TU Darmstadt / ULB / TUbiblio

DÏoT: A Federated Self-learning Anomaly Detection System for IoT

Nguyen, Thien Duc ; Marchal, Samuel ; Miettinen, Markus ; Fereidooni, Hossein ; Asokan, N. ; Sadeghi, Ahmad-Reza (2019)
DÏoT: A Federated Self-learning Anomaly Detection System for IoT.
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

IoT devices are increasingly deployed in daily life. Many of these devices are, however, vulnerable due to insecure design, implementation, and configuration. As a result, many networks already have vulnerable IoT devices that are easy to compromise. This has led to a new category of malware specifically targeting IoT devices. However, existing intrusion detection techniques are not effective in detecting compromised IoT devices given the massive scale of the problem in terms of the number of different types of devices and manufacturers involved. In this paper, we present DÏoT, an autonomous self-learning distributed system for detecting compromised IoT devices. DÏoT builds effectively on device-type-specific communication profiles that are subsequently used to detect anomalous deviations in devices' communication behavior, potentially caused by malicious adversaries. DÏoT utilizes a federated learning approach for aggregating behavior profiles efficiently. To the best of our knowledge, it is the first system to employ a federated learning approach to anomaly-detection-based intrusion detection. Consequently, DÏoT can cope with emerging new and unknown attacks. We systematically and extensively evaluated more than 30 off-the-shelf IoT devices over a long term and show that DÏoT is highly effective (95.6% detection rate) and fast (~257 ms) at detecting devices compromised by, for instance, the infamous Mirai malware. DÏoT reported no false alarms when evaluated in a real-world smart home deployment setting.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2019
Autor(en): Nguyen, Thien Duc ; Marchal, Samuel ; Miettinen, Markus ; Fereidooni, Hossein ; Asokan, N. ; Sadeghi, Ahmad-Reza
Art des Eintrags: Bibliographie
Titel: DÏoT: A Federated Self-learning Anomaly Detection System for IoT
Sprache: Englisch
Publikationsjahr: 29 März 2019
Buchtitel: The 39th IEEE International Conference on Distributed Computing Systems (ICDCS 2019)
Kurzbeschreibung (Abstract):

IoT devices are increasingly deployed in daily life. Many of these devices are, however, vulnerable due to insecure design, implementation, and configuration. As a result, many networks already have vulnerable IoT devices that are easy to compromise. This has led to a new category of malware specifically targeting IoT devices. However, existing intrusion detection techniques are not effective in detecting compromised IoT devices given the massive scale of the problem in terms of the number of different types of devices and manufacturers involved. In this paper, we present DÏoT, an autonomous self-learning distributed system for detecting compromised IoT devices. DÏoT builds effectively on device-type-specific communication profiles that are subsequently used to detect anomalous deviations in devices' communication behavior, potentially caused by malicious adversaries. DÏoT utilizes a federated learning approach for aggregating behavior profiles efficiently. To the best of our knowledge, it is the first system to employ a federated learning approach to anomaly-detection-based intrusion detection. Consequently, DÏoT can cope with emerging new and unknown attacks. We systematically and extensively evaluated more than 30 off-the-shelf IoT devices over a long term and show that DÏoT is highly effective (95.6% detection rate) and fast (~257 ms) at detecting devices compromised by, for instance, the infamous Mirai malware. DÏoT reported no false alarms when evaluated in a real-world smart home deployment setting.

Freie Schlagworte: Solutions; S2
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
DFG-Sonderforschungsbereiche (inkl. Transregio)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen
Hinterlegungsdatum: 29 Mär 2019 10:34
Letzte Änderung: 02 Mai 2019 09:18
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen