Adrien Cosson
ABSTRACT
The concept of Internet of Things (IoT) has changed the way we live by integrating commodity devices with cyberspace to automate our everyday tasks. Nowadays, IoT devices in the home environment are becoming ubiquitous with seamless connectivity and diverse application domains. Modern IoT devices have adopted a many-to-many connectivity model to enhance user experience and device functionalities compared to early IoT devices with standalone device setup and limited functionalities. However, the continuous connection between devices and cyberspace has introduced new cyber attacks targeting IoT devices and networks. Due to the resource-constrained nature of IoT devices as well as the opacity of the IoT framework, traditional intrusion detection systems cannot be applied here. In this paper, we introduce Sentinel, a novel intrusion detection system that uses kernel-level information to detect malicious attacks. Specifically, Sentinel collects low-level system information (CPU usage, RAM usage, total load, available swap, etc.) of each IoT device in a network and learns the pattern of device behavior to differentiate between benign and malicious events. We evaluated the efficacy and performance of Sentinel in different IoT platforms with multiple devices and settings. We also measured the performance of Sentinel against five types of real-life attacks. Our evaluation shows that Sentinel can detect different attacks to IoT devices and networks with high accuracy (over 95%) and secure the devices in different IoT platforms and configurations. Also, Sentinel achieves minimum overhead in power consumption, ensuring high compatibility in resource-constraint IoT devices.
- Abbas Acar, Hossein Fereidooni, Tigist Abera, Amit Kumar Sikder, Markus Miettinen, Hidayet Aksu, Mauro Conti, Ahmad-Reza Sadeghi, and Selcuk Uluagac. 2020. Peek-a-Boo: I see your smart home activities, even encrypted!. In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 207--218.Google Scholar
Digital Library
- Ahmad Al-Qerem, Bushra Mohammed Abutahoun, Shadi Ismail Nashwan, Shatha Shakhatreh, Mohammad Alauthman, and Ammar Almomani. 2020. Network-Based Detection of Mirai Botnet Using Machine Learning and Feature Selection Methods. In Handbook of Research on Multimedia Cyber Security. IGI Global, 308--318.Google Scholar
- Ioannis Andrea, Chrysostomos Chrysostomou, and George Hadjichristofi. 2015. Internet of Things: Security vulnerabilities and challenges. In 2015 IEEE symposium on computers and communication (ISCC). IEEE, 180--187.Google ScholarDigital Library
- Eirini Anthi, Lowri Williams, Małgorzata Słowińska, George Theodorakopoulos, and Pete Burnap. 2019. A supervised intrusion detection system for smart home IoT devices. IEEE Internet of Things Journal 6, 5 (2019), 9042--9053.Google ScholarCross Ref
- Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J Alex Halderman, Luca Invernizzi, Michalis Kallitsis, et al. 2017. Understanding the mirai botnet. In 26th USENIX security symposium. 1093--1110.Google Scholar
- Leonardo Babun, Hidayet Aksu, Lucas Ryan, Kemal Akkaya, Elizabeth S Bentley, and A Selcuk Uluagac. 2020. Z-iot: Passive device-class fingerprinting of zigbee and z-wave iot devices. In ICC 2020-2020 IEEE International Conference on Communications (ICC). IEEE, 1--7.Google ScholarCross Ref
- Leonardo Babun, Z Berkay Celik, Patrick McDaniel, and A Selcuk Uluagac. 2021. Real-time analysis of privacy-(un) aware iot applications. Proceedings on Privacy Enhancing Technologies 2021, 1 (2021), 145--166.Google ScholarCross Ref
- Elhadj Benkhelifa, Thomas Welsh, and Walaa Hamouda. 2018. A critical review of practices and challenges in intrusion detection systems for IoT: Toward universal and resilient systems. IEEE Communications Surveys & Tutorials 20, 4 (2018), 3496--3509.Google ScholarDigital Library
- Z Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu, Gang Tan, Patrick McDaniel, and A Selcuk Uluagac. 2018. Sensitive information tracking in commodity IoT. In 27th USENIX Security Symposium. 1687--1704.Google Scholar
- Z Berkay Celik, Earlence Fernandes, Eric Pauley, Gang Tan, and Patrick McDaniel. 2019. Program analysis of commodity iot applications for security and privacy: Challenges and opportunities. ACM Computing Surveys (CSUR) 52, 4 (2019).Google Scholar
- Christian Cervantes, Diego Poplade, Michele Nogueira, and Aldri Santos. 2015. Detection of sinkhole attacks for supporting secure routing on 6LoWPAN for Internet of Things. In IFIP/IEEE International Symposium on Integrated Network Management (IM). IEEE, 606--611.Google ScholarCross Ref
- Sam Cook. 2021. 60+ IoT statistics and facts. https://www.comparitech.com/internet-providers/iot-statistics/Google Scholar
- Adrien Cosson. 2020. Fork of Pi-Gen Used to Generate the Sentinel Raspbian Images.Google Scholar
- Michele De Donno, Nicola Dragoni, Alberto Giaretta, and Angelo Spognardi. 2018. DDoS-capable IoT malwares: Comparative analysis and Mirai investigation. Security and Communication Networks 2018 (2018).Google Scholar
- Stephanie Forrest, Steven A Hofmeyr, Anil Somayaji, and Thomas A Longstaff. 1996. A sense of self for unix processes. In IEEE Symposium on Security and Privacy. IEEE, 120--128.Google ScholarCross Ref
- Tal Garfinkel, Mendel Rosenblum, et al. 2003. A virtual machine introspection based architecture for intrusion detection.. In Ndss, Vol. 3. Citeseer, 191--206.Google Scholar
- Tatikayala Sai Gopal, Mallesh Meerolla, G Jyostna, P Reddy Lakshmi Eswari, and E Magesh. 2018. Mitigating Mirai malware spreading in IoT environment. In 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI). IEEE, 2226--2230.Google ScholarCross Ref
- Guofei Gu, Phillip A Porras, Vinod Yegneswaran, Martin W Fong, and Wenke Lee. 2007. Bothunter: Detecting malware infection through ids-driven dialog correlation.. In USENIX Security Symposium, Vol. 7. 1--16.Google Scholar
- Tobias Heer, Oscar Garcia-Morchon, René Hummen, Sye Loong Keoh, Sandeep S Kumar, and Klaus Wehrle. 2011. Security Challenges in the IP-based Internet of Things. Wireless Personal Communications 61, 3 (2011), 527--542.Google ScholarDigital Library
- Eclipse IoT. 2021. IoT Developer Survey 2020. https://iot.eclipse.org/community/resources/iot-surveys/assets/iot-developer-survey-2020.pdfGoogle Scholar
- LES Jaramillo. 2018. Malware detection and mitigation techniques: lessons learned from Mirai DDOS attack. Journal of Information Systems Engineering & Management 3, 3 (2018), 19.Google ScholarCross Ref
- MHR Khouzani and Saswati Sarkar. 2011. Maximum damage battery depletion attack in mobile sensor networks. IEEE Trans. Automat. Control 56, 10 (2011), 2358--2368.Google ScholarCross Ref
- Nickolaos Koroniotis, Nour Moustafa, Elena Sitnikova, and Benjamin Turnbull. 2019. Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Future Generation Computer Systems 100 (2019), 779--796.Google ScholarDigital Library
- CU Om Kumar and Ponsy RK Sathia Bhama. 2019. Detecting and confronting flash attacks from IoT botnets. The Journal of Supercomputing 75, 12 (2019), 8312--8338.Google ScholarCross Ref
- Hung-Jen Liao, Chun-Hung Richard Lin, Ying-Chih Lin, and Kuang-Yuan Tung. 2013. Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications 36, 1 (2013), 16--24.Google ScholarDigital Library
- Linux. 2020. Rules on how to access information in sysfs. https://august.com/pages/how-it-worksGoogle Scholar
- Daniele Midi, Antonino Rullo, Anand Mudgerikar, and Elisa Bertino. 2017. Kalis---A system for knowledge-driven adaptable intrusion detection for the Internet of Things. In 2017 IEEE 37th International Conference on Distributed Computing Systems(ICDCS). IEEE, 656--666.Google ScholarCross Ref
