Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Self-adaptive Traffic Anomaly Detection System for IoT Smart Home Environments

Naoto Watanabe, Taku Yamazaki, Takumi Miyoshi, Ryo Yamamoto, Masataka Nakahara, Norihiro Okui, Ayumu Kubota

TL;DR

A self-adaptive anomaly detection system for IoT traffic, including unknown attacks that can adapt to unknown attacks to reflect pattern changes in anomalous traffic based on real-time captured traffic is proposed.

Abstract

With the growth of internet of things (IoT) devices, cyberattacks, such as distributed denial of service, that exploit vulnerable devices infected with malware have increased. Therefore, vendors and users must keep their device firmware updated to eliminate vulnerabilities and quickly handle unknown cyberattacks. However, it is difficult for both vendors and users to continually keep the devices safe because vendors must provide updates quickly and the users must continuously manage the conditions of all deployed devices. Therefore, to ensure security, it is necessary for a system to adapt autonomously to changes in cyberattacks. In addition, it is important to consider network-side security that detects and filters anomalous traffic at the gateway to comprehensively protect those devices. This paper proposes a self-adaptive anomaly detection system for IoT traffic, including unknown attacks. The proposed system comprises a honeypot server and a gateway. The honeypot server continuously captures traffic and adaptively generates an anomaly detection model using real-time captured traffic. Thereafter, the gateway uses the generated model to detect anomalous traffic. Thus, the proposed system can adapt to unknown attacks to reflect pattern changes in anomalous traffic based on real-time captured traffic. Three experiments were conducted to evaluate the proposed system: a virtual experiment using pre-captured traffic from various regions across the world, a demonstration experiment using real-time captured traffic, and a virtual experiment using a public dataset containing the traffic generated by malware. The experimental results indicate that a system adaptable in real time to evolving cyberattacks is a novel approach for ensuring the comprehensive security of IoT devices against both known and unknown attacks.

Self-adaptive Traffic Anomaly Detection System for IoT Smart Home Environments

TL;DR

A self-adaptive anomaly detection system for IoT traffic, including unknown attacks that can adapt to unknown attacks to reflect pattern changes in anomalous traffic based on real-time captured traffic is proposed.

Abstract

With the growth of internet of things (IoT) devices, cyberattacks, such as distributed denial of service, that exploit vulnerable devices infected with malware have increased. Therefore, vendors and users must keep their device firmware updated to eliminate vulnerabilities and quickly handle unknown cyberattacks. However, it is difficult for both vendors and users to continually keep the devices safe because vendors must provide updates quickly and the users must continuously manage the conditions of all deployed devices. Therefore, to ensure security, it is necessary for a system to adapt autonomously to changes in cyberattacks. In addition, it is important to consider network-side security that detects and filters anomalous traffic at the gateway to comprehensively protect those devices. This paper proposes a self-adaptive anomaly detection system for IoT traffic, including unknown attacks. The proposed system comprises a honeypot server and a gateway. The honeypot server continuously captures traffic and adaptively generates an anomaly detection model using real-time captured traffic. Thereafter, the gateway uses the generated model to detect anomalous traffic. Thus, the proposed system can adapt to unknown attacks to reflect pattern changes in anomalous traffic based on real-time captured traffic. Three experiments were conducted to evaluate the proposed system: a virtual experiment using pre-captured traffic from various regions across the world, a demonstration experiment using real-time captured traffic, and a virtual experiment using a public dataset containing the traffic generated by malware. The experimental results indicate that a system adaptable in real time to evolving cyberattacks is a novel approach for ensuring the comprehensive security of IoT devices against both known and unknown attacks.
Paper Structure (15 sections, 8 figures, 6 tables)

This paper contains 15 sections, 8 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Self-adaptive Traffic Anomaly Detection System for IoT Smart Home Environments
  4. Honeypot Server and Traffic Capturing
  5. Methods for Updating the Anomaly Detection Model
  6. Feature Extraction and Machine Learning
  7. Anomaly Detection on Gateway
  8. Experimental Environments
  9. Experiment Setup
  10. Evaluation Indices
  11. Results and Discussion
  12. Experiment 1
  13. Experiment 2
  14. Experiment 3
  15. Conclusion

Figures (8)

  • Figure 1: Overview of the proposed system. The proposed system is composed of the gateway, honeypot server, and IoT devices. The gateway observes the traffic and detects traffic anomalies using a machine learning model. The honeypot server trains the machine learning model using the captured traffic passed through the gateway and provides it to the gateway.
  • Figure 2: Illustrations of the operation of the static creation method ($T_{\mathrm{duration}}=1$ [h]) and dynamic update method ($T_{\mathrm{duration}}, T_{\mathrm{update}}=1$ [h]).
  • Figure 3: Procedure for creating an anomaly detection model.
  • Figure 4: Experiment 2: Overview of the smart home environment used in the experiment.
  • Figure 5: Experiment 1: Distributions of destination ports observed by the honeypot server.
  • ...and 3 more figures