References

tuzsut

Труды учебных заведений связи

Proceedings of Telecommunication Universities

1813-324X2712-8830

СПбГУТ

10.31854/1813-324X-2021-7-4-128-137

tuzsut-219

Research Article

ТРУДЫ МОЛОДЫХ УЧЕНЫХ

YOUNG SCHOLARS RESEARCH

Обнаружение аномалий в трафике устройств Интернета вещей

Detection of Anomalies in the Traffic of IoT Devices

https://orcid.org/0000-0002-2263-2426

Муренин

И. Н.

Murenin

младший научный сотрудник лаборатории проблем компьютерной безопасности Санкт-Петербургского института информатики и автоматизации РАН

Санкт-Петербург, 199178, Российская Федерация

St. Petersburg, 199178, Russian Federation

imurenin@gmail.com

Санкт-Петербургский институт информатики и автоматизации РАНРоссияSaint-Petersburg Institute for Informatics and Automation of the Russian Academy of ScienceRussian Federation

2021

29122021

74128137

2021

Муренин И.Н.

Murenin I.

This work is licensed under a Creative Commons Attribution 4.0 License.

https://tuzs.sut.ru/jour/article/view/219

В статье предложено искать аномалии в трафике устройств Интернета вещей на основе анализа временных рядов и оценки нормального и аномального поведения с помощью статистических методов. Основная цель заключается в комбинировании статистических методов для обнаружения аномалий с использованием неразмеченных данных и построении ключевых характеристик профилей устройств. В рамках данного подхода разработаны и реализованы методики построения признаков и границ нормального поведения, а также обнаружения аномалий на основе анализа трафика. Для их оценки использовалась генерация журналов поступающих с устройств событий с аномальной разметкой. Эксперименты показали, что наилучшие результаты по обнаружению аномалий в трафике устройств Интернета вещей дает метод выявления выбросов с помощью GESD-теста.

The article proposes an approach to finding anomalies in the traffic of IoT devices based on time series analysis and assessing normal and abnormal behavior using statistical methods. The main goal of the proposed approach is to combine statistical methods for detecting anomalies using unlabeled data and plotting key characteristics of device profiles. Within this approach the following techniques for traffic analysis has been developed and implemented: a technique for a feature extraction, a normal behavior boundary building technique and an anomaly detection technique. To evaluate the proposed approach, we used a technique for generating event logs from devices with the generation of anomalous markup. The experiments shown that the GESD-test gives the best results for anomaly detection in IoT traffic.

обнаружение аномалийанализ временных рядовИнтернет вещейсетевой трафикстатистические методы

anomaly detectiontime series analysisIoTnetwork trafficstatistical methods

Работа подготовлена при частичной финансовой поддержке бюджетной темы 0073-2019-0002

References1

Tariqa N., Khan F.A., Asimc M. Security Challenges and Requirements for Smart Internet of Things Applications: A Comprehensive Analysis // Procedia Computer Science. 2021. Vol. 191. PP. 425‒430. DOI:10.1016/j.procs.2021.07.053

Tariqa N., Khan F.A., Asimc M. Security Challenges and Requirements for Smart Internet of Things Applications: A Comprehensive Analysis. Procedia Computer Science. 2021;191:425‒430. DOI:10.1016/j.procs.2021.07.053

Sengupta J., Ruj S., Das Bit S. A Comprehensive Survey on Attacks, Security Issues and Blockchain Solutions for IoT and IIoT // Journal of Network and Computer Applications. 2019. Vol. 149. DOI:10.1016/j.jnca.2019.102481

Sengupta J., Ruj S., Das Bit S. A Comprehensive Survey on Attacks, Security Issues and Blockchain Solutions for IoT and IIoT. Journal of Network and Computer Applications. 2019;149. DOI:10.1016/j.jnca.2019.102481

Котенко И.В., Степашкин М.В., Богданов В.С. Архитектуры и модели компонентов активного анализа защищенности на основе имитации действий злоумышленников // Проблемы информационной безопасности. Компьютерные системы. 2006. № 2. С. 7‒24.

Kotenko I.V., Stepashkin M.V., Bogdanov V.S. Architectures and Models of Active Vulnerabilities Analysis Based on Simulation of Malefactors' Actions. Information Security Problems. Computer Systems. 2006;2:7‒24 (in Russ.)

