A supervised intrusion detection system for smart home IoT devices


The proliferation in Internet of Things (IoT) devices, which routinely collect sensitive information, is demonstrated by their prominence in our daily lives. Although such devices simplify and automate every day tasks, they also introduce tremendous security flaws. Current insufficient security measures employed to defend smart devices make IoT the “weakest” link to breaking into a secure infrastructure, and therefore an attractive target to attackers. This paper proposes a three layer intrusion detection system (IDS) that uses a supervised approach to detect a range of popular network based cyber-attacks on IoT networks. The system consists of three main functions- 1) classify the type and profile the normal behavior of each IoT device connected to the network; 2) identifies malicious packets on the network when an attack is occurring; and 3) classifies the type of the attack that has been deployed. The system is evaluated within a smart home testbed consisting of eight popular commercially available devices. The effectiveness of the proposed IDS architecture is evaluated by deploying 12 attacks from 4 main network based attack categories, such as denial of service (DoS), man-in-the-middle (MITM)/spoofing, reconnaissance, and replay. Additionally, the system is also evaluated against four scenarios of multistage attacks with complex chains of events. The performance of the system’s three core functions result in an F-measure of - 1) 96.2%; 2) 90.0%; and 3) 98.0%. This demonstrates that the proposed architecture can automatically distinguish between IoT devices on the network, whether network activity is malicious or benign, and detect which attack was deployed on which device connected to the network successfully.

IEEE Internet of Things Journal