Browse > Article
http://dx.doi.org/10.9717/kmms.2020.23.1.024

Intrusion Detection on IoT Services using Event Network Correlation  

Park, Boseok (School of Computer Science and Engineering, Graduate School, Kyungpook National University)
Kim, Sangwook (School of Computer Science and Engineering, Graduate School, Kyungpook National University)
Publication Information
Journal of Korea Multimedia Society / v.23, no.1, 2020 , pp. 24-30 More about this Journal
Abstract
As the number of internet-connected appliances and the variety of IoT services are rapidly increasing, it is hard to protect IT assets with traditional network security techniques. Most traditional network log analysis systems use rule based mechanisms to reduce the raw logs. But using predefined rules can't detect new attack patterns. So, there is a need for a mechanism to reduce congested raw logs and detect new attack patterns. This paper suggests enterprise security management for IoT services using graph and network measures. We model an event network based on a graph of interconnected logs between network devices and IoT gateways. And we suggest a network clustering algorithm that estimates the attack probability of log clusters and detects new attack patterns.
Keywords
Intrusion Detection; Network Security; IoT Service; Event Correlation;
Citations & Related Records
연도 인용수 순위
  • Reference
1 D. Schnackengerg, H. Holliday, R. Smith, K. Djahandari, and D. Sterne, "Cooperative Intrusion Traceback and Response Architecture (CITRA)," Proceeding of Defense Advanced Research Project Agency Information Survivability Conference and Exposition II , pp. 56-68, 2001.
2 B. Park, T. Lee, and J. Kwak, "Blockchain-Based IoT Device Authentication Scheme," Journal of the Korea Institute of Information Security and Cryptology, Vol. 27, No. 2, pp. 343-351, 2017.   DOI
3 S. Sekharan and K. Kandasamy, "Profiling SIEM Tools and Correlation Engines for Security Analytics," Proceeding of International Conference on Wireless Communications, Signal Processing and Networking, pp. 717-721, 2017.
4 D. Olson and D. Delen, Advanced Data Mining Techniques, Springer, New York, 2008.
5 The BoT-IoT Dataset, https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/bot_iot.php (accessed November 4, 2019).
6 Technology Strategies for IoT Security, https://www.zingbox.com/old-resources/technology-strategies-for-iot-security (accessed August 24, 2019).
7 C.M. Saranya and K.P. Nitha, "Analysis of Security methods in Internet of Things," International Journal on Recent and Innovation Trends in Computing and Communication, Vol. 3, No. 4, pp. 1970-1974, 2015.   DOI
8 P. Kim and S. Kim, "Detecting Community Structure in Complex Networks Using an Interaction Optimization Process," International Journal of Physica A, Vol. 46, No. 5, pp. 525-542, 2017.
9 S. Ryu and S. Kim, "Development of an Integrated IoT System for Searching Dependable Device based on User Property," Journal of Korea Multimedia Society, Vol. 20, No. 5, pp. 791-799, 2017.   DOI
10 A. Buczak and E. Guven, "Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection," IEEE Communications Surveys and Tutorials, Vol. 18, No. 2, pp. 1153-1176, 2015.   DOI
11 K. Koh, S. Lee, and S. Ahn, "A Study on the Direction of Security Control of IoT Environment," Journal of Korea Convergence Security, Vol. 15, No. 5, pp. 53-59, 2015.