Eman Maali
ABSTRACT
The number of IoT devices continues to grow despite the alarming rate of identification of security and privacy issues. There is widespread concern that development of IoT devices is performed without sufficient attention paid to security and privacy issues. Consequently, networks have a higher probability of incorporating vulnerable IoT devices that may be easy to compromise to launch cyber attacks. Inclusion of IoT devices paves the way for a new category of anomalies to be introduced to networks. Traditional anomaly detection techniques (e.g., semi-supervised and signature-based methods), however, are likely inefficient in detecting IoT-based anomalies. This is because these techniques require static signatures of known attacks, specialized hardware, or full packet inspection. They are also expensive, and may be inaccurate or unscalable. Vulnerable IoT devices can be used to perform destructive attacks or invade privacy. The ability to find anomalies in IoT traffic has the potential to assist with early detection and deployment of countermeasures to thwart such attacks. Thus, new techniques for detecting infected IoT devices are needed to mitigate the associated security and privacy risks. In this research, we investigate the possibility to identify IoT traffic using a combination of behavioural profile, predefined blocklist and device fingerprint. Such a system may be able to detect anomalous and/or malicious devices and/or traffic reliably and quickly. Initial results show that for our implementation of such a system, IoT traffic can be identified using device behaviour profile, fingerprint, and contacted destinations. This work takes the first step towards designing and evaluating iDetector, a framework that can detect anomalous behaviour within IoT networks. In our experiments, iDetector was able to correctly identify 80--90% of all captured traffic traversing a home gateway.
- Ross Anderson. 2008. Security engineering. John Wiley & Sons.Google Scholar
- Cisco. [n.d.]. Cisco 2018 Annual Cybersecurity Report. Technical Report.Google Scholar
- Daniel J Dubois, Roman Kolcun, Anna Maria Mandalari, Muhammad Talha Paracha, David Choffnes, and Hamed Haddadi. 2020. When Speakers Are All Ears: Characterizing Misactivations of IoT Smart Speakers. Proceedings on Privacy Enhancing Technologies 2020, 4 (2020), 255--276.Google ScholarCross Ref
- Ayyoob Hamza, Hassan Habibi Gharakheili, Theophilus A Benson, and Vijay Sivaraman. 2019. Detecting volumetric attacks on loT devices via SDN-based monitoring of MUD activity. In Proceedings of the 2019 ACM Symposium on SDN Research. 36--48.Google ScholarDigital Library
- Danny Yuxing Huang, Noah Apthorpe, Frank Li, Gunes Acar, and Nick Feamster. 2020. Iot inspector: Crowdsourcing labeled network traffic from smart home devices at scale. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 4, 2 (2020), 1--21.Google ScholarDigital Library
- E. Lear, R. Droms, and D. Romascanu. 2019. Manufacturer Usage Description Specification. RFC 8520 (Proposed Standard). Google ScholarDigital Library
- Anna Maria Mandalari, Roman Kolcun, Hamed Haddadi, Daniel J Dubois, and David Choffnes. 2020. Towards Automatic Identification and Blocking of Non-Critical IoT Traffic Destinations. IEEE Security and Privacy Workshops on Technology and Consumer Protection (2020).Google Scholar
- Jingjing Ren, Daniel J. Dubois, David Choffnes, Anna Maria Mandalari, Roman Kolcun, and Hamed Haddadi. 2019. Information Exposure for Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach. In Proc. of the Internet Measurement Conference (IMC).Google ScholarDigital Library
- Andrew Tannenbaum. [n.d.]. Why Do IoT Companies Keep Building Devices with Huge Security Flaws? https://hbr.org/2017/04/why-do-iot-companies-keep-building-devices-with-huge-security-flawsGoogle Scholar
Index Terms
Towards identifying IoT traffic anomalies on the home gateway: poster abstract
Recommendations
Machine learning-based early detection of IoT botnets using network-edge traffic
Highlights- EDIMA, an early IoT botnet detection solution meant for deployment at home network gateways, has been presented.
AbstractIn this work, we present an IoT botnet detection solution, EDIMA, consisting of a set of lightweight modules designed to be deployed at the edge gateway installed in home networks with the remaining modules expected to be implemented ...
The rise of traffic classification in IoT networks: A survey
AbstractWith the proliferation of the Internet of Things (IoT), the integration and communication of various objects have become a prevalent practice. The huge growth of IoT devices and different characteristics in the IoT traffic patterns ...
Anomaly traffic detection in IoT security using graph neural networks
AbstractThe number of Internet of Things (IoT) devices is expanding quickly as IoT gradually spreads to all aspects of life. At the same time, IoT devices have emerged as a new attack medium for attack groups, and IoT security becomes an ...
Comments