- Robert Mitchell and Ing-Ray Chen. 2014. A survey of intrusion detection techniques for cyber-physical systems. ACM Computing Surveys (CSUR) 46, 4 (2014), 1--29.Google ScholarDigital Library
- Aikaterini Mitrokotsa, Melanie R Rieback, and Andrew S Tanenbaum. 2010. Classification of RFID attacks. Gen 15693, 14443 (2010), 14.Google Scholar
- Patrick Mochel and Mike Murphy. 2021. Sysfs - The Filesystem for Exproting Kernel Objects. https://www.kernel.org/doc/Documentation/filesystems/sysfs.txtGoogle Scholar
- Nour Moustafa, Benjamin Turnbull, and Kim-Kwang Raymond Choo. 2018. An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things. IEEE Internet of Things Journal 6, 3 (2018), 4815--4830.Google ScholarCross Ref
- Mozilla. 2018. WoT Capability Schemas. https://iot.mozilla.org/schemas/Google Scholar
- AKM Newaz, Nur Imtiazul Haque, Amit Kumar Sikder, Mohammad Ashiqur Rahman, and A Selcuk Uluagac. 2020. Adversarial Attacks to Machine Learning-Based Smart Healthcare Systems. arXiv preprint arXiv:2010.03671 (2020).Google Scholar
- AKM Newaz, Amit Kumar Sikder, Mohammad Ashiqur Rahman, and A Selcuk Uluagac. 2020. A survey on security and privacy issues in modern healthcare systems: Attacks and defenses. arXiv preprint arXiv:2005.07359 (2020).Google Scholar
- AKM Iqtidar Newaz, Amit Kumar Sikder, Leonardo Babun, and A Selcuk Uluagac. 2020. Heka: A novel intrusion detection system for attacks to personal medical devices. In IEEE Conference on Communications and Network Security (CNS). IEEE.Google Scholar
- AKM Iqtidar Newaz, Amit Kumar Sikder, Mohammad Ashiqur Rahman, and A Selcuk Uluagac. 2019. Healthguard: A machine learning-based security framework for smart healthcare systems. In Sixth International Conference on Social Networks Analysis, Management and Security (SNAMS). IEEE, 389--396.Google Scholar
- Shahid Raza, Linus Wallgren, and Thiemo Voigt. 2013. SVELTE: Real-time intrusion detection in the Internet of Things. Ad hoc networks 11, 8 (2013), 2661--2674.Google Scholar
- MQTT Github Repository. 2020. Mqtt/Mqtt.Github.Io. https://github.com/mqtt/mqtt.github.ioGoogle Scholar
- Luis Puche Rondon, Leonardo Babun, Ahmet Aris, Kemal Akkaya, and A Selcuk Uluagac. 2020. PoisonIvy: (In) secure Practices of Enterprise IoT Systems in Smart Buildings. In Proceedings of the 7th ACM International Conference on Systems for Energy-Efficient Buildings, Cities, and Transportation. 130--139.Google ScholarDigital Library
- Shammya Saha, Nikhil Ravi, Kári Hreinsson, Jaejong Baek, Anna Scaglione, and Nathan G Johnson. 2021. A secure distributed ledger for transactive energy: The Electron Volt Exchange (EVE) blockchain. Applied Energy 282 (2021), 116208.Google ScholarCross Ref
- Md Hasan Shahriar, Nur Imtiazul Haque, Mohammad Ashiqur Rahman, and Miguel Alonso. 2020. G-ids: Generative adversarial networks assisted intrusion detection system. In 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC). IEEE, 376--385.Google Scholar
- Amit Kumar Sikder, Abbas Acar, Hidayet Aksu, A Selcuk Uluagac, Kemal Akkaya, and Mauro Conti. 2018. IoT-enabled smart lighting systems for smart cities. In 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC). IEEE, 639--645.Google ScholarCross Ref
- Amit Kumar Sikder, Hidayet Aksu, and A Selcuk Uluagac. 2017. 6thsense: A context-aware sensor-based attack detector for smart devices. In 26th USENIX Security Symposium. 397--414.Google Scholar
- Amit Kumar Sikder, Hidayet Aksu, and A Selcuk Uluagac. 2019. A context-aware framework for detecting sensor-based threats on smart devices. IEEE Transactions on Mobile Computing 19, 2 (2019), 245--261.Google ScholarCross Ref
- Amit Kumar Sikder, Leonardo Babun, Hidayet Aksu, and A Selcuk Uluagac. 2019. Aegis: a context-aware security framework for smart home systems. In Proceedings of the 35th Annual Computer Security Applications Conference. 28--41.Google ScholarDigital Library
