Shielding IoT against Cyber-Attacks: An Event-Based Approach Using SIEM

Due to the growth of IoT (Internet of Things) devices in different industries and markets in recent years and considering the currently insufficient protection for these devices, a security solution safeguarding IoT architectures are highly desirable. An interesting perspective for the development of security solutions is the use of an event management approach, knowing that an event may become an incident when an information asset is affected under certain circumstances. The paper at hand proposes a security solution based on the management of security events within IoT scenarios in order to accurately identify suspicious activities. To this end, different vulnerabilities found in IoT devices are described, as well as unique features that make these devices an appealing target for attacks. Finally, three IoT attack scenarios are presented, describing exploited vulnerabilities, security events generated by the attack, and accurate responses that could be launched to help decreasing the impact of the attack on IoT devices. Our analysis demonstrates that the proposed approach is suitable for protecting the IoT ecosystem, giving an adequate protection level to the IoT devices.

Download Full-text

A Comprehensive and Systematic Survey on the Internet of Things: Security and Privacy Challenges, Security Frameworks, Enabling Technologies, Threats, Vulnerabilities and Countermeasures

Computers ◽

10.3390/computers9020044 ◽

2020 ◽

Vol 9 (2) ◽

pp. 44 ◽

Cited By ~ 2

Author(s):

Muath A. Obaidat ◽

Suhaib Obeidat ◽

Jennifer Holst ◽

Abdullah Al Hayajneh ◽

Joseph Brown

Keyword(s):

Internet Of Things ◽

Cyber Attacks ◽

Security And Privacy ◽

The Internet ◽

Comprehensive Overview ◽

Architecture Model ◽

Research Areas ◽

Iot Devices ◽

The Impact ◽

The Internet Of Things

The Internet of Things (IoT) has experienced constant growth in the number of devices deployed and the range of applications in which such devices are used. They vary widely in size, computational power, capacity storage, and energy. The explosive growth and integration of IoT in different domains and areas of our daily lives has created an Internet of Vulnerabilities (IoV). In the rush to build and implement IoT devices, security and privacy have not been adequately addressed. IoT devices, many of which are highly constrained, are vulnerable to cyber attacks, which threaten the security and privacy of users and systems. This survey provides a comprehensive overview of IoT in regard to areas of application, security architecture frameworks, recent security and privacy issues in IoT, as well as a review of recent similar studies on IoT security and privacy. In addition, the paper presents a comprehensive taxonomy of attacks on IoT based on the three-layer architecture model; perception, network, and application layers, as well as a suggestion of the impact of these attacks on CIA objectives in representative devices, are presented. Moreover, the study proposes mitigations and countermeasures, taking a multi-faceted approach rather than a per layer approach. Open research areas are also covered to provide researchers with the most recent research urgent questions in regard to securing IoT ecosystem.

Download Full-text

State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

Sensors ◽

10.3390/s21051598 ◽

2021 ◽

Vol 21 (5) ◽

pp. 1598

Author(s):

Sigurd Frej Joel Jørgensen Ankergård ◽

Edlira Dushku ◽

Nicola Dragoni

Keyword(s):

Internet Of Things ◽

Smart Cities ◽

Cyber Attacks ◽

Resource Constrained ◽

Remote Attestation ◽

Comprehensive Overview ◽

Research Issues ◽

Advantages And Disadvantages ◽

Iot Devices ◽

Specialized Hardware

The Internet of Things (IoT) ecosystem comprises billions of heterogeneous Internet-connected devices which are revolutionizing many domains, such as healthcare, transportation, smart cities, to mention only a few. Along with the unprecedented new opportunities, the IoT revolution is creating an enormous attack surface for potential sophisticated cyber attacks. In this context, Remote Attestation (RA) has gained wide interest as an important security technique to remotely detect adversarial presence and assure the legitimate state of an IoT device. While many RA approaches proposed in the literature make different assumptions regarding the architecture of IoT devices and adversary capabilities, most typical RA schemes rely on minimal Root of Trust by leveraging hardware that guarantees code and memory isolation. However, the presence of a specialized hardware is not always a realistic assumption, for instance, in the context of legacy IoT devices and resource-constrained IoT devices. In this paper, we survey and analyze existing software-based RA schemes (i.e., RA schemes not relying on specialized hardware components) through the lens of IoT. In particular, we provide a comprehensive overview of their design characteristics and security capabilities, analyzing their advantages and disadvantages. Finally, we discuss the opportunities that these RA schemes bring in attesting legacy and resource-constrained IoT devices, along with open research issues.

