Threat Identification Model for Suspected Internet of Things Attack Groups

In order to solve the problem that the general intrusion detection model cannot effectively identify the increasingly complex, multi-source, and organized collaborative attacks. This paper proposed a threat identification model for suspected Internet of Things attack groups. Firstly, this paper constructed a PBT feature model from the three-dimensionality of attack path, attack behavior and attack time. Secondly, the paper used spectral clustering algorithm to cluster attackers to effectively identify suspected Internet of Things attack groups. Finally, a threat assessment model was proposed to classify different suspected attack groups into threat levels, and corresponding defensive measures were proposed based on this level to achieve a complete IoT threat early warning system. The experimental results showed that the model proposed in this paper can more effectively identify suspected Internet of Things attack groups, and is of great significance for improving the Internet of Things defense system.