mMTC网络中基于空口流量的入侵检测

[摘要] 提出基于空口负载特征学习的入侵检测体系与方法。基站通过分析海量机器类通信（mMTC）节点随机接入过程中的空口信号，可以智能化学习接入负载特征。在此基础上，结合常态流量负载统计信息，设计了入侵攻击检测的框架与实时检测方案。分析与仿真结果表明所提方法可以较准确地跟踪接入负载变化。与基准方案相比，可获得较高的检测概率和较短的检测时间。方案不依赖于高层安全协议，可基于底层信号实现快速入侵检测，为未来的物联网（IoT）安全防护提供了新型思路与参考方案。

[关键词] 入侵检测；MTC网络；随机接入；最大似然检测

[Abstract] In this paper, an air-interface traffic-load based intrusion detection approach is proposed. The base station can intelligently learn the traffic-load features by analyzing the air-interference signal in the massive machine type communications (mMTC) nodes’ random access procedure. With the help of the statistic information under the normal case, the framework of intrusion and attack detection for massive machine type communications (MTC) networks is established and a real time detection scheme is designed. The performance analysis and simulation results demonstrate that our scheme can well track the arrival process with high accuracy, and outperform the baseline schemes in terms of the detection probability and the detection time. Our low layer signal based approach can make an agile intrusion detection and does not depend on security protocol applied on the high layer, which provides novel thinking and a reference scheme for the security enhancement in future Internet of things (IoT).

[Keywords] intrusion detection; MTC networks; random access; maximum likelihood detection