Anomaly_Detection
Detection of Anomalous Group Communication Behaviors in IoT Networks
Introduction:
IoT networks face nowadays multiple threats that are able to bypass traditional security mechanisms or exploit the IoT inherent vulnerable systems. The attacks vectors may use rogue devices that interact with licit devices, and/or may compromise directly licit devices with rogue software. Upon an IoT network being compromised these rogue hardware/software agents may remain dormant or with very low activity learning the licit services and licit nodes behaviors. to mimic them in the future to perform attacks against the overall network or services.
The detection of these stealth entities requires constant monitoring of nodes and network activities. However, the heterogeneity, distributed nature, and confidentiality and legal constrains of an IoT network impose a obstacle to traditional network monitoring and thereat detection techniques.
The detection of anomalous devices in an IoT network must rely only on monitoring and analysis of the IoT devices communications at the physical level. The creation of group behavioral profiles at the level of the radio channels if fundamental to detect outlier behaviors caused by rogue devices. These anomalous behaviors must be detected using methodologies that jointly use statistical and machinelearning techniques. These monitoring and analysis methodologies must consider the highly complex and noisy environment that is the radio spectrum where most IoT networks operate.
Objectives:
This article topic proposes the development of an integrated set of methodologies to acquire IoT communication data at the physical level, create group behavior profiles, and detect the presence of rogue entities within the IoT network. The developed methodologies should be able to handle any threat at 0- day, even without previous knowledge of its characteristics, targets or behaviors.
Tasks:
- Study of existing IoT network threats and common attack vectors.
- Development of a distributed network monitoring platform to acquire data.
- Development of group behavioral profiles.
- Development of methodologies to detect outlier behaviors.
- Integration and test of the developed methodologies.