Publication detail

Security Monitoring of IoT Communication Using Flows

MATOUŠEK, P. RYŠAVÝ, O. GRÉGR, M.

Original Title

Security Monitoring of IoT Communication Using Flows

English Title

Security Monitoring of IoT Communication Using Flows

Type

conference paper

Language

en

Original Abstract

Network monitoring is an important part of network management that collects valuable metadata describing active communication protocols, network transmissions, bandwidth utilization, and the most communicating nodes. Traditional IP network monitoring techniques include the SNMP system, flow monitoring, or system logging. The environment of the Internet of Things (IoT) networks, however, shows that these approaches do not provide sufficient visibility of IoT communication which would allow network administrators to identify possible attacks on IoT nodes. The reason is obvious: IoT devices lack sufficient computational resources to fully implement monitoring agents, LAN IoT data communication is often directly over data link layers rather than IP, and IoT sensors produce an endless flow of small packets which can be difficult to process in real-time. To tackle these limitations we propose a new IoT monitoring model based on extended IPFIX records. The model employs a passive monitoring probe that observes IoT traffic and collects metadata from IoT protocols. Using extended IPFIX protocol, flow records with IoT metadata are sent to the collector where they are analyzed and used to provide a global view on the whole IoT network and its communication. We also present two statistical approaches that analyze IoT flows data in order to detect security incidents or malfunctioning of a device. The proof-of-concept implementation is demonstrated for Constrained Application Protocol (CoAP) traffic in the smart home environment.

English abstract

Network monitoring is an important part of network management that collects valuable metadata describing active communication protocols, network transmissions, bandwidth utilization, and the most communicating nodes. Traditional IP network monitoring techniques include the SNMP system, flow monitoring, or system logging. The environment of the Internet of Things (IoT) networks, however, shows that these approaches do not provide sufficient visibility of IoT communication which would allow network administrators to identify possible attacks on IoT nodes. The reason is obvious: IoT devices lack sufficient computational resources to fully implement monitoring agents, LAN IoT data communication is often directly over data link layers rather than IP, and IoT sensors produce an endless flow of small packets which can be difficult to process in real-time. To tackle these limitations we propose a new IoT monitoring model based on extended IPFIX records. The model employs a passive monitoring probe that observes IoT traffic and collects metadata from IoT protocols. Using extended IPFIX protocol, flow records with IoT metadata are sent to the collector where they are analyzed and used to provide a global view on the whole IoT network and its communication. We also present two statistical approaches that analyze IoT flows data in order to detect security incidents or malfunctioning of a device. The proof-of-concept implementation is demonstrated for Constrained Application Protocol (CoAP) traffic in the smart home environment.

Keywords

Internet of Things, security, monitoring, statistical anomaly detection, IPFIX, CoAP

Released

11.09.2019

Publisher

Association for Computing Machinery

Location

New York

ISBN

978-1-4503-7636-5

Book

Proceedings of the 6th Conference on the Engineering of Computer Based Systems

Edition

ECBS '19

Edition number

NEUVEDEN

Pages from

1

Pages to

9

Pages count

9

URL

Documents

BibTex


@inproceedings{BUT159987,
  author="Petr {Matoušek} and Ondřej {Ryšavý} and Matěj {Grégr}",
  title="Security Monitoring of IoT Communication Using Flows",
  annote="Network monitoring is an important part of network management that collects
valuable metadata describing active communication protocols, network
transmissions, bandwidth utilization, and the most communicating nodes.
Traditional IP network monitoring techniques include the SNMP system, flow
monitoring, or system logging. The environment of the Internet of Things (IoT)
networks, however, shows that these approaches do not provide sufficient
visibility of IoT communication which would allow network administrators to
identify possible attacks on IoT nodes. The reason is obvious: IoT devices lack
sufficient computational resources to fully implement monitoring agents, LAN IoT
data communication is often directly over data link layers rather than IP, and
IoT sensors produce an endless flow of small packets which can be difficult to
process in real-time. To tackle these limitations we propose a new IoT monitoring
model based on extended IPFIX records. The model employs a passive monitoring
probe that observes IoT traffic and collects metadata from IoT protocols. Using
extended IPFIX protocol, flow records with IoT metadata are sent to the collector
where they are analyzed and used to provide a global view on the whole IoT
network and its communication. We also present two statistical approaches that
analyze IoT flows data in order to detect security incidents or malfunctioning of
a device. The proof-of-concept implementation is demonstrated for Constrained
Application Protocol (CoAP) traffic in the smart home environment.",
  address="Association for Computing Machinery",
  booktitle="Proceedings of the 6th Conference on the Engineering of Computer Based Systems",
  chapter="159987",
  doi="10.1145/3352700.3352718",
  edition="ECBS '19",
  howpublished="online",
  institution="Association for Computing Machinery",
  year="2019",
  month="september",
  pages="1--9",
  publisher="Association for Computing Machinery",
  type="conference paper"
}