IoT-PRIDS: Leveraging packet representations for intrusion detection in IoT networks

The Internet of Things (IoT) devices have been integrated into almost all everyday applications of human life such as healthcare, transportation and agriculture. This widespread adoption of IoT has opened a large threat landscape to computer networks, leaving security gaps in IoT-enabled networks. These resource-constrained devices lack sufficient security mechanisms and become the weakest link in our in computer networks and jeopardize systems and data. To address this issue, Intrusion Detection Systems (IDS) have been proposed as one of many tools to mitigate IoT related intrusions. While IDS have proven to be a crucial tools for threat detection, their dependence on labeled data and their high computational costs have become obstacles to real life adoption. In this work, we present IoT-PRIDS, a new framework equipped with a host-based anomaly- based intrusion detection system that leverages "packet representations"to understand the typical behavior of devices, focusing on their communications, services, and packet header values. It is a lightweight non-ML model that relies solely on benign network traffic for intrusion detection and offers a practical way for securing IoT environments. Our results show that this model can detect the majority of abnormal flows while keeping false alarms at a minimum and is promising to be used in real-world applications.