Title | Multi-level Bluetooth Intrusion Detection System |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Satam, Shalaka, Satam, Pratik, Hariri, Salim |
Conference Name | 2020 IEEE/ACS 17th International Conference on Computer Systems and Applications (AICCSA) |
Date Published | Nov. 2020 |
Publisher | IEEE |
ISBN Number | 978-1-7281-8577-4 |
Keywords | Anomaly based Intrusion Detection, Autonomic Security, Biomedical monitoring, Bluetooth, bluetooth security, composability, IEEE 802.15.1, Internet of Things (IoT), Intrusion detection, Monitoring, performance evaluation, Protocols, pubcrawl, resilience, Resiliency, security, whitelisting |
Abstract | Large scale deployment of IoT devices has made Bluetooth Protocol (IEEE 802.15.1) the wireless protocol of choice for close-range communications. Devices such as keyboards, smartwatches, headphones, computer mouse, and various wearable connecting devices use Bluetooth network for communication. Moreover, Bluetooth networks are widely used in medical devices like heart monitors, blood glucose monitors, asthma inhalers, and pulse oximeters. Also, Bluetooth has replaced cables for wire-free equipment in a surgical environment. In hospitals, devices communicate with one another, sharing sensitive and critical information over Bluetooth scatter-networks. Thus, it is imperative to secure the Bluetooth networks against attacks like Man in the Middle attack (MITM), eavesdropping attacks, and Denial of Service (DoS) attacks. This paper presents a Multi-Level Bluetooth Intrusion Detection System (ML-BIDS) to detect malicious attacks against Bluetooth devices. In the ML-IDS framework, we perform continuous device identification and authorization in Bluetooth networks following the zero-trust principle [ref]. The ML-BIDS framework includes an anomaly-based intrusion detection system (ABIDS) to detect attacks on the Bluetooth protocol. The ABIDS tracks the normal behavior of the Bluetooth protocol by comparing it with the Bluetooth protocol state machine. Bluetooth frame flows consisting of Bluetooth frames received over 10 seconds are split into n-grams to track the current state of the protocol in the state machine. We evaluated the performance of several machine learning algorithms like C4.5, Adaboost, SVM, Naive Bayes, Jrip, and Bagging to classify normal Bluetooth protocol flows from abnormal Bluetooth protocol flows. The ABIDS detects attacks on Bluetooth protocols with a precision of up to 99.6% and recall up to 99.6%. The ML-BIDS framework also performs whitelisting of the devices on the Bluetooth network to prevent unauthorized devices from connecting to the network. ML-BIDS uses a combination of the Bluetooth Address, mac address, and IP address to uniquely identify a Bluetooth device connecting to the network, and hence ensuring only authorized devices can connect to the Bluetooth network. |
URL | https://ieeexplore.ieee.org/document/9316514 |
DOI | 10.1109/AICCSA50499.2020.9316514 |
Citation Key | satam_multi-level_2020 |