ARBA: Anomaly and Reputation Based Approach for Detecting Infected IoT Devices

Rosenthal, Gilad; Kdosha, Ofir Erets; Cohen, Kobi; Freund, Alon; Bartik, Avishay; Ron, Aviv

doi:10.1109/access.2020.3014619

Cited by 8 publications

(5 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…-Lower performance compared with other classifiers. 95,106,117,120,123,126,129,132,137,142,145,149,151,155,162,164,166,170,171,182,183,186,190,197,204,205 -Easy to implement.…”

Section: Knnmentioning

confidence: 99%

“…IoT Networks in general Network traffic [105], [107], [109], [110], [111], [115], [116], [118], [119], [120], [126], [127], [129], [132], [136], [137], [139], [140], [142], [145], [146], [147], [149], [151], [153], [154], [158], [159], [162], [165], [166], [175], [178], [182], [183], [185], [186], [187], [190], [192], [194], [195], [196], [199], [200], [201], [202], [204],…”

mentioning

confidence: 99%

See 1 more Smart Citation

A Survey of Using Machine Learning in IoT Security and the Challenges Faced by Researchers

Harahsheh,

Chen

2023

IJCAI

View full text Add to dashboard Cite

The Internet of Things (IoT) has become more popular in the last 15 years as it has significantly improved and gained control in multiple fields. We are nowadays surrounded by billions of IoT devices that directly integrate with our lives, some of them are at the center of our homes, and others control sensitive data such as military fields, healthcare, and datacenters, among others. This popularity makes factories and companies compete to produce and develop many types of those devices without caring about how secure they are. On the other hand, IoT is considered a good insecure environment for cyber thefts. Machine Learning (ML) and Deep Learning (DL) also gained more importance in the last 15 years; they achieved success in the networking security field too. IoT has some similar security requirements such as traditional networks, but with some differences according to its characteristics, some specific security features, and environmental limitations, some differences are made such as low energy resources, limited computational capability, and small memory. These limitations inspire some researchers to search for the perfect and lightweight security ways which strike a balance between performance and security. This survey provides a comprehensive discussion about using machine learning and deep learning in IoT devices within the last five years. It also lists the challenges faced by each model and algorithm. In addition, this survey shows some of the current solutions and other future directions and suggestions. It also focuses on the research that took the IoT environment limitations into consideration.Povzetek: Podan je pregled uporabe strojnega in globokega učenja v IoT napravah ter izzivov, rešitev in prihodnjih smeri raziskav.Informatica 47 (2023) 1-54 k. Harahsheh et al.

show abstract

“…-Lower performance compared with other classifiers. 95,106,117,120,123,126,129,132,137,142,145,149,151,155,162,164,166,170,171,182,183,186,190,197,204,205 -Easy to implement.…”

Section: Knnmentioning

confidence: 99%

mentioning

confidence: 99%

A Survey of Using Machine Learning in IoT Security and the Challenges Faced by Researchers

Harahsheh,

Chen

2023

IJCAI

View full text Add to dashboard Cite

show abstract

“…Developing detection methods for cyber security can be divided broadly into two main approaches: signature-based detection [21]- [23] and anomaly-based detection [7], [15], [24]- [27]. To identify malicious domains, detection methods typically use DNS data, as considered in this paper.…”

Section: B Related Workmentioning

confidence: 99%

“…One of the most popular ways of analyzing DNS traffic is to use passive DNS (pDNS) data (see [12]- [15] and references therein). The analysis is performed offline on a copy of live DNS traffic to study past DNS traffic patterns to evaluate the maliciousness of non-categorized domains.…”

Section: Introductionmentioning

confidence: 99%

“…Offline calculations overcome the need to process a huge amount of data in real-time. Recent studies have analyzed pDNS to isolate malicious domains and IP addresses, and identify infected machines [12]- [15]. However, developing robust methods to relate malicious domains to a malware campaign has not been addressed and is the main focus of this paper.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

IMDoC: Identification of Malicious Domain Campaigns via DNS and Communicating Files

Lazar

Cohen

Freund³

et al. 2021

IEEE Access

Self Cite

View full text Add to dashboard Cite

Cyber attacks have become more sophisticated and frequent over the years. Detecting the components operated during a cyber attack and relating them to a specific threat actor is one of the main challenges facing cyber security systems. Reliable detection of malicious components and identification of the threat actor is imperative to mitigate security issues by Security Operations Center (SOC) analysts. The Domain Name System (DNS) plays a significant role in most cyber attacks observed nowadays in that domains act as a Command and Control (C&C) in coordinated bot network attacks or impersonate legitimate websites in phishing attacks. Thus, DNS analysis has become a popular tool for malicious domain identification. In this collaborative research associating Ben-Gurion University and IBM, we develop a novel algorithm to detect malicious domains and relate them to a specific malware campaign in a large-scale real-data DNS traffic environment, dubbed Identification of Malicious Domain Campaigns (IMDoC) algorithm. Its novelty resides in developing a framework that combines the existence of communicating files for the observed domains and their DNS request patterns in a real production environment. The analysis was conducted on real data from Quad9 (9.9.9.9) DNS recursive resolvers combined with malicious communicating files extracted from VirusTotal, and confirms the strong performance of the algorithm on a real large-scale data production environment. INDEX TERMS Cyber security, domain name system (DNS), clustering methods, detection algorithms.

show abstract

Intelligent IoT-BOTNET attack detection model with optimized hybrid classification model

Bojarajulu

Tanwar

Singh

2023

Computers & Security

View full text Add to dashboard Cite

ARBA: Anomaly and Reputation Based Approach for Detecting Infected IoT Devices

Cited by 8 publications

References 45 publications

A Survey of Using Machine Learning in IoT Security and the Challenges Faced by Researchers

A Survey of Using Machine Learning in IoT Security and the Challenges Faced by Researchers

IMDoC: Identification of Malicious Domain Campaigns via DNS and Communicating Files

Intelligent IoT-BOTNET attack detection model with optimized hybrid classification model

Contact Info

Product

Resources

About