Litcius/Paper detail

Stepping out of the MUD: Contextual threat information for IoT devices with manufacturer-provided behavior profiles

Luca Morgese Zangrandi, Thijs van Ede, Tim Booij, Savio Sciancalepore, Luca Allodi, Andrea Continella

202216 citationsDOIOpen Access PDF

Abstract

Besides coming with unprecedented benefits, the Internet of Things (IoT) suffers deficits in security measures, leading to attacks increasing every year. In particular, network environments such as smart homes lack managed security capabilities to detect IoT-related attacks; IoT devices hosted therein are thus more easily targeted by threats. As such, context awareness of IoT infections is hard to achieve, preventing prompt response. In this work, we propose MUDscope, an approach to monitor malicious network activities affecting IoT systems in real-world consumer environments. We leverage the recent Manufacturer Usage Description (MUD) specification, which defines networking allow-lists for IoT devices in MUD profiles, to reflect consistent and necessarily-anomalous activities from smart things. Our approach characterizes this traffic and extracts signatures for given attacks. By analyzing attack signatures for multiple devices, we gather insights into emerging attack patterns. We evaluate our approach on both an existing dataset and a new, openly available dataset created for this research. We show that MUDscope detects several attacks targeting IoT devices with an F1-score of 95.77% and correctly identifies signatures for specific attacks with an F1-score of 87.72%.

Topics & Concepts

Internet of ThingsLeverage (statistics)Computer scienceComputer securityContext (archaeology)Artificial intelligencePaleontologyBiologyNetwork Security and Intrusion DetectionAdvanced Malware Detection TechniquesInternet Traffic Analysis and Secure E-voting
Stepping out of the MUD: Contextual threat information for IoT devices with manufacturer-provided behavior profiles | Litcius