Reactive and Proactive Threat Detection and Prevention for the Internet of Things

Abstract

The Internet of Things presents significant potential benefits to society. However, so too exists a multitude of threats, both those adapted from IT systems and newly created attacks that exploit devices, infrastructure, services and their users.This thesis contributes towards the security of the IoT from a device perspective. The first contribution is a new method for analysing network traffic behaviours. By enhancing profiling methods, a novel, real-time approach has been applied to detect complex network events, including threats that can evade detection by means such as regular expression. The second contribution explores a use case-based modelling that allows the specification of technical policies, from the security model, that enforce the intended functionality of the device. When implemented, such an approach can ensure that the system operates only as intended, regardless of security issues that may arise later. Finally, an enforcement mechanism is proposed at system bus level that can infer malicious activity and mitigate its effects. This approach has advantages over existing softwarebased solutions, in that it is implemented as a physically isolated hardware block. Each of the contributions is evaluated within a proposed connected car implementation, demonstrating the applicability of the research undertaken, within the IoT.