An information security analysis method of Internet of things based on balanced double SVM

Abstract

With the continuous progress of social science and technology, the development of the Internet of things is growing. With the development of Internet of things, security problems emerge in endlessly. During the period of COVID-19, the Internet of Things have been widely used to fight virus outbreak. However, the most serious security problem of the Internet of things is network intrusion. This paper proposes a balanced quadratic support vector machine information security analysis method for Internet of things. Compared with the traditional support vector machine Internet of things security analysis method, this method has a higher accuracy, and can shorten the detection time, with efficient and powerful characteristics. The method proposed in this paper has certain reference value to the Internet of things network intrusion problem. It provides better security for the Internet of things during the protection period of covid-19.

Keywords

SVM Balanced binary decision internet of things security intrusion detection COVID-19

1 Introduction

At present, the novel corona virus pneumonia (coronavirusdisease2019, COVID-19) has been spread in more than 100 countries and regions worldwide, which has seriously affected people’s daily production and life, and the smooth and healthy operation of social economy. Due to the differences in the strength of prevention and control measures, medical level and emergency response speed of each country or region to treat covid-19, the basic number of infectious diseases and the doubling time of infectious diseases are significantly different in time and space.

In response to the outbreak of covid-19, China has launched the first level response mechanism for major public health emergencies in various provinces at the first time, and formulated many effective scientific prevention and control measures, such as home-based control, centralized isolation, finding close contacts and accelerating virus detection, which have achieved remarkable results. In China, home-based control and centralized isolation have reduced the potential infection of at least millions of people. Use the case distribution based on time and space big data, case activity track calculation, etc. to carry out health self-examination and verification for individuals, provide residents’ services through grid management, lead community governance, etc., so as to make the city more intelligent using Internet of Things, Artificial Intelligence, etc.

Since the concept of Internet of things was first proposed by MIT in 1999, it has developed rapidly in the world. It leads the third information industry revolution and becomes the infrastructure of future social development. However, the research and practical application of the Internet of things is still in its infancy, and many theories and technologies need to be further broken through, especially the information transmission and information security of the core network of the Internet of things [1]. A large number of nodes in the Internet of things will lead to network congestion. When data is transmitted by a large number of machines, there will be denial of service attacks, network intrusion and other security issues. [2-4].

The function of intrusion detection system (IDS) is: according to the security policy set in advance by the developer, the system takes corresponding response behavior to prevent foreign intrusion. Traditional IDS has the disadvantages of poor detection ability and high false alarm rate for unknown network attacks. In order to improve the efficiency of intrusion detection and reduce the false alarm rate and false alarm rate, the introduction of machine learning into intrusion detection has become an important development direction of intrusion detection system. For multi-sensor system, the concept of data fusion of Internet of things is proposed [5]. In the multi-sensor system, the diversity of information forms, the huge amount of data, the complexity of data relationship and the requirements of real-time, accuracy and reliability of data processing greatly exceed the comprehensive information processing ability of human brain. In this case, multi-sensor data fusion technology came into being. Multi sensor data fusion was first proposed by the United States[6]. Department of defense in the 1970 s, and then a lot of research has been done in Britain, France, Japan and other countries. In the past 40 years, data fusion technology has been greatly developed [7].

British scholars put forward a service-oriented security architecture of the Internet of things, which uses soasecurity autonomy, usage & access management and other modules to build a security Internet of things model with self-organizing ability [8]. Researchers from Zurich University in Switzerland and others point out that the transition from traditional Internet to Internet of things may face many security problems [9 –11]. According to the structural characteristics of existing distributed intrusion detection systems, an intrusion detection model of Internet of things based on balanced binary decision tree support vector machine algorithm is proposed [12 –15]. The experimental results show that the model can achieve better detection accuracy, reduce the false alarm rate and false alarm rate, and make accurate judgment for some unknown intrusion detection types, and make accurate judgment for some unknown intrusion detection types [16].

2 Balanced binary decision tree SVM algorithm

2.1 Introduction of SVM algorithm

Support vector machine (SVM) algorithm is a machine learning method based on statistical theory. Its principle is based on the theory of structural risk minimization and VC dimension, and has good generalization and classification accuracy. Support vector machine has two kinds of classification models: binary classification and multi classification. Multi classification is developed on the basis of the two classifications.

Support vector machine is a machine learning method based on statistical theory, which is described as a mathematical language, that is, there are classified linear equations satisfying _i [(ω · x_i + b)] -1 ⩾ 0. Among them, y_i two kinds of class identification, ω∈ Rⁿ, x_i represents input vector, b represents offset, i = 1, 2, ... ,n. Its structure is shown in Fig. 1.

Fig. 1

Structure of support vector machine.

The solution of the optimal hyperplane can be simplified to solve the quadratic programming problem in the original space:

${\begin{matrix} min φ (ω, ξ) = \frac{1}{2} {∥ x ∥}^{2} + C \sum_{i = 1}^{n} ξ_{i} \\ s, t, y_{i} [ω \cdot x_{i} + b] - 1 + ξ_{i} > > 0, i = 1, 2, \dots, n, \\ ξ_{i} > > 0 \end{matrix}$ (1)

Where C is the error penalty coefficient. The Lagrange multiplier is introduced to transform the problem into the dual form of formula (2): $Q (a) = \sum_{i = 1}^{n} a_{i} - \frac{1}{2} \sum_{i, j = 1}^{n} a_{i} a_{j} y_{i} y_{j} K (x_{i}, x_{j})$ (2)

The following constraints are met: ${\begin{matrix} \sum_{i = 1}^{n} y_{i} a_{i} = 0 \\ 0 ⩽ a_{i} ⩽ C, i = 1, 2, \dots, n \end{matrix}$ (3)

Where K (x_i, x_j) is the kernel function, and $a_{i}^{*}$ is the La-Grange multiplier corresponding to each sample.

The corresponding decision classification function is: $f (x) = sgn (\sum_{i = 1}^{n} a_{i}^{*} y_{i} K (x_{i}, x_{j}) + b^{*})$ (4)

Where SGN () is a symbolic function. Radial basis function is chosen as the kernel function of SVM because of its short running time and high classification accuracy. In this way, not only the complex nonlinear transformation can be prevented, but also the linear function can be used to solve the nonlinear problem. Radial basis function is shown in formula (5): $K (x, y) = exp (- {| x - y |}^{2} / d^{2})$ (5)

2.2 SVM two classification algorithm

In practical applications, such as face recognition, intrusion detection, etc., the data are divided into several categories, so SVM multi classification algorithm has become a research hotspot in recent years. At present, SVM multi classification algorithms include basic algorithm, one-to-one algorithm, layer classification algorithm and so on

Basic algorithm: for k-class data sets, construct k-two-class decision functions. The role of the I-class decision function is to separate the I-class and other classes. When a sample data is input, these k decision functions are used to make decisions. If only the i-th decision function outputs that the sample belongs to class i, and the other k-1 decision function outputs that the sample belongs to other classes, then the sample data belongs to class i; otherwise, no operation is performed. This kind of algorithm is easy to produce the case that a sample belongs to more than one category or a sample does not belong to any one category. The common basic algorithms are one-to-one method (oao-svm), one to all method (oaa-svm), directed acyclic graph method and balanced binary decision tree method.

One to one algorithm: this way is to construct all possible binary decision functions in class k data sets. Through the combination, we can know that class k data need to construct k(k-1) / 2 decision functions. In other words, we need to construct k(k-1) classifiers. When a sample data is input, all classifiers are used for classification, and the class with the highest number of decisions is taken as the final result of the sample. The one-to-one algorithm is rarely used because of the complexity of the objective function and too many variables.

PSO algorithm: PSO algorithm is a swarm intelligence algorithm developed on the basis of the study of birds’ predatory behavior. Firstly, PSO algorithm is initialized as a group of random particles, which can be used as a random initial solution. The initial population is uniformly distributed in the solution space. If N particles exist in the d-dimensional target search space, the position and velocity of the i-th particle can be expressed as X_i = (x_{i
₁}, x_{i
₂}, ⋯ , x_{i
_v}) respectively and V_i = (v_{i
₁}, v_{i
₂}, ⋯ , v_{i
_v}) , i = 1, 2, ⋯ , n. Then the optimal solution is found by iterative search. In each iteration, particles update their velocity and position by tracking two optimal solutions [13, 14]. One of the optimal solutions is the best value of the particle itself so far, that is, the best position of the individual. It is recorded as P_best = (P_{best
₁}, P_{best
₂}, ⋯ , P_{best
_v}). The other optimal solution is the optimal value of the population so far, which is called the global optimal position. It is recorded as G_best = (G_{best
₁}, G_{best
₂}, ⋯ , G_{best
_v}). Particles update their speed and position according to Equations (6) and (7). $\begin{matrix} V_{i}^{k + 1} = ω \cdot V_{i}^{k} + c_{1} \cdot rand () \cdot (P_{best} - X_{k}^{i}) \\ + c_{2} \cdot rand () \cdot (G_{best} - X_{i}^{k}) \end{matrix}$ (6) $X_{i}^{k + 1} = X_{i}^{k} + V_{i}^{k + 1}$ (7)

