Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

A supervised intrusion detection system for smart home IoT devices

Anthi, Eirini, Williams, Lowri, Malgorzata, Slowinska, Theodorakopoulos, Georgios ORCID: https://orcid.org/0000-0003-2701-7809 and Burnap, Peter ORCID: https://orcid.org/0000-0003-0396-633X 2019. A supervised intrusion detection system for smart home IoT devices. IEEE Internet of Things 6 (5) , pp. 9042-9053. 10.1109/JIOT.2019.2926365

[thumbnail of A Supervised Intrusion Detection System for SmartHome IoT Devices.pdf]
Preview
PDF - Accepted Post-Print Version
Download (592kB) | Preview

Abstract

The proliferation in Internet of Things (IoT) devices, which routinely collect sensitive information, is demonstrated by their prominence in our daily lives. Although such devices simplify and automate every day tasks, they also introduce tremendous security flaws. Current insufficient security measures employed to defend smart devices make IoT the `weakest' link to breaking into a secure infrastructure, and therefore an attractive target to attackers. This paper proposes a three layer Intrusion Detection System (IDS) that uses a supervised approach to detect a range of popular network based cyber-attacks on IoT networks. The system consists of three main functions: 1) classify the type and profile the normal behaviour of each IoT device connected to the network, 2) identifies malicious packets on the network when an attack is occurring, and 3) classifies the type of the attack that has been deployed. The system is evaluated within a smart home testbed consisting of 8 popular commercially available devices. The effectiveness of the proposed IDS architecture is evaluated by deploying 12 attacks from 4 main network based attack categories such as: Denial of Service (DoS), Man-In-The-Middle (MITM)/Spoofing, Reconnaissance, and Replay. Additionally, the system is also evaluated against 4 scenarios of multi-stage attacks with complex chains of events. The performance of the system's three core functions result in an F-measure of: 1) 96.2%, 2) 90.0%, and 3) 98.0%. This demonstrates that the proposed architecture can automatically distinguish between IoT devices on the network, whether network activity is malicious or benign, and detect which attack was deployed on which device connected to the network successfully.

Item Type: Article
Date Type: Publication
Status: Published
Schools: Computer Science & Informatics
Publisher: Institute of Electrical and Electronics Engineers (IEEE)
ISSN: 2327-4662
Date of First Compliant Deposit: 8 July 2019
Date of Acceptance: 26 June 2019
Last Modified: 07 Nov 2023 03:39
URI: https://orca.cardiff.ac.uk/id/eprint/123767

Citation Data

Cited 177 times in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item Edit Item

Downloads

Downloads per month over past year

View more statistics