Visible to the public Identifying Attack Signatures for the Internet of Things: An IP Flow Based Approach

Submitted by grigby1 on Thu, 03/12/2020 - 12:02pm
TitleIdentifying Attack Signatures for the Internet of Things: An IP Flow Based Approach
Publication TypeConference Paper
Year of Publication2019
AuthorsVieira, Leandro, Santos, Leonel, Gon\c calves, Ramiro, Rabadão, Carlos
Conference Name2019 14th Iberian Conference on Information Systems and Technologies (CISTI)
Date Publishedjun
Keywordsattack signature, computer network security, defense mechanisms, flow monitoring, Internet, Internet of Things, Intrusion detection, Intrusion Detection Systems, IoT communications, IoT devices, IP flow properties, IP networks, Monitoring, network attacks, network intrusion detection, privacy, Protocols, pubcrawl, resilience, Resiliency, resource limitations, Scalability, security, security mechanisms, sensitive information, signature based defense, telecommunication traffic, Tools
Abstract

At the time of more and more devices being connected to the internet, personal and sensitive information is going around the network more than ever. Thus, security and privacy regarding IoT communications, devices, and data are a concern due to the diversity of the devices and protocols used. Since traditional security mechanisms cannot always be adequate due to the heterogeneity and resource limitations of IoT devices, we conclude that there are still several improvements to be made to the 2nd line of defense mechanisms like Intrusion Detection Systems. Using a collection of IP flows, we can monitor the network and identify properties of the data that goes in and out. Since network flows collection have a smaller footprint than packet capturing, it makes it a better choice towards the Internet of Things networks. This paper aims to study IP flow properties of certain network attacks, with the goal of identifying an attack signature only by observing those properties.
DOI10.23919/CISTI.2019.8760650
Citation Keyvieira_identifying_2019
Groups: