Publicação
A flow-based intrusion detection framework for internet of things networks
| Resumo: | The application of the Internet of Things concept in domains such as industrial control, building automation, human health, and environmental monitoring, introduces new privacy and security challenges. Consequently, traditional implementation of monitoring and security mechanisms cannot always be presently feasible and adequate due to the number of IoT devices, their heterogeneity and the typical limitations of their technical specifications. In this paper, we propose an IP flow-based Intrusion Detection System (IDS) framework to monitor and protect IoT networks from external and internal threats in real-time. The proposed framework collects IP flows from an IoT network and analyses them in order to monitor and detect attacks, intrusions, and other types of anomalies at different IoT architecture layers based on some flow features instead of using packet headers fields and their payload. The proposed framework was designed to consider both the IoT network architecture and other IoT contextual characteristics such as scalability, heterogeneity, interoperability, and the minimization of the use of IoT networks resources. The proposed IDS framework is network-based and relies on a hybrid architecture, as it involves both centralized analysis and distributed data collection components. In terms of detection method, the framework uses a specification-based approach drawn on normal traffic specifications. The experimental results show that this framework can achieve & 100% success and 0% of false positives in detection of intrusions and anomalies. In terms of performance and scalability in the operation of the IDS components, we study and compare it with three different conventional IDS (Snort, Suricata, and Zeek) and the results demonstrate that the proposed solution can consume fewer computational resources (CPU, RAM, and persistent memory) when compared to those conventional IDS. |
|---|---|
| Autores principais: | Santos, Leonel |
| Outros Autores: | Gonçalves, Ramiro Manuel; Rabadão, Carlos; Martins, José |
| Assunto: | Internet of things Network monitoring Intrusion detection Network security Network attacks |
| Ano: | 2023 |
| País: | Portugal |
| Tipo de documento: | artigo |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | Instituto Politécnico de Bragança |
| Idioma: | inglês |
| Origem: | Biblioteca Digital do IPB |
| _version_ | 1867173197271531520 |
|---|---|
| author | Santos, Leonel |
| author2 | Gonçalves, Ramiro Manuel Rabadão, Carlos Martins, José |
| author2_role | author author author |
| author_facet | Santos, Leonel Gonçalves, Ramiro Manuel Rabadão, Carlos Martins, José |
| author_role | author |
| contributor_name_str_mv | Biblioteca Digital do IPB |
| country_str | PT |
| creators_json_txt | [{\"Person.name\":\"Santos, Leonel\"},{\"Person.name\":\"Gonçalves, Ramiro Manuel\"},{\"Person.name\":\"Rabadão, Carlos\"},{\"Person.name\":\"Martins, José\",\"Person.identifier.orcid\":\"0000-0002-7787-6305\"}] |
| datacite.contributors.contributor.contributorName.fl_str_mv | Biblioteca Digital do IPB |
| datacite.creators.creator.creatorName.fl_str_mv | Santos, Leonel Gonçalves, Ramiro Manuel Rabadão, Carlos Martins, José |
| datacite.date.Accepted.fl_str_mv | 2023-01-01T00:00:00Z |
| datacite.date.available.fl_str_mv | 2022-03-25T16:04:38Z |
| datacite.date.embargoed.fl_str_mv | 2022-03-25T16:04:38Z |
| datacite.rights.fl_str_mv | http://purl.org/coar/access_right/c_abf2 |
| datacite.subjects.subject.fl_str_mv | Internet of things Network monitoring Intrusion detection Network security Network attacks |
| datacite.titles.title.fl_str_mv | A flow-based intrusion detection framework for internet of things networks |
| dc.contributor.none.fl_str_mv | Biblioteca Digital do IPB |
| dc.creator.none.fl_str_mv | Santos, Leonel Gonçalves, Ramiro Manuel Rabadão, Carlos Martins, José |
| dc.date.Accepted.fl_str_mv | 2023-01-01T00:00:00Z |
| dc.date.available.fl_str_mv | 2022-03-25T16:04:38Z |
| dc.date.embargoed.fl_str_mv | 2022-03-25T16:04:38Z |
| dc.format.none.fl_str_mv | application/pdf |
