IoT Anomaly Detection Via Device Interaction Graph

2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2023-06-01 DOI:10.1109/DSN58367.2023.00053

Jincheng Wang, Zhuohua Li, Mingshen Sun, Bin Yuan, John C.S. Lui

{"title":"IoT Anomaly Detection Via Device Interaction Graph","authors":"Jincheng Wang, Zhuohua Li, Mingshen Sun, Bin Yuan, John C.S. Lui","doi":"10.1109/DSN58367.2023.00053","DOIUrl":null,"url":null,"abstract":"With diverse functionalities and advanced platform applications, Internet of Things (IoT) devices extensively interact with each other, and these interactions govern the legitimate device state transitions. At the same time, attackers can easily manipulate these devices, and it is difficult to detect covert device control. In this work, we propose the device interaction graph, which uses device interactions to profile normal device behavior. We also formalize two types of device anomalies, and present an anomaly detection system CausalIoT. It can automatically construct the graph and validate runtime device events. For any violation of interaction executions, CausalIoT further checks whether it can trigger unexpected interaction executions and tracks the affected devices.1 Compared with existing methods, CausalIoT achieves the highest detection accuracy for abnormal device state transitions (95.2% precision and 96.8% recall). Moreover, we are the first to detect unexpected interaction executions, and CausalIoT successfully reports 91.9% anomaly chains on real-world testbeds.","PeriodicalId":427725,"journal":{"name":"2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN58367.2023.00053","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

With diverse functionalities and advanced platform applications, Internet of Things (IoT) devices extensively interact with each other, and these interactions govern the legitimate device state transitions. At the same time, attackers can easily manipulate these devices, and it is difficult to detect covert device control. In this work, we propose the device interaction graph, which uses device interactions to profile normal device behavior. We also formalize two types of device anomalies, and present an anomaly detection system CausalIoT. It can automatically construct the graph and validate runtime device events. For any violation of interaction executions, CausalIoT further checks whether it can trigger unexpected interaction executions and tracks the affected devices.1 Compared with existing methods, CausalIoT achieves the highest detection accuracy for abnormal device state transitions (95.2% precision and 96.8% recall). Moreover, we are the first to detect unexpected interaction executions, and CausalIoT successfully reports 91.9% anomaly chains on real-world testbeds.

查看原文本刊更多论文

基于设备交互图的物联网异常检测

随着各种功能和先进的平台应用，物联网(IoT)设备之间广泛地相互作用，这些相互作用控制着合法的设备状态转换。同时，攻击者可以很容易地操纵这些设备，并且难以检测到隐蔽的设备控制。在这项工作中，我们提出了设备交互图，它使用设备交互来描述正常的设备行为。我们还形式化了两种类型的设备异常，并提出了一个异常检测系统CausalIoT。它可以自动构造图形并验证运行时设备事件。对于任何违反交互执行的情况，CausalIoT会进一步检查它是否会触发意外的交互执行，并跟踪受影响的设备与现有方法相比，CausalIoT对设备异常状态转换的检测准确率最高(准确率为95.2%，召回率为96.8%)。此外，我们是第一个检测意外交互执行的，并且CausalIoT成功地报告了真实测试平台上91.9%的异常链。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

自引率

0.00%

发文量