Anomaly Detection and Blocking Based on Power IoT Sensing Layer Traffic Features Identification

• Published in: International Conference on Measuring Technology and Mechatronics Automation (Print) pp. 15 - 20
• Main Authors: Ma, Yuanyuan, Li, Nige, Teng, Ziyi, Zeng, Rong
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.01.2022
• Subjects: Anomaly Detection; Authentication; Control systems; Feature extraction; IoT; Performance evaluation; Protocols; Security management; Sensors; Traffic Feature
• ISSN: 2157-1481
• DOI: 10.1109/ICMTMA54903.2022.00011

Power IoT dumb terminals such as web cameras and network printers based on IP protocol and no user interaction interface are usually based on embedded system development, hard to update program firmware, limited computing resources, and simple security authentication mechanisms. The upgrade is easily controlled by the attacker to initiate a network attack. Aiming at the above problems, this paper designs and implements a dumb terminal security management and control system based on traffic feature recognition. The system extracts the traffic characteristics of the terminal and realizes the identity authentication and behavior supervision of the terminal. When the device is accessed, the static characteristics of the traffic of the terminal are extracted to implement identity authentication. After the device is accessed, the abnormal behavior of the network access terminal is analyzed and analyzed, and the session connection is blocked. The performance of the system is better in the experimental environment and the measured environment. The accuracy of equipment identification is 96.6%, and the accuracy of abnormal detection is 97.7%. It can effectively detect DOS, port scanning and other network attacks.