System Statistics Learning-Based IoT Security: Feasibility and Suitability

Cyber attacks and malfunctions challenge the wide applications of Internet of Things (IoT). Since they are generally designed as embedded systems, typical auto-sustainable IoT devices usually have a limited capacity and a low processing power. Because of the limited computation resources, it is difficult to apply the traditional techniques designed for personal computers or super computers, like traffic analyzers and antivirus software. In this paper, we propose to leverage statistical learning methods to characterize the device behavior and flag deviations as anomalies. Because the system statistics, such as CPU usage cycles, disk usage, etc., can be obtained by IoT application program interfaces, the proposed framework is platform and deviceindependent. Considering IoT applications, we train multiple machine learning models to evaluate their feasibility and suitability. For the target auto-sustainable IoT devices, which operate well-planned processes, the normal system performances can be modeled accurately. Based on time series analysis methods, such as local outlier factor, cumulative sum, and the proposed adaptive online thresholding, the anomalous behaviors can be effectively detected. Comparing their performances on detecting anomalies as well as the computation sources required, we conclude that relatively simple machine learning models are more suitable for IoT security, and a data-driven anomaly detection method is preferred.

[1]  Imran A. Zualkernan,et al.  Internet of things (IoT) security: Current status, challenges and prospective measures , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[2]  Wojciech Mazurczyk,et al.  Seeing the Unseen: Revealing Mobile Malware Hidden Communications via Energy Consumption and Artificial Intelligence , 2016, IEEE Transactions on Information Forensics and Security.

[3]  Fathi M. Salem,et al.  Gate-variants of Gated Recurrent Unit (GRU) neural networks , 2017, 2017 IEEE 60th International Midwest Symposium on Circuits and Systems (MWSCAS).

[4]  Gordon Fyodor Lyon,et al.  Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning , 2009 .

[5]  Fangyu Li,et al.  Real-Time Cooperative Analytics for Ambient Noise Tomography in Sensor Networks , 2019, IEEE Transactions on Signal and Information Processing over Networks.

[6]  Dimitri Konstantas,et al.  A Comprehensive IoT Attacks Survey based on a Building-blocked Reference Model , 2018 .

[7]  Wen-Zhan Song,et al.  Network Phenotyping for Network Traffic Classification and Anomaly Detection , 2018, 2018 IEEE International Symposium on Technologies for Homeland Security (HST).

[8]  Hisashi Kashima,et al.  Eigenspace-based anomaly detection in computer systems , 2004, KDD.

[9]  Thiemo Voigt,et al.  SVELTE: Real-time intrusion detection in the Internet of Things , 2013, Ad Hoc Networks.

[10]  Saravanan Kumarasamy,et al.  An Active Defense Mechanism for TCP SYN flooding attacks , 2012, ArXiv.

[11]  Scott F. Midkiff,et al.  Effects of Denial-of-Sleep Attacks on Wireless Sensor Network MAC Protocols , 2009, IEEE Transactions on Vehicular Technology.

[12]  Jorge Sá Silva,et al.  Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues , 2015, IEEE Communications Surveys & Tutorials.

[13]  Mohamed Faten Zhani,et al.  On Using Micro-Clouds to Deliver the Fog , 2017, IEEE Internet Computing.

[14]  Varun Chandola,et al.  Tracking System Behavior from Resource Usage Data , 2017, 2017 IEEE International Conference on Cluster Computing (CLUSTER).

[15]  Scott F. Midkiff,et al.  Denial-of-Service in Wireless Sensor Networks: Attacks and Defenses , 2008, IEEE Pervasive Computing.

[16]  Bruno Sinopoli,et al.  Challenges for Securing Cyber Physical Systems , 2009 .

[17]  Sarmad Ullah Khan,et al.  Future Internet: The Internet of Things Architecture, Possible Applications and Key Challenges , 2012, 2012 10th International Conference on Frontiers of Information Technology.

[18]  Xiaojiang Du,et al.  A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security , 2018, IEEE Communications Surveys & Tutorials.

[19]  Antonio Alfredo Ferreira Loureiro,et al.  Decentralized intrusion detection in wireless sensor networks , 2005, Q2SWinet '05.

[20]  Spiros Papadimitriou,et al.  Computing Correlation Anomaly Scores Using Stochastic Nearest Neighbors , 2007, Seventh IEEE International Conference on Data Mining (ICDM 2007).

[21]  Martín Abadi,et al.  TensorFlow: Large-Scale Machine Learning on Heterogeneous Distributed Systems , 2016, ArXiv.

[22]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[23]  Shreyas Sen,et al.  Self-Optimizing IoT Wireless Video Sensor Node With In-Situ Data Analytics and Context-Driven Energy-Aware Real-Time Adaptation , 2017, IEEE Transactions on Circuits and Systems I: Regular Papers.

[24]  Hans-Peter Kriegel,et al.  LOF: identifying density-based local outliers , 2000, SIGMOD '00.

[25]  D. Janakiram,et al.  Outlier Detection in Wireless Sensor Networks using Bayesian Belief Networks , 2006, 2006 1st International Conference on Communication Systems Software & Middleware.

[26]  Munam Ali Shah,et al.  IoT security: A layered approach for attacks & defenses , 2017, 2017 International Conference on Communication Technologies (ComTech).

[27]  Wenyuan Xu,et al.  The feasibility of launching and detecting jamming attacks in wireless networks , 2005, MobiHoc '05.

[28]  Berk Canberk,et al.  Self-Organized Things (SoT): An energy efficient next generation network management , 2016, Comput. Commun..

[29]  Tarik Taleb,et al.  Edge Computing for the Internet of Things: A Case Study , 2018, IEEE Internet of Things Journal.

[30]  Takayuki Nishio,et al.  Service-oriented heterogeneous resource sharing for optimizing service latency in mobile cloud , 2013, MobileCloud '13.

[31]  Colin Tankard,et al.  The security issues of the Internet of Things , 2015 .

[32]  Razvan Pascanu,et al.  On the difficulty of training recurrent neural networks , 2012, ICML.

[33]  V T Farewell,et al.  Use of risk-adjusted CUSUM and RSPRTcharts for monitoring in medical contexts , 2003, Statistical methods in medical research.

[34]  Maurizio A. Spirito,et al.  Denial-of-Service detection in 6LoWPAN based Internet of Things , 2013, 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[35]  Prabhat,et al.  Artificial Neural Network , 2018, Encyclopedia of GIS.