ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks

by   Phillip Rieger, et al.

IoT application domains, device diversity and connectivity are rapidly growing. IoT devices control various functions in smart homes and buildings, smart cities, and smart factories, making these devices an attractive target for attackers. On the other hand, the large variability of different application scenarios and inherent heterogeneity of devices make it very challenging to reliably detect abnormal IoT device behaviors and distinguish these from benign behaviors. Existing approaches for detecting attacks are mostly limited to attacks directly compromising individual IoT devices, or, require predefined detection policies. They cannot detect attacks that utilize the control plane of the IoT system to trigger actions in an unintended/malicious context, e.g., opening a smart lock while the smart home residents are absent. In this paper, we tackle this problem and propose ARGUS, the first self-learning intrusion detection system for detecting contextual attacks on IoT environments, in which the attacker maliciously invokes IoT device actions to reach its goals. ARGUS monitors the contextual setting based on the state and actions of IoT devices in the environment. An unsupervised Deep Neural Network (DNN) is used for modeling the typical contextual device behavior and detecting actions taking place in abnormal contextual settings. This unsupervised approach ensures that ARGUS is not restricted to detecting previously known attacks but is also able to detect new attacks. We evaluated ARGUS on heterogeneous real-world smart-home settings and achieve at least an F1-Score of 99.64 0.03


page 1

page 2

page 3

page 4


IoT-AD: A Framework To Detect Anomalies Among Interconnected IoT Devices

In an Internet of Things (IoT) environment (e.g., smart home), several I...

DIoT: A Self-learning System for Detecting Compromised IoT Devices

IoT devices are being widely deployed. Many of them are vulnerable due t...

DÏoT: A Crowdsourced Self-learning Approach for Detecting Compromised IoT Devices

IoT devices are being widely deployed. Many of them are vulnerable due t...

DeepAuditor: Distributed Online Intrusion Detection System for IoT devices via Power Side-channel Auditing

As the number of IoT devices has increased rapidly, IoT botnets have exp...

IoTC2: A Formal Method Approach for Detecting Conflicts in Large Scale IoT Systems

Internet of Things (IoT) has become a common paradigm for different doma...

SCAPHY: Detecting Modern ICS Attacks by Correlating Behaviors in SCADA and PHYsical

Modern Industrial Control Systems (ICS) attacks evade existing tools by ...

LE3D: A Lightweight Ensemble Framework of Data Drift Detectors for Resource-Constrained Devices

Data integrity becomes paramount as the number of Internet of Things (Io...

Please sign up or login with your details

Forgot password? Click here to reset