SBN

Intrusion Detection in IoT

Despite the investment and promise to become the mainstream technology of the future, IoT still faces challenges that prevent this technology from spreading. Prominent are the security challenges, as IoT devices increase and security issues are posed in all three layers of the IoT architecture. Intrusion detection, which has been in development for more than 30 years, is said to have the potential to overcome the security problems of IoT. The information in the following article gives you an overview of intrusion detection systems (IDS), security issues in IoT, and some research on IDS in IoT.

1. What is Intrusion Detection?

1.1. Overview of intrusion detection

Intrusion detection is usually a system (referred to as IDS) of tools or mechanisms that detect attacks or unauthorized access by analyzing system activity. An IDS normally consists of sensors, information from these sensors will be analyzed by a tool, data check and intrusion detection, analysis results will be reported by a system. [1]

1.2. Types of intrusion detection systems

There are many ways to classify IDS types, especially IDS for IoT because most of them are still under research. We based on the research of Jose Costa Sapalo Sicato et al. [1] to distinguish 4 types of IDS:

  • Anomaly-based IDS (AIDS): The way this IDS works is rule-based, not signature-based. With signature-based IDS, it is accurate and effective, but only suitable for known attacks. In contrast, AIDS can detect new abnormalities at various levels. Anomalies can work from users or data for a certain period of time.
  • Host-based IDS (HIDS): HIDS is attached to the server to monitor the malicious or malicious activities of the system. Specifically, HIDS analyzes network traffic, system calls, running processes, changes in communication between files, and application logs. The downside of this type of IDS is that they can only detect attacks for the systems they serve:
  • Network-based IDS (NIDS): NIDS detects malicious activity on network links and monitors network traffic for attack activity.
  • Distributed IDS (DIDS): DIDS will include many IDSs distributed on a system and connected to each other for attack detection, incident monitoring, anomaly detection. DIDS requires a central server with good computing and orchestration capabilities to detect and react to outside activities.

Fig 1: IDS for IoT.
Source: Jose Costa Sapalo Sicato, Sushil Kumar Singh, Shailendra Rathore and Jong Hyuk Park “A Comprehensive Analyses of Intrusion Detection System for IoT Environment”, Journal of Information Processing Systems, September 2020 (https://www.researchgate.net/publication/344152313_A_Comprehensive_Analyses_of_Intrusion_Detection_System_for_IoT_Environment)

 

2. IoT Security Challenges

2.1. IoT Overview

IoT or a fully written Internet of Things is a system of devices that can interact with each other on data through the internet. The three main components of IoT are device, gateway, and storage cloud. In it, users will interact with IoT devices while they also interact with each other. Data from these devices through the gateway goes to a powerful storage back-end, like the cloud. At the cloud, these data will be analyzed and stored to create insights to help IoT devices optimize all your experiences. The architecture of IoT consists of 3 main components: application layer, network layer, perception layer.

2.2. Security issues with IoT layers

As shown, the IoT layers are facing different threats In Figure 3, we show several types of attacks against entities in the IoT. The following section will present the security holes in the IoT layers.

Fig 2: Attacks at layers of IoT.
Source: Jose Costa Sapalo Sicato, Sushil Kumar Singh, Shailendra Rathore and Jong Hyuk Park “A Comprehensive Analyses of Intrusion Detection System for IoT Environment”, Journal of Information Processing Systems, September 2020 (https://www.researchgate.net/publication/344152313_A_Comprehensive_Analyses_of_Intrusion_Detection_System_for_IoT_Environment)

 

  1. The application layer is the top layer of the system. This layer receives data from the network layer and uses them to service operations to the user. As the top layer, the security issues that need to be taken care of are data integrity, data reliability, confidential information from customers, and the ability to protect important private information. Depending on the application, there will be specific requirements for security at this layer.
  2. The network layer is the layer responsible for the devices to communicate with the processing center. This is the middle layer of the IoT system, has the most important role in information coordination, and is also the layer with the most potential for attack. The technologies in this layer are used differently, and the technology of the devices participating in the network layer is also very diverse, so a solid security system is needed for this layer. IDS research has largely focused on the network layer.
  3. Perception layer: this layer is also called the sensor layer because they include sensors, things that collect data. It is important to ensure the security of the communication of the devices. The usual security standards of the internet are difficult to apply to these devices, most of which are wireless, which are more complex and have more security potential.

