Generating Synthetic Data for Real World Detection of DoS Attacks in the IoT

Arnaboldi, Luca; Morisset, Charles

doi:10.1007/978-3-030-04771-9_11

Cited by 7 publications

(14 citation statements)

References 17 publications

(22 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For modeling attacks, Arnaboldi et al [29] proposed an IoT system model for generating a synthetic denial of service (DoS). Erlacher et al [30] proposed an automated system for generating attack traffic for network intrusion detection systems.…”

Section: Anomaly Detectionmentioning

confidence: 99%

IoT Traffic: Modeling and Measurement Experiments

Nguyen-An

Silverston

Yamazaki

et al. 2021

IoT

View full text Add to dashboard Cite

We now use the Internet of things (IoT) in our everyday lives. The novel IoT devices collect cyber–physical data and provide information on the environment. Hence, IoT traffic will count for a major part of Internet traffic; however, its impact on the network is still widely unknown. IoT devices are prone to cyberattacks because of constrained resources or misconfigurations. It is essential to characterize IoT traffic and identify each device to monitor the IoT network and discriminate among legitimate and anomalous IoT traffic. In this study, we deployed a smart-home testbed comprising several IoT devices to study IoT traffic. We performed extensive measurement experiments using a novel IoT traffic generator tool called IoTTGen. This tool can generate traffic from multiple devices, emulating large-scale scenarios with different devices under different network conditions. We analyzed the IoT traffic properties by computing the entropy value of traffic parameters and visually observing the traffic on behavior shape graphs. We propose a new method for identifying traffic entropy-based devices, computing the entropy values of traffic features. The method relies on machine learning to classify the traffic. The proposed method succeeded in identifying devices with a performance accuracy up to 94% and is robust with unpredictable network behavior with traffic anomalies spreading in the network.

show abstract

Section: Anomaly Detectionmentioning

confidence: 99%

IoT Traffic: Modeling and Measurement Experiments

Nguyen-An

Silverston

Yamazaki

et al. 2021

IoT

View full text Add to dashboard Cite

show abstract

“…This increased vulnerability is due in part to the low computational power and battery power characteristic of IoT devices. This has lead to a raise in popularity of battery drain denial of service attacks [4,5], these attacks target a device to perform power drain intensive operation to drain the battery. If they are successful it requires human intervention to change the battery something that is to be avoided in large unsupervised systems.…”

Section: Host Intrusion Detection For Iotmentioning

confidence: 99%

“…This is an additional feature of interest that traditional IDS techniques do not consider. However, as devices often do not have the ability to self monitor their battery drain [5],…”

Section: Host Intrusion Detection For Iotmentioning

confidence: 99%

“…This approach is not only a new way to describe behaviours, modelling has several key advantages, being able to reason, and calculate system wide properties could give security professionals key insights about their system that would not be possible with traditional approaches. This approach is relatively new, but could be extended to not only manually create signatures, but our previous work has proposed modelling based techniques for the automated generation of stochastic attackers [5,6]. Although in early stages, this approach may be able to bypass a lot of the current downsides of signature based approaches to encompass unknown attacker behaviours.…”

Section: Techniques For Use In Intrusion Detection Systemsmentioning

confidence: 99%

See 1 more Smart Citation

A Review of Intrusion Detection Systems and Their Evaluation in the IoT

Arnaboldi,

Morisset

2021

Preprint

Self Cite

View full text Add to dashboard Cite

Intrusion Detection Systems (IDS) are key components for securing critical infrastructures, capable of detecting malicious activities on networks or hosts. The procedure of implementing a IDS for Internet of Things (IoT) networks is not without challenges due to the variability of these systems and specifically the difficulty in accessing data. The specifics of these very constrained devices render the design of an IDS capable of dealing with the varied attacks a very challenging problem and a very active research subject. In the current state of literature, a number of approaches have been proposed to improve the efficiency of intrusion detection, catering to some of these limitations, such as resource constraints and mobility. In this article, we review works on IDS specifically for these kinds of devices from 2008 to 2018, collecting a total of 51 different IDS papers. We summarise the current themes of the field, summarise the techniques employed to train and deploy the IDSs and provide a qualitative evaluations of these approaches. While these works provide valuable insights and solutions for sub-parts of these constraints, we discuss the limitations of these solutions as a whole, in particular what kinds of attacks these approaches struggle to detect and the setup limitations that are unique to this kind of system.We find that although several paper claim novelty of their approach little inter paper comparisons have been made, that there is a dire need for sharing of datasets and almost no shared code repositories, consequently raising the need for a thorough comparative evaluation.

show abstract

“…Other methods are based on re-sampling data samples and then taking a majority vote of the resulting weak learners [27]. Several other approaches [28,29] aimed to collect datasets to improve the accuracy of IDS.…”

Section: Machine Learning For Intrusion Detectionmentioning

confidence: 99%

Handling Imbalanced Data in Intrusion Detection Systems using Generative Adversarial Networks

Nguyen

2020

MIC ICT Research Journal

View full text Add to dashboard Cite

Machine learning-based intrusion detection hasbecome more popular in the research community thanks to itscapability in discovering unknown attacks. To develop a gooddetection model for an intrusion detection system (IDS) usingmachine learning, a great number of attack and normal datasamples are required in the learning process. While normaldata can be relatively easy to collect, attack data is muchrarer and harder to gather. Subsequently, IDS datasets areoften dominated by normal data and machine learning modelstrained on those imbalanced datasets are ineffective in detect-ing attacks. In this paper, we propose a novel solution to thisproblem by using generative adversarial networks to generatesynthesized attack data for IDS. The synthesized attacks aremerged with the original data to form the augmented dataset.Three popular machine learning techniques are trained on theaugmented dataset. The experiments conducted on the threecommon IDS datasets and one our own dataset show thatmachine learning algorithms achieve better performance whentrained on the augmented dataset of the generative adversarialnetworks compared to those trained on the original datasetand other sampling techniques. The visualization techniquewas also used to analyze the properties of the synthesizeddata of the generative adversarial networks and the others.

show abstract

Generating Synthetic Data for Real World Detection of DoS Attacks in the IoT

Cited by 7 publications

References 17 publications

IoT Traffic: Modeling and Measurement Experiments

IoT Traffic: Modeling and Measurement Experiments

A Review of Intrusion Detection Systems and Their Evaluation in the IoT

Handling Imbalanced Data in Intrusion Detection Systems using Generative Adversarial Networks

Contact Info

Product

Resources

About