Securing IoT: your smart home and your connected enterprise

Moskvitch, Katia

doi:10.1049/et.2017.0303

Cited by 14 publications

(11 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Internet of Things (IoT) is globally expanding, providing diverse benefits in nearly every aspect of our lives [3,28,37,42,44]. Unfortunately, the IoT is also accompanied by a large number of information security vulnerabilities and exploits [1,3,8,23,30,32,37,38,44]. If we take into account the inherent computational limitations of IoT devices in addition to their typical vulnerabilities, the ease by which hackers can locate them (e.g., Shodan [25]), and their expected proliferation worldwide [17,34], then both the risks and the projected global impact of connecting IoT devices to the network in any modern environment become clearly evident.…”

Section: Introductionmentioning

confidence: 99%

Detection of Unauthorized IoT Devices Using Machine Learning Techniques

Meidan,

Bohadana,

Shabtai

et al. 2017

Preprint

View full text Add to dashboard Cite

Security experts have demonstrated numerous risks imposed byInternet of Things (IoT) devices on organizations. Due to the widespread adoption of such devices, their diversity, standardization obstacles, and inherent mobility, organizations require an intelligent mechanism capable of automatically detecting suspicious IoT devices connected to their networks. In particular, devices not included in a white list of trustworthy IoT device types (allowed to be used within the organizational premises) should be detected. In this research, Random Forest, a supervised machine learning algorithm, was applied to features extracted from network traffic data with the aim of accurately identifying IoT device types from the white list. To train and evaluate multi-class classifiers, we collected and manually labeled network traffic data from 17 distinct IoT devices, representing nine types of IoT devices. Based on the classification of 20 consecutive sessions and the use of majority rule, IoT device types that are not on the white list were correctly detected as unknown in 96% of test cases (on average), and white listed device types were correctly classified by their actual types in 99% of cases. Some IoT device types were identified quicker than others (e.g., sockets and thermostats were successfully detected within five TCP sessions of connecting to the network). Perfect detection of unauthorized IoT device types was achieved upon analyzing 110 consecutive sessions; perfect classification of white listed types required 346 consecutive sessions, 110 of which resulted in 99.49% accuracy. Further experiments demonstrated the successful applicability of classifiers trained in one location and tested on another. In addition, a discussion is provided regarding the resilience of our machine learning-based IoT white listing method to adversarial attacks.

show abstract

Section: Introductionmentioning

confidence: 99%

Detection of Unauthorized IoT Devices Using Machine Learning Techniques

Meidan,

Bohadana,

Shabtai

et al. 2017

Preprint

View full text Add to dashboard Cite

show abstract

“…Elfutils is a collection of utilities, including eu-ld (a linker), eu-nm (for listing symbols from object files), eu-size (for listing the section sizes of an object or archive file), eu-strip (for discarding symbols), eu-readelf (to see the raw ELF file structures), and eu-elflint (for checking for well-formed ELF files) 5 . It provides alternative tools to GNU Binutils, and also allows validating ELF files.…”

Section: A Overviewmentioning

confidence: 99%

V-Sandbox for Dynamic Analysis IoT Botnet

Ngo

2020

IEEE Access

View full text Add to dashboard Cite

With the increasing use of resource-constrained IoT devices, the number of IoT Botnets has exploded with many variations and ways of penetration. Nowadays, studies based on machine learning and deep learning have focused on dealing with IoT Botnet with many successes, and these studies have required relevant data during malware execution. For this, the sandbox environment and behavior collection tools play an essential role. However, the existing sandboxes do not provide adequate behavior data of IoT botnet such as the C&C server communication, shared libraries requirements. Moreover, these sandboxes do not support a wide range of CPU architectures, data is not exhaustively collected during executable file runtime. In this paper, we present a new practical sandbox, named V-Sandbox, for dynamic analysis of the IoT Botnet. This sandbox is an ideal environment for IoT Botnet samples that exhibit all of their malicious behavior. It supports the C&C servers connection, shared libraries for dynamic files, and a wide range of CPU architectures. Experimental results on the 6141 IoT Botnet samples in our dataset have demonstrated the effectiveness of the proposed sandbox, compared to existing ones. The contribution of this paper is specific to the development of a usable, efficient sandbox for dynamic analysis of resource-constrained IoT devices.

show abstract

“…In actuality, many companies rarely mention security and privacy in their marketing materials (Wilson, Hargreaves, & Hauxwell-Baldwin, 2017), and this lack of mention may be indicative of their current design efforts. Although the U.S. government has released general design principles related to IoT security, these principles have not been translated into binding human-centric regulations (Moskvitch, 2017; Ziegeldorf, Garcia-Morchon, & Wehlrle, 2014). These oversights may, in part, be due to misconceptions about the potential role that humans can play in securing IoT devices and protecting their personal information (Aleisa & Renaud, 2017).…”

Section: What Is the Current State Of Iot?mentioning

confidence: 99%

Human Factors in the Privacy and Security of the Internet of Things

Chong¹,

Xiong²,

Proctor³

2018

Ergonomics in Design: The Quarterly of Human Factors Applicatio

View full text Add to dashboard Cite

The “Internet of things” (IoT) refers to Internet-enabled technologies designed to increase the efficiency of users’ lives by communicating with other objects and elements in a system. The growth in these interconnected devices has been matched with increases in the use and aggregation of data collected by vendors or third parties. The number of hackers attempting to access users’ private information also has grown. Although attempts have been made to increase IoT security, the role users can play in protecting their information has been overlooked. We illustrate the necessity of taking a user-centered approach to privacy and security when designing and developing IoT technologies.

show abstract

Securing IoT: your smart home and your connected enterprise

Cited by 14 publications

References 0 publications

Detection of Unauthorized IoT Devices Using Machine Learning Techniques

Detection of Unauthorized IoT Devices Using Machine Learning Techniques

V-Sandbox for Dynamic Analysis IoT Botnet

Human Factors in the Privacy and Security of the Internet of Things

Contact Info

Product

Resources

About