Detecting Anomalous Microflows in IoT Volumetric Attacks via Dynamic
Monitoring of MUD Activity
- URL: http://arxiv.org/abs/2304.04987v1
- Date: Tue, 11 Apr 2023 05:17:51 GMT
- Title: Detecting Anomalous Microflows in IoT Volumetric Attacks via Dynamic
Monitoring of MUD Activity
- Authors: Ayyoob Hamza and Hassan Habibi Gharakheili and Theophilus A. Benson
and Gustavo Batista and Vijay Sivaraman
- Abstract summary: Anomaly-based detection methods are promising in finding new attacks.
There are certain practical challenges like false-positive alarms, hard to explain, and difficult to scale cost-effectively.
In this paper, we use SDN to enforce and monitor the expected behaviors of each IoT device.
- Score: 1.294952045574009
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: IoT networks are increasingly becoming target of sophisticated new
cyber-attacks. Anomaly-based detection methods are promising in finding new
attacks, but there are certain practical challenges like false-positive alarms,
hard to explain, and difficult to scale cost-effectively. The IETF recent
standard called Manufacturer Usage Description (MUD) seems promising to limit
the attack surface on IoT devices by formally specifying their intended network
behavior. In this paper, we use SDN to enforce and monitor the expected
behaviors of each IoT device, and train one-class classifier models to detect
volumetric attacks.
Our specific contributions are fourfold. (1) We develop a multi-level
inferencing model to dynamically detect anomalous patterns in network activity
of MUD-compliant traffic flows via SDN telemetry, followed by packet inspection
of anomalous flows. This provides enhanced fine-grained visibility into
distributed and direct attacks, allowing us to precisely isolate volumetric
attacks with microflow (5-tuple) resolution. (2) We collect traffic traces
(benign and a variety of volumetric attacks) from network behavior of IoT
devices in our lab, generate labeled datasets, and make them available to the
public. (3) We prototype a full working system (modules are released as
open-source), demonstrates its efficacy in detecting volumetric attacks on
several consumer IoT devices with high accuracy while maintaining low false
positives, and provides insights into cost and performance of our system. (4)
We demonstrate how our models scale in environments with a large number of
connected IoTs (with datasets collected from a network of IP cameras in our
university campus) by considering various training strategies (per device unit
versus per device type), and balancing the accuracy of prediction against the
cost of models in terms of size and training time.
Related papers
- Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS)
FLEKD enables a more flexible aggregation method than conventional model fusion techniques.
Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z) - TinyAD: Memory-efficient anomaly detection for time series data in
Industrial IoT [43.207210990362825]
We propose a novel framework named Tiny Anomaly Detection (TinyAD) to efficiently facilitate onboard inference of CNNs for real-time anomaly detection.
To reduce the peak memory consumption of CNNs, we explore two complementary strategies, in-place, and patch-by-patch memory rescheduling.
Our framework can reduce peak memory consumption by 2-5x with negligible overhead.
arXiv Detail & Related papers (2023-03-07T02:56:15Z) - Unsupervised Ensemble Based Deep Learning Approach for Attack Detection
in IoT Network [0.0]
Internet of Things (IoT) has altered living by controlling devices/things over the Internet.
To bring down the IoT network, attackers can utilise these devices to conduct a variety of network attacks.
In this paper, we have developed an unsupervised ensemble learning model that is able to detect new or unknown attacks in an IoT network from an unlabelled dataset.
arXiv Detail & Related papers (2022-07-16T11:12:32Z) - AdIoTack: Quantifying and Refining Resilience of Decision Tree Ensemble
Inference Models against Adversarial Volumetric Attacks on IoT Networks [1.1172382217477126]
We present AdIoTack, a system that highlights vulnerabilities of decision trees against adversarial attacks.
To assess the model for the worst-case scenario, AdIoTack performs white-box adversarial learning to launch successful volumetric attacks.
We demonstrate how the model detects all non-adversarial volumetric attacks on IoT devices while missing many adversarial ones.
arXiv Detail & Related papers (2022-03-18T08:18:03Z) - Semi-supervised Variational Temporal Convolutional Network for IoT
Communication Multi-anomaly Detection [3.3659034873495632]
Internet of Things (IoT) devices are constructed to build a huge communications network.
These devices are insecure in reality, it means that the communications network are exposed by the attacker.
In this paper, we propose SS-VTCN, a semi-supervised network for IoT multiple anomaly detection.
arXiv Detail & Related papers (2021-04-05T08:51:24Z) - Adversarial Attacks on Deep Learning Based Power Allocation in a Massive
MIMO Network [62.77129284830945]
We show that adversarial attacks can break DL-based power allocation in the downlink of a massive multiple-input-multiple-output (maMIMO) network.
We benchmark the performance of these attacks and show that with a small perturbation in the input of the neural network (NN), the white-box attacks can result in infeasible solutions up to 86%.
arXiv Detail & Related papers (2021-01-28T16:18:19Z) - Lightweight Collaborative Anomaly Detection for the IoT using Blockchain [40.52854197326305]
Internet of things (IoT) devices tend to have many vulnerabilities which can be exploited by an attacker.
Unsupervised techniques, such as anomaly detection, can be used to secure these devices in a plug-and-protect manner.
We present a distributed IoT simulation platform, which consists of 48 Raspberry Pis.
arXiv Detail & Related papers (2020-06-18T14:50:08Z) - IoT Device Identification Using Deep Learning [43.0717346071013]
The growing use of IoT devices in organizations has increased the number of attack vectors available to attackers.
The widely adopted bring your own device (BYOD) policy which allows an employee to bring any IoT device into the workplace and attach it to an organization's network also increases the risk of attacks.
In this study, we applied deep learning on network traffic to automatically identify IoT devices connected to the network.
arXiv Detail & Related papers (2020-02-25T12:24:49Z) - IoT Behavioral Monitoring via Network Traffic Analysis [0.45687771576879593]
This thesis is the culmination of our efforts to develop techniques to profile the network behavioral pattern of IoTs.
We develop a robust machine learning-based inference engine trained with attributes from traffic patterns.
We demonstrate real-time classification of 28 IoT devices with over 99% accuracy.
arXiv Detail & Related papers (2020-01-28T23:13:12Z) - Adaptive Anomaly Detection for IoT Data in Hierarchical Edge Computing [71.86955275376604]
We propose an adaptive anomaly detection approach for hierarchical edge computing (HEC) systems to solve this problem.
We design an adaptive scheme to select one of the models based on the contextual information extracted from input data, to perform anomaly detection.
We evaluate our proposed approach using a real IoT dataset, and demonstrate that it reduces detection delay by 84% while maintaining almost the same accuracy as compared to offloading detection tasks to the cloud.
arXiv Detail & Related papers (2020-01-10T05:29:17Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.