Ayyoob Hamza scite author profile

Smart homes, enterprises, and cities equipped with IoT devices are increasingly becoming target of an escalating number of sophisticated new cyber-attacks. Anomaly-based detection methods are promising in finding new attacks, but there are certain practical challenges like false-positive alarms, hard to explain, and difficult to scale cost-effectively. The IETF recent standard called Manufacturer Usage Description (MUD) seems promising to limit the attack surface on IoT devices by formally specifying their intended network behavior (whitelisting). In this paper, we use SDN to enforce and monitor the expected behaviors (compliant with MUD profile) of each IoT device, and train one-class classifier models to detect volumetric attacks such as DoS, reflective TCP/UDP/ICMP flooding, and ARP spoofing on IoT devices.Our first contribution develops a multi-level inferencing model to dynamically detect anomalous patterns in network activity of MUDcompliant traffic flows via SDN telemetry, followed by packet inspection of anomalous flows. This provides enhanced fine-grained visibility into distributed and direct attacks, allowing us to precisely isolate volumetric attacks with microflow (5-tuple) resolution. For our second contribution, we collect traffic traces (benign and a variety of volumetric attacks) from network behavior of IoT devices in our lab, generate labeled datasets, and make them available to the public. Our third contribution prototypes a full working system (modules are released as open-source), demonstrates its efficacy in detecting volumetric attacks on several consumer IoT devices with high accuracy while maintaining low false positives, and provides insights into cost and performance of our system. Our last contribution demonstrates how our models scale in environments with a large number of connected IoTs (with datasets collected from a network of IP cameras in our university campus) by considering various training strategies (per device unit versus per device type), and balancing the accuracy of prediction against the cost of models in terms of size and training time.

show abstract

Combining MUD Policies with SDN for IoT Intrusion Detection

Hamza

Gharakheili

Sivaraman

2018

View full text Add to dashboard Cite

Verifying and Monitoring IoTs Network Behavior Using MUD Profiles

Hamza

Ranathunga

Gharakheili

et al. 2022

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Network-Level Security for the Internet of Things: Opportunities and Challenges

et al. 2019

View full text Add to dashboard Cite

Clear as MUD

Hamza

Ranathunga

Gharakheili

et al. 2018

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Ayyoob Hamza

Detecting Volumetric Attacks on loT Devices via SDN-Based Monitoring of MUD Activity

Combining MUD Policies with SDN for IoT Intrusion Detection

Verifying and Monitoring IoTs Network Behavior Using MUD Profiles

Network-Level Security for the Internet of Things: Opportunities and Challenges

Clear as MUD

Contact Info

Product

Resources

About