CIoTA: Collaborative IoT Anomaly Detection via Blockchain

Due to their rapid growth and deployment, Internet of things (IoT) devices have become a central aspect of our daily lives. However, they tend to have many vulnerabilities which can be exploited by an attacker. Unsupervised techniques, such as anomaly detection, can help us secure the IoT devices. However, an anomaly detection model must be trained for a long time in order to capture all benign behaviors. This approach is vulnerable to adversarial attacks since all observations are assumed to be benign while training the anomaly detection model. In this paper, we propose CIoTA, a lightweight framework that utilizes the blockchain concept to perform distributed and collaborative anomaly detection for devices with limited resources. CIoTA uses blockchain to incrementally update a trusted anomaly detection model via self-attestation and consensus among IoT devices. We evaluate CIoTA on our own distributed IoT simulation platform, which consists of 48 Raspberry Pis, to demonstrate CIoTA's ability to enhance the security of each device and the security of the network as a whole.

[1]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP) , 2005, RFC.

[2]  Mukesh Taneja An analytics framework to detect compromised IoT devices using mobility behavior , 2013, 2013 International Conference on ICT Convergence (ICTC).

[3]  Albert C. Esterline,et al.  Behavioral Modeling Intrusion Detection System (BMIDS) Using Internet of Things (IoT) Behavior-Based Anomaly Detection via Immunity-Inspired Algorithms , 2016, 2016 25th International Conference on Computer Communication and Networks (ICCCN).

[4]  Thiemo Voigt,et al.  SVELTE: Real-time intrusion detection in the Internet of Things , 2013, Ad Hoc Networks.

[5]  Melanie Swan,et al.  Blockchain: Blueprint for a New Economy , 2015 .

[6]  Ralf Huuck,et al.  IoT: The internet of threats and static program analysis defense , 2015 .

[7]  U. Narayan Bhat Extended Markov Models , 2008 .

[8]  Robert B. Cooper,et al.  An Introduction To Queueing Theory , 2016 .

[9]  Andreas Fuchs,et al.  Rolling DICE: Lightweight Remote Attestation for COTS IoT Hardware , 2017, ARES.

[10]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[11]  Ahmad-Reza Sadeghi,et al.  C-FLAT: Control-Flow Attestation for Embedded Systems Software , 2016, CCS.

[12]  Dave Evans,et al.  How the Next Evolution of the Internet Is Changing Everything , 2011 .

[13]  James C. Foster Buffer overflow attacks : detect, exploit, prevent , 2005 .

[14]  Lizhong Jin,et al.  A Novel Secure Architecture for the Internet of Things , 2011, 2016 International Conference on Intelligent Networking and Collaborative Systems (INCoS).

[15]  Muhammad Ali Imran,et al.  Anomaly Detection in Wireless Sensor Networks in a Non-Stationary Environment , 2014, IEEE Communications Surveys & Tutorials.

[16]  Thomas Morris,et al.  Trusted Platform Module , 2011, Encyclopedia of Cryptography and Security.

[17]  Jiun-In Guo,et al.  Multi-core software/hardware co-debug platform with ARM CoreSight™, on-chip test architecture and AXI/AHB bus monitor , 2011, Proceedings of 2011 International Symposium on VLSI Design, Automation and Test.

[18]  Chan-Hyun Youn,et al.  A Functional Relationship Based Attestation Scheme for Detecting Compromised Nodes in Large IoT Networks , 2015, CSA/CUTE.

[19]  Sarmad Ullah Khan,et al.  Future Internet: The Internet of Things Architecture, Possible Applications and Key Challenges , 2012, 2012 10th International Conference on Frontiers of Information Technology.

[20]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[21]  Deokho Kim,et al.  A Malicious Pattern Detection Engine for Embedded Security Systems in the Internet of Things , 2014, Sensors.

[22]  Peng Li,et al.  A Novel Secure Architecture for the Internet of Things , 2016, INCoS.

[23]  David Ott,et al.  Trust Evidence for IoT: Trust Establishment from Servers to Sensors , 2015, ISSE.