- Amit Kumar Sikder, Leonardo Babun, Z Berkay Celik, Abbas Acar, Hidayet Aksu, Patrick McDaniel, Engin Kirda, and A Selcuk Uluagac. 2020. Kratos: multi-user multi-device-aware access control system for the smart home. In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 1--12.Google ScholarDigital Library
- Amit Kumar Sikder, Leonardo Babun, and A Selcuk Uluagac. 2021. Aegis+ A Context-aware Platform-independent Security Framework for Smart Home Systems. Digital Threats: Research and Practice 2, 1 (2021), 1--33.Google ScholarDigital Library
- Amit Kumar Sikder, Giuseppe Petracca, Hidayet Aksu, Trent Jaeger, and A Selcuk Uluagac. 2018. A survey on sensor-based threats to internet-of-things (iot) devices and applications. arXiv preprint arXiv:1802.02041 (2018).Google Scholar
- Ivan Stojmenovic, Sheng Wen, Xinyi Huang, and Hao Luan. 2016. An overview of fog computing and its security issues. Concurrency and Computation: Practice and Experience 28, 10 (2016), 2991--3005.Google ScholarDigital Library
- M Surendar and A Umamakeswari. 2016. Indres: An intrusion detection and response system for internet of things with 6lowpan. In 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET). IEEE, 1903--1908.Google ScholarCross Ref
- John R Vacca. 2013. Computer and Information Security Handbook. Elsevier Science & Technology Books, San Diego.Google Scholar
- Eugene Y Vasserman and Nicholas Hopper. 2011. Vampire attacks: Draining life from wireless ad hoc sensor networks. IEEE transactions on mobile computing 12, 2 (2011), 318--332.Google Scholar
- Linus Wallgren, Shahid Raza, and Thiemo Voigt. 2013. Routing attacks and countermeasures in the RPL-based internet of things. International Journal of Distributed Sensor Networks 9, 8 (2013), 794326.Google ScholarCross Ref
- Anthony D Wood and John A Stankovic. 2002. Denial of service in sensor networks. computer 35, 10 (2002), 54--62.Google Scholar
- Dong-Jie Wu, Ching-Hao Mao, Te-En Wei, Hahn-Ming Lee, and Kuo-Ping Wu. 2012. Droidmat: Android malware detection through manifest and api calls tracing. In Seventh Asia Joint Conference on Information Security. IEEE, 62--69.Google ScholarDigital Library
- Jacob Wurm, Khoa Hoang, Orlando Arias, Ahmad-Reza Sadeghi, and Yier Jin. 2016. Security analysis on consumer and industrial IoT devices. In 21st Asia and South Pacific Design Automation Conference. IEEE, 519--524.Google ScholarDigital Library
- Yanfang Ye, Dingding Wang, Tao Li, and Dongyi Ye. 2007. IMDS: Intelligent malware detection system. In Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining. ACM, 1043--1047.Google ScholarDigital Library
Index Terms
- Sentinel: A Robust Intrusion Detection System for IoT Networks Using Kernel-Level System Information
Recommendations
Edge-Based Intrusion Detection for IoT devices
Special Issue on Analytics for Cybersecurity and Privacy, Part 1As the Internet of Things (IoT) is estimated to grow to 25 billion by 2021, there is a need for an effective and efficient Intrusion Detection System (IDS) for IoT devices. Traditional network-based IDSs are unable to efficiently detect IoT malware and ...
Protecting IoT devices from security attacks using effective decision-making strategy of appropriate features
AbstractThe term "Internet of things (IoT)” refers to a network in which data from all connected devices may be gathered, analyzed, and modified as per requirements to offer new services. IoT devices require a constant Internet connection to exchange ...
Internet of things or threats?: on building trust in IoT (keynote)
CODES '18: Proceedings of the International Conference on Hardware/Software Codesign and System SynthesisThe Internet of things (IoT) is rapidly emerging with the goal to connect the unconnected. Many new device manufacturers are entering the market of internet-connected appliances for smart homes and offices, ranging from motion sensors to virtual voice ...
Comments