Intrusion Detection in IoT
Edit
With the massive explosion in the deployment of Internet-of-Things (IoT) devices globally, the security of these devices has become a critical concern. IoT devices are resource-constrained by nature. This means conventional security practices tend to be impossible, or impractical, to implement on these devices. The majority of the work focusing on IoT devices in security only considers the network traffic to and from the device. By inspecting this data, it is possible to infer if a device is under attack or has been attacked. Much research has been conducted in the field of Intrusion Detection Systems (IDS) for IoT devices. These IDS can either be network-based (NIDS), which are usually located on the IoT gateway, or host-based (HIDS), which are implemented on the device itself.
IoT hardware security IoT side-channel power analysis attack signatures

1. Introduction

With the ever-evolving global attack surface, recent years have seen an explosion in the volume of cyberattacks. Reports show that 2020 saw a 358% increase in malware attacks compared to the previous year [1]. From 2020, cyberattacks continued to increase globally well into 2021 and, in the first half of 2022 alone, approximately 236.1 million ransomware attacks occurred across the globe.
The World Economic Forum (WEF) estimates that if all cybercrime was amalgamated under the same flag, this country would rank as the world’s third-largest economy. Cybercrime caused damages totalling USD eight trillion in 2022 alone [2]. There is no evidence that this acceleration in the growth of cyber-criminality will slow any time soon; in fact, the opposite is proving true.
As mentioned, approximately 236 million ransomware attacks occurred in the first half of 2022 alone. Ransomware [3], a type of malware which encrypts a victim’s hard-drive and holds it for ‘ransom’ unless demands are met, is a seemingly new menace plaguing the headlines. However, ransomware has been a threat for quite a long time. In May 2017, the WannaCry [4] ransomware first made international headlines. WannaCry was unique for its colossal impact. The WannaCry attack infected over 300,000 computers spanning 150 countries, with total damages estimated to be billions of USD [5]. The most destructive threat that WannaCry ushered in was not the prospect of significant ransom demands but rather a new cyber-terrorism trend: to hold hospitals, schools and universities to ransom, with little care if the victims pay the ransom or not. The primary goal of this attack is to cause massive disruption to critical-infrastructure.
In fact, for the year 2023, the Cybersecurity and Infrastructure Security Agency (CISA) revealed that their priority sectors are “water, hospitals and K-12” (K-12 being kindergarten to 12th grade in the United States). These sectors are resource-poor with massive attack surfaces and are heavily targeted by ransomware [6]. In 2022 Emsisoft, a cybersecurity vendor, recorded at least 25 ransomware attacks on “hospitals and multi-hospital health systems”, affecting approximately 290 hospitals across the US [7]. In 2021, almost 1 million students countrywide were negatively affected by 67 ransomware attacks against K-12 schools. The estimated cost due to the downtime was USD 3.5 billion [8].
However, this epidemic affecting the health and education sectors is not confined to the United States. Ireland has become a victim of large-scale attacks on these sectors recently. In May 2021, the Irish Health Service Executive (HSE) fell victim to a massive ransomware attack [9]. This attack was the most significant cyber attack on an Irish state agency in history and caused mass disruption to the health service.
The education sector in Ireland has, like the US, seen many attacks in recent years. Third-level institutions, such as the National University of Ireland (NUI) Galway [10], National College of Ireland (NCI) Dublin [11], and Technological University Dublin (TU Dublin) [12], have fallen victim to ransomware attacks which have greatly affected the availability of systems, leading to the temporary closure of education facilities. The most recent of these attacks was a ransomware attack, which led to the closure of Munster Technological University (MTU) for approximately one week [13].
Ransomware is not the only concern in the security field currently. With the massive explosion in the installation of Internet-of-Things (IoT) devices worldwide, the global attack surface continues to grow significantly. This growth in popularity is thanks to the innate ability of this technology to enable communication between (smart) edge devices and the Internet, thus improving the quality of human life [14] or optimising industrial processes. A forecast made by the International Data Corporation (IDC) projects that there will be 55.7 billion IoT devices by 2025 [15]. With such a large deployment, attacks on the IoT have the potential to cause mass disruption, exposing every sector equally to ransomware. Growing concerns regarding IoT security may stop many from adopting this technology. These concerns mainly affect financial technology, healthcare, industry, transportation and education, which have already begun IoT adoption [16].
In September 2017, one of the the largest ever recorded Distributed Denial of Service (DDOS) attacks was performed using the Mirai botnet [17]. This malware is estimated to have infected over 380,000 IoT devices, such as home routers, to create a massive botnet. This botnet was used to target victims with unprecedented levels of traffic. Brian Krebs’ website, krebsonsecurity.com, was hit with traffic of 620 gigabits per second (Gbps), one of the largest on record. Later that month, the botnet was used to target the French web host OVH in an attack which shattered all previous records with an estimated 1.1–1.5 terabits per second (Tbps) of traffic [17]. If only 380,000 devices can cause such disruption, with a max pool of possibly 55.7 billion by 2025, attacks like this will most likely become more prevalent in the future.
Another notable attack involving IoT devices was the attack on the Ukrainian power grid in 2015. While much of this attack targeted traditional computing, one central aspect of this coordinated attack was targeting breakers, Serial-to-Ethernet devices, and critical servers’ Uninterruptible Power Supplies (UPSs). These can all be considered attacks on IoT. This cyber attack on Ukraine was considered one of the first in history with a quantifiable loss of human life. Over 225,000 customers were left without power, including hospitals providing critical care [18].
Aside from these massive national-infrastructure-level attacks, IoT devices have been the victim of other impactful attacks. In 2017, the US Food and Drug Administration (FDA) announced they had uncovered a massive vulnerability in pacemakers manufactured by St. Jude Medical. These pacemakers could communicate with external services after installation in the patient. Once the attackers could access this communications channel, they would have the ability to deplete the battery, change the functionality and reportedly have the potential to subject the patient to fatal shocks [19].

2. Intrusion Detection in IoT

With the massive explosion in the deployment of IoT devices globally, the security of these devices has become a critical concern. IoT devices are resource-constrained by nature. This means conventional security practices tend to be impossible, or impractical, to implement on these devices.
The majority of the work focusing on IoT devices in security only considers the network traffic to and from the device. By inspecting this data, it is possible to infer if a device is under attack or has been attacked. Much research has been conducted in the field of Intrusion Detection Systems (IDS) for IoT devices. These IDS can either be network-based (NIDS), which are usually located on the IoT gateway, or host-based (HIDS), which are implemented on the device itself.
To combat the limited security most IoT devices offer, Passban was created [20]. Passban is an intelligent IDS which can protect IoT devices to which it is directly connected. Passban is a lightweight solution which can be deployed on cheap, resource-constrained IoT gateways as a HIDS. Trained on the normal behaviour of a device, Passban can detect a wide range of malicious traffic such as brute-force, SYN flood and port-scanning attacks. Passban was designed with scalability in mind, meaning this framework can dynamically scale to new threat definitions without requiring hardware upgrades.
In [21], a deep recurrent-neural-network-based IDS for fog security is developed. Fog computing extends cloud services nearer to IoT devices. It acts as a medium between traditional cloud computing and edge devices, such as the IoT. The proposed framework, implemented in the fog-computations layer, comprises a traffic processing engine and a classification engine consisting of a recurrent artificial neural network (ANN). The proposed framework is trained and evaluated using a balanced version of the NSL-KDD [22] dataset and shows high accuracies of 98.27% against denial-of-service attacks, one of the more pervasive attacks against IoT devices.
In [23], a convolutional-neural-network (CNN)-based anomaly-detection IDS framework for IoT is proposed. This framework takes advantage of the strengths of IoT devices and can examine traffic across the broad scope of the IoT. The proposed model can detect a wide range of intrusions and anomalous traffic behaviour and was trained on the Bot-IoT [24] and NID [25] datasets, achieving high accuracies of 92.85% and 99.51%, respectively. The work also presents a framework to incorporate IDS as a program within IoT networks and a strategy to preserve the integrity of IoT networks while seamlessly maintaining availability for legitimate users.
In a previous work, scholars introduced HH-NIDS [26]—a Heterogeneous Hardware-Based Network IDS framework for IoT security. Using hardware accelerators, HH-NIDS implements anomaly-based IDS approaches for IoT devices. Supervised-learning methodologies on the IoT-23 [27] and UNSW-NB15 [28] datasets were trained to generate lightweight ANN models for anomaly detection, achieving high accuracies of 99.66% and 98.57% for these datasets, respectively. These models were evaluated from a performance and resource-usage perspective on the CPU, GPU and FPGA and implemented on the MAXIM 78000 microcontroller.
A common theme amongst these works is that they focus on the network traffic of the IoT device to detect malicious activity. One key security area that has been largely overlooked is the use of power data. The side-channel power data of a device is a fundamental primary source of data which every device, regardless of computing resources, has. The following works focus more on using power data in security.
Earlier works proposed the use of side-channel power data as an attack on the device itself. Work by Kocher et al. [29], presented in 1999, examines specific methods for analysing power consumption measurements to uncover secret keys from tamper-resistant devices. These methods, dubbed “Simple Power Analysis” and “Differential Power Analysis”, broke DES encryption, thereby allowing attackers to discern private keys. They also discuss approaches for building cryptosystems which securely operate in insecure hardware that leaks information.
Instead of using the side-channel power data as an attack, other works have been completed which monitor the device power data to detect intrusions. These works are very scarce, however. Some notable examples are listed below.
WattsUpDoc [30] utilises the side-channel power consumption of medical devices to allow for run-time malware detection. During experimentation, WattsUpDoc performed with an accuracy of 94%, when presented with previously known malware examples, and 85% accuracy regarding unseen malware examples on multiple embedded devices. This framework’s non-intrusive methodology, which monitors the side-channel power data from the device, allows for the detection of malware with no software, hardware or network modification requirements of the existing system in place.
DeepPower [31] is another approach which detects malware on IoT devices by analysing their non-intrusive side-channel power signals. This framework utilises deep learning to detect anomalies in the power data. DeepPower initially filters the raw side-channel power data to find suspect power traces. A fine-grained analysis is then performed on these traces to determine which activities they correspond to on the device. The DeepPower framework can detect malicious activity with high accuracy while maintaining a non-intrusive nature, meaning no modifications need to be made to the monitored devices.
In a departure from the theme of IoT devices, the work presented in “Catch Me if You Can” [32] demonstrates how the side-channel power data obtained from High-Powered Computing Platforms (HPCs) can be used to determine what programs are running on a machine and, thus, if any un-authorised programs are running. Using a variety of scientific benchmarks, the proposed framework was tested on an HPC rack at Lawrence Berkeley National Laboratory. This framework can detect if specific programs are running with a recall of up to 95% and a precision of 97%. The work is essential, as it illustrates that using side-channel power data is not simply confined to the IoT field but applies to the entire security sector.

References

  1. Griffiths, C. The Latest 2023 Cyber Crime Statistics (Updated March 2023). Available online: https://aag-it.com/the-latest-cyber-crime-statistics/ (accessed on 6 April 2023).
  2. Forum, W.E. Partnership against Cybercrime, Insight Report 2020. Available online: https://www.weforum.org/reports/partnership-against-cybercrime/ (accessed on 6 April 2023).
  3. Cybersecurity Infrastructure Security Agency. Stop Ransomware|CISA. Available online: https://www.cisa.gov/stopransomware/ (accessed on 6 April 2023).
