Loading [MathJax]/extensions/MathMenu.js
MAD-IoT: Memory Anomaly Detection for the Internet of Things | IEEE Conference Publication | IEEE Xplore

MAD-IoT: Memory Anomaly Detection for the Internet of Things


Abstract:

In the Internet of Things (IoT), applications hosted on resource-limited devices interact with the user and the physical world to provide digital connectivity and automat...Show More

Abstract:

In the Internet of Things (IoT), applications hosted on resource-limited devices interact with the user and the physical world to provide digital connectivity and automation to daily activities, and frequently provide a point of entry into networks. However, many IoT applications are vulnerable to cyber attacks that can put networks, data, and connected devices at risk. Integrity measurement is an active defense technique used to detect malicious modification of software at runtime. While its usefulness has been well-demonstrated, integrity measurement is application-dependent and requires domain knowledge of the targeted software. Currently, adding integrity measurement to a platform requires substantial human effort, and thus application has been limited to usage on widely-deployed software such as the Linux kernel. Due to the diversity of IoT, vendors are unlikely to devote a substantial amount of effort to add integrity measurement systems to their devices. In this paper we introduce MAD- IOT (Memory Anomaly Detection for the Internet of Things), an integrity measurement framework for IoT. In order to provide low-cost integrity measurement agents and software anomaly detection for IoT platforms, MAD-IOT uses a process called IMAGE: Integrity Measurement Agent GEneration. The IMAGE process uses machine learning to automatically generate integrity measurement agents for arbitrary IoT devices. We demonstrated MAD-IOT and IMAGE on a proof-of-concept testbed and evaluated its performance with supervised and unsupervised machine learning models. Our results indicate that IMAGE is highly effective in recognizing known forms of misbehavior on IoT app operations, and very promising in identifying zero-day attacks. Finally, MAD-IOT introduces minimal overhead, making it feasible to implement on systems with very limited resources.
Date of Conference: 09-13 December 2019
Date Added to IEEE Xplore: 05 March 2020
ISBN Information:
Conference Location: Waikoloa, HI, USA
JHU/APL 11100 Johns Hopkins Rd, Laurel, MD
Florida International University 10555 West Flagler St., Miami, FL
Dartmouth College 10 North Main Street, Hanover, NH
JHU/APL 11100 Johns Hopkins Rd, Laurel, MD
JHU/APL 11100 Johns Hopkins Rd, Laurel, MD

I. Introduction

The Internet of Things (IoT) connects resource-limited devices and applications that interact with the physical world to aid in automation of routine human activity. Previous research has demonstrated that the IoT is vulnerable to various software-based cyber attacks that can compromise the privacy of users and the integrity of critical services [1] [2] [3]. In this context, resource-limited IoT systems are especially vulnerable to attackers who exploit vulnerable software to inject malicious code or otherwise change the behavior of the IoT devices to their benefit [4] [5].

JHU/APL 11100 Johns Hopkins Rd, Laurel, MD
Florida International University 10555 West Flagler St., Miami, FL
Dartmouth College 10 North Main Street, Hanover, NH
JHU/APL 11100 Johns Hopkins Rd, Laurel, MD
JHU/APL 11100 Johns Hopkins Rd, Laurel, MD

Contact IEEE to Subscribe

References

References is not available for this document.