ADRIoT: An Edge-Assisted Anomaly Detection Framework Against IoT-Based Network Attacks

被引:26
作者
Li, Ruoyu [1 ,2 ]
Li, Qing [2 ,3 ]
Zhou, Jianer [2 ,4 ]
Jiang, Yong [2 ,5 ]
机构
[1] Tsinghua Univ, Tsinghua Berkeley Shenzhen Inst, Shenzhen 518055, Peoples R China
[2] Peng Cheng Lab, Shenzhen 518066, Peoples R China
[3] Southern Univ Sci & Technol, Shenzhen 518055, Peoples R China
[4] Southern Univ Sci & Technol, Inst Future Networks, Shenzhen 518055, Peoples R China
[5] Tsinghua Shenzhen Int Grad Sch, Shenzhen 518055, Peoples R China
基金
中国国家自然科学基金;
关键词
Image edge detection; Anomaly detection; Security; Botnet; Servers; Malware; Detectors; edge computing; Internet of Things (IoT) service; machine learning (ML); INTERNET; THINGS; SCHEME;
D O I
10.1109/JIOT.2021.3122148
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Internet of Things (IoT) has entered a stage of rapid development and increasing deployment. Meanwhile, these low-power devices typically cannot support complex security mechanisms and, thus, are highly susceptible to malware. This article proposes ADRIoT, an anomaly detection framework for IoT networks, which leverages edge computing to uncover potential threats. An edge is empowered with an anomaly detection module, which consists of a traffic capturer, a traffic preprocessor, and a collection of anomaly detectors dedicated to each type of device. Each detector is constructed by an LSTM autoencoder in an unsupervised manner that requires no labeled attack data and is able to handle emerging zero-day attacks. When a device connects to the edge, the edge will fetch the corresponding detector from the cloud and execute it locally. Another problem is the resource constraint of a single edge device like a home router hinders the deployment of such a detection module. To mitigate this problem, we design a multiedge collaborative mechanism that integrates the resource of multiple edges in a local network to increase the overall load capacity. The evaluation demonstrates that ADRIoT can detect various IoT-based attacks effectively and efficiently, showing that ADRIoT can feasibly help build a more secure IoT environment.
引用
收藏
页码:10576 / 10587
页数:12
相关论文
共 56 条
[1]   Efficient decision tree for protocol analysis in intrusion detection [J].
Abbes T. ;
Bouhoula A. ;
Rusinowitch M. .
International Journal of Security and Networks, 2010, 5 (04) :220-235
[2]   A survey of network anomaly detection techniques [J].
Ahmed, Mohiuddin ;
Mahmood, Abdun Naser ;
Hu, Jiankun .
JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 2016, 60 :19-31
[3]   A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security [J].
Al-Garadi, Mohammed Ali ;
Mohamed, Amr ;
Al-Ali, Abdulla Khalid ;
Du, Xiaojiang ;
Ali, Ihsan ;
Guizani, Mohsen .
IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2020, 22 (03) :1646-1685
[4]   SoK: Security Evaluation of Home-Based IoT Deployments [J].
Alrawi, Omar ;
Lever, Chaz ;
Antonakakis, Manos ;
Monrose, Fabian .
2019 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2019), 2019, :1362-1380
[5]  
[Anonymous], 2016, Internet of Things Security and Privacy Recommendations.
[6]  
[Anonymous], 2018, Ericsson mobility report
[7]  
Antonakakis M, 2017, PROCEEDINGS OF THE 26TH USENIX SECURITY SYMPOSIUM (USENIX SECURITY '17), P1093
[8]   Programmable architecture based on Software Defined Network for Internet of Things: Connected Dominated Sets approach [J].
Bendouda, Djamila ;
Rachedi, Abderrezak ;
Haffaf, Hafid .
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE, 2018, 80 :188-197
[9]  
Bezerra V., 2018, PROC S BRASILEIRO SE, P1
[10]  
Bhardwaj K., 2018, PROC HOTEDGE, P1