Security Monitoring of IoT Communication Using Flows
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F19%3APU134170" target="_blank" >RIV/00216305:26230/19:PU134170 - isvavai.cz</a>
Result on the web
<a href="http://doi.acm.org/10.1145/3352700.3352718" target="_blank" >http://doi.acm.org/10.1145/3352700.3352718</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1145/3352700.3352718" target="_blank" >10.1145/3352700.3352718</a>
Alternative languages
Result language
angličtina
Original language name
Security Monitoring of IoT Communication Using Flows
Original language description
Network monitoring is an important part of network management that collects valuable metadata describing active communication protocols, network transmissions, bandwidth utilization, and the most communicating nodes. Traditional IP network monitoring techniques include the SNMP system, flow monitoring, or system logging. The environment of the Internet of Things (IoT) networks, however, shows that these approaches do not provide sufficient visibility of IoT communication which would allow network administrators to identify possible attacks on IoT nodes. The reason is obvious: IoT devices lack sufficient computational resources to fully implement monitoring agents, LAN IoT data communication is often directly over data link layers rather than IP, and IoT sensors produce an endless flow of small packets which can be difficult to process in real-time. To tackle these limitations we propose a new IoT monitoring model based on extended IPFIX records. The model employs a passive monitoring probe that observes IoT traffic and collects metadata from IoT protocols. Using extended IPFIX protocol, flow records with IoT metadata are sent to the collector where they are analyzed and used to provide a global view on the whole IoT network and its communication. We also present two statistical approaches that analyze IoT flows data in order to detect security incidents or malfunctioning of a device. The proof-of-concept implementation is demonstrated for Constrained Application Protocol (CoAP) traffic in the smart home environment.
Czech name
—
Czech description
—
Classification
Type
D - Article in proceedings
CEP classification
—
OECD FORD branch
20206 - Computer hardware and architecture
Result continuities
Project
<a href="/en/project/TF03000029" target="_blank" >TF03000029: Internet of Things Monitoring and Forensics (IRONSTONE)</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Others
Publication year
2019
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Article name in the collection
Proceedings of the 6th Conference on the Engineering of Computer Based Systems
ISBN
978-1-4503-7636-5
ISSN
—
e-ISSN
—
Number of pages
9
Pages from-to
1-9
Publisher name
Association for Computing Machinery
Place of publication
New York
Event location
Bucharest
Event date
Sep 2, 2019
Type of event by nationality
WRD - Celosvětová akce
UT code for WoS article
—