A flow-based intrusion detection framework for internet of things networks
Overview
Research
Identity
View All
Overview
abstract
The application of the Internet of Things concept in domains such as industrial control, building automation, human health, and environmental monitoring, introduces new privacy and security challenges. Consequently, traditional implementation of monitoring and security mechanisms cannot always be presently feasible and adequate due to the number of IoT devices, their heterogeneity and the typical limitations of their technical specifications. In this paper, we propose an IP flow-based Intrusion Detection System (IDS) framework to monitor and protect IoT networks from external and internal threats in
real-time. The proposed framework collects IP flows from an IoT network and analyses them in order to monitor and detect
attacks, intrusions, and other types of anomalies at different IoT architecture layers based on some flow features instead of
using packet headers fields and their payload. The proposed framework was designed to consider both the IoT network
architecture and other IoT contextual characteristics such as scalability, heterogeneity, interoperability, and the minimization
of the use of IoT networks resources. The proposed IDS framework is network-based and relies on a hybrid
architecture, as it involves both centralized analysis and distributed data collection components. In terms of detection
method, the framework uses a specification-based approach drawn on normal traffic specifications. The experimental
results show that this framework can achieve & 100% success and 0% of false positives in detection of intrusions and
anomalies. In terms of performance and scalability in the operation of the IDS components, we study and compare it with
three different conventional IDS (Snort, Suricata, and Zeek) and the results demonstrate that the proposed solution can
consume fewer computational resources (CPU, RAM, and persistent memory) when compared to those conventional IDS.
This work was supported by Portuguese national funds through the FCT—Foundation for Science and Technology, I.P., under the project UID/CEC/04524/2019.
