Published July 18, 2023
| Version v1
Publication
Smart home anomaly-based IDS: architecture proposal and case study
Contributors
Others:
- Universidad de Sevilla. Departamento de Ingeniería Telemática
- Universidad de Sevilla. TIC154: Departamento de Ingeniería Telemática
- Ministerio de Ciencia e Innovación (MICIN). España
- Agencia Estatal de Investigación. España
- Fondo Europeo de Desarrollo Regional (FEDER)
- Consejería de Transformación Económica, Industria, Conocimiento y Universidades. Junta de Andalucía
Description
The complexity and diversity of the technologies involved in the Internet of Things (IoT)
challenge the generalization of security solutions based on anomaly detection, which should
fit the particularities of each context and deployment and allow for performance comparison.
In this work, we provide a flexible architecture based on building blocks suited for detecting
anomalies in the network traffic and the application-layer data exchanged by IoT devices in
the context of Smart Home. Following this architecture, we have defined a particular Intrusion
Detector System (IDS) for a case study that uses a public dataset with the electrical consumption
of 21 home devices over one year. In particular, we have defined ten Indicators of Compromise
(IoC) to detect network attacks and two anomaly detectors to detect false command or data
injection attacks. We have also included a signature-based IDS (Snort) to extend the detection
range to known attacks. We have reproduced eight network attacks (e.g., DoS, scanning) and
four False Command or Data Injection attacks to test our IDS performance. The results show that
all attacks were successfully detected by our IoCs and anomaly detectors with a false positive
rate lower than 0.3%. Signature detection was able to detect only 4 out of 12 attacks. Our
architecture and the IDS developed can be a reference for developing future IDS suited to
different contexts or use cases. Given that we use a public dataset, our contribution can also
serve as a baseline for comparison with new techniques that improve detection performance.
Abstract
This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).Additional details
Identifiers
- URL
- https://idus.us.es/handle//11441/148055
- URN
- urn:oai:idus.us.es:11441/148055