Obviously, it will take more than an IDS to completely overcome the security problems of IoT. But research on IDS offers a variety of ways to enhance security for IoT. Because of the variety of uses, many types of IDS will be applied and combined. Ansam Khraisat et al. [2] classified IDS according to placement strategy, detection method, validation strategy as shown in Figure 3. In the next section, we will present some typical studies with different placement strategies and detection methods. We advise readers to read the research of scientists to fully understand their work. Some scientists, such as Leonel Santos et al. [3], have also painstakingly compiled and compared different studies on IDS. The examples below are our references from them.

Fig 3: IDS classification.
Source: Khraisat, Ansam, Iqbal Gondal, Peter Vamplew, Joarder Kamruzzaman, and Ammar Alazab. 2019. “A Novel Ensemble of Hybrid Intrusion Detection System for Detecting Internet of Things Attacks” Electronics 8, no. 11: 1210. https://doi.org/10.3390/electronics8111210

 

3. IDS for IoT: some research you should know

Before introducing you to the studies, we categorize them according to the table below.

Work Placement strategy Detection method Security threat
Kasinathan et al. [4] Centralized Signature-based DoS
Oh et al. [5] Distributed Signature-based Multiple conventional attacks
Pongle et al. [6] Hybrid Anomaly-based Routing attack

 

  • In 2013, Kasinathan et al. [4] proposed a solution to detect DoS attacks in 6LoWPAN networks. The authors adapted this network, using a signature-based approach. The defender will confirm the DoS attack after being sent information by the IDS. The results showed that the work reduced the false-positive rate of IDS. Signature-based approaches are still used by Kasinathan et al. [4] developed in the following studies.
  • In 2014, Oh et al. [5] also proposes a distributed IDS for IoT. They propose an algorithm suitable for packet volume and attack signature. This approach reduces the computational cost of packets and signatures. The obtained results showed that the algorithm ran faster than the Wu-Manber algorithm, which was one of the fastest algorithms at that time.
  • In 2015, Pongle et al. [6] proposed an IDS for IoT following a hybrid location strategy. Through three algorithms, the nodes analyze the data and send information about changes in the neighborhoods to the edge router. The results obtained are quite positive thanks to the cost and power savings.

 

4. Conclusion

Enhanced security and intrusion detection for IoT is a must. To go long-term, IoT needs long-term investment in security. IDS is still a new approach, but there are many positive signals for security with high efficiency for IoT in the future. What it takes is to continuously invest, analyze, and properly apply the right architectures and technologies of IDS to deliver the desired results for IoT security.

 

5. Source

[1] Jose Costa Sapalo Sicato, Sushil Kumar Singh, Shailendra Rathore and Jong Hyuk Park “A Comprehensive Analyses of Intrusion Detection System for IoT Environment”, Journal of Information Processing Systems, September 2020 (https://www.researchgate.net/publication/344152313_A_Comprehensive_Analyses_of_Intrusion_Detection_System_for_IoT_Environment)

[2] L. Santos, C. Rabadao and R. Gonçalves, “Intrusion detection systems in the Internet of Things: A literature review,” 2018 13th Iberian Conference on Information Systems and Technologies (CISTI), 2018, pp. 1-7, doi: 10.23919/CISTI.2018.8399291. (https://ieeexplore.ieee.org/document/8399291)

[3] Khraisat, Ansam, Iqbal Gondal, Peter Vamplew, Joarder Kamruzzaman, and Ammar Alazab. 2019. “A Novel Ensemble of Hybrid Intrusion Detection System for Detecting Internet of Things Attacks” Electronics 8, no. 11: 1210. https://doi.org/10.3390/electronics8111210

[4] P. Kasinathan, C. Pastrone, M. Spirito, and M. Vinkovits, “Denial-ofservice detection in 6LoWPAN based Internet of Things,” In: Wireless and Mobile Computing, Networking and Communications (WiMob), 2013 IEEE Proceedings of the 9th International Conference on, pp. 600- 607, 2013.

[5] D. Oh, D. Kim, and W. Ro, “A malicious pattern detection engine for embedded security systems in the Internet of Things,” Sensors, 14 (12), 24188–24211, 2014.

[6] P. Pongle, and G. Chavan, “Real time intrusion and wormhole attack detection in Internet of Things,” International Journal of Computer Applications, 121 (9), 1-9, 2015.

The post Intrusion Detection in IoT appeared first on Speranza.

*** This is a Security Bloggers Network syndicated blog from IoT Blog – Speranza authored by Allen. Read the original post at: https://www.speranzainc.com/intrusion-detection-in-iot/