IoT-Praetor: Undesired Behaviors Detection for IoT Devices

Due to insecure design and configuration, the Internet-of-Things (IoT) devices are vulnerable to various security issues. In most attacks against IoT, e.g., Mirai, attackers control devices to perform malicious behaviors that are not expected by owners and administrators. Therefore, how to effectively detect malicious behaviors is crucial to protect the security of IoT devices. Different from powerful PCs and servers, resource-constrained IoT devices are generally used to execute the specific function and their behaviors are limited. Based on this observation, we propose IoT-Praetor, an undesired behavior security detection system for IoT devices. In IoT-Praetor, a new device usage description (DUD) model is proposed to construct an IoT device behavior specification, including communication and interaction behaviors. Furthermore, automatic behavior extraction approaches are presented. We also design a behavior rule engine to detect device behaviors in real time. To evaluate the effectiveness of IoT-Praetor, we implemented our methods on Samsung SmartThings and performed a security test. The evaluation results show that the successful detection rate of malicious interaction behavior is 94.5% on average, and the detection rate of malicious communication behavior is above 98%, and system running time delay is only in millisecond level.

[1]  Roksana Boreli,et al.  An experimental study of security and privacy risks with emerging household appliances , 2014, 2014 IEEE Conference on Communications and Network Security.

[2]  Charles L. Forgy,et al.  Rete: a fast algorithm for the many pattern/many object pattern match problem , 1991 .

[3]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[4]  Phil Hunt Chain Grant Type for OAuth2 , 2012 .

[5]  Dave Levin,et al.  Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet , 2019, NDSS.

[6]  Alvaro A. Cárdenas,et al.  Using Visual Challenges to Verify the Integrity of Security Cameras , 2015, ACSAC.

[7]  Dawn Song,et al.  Smart Locks: Lessons for Securing Commodity Internet of Things Devices , 2016, AsiaCCS.

[8]  Xiangyu Liu,et al.  Acoustic Fingerprinting Revisited: Generate Stable Device ID Stealthily with Inaudible Sound , 2014, CCS.

[9]  Yoshua Bengio,et al.  Empirical Evaluation of Gated Recurrent Neural Networks on Sequence Modeling , 2014, ArXiv.

[10]  Wenyuan Xu,et al.  DolphinAttack: Inaudible Voice Commands , 2017, CCS.

[11]  Xin Rong,et al.  word2vec Parameter Learning Explained , 2014, ArXiv.

[12]  Apostolis Zarras,et al.  Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces , 2015, AsiaCCS.

[13]  Charles V. Wright,et al.  Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[14]  Vijay Sivaraman,et al.  Characterizing and classifying IoT traffic in smart cities and campuses , 2017, 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[15]  Shwetak N. Patel,et al.  Experimental Security Analyses of Non-Networked Compact Fluorescent Lamps: A Case Study of Home Automation Security , 2013, LASER.

[16]  Ji Xiang,et al.  Hey, you, keep away from my device: remotely implanting a virus expeller to defeat Mirai on IoT devices , 2017, ArXiv.

[17]  Vijay Sivaraman,et al.  Combining MUD Policies with SDN for IoT Intrusion Detection , 2018, IoT S&P@SIGCOMM.

[18]  Patrick D. McDaniel,et al.  IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT , 2019, NDSS.

[19]  Hongxin Hu,et al.  On the Safety of IoT Device Physical Interaction Control , 2018, CCS.

[20]  Luke S. Zettlemoyer,et al.  AllenNLP: A Deep Semantic Natural Language Processing Platform , 2018, ArXiv.

[21]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[22]  Wei Zhang,et al.  HoMonit: Monitoring Smart Home Apps from Encrypted Traffic , 2018, CCS.

[23]  Aurélien Francillon,et al.  A Large-Scale Analysis of the Security of Embedded Firmwares , 2014, USENIX Security Symposium.

[24]  Peng Liu,et al.  Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms , 2018, USENIX Security Symposium.

[25]  Srinivasan Seshan,et al.  Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things , 2015, HotNets.

[26]  Atul Prakash,et al.  FlowFence: Practical Data Protection for Emerging IoT Application Frameworks , 2016, USENIX Security Symposium.

[27]  Yuan Tian,et al.  SmartAuth: User-Centered Authorization for the Internet of Things , 2017, USENIX Security Symposium.

[28]  Blase Ur,et al.  The Current State of Access Control for Smart Devices in Homes , 2013 .

[29]  Qian Wang,et al.  Deep Learning-Based Gait Recognition Using Smartphones in the Wild , 2018, IEEE Transactions on Information Forensics and Security.

[30]  Raheem A. Beyah,et al.  Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems , 2016, NDSS.

[31]  Xiao Lu,et al.  Real-Time and Spatio-Temporal Crowd-Sourced Social Network Data Publishing with Differential Privacy , 2018, IEEE Transactions on Dependable and Secure Computing.

[32]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.