Download Full-text

Botnet and Internet of Things (IoTs)

Security, Privacy, and Forensics Issues in Big Data - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-9742-1.ch013 ◽

2020 ◽

pp. 304-316

Author(s):

Kamal Alieyan ◽

Ammar Almomani ◽

Rosni Abdullah ◽

Badr Almutairi ◽

Mohammad Alauthman

Keyword(s):

Internet Of Things ◽

Cyber Attacks ◽

The Internet ◽

Ddos Attacks ◽

Botnet Detection ◽

The Public ◽

Detection Techniques ◽

Channel Information ◽

Iot Devices ◽

The Internet Of Things

In today's internet world the internet of things (IoT) is becoming the most significant and developing technology. The primary goal behind the IoT is enabling more secure existence along with the improvement of risks at various life levels. With the arrival of IoT botnets, the perspective towards IoT products has transformed from enhanced living enabler into the internet of vulnerabilities for cybercriminals. Of all the several types of malware, botnet is considered as really a serious risk that often happens in cybercrimes and cyber-attacks. Botnet performs some predefined jobs and that too in some automated fashion. These attacks mostly occur in situations like phishing against any critical targets. Files sharing channel information are moved to DDoS attacks. IoT botnets have subjected two distinct problems, firstly, on the public internet. Most of the IoT devices are easily accessible. Secondly, in the architecture of most of the IoT units, security is usually a reconsideration. This particular chapter discusses IoT, botnet in IoT, and various botnet detection techniques available in IoT.

Download Full-text

Botnet and Internet of Things (IoTs)

Research Anthology on Combating Denial-of-Service Attacks ◽

10.4018/978-1-7998-5348-0.ch007 ◽

2021 ◽

pp. 138-150

Author(s):

Kamal Alieyan ◽

Ammar Almomani ◽

Rosni Abdullah ◽

Badr Almutairi ◽

Mohammad Alauthman

Keyword(s):

Internet Of Things ◽

Cyber Attacks ◽

The Internet ◽

Ddos Attacks ◽

Botnet Detection ◽

The Public ◽

Detection Techniques ◽

Channel Information ◽

Iot Devices ◽

The Internet Of Things

Download Full-text

Decades of Internet of Things towards 21st Century: A Research-Based Introspective

10.21203/rs.3.rs-193005/v1 ◽

2021 ◽

Author(s):

NAGAJAYANTHI BOOBALAKRISHNAN

Keyword(s):

Internet Of Things ◽

Cyber Attacks ◽

Embedded Internet ◽

Industrial Iot ◽

Voice User ◽

Block Chain ◽

Iot Devices ◽

Data Ecosystem ◽

The Internet Of Things ◽

Exchange Data

Abstract Internet connects people to people, people to machine, and machine to machine for a life of serendipity through a Cloud. Internet of Things networks objects or people and integrates them with software to collect and exchange data. The Internet of things (IoT) influences our lives based on how we ruminate, respond, and anticipate. IoT 2020 heralds from the fringes to the data ecosystem and panaches a comfort zone. IoT is overwhelmingly embraced by businessmen and consumers due to increased productivity and convenience. Internet of Things facilitates intelligent device control with cloud vendors like Amazon and Google using artificial intelligence for data analytics, and with digital assistants like Alexa and Siri providing a voice user interface. Smart IoT is all about duplex connecting, processing, and implementing. With 5G, lightning faster rate of streaming analytics is realistic. An amalgamation of technologies has led to this techno-industrial IoT revolution. Centralized IoT architecture is vulnerable to cyber-attacks. With Block Chain, it is possible to maintain transparency and security of the transaction's data. Standardization of IoT devices is achievable with limited vendors based on Platform, Connectivity, and Application. Robotic Process Automation (RPA) using bots has automated laborious tasks in 2019. Embedded Internet using Facial Recognition could reduce the pandemic crisis. Security concerns are addressed with micro-segmentation approaches. IoT, an incredible vision of the future makes systems adaptive with customized features, responsive with increased efficiency, and procurable with optimized cost. This paper delivers a comprehensive insight into the technical perspectives of IoT, focusing on interoperability, flexibility, scalability, mobility, security, transparency, standardization, and low energy.

