1,255 research outputs found
Detecting Anomalous Microflows in IoT Volumetric Attacks via Dynamic Monitoring of MUD Activity
IoT networks are increasingly becoming target of sophisticated new
cyber-attacks. Anomaly-based detection methods are promising in finding new
attacks, but there are certain practical challenges like false-positive alarms,
hard to explain, and difficult to scale cost-effectively. The IETF recent
standard called Manufacturer Usage Description (MUD) seems promising to limit
the attack surface on IoT devices by formally specifying their intended network
behavior. In this paper, we use SDN to enforce and monitor the expected
behaviors of each IoT device, and train one-class classifier models to detect
volumetric attacks.
Our specific contributions are fourfold. (1) We develop a multi-level
inferencing model to dynamically detect anomalous patterns in network activity
of MUD-compliant traffic flows via SDN telemetry, followed by packet inspection
of anomalous flows. This provides enhanced fine-grained visibility into
distributed and direct attacks, allowing us to precisely isolate volumetric
attacks with microflow (5-tuple) resolution. (2) We collect traffic traces
(benign and a variety of volumetric attacks) from network behavior of IoT
devices in our lab, generate labeled datasets, and make them available to the
public. (3) We prototype a full working system (modules are released as
open-source), demonstrates its efficacy in detecting volumetric attacks on
several consumer IoT devices with high accuracy while maintaining low false
positives, and provides insights into cost and performance of our system. (4)
We demonstrate how our models scale in environments with a large number of
connected IoTs (with datasets collected from a network of IP cameras in our
university campus) by considering various training strategies (per device unit
versus per device type), and balancing the accuracy of prediction against the
cost of models in terms of size and training time.Comment: 18 pages, 13 figure
IoT Threat Detection Testbed Using Generative Adversarial Networks
The Internet of Things(IoT) paradigm provides persistent sensing and data
collection capabilities and is becoming increasingly prevalent across many
market sectors. However, most IoT devices emphasize usability and function over
security, making them very vulnerable to malicious exploits. This concern is
evidenced by the increased use of compromised IoT devices in large scale bot
networks (botnets) to launch distributed denial of service(DDoS) attacks
against high value targets. Unsecured IoT systems can also provide entry points
to private networks, allowing adversaries relatively easy access to valuable
resources and services. Indeed, these evolving IoT threat vectors (ranging from
brute force attacks to remote code execution exploits) are posing key
challenges. Moreover, many traditional security mechanisms are not amenable for
deployment on smaller resource-constrained IoT platforms. As a result,
researchers have been developing a range of methods for IoT security, with many
strategies using advanced machine learning(ML) techniques. Along these lines,
this paper presents a novel generative adversarial network(GAN) solution to
detect threats from malicious IoT devices both inside and outside a network.
This model is trained using both benign IoT traffic and global darknet data and
further evaluated in a testbed with real IoT devices and malware threats.Comment: 8 pages, 5 figure
Cross Dataset Evaluation for IoT Network Intrusion Detection
With the advent of Internet of Things (IOT) technology, the need to ensure the security of an IOT network has become important. There are several intrusion detection systems (IDS) that are available for analyzing and predicting network anomalies and threats. However, it is challenging to evaluate them to realistically estimate their performance when deployed. A lot of research has been conducted where the training and testing is done using the same simulated dataset. However, realistically, a network on which an intrusion detection model is deployed will be very different from the network on which it was trained. The aim of this research is to perform a cross-dataset evaluation using different machine learning models for IDS. This helps ensure that a model that performs well when evaluated on one dataset will also perform well when deployed. Two publicly available simulation datasets., IOTID20 and Bot-IoT datasets created to capture IOT networks for different attacks such as DoS and Scanning were used for training and testing. Machine learning models applied to these datasets were evaluated within each dataset followed by cross -dataset evaluation. A significant difference was observed between the results obtained using the two datasets. Supervised machine learning models were built and evaluated for binary classification to classify between normal and anomaly attack instances as well as for multiclass classification to also categorize the type of attack on the IoT network
