Security Monitoring of IoT Communication Using Flows

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F19%3APU134170" target="_blank" >RIV/00216305:26230/19:PU134170 - isvavai.cz</a>

Výsledek na webu

<a href="http://doi.acm.org/10.1145/3352700.3352718" target="_blank" >http://doi.acm.org/10.1145/3352700.3352718</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3352700.3352718" target="_blank" >10.1145/3352700.3352718</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Security Monitoring of IoT Communication Using Flows

Popis výsledku v původním jazyce

Network monitoring is an important part of network management that collects valuable metadata describing active communication protocols, network transmissions, bandwidth utilization, and the most communicating nodes. Traditional IP network monitoring techniques include the SNMP system, flow monitoring, or system logging. The environment of the Internet of Things (IoT) networks, however, shows that these approaches do not provide sufficient visibility of IoT communication which would allow network administrators to identify possible attacks on IoT nodes. The reason is obvious: IoT devices lack sufficient computational resources to fully implement monitoring agents, LAN IoT data communication is often directly over data link layers rather than IP, and IoT sensors produce an endless flow of small packets which can be difficult to process in real-time. To tackle these limitations we propose a new IoT monitoring model based on extended IPFIX records. The model employs a passive monitoring probe that observes IoT traffic and collects metadata from IoT protocols. Using extended IPFIX protocol, flow records with IoT metadata are sent to the collector where they are analyzed and used to provide a global view on the whole IoT network and its communication. We also present two statistical approaches that analyze IoT flows data in order to detect security incidents or malfunctioning of a device. The proof-of-concept implementation is demonstrated for Constrained Application Protocol (CoAP) traffic in the smart home environment.

Název v anglickém jazyce

Security Monitoring of IoT Communication Using Flows

Popis výsledku anglicky

Network monitoring is an important part of network management that collects valuable metadata describing active communication protocols, network transmissions, bandwidth utilization, and the most communicating nodes. Traditional IP network monitoring techniques include the SNMP system, flow monitoring, or system logging. The environment of the Internet of Things (IoT) networks, however, shows that these approaches do not provide sufficient visibility of IoT communication which would allow network administrators to identify possible attacks on IoT nodes. The reason is obvious: IoT devices lack sufficient computational resources to fully implement monitoring agents, LAN IoT data communication is often directly over data link layers rather than IP, and IoT sensors produce an endless flow of small packets which can be difficult to process in real-time. To tackle these limitations we propose a new IoT monitoring model based on extended IPFIX records. The model employs a passive monitoring probe that observes IoT traffic and collects metadata from IoT protocols. Using extended IPFIX protocol, flow records with IoT metadata are sent to the collector where they are analyzed and used to provide a global view on the whole IoT network and its communication. We also present two statistical approaches that analyze IoT flows data in order to detect security incidents or malfunctioning of a device. The proof-of-concept implementation is demonstrated for Constrained Application Protocol (CoAP) traffic in the smart home environment.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20206 - Computer hardware and architecture

Projekt

<a href="/cs/project/TF03000029" target="_blank" >TF03000029: Monitorování a digitální forenzní analýza prostředí IoT (IRONSTONE)</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2019

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 6th Conference on the Engineering of Computer Based Systems

ISBN

978-1-4503-7636-5

ISSN

—

e-ISSN

—

Počet stran výsledku

9

Strana od-do

1-9

Název nakladatele

Association for Computing Machinery

Místo vydání

New York

Místo konání akce

Bucharest

Datum konání akce

2. 9. 2019

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—