• PDF / 2,044,566 Bytes
• 19 Pages / 595.276 x 790.866 pts Page_size
• 91 Downloads / 191 Views

DOWNLOAD

REPORT

(0123456789().,-volV)(0123456789(). ,- volV)

TempoCode-IoT: temporal codebook-based encoding of flow features for intrusion detection in Internet of Things Abdul Jabbar Siddiqui1

•

Azzedine Boukerche1

Received: 18 March 2020 / Revised: 14 June 2020 / Accepted: 8 July 2020 Ó Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract In the recent years, the Internet of Things has been becoming a vulnerable target of intrusion attacks. As the academia and industry move towards bringing the Internet of Things (IoT) to every sector of our lives, much attention needs to be given to develop advanced Intrusion Detection Systems (IDS) to detect such attacks. In this work, we propose a novel networkbased intrusion detection method which learns patterns of benign flows in a temporal codebook. Based on the temporally learnt codebook, we propose a feature representation method to transform the raw flow-based statistical features into more discriminative representations, called TempoCode-IoT. We develop an ensemble of machine learning-based classifiers optimized to discriminate the malicious flows from the benign ones, based on the proposed TempoCode-IoT. The effectiveness of the proposed method is empirically evaluated on a state-of-the-art realistic intrusion detection dataset as well as on a real botnet-infected IoT dataset, achieving high accuracies and low false positive rates across a variety of intrusion attacks. Moreover, the proposed method outperforms several state-of-the-art works based on the used datasets, proving the effectiveness of Tempo-Code-IoT over raw flow features, both in terms of accuracies and processing speeds. Keywords Intrusion detection systems  Denial of service attacks  Botnet attacks detection  Network Management  Internet of things security

1 Introduction The unprecedented evolution of networks with a growing plethora of connected devices and things are reshaping the landscape of an Internet-of-Things (IoT). Ranging from devices such as indoor or outdoor surveillance cameras, electrical and mechanical appliances, mobile user-worn devices such as smart watches or health monitors, to connected vehicles and vehicular components, industrial systems, and connected smart cities, the IoT landscape is continuously evolving (see Fig. 1). Due to the increasing diversity of devices, networks and services in an IoT ecosystem, the vulnerabilities of each constituent technology could be agglomerated, giving rise & Abdul Jabbar Siddiqui [email protected] Azzedine Boukerche [email protected] 1

to novel threats and attack vectors [9, 15, 27, 36]. This poses danger not only to the devices but also to life and property. Consider these recent reports for example. A large pool of internet-connected devices were compromised to conduct distributed denial of service (DDoS) attacks on critical networks [22]. Another serious example is of the Mirai botnet-based attack which exploited IoT devices to attack many popular web-based services and platforms that became inaccessible [16]. T

Recommend Documents

A Cross-Layer Intrusion Detection System for RPL-Based Internet of Things

166 84 28MB

Multi-level host-based intrusion detection system for Internet of things

181 15 1MB

Dynamic Modeling of Internet Traffic for Intrusion Detection

219 55 2MB

DNS Rebinding Detection for Local Internet of Things Devices

196 111 57MB

Internet of Things for Vessels

182 51 49MB

Narrowband Internet of Things

177 15 49MB

Internet of Things

194 35 30MB

Medical Internet of Things

186 40 49MB

Social Internet of Things

162 62 49MB

Healthcare Internet of Things

169 18 49MB

Statically Dissecting Internet of Things Malware: Analysis, Characterization, and Detection

257 22 30MB

Internet of Medical Things

182 95 49MB