SecureFlow: Knowledge and data-driven ensemble for intrusion detection and dynamic rule configuration in software-defined IoT environment
There is a massive growth in the rate of heterogeneous devices configured in the Internet of Things (IoT) environment for efficient communication. The IoT devices are limited in resources, and there are no defined protocols in terms of security during communication in the IoT-based platforms. Several solutions are framed to make communication secure in the IoT ecosystem. However, the existing schemes need to be more reliable to handle the cyber threats and unwarranted incidents (such as intrusions, anomalies and attacks) coming from IoT endpoints owing to the unstructured patterns of IoT data and dynamic network conditions. Moreover, heavy cryptographic primitives have their deployment challenges due to the resource constraints of the IoT ecosystem. The dynamic nature of IoT traffic requires flexible and varied rules to handle the threats in different deployment scenarios. Therefore, a programmable interface enabled through Software-defined Networking (SDN) can handle heterogeneous threats and incidents in the IoT cyber world. Thus, in this paper, we have designed a novel framework, SecureFlow, an intrusion detection and dynamic rule configuration system based on the knowledge-based and data-driven ensemble. The proposed framework is robust and fault tolerant owing to dual-layer Intrusion Detection System (IDS) and rule configuration modules that can work without one of them. SecureFlow validated through several experiments performed through emulations in Mininet. The results depict that the proposed framework is effective and promising
An IoT Architecture Leveraging Digital Twins: Compromised Node Detection Scenario
Modern IoT (Internet of Things) environments with thousands of low-end and
diverse IoT nodes with complex interactions among them and often deployed in
remote and/or wild locations present some unique challenges that make
traditional node compromise detection services less effective. This paper
presents the design, implementation and evaluation of a fog-based architecture
that utilizes the concept of a digital-twin to detect compromised IoT nodes
exhibiting malicious behaviors by either producing erroneous data and/or being
used to launch network intrusion attacks to hijack other nodes eventually
causing service disruption. By defining a digital twin of an IoT infrastructure
at a fog server, the architecture is focused on monitoring relevant information
to save energy and storage space. The paper presents a prototype implementation
for the architecture utilizing malicious behavior datasets to perform
misbehaving node classification. An extensive accuracy and system performance
evaluation was conducted based on this prototype. Results show good accuracy
and negligible overhead especially when employing deep learning techniques such
as MLP (multilayer perceptron).Comment: This work has been submitted to the IEEE for possible publicatio
Artificial Intelligence based Anomaly Detection of Energy Consumption in Buildings: A Review, Current Trends and New Perspectives
Enormous amounts of data are being produced everyday by sub-meters and smart
sensors installed in residential buildings. If leveraged properly, that data
could assist end-users, energy producers and utility companies in detecting
anomalous power consumption and understanding the causes of each anomaly.
Therefore, anomaly detection could stop a minor problem becoming overwhelming.
Moreover, it will aid in better decision-making to reduce wasted energy and
promote sustainable and energy efficient behavior. In this regard, this paper
is an in-depth review of existing anomaly detection frameworks for building
energy consumption based on artificial intelligence. Specifically, an extensive
survey is presented, in which a comprehensive taxonomy is introduced to
classify existing algorithms based on different modules and parameters adopted,
such as machine learning algorithms, feature extraction approaches, anomaly
detection levels, computing platforms and application scenarios. To the best of
the authors' knowledge, this is the first review article that discusses anomaly
detection in building energy consumption. Moving forward, important findings
along with domain-specific problems, difficulties and challenges that remain
unresolved are thoroughly discussed, including the absence of: (i) precise
definitions of anomalous power consumption, (ii) annotated datasets, (iii)
unified metrics to assess the performance of existing solutions, (iv) platforms
for reproducibility and (v) privacy-preservation. Following, insights about
current research trends are discussed to widen the applications and
effectiveness of the anomaly detection technology before deriving future
directions attracting significant attention. This article serves as a
comprehensive reference to understand the current technological progress in
anomaly detection of energy consumption based on artificial intelligence.Comment: 11 Figures, 3 Table
- …