  4. National Cybersecurity and Communications Integration Center. What Is Wannacry/Wanacrypt0r? Available online: https://www.cisa.gov/sites/default/files/FactSheets/NCCICICS_FactSheet_WannaCry_Ransomware_S508C.pdf (accessed on 6 April 2023).
  5. Chappell, B.; Neuman, S. U.S. Says North Korea ’Directly Responsible’ For WannaCry Ransomware Attack. Available online: https://www.npr.org/sections/thetwo-way/2017/12/19/571854614/u-s-says-north-korea-directly-responsible-for-wannacry-ransomware-attack (accessed on 6 April 2023).
  6. Kapko, M. CISA’s Priority Sectors for 2023: Water, Hospitals, K-12. Available online: https://www.cybersecuritydive.com/news/CISA-water-schools-healthcare/634657/ (accessed on 6 April 2023).
  7. Zacharakos, A. No Relief in Sight for Ransomware Attacks on Hospitals. Available online: https://www.techtarget.com/searchsecurity/feature/No-relief-in-sight-for-ransomware-attacks-on-hospitals (accessed on 6 April 2023).
  8. Fowler, B. Ransomware Cost US Schools 3.56 Billion in 2021, Study Says. Available online: https://www.cnet.com/tech/services-and-software/ransomware-cost-us-schools-3-56-billion-in-2021-study-says/ (accessed on 6 April 2023).
  9. National Cyber Security Centre. Ransomware Attack on Health Sector—UPDATE 2021-05-16. Available online: https://www.ncsc.gov.ie/pdfs/HSE_Conti_140521_UPDATE.pdf (accessed on 6 April 2023).
  10. McGrath, P. NUIG IT Systems Remain Offline after Attempted Cyber Attack. Available online: https://www.rte.ie/news/2021/0930/1249912-nuig-cyber-attack/ (accessed on 6 April 2023).
  11. Dwyer, O. IT Services Remain Disrupted at Two Colleges after Ransomware Attacks. Available online: https://www.thejournal.ie/tu-dublin-ransomware-attack-ongoing-5403034-Apr2021/ (accessed on 6 April 2023).
  12. Daly, A. TU Dublin’s Tallaght Campus Investigating ’Significant’ Ransomware Attack. Available online: https://www.thejournal.ie/tu-dublin-ransomware-attack-5401763-Apr2021/ (accessed on 6 April 2023).
  13. Munster Technological University. MTU Cyber Attack Update. Available online: https://www.mtu.ie/cyber-attack/ (accessed on 6 April 2023).
  14. Kumar, S.; Tiwari, P.; Zymbler, M. Internet of Things is a revolutionary approach for future technology enhancement: A review. J. Big Data 2019, 6.
  15. International Data Corporation. Future of Industry Ecosystems: Shared Data and Insights. Available online: https://blogs.idc.com/2021/01/06/future-of-industry-ecosystems-shared-data-and-insights/ (accessed on 6 April 2023).
  16. Sagu, A.; Gill, N.S.; Gulia, P.; Singh, P.K.; Hong, W.C. Design of Metaheuristic Optimization Algorithms for Deep Learning Model for Secure IoT Environment. Sustainability 2023, 15, 2204.
  17. Cybersecurity Infrastructure Security Agency. Heightened DDoS Threat Posed by Mirai and Other Botnets. Available online: https://www.cisa.gov/news-events/alerts/2016/10/14/heightened-ddos-threat-posed-mirai-and-other-botnets (accessed on 6 April 2023).
  18. Cybersecurity Infrastructure Security Agency. Cyber-Attack Against Ukrainian Critical Infrastructure. Available online: https://www.cisa.gov/news-events/ics-alerts/ir-alert-h-16-056-01 (accessed on 6 April 2023).
  19. Kilpatrick, H. 5 Infamous Iot Hacks and Vulnerabilities. Available online: https://www.iotsworldcongress.com/5-infamous-iot-hacks-and-vulnerabilities/ (accessed on 6 April 2023).
