The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. A single compromised device can have an impact on the whole network and lead to major security and physical damages. This paper explores the potential of using network profiling and machine learning to secure IoT against cyber-attacks. The proposed anomaly-based intrusion detection solution dynamically and actively profiles and monitors all networked devices for the detection of IoT device tampering attempts as well as suspicious network transactions. Any deviation from the defined profile is considered to be an attack and is subject to further analysis. Raw traffic is also passed on to the machine learning classifier for examination and identification of potential attacks. Performance assessment of the proposed methodology is conducted on the Cyber-Trust testbed using normal and malicious network traffic. The experimental results show that the proposed anomaly detection system delivers promising results with an overall accuracy of 98.35% and 0.98% of false-positive alarms.
翻译:使用IoT装置的迅速增加给数字社会带来了许多好处,从提高效率到生产率的提高。然而,由于资源有限和这些装置的开放性,它们很容易受到各种网络威胁。单一的受损装置可能对整个网络产生影响,并导致重大安全和物质损害。本文件探讨了利用网络特征分析和机器学习确保IoT不受网络攻击的可能性。拟议的基于异常的入侵探测解决方案动态和积极描述并监测所有联网装置,以探测IoT装置的篡改企图和可疑的网络交易。任何偏离定义特征的行为都被视为攻击,并有待进一步分析。原始交通也传递给机器学习分类,以便检查和识别潜在的攻击。对拟议方法的绩效评估是利用正常和恶意网络交通对网络-入侵测试床进行绩效评估。实验结果显示,拟议的异常探测系统提供了令人乐观的结果,总体准确率为98.35%和0.98%的假阳性警报。