DÏoT: A Federated Self-learning Anomaly Detection System for IoT
IoT devices are increasingly deployed in daily life. Many of these devices are, however, vulnerable due to insecure design, implementation, and configuration. As a result, many networks already have vulnerable IoT devices that are easy to compromise. This has led to a new category of malware specifi...
Uložené v:
| Vydané v: | Proceedings of the International Conference on Distributed Computing Systems s. 756 - 767 |
|---|---|
| Hlavní autori: | , , , , , |
| Médium: | Konferenčný príspevok.. |
| Jazyk: | English |
| Vydavateľské údaje: |
IEEE
01.07.2019
|
| Predmet: | |
| ISSN: | 2575-8411 |
| On-line prístup: | Získať plný text |
| Tagy: |
Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
|
| Abstract | IoT devices are increasingly deployed in daily life. Many of these devices are, however, vulnerable due to insecure design, implementation, and configuration. As a result, many networks already have vulnerable IoT devices that are easy to compromise. This has led to a new category of malware specifically targeting IoT devices. However, existing intrusion detection techniques are not effective in detecting compromised IoT devices given the massive scale of the problem in terms of the number of different types of devices and manufacturers involved. In this paper, we present DÏoT, an autonomous self-learning distributed system for detecting compromised IoT devices. DÏoT builds effectively on device-type-specific communication profiles without human intervention nor labeled data that are subsequently used to detect anomalous deviations in devices' communication behavior, potentially caused by malicious adversaries. DÏoT utilizes a federated learning approach for aggregating behavior profiles efficiently. To the best of our knowledge, it is the first system to employ a federated learning approach to anomaly-detection-based intrusion detection. Consequently, DÏoT can cope with emerging new and unknown attacks. We systematically and extensively evaluated more than 30 off-the-shelf IoT devices over a long term and show that DÏoT is highly effective (95.6% detection rate) and fast (257 ms) at detecting devices compromised by, for instance, the infamous Mirai malware. DÏoT reported no false alarms when evaluated in a real-world smart home deployment setting. |
|---|---|
| AbstractList | IoT devices are increasingly deployed in daily life. Many of these devices are, however, vulnerable due to insecure design, implementation, and configuration. As a result, many networks already have vulnerable IoT devices that are easy to compromise. This has led to a new category of malware specifically targeting IoT devices. However, existing intrusion detection techniques are not effective in detecting compromised IoT devices given the massive scale of the problem in terms of the number of different types of devices and manufacturers involved. In this paper, we present DÏoT, an autonomous self-learning distributed system for detecting compromised IoT devices. DÏoT builds effectively on device-type-specific communication profiles without human intervention nor labeled data that are subsequently used to detect anomalous deviations in devices' communication behavior, potentially caused by malicious adversaries. DÏoT utilizes a federated learning approach for aggregating behavior profiles efficiently. To the best of our knowledge, it is the first system to employ a federated learning approach to anomaly-detection-based intrusion detection. Consequently, DÏoT can cope with emerging new and unknown attacks. We systematically and extensively evaluated more than 30 off-the-shelf IoT devices over a long term and show that DÏoT is highly effective (95.6% detection rate) and fast (257 ms) at detecting devices compromised by, for instance, the infamous Mirai malware. DÏoT reported no false alarms when evaluated in a real-world smart home deployment setting. |
| Author | Marchal, Samuel Nguyen, Thien Duc Miettinen, Markus Sadeghi, Ahmad-Reza Asokan, N. Fereidooni, Hossein |
