Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
126 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Self-adaptive Traffic Anomaly Detection System for IoT Smart Home Environments (2403.02744v1)

Published 5 Mar 2024 in cs.CR

Abstract: With the growth of internet of things (IoT) devices, cyberattacks, such as distributed denial of service, that exploit vulnerable devices infected with malware have increased. Therefore, vendors and users must keep their device firmware updated to eliminate vulnerabilities and quickly handle unknown cyberattacks. However, it is difficult for both vendors and users to continually keep the devices safe because vendors must provide updates quickly and the users must continuously manage the conditions of all deployed devices. Therefore, to ensure security, it is necessary for a system to adapt autonomously to changes in cyberattacks. In addition, it is important to consider network-side security that detects and filters anomalous traffic at the gateway to comprehensively protect those devices. This paper proposes a self-adaptive anomaly detection system for IoT traffic, including unknown attacks. The proposed system comprises a honeypot server and a gateway. The honeypot server continuously captures traffic and adaptively generates an anomaly detection model using real-time captured traffic. Thereafter, the gateway uses the generated model to detect anomalous traffic. Thus, the proposed system can adapt to unknown attacks to reflect pattern changes in anomalous traffic based on real-time captured traffic. Three experiments were conducted to evaluate the proposed system: a virtual experiment using pre-captured traffic from various regions across the world, a demonstration experiment using real-time captured traffic, and a virtual experiment using a public dataset containing the traffic generated by malware. The experimental results indicate that a system adaptable in real time to evolving cyberattacks is a novel approach for ensuring the comprehensive security of IoT devices against both known and unknown attacks.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (60)
  1. S. Kumar, P. Tiwari, and M. Zymbler, “Internet of things is a revolutionary approach for future technology enhancement: a review,” J. Big Data, vol. 6, no. 111, pp. 243–259, Dec. 2019, doi: 10.1186/s40537-019-0268-2.
  2. M. Alaa, A.A. Zaidan, B.B. Zaidan, M. Talal, and M.L.M. Kiah, “A review of smart home applications based on internet of things,” J. Netw. Comput. Applications, Vol. 97, no. 1, pp.48–65, Nov. 2017, doi: 10.1016/j.jnca.2017.08.017.
  3. IoT Analytics, “State of IoT 2022: Number of connected IoT devices growing 18% to 14.4 billion globally,” https://iot-analytics.com/number-connected-iot-devices.
  4. A. Munshi, N. A. Alqarni, and N. A. Almalki, “DDoS attack on IoT devices,” 2020 3rd Int. Conf. Comput. Appl. & Inform. Secur. (ICCAIS 2020), pp. 1–5, Riyadh, Saudi Arabia, March 2020, doi: 10.1109/ICCAIS48893.2020.9096818.
  5. C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS in the IoT: Mirai and other botnets,” Computer, vol. 50, no. 7, pp. 80–84, July 2017, doi: 10.1109/MC.2017.201.
  6. M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J.A. Halderman, L. Invernizzi, M. Kallitsis, D. Kumar, C. Lever, Z. Ma, J. Mason, D. Menscher, C. Seaman, N. Sullivan, K. Thomas, and Y. Zhou, “Understanding the mirai botnet,” 26th USENIX Conf. Sec. Symp. (SEC 2017), pp. 1093–1110, Vancouver, Canada, Aug. 2017, doi: 10.5555/3241189.3241275.
  7. KrebsOnSecurity, “KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”,” https://krebsonsecurity.com/2021/09/krebsonsecurity-hit-by-huge-new-iot-botnet-meris.
  8. N. Yousefnezhad, A. Malhi, and K. Främling, “Security in product lifecycle of IoT devices: A survey,” J. Netw. Comput. Applications, vol. 171, no. 1, pp. 1–40, Dec. 2020, doi: 10.1016/j.jnca.2020.102779.
  9. A. Kolehmainen, “Secure firmware updates for IoT: A survey,” 2018 IEEE Int. Cong. Cybermatics, Halifax, Canada, pp. 112–117, July-Aug. 2018, doi: 10.1109/Cybermatics 2018.2018.00051.
  10. K. Zandberg, K. Schleiser, F. Acosta, H. Tschofenig, and E. Baccelli, “Secure firmware updates for constrained IoT devices using open standards: A reality check,” IEEE Access, vol. 7, pp. 71907–71920, May 2019, doi: 10.1109/ACCESS.2019.2919760.
  11. X. Feng, X. Zhu, Q.-L. Han, and W. Zhou, “Detecting vulnerability on IoT device frimware: A survey,” IEEE/CAA J. Automatica Sinca, vol. 10, no. 1, pp. 25–41, Jan. 2023, doi: 10.1109/JAS.2022.105860.
  12. A. Bhardwaj, K. Kaushik, M. Alshehri, A.A.-B. Mohamed, and I. Keshta, “ISF: Security analysis and assessment of smart home IoT-based firmware,” ACM Trans. Sensor Netw., pp. 1–19, Jan. 2023, doi: 10.1145/3578363.
