Signature-based and Behavior-based Attack Detection with Machine Learning for Home IoT Devices

Abstract

Currently, Internet of Things (IoT) becomes pervasive and widely deployed. However, the lack of developer and user cyber security awareness leaves IoT devices become the new target of cyber attacks. Therefore, we design and develop "A System for Preventing IoT Device Attacks on Home Wi-Fi Router" (SPIDAR) in order to protect home Wi-Fi networks. This system consists of SPIDAR home Wi-Fi router, SPIDAR Raspberry Pi, and SPIDAR web application to prevent attacks and display the attack statistics to home users. It also helps saving costs from purchasing expensive intrusion prevention software and hardware to install at home. For the prevention method, we provide both the signature-based method using Snort software and the behavior-based method which learns and analyzes IoT devices’ behavior by using either the baseline or the machine learning in order to increase the system performance. SPIDAR can prevent five major attack types specified in the OWASP IoT Top 10 vulnerabilities 2018.