Authors:
(1) Md Mainuddin, Department of Computer Science, Florida State University, Tallahassee, FL 32306 ([email protected]);
(2) Zhenhai Duan, Department of Computer Science Florida State University Tallahassee, FL 32306 ([email protected]);
(3) Yingfei Dong, Department of Electrical Engineering, University of Hawaii Honolulu, HI 96822 USA ([email protected]).
Table of Links
3. Background on Autoencoder and SPRT and 3.1. Autoencoder
3.2. Sequential Probability Ratio Test
4. Design of CUMAD and 4.1. Network Model
4.2. CUMAD: Cumulative Anomaly Detection
5. Evaluation Studies and 5.1. Dataset, Features, and CUMAD System Setup
6. Conclusions
In this paper we have developed CUMAD, a cumulative anomaly detection framework for detecting compromised IoT devices. CUMAD employs an unsupervised neural network autoencoder to classify whether an individual input data point is anomalous or normal. CUMAD also incorporates a statistical tool sequential probability ratio test (SPRT) to accumulate sufficient evidence to detect if an IoT device is compromised, instead of directly relying on individual anomalous input data points. CUMAD can greatly improve the performance in detecting compromised IoT devices in terms of false positive rate compared to the methods only relying on individual anomalous input data points. In addition, as a sequential method, CUMAD can quickly detect compromised IoT devices. Evaluation studies based on public-domain IoT dataset N-BaIoT confirmed the superior performance of CUMAD.
References
[1] Yin Minn Pa Pa, Shogo Suzuki, Katsunari Yoshioka, Tsutomu Matsumoto, Takahiro Kasama, and Christian Rossow. Iotpot: analysing the rise of iot compromises. In Proceedings of the 9th USENIX Conference on Offensive Technologies, pages 9–9, 2015.
[2] Michael Fagan, Katerina Megas, Karen Scarfone, and Matthew Smith. Foundational cybersecurity activities for iot device manufacturers. Technical report, National Institute of Standards and Technology, May 2020.
[3] Mohammed Ali Al-Garadi, Amr Mohamed, Abdulla Khalid Al-Ali, Xiaojiang Du, Ihsan Ali, and Mohsen Guizani. A survey of machine and deep learning methods for internet of things (iot) security. IEEE Communications Surveys & Tutorials, 22(3):1646–1685, 2020.
[4] Andrew A Cook, Goksel Mısırlı, and Zhong Fan. Anomaly detection ¨ for iot time-series data: A survey. IEEE Internet of Things Journal, 7(7):6481–6494, 2019.
[5] Varun Chandola, Arindam Banerjee, and Vipin Kumar. Anomaly detection: A survey. ACM computing surveys (CSUR), 41(3):1–58, 2009.
[6] Ian Goodfellow, Yoshua Bengio, and Aaron Courville. Deep Learning. MIT Press, 2016. http://www.deeplearningbook.org.
[7] Abraham Wald. Sequential Analysis. John Wiley & Sons, Inc, 1947.
[8] Yair Meidan, Michael Bohadana, Yael Mathov, Yisroel Mirsky, Asaf Shabtai, Dominik Breitenbacher, and Yuval Elovici. Nbaiot—network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Computing, 17(3):12–22, 2018.
[9] Guansong Pang, Chunhua Shen, Longbing Cao, and Anton Van Den Hengel. Deep learning for anomaly detection: A review. ACM computing surveys (CSUR), 54(2):1–38, 2021.
[10] Erol Gelenbe and Mert Nakıp. Traffic based sequential learning during botnet attacks to identify compromised iot devices. IEEE Access, 10:126536–126549, 2022.
[11] Thien Duc Nguyen, Samuel Marchal, Markus Miettinen, Hossein Fereidooni, N Asokan, and Ahmad-Reza Sadeghi. D¨ıot: A federated self-learning anomaly detection system for iot. In 2019 IEEE 39th International conference on distributed computing systems (ICDCS), pages 756–767. IEEE, 2019.
[12] Francois Chollet. Deep learning with Python. Simon and Schuster, 2021.
This paper is available on arxiv under CC by 4.0 Deed (Attribution 4.0 International) license.