Котенко И.В., Десницкий В.А., Чечулин А.А. Исследование технологии проектирования безопасных встроенных систем в проекте Европейского сообщества SecFutur // Защита информации. Инсайд. 2011. № 3(39). С. 68‒75.

Kotenko I.V., Desnitskiy V.A., Chechulin A.A. Research of technology for designing safe embedded systems in the project of the European Community SecFutur. Zaŝita informacii. Inside. 2011;3(39):68‒75.

Enoch S.Y., Ge M., Hong J.B., Kim D.S. Model-based Cybersecurity Analysis: Past Work and Future Directions. Cornell University, 2021. URL: https://arxiv.org/abs/2105.08459 (дата обращения 21.12.2021)

Enoch S.Y., Ge M., Hong J.B., Kim D.S. Model-based Cybersecurity Analysis: Past Work and Future Directions. Cornell University; 2021. Available from: https://arxiv.org/abs/2105.08459 [Accessed 21th December 2021]

Torres N., Pinto P., Lopes S.I. Security Vulnerabilities in LPWANs ‒ An Attack Vector Analysis for the IoT Ecosystem // Applied Sciences. 2021. Vol. 11. Iss. 7. DOI:10.3390/app11073176

Torres N., Pinto P., Lopes S.I. Security Vulnerabilities in LPWANs ‒ An Attack Vector Analysis for the IoT Ecosystem. Applied Sciences. 2021;11(7). DOI:10.3390/app11073176

Alansari Z., Anuar N.B., Kamsin A., Belgaum M.R., Alshaer J., Soomro S., et al. Internet of Things: Infrastructure, Architecture, Security and Privacy // Proceedings of the International Conference on Computing, Electronics & Communications Engineering (iCCECE, Southend, UK, 6‒17 August 2018). IEEE, 2018. DOI:10.1109/iCCECOME.2018.8658516

Alansari Z., Anuar N.B., Kamsin A., Belgaum M.R., Alshaer J., Soomro S., et al. Internet of Things: Infrastructure, Architecture, Security and Privacy. Proceedings of the International Conference on Computing, Electronics & Communications Engineering, iCCECE, 6‒17 August 2018, Southend, UK. IEEE; 2018. DOI:10.1109/iCCECOME.2018.8658516

Hamza A., Gharakheili H.H., Sivaraman V. IoT Network Security: Requirements, Threats, and Countermeasures. Cornell University, 2020. URL: https://arxiv.org/abs/2008.09339 (дата обращения 21.12.2021)

Hamza A., Gharakheili H.H., Sivaraman V. IoT Network Security: Requirements, Threats, and Countermeasures. Cornell University, 2020. Available from: https://arxiv.org/abs/2008.09339 [Accessed 21th December 2021]

Bouazza H., Zohra L.F., Said B. Integration of Internet of Things and Social Network: Social IoT General Review // Proceedings of the First International Conference on Computing (ICC 2019, Riyadh, Saudi Arabia, 10–12 December 2019) on Advances in Data Science, Cyber Security and IT Applications. Communications in Computer and Information Science. Vol. 1098. Cham: Springer, 2019. PP. 312‒324. DOI:10.1007/978-3-030-36368-0_26

Bouazza H., Zohra L.F., Said B. Integration of Internet of Things and Social Network: Social IoT General Review. Proceedings of the First International Conference on Computing, ICC 2019, 10–12 December 2019, Riyadh, Saudi Arabia on Advances in Data Science, Cyber Security and IT Applications. Communications in Computer and Information Science. Cham: Springer; 2019. vol.1098. p.312‒324. DOI:10.1007/978-3-030-36368-0_26

Ali O., Ishak M.K., Bhatti M.K.L. Emerging IoT domains, current standings and open research challenges: a review // PeerJ Computer Science. 2021. DOI:10.7717/peerj-cs.659

Ali O., Ishak M.K., Bhatti M.K.L. Emerging IoT domains, current standings and open research challenges: a review. PeerJ Computer Science. 2021. DOI:10.7717/peerj-cs.659

Nguyen-An H., Silverston T., Yamazaki T., Miyoshi T. IoT Traffic: Modeling and Measurement Experiments // IoT. 2021. Vol 2(1). PP. 140‒162. DOI:10.3390/iot2010008

Nguyen-An H., Silverston T., Yamazaki T., Miyoshi T. IoT Traffic: Modeling and Measurement Experiments. IoT. 2021;2(1):140‒162. DOI:10.3390/iot2010008

