 2018. [29]NOUBIR G. On connectivity in ad hoc networks under jamming using directional antennas and mobility[C]//Wired/Wireless Internet Communications, Second International Conference. Springer, Berlin, Heidelberg, 2004: 186-200. [30]GU P, HUA C, KHATOUN R, et al. Cooperative relay beamforming for control channel jamming in vehicular networks[C]//International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, 2018: 1-7. [31]RAMANATHAN R. On the performance of ad hoc networks with beamforming antennas[C]//In ACM International Symposium on Mobile Ad Hoc Network-ing and Computing (MobiHoc), 2001: 95-105. [32]MURTHY C S R, MANOJ B S. Transport layer and security protocols for ad hoc wireless networks[M]. Ad Hoc Wireless Networks: Architectures and Protocols. Prentice Hall PTR, 2004. [33]SPYROPOULOS A, RAGHAVENDRA C S. Energy efficient communications in ad hoc networks using directional antennas[C]//Joint Conference of the IEEE Computer and Communications Societies, 2002, 1: 220-228. [34]TILOCA M, DE GUGLIELMO D, DINI G, et al. JAMMY: A distributed and dynamic solution to selective jamming attack in TDMA WSNs[J]. IEEE Transactions on Dependable & Secure Computing, 2017, 14(4): 392-405. [35]DAIDONE R, DINI G, TILOCA M. A solution to the GTS-based selective jamming attack on IEEE 802.15.4 networks[J]. Wireless Networks, 2014, 20(5): 1223-1235. [36]ZHOU G, HE T, STANKOVIC J A, et al. RID: Radio interference detection in wireless sensor networks[C]//INFOCOM 2005. Joint Conference of the IEEE Computer and Communications Societies. Proceedings IEEE. IEEE, 2005, 2: 891-901. [37]LAW Y W, PALANISWAMI M, HOESEL L V, et al. Energy-efficient link-layer jamming attacks against wireless sensor network MAC protocols[J]. ACM Transactions on Sensor Networks (TOSN), 2009, 5(1): 6. [38]WOOD A, STANKOVIC J A, ZHOU G. DEEJAM: Defeating energy-efficient jamming in IEEE 802.15.4-based wireless networks[C]//2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks. San Diego, CA, 2007: 60-69. [39]RAHMAN N, WRIGHT M, LIU D. Fast and energy-efficient technique for jammed region mapping in wireless sensor networks[C]//Eprint Arxiv, 2014. [40]WOOD A D, STANKOVIC J A, SANG H S. JAM: A jammed-area mapping service for sensor networks[C]//IEEE International Real-Time Systems Symposium. IEEE Computer Society, 2003: 286. [41]XU W, WOOD T, TRAPPE W, et al. Channel surfing and spatial retreats: Defenses against wireless denial of service[C]//ACM Workshop on Wireless Security. ACM, 2004: 80-89. [42]MURALEEDHARAN R, OSADCIW L A. Jamming attack detection and countermeasures in wireless sensor network using ant system[C]//Proceedings of SPIE—The International Society for Optical Engineering, 2006: 6248. [43]PINTEA C M, POP P C. Sensitive ants for denial jamming attack on wireless sensor network[C]//International Joint Conference SOCO’13-CISIS’13-ICEUTE’13. Springer International Publishing, 2014: 409-418.
Options
文章导航

/