Computation of traffic time series for large populations of IoT devices

En este artículo se estudian las tecnicas para clasificar paquetes de tráfico de red en múltiples clases orientadas a la realización de series temporales de tráfico en escenarios de un elevado numero de clases como pueden ser los proveedores de red para dispositivos IoT. Se muestra que usando técnicas basadas en DStries se pueden monitorizar en tiempo real redes con decenas de miles de dispositivos.In this work we study multi class packet classification algorithms to be used in network traffic time series extraction. This study is done for scenarios with a large number of time series to extract such as in monitoring IoT network providers. We show that using DStries based techniques, large networks with tens of thousands of devices can be monitored in real time.This work is funded by Spanish MINECO through project PIT (TEC2015-69417-C2-2-R)

Position paper : A systematic framework for categorising IoT device fingerprinting mechanisms

The popularity of the Internet of Things (IoT) devices makes it increasingly important to be able to fingerprint them, for example in order to detect if there are misbehaving or even malicious IoT devices in one's network. However, there are many challenges faced in the task of fingerprinting IoT devices, mainly due to the huge variety of the devices involved. At the same time, the task can potentially be improved by applying machine learning techniques for better accuracy and efficiency. The aim of this paper is to provide a systematic categorisation of machine learning augmented techniques that can be used for fingerprinting IoT devices. This can serve as a baseline for comparing various IoT fingerprinting mechanisms, so that network administrators can choose one or more mechanisms that are appropriate for monitoring and maintaining their network. We carried out an extensive literature review of existing papers on fingerprinting IoT devices -- paying close attention to those with machine learning features. This is followed by an extraction of important and comparable features among the mechanisms outlined in those papers. As a result, we came up with a key set of terminologies that are relevant both in the fingerprinting context and in the IoT domain. This enabled us to construct a framework called IDWork, which can be used for categorising existing IoT fingerprinting mechanisms in a way that will facilitate a coherent and fair comparison of these mechanisms. We found that the majority of the IoT fingerprinting mechanisms take a passive approach -- mainly through network sniffing -- instead of being intrusive and interactive with the device of interest. Additionally, a significant number of the surveyed mechanisms employ both static and dynamic approaches, in order to benefit from complementary features that can be more robust against certain attacks such as spoofing and replay attacks

Класифікація пристроїв Інтернету речей з використанням методів машинного навчання

Робота обсягом 110 сторінок, містить 15 ілюстрацій, 31 таблиці, 15 формул та 38 літературних посилань. Метою даної кваліфікаційної роботи є дослідження методів класифікації потоку мережевих пакетів на основі алгоритмів машинного навчання, що можуть бути застосовані для розпізнання класу пристроїв Інтернету речей в мережі, їх удосконалення та адаптація для використання в реальних умовах. Об’єктом дослідження є процес поширення потоку пакетів пристроїв Інтернету речей в мережі. Предметом дослідження є алгоритми класифікації потоку пакетів на відповідні класи за допомогою використання методів машинного навчання. Методами дослідження є дослідження літературних джерел, алгоритми машинного навчання та методи математичної статистики, проведення експерименту із використанням програмних засобів. Результати роботи викладені у вигляді таблиць, рисунків, а також програмного коду, що реалізує удосконалений алгоритм класифікації пристроїв Інтернету речей, та демонструють працездатність побудованого алгоритму класифікації, використовуючи різні набори реальних даних одночасно. Результати роботи можуть бути використані на практиці, якщо адміністраторам «розумних» середовищ є необхідність у класифікації пристроїв Інтернету речей для задач з кібербезпеки. Результати роботи доповідалися на XVII Всеукраїнській науково-практичній конференції студентів, аспірантів та молодих вчених «Теоретичні та прикладні проблеми фізики, математики та інформатики» та прийнято до друку в журналі «Theoretical and applied cybersecurity».The work includes 110 pages, 15 figures, 31 tables, 15 formulas, 38 literary references. The aim of this qualification work is to study methods for classifying the network packets flow based on machine learning algorithms that can be used to recognize the class of Internet of things devices in the network, their improvement and adaptation for use in real conditions. The object of research is the process of disseminating the packets flow of Internet of things devices in the network. The subject of the research is the algorithms for classifying the packets flow into corresponding classes using machine learning methods. The research methods are research of literary sources, machine learning algorithms, methods of mathematical statistics, an experiment using software solution. The results of the work are presented in the form of the tables, figures, program code that implements an advanced classification algorithm for Internet of Things devices and demonstrate the operability of the constructed classification algorithm using different real datasets at the same time. The results of the work can be used in practice if the administrators of “smart” environments need to classify Internet of things devices for cybersecurity tasks. The results of the work were presented at the XVII All-Ukrainian Conference of students, graduate students and young scientists “Theoretical and applied problems of physics, mathematics and computer science” and report accepted for publication in the journal “Theoretical and applied cybersecurity”

