Rieger, Phillip ; Chilese, Marco ; Mohamed, Reham ; Miettinen, Markus ; Fereidooni, Hossein ; Sadeghi, Ahmad-Reza (2023)
ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks.
32nd USENIX Security Symposium. Anaheim, USA (09.08.2023-11.08.2023)
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
IoT application domains, device diversity and connectivity are rapidly growing. IoT devices control various functions in smart homes and buildings, smart cities, and smart factories, making these devices an attractive target for attackers. On the other hand, the large variability of different application scenarios and inherent heterogeneity of devices make it very challenging to reliably detect abnormal IoT device behaviors and distinguish these from benign behaviors. Existing approaches for detecting attacks are mostly limited to attacks directly compromising individual IoT devices, or, require predefined detection policies. They cannot detect attacks that utilize the control plane of the IoT system to trigger actions in an unintended/malicious context, e.g., opening a smart lock while the smart home residents are absent.
In this paper, we tackle this problem and propose ARGUS, the first self-learning intrusion detection system for detecting contextual attacks on IoT environments, in which the attacker maliciously invokes IoT device actions to reach its goals. ARGUS monitors the contextual setting based on the state and actions of IoT devices in the environment. An unsupervised Deep Neural Network (DNN) is used for modeling the typical contextual device behavior and detecting actions taking place in abnormal contextual settings. This unsupervised approach ensures that ARGUS is not restricted to detecting previously known attacks but is also able to detect new attacks. We evaluated ARGUS on heterogeneous real-world smart-home settings and achieve at least an F1-Score of 99.64% for each setup, with a false positive rate (FPR) of at most 0.03%.
Typ des Eintrags: | Konferenzveröffentlichung |
---|---|
Erschienen: | 2023 |
Autor(en): | Rieger, Phillip ; Chilese, Marco ; Mohamed, Reham ; Miettinen, Markus ; Fereidooni, Hossein ; Sadeghi, Ahmad-Reza |
Art des Eintrags: | Bibliographie |
Titel: | ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks |
Sprache: | Englisch |
Publikationsjahr: | 10 August 2023 |
Ort: | Berkeley |
Verlag: | USENIX Association |
Buchtitel: | Proceedings of the 32nd USENIX Security Symposium |
Veranstaltungstitel: | 32nd USENIX Security Symposium |
Veranstaltungsort: | Anaheim, USA |
Veranstaltungsdatum: | 09.08.2023-11.08.2023 |
URL / URN: | https://www.usenix.org/conference/usenixsecurity23/presentat... |
Kurzbeschreibung (Abstract): | IoT application domains, device diversity and connectivity are rapidly growing. IoT devices control various functions in smart homes and buildings, smart cities, and smart factories, making these devices an attractive target for attackers. On the other hand, the large variability of different application scenarios and inherent heterogeneity of devices make it very challenging to reliably detect abnormal IoT device behaviors and distinguish these from benign behaviors. Existing approaches for detecting attacks are mostly limited to attacks directly compromising individual IoT devices, or, require predefined detection policies. They cannot detect attacks that utilize the control plane of the IoT system to trigger actions in an unintended/malicious context, e.g., opening a smart lock while the smart home residents are absent. In this paper, we tackle this problem and propose ARGUS, the first self-learning intrusion detection system for detecting contextual attacks on IoT environments, in which the attacker maliciously invokes IoT device actions to reach its goals. ARGUS monitors the contextual setting based on the state and actions of IoT devices in the environment. An unsupervised Deep Neural Network (DNN) is used for modeling the typical contextual device behavior and detecting actions taking place in abnormal contextual settings. This unsupervised approach ensures that ARGUS is not restricted to detecting previously known attacks but is also able to detect new attacks. We evaluated ARGUS on heterogeneous real-world smart-home settings and achieve at least an F1-Score of 99.64% for each setup, with a false positive rate (FPR) of at most 0.03%. |
Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Systemsicherheit Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) |
Hinterlegungsdatum: | 27 Nov 2023 14:49 |
Letzte Änderung: | 29 Jan 2024 12:55 |
PPN: | 515113352 |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Frage zum Eintrag |
Optionen (nur für Redakteure)
Redaktionelle Details anzeigen |