A flow-based intrusion detection framework for internet of things networks

Detalhes bibliográficos
Autor(a) principal: Santos, Leonel
Data de Publicação: 2021
Outros Autores: Gonçalves, Ramiro Manuel, Rabadão, Carlos, Martins, José
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10198/23813
Resumo: The application of the Internet of Things concept in domains such as industrial control, building automation, human health, and environmental monitoring, introduces new privacy and security challenges. Consequently, traditional implementation of monitoring and security mechanisms cannot always be presently feasible and adequate due to the number of IoT devices, their heterogeneity and the typical limitations of their technical specifications. In this paper, we propose an IP flow-based Intrusion Detection System (IDS) framework to monitor and protect IoT networks from external and internal threats in real-time. The proposed framework collects IP flows from an IoT network and analyses them in order to monitor and detect attacks, intrusions, and other types of anomalies at different IoT architecture layers based on some flow features instead of using packet headers fields and their payload. The proposed framework was designed to consider both the IoT network architecture and other IoT contextual characteristics such as scalability, heterogeneity, interoperability, and the minimization of the use of IoT networks resources. The proposed IDS framework is network-based and relies on a hybrid architecture, as it involves both centralized analysis and distributed data collection components. In terms of detection method, the framework uses a specification-based approach drawn on normal traffic specifications. The experimental results show that this framework can achieve & 100% success and 0% of false positives in detection of intrusions and anomalies. In terms of performance and scalability in the operation of the IDS components, we study and compare it with three different conventional IDS (Snort, Suricata, and Zeek) and the results demonstrate that the proposed solution can consume fewer computational resources (CPU, RAM, and persistent memory) when compared to those conventional IDS.
id RCAP_d1b1007bbd117d000a7085d3f0223698
oai_identifier_str oai:bibliotecadigital.ipb.pt:10198/23813
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str
spelling A flow-based intrusion detection framework for internet of things networksInternet of thingsNetwork monitoringIntrusion detectionNetwork securityNetwork attacksThe application of the Internet of Things concept in domains such as industrial control, building automation, human health, and environmental monitoring, introduces new privacy and security challenges. Consequently, traditional implementation of monitoring and security mechanisms cannot always be presently feasible and adequate due to the number of IoT devices, their heterogeneity and the typical limitations of their technical specifications. In this paper, we propose an IP flow-based Intrusion Detection System (IDS) framework to monitor and protect IoT networks from external and internal threats in real-time. The proposed framework collects IP flows from an IoT network and analyses them in order to monitor and detect attacks, intrusions, and other types of anomalies at different IoT architecture layers based on some flow features instead of using packet headers fields and their payload. The proposed framework was designed to consider both the IoT network architecture and other IoT contextual characteristics such as scalability, heterogeneity, interoperability, and the minimization of the use of IoT networks resources. The proposed IDS framework is network-based and relies on a hybrid architecture, as it involves both centralized analysis and distributed data collection components. In terms of detection method, the framework uses a specification-based approach drawn on normal traffic specifications. The experimental results show that this framework can achieve & 100% success and 0% of false positives in detection of intrusions and anomalies. In terms of performance and scalability in the operation of the IDS components, we study and compare it with three different conventional IDS (Snort, Suricata, and Zeek) and the results demonstrate that the proposed solution can consume fewer computational resources (CPU, RAM, and persistent memory) when compared to those conventional IDS.This work was supported by Portuguese national funds through the FCT—Foundation for Science and Technology, I.P., under the project UID/CEC/04524/2019Biblioteca Digital do IPBSantos, LeonelGonçalves, Ramiro ManuelRabadão, CarlosMartins, José2021-08-06T09:44:02Z20212021-01-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/10198/23813engSantos, Leonel; Gonçalves, Ramiro Manuel Ramos Moreira; Rabadão, Carlos; Martins, José (2021). A flow-based intrusion detection framework for internet of things networks. Cluster Computing. ISSN 1386-7857. p. 1-211386-785710.1007/s10586-021-03238-yinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-02-08T01:23:31ZPortal AgregadorONG
dc.title.none.fl_str_mv A flow-based intrusion detection framework for internet of things networks
title A flow-based intrusion detection framework for internet of things networks
spellingShingle A flow-based intrusion detection framework for internet of things networks
Santos, Leonel
Internet of things
Network monitoring
Intrusion detection
Network security
Network attacks
title_short A flow-based intrusion detection framework for internet of things networks
title_full A flow-based intrusion detection framework for internet of things networks
title_fullStr A flow-based intrusion detection framework for internet of things networks
title_full_unstemmed A flow-based intrusion detection framework for internet of things networks
title_sort A flow-based intrusion detection framework for internet of things networks
author Santos, Leonel
author_facet Santos, Leonel
Gonçalves, Ramiro Manuel
Rabadão, Carlos
Martins, José
author_role author
author2 Gonçalves, Ramiro Manuel
Rabadão, Carlos
Martins, José
author2_role author
author
author
dc.contributor.none.fl_str_mv Biblioteca Digital do IPB
dc.contributor.author.fl_str_mv Santos, Leonel
Gonçalves, Ramiro Manuel
Rabadão, Carlos
Martins, José
dc.subject.por.fl_str_mv Internet of things
Network monitoring
Intrusion detection
Network security
Network attacks
topic Internet of things
Network monitoring
Intrusion detection
Network security
Network attacks
description The application of the Internet of Things concept in domains such as industrial control, building automation, human health, and environmental monitoring, introduces new privacy and security challenges. Consequently, traditional implementation of monitoring and security mechanisms cannot always be presently feasible and adequate due to the number of IoT devices, their heterogeneity and the typical limitations of their technical specifications. In this paper, we propose an IP flow-based Intrusion Detection System (IDS) framework to monitor and protect IoT networks from external and internal threats in real-time. The proposed framework collects IP flows from an IoT network and analyses them in order to monitor and detect attacks, intrusions, and other types of anomalies at different IoT architecture layers based on some flow features instead of using packet headers fields and their payload. The proposed framework was designed to consider both the IoT network architecture and other IoT contextual characteristics such as scalability, heterogeneity, interoperability, and the minimization of the use of IoT networks resources. The proposed IDS framework is network-based and relies on a hybrid architecture, as it involves both centralized analysis and distributed data collection components. In terms of detection method, the framework uses a specification-based approach drawn on normal traffic specifications. The experimental results show that this framework can achieve & 100% success and 0% of false positives in detection of intrusions and anomalies. In terms of performance and scalability in the operation of the IDS components, we study and compare it with three different conventional IDS (Snort, Suricata, and Zeek) and the results demonstrate that the proposed solution can consume fewer computational resources (CPU, RAM, and persistent memory) when compared to those conventional IDS.
publishDate 2021
dc.date.none.fl_str_mv 2021-08-06T09:44:02Z
2021
2021-01-01T00:00:00Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10198/23813
url http://hdl.handle.net/10198/23813
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv Santos, Leonel; Gonçalves, Ramiro Manuel Ramos Moreira; Rabadão, Carlos; Martins, José (2021). A flow-based intrusion detection framework for internet of things networks. Cluster Computing. ISSN 1386-7857. p. 1-21
1386-7857
10.1007/s10586-021-03238-y
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv
repository.mail.fl_str_mv
_version_ 1777301909646868480

Registros relacionados