Among them, ω is the inertia weight; c₁ and c₂ are the learning factors; k is the number of current iterations; and rand () is a random number evenly distributed between 0 and 1, which reflects the randomness of the algorithm.

SVM two classification algorithm:Set training sample set S = ((x₁, y₁), (x₂, y₂), ... , (x_l, y_l)) ⊆ (x, y)^l, where X = Rⁿ, y∈+1,–1. The general form of linear discriminant function in n-dimensional space is g (x) = w · x + b, and the equation of classification surface is: $wx + b$ (8)

When the sample is linearly separable, it can be assumed that ${\begin{matrix} x_{i} \cdot w + b ⩾ + 1, if, y_{i} = + 1 \\ x_{i} \cdot w + b ⩽ - 1, if, y_{i} = - 1 \end{matrix}$

We normalize the discriminant function and combine it to get $y_{i} (x_{i} \cdot w + b) - 1 ⩾ 0 (i = 1, 2, \dots, l)$ (9)

Formula (9) makes|g(x)| = 1 for the sample closest to the classification plane, so that the classification interval is equal to 2/∥ x ∥. Therefore, to make the interval between the two types of data maximum is equivalent to making the ∥w∥ minimum. The samples that make equation (9) equal are called support vectors.

SVM binary classification algorithm has been developed to be more mature, and there are many classical algorithms, such as hush’s GDA algorithm and Osuna’s decomposition algorithm.

2.3 SVM two classification algorithm

Balanced binary decision tree support vector machine algorithm is based on the idea of binary tree and support vector machine binary classification algorithm. In other words, when training the sample set, an effective balanced binary decision tree is established, and then all the nodes of the binary tree are trained by the binary classification algorithm of support vector machine. The balanced binary decision tree is shown in Fig. 2, and the leaf node is an example category. The construction process of binary tree is from root node to leaf node, from top to bottom layer by layer. As can be seen from Fig. 2, the binary tree needs to construct six decision functions (i.e., six classifiers).

Fig. 2

Balanced binary decision tree structure.

From the above analysis of seven samples, this problem can be generalized to the general state. For k-class problems, the algorithm only needs to construct k-1 decision surface. This method ensures high recognition accuracy. After ${log}_{2}^{k}$ nodes, the algorithm finally reaches the leaf node, which can determine the category of data samples. The process is top-down.

BDT-SVM is a balanced binary decision tree SVM algorithm. The basic idea is: firstly, the class with the largest distance between the two classes is determined from the training sample data set, then the remaining classes are judged in turn, the two classes are approximated by the nearest principle, and finally a class cluster with the same number of classes is formed. The specific process is as follows:

In multidimensional space, the class centers of K classes are calculated.

According to the maximum Euclidean distance, two classes with the largest distance are found, which are labeled as cluster C1 and cluster C2 respectively.

Among the remaining classes except C1 and C2, the class C3 with the smallest Euclidean distance from C1 is selected, C3 and C1 are combined, labeled as the Class C1, and the center of the Class C1 is recalculated

Among the remaining classes except C1 and C2, the class C4 with the smallest Euclidean distance from C2 is selected, C4 and C2 are combined, labeled as the class C2, and the center of the class C2 is recalculated.

Loop through steps 3) and 4) until all classes are allocated.

At this time, two kinds of clusters C1 and C2 are generated. In C1 and C2, steps 2) to 5 are executed recursively until all classes are completely separated

Through the above six steps, a balanced binary decision tree is generated. Each node of the tree is trained with SVM binary classification algorithm, thus BDT-SVM multi classification algorithm is realized.

3 Intrusion detection model based on balanced binary decision tree SVM algorithm

The network structure of the Internet of things has a certain complexity, involving a large amount of data. It is necessary to collect the intrusion information from each subnet and host network, and then make the corresponding. Through the selection of the network topology, this study finally proposes the Internet of things security detection model based on the balanced binary decision tree SVM algorithm.

