Edge2Guard: Botnet Attacks Detecting Offline Models for Resource-Constrained IoT Devices

In today's IoT smart environments, dozens of MCU-based connected device types exist such as HVAC controllers, smart meters, smoke detectors, etc. The security conditions for these essential IoT devices remain unsatisfactory since: (i) many of them are built with cost as the driving design tenet, resulting in poor configurations and open design; (ii) their memory and computational resource constraints make it highly challenging to implement practical attack protection mechanisms; and (iii) currently, manufacturers use simplified light protocol versions to save memory for extra features (to boost sales). When such issues and vulnerabilities are exploited, devices can be compromised and converted into bots whereby severe DDoS attacks can be launched by a botmaster. Such tiny devices are safe only when connected to networks with defense mechanisms installed in their networking devices like routers and switches, which might not be present everywhere, e.g. on public/free Wi-Fi networks. To safeguard tiny IoT devices from cyberattacks, we provide resource-friendly standalone attack detection models termed Edge2Guard (E2G) that enable MCU-based IoT devices to instantly detect IoT attacks without depending on networks or any external protection mechanisms. During evaluation, our top-performing E2G models detected and classified ten types of Mirai and Bashlite malware with close to 100% detection rates.

[1]  Muhammad Asim,et al.  DeepDetect: Detection of Distributed Denial of Service Attacks Using Deep Learning , 2019, Comput. J..

[2]  Ankit Kumar Jain,et al.  A Honeypot with Machine Learning based Detection Framework for defending IoT based Botnet DDoS Attacks , 2019, 2019 3rd International Conference on Trends in Electronics and Informatics (ICOEI).

[3]  Gürkan Gür,et al.  Software-Defined Edge Defense Against IoT-Based DDoS , 2017, 2017 IEEE International Conference on Computer and Information Technology (CIT).

[4]  Jinyin Chen,et al.  DAD-MCNN: DDoS Attack Detection via Multi-channel CNN , 2019, ICMLC '19.

[5]  Wushao Wen,et al.  Application-Layer DDOS Detection Based on a One-Class Support Vector Machine , 2017 .

[6]  Zhiyang Li,et al.  Detecting DDoS attacks against data center with correlation analysis , 2015, Comput. Commun..

[7]  Sidi-Mohammed Senouci,et al.  A lightweight anomaly detection technique for low-resource IoT devices: A game-theoretic methodology , 2016, 2016 IEEE International Conference on Communications (ICC).

[8]  Marcelo R. Campo,et al.  Survey on network-based botnet detection methods , 2014, Secur. Commun. Networks.

[9]  Peter Corcoran,et al.  Smart Speaker Design and Implementation with Biometric Authentication and Advanced Voice Interaction Capability , 2022, AICS.

[10]  Muhammad Intizar Ali,et al.  Avoid Touching Your Face: A Hand-to-face 3D Motion Dataset (COVID-away) and Trained Models for Smartwatches , 2020, IOT Companion.

[11]  Mansour Sheikhan,et al.  Hybrid of anomaly-based and specification-based IDS for Internet of Things using unsupervised OPF based on MapReduce approach , 2017, Comput. Commun..

[12]  Christine E. Jones,et al.  Hash-based IP traceback , 2001, SIGCOMM '01.

[13]  Muhammad Intizar Ali,et al.  Edge2Train: a framework to train machine learning models (SVMs) on resource-constrained IoT edge devices , 2020, IOT.

[14]  Yuval Elovici,et al.  N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders , 2018, IEEE Pervasive Computing.

[15]  Toshinori Sueyoshi,et al.  Early DoS/DDoS Detection Method using Short-term Statistics , 2010, 2010 International Conference on Complex, Intelligent and Software Intensive Systems.

[16]  Chung-Horng Lung,et al.  Detection and prevention of DoS attacks in Software-Defined Cloud networks , 2017, 2017 IEEE Conference on Dependable and Secure Computing.

[17]  Nick Feamster,et al.  Machine Learning DDoS Detection for Consumer Internet of Things Devices , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[18]  Elisa Bertino,et al.  Botnets and Internet of Things Security , 2017, Computer.

[19]  Christoph Meinel,et al.  Intrusion Detection in the Cloud , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[20]  Dhruba K. Bhattacharyya,et al.  DyProSD: a dynamic protocol specific defense for high-rate DDoS flooding attacks , 2017 .

[21]  Yu Chen,et al.  Ultra-lightweight deep packet anomaly detection for Internet of Things devices , 2015, 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC).

[22]  Burak Kantarci,et al.  Anomaly detection and privacy preservation in cloud-centric Internet of Things , 2015, 2015 IEEE International Conference on Communication Workshop (ICCW).

[23]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[24]  Elisa Bertino,et al.  Kalis — A System for Knowledge-Driven Adaptable Intrusion Detection for the Internet of Things , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[25]  Muhammad Intizar Ali,et al.  RCE-NN: a five-stage pipeline to execute neural networks (CNNs) on resource-constrained IoT edge devices , 2020, IOT.