Enhancing IoT security: Assessing instantaneous communication trust to detect man-in-the-middle attacks

IF 6.2 2区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS Future Generation Computer Systems-The International Journal of Escience Pub Date : 2025-05-01 Epub Date: 2025-01-14 DOI:10.1016/j.future.2025.107714

Rabeya Basri , Gour Karmakar , S.H. Shah Newaz , Joarder Kamruzzaman , Linh Nguyen , Mohammad Mahabub Alam , Muhammad Usman

{"title":"Enhancing IoT security: Assessing instantaneous communication trust to detect man-in-the-middle attacks","authors":"Rabeya Basri , Gour Karmakar , S.H. Shah Newaz , Joarder Kamruzzaman , Linh Nguyen , Mohammad Mahabub Alam , Muhammad Usman","doi":"10.1016/j.future.2025.107714","DOIUrl":null,"url":null,"abstract":"<div><div>Communication trust is regarded as an effective tool to detect various dangerous cyber attacks, including Man-in-the-Middle (MITM) attacks and acts as a complement to zero trust. There exist some approaches in the literature to calculate inter-node communication trust in Wireless Sensor Networks (WSNs) and IoT networks and leverage it to detect attacks. In WSNs, since promiscuous communication mode is used in calculating inter-node communication trust, it is not suitable for IoT networks. For IoT, the packet forwarding behavior of edge nodes is used in calculating inter-node communication trust, which is limited to detect the MITM attacks effectively unless an edge node is compromised and acts as an MITM attacker. Additionally, these trust calculation mechanisms neither leverage communication channel characteristics nor the communication trust between sensor and edge nodes. Protecting IoT networks from various cyber attacks like MITM attacks requires the instantaneous trust calculation using communication channel characteristics. Since active MITM attacks incur delays, consideration of delay in trust calculation appears to be an effective means in identifying attacks. Neither end-to-end (E2E) delay nor delay due to attacks has been used in communication trust calculation in the existing literature. To bridge this research gap and detect active MITM attacks accurately and spontaneously, in this paper, a new conceptual model, named IPCTCM is introduced for instantaneous trust calculation of an IoT communication channel leveraging delay due to active MITM attacks. Two popular time-series data estimation tools, named Kalman filter and LSTM are used to estimate the expected E2E delay to identify delay due to attacks. Our proposed communication trust calculation model is validated using the data, generated by a testbed implementation in our IoT lab at Federation University Australia. Performance evaluation shows our proposed model achieves an attack detection accuracy of 98.9%, which outperforms an existing intrusion detection method with the improvement of 48.1% accuracy. Furthermore, our trust calculation method has broader applicability in other communication domains as well.</div></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":"166 ","pages":"Article 107714"},"PeriodicalIF":6.2000,"publicationDate":"2025-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Future Generation Computer Systems-The International Journal of Escience","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167739X25000093","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2025/1/14 0:00:00","PubModel":"Epub","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

Communication trust is regarded as an effective tool to detect various dangerous cyber attacks, including Man-in-the-Middle (MITM) attacks and acts as a complement to zero trust. There exist some approaches in the literature to calculate inter-node communication trust in Wireless Sensor Networks (WSNs) and IoT networks and leverage it to detect attacks. In WSNs, since promiscuous communication mode is used in calculating inter-node communication trust, it is not suitable for IoT networks. For IoT, the packet forwarding behavior of edge nodes is used in calculating inter-node communication trust, which is limited to detect the MITM attacks effectively unless an edge node is compromised and acts as an MITM attacker. Additionally, these trust calculation mechanisms neither leverage communication channel characteristics nor the communication trust between sensor and edge nodes. Protecting IoT networks from various cyber attacks like MITM attacks requires the instantaneous trust calculation using communication channel characteristics. Since active MITM attacks incur delays, consideration of delay in trust calculation appears to be an effective means in identifying attacks. Neither end-to-end (E2E) delay nor delay due to attacks has been used in communication trust calculation in the existing literature. To bridge this research gap and detect active MITM attacks accurately and spontaneously, in this paper, a new conceptual model, named IPCTCM is introduced for instantaneous trust calculation of an IoT communication channel leveraging delay due to active MITM attacks. Two popular time-series data estimation tools, named Kalman filter and LSTM are used to estimate the expected E2E delay to identify delay due to attacks. Our proposed communication trust calculation model is validated using the data, generated by a testbed implementation in our IoT lab at Federation University Australia. Performance evaluation shows our proposed model achieves an attack detection accuracy of 98.9%, which outperforms an existing intrusion detection method with the improvement of 48.1% accuracy. Furthermore, our trust calculation method has broader applicability in other communication domains as well.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

增强物联网安全性：评估即时通信信任以检测中间人攻击

通信信任被认为是检测各种危险网络攻击（包括中间人攻击）的有效工具，是零信任的补充。文献中已有一些方法来计算无线传感器网络（WSNs）和物联网网络中的节点间通信信任，并利用它来检测攻击。在WSNs中，由于计算节点间通信信任时采用混杂通信模式，因此不适合物联网网络。对于物联网来说，边缘节点的数据包转发行为被用于计算节点间通信信任，除非边缘节点被攻破并充当MITM攻击者，否则限制了对MITM攻击的有效检测。此外，这些信任计算机制既不利用通信信道特征，也不利用传感器与边缘节点之间的通信信任。保护物联网网络免受各种网络攻击，如MITM攻击，需要利用通信信道特征进行即时信任计算。由于主动MITM攻击会产生延迟，因此在信任计算中考虑延迟似乎是识别攻击的有效手段。在现有文献中，端到端（E2E）延迟和攻击延迟均未用于通信信任计算。为了弥补这一研究空白，准确自发地检测主动MITM攻击，本文引入了一种新的概念模型，称为IPCTCM，用于利用主动MITM攻击造成的延迟对物联网通信通道进行瞬时信任计算。利用卡尔曼滤波和LSTM两种流行的时间序列数据估计工具来估计预期的端到端延迟，以识别攻击造成的延迟。我们提出的通信信任计算模型使用数据进行验证，该数据由我们在澳大利亚联邦大学的物联网实验室的测试平台实现生成。性能评估表明，该模型的攻击检测准确率为98.9%，优于现有的入侵检测方法，准确率提高了48.1%。此外，我们的信任计算方法在其他通信领域也具有更广泛的适用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Future Generation Computer Systems-The International Journal of Escience 工程技术-计算机：理论方法

CiteScore

19.90

自引率

2.70%

发文量

376

审稿时长

10.6 months

期刊介绍： Computing infrastructures and systems are constantly evolving, resulting in increasingly complex and collaborative scientific applications. To cope with these advancements, there is a growing need for collaborative tools that can effectively map, control, and execute these applications. Furthermore, with the explosion of Big Data, there is a requirement for innovative methods and infrastructures to collect, analyze, and derive meaningful insights from the vast amount of data generated. This necessitates the integration of computational and storage capabilities, databases, sensors, and human collaboration. Future Generation Computer Systems aims to pioneer advancements in distributed systems, collaborative environments, high-performance computing, and Big Data analytics. It strives to stay at the forefront of developments in grids, clouds, and the Internet of Things (IoT) to effectively address the challenges posed by these wide-area, fully distributed sensing and computing systems.