Download Full-text

Survey of Machine Learning Algorithms to Detect Malware in Consumer Internet of Things Devices

International Journal of Artificial Intelligence Tools ◽

10.1142/s0218213021500202 ◽

2021 ◽

Vol 30 (04) ◽

pp. 2150020

Author(s):

Luke Holbrook ◽

Miltiadis Alamaniotis

Keyword(s):

Neural Network ◽

Machine Learning ◽

Internet Of Things ◽

Deep Neural Network ◽

Learning Algorithms ◽

Cyber Attacks ◽

Machine Learning Algorithms ◽

Coefficient Of Determination ◽

Support Vector ◽

Iot Devices

With the increase of cyber-attacks on millions of Internet of Things (IoT) devices, the poor network security measures on those devices are the main source of the problem. This article aims to study a number of these machine learning algorithms available for their effectiveness in detecting malware in consumer internet of things devices. In particular, the Support Vector Machines (SVM), Random Forest, and Deep Neural Network (DNN) algorithms are utilized for a benchmark with a set of test data and compared as tools in safeguarding the deployment for IoT security. Test results on a set of 4 IoT devices exhibited that all three tested algorithms presented here detect the network anomalies with high accuracy. However, the deep neural network provides the highest coefficient of determination R2, and hence, it is identified as the most precise among the tested algorithms concerning the security of IoT devices based on the data sets we have undertaken.

Download Full-text

A Review of Intrusion Detection Systems Using Machine and Deep Learning in Internet of Things: Challenges, Solutions and Future Directions

Electronics ◽

10.3390/electronics9071177 ◽

2020 ◽

Vol 9 (7) ◽

pp. 1177

Author(s):

Javed Asharf ◽

Nour Moustafa ◽

Hasnat Khurshid ◽

Essam Debie ◽

Waqas Haider ◽

...

Keyword(s):

Deep Learning ◽

Internet Of Things ◽

Intrusion Detection ◽

Cyber Attacks ◽

The Internet ◽

Cyber Attack ◽

Control Approach ◽

Detection Systems ◽

Desktop Computers ◽

Iot Devices

The Internet of Things (IoT) is poised to impact several aspects of our lives with its fast proliferation in many areas such as wearable devices, smart sensors and home appliances. IoT devices are characterized by their connectivity, pervasiveness and limited processing capability. The number of IoT devices in the world is increasing rapidly and it is expected that there will be 50 billion devices connected to the Internet by the end of the year 2020. This explosion of IoT devices, which can be easily increased compared to desktop computers, has led to a spike in IoT-based cyber-attack incidents. To alleviate this challenge, there is a requirement to develop new techniques for detecting attacks initiated from compromised IoT devices. Machine and deep learning techniques are in this context the most appropriate detective control approach against attacks generated from IoT devices. This study aims to present a comprehensive review of IoT systems-related technologies, protocols, architecture and threats emerging from compromised IoT devices along with providing an overview of intrusion detection models. This work also covers the analysis of various machine learning and deep learning-based techniques suitable to detect IoT systems related to cyber-attacks.

Download Full-text

ThingsLocate: A ThingSpeak-Based Indoor Positioning Platform for Academic Research on Location-Aware Internet of Things

Technologies ◽

10.3390/technologies7030050 ◽

2019 ◽

Vol 7 (3) ◽

pp. 50 ◽

Cited By ~ 3

Author(s):

Luca De De Nardis ◽

Giuseppe Caso ◽

Maria Gabriella Di Benedetto

Keyword(s):

Internet Of Things ◽

Academic Research ◽

Cloud Service ◽

Indoor Positioning ◽

Location Awareness ◽

Graduate Studies ◽

Iot Devices ◽

Location Channel ◽

User Friendly ◽

The Impact

Seamless location awareness is considered a cornerstone in the successful deployment of the Internet of Things (IoT). Support for IoT devices in indoor positioning platforms and, vice versa, availability of indoor positioning functions in IoT platforms, are however still in their early stages, posing a significant challenge in the study and research of the interaction of indoor positioning and IoT. This paper proposes a new indoor positioning platform, called ThingsLocate, that fills this gap by building upon the popular and flexible ThingSpeak cloud service for IoT, leveraging its data input and data processing capabilities and, most importantly, its native support for cloud execution of Matlab code. ThingsLocate provides a flexible, user-friendly WiFi fingerprinting indoor positioning service for IoT devices, based on Received Signal Strength Indicator (RSSI) information. The key components of ThingsLocate are introduced and described: RSSI channels used by IoT devices to provide WiFi RSSI data, an Analysis app estimating the position of the device, and a Location channel to publish such estimate. A proof-of-concept implementation of ThingsLocate is then introduced, and used to show the possibilities offered by the platform in the context of graduate studies and academic research on indoor positioning for IoT. Results of an experiment enabled by ThingsLocate with limited setup and no coding effort are presented, focusing on the impact of using different devices and different positioning algorithms on positioning accuracy.

