{"title":"SPATIO: end-uSer Protection Against ioT IntrusiOns","authors":"G. Mouta, M. Pardal, Joao Bota, M. Correia","doi":"10.1201/9780429270567-9","DOIUrl":null,"url":null,"abstract":"The Internet of Things (IoT) is an emerging technology field where large numbers of physical objects communicate between themselves using Internet technology. IoT solutions are very diverse, ranging from simple toys to industrial applications. There are currently billions of IoT devices connected to the Internet, and this number has been growing exponentially in the recent years. The large amount of data being generated from the many devices in an IoT network makes it difficult to collect and analyse all the data. However, with this growth there also comes a growing security concern. With the use of IoT devices in the industrial and healthcare sectors, for example, a security incident can have far reaching consequences in the real world. It is imperative to detect attacks as fast as possible, in time to prevent significant damage. The continuous flow of data may be handled with a stream processing approach, a data processing paradigm in which highrate data sources are processed and generate results on-thefly. Based on this approach, we propose SPATIO (end-uSer Protection Against ioT IntrusiOns), an anomaly detection system designed for the IoT using machine learning to discover and alert on anomalies happening in an IoT network but takes a fog computing approach by using devices on the IoT network, such as routers, to collect and transform network traffic into flow metrics. Doing this transformation closer to the edge reduces the bandwidth cost on the network and allows anonymization of data before being sent outside the network, to the cloud or a server running outlier detection algorithms to generate timely alerts of network anomalies. We evaluate SPATIO by developing a prototype testing it on an existing public dataset of IoT attacks. We measured the accuracy of the machine learning approach, reaching close to 80% detection rate in the best scenario, and compared the performance of offloading work to gateway devices in the IoT network versus a centralized approach, in which the fog approach shows advantages in both network load as well as attack detection latency.","PeriodicalId":69922,"journal":{"name":"物联网(英文)","volume":"1 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2020-11-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"物联网(英文)","FirstCategoryId":"1093","ListUrlMain":"https://doi.org/10.1201/9780429270567-9","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The Internet of Things (IoT) is an emerging technology field where large numbers of physical objects communicate between themselves using Internet technology. IoT solutions are very diverse, ranging from simple toys to industrial applications. There are currently billions of IoT devices connected to the Internet, and this number has been growing exponentially in the recent years. The large amount of data being generated from the many devices in an IoT network makes it difficult to collect and analyse all the data. However, with this growth there also comes a growing security concern. With the use of IoT devices in the industrial and healthcare sectors, for example, a security incident can have far reaching consequences in the real world. It is imperative to detect attacks as fast as possible, in time to prevent significant damage. The continuous flow of data may be handled with a stream processing approach, a data processing paradigm in which highrate data sources are processed and generate results on-thefly. Based on this approach, we propose SPATIO (end-uSer Protection Against ioT IntrusiOns), an anomaly detection system designed for the IoT using machine learning to discover and alert on anomalies happening in an IoT network but takes a fog computing approach by using devices on the IoT network, such as routers, to collect and transform network traffic into flow metrics. Doing this transformation closer to the edge reduces the bandwidth cost on the network and allows anonymization of data before being sent outside the network, to the cloud or a server running outlier detection algorithms to generate timely alerts of network anomalies. We evaluate SPATIO by developing a prototype testing it on an existing public dataset of IoT attacks. We measured the accuracy of the machine learning approach, reaching close to 80% detection rate in the best scenario, and compared the performance of offloading work to gateway devices in the IoT network versus a centralized approach, in which the fog approach shows advantages in both network load as well as attack detection latency.
物联网(Internet of Things, IoT)是大量物理对象利用互联网技术相互通信的新兴技术领域。物联网解决方案非常多样化,从简单的玩具到工业应用。目前有数十亿的物联网设备连接到互联网,近年来这个数字呈指数级增长。物联网网络中许多设备产生的大量数据使得收集和分析所有数据变得困难。然而,这种增长也带来了越来越多的安全问题。例如,随着物联网设备在工业和医疗保健领域的使用,安全事件可能会在现实世界中产生深远的影响。必须尽快发现攻击,及时防止造成重大损害。连续的数据流可以用流处理方法来处理,流处理方法是一种数据处理范例,其中高速数据源被处理并动态生成结果。基于这种方法,我们提出了SPATIO (end-uSer Protection Against ioT intrusion),这是一种为物联网设计的异常检测系统,使用机器学习来发现和警报物联网网络中发生的异常,但采用雾计算方法,使用物联网网络上的设备(如路由器)收集网络流量并将其转换为流量指标。在更靠近边缘的地方进行这种转换,可以减少网络上的带宽成本,并允许在将数据发送到网络外部,云或运行异常检测算法的服务器之前对数据进行匿名化,从而及时生成网络异常警报。我们通过在现有的公共物联网攻击数据集上开发原型测试来评估SPATIO。我们测量了机器学习方法的准确性,在最佳情况下达到接近80%的检测率,并比较了将工作卸载到物联网网络中的网关设备与集中式方法的性能,其中雾方法在网络负载和攻击检测延迟方面都具有优势。