首页|期刊导航|通信学报|网络行为孪生驱动的物联网异常流量检测

网络行为孪生驱动的物联网异常流量检测

何高峰田健峥李亚文徐丙凤朱海婷张璐郭乃瑄

通信学报2026，Vol.47Issue(3)：156-169,14.

通信学报2026，Vol.47Issue(3)：156-169,14.DOI:10.11959/j.issn.1000-436x.2026040

网络行为孪生驱动的物联网异常流量检测

Network behavior twin-driven traffic anomaly detection for the Internet of things

何高峰 ¹田健峥 ¹李亚文 ¹徐丙凤 ²朱海婷 ¹张璐 ³郭乃瑄⁴

作者信息

1. 南京邮电大学物联网学院,江苏南京 210003
2. 南京林业大学信息科学技术学院、人工智能学院,江苏南京 210042
3. 南京审计大学计算机学院、统计金融联合实验室,江苏南京 211815
4. 盐城工学院信息工程学院,江苏盐城 224007
折叠

摘要

Abstract

To overcome the limitations of existing Internet of things(IoT)traffic anomaly detection methods,which pre-dominantly rely on machine or deep learning algorithms and thus incur high resource consumption and frequent false positives,a novel detection framework based on the network behavioral twin was proposed.The proposed method har-nessed large language model(LLM)to automatically extract network interaction rules from device source code,thereby constructing a digital twin that accurately mirrors the IoT device's network behavior.This digital twin was employed to simulate the device's legitimate network activities in real time,enabling precise and efficient detection of anomalous traffic.Experimental results demonstrate that the proposed method significantly outperforms existing detection methods in detection tasks under typical scenarios,such as denial of service(DoS)attacks,command and control(C&C)commu-nication,and intranet scanning.Meanwhile,compared with the latest pre-trained model TrafficFormer,the model size is reduced from 682 MB to 17 KB,and the computation and storage resource consumption are reduced by 85.44%and 94.06%,respectively.By combining high detection accuracy with exceptional computational efficiency,the proposed method is well-suited for resource-constrained IoT environments and establishes a new approach of dynamic,cyber-physical protection in IoT network security.

关键词

数字孪生/大语言模型/异常流量检测/物联网安全/轻量化模型

Key words

digital twin/large language model/traffic anomaly detection/Internet of things security/lightweight model

分类

信息技术与安全科学

引用本文复制引用

何高峰,田健峥,李亚文,徐丙凤,朱海婷,张璐,郭乃瑄..网络行为孪生驱动的物联网异常流量检测[J].通信学报,2026,47(3):156-169,14.

基金项目

国家自然科学基金资助项目(No.62572252,No.62372240) （No.62572252,No.62372240）

江苏省高等学校自然科学研究重大基金资助项目(No.22KJA520005) （No.22KJA520005）

统计金融联合实验室开放课题基金资助项目(No.2025JLSF302) The National Natural Science Foundation of China(No.62572252,No.62372240),Key Project of Natural Sci-ence Research in Jiangsu Provincial Colleges and Universities(No.22KJA520005),The Open Project of Joint Lab for Statistics and Finance(No.2025JLSF302) （No.2025JLSF302）

通信学报

ISSN：1000-436X

访问量0

下载量0

段落导航