ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks

IoT application domains, device diversity and connectivity are rapidly growing. IoT devices control various functions in smart homes and buildings, smart cities, and smart factories, making these devices an attractive target for attackers. On the other hand, the large variability of different application scenarios and inherent heterogeneity of devices make it very challenging to reliably detect abnormal IoT device behaviors and distinguish these from benign behaviors. Existing approaches for detecting attacks are mostly limited to attacks directly compromising individual IoT devices, or, require predefined detection policies. They cannot detect attacks that utilize the control plane of the IoT system to trigger actions in an unintended/malicious context, e.g., opening a smart lock while the smart home residents are absent. In this paper, we tackle this problem and propose ARGUS, the first self-learning intrusion detection system for detecting contextual attacks on IoT environments, in which the attacker maliciously invokes IoT device actions to reach its goals. ARGUS monitors the contextual setting based on the state and actions of IoT devices in the environment. An unsupervised Deep Neural Network (DNN) is used for modeling the typical contextual device behavior and detecting actions taking place in abnormal contextual settings. This unsupervised approach ensures that ARGUS is not restricted to detecting previously known attacks but is also able to detect new attacks. We evaluated ARGUS on heterogeneous real-world smart-home settings and achieve at least an F1-Score of 99.64% for each setup, with a false positive rate (FPR) of at most 0.03%.

[1]  Jiawei Li,et al.  HomeGuardian: Detecting Anomaly Events in Smart Home Systems , 2022, Wireless Communications and Mobile Computing.

[2]  Jin Wang,et al.  Anomaly Detection Based on Convolutional Recurrent Autoencoder for IoT Time Series , 2022, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[3]  Mahmoud Abdelsalam,et al.  Autoencoder-based Anomaly Detection in Smart Farming Ecosystem , 2021, 2021 IEEE International Conference on Big Data (Big Data).

[4]  Trent Jaeger,et al.  Towards Practical Integrity in the Smart Home with HomeEndorser , 2021, ArXiv.

[5]  Yang Li,et al.  IoTDefender: A Federated Transfer Learning Intrusion Detection Framework for 5G IoT , 2020, 2020 IEEE 14th International Conference on Big Data Science and Engineering (BigDataSE).

[6]  Mohammad Abdullah Al Faruque,et al.  IoT-CAD: Context-Aware Adaptive Anomaly Detection in IoT Systems Through Sensor Association , 2020, 2020 IEEE/ACM International Conference On Computer Aided Design (ICCAD).

[7]  Prasant Mohapatra,et al.  IoTGaze: IoT Security Enforcement via Wireless Context Analysis , 2020, IEEE INFOCOM 2020 - IEEE Conference on Computer Communications.

[8]  Masayuki Murata,et al.  Anomaly Detection in Smart Home Operation From User Behaviors and Home Conditions , 2020, IEEE Transactions on Consumer Electronics.

[9]  Khaled Salah,et al.  An intrusion detection framework for energy constrained IoT devices , 2020, Mechanical Systems and Signal Processing.

[10]  Olivera Kotevska,et al.  Kensor: Coordinated Intelligence from Co-Located Sensors , 2019, 2019 IEEE International Conference on Big Data (Big Data).

[11]  Qing Yang,et al.  Smart Home IoT Anomaly Detection based on Ensemble Model Learning From Heterogeneous Data , 2019, 2019 IEEE International Conference on Big Data (Big Data).

[12]  Amit Kumar Sikder,et al.  Aegis: a context-aware security framework for smart home systems , 2019, ACSAC.

[13]  Christian S. Jensen,et al.  Outlier Detection for Time Series with Recurrent Autoencoder Ensembles , 2019, IJCAI.

[14]  Proyash Podder,et al.  Expat: Expectation-based Policy Analysis and Enforcement for Appified Smart-Home Platforms , 2019, SACMAT.

[15]  William Enck,et al.  HomeSnitch: behavior transparency and control for smart home IoT devices , 2019, WiSec.

[16]  Wei Zhang,et al.  HoMonit: Monitoring Smart Home Apps from Encrypted Traffic , 2018, CCS.

[17]  Jiwon Choi,et al.  Detecting and Identifying Faulty IoT Devices in Smart Home with Context Extraction , 2018, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[18]  Patrick D. McDaniel,et al.  Soteria: Automated IoT Safety and Security Analysis , 2018, USENIX Annual Technical Conference.

[19]  Samuel Marchal,et al.  DÏoT: A Federated Self-learning Anomaly Detection System for IoT , 2018, 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS).

[20]  Bu-Sung Lee,et al.  Autoencoder-based network anomaly detection , 2018, 2018 Wireless Telecommunications Symposium (WTS).

[21]  Yuval Elovici,et al.  CIoTA: Collaborative IoT Anomaly Detection via Blockchain , 2018, ArXiv.

[22]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[23]  Randy C. Paffenroth,et al.  Anomaly Detection with Robust Deep Autoencoders , 2017, KDD.

[24]  Amit Kumar Sikder,et al.  6thSense: A Context-aware Sensor-based Attack Detector for Smart Devices , 2017, USENIX Security Symposium.

[25]  Maire O'Neill,et al.  Insecurity by Design: Today's IoT Device Security Problem , 2016 .

[26]  Yoshua Bengio,et al.  Learning Phrase Representations using RNN Encoder–Decoder for Statistical Machine Translation , 2014, EMNLP.

[27]  Thiemo Voigt,et al.  SVELTE: Real-time intrusion detection in the Internet of Things , 2013, Ad Hoc Networks.

[28]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[29]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[30]  S. Hochreiter,et al.  Long Short-Term Memory , 1997, Neural Computation.

[31]  H. Bourlard,et al.  Auto-association by multilayer perceptrons and singular value decomposition , 1988, Biological Cybernetics.

[32]  Xiaojiang Du,et al.  HAWatcher: Semantics-Aware Anomaly Detection for Appified Smart Homes , 2021, USENIX Security Symposium.

[33]  Hongxin Hu,et al.  IoTSafe: Enforcing Safety and Security Policy with Real IoT Physical Interaction Discovery , 2021, NDSS.

[34]  Assistant , 2021, Encyclopedia of Autism Spectrum Disorders.

[35]  Belhassen Zouari,et al.  An ML Behavior-Based Security Control for Smart Home Systems , 2020, CRiSIS.

[36]  Patrick D. McDaniel,et al.  IoTGuard: Dynamic Enforcement of Security and Safety Policy in Commodity IoT , 2019, NDSS.

[37]  Aditya Mathur,et al.  A Systematic Framework to Generate Invariants for Anomaly Detection in Industrial Control Systems , 2019, NDSS.

[38]  Dave Levin,et al.  Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet , 2019, NDSS.

[39]  Qi Wang,et al.  Fear and Logging in the Internet of Things , 2018, NDSS.

[40]  Qi Alfred Chen,et al.  ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms , 2017, NDSS.

[41]  Yuan Tian,et al.  SmartAuth: User-Centered Authorization for the Internet of Things , 2017, USENIX Security Symposium.

[42]  Guigang Zhang,et al.  Deep Learning , 2016, Int. J. Semantic Comput..

[43]  Thomas S. Huang,et al.  One-class SVM for learning in image retrieval , 2001, Proceedings 2001 International Conference on Image Processing (Cat. No.01CH37205).