| dc.identifier.none.fl_str_mv | http://hdl.handle.net/10198/25293 |
| dc.language.none.fl_str_mv | eng |
| dc.publisher.none.fl_str_mv | Springer |
| dc.rights.cclincense.fl_str_mv | http://creativecommons.org/licenses/by-nc/4.0/ |
| dc.rights.none.fl_str_mv | http://purl.org/coar/access_right/c_abf2 |
| dc.subject.none.fl_str_mv | Internet of things Network monitoring Intrusion detection Network security Network attacks |
| dc.title.fl_str_mv | A flow-based intrusion detection framework for internet of things networks |
| dc.type.none.fl_str_mv | http://purl.org/coar/resource_type/c_6501 |
| description | The application of the Internet of Things concept in domains such as industrial control, building automation, human health, and environmental monitoring, introduces new privacy and security challenges. Consequently, traditional implementation of monitoring and security mechanisms cannot always be presently feasible and adequate due to the number of IoT devices, their heterogeneity and the typical limitations of their technical specifications. In this paper, we propose an IP flow-based Intrusion Detection System (IDS) framework to monitor and protect IoT networks from external and internal threats in real-time. The proposed framework collects IP flows from an IoT network and analyses them in order to monitor and detect attacks, intrusions, and other types of anomalies at different IoT architecture layers based on some flow features instead of using packet headers fields and their payload. The proposed framework was designed to consider both the IoT network architecture and other IoT contextual characteristics such as scalability, heterogeneity, interoperability, and the minimization of the use of IoT networks resources. The proposed IDS framework is network-based and relies on a hybrid architecture, as it involves both centralized analysis and distributed data collection components. In terms of detection method, the framework uses a specification-based approach drawn on normal traffic specifications. The experimental results show that this framework can achieve & 100% success and 0% of false positives in detection of intrusions and anomalies. In terms of performance and scalability in the operation of the IDS components, we study and compare it with three different conventional IDS (Snort, Suricata, and Zeek) and the results demonstrate that the proposed solution can consume fewer computational resources (CPU, RAM, and persistent memory) when compared to those conventional IDS. |
| dirty | 0 |
| eu_rights_str_mv | openAccess |
| format | article |
| fulltext.url.fl_str_mv | https://bibliotecadigital.ipb.pt/bitstreams/c05046a4-d933-4fb0-9c9e-510a391938c3/download |
| funding.funder.alternateName_str_mv | FCT |
| funding.funder.identifier_str_mv | http://doi.org/10.13039/501100001871 |
| funding.funder.name_str_mv | Fundação para a Ciência e a Tecnologia |
| funding.name_str_mv | 6817 - DCRRNI ID |
| id | ipb_3d365d0b8ba7d98cb0b6f7ecf2e190cd |
| identifier.url.fl_str_mv | http://hdl.handle.net/10198/25293 |
| instacron_str | ipb |
| institution | Instituto Politécnico de Bragança |
| instname_str | Instituto Politécnico de Bragança |
| language | eng |
| network_acronym_str | ipb |
| network_name_str | Biblioteca Digital do IPB |
| oai_identifier_str | oai:bibliotecadigital.ipb.pt:10198/25293 |
| organization_str_mv | urn:organizationAcronym:ipb |
| person_str_mv | Santos, Leonel Gonçalves, Ramiro Manuel Rabadão, Carlos Martins, José Martins, José https://www.ciencia-id.pt/BC19-7E23-DA8C BC19-7E23-DA8C http://orcid.org/0000-0002-7787-6305 0000-0002-7787-6305 |
| publishDate | 2023 |
| publisher.none.fl_str_mv | Springer |
| reponame_str | Biblioteca Digital do IPB |
| repository_id_str | urn:repositoryAcronym:ipb |
| service_str_mv | urn:repositoryAcronym:ipb |
