Kalis — A System for Knowledge-Driven Adaptable Intrusion Detection for the Internet of Things

Midi, Daniele; Rullo, Antonino; Mudgerikar, Anand; Bertino, Elisa

doi:10.1109/icdcs.2017.104

Cited by 127 publications

(58 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Even in the larger domain of network traffic analysis, autoencoders have not been used as fully automated standalone malware detectors, but rather as preliminary tools for either feature learning [15] or dimensionality reduction [16], or at most as semimanual outlier detectors which substantially depend on human labeling for subsequent classification [17] or further inspection by security analysts [13]. 2) Unlike previous experimental studies on the detection of IoT botnets or IoT traffic anomalies which relied on emulated or simulated data ( [4], [7], [8], [10]), we perform empirical evaluation with real traffic data, gathered from nine commercial IoT devices infected by authentic botnets from two families. We examine Mirai and BASHLITE, two of the most common IoTbased botnets, which have already demonstrated [1] their harmful capabilities.…”

Section: Introductionmentioning

confidence: 99%

N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders

Meidan

Bohadana

Mathov

et al. 2018

IEEE Pervasive Comput.

1,017

518

View full text Add to dashboard Cite

The proliferation of IoT devices which can be more easily compromised than desktop computers has led to an increase in the occurrence of IoT-based botnet attacks. In order to mitigate this new threat there is a need to develop new methods for detecting attacks launched from compromised IoT devices and differentiate between hour and millisecond long IoT-based attacks. In this paper we propose and empirically evaluate a novel network-based anomaly detection method which extracts behavior snapshots of the network and uses deep autoencoders to detect anomalous network traffic emanating from compromised IoT devices. To evaluate our method, we infected nine commercial IoT devices in our lab with two of the most widely known IoT-based botnets, Mirai and BASHLITE. Our evaluation results demonstrated our proposed method's ability to accurately and instantly detect the attacks as they were being launched from the compromised IoT devices which were part of a botnet.

show abstract

Section: Introductionmentioning

confidence: 99%

N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders

Meidan

Bohadana

Mathov

et al. 2018

IEEE Pervasive Comput.

1,017

518

View full text Add to dashboard Cite

show abstract

“…Midi et al [15] proposed a self-adapting, knowledge-driven expert Intrusion Detection System (KALIS) is introduced which can change its performance after evaluating its efficiency. It is focused on network features and its protocols to improve detection efficiency.…”

Section: Hybrid Approaches To Intrusion Detectionmentioning

confidence: 99%

A Review of Performance, Energy and Privacy of Intrusion Detection Systems for IoT

et al. 2020

View full text Add to dashboard Cite

Internet of Things (IoT) is a disruptive technology with applications across diverse domains such as transportation and logistics systems, smart grids, smart homes, connected vehicles, and smart cities. Alongside the growth of these infrastructures, the volume and variety of attacks on these infrastructures has increased highlighting the significance of distinct protection mechanisms. Intrusion detection is one of the distinguished protection mechanisms with notable recent efforts made to establish effective intrusion detection for IoT and IoV. However, unique characteristics of such infrastructures including battery power, bandwidth and processors overheads, and the network dynamics can influence the operation of an intrusion detection system. This paper presents a comprehensive study of existing intrusion detection systems for IoT systems including emerging systems such as Internet of Vehicles (IoV). The paper analyzes existing systems in three aspects: computational overhead, energy consumption and privacy implications. Based on a rigorous analysis of the existing intrusion detection approaches, the paper also identifies open challenges for an effective and collaborative design of intrusion detection system for resource-constrained IoT system in general and its applications such as IoV. These efforts are envisaged to highlight state of the art with respect to intrusion detection for IoT and open challenges requiring specific efforts to achieve efficient intrusion detection within these systems.

show abstract

“…However, this comes at a cost of increased computational overhead due to the use of a symmetric key. (Midi et al 2017) proposed an intrusion detection system for IoT named Kalis. Kalis is placed at the border router to collect features of the network and use these to dynamically configure appropriate detection techniques.…”

Section: Related Workmentioning

confidence: 99%

Efficient Intrusion Detection in Ad-Hoc Networks

Qurashi

Angelopoulos

Katos

2019

Electronic Workshops in Computing

View full text Add to dashboard Cite

We study efficient and lightweight Intrusion Detection Systems (IDS) for ad-hoc networks via the prism of IPv6-enabled Wireless Sensor Actuator Networks. These networks consist of highly constrained devices able to communicate wirelessly in an ad-hoc fashion, thus following mesh networks. Current state-of-the-art (IDS) have been developed taking into consideration regular computer networks, and as such they do not efficiently addresses the paradigm of ad-hoc networks. In this work we firstly identify a trade-off between the communication and energy overheads of an IDS (as captured by the number of active IDS agents in the network) and the performance of the system in terms of successfully identifying attacks. In order to fine tune this trade-off, we model such networks as Random Geometric Graphs; a rigorous approach that allows us to capture underlying structural properties of the network. We then introduce a novel IDS architectural approach by having only a subset of the nodes acting as IDS agents. These nodes are able to efficiently detect attacks at the networking layer in a collaborative manner by monitoring locally available network information provided by IoT routing protocols such as RPL. Our detailed experimental evaluation demonstrates significant performance gains in terms of communication overhead and energy dissipation while maintaining high detection rates. We also show that the performance of our IDS in ad-hoc networks does not rely on the size of the network but on fundamental underling network properties, such as the network topology and the average degree of the nodes.

show abstract

Kalis — A System for Knowledge-Driven Adaptable Intrusion Detection for the Internet of Things

Cited by 127 publications

References 23 publications

N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders

N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders

A Review of Performance, Energy and Privacy of Intrusion Detection Systems for IoT

Efficient Intrusion Detection in Ad-Hoc Networks

Contact Info

Product

Resources

About