Secure IoT edge: Threat situation awareness based on network traffic

Abstract

Threat situation awareness is one of the new major technologies to avoid network attacks and ensure equipment security. Facing the current IoT network architecture which is characterized by end equipments’ complex services, huge traffic and computing marginalization, real time threat situation awareness based on network traffic can effectively warn and clean latent threat. However, the existing threat situation awareness methods are mostly unitary and dependent on the central node for collection, detection and cleaning. First, it takes too much bandwidth and is not suitable for high-speed scenes. Second, the transmission of traffic or log leads to poor privacy and risk of leakage. Most of all, the perception time is too long, which leads to the performance degradation. This paper proposes a threat situation awareness architecture based on IoT edge and network traffic. Firstly, this paper designs an edge computing device SIE based on CPU and FPGA, the FPGA pipeline is used to analyze the traffic and summarize it in real time. A fast threat situation detection method deployed on SIE’s CPU is proposed which uses flow entropy algorithm to generate situation information. Secondly, this paper introduces the threat situation understanding method based on machine learning. It improves the AdaBoost algorithm and uses uploaded situation information to judge the threat in the traffic. Finally, the method obtains the defensive measure according to the threat intelligence. It can issue the SIE for situation projection and completes threat situation awareness closed loop. Experimental results on KDD99, UNSW-NB15 show that under the premise of ensuring the normal business of IoT equipment and the second level early warning ability, the proposed method can still show good performance under the recognition recall rate, success rate of cleaning threat and other indicators.