Detecting and defending against cyber attacks in a smart home
Internet of Things ecosystem
- Publication date
- Publisher
Abstract
The proliferation in Internet of Things (IoT) devices is demonstrated by their prominence
in our daily lives. Although such devices simplify and automate everyday tasks,
they also introduce tremendous security flaws. Current security measures are insufficient,
making IoT one of the weakest links to breaking into a secure infrastructure
which can have serious consequences. Subsequently, this thesis is motivated by the
need to develop and further enhance novel mechanisms tailored towards strengthening
the overall security infrastructures of IoT ecosystems.
To estimate the degree to which a hub can improve the overall security of the ecosystem,
this thesis presents a design and prototype implementation of a novel secure
IoT hub, consisting of various built-in security mechanisms that satisfy key security
properties (e.g. authentication, confidentiality, access control) applicable to a range of
devices. The effectiveness of the hub was evaluated within a smart home IoT network
upon which popular cyber attacks were deployed.
To further enhance the security of the IoT environment, the initial experiments towards
the development of a three-layered Intrusion Detection System (IDS) is proposed. The
IDS aims to: 1) classify IoT devices, 2) identify malicious or benign network packets,
and 3) identify the type of attack which has occurred. To support the classification
experiments, real network data was collected from a smart home testbed, where a range
of cyber attacks from four main attack types were targeted towards the devices.
Lastly, the robustness of the IDS was further evaluated against Adversarial Machine
Learning (AML) attacks. Such attacks may target models by generating adversarial
samples which aim to exploit the weaknesses of the pre-trained model, consequently
bypassing the detector. This thesis presents a first approach towards automatically
generating adversarial malicious DoS IoT network packets. The analysis further explores how
adversarial training can enhance the robustness of the IDS