  13. M. Fahim and A. Sillitti, “Anomaly detection analysis and prediction techniques in IoT environment: a systematic literature review,” IEEE Access, vol. 7, pp. 81664–81681, June 2019, doi: 10.1109/ACCESS.2019.2921912.
  14. Z. Ji, Y. Wang, K. Yan, X. Xie, Y. Xiang, and J. Huang, “A space-embedding strategy for anomaly detection in multivariate time series,” Expert Syst. Appl., vol. 206, pp. 117892–117907, Nov. 2022, doi: 10.1016/j.eswa.2022.117892.
  15. M. Hu, X. Feng, Z. Ji, K. Yan, and S. Zhou, “A novel computational approach for discord search with local recurrence rates in multivariate time series,” Inf. Sci., vol. 477, pp. 220–233, March 2019, doi: 10.1016/j.ins.2018.10.047.
  16. N. Sarwar, I.S. Bajwa, M.Z. Hussain, M. Ibrahim, and K. Saleem, “IoT network anomaly detection in smart homes using machine learning,” IEEE Access, vol. 11, pp. 119462–119480, Oct. 2023, doi: 10.1109/ACCESS.2023.3325929.
  17. H. Nguyen-An, T. Silverston, T. Yamazaki, and T. Miyoshi, “Generating IoT traffic: a case study on anomaly detection,” 2020 IEEE Int. Symp. Local Metropolitan Area Netw. (LANMAN), pp. 1–6, Virtual Conference, July 2020, doi: 10.1109/LANMAN49260.2020.9153235.
  18. R. Samrin and D. Vasumathi, “Review on anomaly based network intrusion detection system,” 2017 Int. Conf. Electr. Elect. Commun. Comput. Optimization Tech. (ICEECCOT 2017), pp. 141–147, Mysuru, India, Dec. 2017, doi: 10.1109/ICEECCOT.2017.8284655.
  19. I. Alrashdi, A. Alqazzaz, E. Aloufi, R. Alharthi, M. Zohdy, and H. Ming, “Ad-IoT: Anomaly detection of IoT cyberattacks in smart city using machine learning,” 2019 IEEE 9th Ann. Comput. Commun. Workshop and Conf. (CCWC 2019), pp. 305–310, Las Vegas, USA, Jan. 2019, doi: 10.1109/CCWC.2019.8666450.
  20. N. Moustafa and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” 2015 IEEE Mil. Commun. Inform. Syst. Conf. (MilCIS 2015), pp. 1–6, Canberra, Australia, Nov. 2015, doi: 10.1109/MilCIS.2015.7348942.
  21. D. H. Summerville, K. M. Zach, and Y. Chen, “Ultra-lightweight deep packet anomaly detection for Internet of Things devices,” 2015 IEEE Int. Perform. Comput Commun. Conf. (IPCCC 2015), pp. 1–8, Nanjing, China, Dec. 2015, doi: 10.1109/PCCC.2015.7410342.
  22. A. Hekmati, E. Grippo, and B. Krishnamachari, “Neural networks for DDoS attack detection using an enhanced urban IoT dataset,” 2022 Int. Conf. Comput. Commun. Netw. (ICCCN 2022), pp. 1–8, Honolulu, USA, July 2022, doi: 10.1109/ICCCN54977.2022.9868942.
  23. R. Doshi, N. Apthorpe, and N. Feamster, “Machine learning DDoS detection for consumer Internet of Things devices,” 2018 IEEE Sec. Privacy Workshops (SPW 2018), pp. 29–35, San Francisco, USA, May 2018, doi: 10.1109/SPW.2018.00013.
  24. A. Gaurav, B. B. Gupta, C.-H. Hsu, S. Yamaguchi, and K. T. Chui, “Fog layer-based DDoS attack detection approach for Internet-of-Things (IoTs) devices,” 2021 IEEE Int. Conf. Cosum. Electron. (ICCE 2021), pp. 1–5, Las Vegas, USA, Jan. 2021, doi: 10.1109/ICCE50685.2021.9427648.
  25. A. Kumar and T. J. Lim, “EDIMA: Early detection of IoT malware network activity using machine learning techniques,” 2019 IEEE 5th World Forum on Internet of Things (WF-IoT 2019), pp. 289–294, Limerick, Ireland, April 2019, doi: 10.1109/WF-IoT.2019.8767194.
  26. S. Nõmm and H. Bahşi, “Unsupervised anomaly based botnet detection in IoT networks,” 2018 17th IEEE Int. Conf. Mach. Learn. Appl. (ICMLA 2018), pp. 1048–1053, Orlando, USA, Dec. 2018, doi: 10.1109/ICMLA.2018.00171.
  27. O. E. Par, E. A. Sezer, and H. Sever, “Small and unbalanced data set problem in classification,” 2019 IEEE 27th Sig. Proc. Commun. Appl. Conf. (SIU 2019), pp. 1–4, Sivas, Turkey, April 2019, doi: 10.1109/SIU.2019.8806497.
