Towards Learning-automation IoT Attack Detection through Reinforcement
Learning
- URL: http://arxiv.org/abs/2006.15826v1
- Date: Mon, 29 Jun 2020 06:12:45 GMT
- Title: Towards Learning-automation IoT Attack Detection through Reinforcement
Learning
- Authors: Tianbo Gu, Allaukik Abhishek, Hao Fu, Huanle Zhang, Debraj Basu,
Prasant Mohapatra
- Abstract summary: Internet of Things (IoT) networks have unique characteristics, which make the attack detection more challenging.
In addition to the traditional high-rate attacks, the low-rate attacks are also extensively used by IoT attackers to obfuscate the legitimate traffic.
We propose a reinforcement learning-based attack detection model that can automatically learn and recognize the transformation of the attack pattern.
- Score: 14.363292907140364
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: As a massive number of the Internet of Things (IoT) devices are deployed, the
security and privacy issues in IoT arouse more and more attention. The IoT
attacks are causing tremendous loss to the IoT networks and even threatening
human safety. Compared to traditional networks, IoT networks have unique
characteristics, which make the attack detection more challenging. First, the
heterogeneity of platforms, protocols, software, and hardware exposes various
vulnerabilities. Second, in addition to the traditional high-rate attacks, the
low-rate attacks are also extensively used by IoT attackers to obfuscate the
legitimate and malicious traffic. These low-rate attacks are challenging to
detect and can persist in the networks. Last, the attackers are evolving to be
more intelligent and can dynamically change their attack strategies based on
the environment feedback to avoid being detected, making it more challenging
for the defender to discover a consistent pattern to identify the attack.
In order to adapt to the new characteristics in IoT attacks, we propose a
reinforcement learning-based attack detection model that can automatically
learn and recognize the transformation of the attack pattern. Therefore, we can
continuously detect IoT attacks with less human intervention. In this paper, we
explore the crucial features of IoT traffics and utilize the entropy-based
metrics to detect both the high-rate and low-rate IoT attacks. Afterward, we
leverage the reinforcement learning technique to continuously adjust the attack
detection threshold based on the detection feedback, which optimizes the
detection and the false alarm rate. We conduct extensive experiments over a
real IoT attack dataset and demonstrate the effectiveness of our IoT attack
detection framework.
Related papers
- Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS)
FLEKD enables a more flexible aggregation method than conventional model fusion techniques.
Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z) - Classification of cyber attacks on IoT and ubiquitous computing devices [49.1574468325115]
This paper provides a classification of IoT malware.
Major targets and used exploits for attacks are identified and referred to the specific malware.
The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.
arXiv Detail & Related papers (2023-12-01T16:10:43Z) - HoneyIoT: Adaptive High-Interaction Honeypot for IoT Devices Through
Reinforcement Learning [10.186372780116631]
We develop an adaptive high-interaction honeypot for IoT devices, called HoneyIoT.
We first build a real device based attack trace collection system to learn how attackers interact with IoT devices.
We then model the attack behavior through markov decision process and leverage reinforcement learning techniques to learn the best responses to engage attackers.
arXiv Detail & Related papers (2023-05-10T19:43:20Z) - Detecting Anomalous Microflows in IoT Volumetric Attacks via Dynamic
Monitoring of MUD Activity [1.294952045574009]
Anomaly-based detection methods are promising in finding new attacks.
There are certain practical challenges like false-positive alarms, hard to explain, and difficult to scale cost-effectively.
In this paper, we use SDN to enforce and monitor the expected behaviors of each IoT device.
arXiv Detail & Related papers (2023-04-11T05:17:51Z) - Illusory Attacks: Information-Theoretic Detectability Matters in Adversarial Attacks [76.35478518372692]
We introduce epsilon-illusory, a novel form of adversarial attack on sequential decision-makers.
Compared to existing attacks, we empirically find epsilon-illusory to be significantly harder to detect with automated methods.
Our findings suggest the need for better anomaly detectors, as well as effective hardware- and system-level defenses.
arXiv Detail & Related papers (2022-07-20T19:49:09Z) - Unsupervised Ensemble Based Deep Learning Approach for Attack Detection
in IoT Network [0.0]
Internet of Things (IoT) has altered living by controlling devices/things over the Internet.
To bring down the IoT network, attackers can utilise these devices to conduct a variety of network attacks.
In this paper, we have developed an unsupervised ensemble learning model that is able to detect new or unknown attacks in an IoT network from an unlabelled dataset.
arXiv Detail & Related papers (2022-07-16T11:12:32Z) - Machine Learning-Enabled IoT Security: Open Issues and Challenges Under
Advanced Persistent Threats [15.451585677257235]
Internet of Things (IoT) has cyber weaknesses due to the vulnerabilities in the wireless medium.
Advanced persistent threat (APT) is prominent for cybercriminals to compromise networks.
Machine learning (ML)-based methods are widely used against cyber threats in IoT networks with promising performance.
arXiv Detail & Related papers (2022-04-07T13:25:49Z) - The Feasibility and Inevitability of Stealth Attacks [63.14766152741211]
We study new adversarial perturbations that enable an attacker to gain control over decisions in generic Artificial Intelligence systems.
In contrast to adversarial data modification, the attack mechanism we consider here involves alterations to the AI system itself.
arXiv Detail & Related papers (2021-06-26T10:50:07Z) - TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack [46.79557381882643]
We present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack.
Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets.
TANTRA achieves an average success rate of 99.99% in network intrusion detection system evasion.
arXiv Detail & Related papers (2021-03-10T19:03:38Z) - IoT Behavioral Monitoring via Network Traffic Analysis [0.45687771576879593]
This thesis is the culmination of our efforts to develop techniques to profile the network behavioral pattern of IoTs.
We develop a robust machine learning-based inference engine trained with attributes from traffic patterns.
We demonstrate real-time classification of 28 IoT devices with over 99% accuracy.
arXiv Detail & Related papers (2020-01-28T23:13:12Z) - Adversarial vs behavioural-based defensive AI with joint, continual and
active learning: automated evaluation of robustness to deception, poisoning
and concept drift [62.997667081978825]
Recent advancements in Artificial Intelligence (AI) have brought new capabilities to behavioural analysis (UEBA) for cyber-security.
In this paper, we present a solution to effectively mitigate this attack by improving the detection process and efficiently leveraging human expertise.
arXiv Detail & Related papers (2020-01-13T13:54:36Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.