  20. Eskandari, M.; Janjua, Z.H.; Vecchio, M.; Antonelli, F. Passban IDS: An Intelligent Anomaly-Based Intrusion Detection System for IoT Edge Devices. IEEE Internet Things J. 2020, 7, 6882–6897.
  21. Almiani, M.; AbuGhazleh, A.; Al-Rahayfeh, A.; Atiewi, S.; Razaque, A. Deep recurrent neural network for IoT intrusion detection system. Simul. Model. Pract. Theory 2020, 101, 102031, Modeling and Simulation of Fog Computing.
  22. Tavallaee, M.; Bagheri, E.; Lu, W.; Ghorbani, A.A. A detailed analysis of the KDD CUP 99 data set. In Proceedings of the 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, ON, Canada, 8–10 July 2009; pp. 1–6.
  23. Saba, T.; Rehman, A.; Sadad, T.; Kolivand, H.; Bahaj, S.A. Anomaly-based intrusion detection system for IoT networks through deep learning model. Comput. Electr. Eng. 2022, 99, 107810.
  24. Koroniotis, N.; Moustafa, N.; Sitnikova, E.; Turnbull, B. Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset. Future Gener. Comput. Syst. 2019, 100, 779–796.
  25. Bhosale, S. Network Intrusion Detection. Available online: https://www.kaggle.com/datasets/sampadab17/network-intrusion-detection (accessed on 9 May 2023).
  26. Ngo, D.M.; Lightbody, D.; Temko, A.; Pham-Quoc, C.; Tran, N.T.; Murphy, C.C.; Popovici, E. HH-NIDS: Heterogeneous Hardware-Based Network Intrusion Detection Framework for IoT Security. Future Internet 2023, 15, 9.
  27. Parmisano, A.; Garcia, S.; Erquiaga, M.J. A Labeled Dataset with Malicious and Benign Iot Network Traffic; Stratosphere Laboratory: Praha, Czech Republic, 2020.
  28. Moustafa, N.; Slay, J. UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In Proceedings of the 2015 Military Communications and Information Systems Conference (MilCIS), Canberra, Australia, 10–12 November 2015; pp. 1–6.
  29. Kocher, P.; Jaffe, J.; Jun, B. Differential power analysis. In Proceedings of the Advances in Cryptology—CRYPTO’99: 19th Annual International Cryptology Conference, Santa Barbara, CA, USA, 15–19 August 1999; Springer: Berlin/Heidelberg, Germany, 1999; pp. 388–397.
  30. Clark, S.S.; Ransford, B.; Rahmati, A.; Guineau, S.; Sorber, J.; Xu, W.; Fu, K. WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices. In Proceedings of the 2013 USENIX Workshop on Health Information Technologies (HealthTech 13), Washington, DC, USA, 12 August 2013; USENIX Association: Washington, DC, USA, 2013.
  31. Ding, F.; Li, H.; Luo, F.; Hu, H.; Cheng, L.; Xiao, H.; Ge, R. DeepPower: Non-Intrusive and Deep Learning-Based Detection of IoT Malware Using Power Side Channels. In Proceedings of the Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS ’20, Taipei, Taiwan, 5–9 October 2020; Association for Computing Machinery: New York, NY, USA, 2020; pp. 33–46.
  32. Copos, B.; Peisert, S. Catch Me If You Can: Using Power Analysis to Identify HPC Activity. arXiv 2020, arXiv:2005.03135.
More
Related Content
This study evaluates the current scope of smart technology applications that support aging in place and identifies potential avenues for future research. The global demographic shift towards an aging population has intensified interest in technologies that enable older adults to maintain independence and quality of life within their homes. We conducted a systematic review of the scientific literature from Web of Science, PubMed, and ProQuest, identifying 44 smart technologies across 32 publications. These technologies were classified into three categories: nonmobile technologies for individual monitoring, nonmobile technologies for home environment monitoring, and wearable technologies for health and activity tracking. Notably, the research in this area has grown significantly since 2018; yet, notable gaps persist, particularly within the traditional disciplines related to aging and in the use of quantitative methodologies. This emerging field presents substantial opportunities for interdisciplinary research and methodological advancement, highlighting the need for well-developed research strategies to support the effective integration of smart technology in aging in place.