  28. K. Fujiwara, M. Shigeno, and U. Sumita, “A new approach for developing segmentation algorithms for strongly imbalanced data,” IEEE Access, vol. 7, pp. 82970–82977, June 2019, doi: 10.1109/ACCESS.2019.2923524.
  29. T-Pot - The All In One Honeypot Platform, https://github.com/telekom-security/tpotce.
  30. ADBHoney: Low interaction honeypot designed for Android Debug Bridge over TCP/IP, https://github.com/huuck/ADBHoney.
  31. CitrixHoneypot: Detect and log CVE-2019-19781 scan and exploitation attempts, https://github.com/MalwareTech/CitrixHoneypot.
  32. Conpot – Low interaction server side ICS honeypot – The Honeynet Project, https://www.honeynet.org/projects/active/conpot.
  33. Cowrie: Cowrie SSH/Telnet Honeypot, https://github.com/cowrie/cowrie.
  34. Dicompot: DICOM Honeypot, https://github.com/nsmfoo/dicompot.
  35. Dionaea – Catching bugs – The Honeynet Project, https://www.honeynet.org/projects/active/dionaea.
  36. ElasticPot: An Elasticsearch honeypot, https://github.com/bontchev/elasticpot.
  37. Heralding: Credentials catching honeypot, https://github.com/johnnykv/heralding.
  38. HoneySAP: SAP Low-interaction research honeypot, https://github.com/OWASP/HoneySAP.
  39. Mailoney: An SMTP Honeypot, https://github.com/phin3has/mailoney.
  40. Medpot: HL7 / FHIR honeypot, https://github.com/schmalle/medpot.
  41. RDPY: Remote Desktop Protocol in Twisted Python, https://github.com/citronneur/rdpy.
  42. Snare and Tanner – The Honeynet Project, https://www.honeynet.org/projects/active/snare-and-tanner.
  43. Honeytrap – The Honeynet Project, https://www.honeynet.org/projects/active/honeytrap.
  44. Microsoft Azure, https://azure.microsoft.com/en-us.
  45. plala, https://www.plala.or.jp.
  46. S. Garcia, A. Parmisano, and M.J. Erquiaga, “IoT-23: A labeled dataset with malicious and benign IoT network traffic,” Zenodo, Jan. 2020, doi: 10.5281/zenodo.4743746.
  47. S. Edwards and I. Profetis, “Hajime: Analysis of a decentralized internet worm for IoT devices,” Rapid. Netw., Oct. 2016, https://www.cs.umd.edu/class/spring2021/cmsc614/papers/hajime-rapidity.pdf.
  48. ZDNET, “New Hakai IoT botnet takes aim at D-Link, Huawei, and Realtek routers,” https://www.zdnet.com/article/new-hakai-iot-botnet-takes-aim-at-d-link-huawei-and-realtek-routers.
  49. C. Cortes and V. Vapnik, “Support-vector networks,” Mach. Learn., vol. 20, no. 1, pp. 273–297, Sep. 1995, doi: 10.1007/BF00994018.
  50. T. Cover and P. Hart, “Nearest neighbor pattern classification,” IEEE Trans. Inf., vol. 13, no. 1, pp. 21–27, Jan. 1967, doi: 10.1109/TIT.1967.1053964.
  51. L. Breiman, J.H. Friedman, R.A. Olshen, and C.J. Stone, “Classification and regression trees,” Wadsworth, Jan. 1984, doi: 10.2307/2530946.
  52. L. Breiman, “Random forests,” Mach. Learn., vol. 45, no. 1, pp. 5–32, Oct. 2001, doi: 10.1023/A:1010933404324.
  53. D.E. Rumelhart, G.E. Hinton, and R.J. Williams, “Learning representations by back-propagating errors,” Nature, vol. 323, no. 1, pp. 533–536, Oct. 1986, doi: 10.1038/323533a0.
  54. J.H. Friedman, “Greedy function approximation: A gradient boosting machine,” Ann. Statist., vol. 29, no. 5, pp. 1189–1232, Oct. 2001, doi: 10.1214/aos/1013203451.
  55. S.O. Arik and T. Pfister, “TabNet: Attentive interpretable tabular learning,” arXiv.org, arXiv:1908.07442v5, Dec. 2020, doi: 10.48550/arXiv.1908.07442.
  56. scikit-learn, https://scikit-learn.org.
  57. pytorch-tabnet, https://dreamquark-ai.github.io/tabnet.
  58. 360 Netlab Blog, “Botnets never Die, Satori REFUSES to Fade Away,” https://blog.netlab.360.com/botnets-never-die-satori-refuses-to-fade-away-en.
  59. NSFOCUS, “ADB.Mirai: New Mirai Botnet Variant Spreading via the ADB Debug Port,” https://nsfocusglobal.com/adb-mirai-new-mirai-botnet-variant-spreading-via-the-adb-debug-port.
  60. T. Li, A.K. Sahu, A. Talwalkar, and V. Smith, “Federated learning: Challenges, methods, and future directions,” IEEE Sig. Proc. Mag., vol. 37, no. 3, pp. 50–60, May 2020, doi: 10.1109/MSP.2020.2975749.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now