Intrusion detection system must collect network intrusion information from all subnets and hosts, and make corresponding response according to various decisions. Due to the complexity of the current network structure and the large amount of data collected, there may be serious redundancy when the data is not preprocessed. In this paper, the overall framework of intrusion detection model based on balanced binary decision tree SVM algorithm is proposed by studying various complex network topology results, as shown in Fig. 3. The model includes three steps: data preprocessing, feature extraction and intrusion classification.

Fig. 3

Intrusion detection model based on balanced binary decision tree SVM algorithm.

3.1 Data preprocessing

Each connection event obtained from the network connection event extraction module is composed of 41 attributes (in this paper, a standard data set provided by KDD99 is used, and each data has 41 attributes). There are continuity attributes and discontinuity attributes; some attributes are string type, some are integer type and floating-point type. The value range of each attribute is mostly different. In view of the above reasons, it is necessary to preprocess the original data to make the data numerical, discrete and normalized, so as to prepare for the subsequent feature selection and SVM prediction.

1) Numerical

The data is easy to be numerically processed. The number of attributes is counted manually, and then each attribute is mapped to a value.

2) Discretization

In this paper, Na gve scaler algorithm is used to discretize the original data set. For each attribute a ∈ C, proceed as follows:

According to the value of a(x), the records x∈ U are arranged from small to large.

Let x_i and x_j be two adjacent records and scan from top to bottom. If a(x_i) = a(x_j), continue scanning. Otherwise, if d(x_i) = d(x_j), that is to say, if the decision value is the same, continue scanning; otherwise, get a breakpoint c, c = (a(x_i) + a(x_j))/2. That is to say, when the attribute value and the decision value are not the same, a breakpoint c is obtained.

3) Normalization

Data discretization has been completed. However, due to the different range of data, the influence of each attribute on the result is different when SVM prediction is carried out. In order to balance the influence of each attribute on the result, it is necessary to normalize the data.

In this paper, the singular distance function defined in heterogeneous data sets is used to normalize the data. Let’s suppose that there are two records x and y on the heterogeneous data set. x_i and y_i are the ith attributes of x and y, respectively. Therefore, the distance function of x_i and y_i on the ith attribute is defined as $d (x_{i}, y_{i}) = \sqrt{\sum_{c = 1}^{C} | \frac{N_{i, x, c}}{N_{i, x}} - \frac{N_{i, y, c}}{N_{i, y}} |}$ (10)

Where, C is the total number of categories of data; N_i,x is the number of samples with the ith attribute of x_i in all sample data; N_i,x,c is the number of samples with the ith attribute of x_i in all sample data and the output category of c. If one value of x_i and y_i is unknown, the distance between them is defined as 1.

The data can be normalized by the above distance function, and the result is $x_{i} = \frac{d (x_{i}, x_{i, min})}{d (x_{i, max}, x_{i, min})} \times scale + low$ (11)

Among them, x_i,max Is the maximum value of the ith attribute in the dataset, x_i,min Is the minimum value of the ith attribute in the dataset, scale is 1, and low is 0.

3.2 Feature extraction

The KDD99 anomaly detection standard data is used in the experiment, and the rough set (RS), SVDF, LGP and Mars algorithms are used to extract the features of 41 dimensional data in the data set, and each algorithm selects 6 attributes. Experimental results show that under the condition of considering both time and accuracy, the attributes extracted from these four algorithms can be combined into a set, and the better effect can be achieved by using the attributes in the set to judge the intrusion. Figure 4 shows the set of attributes extracted by four feature extraction algorithms (13 attributes in total). On the premise of ensuring time efficiency, it also ensures the accuracy of detection.

Fig. 4

Feature extraction results of four algorithms.

Rough set theory (RST) is a mathematical theory and tool for dealing with fuzzy and uncertain knowledge. Rough set theory has been widely developed and applied. Attribute reduction is one of the core problems of rough set theory. It is natural to use it in feature selection

The feature selection algorithm based on support vector decision function (SVDF) is to apply the theory of support vector machine (SVM) to feature selection. SVM algorithm was born in data classification, mainly used in two categories. Support vector machine can also be used for feature selection.