Keywords: smart technologies; healthy; application; aging in place; review
Non-destructive testing (NDT) is essential for evaluating the integrity and safety of structures without causing damage. The integration of artificial intelligence (AI) into traditional NDT methods can revolutionize the field by automating data analysis, enhancing defect detection accuracy, enabling predictive maintenance, and facilitating data-driven decision-making. This entry provides a comprehensive overview of AI-enhanced NDT, detailing AI models and their applications in techniques like ultrasonic testing and ground-penetrating radar. Case studies demonstrate that AI can improve defect detection accuracy and reduce inspection times. Challenges related to data quality, ethical considerations, and regulatory standards were discussed as well. By summarizing established knowledge and highlighting advancements, this entry serves as a valuable reference for engineers and researchers, contributing to the development of safer and more efficient infrastructure management practices. 
Keywords: artificial intelligence; non-destructive testing; predictive maintenance; infrastructure evaluation; civil engineering; structural health monitoring; machine learning
This research investigates the transformative potential of advanced artificial intelligence (AI) algorithms in fortifying the cybersecurity resilience of Cameroon’s military communication networks amidst increasingly sophisticated cyber threats. Utilizing a mixed-methods approach, the study integrates rigorous quantitative analysis of AI efficacy with qualitative insights gathered from military personnel and cybersecurity experts. The findings reveal that the deployment of machine learning and anomaly detection algorithms significantly improves threat detection rates and accelerates incident response times, thereby enhancing overall operational security. Furthermore, this research proposes a comprehensive framework for AI integration that emphasizes the importance of contextual adaptation to local challenges, the establishment of strategic partnerships with technology firms, and the incorporation of robust ethical guidelines to ensure responsible AI use. By addressing these critical areas, the framework aims to not only strengthen national security but also position Cameroon as a regional leader in cybersecurity innovation. This research contributes to the growing discourse on the necessity of advanced technological solutions in military operations, advocating for a proactive and adaptive cybersecurity posture that is essential for safeguarding national interests in an increasingly digital and interconnected world.
Keywords: Artificial Intelligence (AI),; Cybersecurity; Military Communication Networks; Machine Learning; Anomaly Detection; Cameroon National Security
This—is the most influential thesis of the 20th century. But did you know? Its author was just 21 years old! Today, he’s known as the "Father of Information Theory." Meet Claude Shannon. Shannon revolutionized computing by applying Boolean algebra to electrical circuits, enabling them to process information using binary digits—1s and 0s. His groundbreaking 1937 thesis laid the foundation for digital computing and earned him lasting acclaim. During World War II, Shannon contributed to cryptography for the U.S. government, shaping the future of digital security. In 1943, he met Alan Turing at Bell Labs, sparking a legendary exchange of ideas. In 1948, Shannon published A Mathematical Theory of Communication, introducing the concept of information and the "bit"—the basic unit of data. His work transformed telecommunications, computing, and encryption, laying the groundwork for the digital age. From the internet to smartphones, today’s technology owes much to Shannon's visionary ideas.
Keywords: Claude Shannon; binary digits; A Mathematical Theory of Communication; bit
Coverage2 Image
a graph represent the single cell coverage. Source: http://openi.nlm.nih.gov/detailedresult.php?img=3549815_1471-2164-14-S1-S7-1&req=4.
Keywords: bacteria; Escherichia coli (E. coli)
Information
Contributors MDPI registered users' name will be linked to their SciProfiles pages. To register with us, please refer to https://encyclopedia.pub/register : , , , ,
View Times: 368
Revisions: 2 times (View History)
Update Date: 05 Jun 2023
Video Production Service