IoT Network Attack Detection and Mitigation

Gelenbe, Erol; Fröhlich, Piotr; Nowak, Mateusz; Papadopoulos, Stavros; Protogerou, Aikaterini; Drosou, Anastasios; Tzovaras, Dimitrios

doi:10.1109/meco49872.2020.9134241

Cited by 31 publications

(11 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…QoS versus energy consumption of distributed services has also been examined experimentallly in [18]. However, the focus on security is more recent and its impact on network management and routing is examined in [10,11,17].…”

Section: Random Neural Network For the Control Of Computer Networkmentioning

confidence: 99%

See 1 more Smart Citation

Energy, QoS and Security Aware Edge Services

Gelenbe

Nowak

Fröhlich

et al. 2022

Communications in Computer and Information Science

Self Cite

View full text Add to dashboard Cite

With the development of communication technologies and the increasing bandwidth of optical fibres and transmission speeds in current 5G and future 6G wireless networks, there is a growing demand for solutions organising traffic in such networks, taking into account both end-to-end transmissions and the possibility of data processing by edge services. The most pressing problems of today’s computer networks are not only bandwidth and transmission delays, but also security and energy consumption, which is becoming increasingly important in today’s climate. This paper presents a solution based on neural networks that organises network traffic taking into account the above criteria - quality of service (QoS), energy consumption and security.

show abstract

Section: Random Neural Network For the Control Of Computer Networkmentioning

confidence: 99%

“…Trust assessing entities can be Attack Detectors or Honeypots, e.g. [17,30]. We employed SYN attack detector presented in [7].…”

Section: Securitymentioning

confidence: 99%

Energy, QoS and Security Aware Edge Services

Gelenbe

Nowak

Fröhlich

et al. 2022

Communications in Computer and Information Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…In [24] a comprehensive overview of recurrent, convolutional, auto-encoder, and spatial-temporal graph neural network techniques was provided, leading to a taxonomy of GNN processes used in various IoT application domains. In [25,26], agents employing a GNN model were proposed to provide both localized monitoring in IoT networks and feature exchange in a distributed synergistic detection mechanism. This SoA method was implemented in conjunction with an SoA mitigation algorithm and verification tool to construct a holistic approach to security in IoT environments.…”

Section: Previous Work In Anomaly Detection Techniquesmentioning

confidence: 99%

Time Series Network Data Enabling Distributed Intelligence—A Holistic IoT Security Platform Solution

et al. 2022

Self Cite

View full text Add to dashboard Cite

The Internet of Things (IoT) encompasses multiple fast-emerging technologies controlling and connecting millions of new devices every day in several application domains. The increased number of interconnected IoT devices, their limited computational power, and the evolving sophistication of cyber security threats, results in increased security challenges for the IoT ecosystem. The diversity of IoT devices, and the variety of QoS requirements among several domains of IoT application, impose considerable challenges in designing and implementing a robust IoT security solution. The aim of this paper is to present an efficient, robust, and easy-to-use system, for IoT cyber security operators. Following a by-design security approach, the proposed system is a platform comprising four distinct yet cooperating components; a distributed AI-enhanced detection of potential threats and anomalies mechanisms, an AI-based generation of effective mitigation strategies according to the severity of detected threats, a system for the verification of SDN routing decisions along with network- and resource-related policies, and a comprehensive and intuitive security status visualization and analysis. The distributed anomaly detection scheme implementing multiple AI-powered agents is deployed across the IoT network nodes aiming to efficiently monitor the entire network infrastructure. Network traffic data are fed to the AI agents, which process consecutive traffic samples from the network in a time series analysis manner, where consecutive time windows framing the traffic of the surrounding nodes are processed by a graph neural network algorithm. Any detected anomalies are handled by a mitigation engine employing a distributed neural network algorithm, which exploits the recorded anomalous events and deploys appropriate responses for optimal threat mitigation. The implemented platform also includes the hypothesis testing module, and a multi-objective optimization tool for the quick verification of routing decisions. The system incorporates visualization and analytics functionality and a customizable user interface.

show abstract

“…For this purpose, a potential approach could be based on the use of graph-based techniques (e.g., graph embedding [128]) where communication endpoints are represented as graph nodes and the interactions are described as the edges. This approach was proposed by [129], which uses techniques based on graph kernels [130] to represent MUD restrictions, or [131], which proposes the use of graph neural networks [132]. Another potential approach to be explored in the coming years is represented by the use of federated learning [94], in which end devices do not share their network traces for traffic analysis purposes, but updates of the model to be learned.…”

Section: F Traffic Analysis Based On Mud Restrictionsmentioning

confidence: 99%

Defining the Behavior of IoT Devices Through the MUD Standard: Review, Challenges, and Research Directions

et al. 2021

View full text Add to dashboard Cite

With the strong development of the Internet of Things (IoT), the definition of IoT devices' intended behavior is key for an effective detection of potential cybersecurity attacks and threats in an increasingly connected environment. In 2019, the Manufacturer Usage Description (MUD) was standardized within the IETF as a data model and architecture for defining, obtaining and deploying MUD files, which describe the network behavioral profiles of IoT devices. While it has attracted a strong interest from academia, industry, and Standards Developing Organizations (SDOs), MUD is not yet widely deployed in real-world scenarios. In this work, we analyze the current research landscape around this standard, and describe some of the main challenges to be considered in the coming years to foster its adoption and deployment. Based on the literature analysis and our own experience in this area, we further describe potential research directions exploiting the MUD standard to encourage the development of secure IoTenabled scenarios.

show abstract

IoT Network Attack Detection and Mitigation

Cited by 31 publications

References 30 publications

Energy, QoS and Security Aware Edge Services

Energy, QoS and Security Aware Edge Services

Time Series Network Data Enabling Distributed Intelligence—A Holistic IoT Security Platform Solution

Defining the Behavior of IoT Devices Through the MUD Standard: Review, Challenges, and Research Directions

Contact Info

Product

Resources

About