Linear genetic programming (LGP) is the application of genetic programming in linear genome. Applying linear genetic programming to feature selection is based on the fact that it deals with machine code operations and that it is based on evaluation. The LGP algorithm starts from a group of randomly generated initial feasible solutions, and then iterates step by step to approach the optimal solution of the problem through operations such as replication, crossover and mutation. Each feature subset selected in LGP algorithm is measured by a fitness function. The fitness function is used to measure the effect of feature subset on Intrusion Detection in reduction space and training subset. When the number of iterations meets the requirements of the algorithm, LGP algorithm stops.

Multivariable adaptive regression splines (MARS) was proposed by Friedman in 1991. The main purpose of Mars is to analyze the large number of independent variables x₁,x_2, … x_n Prediction of a continuous output variable in $\hat{f}$ is a method to solve the problem of multivariate data. Mars interprets the equations in sections, summarizes and composes an elastic prediction model, and then automatically establishes a criterion model, and uses this criterion model to infer its continuous and discontinuous dependent variables. In terms of the name of multivariate adaptive regression spline, it refers to the multivariate stepwise regression procedure. It is most suitable for high-dimensional problems, and is also regarded as generalized linear stepwise regression, or multi-dimensional adaptive regression improved by modifying classification and regression tree model. At present, Mars has been applied to many different academic fields, such as classification and feature selection.

3.3 Intrusion classification

The data from feature extraction is used as the input of bdt-svm to identify the attack type. The training and testing process of bdt-svm algorithm is described in detail in the previous article. On this basis, considering the influence of different feature information on classification results, the information features of sample data are weighted, and the attribute values of each feature are fused.

4 Experiment and result

4.1 Data set selection

In this paper, KDD99 data set is used for simulation experiment. The abnormal data in this data set can be divided into four attack categories: scanning and detection, denial of service attack, root access attack and remote attack. These four attack categories can be divided into 38 different attack types. There are about 5 million training data and 300000 test data in the data set. Because of the large amount of data, it can reflect the time efficiency of the algorithm.

Scan and probe attack (probe) is to scan a computer in a network segment to obtain the system information and vulnerability of the computer. Such attacks include ipsweep, nmap, portsweep, etc.

Denial of service attack (DOS) is an attack by attackers themselves or using some zombies to occupy a large number of network resources, resulting in legitimate users unable to obtain requests. Such attacks include back, land, Neptune, pod, etc.

The attack of acquiring root permission (U2R) is an illegal access to the local super user, that is to say, it makes ordinary users obtain root permission by illegal means, such as buffer overflow, Load module, Perl, rootkit attacks, etc.

Remote attack (R2L) is that illegal users get legal accounts by sending network packets, such as Ftp_write, Guess_passwd, Imap, multihop attacks, etc.

BDT-SVM classification algorithm is used in this paper. The storage core matrix needs a memory space which grows with the sample size. Therefore, it is very important to determine the size of training data set. In intrusion detection system, KDDCUP99 data set is used, when the confidence is 0.95 and the total error rate is less than 0.002, the number of samples in SVM training data set is more than 74894. This paper analyzes three kinds of data sets, which are close to 10000, close to 100000 and close to 500000. From scale 10000 to scale 100000, the training time of SVM increased by 43.78 times, and the prediction error rate decreased by 69.51%. However, from the scale of 100000 to 500000, the training time of SVM increased by 17.05 times, but the predictive error rate did not decline significantly.

In this paper, the training data set is randomly selected from 10% of the training data of KDDCUP99, with a total of 85355 network connection records. It includes normal data and abnormal data, including DoS attack, u2r attack, r2l attack and probe attack. The normal data and abnormal data in the training data set account for about 50% respectively.

The test data set of this paper is randomly selected from 10% of the test data of KDDCUP99, with a total of 311029 network connection records. It includes normal data, DoS attack, u2r attack, r2l attack and probe attack. In order to detect the detection ability of the anomaly detection agent proposed in this paper, not only the existing attack types in the above training data set, but also some new attack types are included in the test data set.

The proportion of these new attack types to various attack categories is shown in Table 1.

Table 1
The proportion of new attack types in various attack categories

Attack category Samples of new attack types Total samples Percentage of new attacks (%)

DoS 6142 229372 2.47

U2R 10184 16924 62.48

R2L 182 182 83.57

Probe 1748 4134 42.48

Attack category	Samples of new attack types	Total samples	Percentage of new attacks (%)
DoS	6142	229372	2.47
U2R	10184	16924	62.48
R2L	182	182	83.57
Probe	1748	4134	42.48

Table 2 shows the data composition of training data set and test data set.

