HADS: Hybrid Anomaly Detection System for IoT Environments

IoT (Internet of Things) devices are rapidly becoming popular in residential environments, but security is still a big concern in this ecosystem. The fast growth of IoT devices in homes and new attacks targeting these devices require a smart detection solution to protect this heterogeneous environment. In this paper, we present an attack detection approach based on machine learning techniques for anomaly detection, and a decision module, with the goal of identifying relevant attacks on IoT network. The approach is implemented on a single-board computer and systematically evaluated using various protocol attacks and commercial off-the-shelf IoT devices to verify its effectiveness and feasibility in a realistic scenario. The results obtained in the experimental evaluation indicate that our proposed approach can be applied to protect IoT devices against the considered attacks with accuracy of 94%-99% and detection time less than 0.7s.

[1]  Ahmad-Reza Sadeghi,et al.  IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT , 2016, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[2]  Ahmad-Reza Sadeghi,et al.  DIoT: A Self-learning System for Detecting Compromised IoT Devices , 2018 .

[3]  Sean Carlisto de Alvarenga,et al.  A survey of intrusion detection in Internet of Things , 2017, J. Netw. Comput. Appl..

[4]  Zhi-Hua Zhou,et al.  Isolation Forest , 2008, 2008 Eighth IEEE International Conference on Data Mining.

[5]  Joni da Silva Fraga,et al.  Octopus-IIDS: An anomaly based intelligent intrusion detection system , 2010, The IEEE symposium on Computers and Communications.

[6]  Nils Ole Tippenhauer,et al.  WADAC: Privacy-Preserving Anomaly Detection and Attack Classification on Wireless Traffic , 2018, WISEC.

[7]  Yuval Elovici,et al.  Detection of Unauthorized IoT Devices Using Machine Learning Techniques , 2017, ArXiv.

[8]  Wenke Lee,et al.  McPAD: A multiple classifier system for accurate payload-based anomaly detection , 2009, Comput. Networks.

[9]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[10]  Nick Feamster,et al.  Machine Learning DDoS Detection for Consumer Internet of Things Devices , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[11]  Barton C. Massey,et al.  Ourmon and Network Monitoring Performance , 2005, USENIX Annual Technical Conference, FREENIX Track.