PIDIoT: Probabilistic Intrusion Detection for the Internet-of-Things

The Internet-of-things promises sweeping change through increased connectivity and ubiquitous integration of technology into our lives. However, as we create economies of scale for data aggregation and processing, we also create attractive targets for various adversaries. In this work we design a lightweight, probabilistic intrusion detection system, or PIDIoT. We design PIDIoT to use operational measurements from IoT devices, with lightweight hash functions and Bloom filters to perform fuzzy anomaly detection. We experiment with IoT devices operating in an isolated environment, and we show that we can detect over 90% of simulated attacks. While we do not propose PIDIoT as a comprehensive solution for IoT defense, we make a case for its use as part of a layered defense strategy.

[1]  Mauro Conti,et al.  RPiDS: Raspberry Pi IDS — A Fruitful Intrusion Detection System for IoT , 2016, 2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld).

[2]  Sachin Agarwal,et al.  Efficient PDA Synchronization , 2003, IEEE Trans. Mob. Comput..

[3]  Deepa Kundur,et al.  Bloom filter based intrusion detection for smart grid SCADA , 2012, 2012 25th IEEE Canadian Conference on Electrical and Computer Engineering (CCECE).

[4]  Geoffrey J. McLachlan,et al.  Analyzing Microarray Gene Expression Data , 2004 .

[5]  Sri Parameswaran,et al.  Finding optimal L1 cache configuration for embedded systems , 2006, Asia and South Pacific Conference on Design Automation, 2006..

[6]  Hyunwoo Kim,et al.  Advanced probabilistic approach for network intrusion forecasting and detection , 2013, Expert Syst. Appl..

[7]  Syed Hassan Ahmed,et al.  NBC-MAIDS: Naïve Bayesian classification technique in multi-agent system-enriched IDS for securing IoT against DDoS attacks , 2018, The Journal of Supercomputing.

[8]  John W. Lockwood,et al.  Fast and Scalable Pattern Matching for Network Intrusion Detection Systems , 2006, IEEE Journal on Selected Areas in Communications.

[9]  Pierre Baldi,et al.  Mathematical Correction for Fingerprint Similarity Measures to Improve Chemical Retrieval , 2007, J. Chem. Inf. Model..

[10]  Brady Benjamin Aiello Analyzing Global Cyber Attack Correlates Through an Open Database , 2018 .

[11]  Martin R. Stytz Considering defense in depth for software applications , 2004, IEEE Security & Privacy Magazine.

[12]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[13]  S. Srinivasa Rao,et al.  An optimal Bloom filter replacement , 2005, SODA '05.

[14]  Eli Upfal,et al.  Probability and Computing: Randomized Algorithms and Probabilistic Analysis , 2005 .

[15]  Julio Ortega Lopera,et al.  PCA filtering and probabilistic SOM for network intrusion detection , 2015, Neurocomputing.

[16]  Manoj Kumar Putchala Deep Learning Approach for Intrusion Detection System (IDS) in the Internet of Things (IoT) Network using Gated Recurrent Neural Networks (GRU) , 2017 .

[17]  Josef Kittler,et al.  Pattern recognition : a statistical approach , 1982 .

[18]  Ryan Joseph Frawley Logging and Analysis of Internet of Things (IoT) Device Network Traffic and Power Consumption , 2018 .

[19]  Van Jacobson,et al.  Congestion avoidance and control , 1988, SIGCOMM '88.

[20]  Ashish Goel,et al.  Small subset queries and bloom filters using ternary associative memories, with applications , 2010, SIGMETRICS '10.

[21]  S. M. Bellovin,et al.  Security problems in the TCP/IP protocol suite , 1989, CCRV.

[22]  Mohammad S. Obaidat,et al.  ProIDS: Probabilistic Data Structures Based Intrusion Detection System for Network Traffic Monitoring , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.