Table 2

Data composition of training data set and test data set

Data category		Training data set	Training data set
Number of normal samples		44165	60593
Number of abnormal samples	DOS	19630	40593
	U2R	2600	16189
	R2L	5630	228
	Probe	13330	4166

The result of SVM multi classification

The evaluation system indexes are defined as follows:

Detection accuracy = number of correctly classified samples / total number of samples;

False alarm rate = total number of samples with wrong classification / total number of samples;

Missing report rate = total number of abnormal samples considered as normal samples / attacks number of samples;

Training time = the time of SVM training to get support vector;

Detection time = the time when SVM detects the input sample category.

In this paper, SVM binary classification algorithm and multi classification algorithm are applied to the data analysis of intrusion classification stage. SVM multi classification algorithm (bdt-svm) divides the data into five types: normal, DoS attack, u2r attack, r2l attack and probe attack. As can be seen from Table 3, the training time and detection time of the multi classification algorithm are longer than those of the two classification algorithms. This is due to the limitations of the algorithm itself, but it greatly improves the detection accuracy of the system. In the current environment of rapid development of computer hardware, it is worth sacrificing some time cost for a certain detection accuracy.

Table 3

Comparison of time and detection accuracy between two classification algorithm and multi classification algorithm

SVM	Training time (s)	Detection time (s)	Detection accuracy (%)
Two categories	5.3	5	91.03
BDT-SVM	9.6	9	97.68

The intrusion detection system proposed in this paper has low false alarm rate, but high false alarm rate. The specific test results of various data are shown in Table 4.

Table 4

Detection accuracy of SVM multi classification algorithm

Test result type Packet type	Probe	U2R	DoS	R2L	Normal
Probe	97.32	0.06	1.37	0	1.38
U2R	0	65.49	0	26.39	11.29
DoS	0.35	0.17	87.92	1.99	10.28
R2L	0	0.89	0.39	94.69	5.89
Normal	0.68	0.23	0.19	2.23	99.86

It can be seen from Table 4 that the intrusion detection model based on balanced binary decision tree SVM algorithm proposed in this paper has high detection accuracy, but the system false alarm rate is high, among which u2r has the highest false alarm rate.

The result of the above experiments is that the false alarm rate of some attacks is on the high side, which leads to the limitation of the detection accuracy of the system. The high rate of missing reports has a great impact on the system security, and may even cause the system to suffer losses. However, the false alarm will not affect the system security, and it can be reduced or even eliminated through human-computer interaction. Therefore, the problem of missing report needs to be solved by system.

5 Conclusions

Aiming at the problem of large amount of Internet of things data and prominent hidden danger of network security, an intrusion detection model based on balanced binary decision tree support vector machine algorithm is proposed. The model is divided into three steps: 1) data preprocessing. Standardized processing of the original data to eliminate redundant data; 2) feature extraction. Using feature extraction, on the premise of ensuring the detection accuracy, shorten the training time and detection time; 3) intrusion classification. The multi classification algorithm of support vector machine is introduced into the intrusion detection, which improves the detection accuracy and reduces the false alarm rate of the system. Experiments show that the algorithm model has practical reference significance. Can provide help for Internet of things issues during covid-19 protection.

The Internet of things is different from the general information network. It not only has its own particularity, but also faces special security threats, such as collision attack, information tampering and so on. The effective methods against Internet of things attacks are encryption mechanism, key management, data fusion security and so on. During covid-199, the Internet of things processing was affected. So the next step is: 1) based on the analysis of the sensor layer data of the Internet of things, using data fusion, attribute feature weighting and other technologies to find a way to prevent the unknown attacks of the Internet of things. 2) Looking for a lightweight authentication mechanism to ensure the credibility of user identity in the network. For example, aggregate signature introduces a method to improve the communication efficiency and calculation efficiency to reduce the bandwidth occupied by the link. Lightweight cognitive technology is the core of trusted identity authentication system in the Internet of things, which will become a hot research topic in the future.

As a special information network, the Internet of things has a large amount of data and prominent security risks. Using the balanced binary decision tree support vector machine algorithm can improve the detection accuracy of the system. Reduce the risk of network security. It provides practical reference significance.