| spelling | engSpringerpt_PTThe application of the Internet of Things concept in domains such as industrial control, building automation, human health, and environmental monitoring, introduces new privacy and security challenges. Consequently, traditional implementation of monitoring and security mechanisms cannot always be presently feasible and adequate due to the number of IoT devices, their heterogeneity and the typical limitations of their technical specifications. In this paper, we propose an IP flow-based Intrusion Detection System (IDS) framework to monitor and protect IoT networks from external and internal threats in real-time. The proposed framework collects IP flows from an IoT network and analyses them in order to monitor and detect attacks, intrusions, and other types of anomalies at different IoT architecture layers based on some flow features instead of using packet headers fields and their payload. The proposed framework was designed to consider both the IoT network architecture and other IoT contextual characteristics such as scalability, heterogeneity, interoperability, and the minimization of the use of IoT networks resources. The proposed IDS framework is network-based and relies on a hybrid architecture, as it involves both centralized analysis and distributed data collection components. In terms of detection method, the framework uses a specification-based approach drawn on normal traffic specifications. The experimental results show that this framework can achieve & 100% success and 0% of false positives in detection of intrusions and anomalies. In terms of performance and scalability in the operation of the IDS components, we study and compare it with three different conventional IDS (Snort, Suricata, and Zeek) and the results demonstrate that the proposed solution can consume fewer computational resources (CPU, RAM, and persistent memory) when compared to those conventional IDS.application/pdfpt_PTA flow-based intrusion detection framework for internet of things networksSantos, LeonelGonçalves, Ramiro ManuelRabadão, CarlosPersonalMartins, JoséDSpacehttp://dspace.org/items/9a3a730e-b304-424c-9325-35f43c88f16cDSpacehttp://dspace.org/items/9a3a730e-b304-424c-9325-35f43c88f16cMartinsJoséCiência IDhttps://www.ciencia-id.ptBC19-7E23-DA8CORCIDhttp://orcid.org0000-0002-7787-6305Researcher IDhttps://www.researcherid.comB-5280-2014Researcher IDhttps://www.researcherid.comN-7005-2018Scopus Author IDhttps://www.scopus.com35321317600HostingInstitutionOrganizationalBiblioteca Digital do IPBe-mailmailto:dspace@ipb.ptdspace@ipb.ptISSNIsPartOf1386-7857DOIIsPartOf10.1007/s10586-021-03238-y2022-03-25T16:04:38Z20232023-01-01T00:00:00ZHandlehttp://hdl.handle.net/10198/25293http://purl.org/coar/access_right/c_abf2open accessInternet of thingsNetwork monitoringIntrusion detectionNetwork securityNetwork attacks2883466 bytesFundação para a Ciência e a TecnologiaCentro de Investigação em Informática e Comunicações6817 - DCRRNI IDCrossref Funder IDhttp://doi.org/10.13039/501100001871literaturehttp://purl.org/coar/resource_type/c_6501journal article2023http://creativecommons.org/licenses/by-nc/4.0/http://purl.org/coar/access_right/c_abf2application/pdffulltexthttps://bibliotecadigital.ipb.pt/bitstreams/c05046a4-d933-4fb0-9c9e-510a391938c3/downloadCluster Computing |
| spellingShingle | A flow-based intrusion detection framework for internet of things networks Santos, Leonel Internet of things Network monitoring Intrusion detection Network security Network attacks |
| status | SINGLETON |
| subject.fl_str_mv | Internet of things Network monitoring Intrusion detection Network security Network attacks |
| title | A flow-based intrusion detection framework for internet of things networks |
| title_full | A flow-based intrusion detection framework for internet of things networks |
| title_fullStr | A flow-based intrusion detection framework for internet of things networks |
| title_full_unstemmed | A flow-based intrusion detection framework for internet of things networks |
| title_short | A flow-based intrusion detection framework for internet of things networks |
| title_sort | A flow-based intrusion detection framework for internet of things networks |
| topic | Internet of things Network monitoring Intrusion detection Network security Network attacks |
| topic_facet | Internet of things Network monitoring Intrusion detection Network security Network attacks |
| url | http://hdl.handle.net/10198/25293 |
| visible | 1 |