论文信息 - Ultra-lightweight deep packet anomaly detection for Internet of Things devices

Ultra-lightweight deep packet anomaly detection for Internet of Things devices

As we race toward the Internet of Things (IoT), small embedded devices are increasingly becoming network-enabled. Often, these devices can't meet the computational requirements of current intrusion prevention mechanisms or designers prioritize additional features and services over security; as a result, many IoT devices are vulnerable to attack. We have developed an ultra-lightweight deep packet anomaly detection approach that is feasible to run on resource constrained IoT devices yet provides good discrimination between normal and abnormal payloads. Feature selection uses efficient bit-pattern matching, requiring only a bitwise AND operation followed by a conditional counter increment. The discrimination function is implemented as a lookup-table, allowing both fast evaluation and flexible feature space representation. Due to its simplicity, the approach can be efficiently implemented in either hardware or software and can be deployed in network appliances, interfaces, or in the protocol stack of a device. We demonstrate near perfect payload discrimination for data captured from off the shelf IoT devices.

Yu Chen | Douglas H. Summerville | Kenneth M. Zach | D. Summerville | Yu Chen

[1] Christopher Krügel,et al. Service specific anomaly detection for network intrusion detection , 2002, SAC '02.

[2] Salvatore J. Stolfo,et al. Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[3] Jim Alves-Foss,et al. NATE: Network Analysis ofAnomalousTrafficEvents, a low-cost approach , 2001 .

[4] Richard Lippmann,et al. The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[5] Wenke Lee,et al. McPAD: A multiple classifier system for accurate payload-based anomaly detection , 2009, Comput. Networks.

[6] Jim Alves-Foss,et al. NATE: Network Analysis of Anomalous Traffic Events, a low-cost approach , 2001, NSPW '01.

[7] Roberto Tronci,et al. HMMPayl: An intrusion detection system based on Hidden Markov Models , 2011, Comput. Secur..

[8] Yu Chen,et al. A Survey on the Application of FPGAs for Network Infrastructure Security , 2011, IEEE Communications Surveys & Tutorials.

[9] Nnamdi Nwanze,et al. Detection of anomalous network packets using lightweight stateless payload inspection , 2008, 2008 33rd IEEE Conference on Local Computer Networks (LCN).

[10] Matthew V. Mahoney,et al. Network traffic anomaly detection based on packet bytes , 2003, SAC '03.

[11] Salvatore J. Stolfo,et al. Anagram: A Content Anomaly Detector Resistant to Mimicry Attack , 2006, RAID.