Charyyev B., Gunes M.H. Detecting Anomalous IoT Traffic Flow with Locality Sensitive Hashes // Proceedings of the Global Communications Conference (GLOBECOM, Taipei, Taiwan, 7‒11 December 2020). IEEE, 2020. DOI:10.1109/GLOBECOM42002.2020.9322559

Charyyev B., Gunes M.H. Detecting Anomalous IoT Traffic Flow with Locality Sensitive Hashes. Proceedings of the Global Communications Conference, GLOBECOM, 7‒11 December 2020, Taipei, Taiwan. IEEE; 2020. DOI:10.1109/GLOBECOM 42002.2020.9322559

Garlisi D., Martino A., Zouwayhed J., Pourrahim J., Cuomo F. Exploratory approach for network behavior clustering in LoRaWAN // Journal of Ambient Intelligence and Humanized Computing. 2021. DOI:10.1007/s12652-021-03121-z

Garlisi D., Martino A., Zouwayhed J., Pourrahim J., Cuomo F. Exploratory approach for network behavior clustering in LoRaWAN. Journal of Ambient Intelligence and Humanized Computing. 2021. DOI:10.1007/s12652-021-03121-z

Fu C., Zeng Q., Du X. HAWatcher: Semantics-Aware Anomaly Detection for Appified Smart Homes // Proceedings of the 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 2021. PP. 4223‒4240. URL: https://www.usenix.org/conference/usenixsecurity21/presentation/fu-chenglong (дата обращения 21.12.2021)

Fu C., Zeng Q., Du X. HAWatcher: Semantics-Aware Anomaly Detection for Appified Smart Homes. Proceedings of the 30th USENIX Security Symposium (USENIX Security 21). USENIX Association; 2021. p.4223‒4240. Available from: https://www.usenix.org/conference/usenixsecurity21/presentation/fu-chenglong [Accessed 21th December 2021]

Nicheporuk A., Nicheporuk A., Sachenko A., Sachenko O., Kazantsev A. A System for Detecting Anomalies and Identifying Smart Home Devices Using Collective Communication // Proceedings of the 2nd International Workshop on Intelligent Information Technologies & Systems of Information Security with CEUR-WS (IntelITSIS, 2021, Khmelnytskyi, Ukraine, 24–26 March 2021). URL: http://ceur-ws.org/Vol-2853/paper44.pdf (дата обращения 21.12.2021)

Nicheporuk A., Nicheporuk A., Sachenko A., Sachenko O., Kazantsev A. A System for Detecting Anomalies and Identifying Smart Home Devices Using Collective Communication. Proceedings of the 2nd International Workshop on Intelligent Information Technologies & Systems of Information Security with CEUR-WS, IntelITSIS, 2021, 24–26 March 2021, Khmelnytskyi, Ukraine. Available from: http://ceur-ws.org/Vol-2853/paper44.pdf [Accessed 21th December 2021]

Bhatia R., Benno S., Esteban J., Lakshman T.V., Grogan J. Unsupervised machine learning for network-centric anomaly detection in IoT // Proceedings of the 3rd ACM CoNEXT Workshop on Big Data, Machine Learning and Artificial Intelli-gence for Data Communication Networks (Big-DAMA '19). New York: Association for Computing Machinery, 2019. PP. 42‒28. doi:10.1145/3359992.3366641

Bhatia R., Benno S., Esteban J., Lakshman T.V., Grogan J. Unsupervised machine learning for network-centric anomaly detection in IoT // Proceedings of the 3rd ACM CoNEXT Workshop on Big Data, Machine Learning and Artificial Intelligence for Data Communication Networks (Big-DAMA '19). New York: Association for Computing Machinery, 2019. PP. 42‒28. doi:10.1145/3359992.3366641

Nõmm S., Bahşi H. Unsupervised Anomaly Based Botnet Detection in IoT Networks // Proceedings of the 17th International Conference on Machine Learning and Applications (ICMLA, Orlando, USA, 17‒20 December 2018). IEEE, 2018. DOI:10.1109/ICMLA.2018.00171

Nõmm S., Bahşi H. Unsupervised Anomaly Based Botnet Detection in IoT Networks // Proceedings of the 17th Inter-national Conference on Machine Learning and Applications, ICMLA, 17‒20 December 2018, Orlando, USA. IEEE, 2018. DOI:10.1109/ICMLA.2018.00171

The authors declare that there are no conflicts of interest present.