2,217 research outputs found
Navigating the IoT landscape: Unraveling forensics, security issues, applications, research challenges, and future
Given the exponential expansion of the internet, the possibilities of
security attacks and cybercrimes have increased accordingly. However, poorly
implemented security mechanisms in the Internet of Things (IoT) devices make
them susceptible to cyberattacks, which can directly affect users. IoT
forensics is thus needed for investigating and mitigating such attacks. While
many works have examined IoT applications and challenges, only a few have
focused on both the forensic and security issues in IoT. Therefore, this paper
reviews forensic and security issues associated with IoT in different fields.
Future prospects and challenges in IoT research and development are also
highlighted. As demonstrated in the literature, most IoT devices are vulnerable
to attacks due to a lack of standardized security measures. Unauthorized users
could get access, compromise data, and even benefit from control of critical
infrastructure. To fulfil the security-conscious needs of consumers, IoT can be
used to develop a smart home system by designing a FLIP-based system that is
highly scalable and adaptable. Utilizing a blockchain-based authentication
mechanism with a multi-chain structure can provide additional security
protection between different trust domains. Deep learning can be utilized to
develop a network forensics framework with a high-performing system for
detecting and tracking cyberattack incidents. Moreover, researchers should
consider limiting the amount of data created and delivered when using big data
to develop IoT-based smart systems. The findings of this review will stimulate
academics to seek potential solutions for the identified issues, thereby
advancing the IoT field.Comment: 77 pages, 5 figures, 5 table
Few-shot Multi-domain Knowledge Rearming for Context-aware Defence against Advanced Persistent Threats
Advanced persistent threats (APTs) have novel features such as multi-stage
penetration, highly-tailored intention, and evasive tactics. APTs defense
requires fusing multi-dimensional Cyber threat intelligence data to identify
attack intentions and conducts efficient knowledge discovery strategies by
data-driven machine learning to recognize entity relationships. However,
data-driven machine learning lacks generalization ability on fresh or unknown
samples, reducing the accuracy and practicality of the defense model. Besides,
the private deployment of these APT defense models on heterogeneous
environments and various network devices requires significant investment in
context awareness (such as known attack entities, continuous network states,
and current security strategies). In this paper, we propose a few-shot
multi-domain knowledge rearming (FMKR) scheme for context-aware defense against
APTs. By completing multiple small tasks that are generated from different
network domains with meta-learning, the FMKR firstly trains a model with good
discrimination and generalization ability for fresh and unknown APT attacks. In
each FMKR task, both threat intelligence and local entities are fused into the
support/query sets in meta-learning to identify possible attack stages.
Secondly, to rearm current security strategies, an finetuning-based deployment
mechanism is proposed to transfer learned knowledge into the student model,
while minimizing the defense cost. Compared to multiple model replacement
strategies, the FMKR provides a faster response to attack behaviors while
consuming less scheduling cost. Based on the feedback from multiple real users
of the Industrial Internet of Things (IIoT) over 2 months, we demonstrate that
the proposed scheme can improve the defense satisfaction rate.Comment: It has been accepted by IEEE SmartNet
Data Credence in IoR: Vision and Challenges
As the Internet of Things permeates every aspect of human life, assessing the credence or integrity of the data generated by "things" becomes a central exercise for making decisions or in auditing events. In this paper, we present a vision of this exercise that includes the notion of data credence, assessing data credence in an efficient manner, and the use of technologies that are on the horizon for the very large scale Internet of Things
- …