Footnotes

Acknowledgments

This work is supported by the Jilin Science and technology development plan project; natural science foundation project titled “research on monitoring technology of ginseng growth environment parameters by wireless sensor network” (No. 20150101099jc); Jilin province new interdisciplinary digital agriculture cultivation project titled “recognition algorithm research based on NSST deep learning”.

References

Mavropoulos

, Mouratidis

, Fish

, et al., Apparatus: A framework for security analysis in internet of things systems, Ad Hoc Networks 92(SEP.) (2019), 43.1–43.11.

Lichtenstein

and Williamson

, Understanding consumer adoption of internet banking: an interpretive study in the Australian banking context, Journal of Electronic Commerce ReSearch 7(2) (2006), 50–66.

Mavropoulos

, Mouratidis

, Fish

, et al., A conceptual model to support security analysis in the internet of things, Computer Science & Information Systems 14(2) (2017), 557–578.

Balandin

, Andreev

and Koucheryavy

, Lecture Notes in Computer Science, Internet of Things, Smart Spaces and Next Generation Networks and Systems Volume 8638 || Distributed Packet Trace Processing Method for Information Security Analysis (2014), 10.1007/978-3-319-10353-2(Chapter 49) 535–543.

Roman

and Lopez

, Integrating Wireless Sensor Networks and the Internet: a Security Analysis, Internet Research 19(2) (2009), 246–259.

Ndibanje

, Lee

H.J.

and Lee

S.G.

, Security Analysis and Improvements of Authentication and Access Control in the Internet of Things, Sensors 14(8) (2014), 14786–14805.

Islam

M.R.

and Aktheruzzaman

K.M.

, An Analysis of Cybersecurity Attacks against Internet of Things and Security Solutions, Journal of Computer and Communications 8(4) (2020), 11–25.

, Cui

, Wang

, et al., Privacy-aware Secure Anonymous Communication Protocol in CPSS Cloud Computing, IEEE Access PP(99) (2020), 1–17.

Arul

, Raja

, Almagrabi

A.O.

, et al., A Quantum-Safe Key Hierarchy and Dynamic Security Association for LTE/SAE in 5G Scenario, IEEE Transactions on Industrial Informatics 16(1) (2020), 681–690.

10.

Wang

, Chen

, Huang

, Yao

and Wang

, Contact simulation analysis of double cylindrical asperities using the finite element method, Transactions of the Canadian Society for Mechanical Engineering (2020), 44.

11.

Rostampour

, Bagheri

, Hosseinzadeh

, et al., A Scalable and Lightweight Grouping Proof Protocol for Internet of Things Applications, Journal of Supercomputing 74(1) (2018), 71–86.

12.

Bhattarai

and Wang

, End-to-End Trust and Security for Internet of Things Applications, Computer 51(4) (2018), 20–27.

13.

Lee

D.H.

, Lee

B.G.

, Lee

, et al., Energy-efficient replica detection for resource-limited mobile devices in the internet of things, Iet Communications 7(18) (2017), 1290–1305.

14.

Qian

, Liu

, Pei

, et al., A game-theoretic analysis of information security investment for multiple firms in a network, Journal of the Operational Research Society 68(10) (2017), 1290–1305.

15.

Kara

and Esgin

M.F.

, On Analysis of Lightweight Stream Ciphers with Keyed Update, Computers, IEEE Transactions on 68(1) (2019), 99–110.

16.

Ferraz Junior

, Silva

, Guelfi

, et al., IoT6Sec: reliability model for Internet of Things security focused on anomalous measurements identification with energy analysis, Wireless Networks 25(4) (2019), 1533–1556.

An information security analysis method of Internet of things based on balanced double SVM

Abstract

Keywords

1 Introduction

2 Balanced binary decision tree SVM algorithm

2.1 Introduction of SVM algorithm

4 Experiment and result

4.1 Data set selection

Table 1 The proportion of new attack types in various attack categories Attack category Samples of new attack types Total samples Percentage of new attacks (%) DoS 6142 229372 2.47 U2R 10184 16924 62.48 R2L 182 182 83.57 Probe 1748 4134 42.48

Footnotes

Acknowledgments

References

Table 1
The proportion of new attack types in various attack categories

Attack category Samples of new attack types Total samples Percentage of new attacks (%)

DoS 6142 229372 2.47

U2R 10184 16924 62.48

R2L 182 182 83.57

Probe 1748 4134 42.48