| Author_xml | – sequence: 1 givenname: Thien Duc surname: Nguyen fullname: Nguyen, Thien Duc organization: Technische Universität Darmstadt, Germany – sequence: 2 givenname: Samuel surname: Marchal fullname: Marchal, Samuel organization: Aalto University, Finland – sequence: 3 givenname: Markus surname: Miettinen fullname: Miettinen, Markus organization: Technische Universität Darmstadt, Germany – sequence: 4 givenname: Hossein surname: Fereidooni fullname: Fereidooni, Hossein organization: Technische Universität Darmstadt, Germany – sequence: 5 givenname: N. surname: Asokan fullname: Asokan, N. organization: Aalto University, Finland – sequence: 6 givenname: Ahmad-Reza surname: Sadeghi fullname: Sadeghi, Ahmad-Reza organization: Technische Universität Darmstadt, Germany |
| BookMark | eNotzE1OhEAQQOHWaOLMOHsTN30BsKqh6Wp3BGaUZBIX4HrSQrXB8GOADafwUF5ME129zZe3FVfDOLAQdwghItiHIsuzMlSANgQAgguxt4bQKEKl0cKl2ChtdEAx4o3YzvPHL9OURBuR5t9fY_UoU3nkhie3cCNL7nzQsZuGdniX6TD2rltlzgvXSzsOslznhXvpx0kWY3Urrr3rZt7_dydej4cqew5OL09Flp6CVkG0BL4Gazk2dWTZJhpdgtZrUkC1ewN01CQeSSvVWDaNJ9LMCFhjbDUbaqKduP_7tsx8_pza3k3rmYhiAhX9AEqvSmI |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/ICDCS.2019.00080 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE/IET Electronic Library url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 9781728125190 1728125197 |
| EISSN | 2575-8411 |
| EndPage | 767 |
| ExternalDocumentID | 8884802 |
| Genre | orig-research |
| GroupedDBID | 23M 29G 29P 6IE 6IF 6IH 6IK 6IL 6IM 6IN AAJGR AAWTH ABLEC ACGFS ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IJVOP IPLJI M43 OCL RIE RIL RIO RNS |
| ID | FETCH-LOGICAL-i203t-fc099e47c39e9651a619f58208cab01a8d6f18522d9e7df885ee101c1495e78d3 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 452 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000565234200071&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Aug 27 02:40:42 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i203t-fc099e47c39e9651a619f58208cab01a8d6f18522d9e7df885ee101c1495e78d3 |
| PageCount | 12 |
| ParticipantIDs | ieee_primary_8884802 |
| PublicationCentury | 2000 |
| PublicationDate | 2019-Jul |
| PublicationDateYYYYMMDD | 2019-07-01 |
| PublicationDate_xml | – month: 07 year: 2019 text: 2019-Jul |
| PublicationDecade | 2010 |
| PublicationTitle | Proceedings of the International Conference on Distributed Computing Systems |
| PublicationTitleAbbrev | ICDSC |
| PublicationYear | 2019 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0005863 |
| Score | 2.6153903 |
| Snippet | IoT devices are increasingly deployed in daily life. Many of these devices are, however, vulnerable due to insecure design, implementation, and configuration.... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 756 |
| SubjectTerms | Anomaly detection Data models federated deep learning Internet of Things IoT malware IoT security Logic gates Malware Monitoring Security self-learning |
| Title | DÏoT: A Federated Self-learning Anomaly Detection System for IoT |
| URI | https://ieeexplore.ieee.org/document/8884802 |
| WOSCitedRecordID | wos000565234200071&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV27TsMwFLVKxcDEo0W85YER0yROYputaqnoUlVqkbpVjn2NKpUElRSJr-Cj-DFsJ20ZWNhsL5auZd177HPPQehW25yodCaJhIyTWEBKBI3tNA1oZCB0XknebIKNRnw2E-MGutv2wgCAJ5_BvRv6v3xdqLV7KutYtBZzpxy5xxirerV2dA6e0s03ZCA6w16_N3HMLSdH6UUff5mn-NwxOPzfrkeovWvCw-NtejlGDchP0OHGhQHXl7KFuv3vr2L6gLt44IQhbO2o8QSWhtSGEC_YQvxXufzEfSg98SrHlU45tgUrHhbTNnoePE57T6Q2RiCLKKAlMcrWdRAzRQWINAmlRUEmsbmcK5kFoeQ6Na4pOtICmDacJwD26imHhoBxTU9RMy9yOENYsVhDFEQqMxZYxDJTKkwyroUJqU4YPUctF5H5W6V9Ma-DcfH38iU6cCGv6KxXqFmu1nCN9tVHuXhf3fgD-wGLQZd5 |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PT8IwFG4ImugJFYy_7cGjk23tttYbGRKISEiYCTeyta-GBDeDw8S_wj_Kf8x2G-DBi7e2lyavad772u99H0I3UudEIZPYiiFhFuXgW5xQPfVt4ipwjFdSYTYRjEZsOuXjGrrd9MIAQEE-gzszLP7yZSZW5qmsrdEaZUY5csej1HXKbq0toYP5ZP0RafP2IOyGE8PdMoKUhezjL_uUInv0Gv_b9wC1tm14eLxJMIeoBukRaqx9GHB1LZuo0_3-yqJ73ME9Iw2hq0eJJ7BQVmUJ8YI1yH-NF5-4C3lBvUpxqVSOdcmKB1nUQs-9hyjsW5U1gjV3bZJbSujKDmggCAfue06scZDydDZnIk5sJ2bSV6Yt2pUcAqkY8wD05RMGD0HAJDlG9TRL4QRhEVAJru2KRGloQeNECMdLmOTKIdILyClqmojM3kr1i1kVjLO_l6_RXj96Gs6Gg9HjOdo34S_JrReoni9XcIl2xUc-f19eFYf3A50KmsA |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+of+the+International+Conference+on+Distributed+Computing+Systems&rft.atitle=D%C3%8FoT%3A+A+Federated+Self-learning+Anomaly+Detection+System+for+IoT&rft.au=Nguyen%2C+Thien+Duc&rft.au=Marchal%2C+Samuel&rft.au=Miettinen%2C+Markus&rft.au=Fereidooni%2C+Hossein&rft.date=2019-07-01&rft.pub=IEEE&rft.eissn=2575-8411&rft.spage=756&rft.epage=767&rft_id=info:doi/10.1109%2FICDCS.2019.00080&rft.externalDocID=8884802 |