Download Full-text

A Novel Insider Attack and Machine Learning Based Detection for the Internet of Things

ACM Transactions on Internet of Things ◽

10.1145/3466721 ◽

2021 ◽

Vol 2 (4) ◽

pp. 1-23

Author(s):

Morshed Chowdhury ◽

Biplob Ray ◽

Sujan Chowdhury ◽

Sutharshan Rajasegarar

Keyword(s):

Machine Learning ◽

Internet Of Things ◽

Network Traffic ◽

The Internet ◽

Traffic Data ◽

Lossy Networks ◽

Insider Attack ◽

Iot Devices ◽

The Impact ◽

The Internet Of Things

Due to the widespread functional benefits, such as supporting internet connectivity, having high visibility and enabling easy connectivity between sensors, the Internet of Things (IoT) has become popular and used in many applications, such as for smart city, smart health, smart home, and smart vehicle realizations. These IoT-based systems contribute to both daily life and business, including sensitive and emergency situations. In general, the devices or sensors used in the IoT have very limited computational power, storage capacity, and communication capabilities, but they help to collect a large amount of data as well as maintain communication with the other devices in the network. Since most of the IoT devices have no physical security, and often are open to everyone via radio communication and via the internet, they are highly vulnerable to existing and emerging novel security attacks. Further, the IoT devices are usually integrated with the corporate networks; in this case, the impact of attacks will be much more significant than operating in isolation. Due to the constraints of the IoT devices, and the nature of their operation, existing security mechanisms are less effective for countering the attacks that are specific to the IoT-based systems. This article presents a new insider attack, named loophole attack , that exploits the vulnerabilities present in a widely used IPv6 routing protocol in IoT-based systems, called RPL (Routing over Low Power and Lossy Networks). To protect the IoT system from this insider attack, a machine learning based security mechanism is presented. The proposed attack has been implemented using a Contiki IoT operating system that runs on the Cooja simulator, and the impacts of the attack are analyzed. Evaluation on the collected network traffic data demonstrates that the machine learning based approaches, along with the proposed features, help to accurately detect the insider attack from the network traffic data.

Download Full-text

Integration of Heterogeneous Devices and Communication Models via the Cloud in the Constrained Internet of Things

International Journal of Distributed Sensor Networks ◽

10.1155/2015/683425 ◽

2015 ◽

Vol 2015 ◽

pp. 1-16 ◽

Cited By ~ 9

Author(s):

Floris Van den Abeele ◽

Jeroen Hoebeke ◽

Ingrid Moerman ◽

Piet Demeester

Keyword(s):

Internet Of Things ◽

Network Connectivity ◽

Heterogeneous Devices ◽

Communication Models ◽

Iot Devices ◽

Control And Management ◽

The Impact ◽

Communication Methods ◽

The Internet Of Things ◽

Constrained Devices

As the Internet of Things continues to expand in the coming years, the need for services that span multiple IoT application domains will continue to increase in order to realize the efficiency gains promised by the IoT. Today, however, service developers looking to add value on top of existing IoT systems are faced with very heterogeneous devices and systems. These systems implement a wide variety of network connectivity options, protocols (proprietary or standards-based), and communication methods all of which are unknown to a service developer that is new to the IoT. Even within one IoT standard, a device typically has multiple options for communicating with others. In order to alleviate service developers from these concerns, this paper presents a cloud-based platform for integrating heterogeneous constrained IoT devices and communication models into services. Our evaluation shows that the impact of our approach on the operation of constrained devices is minimal while providing a tangible benefit in service integration of low-resource IoT devices. A proof of concept demonstrates the latter by means of a control and management dashboard for constrained devices that was implemented on top of the presented platform. The results of our work enable service developers to more easily implement and deploy services that span a wide variety of IoT application domains.

Download Full-text