IoT-PRIDS: Leveraging packet representations for intrusion detection in IoT networks

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2024-08-05 DOI:10.1016/j.cose.2024.104034

{"title":"IoT-PRIDS: Leveraging packet representations for intrusion detection in IoT networks","authors":"","doi":"10.1016/j.cose.2024.104034","DOIUrl":null,"url":null,"abstract":"<div><p>The Internet of Things (IoT) devices have been integrated into almost all everyday applications of human life such as healthcare, transportation and agriculture. This widespread adoption of IoT has opened a large threat landscape to computer networks, leaving security gaps in IoT-enabled networks. These resource-constrained devices lack sufficient security mechanisms and become the weakest link in our in computer networks and jeopardize systems and data. To address this issue, Intrusion Detection Systems (IDS) have been proposed as one of many tools to mitigate IoT related intrusions. While IDS have proven to be a crucial tools for threat detection, their dependence on labeled data and their high computational costs have become obstacles to real life adoption. In this work, we present IoT-PRIDS, a new framework equipped with a host-based anomaly-based intrusion detection system that leverages “packet representations” to understand the typical behavior of devices, focusing on their communications, services, and packet header values. It is a lightweight non-ML model that relies solely on benign network traffic for intrusion detection and offers a practical way for securing IoT environments. Our results show that this model can detect the majority of abnormal flows while keeping false alarms at a minimum and is promising to be used in real-world applications.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824003390/pdfft?md5=03331373bd1c52656655f10cadac394d&pid=1-s2.0-S0167404824003390-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003390","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The Internet of Things (IoT) devices have been integrated into almost all everyday applications of human life such as healthcare, transportation and agriculture. This widespread adoption of IoT has opened a large threat landscape to computer networks, leaving security gaps in IoT-enabled networks. These resource-constrained devices lack sufficient security mechanisms and become the weakest link in our in computer networks and jeopardize systems and data. To address this issue, Intrusion Detection Systems (IDS) have been proposed as one of many tools to mitigate IoT related intrusions. While IDS have proven to be a crucial tools for threat detection, their dependence on labeled data and their high computational costs have become obstacles to real life adoption. In this work, we present IoT-PRIDS, a new framework equipped with a host-based anomaly-based intrusion detection system that leverages “packet representations” to understand the typical behavior of devices, focusing on their communications, services, and packet header values. It is a lightweight non-ML model that relies solely on benign network traffic for intrusion detection and offers a practical way for securing IoT environments. Our results show that this model can detect the majority of abnormal flows while keeping false alarms at a minimum and is promising to be used in real-world applications.

Abstract Image

查看原文本刊更多论文

IoT-PRIDS：利用数据包表示法进行物联网网络入侵检测

物联网（IoT）设备已融入人类生活的几乎所有日常应用领域，如医疗保健、交通和农业。物联网的广泛应用为计算机网络带来了巨大的威胁，使物联网网络存在安全漏洞。这些资源有限的设备缺乏足够的安全机制，成为计算机网络中最薄弱的环节，危及系统和数据。为解决这一问题，人们提出了入侵检测系统（IDS），作为缓解物联网相关入侵的众多工具之一。虽然入侵检测系统已被证明是威胁检测的重要工具，但其对标记数据的依赖性和高昂的计算成本已成为实际应用的障碍。在这项工作中，我们提出了 IoT-PRIDS，这是一个新的框架，配备了基于主机的异常入侵检测系统，利用 "数据包表示法 "来了解设备的典型行为，重点关注其通信、服务和数据包头值。它是一种轻量级的非ML模型，只依赖良性网络流量进行入侵检测，为物联网环境的安全提供了一种实用的方法。我们的研究结果表明，该模型可以检测到大部分异常流量，同时将误报率降到最低，有望在现实世界中得到应用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.

文献相关原料

公司名称	产品信息	采购帮参考价格