Detecting Compromised IoT Devices Using Autoencoders with Sequential Hypothesis Testing

• URL: http://arxiv.org/abs/2404.13690v1
• Date: Sun, 21 Apr 2024 15:33:17 GMT
• Title: Detecting Compromised IoT Devices Using Autoencoders with Sequential Hypothesis Testing
• Authors: Md Mainuddin, Zhenhai Duan, Yingfei Dong,
• Abstract summary: Existing anomaly detection schemes may trigger an overwhelmingly large number of false alerts. We develop an effective and efficient framework, named CUMAD, to detect compromised IoT devices. We show that CUMAD can on average reduce the false positive rate from about 3.57% using only the autoencoder-based anomaly detection scheme to about 0.5%.
• Score: 1.4474137122906163
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: IoT devices fundamentally lack built-in security mechanisms to protect themselves from security attacks. Existing works on improving IoT security mostly focus on detecting anomalous behaviors of IoT devices. However, these existing anomaly detection schemes may trigger an overwhelmingly large number of false alerts, rendering them unusable in detecting compromised IoT devices. In this paper we develop an effective and efficient framework, named CUMAD, to detect compromised IoT devices. Instead of directly relying on individual anomalous events, CUMAD aims to accumulate sufficient evidence in detecting compromised IoT devices, by integrating an autoencoder-based anomaly detection subsystem with a sequential probability ratio test (SPRT)-based sequential hypothesis testing subsystem. CUMAD can effectively reduce the number of false alerts in detecting compromised IoT devices, and moreover, it can detect compromised IoT devices quickly. Our evaluation studies based on the public-domain N-BaIoT dataset show that CUMAD can on average reduce the false positive rate from about 3.57% using only the autoencoder-based anomaly detection scheme to about 0.5%; in addition, CUMAD can detect compromised IoT devices quickly, with less than 5 observations on average.

Related papers

• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• Constrained Twin Variational Auto-Encoder for Intrusion Detection in IoT Systems [30.16714420093091]
  Intrusion detection systems (IDSs) play a critical role in protecting billions of IoT devices from malicious attacks. This article proposes a novel deep neural network/architecture called Constrained Twin Variational Auto-Encoder (CTVAE) CTVAE can boost around 1% in terms of accuracy and Fscore in detection attack compared to the state-of-the-art machine learning and representation learning methods.
  arXiv  Detail & Related papers  (2023-12-05T04:42:04Z)
• Classification of cyber attacks on IoT and ubiquitous computing devices [49.1574468325115]
  This paper provides a classification of IoT malware. Major targets and used exploits for attacks are identified and referred to the specific malware. The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.
  arXiv  Detail & Related papers  (2023-12-01T16:10:43Z)
• Effective Intrusion Detection in Highly Imbalanced IoT Networks with Lightweight S2CGAN-IDS [48.353590166168686]
  Internet of Things (IoT) networks contain benign traffic far more than abnormal traffic, with some rare attacks. Most existing studies have been focused on sacrificing the detection rate of the majority class in order to improve the detection rate of the minority class. We propose a lightweight framework named S2CGAN-IDS to expand the number of minority categories in both data space and feature space.
  arXiv  Detail & Related papers  (2023-06-06T14:19:23Z)
• HoneyIoT: Adaptive High-Interaction Honeypot for IoT Devices Through Reinforcement Learning [10.186372780116631]
  We develop an adaptive high-interaction honeypot for IoT devices, called HoneyIoT. We first build a real device based attack trace collection system to learn how attackers interact with IoT devices. We then model the attack behavior through markov decision process and leverage reinforcement learning techniques to learn the best responses to engage attackers.
  arXiv  Detail & Related papers  (2023-05-10T19:43:20Z)
• Evaluating Short-Term Forecasting of Multiple Time Series in IoT Environments [67.24598072875744]
  Internet of Things (IoT) environments are monitored via a large number of IoT enabled sensing devices. To alleviate this issue, sensors are often configured to operate at relatively low sampling frequencies. This can hamper dramatically subsequent decision-making, such as forecasting.
  arXiv  Detail & Related papers  (2022-06-15T19:46:59Z)
• Intrusion Detection using Network Traffic Profiling and Machine Learning for IoT [2.309914459672557]
  A single compromised device can have an impact on the whole network and lead to major security and physical damages. This paper explores the potential of using network profiling and machine learning to secure IoT against cyber-attacks.
  arXiv  Detail & Related papers  (2021-09-06T15:30:10Z)
• DeepAuditor: Distributed Online Intrusion Detection System for IoT devices via Power Side-channel Auditing [0.0]
  This study aimed to design an online intrusion detection system called DeepAuditor for IoT devices via power auditing. We first proposed a lightweight power auditing device called Power Auditor. In order to protect data leakage and reduce networking redundancy, we also proposed a privacy-preserved inference protocol.
  arXiv  Detail & Related papers  (2021-06-24T03:32:23Z)
• Lightweight IoT Malware Detection Solution Using CNN Classification [2.288885651912488]
  The security aspect of IoT devices is an infant field, which is why it is our focus in this paper. We developed a system that can recognize malicious behavior of a specific IoT node on the network. Through convolutional neural network and monitoring, we were able to provide malware detection for IoT using a central node that can be installed within the network.
  arXiv  Detail & Related papers  (2020-10-13T10:56:33Z)
• IoT Device Identification Using Deep Learning [43.0717346071013]
  The growing use of IoT devices in organizations has increased the number of attack vectors available to attackers. The widely adopted bring your own device (BYOD) policy which allows an employee to bring any IoT device into the workplace and attach it to an organization's network also increases the risk of attacks. In this study, we applied deep learning on network traffic to automatically identify IoT devices connected to the network.
  arXiv  Detail & Related papers  (2020-02-25T12:24:49Z)
• Adaptive Anomaly Detection for IoT Data in Hierarchical Edge Computing [71.86955275376604]
  We propose an adaptive anomaly detection approach for hierarchical edge computing (HEC) systems to solve this problem. We design an adaptive scheme to select one of the models based on the contextual information extracted from input data, to perform anomaly detection. We evaluate our proposed approach using a real IoT dataset, and demonstrate that it reduces detection delay by 84% while maintaining almost the same accuracy as compared to offloading detection tasks to the cloud.
  arXiv  Detail & Related papers  (2020-01-10T05:29:17Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.