Abstract
IoT devices are notoriously vulnerable even to trivial attacks and can be easily compromised. In addition, resource constraints and heterogeneity of IoT devices make it impractical to secure IoT installations using traditional endpoint and network security solutions. To address this problem, we present IoT-Keeper, a lightweight system which secures the communication of IoT. IoT-Keeper uses our proposed anomaly detection technique to perform traffic analysis at edge gateways. It uses a combination of fuzzy C-means clustering and fuzzy interpolation scheme to analyze network traffic and detect malicious network activity. Once malicious activity is detected, IoT-Keeper automatically enforces network access restrictions against IoT device generating this activity, and prevents it from attacking other devices or services. We have evaluated IoT-Keeper using a comprehensive dataset, collected from a real-world testbed, containing popular IoT devices. Using this dataset, our proposed technique achieved high accuracy (≈0.98) and low false positive rate (≈0.02) for detecting malicious network activity. Our evaluation also shows that IoT-Keeper has low resource footprint, and it can detect and mitigate various network attacks - without requiring explicit attack signatures or sophisticated hardware.
| Original language | English |
|---|---|
| Article number | 8960276 |
| Pages (from-to) | 45-59 |
| Number of pages | 15 |
| Journal | IEEE Transactions on Network and Service Management |
| Volume | 17 |
| Issue number | 1 |
| DOIs | |
| Publication status | Published - 1 Mar 2020 |
| MoE publication type | A1 Journal article-refereed |
Funding
Manuscript received June 15, 2019; revised October 26, 2019; accepted January 9, 2020. Date of publication January 15, 2020; date of current version March 11, 2020. This work was in part supported by the Academy of Finland grant number 314008, the Business Finland 5G-FORCE research project, and Doctoral Programme in Computer Sciences (DoCS) at University of Helsinki. The associate editor coordinating the review of this article and approving it for publication was Q. Li. (Corresponding author: Ibbad Hafeez.) Ibbad Hafeez and Sasu Tarkoma are with the Department of Computer Science, University of Helsinki, 00014 Helsinki, Finland. supported by the device. For example, smart power plugs only support on/off functions, whereas a security camera allows user to toggle video feed, video quality, and motion detection.
Keywords
- activity detection
- anomaly detection
- IoT
- network
- privacy
- security
- traffic classification