-
Detecting Compromised IoT Devices Using Autoencoders with Sequential Hypothesis Testing
Authors:
Md Mainuddin,
Zhenhai Duan,
Yingfei Dong
Abstract:
IoT devices fundamentally lack built-in security mechanisms to protect themselves from security attacks. Existing works on improving IoT security mostly focus on detecting anomalous behaviors of IoT devices. However, these existing anomaly detection schemes may trigger an overwhelmingly large number of false alerts, rendering them unusable in detecting compromised IoT devices. In this paper we dev…
▽ More
IoT devices fundamentally lack built-in security mechanisms to protect themselves from security attacks. Existing works on improving IoT security mostly focus on detecting anomalous behaviors of IoT devices. However, these existing anomaly detection schemes may trigger an overwhelmingly large number of false alerts, rendering them unusable in detecting compromised IoT devices. In this paper we develop an effective and efficient framework, named CUMAD, to detect compromised IoT devices. Instead of directly relying on individual anomalous events, CUMAD aims to accumulate sufficient evidence in detecting compromised IoT devices, by integrating an autoencoder-based anomaly detection subsystem with a sequential probability ratio test (SPRT)-based sequential hypothesis testing subsystem. CUMAD can effectively reduce the number of false alerts in detecting compromised IoT devices, and moreover, it can detect compromised IoT devices quickly. Our evaluation studies based on the public-domain N-BaIoT dataset show that CUMAD can on average reduce the false positive rate from about 3.57% using only the autoencoder-based anomaly detection scheme to about 0.5%; in addition, CUMAD can detect compromised IoT devices quickly, with less than 5 observations on average.
△ Less
Submitted 21 April, 2024;
originally announced April 2024.
-
IoT Device Identification Based on Network Traffic Characteristics
Authors:
Md Mainuddin,
Zhenhai Duan,
Yingfei Dong,
Shaeke Salman,
Tania Taami
Abstract:
IoT device identification plays an important role in monitoring and improving the performance and security of IoT devices. Compared to traditional non-IoT devices, IoT devices provide us with both unique challenges and opportunities in detecting the types of IoT devices. Based on critical insights obtained in our previous work on understanding the network traffic characteristics of IoT devices, in…
▽ More
IoT device identification plays an important role in monitoring and improving the performance and security of IoT devices. Compared to traditional non-IoT devices, IoT devices provide us with both unique challenges and opportunities in detecting the types of IoT devices. Based on critical insights obtained in our previous work on understanding the network traffic characteristics of IoT devices, in this paper we develop an effective machine-learning based IoT device identification scheme, named iotID. In develo** iotID, we extract 70 features of TCP flows from three complementary aspects: remote network servers and port numbers, packet-level traffic characteristics such as packet inter-arrival times, and flow-level traffic characteristics such as flow duration. Different from existing work, we take into account the imbalance nature of network traffic generated by various devices in both the learning and evaluation phases of iotID. Our performance studies based on network traffic collected on a typical smart home environment consisting of both IoT and non-IoT devices show that iotID can achieve a balanced accuracy score of above 99%.
△ Less
Submitted 17 December, 2022;
originally announced December 2022.
-
Network Traffic Characteristics of IoT Devices in Smart Homes
Authors:
Md Mainuddin,
Zhenhai Duan,
Yingfei Dong
Abstract:
Understanding network traffic characteristics of IoT devices plays a critical role in improving both the performance and security of IoT devices, including IoT device identification, classification, and anomaly detection. Although a number of existing research efforts have developed machine-learning based algorithms to help address the challenges in improving the security of IoT devices, none of t…
▽ More
Understanding network traffic characteristics of IoT devices plays a critical role in improving both the performance and security of IoT devices, including IoT device identification, classification, and anomaly detection. Although a number of existing research efforts have developed machine-learning based algorithms to help address the challenges in improving the security of IoT devices, none of them have provided detailed studies on the network traffic characteristics of IoT devices. In this paper we collect and analyze the network traffic generated in a typical smart homes environment consisting of a set of common IoT (and non-IoT) devices. We analyze the network traffic characteristics of IoT devices from three complementary aspects: remote network servers and port numbers that IoT devices connect to, flow-level traffic characteristics such as flow duration, and packet-level traffic characteristics such as packet inter-arrival time. Our study provides critical insights into the operational and behavioral characteristics of IoT devices, which can help develop more effective security and performance algorithms for IoT devices.
△ Less
Submitted 4 September, 2021;
originally announced September 2021.