计算机与现代化 ›› 2021, Vol. 0 ›› Issue (01): 61-64.

• 信息安全 • 上一篇    下一篇

一种基于随机森林算法的MQTT异常流量检测方法

  

  1. (华北电力大学控制与计算机工程学院,北京  102206)
  • 出版日期:2021-01-28 发布日期:2021-01-29
  • 作者简介:吴克河(1962—),男,江苏镇江人,教授,博士,研究方向:智能电网软件技术,电力信息安全, E-mail: wkh@ncepu.edu.cn; 张英(1992—),女,安徽安庆人,硕士研究生,研究方向:网络信息安全,E-mail: 1014340780@qq.com; 崔文超(1983—),男,河南南阳人,讲师,博士,研究方向:信息安全,电力信息化,计算机视觉,E-mail: cuzz@ncepu.edu.cn; 程瑞(1989—),男,安徽安庆人,博士,研究方向:电力信息安全, E-mail: ahchengrui@126.com。
  • 基金资助:
    国家电网总部科技项目(SGGR0000XTJS1900905)

A MQTT Abnormal Traffic Detection Method Based on Random Forest Algorithm

  1. (School of Control and Computer Engineering, North China Electric Power University, Beijing 102206, China)
  • Online:2021-01-28 Published:2021-01-29

摘要: 工业物联网系统所面临的网络安全威胁随着物联网技术的广泛应用日益增加,信息安全问题已成为其发展过程中的一大挑战。MQTT(Message Queuing Telemetry Transport)协议是物联网通信的主流协议,基于该协议的物联网通信安全研究是当前研究的热点话题。传统的流量识别技术如深度包检测无法有效地识别符合包格式的异常流量,而基于机器学习理论的异常流量识别技术则表现出很好的效果。对此提出一种基于随机森林算法的MQTT异常流量检测方法,实现整体高于90%的MQTT异常流量识别准确度,与其他常用分类模型相比拥有更好的识别效果。

关键词: 异常流量检测, 随机森林, MQTT, 流量特征

Abstract: With the wide application of Internet of things technology, the industrial Internet of things system suffers from increasing network security threats, and information security becomes a major challenge in its development. The MQTT (Message Queuing Telemetry Transport) protocol is the mainstream protocol for Internet of things communication. The research on communication security of Internet of things based on the protocol is a hot topic at present. In order to ensure the communication security of restricted devices in the Internet of things, this paper focuses on the abnormal detection of MQTT traffic. Traditional traffic identification technology such as deep packet inspection cant effectively identify abnormal traffic conforming to packet format, and abnormal traffic identification technology based on machine learning theory shows very good effect. For this, a MQTT abnormal traffic detection method based on random forest algorithm is proposed, which achieves an overall accuracy of more than 90% and gets better recognition effect than other common classification models.

Key words: abnormal traffic detection, random forests, MQTT, flow features