Two-tier anomaly detection based on traffic profiling of the home automation system
Mariusz Gajewski , Jordi Mongay Batalla , Albert Levi , Cengiz Togay , Constandinos X. Mavromoustakis , George Mastorakis
AbstractSmart building equipment and automation systems often become a target of attacks and are used for attacking other targets located out of the Home Area Network. Attacks are often related to changes in traffic volume, disturbed packet flow or excessive energy consumption. Their symptoms can be recognized and interpreted locally, using software agent at Home Gateway. Although anomalies are detected locally at the Home Gateway, they can be exploited globally. Thus, it is significantly important to detect global attack attempts through anomalies correlation. Our proposal in this paper is the involvement of the Network Operator in Home Area Network security. Our paper describes a novel strategy for anomaly detection that consists of shared responsibilities between user and network provider. The proposed two-tier Intrusion Detection System uses a machine learning method for classifying the monitoring records and searching suspicious anomalies across the network at the service provider's data center. Result show that local anomaly detection combined with anomaly correlation at the service providers level can provide reliable information on the most frequent IoT devices misbehavior which may be caused by infection.
|Journal series||Computer Networks, [Computer Networks and ISDN Systems], ISSN 1389-1286, (N/A 100 pkt)|
|Publication size in sheets||0.7|
|Keywords in English||Home gateway, Wireless sensor networks, Smart home, Anomaly detection, Internet of Things|
|Score||= 100.0, 02-01-2020, ArticleFromJournal|
|Publication indicators||= 0; = 2; = 3.0; : 2018 = 1.6; : 2018 = 3.03 (2) - 2018=2.989 (5)|
|Citation count*||3 (2020-01-27)|
* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.