TY - JOUR
T1 - IDERES
T2 - Intrusion detection and response system using machine learning and attack graphs
AU - Rose, Joseph R.
AU - Swann, Matthew
AU - Grammatikakis, Konstantinos P.
AU - Koufos, Ioannis
AU - Bendiab, Gueltoum
AU - Shiaeles, Stavros
AU - Kolokotronis, Nicholas
N1 - Funding Information:
[Formula presented] This project has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement no. 786698. The work reflects only the authors’ view and the Agency is not responsible for any use that may be made of the information it contains.
Funding Information:
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement no. 786698 . The work reflects only the authors’ view and the Agency is not responsible for any use that may be made of the information it contains.
Publisher Copyright:
© 2022 Elsevier B.V.
PY - 2022/10/1
Y1 - 2022/10/1
N2 - The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. This paper explores the potential of using network profiling, machine learning, and game theory, to secure IoT against cyber-attacks. The proposed anomaly-based intrusion detection solution dynamically and actively profiles and monitors all networked devices for the detection of IoT device tampering attempts as well as suspicious network transactions. Any deviation from the defined profile is considered to be an attack and is subject to further analysis. Raw traffic is also passed on to the machine learning classifier for identification of potential attacks. To complement this solution, an intrusion response system is used to act upon the generated alerts and compute the mitigation actions at real-time. Performance assessment of the proposed methodology is conducted on the Cyber-Trust testbed using normal and malicious network traffic. The experimental results show that the proposed anomaly detection system delivers promising results with an overall accuracy of 98.35% and 0.98% of false-positive alarms, resulting in the mitigation of the majority of the executed attacks.
AB - The rapid increase in the use of IoT devices brings many benefits to the digital society, ranging from improved efficiency to higher productivity. However, the limited resources and the open nature of these devices make them vulnerable to various cyber threats. This paper explores the potential of using network profiling, machine learning, and game theory, to secure IoT against cyber-attacks. The proposed anomaly-based intrusion detection solution dynamically and actively profiles and monitors all networked devices for the detection of IoT device tampering attempts as well as suspicious network transactions. Any deviation from the defined profile is considered to be an attack and is subject to further analysis. Raw traffic is also passed on to the machine learning classifier for identification of potential attacks. To complement this solution, an intrusion response system is used to act upon the generated alerts and compute the mitigation actions at real-time. Performance assessment of the proposed methodology is conducted on the Cyber-Trust testbed using normal and malicious network traffic. The experimental results show that the proposed anomaly detection system delivers promising results with an overall accuracy of 98.35% and 0.98% of false-positive alarms, resulting in the mitigation of the majority of the executed attacks.
KW - Internet of Things
KW - intrusion detection
KW - intrusion response
KW - machine learning
KW - security
UR - http://www.scopus.com/inward/record.url?scp=85138774933&partnerID=8YFLogxK
U2 - 10.1016/j.sysarc.2022.102722
DO - 10.1016/j.sysarc.2022.102722
M3 - Article
AN - SCOPUS:85138774933
SN - 1383-7621
VL - 131
JO - Journal of Systems Architecture
JF - Journal of Systems Architecture
M1 - 102722
ER -