Recently, deep learning has been successfully applied to network security assessments and intrusion detection systems (IDSs) with various breakthroughs such as using Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) to classify malicious traffic. However, these state-of-the-art systems also face tremendous challenges to satisfy real-time analysis requirements due to the major delay of the flow-based data preprocessing, i.e., requiring time for accumulating the packets into particular flows and then extracting features. If detecting malicious traffic can be done at the packet level, detecting time will be significantly reduced, which makes the online real-time malicious traffic detection based on deep learning technologies become very promising. With the goal of accelerating the whole detection process by considering a packet level classification, which has not been studied in the literature, in this research, we propose a novel approach in building the malicious classification system with the primary support of word embedding and the LSTM model. Specifically, we propose a novel word embedding mechanism to extract packet semantic meanings and adopt LSTM to learn the temporal relation among fields in the packet header and for further classifying whether an incoming packet is normal or a part of malicious traffic. The evaluation results on ISCX2012, USTC-TFC2016, IoT dataset from Robert Gordon University and IoT dataset collected on our Mirai Botnet show that our approach is competitive to the prior literature which detects malicious traffic at the flow level. While the network traffic is booming year by year, our first attempt can inspire the research community to exploit the advantages of deep learning to build effective IDSs without suffering significant detection delay.
Various attacks have emerged as the major threats to the success of a connected world like the Internet of Things (IoT), in which billions of devices interact with each other to facilitate human life. By exploiting the vulnerabilities of cheap and insecure devices such as IP cameras, an attacker can create hundreds of thousands of zombie devices and then launch massive volume attacks to take down any target. For example, in 2016, a record large-scale DDoS attack launched by millions of Mirai-injected IP cameras and smart printers blocked the accessibility of several high-profile websites. To date, the state-of-the-art defense systems against such attacks rely mostly on pre-defined features extracted from the entire flows or signatures. The feature definitions are manual, and it would be too late to block a malicious flow after extracting the flow features. In this work, we present an effective anomaly traffic detection mechanism, namely D-PACK, which consists of a Convolutional Neural Network (CNN) and an unsupervised deep learning model (e.g., Autoencoder) for auto-profiling the traffic patterns and filtering abnormal traffic. Notably, D-PACK inspects only the first few bytes of the first few packets in each flow for early detection. Our experimental results show that, by examining just the first two packets in each flow, D-PACK still performs with nearly 100% accuracy, while features an extremely low false-positive rate, e.g., 0.83%. The design can inspire the emerging efforts towards online anomaly detection systems that feature reducing the volume of processed packets and blocking malicious flows in time.
Low Power Wireless (LPW) networks have recently been emerging as key candidates to offer affordable connectivity for the constrained devices in the Internet of Things (IoT). However, they also raise major security concerns due to the inherent security vulnerabilities of built-in communication protocols. By exploiting these flaws, an adversary can attack sensors or actuators in an LPW network and force them to execute energy-hungry tasks such as verifying unauthenticated garbage messages repeatedly. This attack, namely energy depletion attack (EDA), can drain the batteries of the devices rapidly and lead to soaring network-wide energy expenditure. Consequently, the offense can leave the victims disabled, and even shut down the whole network due to the battery exhaustion of all the devices. In this paper, we investigate existing studies and provide a systematic review of EDAs and defenses in LPW networks. Through this work, we conclude that most existing LPW technologies are vulnerable to EDAs. This paper also indicates the security challenges in LPW networks related to EDAs along with the potential research directions. While LPW technologies have already hit the market with the promising deployment schedules, our attempt can inspire the research community to enhance the security of underlying protocols that will shape the connectivity of billions of devices in the future IoT ecosystem.INDEX TERMS Energy depletion attacks, IoT security, IoT embedded devices, low power wireless sensor networks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.