IoTa : Fine-Grained Traffic Monitoring for IoT Devices via Fully Packet-Level Models
IEEE Transactions on Dependable and Secure Computing(2023)
摘要
With Internet-of-Things (IoT) devices gaining popularity, dedicated monitoring systems which accurately detect intrusion traffic for them are in high demand. Existing methods mainly use statistical spatial-temporal traffic features and machine learning models. Their practicality has been limited due to the lack of detection ability for stealthy and tricky attacks, diagnostic utility and long-term performance. To address these problems and motivated by the simplicity of mini IoT devices, we propose to construct fully packet-level models to profile traffic patterns for IoT devices by constructing automaton for short flow and long flow, where the length and direction of each packet are the representative features. We apply these fine-grained models to design and develop a traffic monitoring system, namely
IoTa
, to detect intrusion traffic for IoT devices.
IoTa
matches the ongoing traffic with patterns extracted from normal traffic traces. With visible and interactive traffic profiles,
IoTa
can generate interpretable alerts and is available for long-term use under reasonable human efforts. Evaluations on dozens of common IoT devices show that
IoTa
can achieve excellent detection accuracy (nearly perfect recalls and always over 0.999 precisions) for various intrusion traffic covering the complete kill chains. Incorrect detection results can be compensated for by error recovery mechanisms and the understandable alert context can be used by the operator to enhance the system. The diagnostic utility and little alert weariness are recognized by the experienced operators.
更多查看译文
关键词
Intrusion detection,automaton,traffic profile,error recovery,long-term maintenance
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要