Smart Monitoring and Control in the Future Internet of Things

The Internet of Things (IoT) and related technologies have the promise of realizing pervasive and smart applications which, in turn, have the potential of improving the quality of life of people living in a connected world. According to the IoT vision, all things can cooperate amongst themselves and be managed from anywhere via the Internet, allowing tight integration between the physical and cyber worlds and thus improving efficiency, promoting usability, and opening up new application opportunities. Nowadays, IoT technologies have successfully been exploited in several domains, providing both social and economic benefits. The realization of the full potential of the next generation of the Internet of Things still needs further research efforts concerning, for instance, the identification of new architectures, methodologies, and infrastructures dealing with distributed and decentralized IoT systems; the integration of IoT with cognitive and social capabilities; the enhancement of the sensing–analysis–control cycle; the integration of consciousness and awareness in IoT environments; and the design of new algorithms and techniques for managing IoT big data. This Special Issue is devoted to advancements in technologies, methodologies, and applications for IoT, together with emerging standards and research topics which would lead to realization of the future Internet of Things

Managing Networked IoT Assets Using Practical and Scalable Traffic Inference

The Internet has recently witnessed unprecedented growth of a class of connected assets called the Internet of Things (IoT). Due to relatively immature manufacturing processes and limited computing resources, IoTs have inadequate device-level security measures, exposing the Internet to various cyber risks. Therefore, network-level security has been considered a practical and scalable approach for securing IoTs, but this cannot be employed without discovering the connected devices and characterizing their behavior. Prior research leveraged predictable patterns in IoT network traffic to develop inference models. However, they fall short of expectations in addressing practical challenges, preventing them from being deployed in production settings. This thesis identifies four practical challenges and develops techniques to address them which can help secure businesses and protect user privacy against growing cyber threats. My first contribution balances prediction gains against computing costs of traffic features for IoT traffic classification and monitoring. I develop a method to find the best set of specialized models for multi-view classification that can reach an average accuracy of 99%, i.e., a similar accuracy compared to existing works but reducing the cost by a factor of 6. I develop a hierarchy of one-class models per asset class, each at certain granularity, to progressively monitor IoT traffic. My second contribution addresses the challenges of measurement costs and data quality. I develop an inference method that uses stochastic and deterministic modeling to predict IoT devices in home networks from opaque and coarse-grained IPFIX flow data. Evaluations show that false positive rates can be reduced by 75% compared to related work without significantly affecting true positives. My third contribution focuses on the challenge of concept drifts by analyzing over six million flow records collected from 12 real home networks. I develop several inference strategies and compare their performance under concept drift, particularly when labeled data is unavailable in the testing phase. Finally, my fourth contribution studies the resilience of machine learning models against adversarial attacks with a specific focus on decision tree-based models. I develop methods to quantify the vulnerability of a given decision tree-based model against data-driven adversarial attacks and refine vulnerable decision trees, making them robust against 92% of adversarial attacks