IoTArgos: A Multi-Layer Security Monitoring System for Internet-of-Things in Smart Homes

Wan, Yinxin; Xu, Kuai; Xue, Guoliang; Wang, Feng

doi:10.1109/infocom41043.2020.9155424

Cited by 52 publications

(22 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Wan et al [21] introduced IoTArgos, which in addition to supervised classification of the data communications of different smart home devices, has a "second stage" of detection using unsupervised learning for unknown attacks. This is a meaningful direction and has been evaluated on a wide range of COTS smart home devices.…”

Section: B Behaviour-based Smart Home Idsmentioning

confidence: 99%

Self-Configurable Cyber-Physical Intrusion Detection for Smart Homes Using Reinforcement Learning

Heartfield

Loukas

Bezemskij

et al. 2021

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

The modern Internet of Things (IoT)-based smart 1 home is a challenging environment to secure: devices change, 2 new vulnerabilities are discovered and often remain unpatched, 3 and different users interact with their devices differently and 4 have different cyber risk attitudes. A security breach's impact is 5 not limited to cyberspace, as it can also affect or be facilitated 6 in physical space, for example, via voice. In this environment, 7 intrusion detection cannot rely solely on static models that 8 remain the same over time and are the same for all users.9We present MAGPIE, the first smart home intrusion detection 10 system that is able to autonomously adjust the decision function 11 of its underlying anomaly classification models to a smart home's 12 changing conditions (e.g., new devices, new automation rules and 13 user interaction with them). The method achieves this goal by 14 applying a novel probabilistic cluster-based reward mechanism 15 to non-stationary multi-armed bandit reinforcement learning. 16 MAGPIE rewards the sets of hyperparameters of its underlying 17 isolation forest unsupervised anomaly classifiers based on the 18 cluster silhouette scores of their output. 19 Experimental evaluation in a real household shows that MAG-20 PIE exhibits high accuracy because of two further innovations: 21 it takes into account both cyber and physical sources of data; 22 and it detects human presence to utilise models that exhibit the 23 highest accuracy in each case. MAGPIE is available in open-24 source format, together with its evaluation datasets, so it can 25 benefit from future advances in unsupervised and reinforcement 26 learning and be able to be enriched with further sources of data 27 as smart home environments and attacks evolve.

show abstract

Section: B Behaviour-based Smart Home Idsmentioning

confidence: 99%

Self-Configurable Cyber-Physical Intrusion Detection for Smart Homes Using Reinforcement Learning

Heartfield

Loukas

Bezemskij

et al. 2021

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

show abstract

“…Dessa forma, é possível realizar uma escolha de quais variáveis utilizar, de forma a otimizar a implementação em linha (online), sem comprometer o desempenho da classificação. A proposta IoTArgos implementa um sistema de monitoramento de segurança multi-camadas, que coleta, analisa e caracteriza dados de comunicação de dispositivos IoT heterogêneos através de roteadores domésticos programáveis [Wan et al, 2020]. O sistema IoTArgos executa em 22 redes domésticas de três países diferentes, constituídas de 20 dispositivos IoT com diversas aplicações.…”

Section: A Privacidade Dos Dados Nas Redes 5gunclassified

Segurança em Redes 5G: Oportunidades e Desafios em Detecção de Anomalias e Predição de Tráfego Baseadas em Aprendizado de Máquina

Barbosa¹,

Bezerra²,

Medeiros³

et al. 2021

Minicursos Do XXI Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais

View full text Add to dashboard Cite

This chapter focuses on approaching and contextualizing the security of the fifthgeneration (5G) mobile networks, discussing network anomaly detection techniques through hybrid tools. Classical techniques for prediction, such as time series regression analysis and the Hidden Markov Model, are revisited. New anomaly detection and traffic prediction techniques based on deep learning are presented, such as recurrent neural networks, neural networks with long short-term memory, and convolutional neural networks. Finally, the challenges and new paradigms of the next-generation networks (6G) are presented. We also present a case study with a practical exercise to develop an example of anomaly detection and traffic prediction through open source and free tools. ResumoEste capítulo aborda e contextualiza a segurança das redes móveis de quinta geração (5G), discutindo técnicas de predição de tráfego e detecção de anomalias em redes através de ferramentas híbridas. Revisitam-se técnicas clássicas para predição de tráfego, como análise de regressão de séries temporais e Modelo Oculto de Markov. Novas técnicas de detecção de anomalia e predição de tráfego baseadas em aprendizado profundo são apresentadas, tais como redes neurais recorrentes, redes neurais com memória longa de curto prazo e redes neurais convolucionais. Por fim, são apresentados os desafios da próxima geração de rede móveis (6G), novos paradigmas e um estudo de caso com exercício prático de desenvolvimento de um exemplo de detecção de anomalia e predição de tráfego através de ferramentas livres de código aberto.

show abstract

“…ey built a devicespecific normal behavior model and through the GRU neural network model to detect the deviation of benign flow and malicious flow then isolated Infected devices. For solving the detection of unknown suspicious activities or zero-day attacks, the paper [16] designs a two-stage anomaly detection method based on machine learning. In the first stage, a supervised ML algorithm is used to identify known malicious behaviors.…”

Section: Iot Device Attack and Anomaly Detectionmentioning

confidence: 99%

“…e second type of solutions detects whether the device has been attacked within a period of time [14][15][16]. It usually uses statistical features over a period of time to achieve anomaly detection.…”

Section: Introductionmentioning

confidence: 99%

IoT-IE: An Information-Entropy-Based Approach to Traffic Anomaly Detection in Internet of Things

Sun

Tian

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

Security issues related to the Internet of Things (IoTs) have attracted much attention in many fields in recent years. One important problem in IoT security is to recognize the type of IoT devices, according to which different strategies can be designed to enhance the security of IoT applications. However, existing IoT device recognition approaches rarely consider traffic attacks, which might change the pattern of traffic and consequently decrease the recognition accuracy of different IoT devices. In this work, we first validate by experiments that traffic attacks indeed decrease the recognition accuracy of existing IoT device recognition approaches; then, we propose an approach called IoT-IE that combines information entropy of different traffic features to detect traffic anomaly. We then enhance the robustness of IoT device recognition by detecting and ignoring the abnormal traffic detected by our approach. Experimental evaluations show that IoT-IE can effectively detect abnormal behaviors of IoT devices in the traffic under eight different types of attacks, achieving a high accuracy value of 0.977 and a low false positive rate of 0.011. It also achieves an accuracy of 0.969 in a multiclassification experiment with 7 different types of attacks.

show abstract

IoTArgos: A Multi-Layer Security Monitoring System for Internet-of-Things in Smart Homes

Cited by 52 publications

References 31 publications

Self-Configurable Cyber-Physical Intrusion Detection for Smart Homes Using Reinforcement Learning

Self-Configurable Cyber-Physical Intrusion Detection for Smart Homes Using Reinforcement Learning

Segurança em Redes 5G: Oportunidades e Desafios em Detecção de Anomalias e Predição de Tráfego Baseadas em Aprendizado de Máquina

IoT-IE: An Information-Entropy-Based Approach to Traffic Anomaly Detection in Internet of Things

Contact Info

Product

Resources

About