Malicious Insider Attack Detection in IoTs Using Data Analytics

Internet of Things (IoTs) are set to revolutionize our lives and are widely being adopted nowadays. The IoT devices have a range of applications including smart homes, smart industrial networks and healthcare. Since these devices are responsible for generating and handling large amounts of sensitive data, the security of the IoT devices always poses a challenge. It is observed that a security breach could effect individuals and eventually the world at large. Artificial intelligence (AI), on the other hand, has found many applications and is widely being explored in providing security specifically for IoT devices. Malicious insider attack is the biggest security challenge associated with the IoT devices. Although, most of the research in IoT security has pondered on the means of preventing illegal and unauthorized access to systems and information; unfortunately, the most destructive malicious insider attacks that are usually a consequence of internal exploitation within an IoT network remains unaddressed. Therefore, the focus of this research is to detect malicious insider attacks in the IoT environment using AI. This research presents a lightweight approach for detecting insider attacks and has the capability of detecting anomalies originating from incoming data sensors in resource constrained IoT environments. The results and comparison show that the proposed approach achieves better accuracy as compared to the state of the art in terms of: a) improved attack detection accuracy; b) minimizing false positives; and c) reducing the computational overhead.

[1]  Nikolaos Pitropakis,et al.  Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier , 2018, 2018 IEEE International Conference on Big Data (Big Data).

[2]  Florian Kammüller,et al.  Isabelle Modelchecking for Insider Threats , 2016, DPM/QASA@ESORICS.

[3]  William J. Buchanan,et al.  Distance Measurement Methods for Improved Insider Threat Detection , 2018, Secur. Commun. Networks.

[4]  Frederic P. Miller,et al.  Levenshtein Distance: Information theory, Computer science, String (computer science), String metric, Damerau?Levenshtein distance, Spell checker, Hamming distance , 2009 .

[5]  Yan Huang,et al.  A fuzzy multicriteria aggregation method for data analytics: Application to insider threat monitoring , 2017, 2017 Joint 17th World Congress of International Fuzzy Systems Association and 9th International Conference on Soft Computing and Intelligent Systems (IFSA-SCIS).

[6]  Sartaj Sahni,et al.  String correction using the Damerau-Levenshtein distance , 2019, BMC Bioinformatics.

[7]  Yanbing Liu,et al.  Insider Threat Detection with Deep Neural Network , 2018, ICCS.

[8]  Ronald Rousseau,et al.  Similarity measures in scientometric research: The Jaccard index versus Salton's cosine formula , 1989, Inf. Process. Manag..

[9]  Jin Kwak,et al.  System Hardening and Security Monitoring for IoT Devices to Mitigate IoT Security Vulnerabilities and Threats , 2018, KSII Trans. Internet Inf. Syst..

[10]  Liping Han,et al.  Distance Weighted Cosine Similarity Measure for Text Classification , 2013, IDEAL.

[11]  Srikanta Tirthapura,et al.  Detecting Insider Threats Using RADISH: A System for Real-Time Anomaly Detection in Heterogeneous Data Streams , 2017, IEEE Systems Journal.

[12]  Jason R. C. Nurse,et al.  A New Take on Detecting Insider Threats: Exploring the Use of Hidden Markov Models , 2016, MIST@CCS.

[13]  Florian Kammüller,et al.  Attack Tree Analysis for Insider Threats on the IoT Using Isabelle , 2016, HCI.

[14]  Sadie Creese,et al.  Automated Insider Threat Detection System Using User and Role-Based Profile Assessment , 2017, IEEE Systems Journal.

[15]  Sadie Creese,et al.  Smart Insiders: Exploring the Threat from Insiders Using the Internet-of-Things , 2015, 2015 International Workshop on Secure Internet of Things (SIoT).

[16]  Sayan Kumar Ray,et al.  Secure routing for internet of things: A survey , 2016, J. Netw. Comput. Appl..