Progressive Monitoring of IoT Networks Using SDN and Cost-Effective Traffic Signatures

IoT networks continue to expand in various domains, from smart homes and campuses to smart cities and critical infrastructures. It has been shown that IoT devices typically lack appropriate security measures embedded, and hence are increasingly becoming the target of sophisticated cyber-attacks. Also, these devices are heterogeneous in their network communications that makes it difficult for operators of smart environments to manage them at scale. Existing monitoring solutions may perform well in certain environments, however, they do not scale cost-effectively and are inflexible to changes due to their static use of models. In this paper1, we use SDN to dynamically monitor a selected portion of IoT packets or flows, and develop specialized models to learn corresponding traffic signatures. Our first contribution develops a progressive inference pipeline, comprising a number of machine-learning models each is specialized in certain features of IoT traffic. Our inference engine dynamically obtains selected telemetry, including a subset of traffic or flow counters, using SDN techniques. Our second contribution develops three supervised multi-class classifiers, two are protocol specialists trained by packet-based features and one is flow-based model trained by behavioral characteristics of ten unidirectional flows. Our third contribution evaluates the performance of our scheme by replaying real traffic traces of 26 IoT devices on to an SDN switching simulator in conjunction with three trained Random Forest models. Our system yields an overall accuracy of 99.4%. We also integrate our system with an off-the-shelf IDS (Zeek) to flag TCP flood and reflection attacks by inspecting only the suspicious device network traffic.

[1]  Vijay Sivaraman,et al.  Managing IoT Cyber-Security Using Programmable Telemetry and Machine Learning , 2020, IEEE Transactions on Network and Service Management.

[2]  Ahmad-Reza Sadeghi,et al.  IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT , 2016, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[3]  Indrajit Ray,et al.  Behavioral Fingerprinting of IoT Devices , 2018, ASHES@CCS.

[4]  Vijay Sivaraman,et al.  Quantifying the reflective DDoS attack capability of household IoT devices , 2017, WISEC.

[5]  Vijay Sivaraman,et al.  Classifying IoT Devices in Smart Environments Using Network Traffic Characteristics , 2019, IEEE Transactions on Mobile Computing.

[6]  Dinil Mon Divakaran,et al.  DEFT: A Distributed IoT Fingerprinting Technique , 2019, IEEE Internet of Things Journal.

[7]  Rajarshi Gupta,et al.  All Things Considered: An Analysis of IoT Devices on Home Networks , 2019, USENIX Security Symposium.

[8]  Matthew Roughan,et al.  Clear as MUD: Generating, Validating and Applying IoT Behavioral Profiles , 2018, IoT S&P@SIGCOMM.

[9]  Vijay Sivaraman,et al.  Characterizing and classifying IoT traffic in smart cities and campuses , 2017, 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[10]  Qiang Li,et al.  Towards automatic fingerprinting of IoT devices in the cyberspace , 2019, Comput. Networks.