Multi-level host-based intrusion detection system for Internet of things
- PDF / 1,417,867 Bytes
- 16 Pages / 595 x 791 pts Page_size
- 15 Downloads / 214 Views
Journal of Cloud Computing: Advances, Systems and Applications
RESEARCH
Open Access
Multi-level host-based intrusion detection system for Internet of things Robin Gassais1 , Naser Ezzati-Jivan2*
, Jose M. Fernandez1 , Daniel Aloise1 and Michel R. Dagenais1
Abstract The growth of the Internet of things (IoT) has ushered in a new area of inter-connectivity and innovation in the home. Many devices, once separate, can now be interacted with remotely, improving efficiency and organization. This, however, comes at the cost of rising security vulnerabilities. Vendors are competing to create and release quickly innovative connected objects, without focusing on the security issues. As a consequence, attacks involving smart devices, or targeting them, are proliferating, creating threats to user’s privacy and even their physical security. Additionally, the heterogeneous technologies involved in IoT make attempts to develop protection on smart devices much harder. Most of the intrusion detection systems developed for those platforms are based on network activity. However, on many systems, intrusions cannot easily or reliably be detected from network traces. We propose a novel host-based automated framework for intrusion detection. Our work combines user space and kernel space information and machine learning techniques to detect various kinds of intrusions in smart devices. Our solution use tracing techniques to automatically get devices behavior, process this data into numeric arrays to train several machine learning algorithms, and raise alerts whenever an intrusion is found. We implemented several machine learning algorithms, including deep learning ones, to achieve high detection capabilities, while adding little overhead on the monitored devices. We tested our solution within a realistic home automation system with actual threats. Keywords: Host-based intrusion detection system, Internet of things, Anomaly detection, Machine learning, Execution tracing
Introduction Cisco estimates approximately 50 billion smart devices connected to the Internet in 2020, or 6.58 things per inhabitant [1]. This refers to the connection of various embedded devices such as sensors, actuators, and vehicles able to interact with each other [2]. While this growth induces the production of innovative objects, like connected speakers able to respond to a verbal request or order products, it creates a huge security threat for consumers and companies, as attackers can gain access to devices within a home or office. In the race to develop innovative and profitable technology, security concerns are often secondary. The targeting of insecure devices can have far-reaching consequences, like the Mirai botnet *Correspondence: [email protected] Brock University, St. Catharines, Ontario, L2S 3A1, Canada Full list of author information is available at the end of the article 2
infecting poorly secured devices, using a default password, to launch one of the most powerful DDoS campaigns ever seen in 2016 [3] against the Dyn DNS server. This cyber-attac
Data Loading...
