TU Darmstadt / ULB / TUbiblio

ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks

Rieger, Phillip ; Chilese, Marco ; Mohamed, Reham ; Miettinen, Markus ; Fereidooni, Hossein ; Sadeghi, Ahmad-Reza (2023)
ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks.
32nd USENIX Security Symposium. Anaheim, USA (09.-11.08.2023)
Conference or Workshop Item, Bibliographie

Abstract

IoT application domains, device diversity and connectivity are rapidly growing. IoT devices control various functions in smart homes and buildings, smart cities, and smart factories, making these devices an attractive target for attackers. On the other hand, the large variability of different application scenarios and inherent heterogeneity of devices make it very challenging to reliably detect abnormal IoT device behaviors and distinguish these from benign behaviors. Existing approaches for detecting attacks are mostly limited to attacks directly compromising individual IoT devices, or, require predefined detection policies. They cannot detect attacks that utilize the control plane of the IoT system to trigger actions in an unintended/malicious context, e.g., opening a smart lock while the smart home residents are absent.

In this paper, we tackle this problem and propose ARGUS, the first self-learning intrusion detection system for detecting contextual attacks on IoT environments, in which the attacker maliciously invokes IoT device actions to reach its goals. ARGUS monitors the contextual setting based on the state and actions of IoT devices in the environment. An unsupervised Deep Neural Network (DNN) is used for modeling the typical contextual device behavior and detecting actions taking place in abnormal contextual settings. This unsupervised approach ensures that ARGUS is not restricted to detecting previously known attacks but is also able to detect new attacks. We evaluated ARGUS on heterogeneous real-world smart-home settings and achieve at least an F1-Score of 99.64% for each setup, with a false positive rate (FPR) of at most 0.03%.

Item Type: Conference or Workshop Item
Erschienen: 2023
Creators: Rieger, Phillip ; Chilese, Marco ; Mohamed, Reham ; Miettinen, Markus ; Fereidooni, Hossein ; Sadeghi, Ahmad-Reza
Type of entry: Bibliographie
Title: ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks
Language: English
Date: 10 August 2023
Place of Publication: Berkeley
Publisher: USENIX Association
Book Title: Proceedings of the 32nd USENIX Security Symposium
Event Title: 32nd USENIX Security Symposium
Event Location: Anaheim, USA
Event Dates: 09.-11.08.2023
URL / URN: https://www.usenix.org/conference/usenixsecurity23/presentat...
Abstract:

IoT application domains, device diversity and connectivity are rapidly growing. IoT devices control various functions in smart homes and buildings, smart cities, and smart factories, making these devices an attractive target for attackers. On the other hand, the large variability of different application scenarios and inherent heterogeneity of devices make it very challenging to reliably detect abnormal IoT device behaviors and distinguish these from benign behaviors. Existing approaches for detecting attacks are mostly limited to attacks directly compromising individual IoT devices, or, require predefined detection policies. They cannot detect attacks that utilize the control plane of the IoT system to trigger actions in an unintended/malicious context, e.g., opening a smart lock while the smart home residents are absent.

In this paper, we tackle this problem and propose ARGUS, the first self-learning intrusion detection system for detecting contextual attacks on IoT environments, in which the attacker maliciously invokes IoT device actions to reach its goals. ARGUS monitors the contextual setting based on the state and actions of IoT devices in the environment. An unsupervised Deep Neural Network (DNN) is used for modeling the typical contextual device behavior and detecting actions taking place in abnormal contextual settings. This unsupervised approach ensures that ARGUS is not restricted to detecting previously known attacks but is also able to detect new attacks. We evaluated ARGUS on heterogeneous real-world smart-home settings and achieve at least an F1-Score of 99.64% for each setup, with a false positive rate (FPR) of at most 0.03%.

Divisions: 20 Department of Computer Science
20 Department of Computer Science > System Security Lab
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
Date Deposited: 27 Nov 2023 14:49
Last Modified: 29 Jan 2024 12:55
PPN: 515113352
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details