ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks
- URL: http://arxiv.org/abs/2302.07589v2
- Date: Thu, 16 Feb 2023 17:02:19 GMT
- Title: ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks
- Authors: Phillip Rieger, Marco Chilese, Reham Mohamed, Markus Miettinen,
Hossein Fereidooni, Ahmad-Reza Sadeghi
- Abstract summary: IoT devices control functions in smart homes and buildings, smart cities, and smart factories.
Existing approaches for detecting attacks are mostly limited to attacks directly compromising individual IoT devices.
We propose ARGUS, the first self-learning intrusion detection system for detecting contextual attacks on IoT environments.
- Score: 18.819756176569033
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: IoT application domains, device diversity and connectivity are rapidly
growing. IoT devices control various functions in smart homes and buildings,
smart cities, and smart factories, making these devices an attractive target
for attackers. On the other hand, the large variability of different
application scenarios and inherent heterogeneity of devices make it very
challenging to reliably detect abnormal IoT device behaviors and distinguish
these from benign behaviors. Existing approaches for detecting attacks are
mostly limited to attacks directly compromising individual IoT devices, or,
require predefined detection policies. They cannot detect attacks that utilize
the control plane of the IoT system to trigger actions in an
unintended/malicious context, e.g., opening a smart lock while the smart home
residents are absent.
In this paper, we tackle this problem and propose ARGUS, the first
self-learning intrusion detection system for detecting contextual attacks on
IoT environments, in which the attacker maliciously invokes IoT device actions
to reach its goals. ARGUS monitors the contextual setting based on the state
and actions of IoT devices in the environment. An unsupervised Deep Neural
Network (DNN) is used for modeling the typical contextual device behavior and
detecting actions taking place in abnormal contextual settings. This
unsupervised approach ensures that ARGUS is not restricted to detecting
previously known attacks but is also able to detect new attacks. We evaluated
ARGUS on heterogeneous real-world smart-home settings and achieve at least an
F1-Score of 99.64% for each setup, with a false positive rate (FPR) of at most
0.03%.
Related papers
- Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS)
FLEKD enables a more flexible aggregation method than conventional model fusion techniques.
Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z) - IoTWarden: A Deep Reinforcement Learning Based Real-time Defense System to Mitigate Trigger-action IoT Attacks [3.1449061818799615]
We build a reinforcement learning based real-time defense system for injection attacks.
Our experiments show that the proposed mechanism can effectively and accurately identify and defend against injection attacks with reasonable overhead.
arXiv Detail & Related papers (2024-01-16T06:25:56Z) - Classification of cyber attacks on IoT and ubiquitous computing devices [49.1574468325115]
This paper provides a classification of IoT malware.
Major targets and used exploits for attacks are identified and referred to the specific malware.
The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.
arXiv Detail & Related papers (2023-12-01T16:10:43Z) - An Intelligent Mechanism for Monitoring and Detecting Intrusions in IoT
Devices [0.7219077740523682]
This work proposes a Host-based Intrusion Detection Systems that leverages Federated Learning and Multi-Layer Perceptron neural networks to detected cyberattacks on IoT devices with high accuracy and enhancing data privacy protection.
arXiv Detail & Related papers (2023-06-23T11:26:00Z) - Detecting Anomalous Microflows in IoT Volumetric Attacks via Dynamic
Monitoring of MUD Activity [1.294952045574009]
Anomaly-based detection methods are promising in finding new attacks.
There are certain practical challenges like false-positive alarms, hard to explain, and difficult to scale cost-effectively.
In this paper, we use SDN to enforce and monitor the expected behaviors of each IoT device.
arXiv Detail & Related papers (2023-04-11T05:17:51Z) - Unsupervised Ensemble Based Deep Learning Approach for Attack Detection
in IoT Network [0.0]
Internet of Things (IoT) has altered living by controlling devices/things over the Internet.
To bring down the IoT network, attackers can utilise these devices to conduct a variety of network attacks.
In this paper, we have developed an unsupervised ensemble learning model that is able to detect new or unknown attacks in an IoT network from an unlabelled dataset.
arXiv Detail & Related papers (2022-07-16T11:12:32Z) - Zero-Query Transfer Attacks on Context-Aware Object Detectors [95.18656036716972]
Adversarial attacks perturb images such that a deep neural network produces incorrect classification results.
A promising approach to defend against adversarial attacks on natural multi-object scenes is to impose a context-consistency check.
We present the first approach for generating context-consistent adversarial attacks that can evade the context-consistency check.
arXiv Detail & Related papers (2022-03-29T04:33:06Z) - IoU Attack: Towards Temporally Coherent Black-Box Adversarial Attack for
Visual Object Tracking [70.14487738649373]
Adrial attack arises due to the vulnerability of deep neural networks to perceive input samples injected with imperceptible perturbations.
We propose a decision-based black-box attack method for visual object tracking.
We validate the proposed IoU attack on state-of-the-art deep trackers.
arXiv Detail & Related papers (2021-03-27T16:20:32Z) - TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack [46.79557381882643]
We present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack.
Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets.
TANTRA achieves an average success rate of 99.99% in network intrusion detection system evasion.
arXiv Detail & Related papers (2021-03-10T19:03:38Z) - IoT Device Identification Using Deep Learning [43.0717346071013]
The growing use of IoT devices in organizations has increased the number of attack vectors available to attackers.
The widely adopted bring your own device (BYOD) policy which allows an employee to bring any IoT device into the workplace and attach it to an organization's network also increases the risk of attacks.
In this study, we applied deep learning on network traffic to automatically identify IoT devices connected to the network.
arXiv Detail & Related papers (2020-02-25T12:24:49Z) - IoT Behavioral Monitoring via Network Traffic Analysis [0.45687771576879593]
This thesis is the culmination of our efforts to develop techniques to profile the network behavioral pattern of IoTs.
We develop a robust machine learning-based inference engine trained with attributes from traffic patterns.
We demonstrate real-time classification of 28 IoT devices with over 99% accuracy.
arXiv Detail & Related papers (2020-01-28T23:13:12Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.