A_Measurement_Approach_for_Inline_Intrusion_Detection_of_Heartbleed-Like_Attacks_in_IoT_Frameworks.docx
Download as DOCX, PDF0 likes9 views
The document presents a novel measurement method for inline intrusion detection of heartbleed-like attacks in Internet of Things (IoT) frameworks, addressing vulnerabilities of low-performance IoT devices. The proposed solution allows for real-time detection without needing to decode payloads, demonstrating performance comparable to heavier machine learning methods. Key advantages include real-time visibility, use of statistical anomaly detection, and compatibility with low-resource environments.
![N ETWORK security monitoring and measurements are commonly used methodologies in information
security operation centers. The network traffic is captured by means of suitable measurement probes
and the related logs are monitored to detect any illegal activities within the network [1], [2]. Intrusion
detection systems (IDSs) are automatic systems specifically designed for identifying threats that are
able to potentially create damage to information systems as data leakages, Distributed Denial of
Service (DDoS), Bad Data Injection, to cite a few, and in different contexts of application [3], [4], [5],
[6], [7]. Recent trends of cyberattacks go toward Internet of Things (IoT) and operational technology
(OT) infrastructure which will involve more and more targets including critical infrastructures,
traditional manufacturing facilities, even smart home networks, in the next years. Due to the
prevalence of employees managing these systems via remote access, which provides a very good entry
point for cybercriminals, it is expected that attackers will target industrial sensors to cause physical
damage that could result in assembly lines shutting down or services being interrupted [8].
Drawback in Existing System
ď‚· Complexity: Implementing a measurement approach for inline intrusion detection can
be complex and time-consuming. It requires expertise and knowledge of network
protocols, intrusion detection systems, and measurement techniques. This complexity
can increase the chances of errors and mistakes during the implementation phase.
ď‚· Resource-intensive: Inline intrusion detection requires significant computing resources
and network bandwidth to perform real-time analysis and detection of malicious
activities. This can lead to higher operational costs and the need for specialized
hardware infrastructure to handle the increased load.
ď‚· False positives and negatives: Measurement approaches for inline intrusion detection
may produce false positives, i.e., identify legitimate traffic as malicious, or false
negatives, i.e., fail to detect actual intrusions. These inaccuracies can impact the overall
effectiveness and reliability of the intrusion detection system.
ď‚· Privacy concerns: Inline intrusion detection relies on inspecting and analyzing network
traffic in real-time, which can pose privacy concerns. This approach requires
monitoring and inspecting the content of network packets, potentially exposing
sensitive and confidential information to the intrusion detection system.
Proposed System](https://image.slidesharecdn.com/ameasurementapproachforinlineintrusiondetectionofheartbleed-likeattacksiniotframeworks-231212081355-7e852a24/85/A_Measurement_Approach_for_Inline_Intrusion_Detection_of_Heartbleed-Like_Attacks_in_IoT_Frameworks-docx-2-320.jpg)
![ď‚· The proposed approach is widely applicable to protect heart bleed but also other attacks
dealing with data breach.
ď‚· Proposed results and methodology allow discussing about the possible extension of the
work in more general and complex frameworks of Cyber Security, by analzing both the
level of generalization and the likelihood of the considered kind of attacks.
ď‚· we proposed a flowby-flow evaluation of the parameters of interest for developing the
rules described in the following. In other words, considering the parameters measured
by CICFlowMeter at each flow, they are used for evaluating the involved quantities.
ď‚· As for the proposed rule-based approach, it has shown a very good performance,
comparable with DT and RF, in terms of precision and specificity and a little bit worse,
but better than the other considered ML algorithms, in terms of accuracy, sensitivity,
and F1–score.
Algorithm
ď‚· In fact, it has shown an execution time that is more than 5 times shorter than that
experienced when the Decision Tree algorithm has been considered.
ď‚· Analyzing these results, it is possible to note that the ML algorithms that have shown
the better performance are Random
 Performance comparison among the above–mentioned ML algorithms
Advantages
ď‚· Real-time detection: The measurement approach allows for real-time detection of
intrusions as it operates directly in the communication path of the data [1]. This
means that any incoming traffic can be analyzed and checked for security threats
immediately.
ď‚· By being inline, the measurement approach provides granular visibility into the
network traffic. It can capture and analyze each packet of data, allowing for detailed
inspection and detection of potential intrusions
ď‚· The measurement approach utilizes statistical anomaly-based detection, which
compares incoming traffic against a predetermined baseline of normal behaviour. This
enables accurate detection of deviations from normal patterns, which may indicate an
intrusion
ď‚· In addition to anomaly detection, the measurement approach can also incorporate
signature-based detection. By maintaining a database of known code exploits, it can
quickly identify and eliminate known threats](https://image.slidesharecdn.com/ameasurementapproachforinlineintrusiondetectionofheartbleed-likeattacksiniotframeworks-231212081355-7e852a24/85/A_Measurement_Approach_for_Inline_Intrusion_Detection_of_Heartbleed-Like_Attacks_in_IoT_Frameworks-docx-3-320.jpg)
A_Measurement_Approach_for_Inline_Intrusion_Detection_of_Heartbleed-Like_Attacks_in_IoT_Frameworks.docx
- 1. Base paper Title: A Measurement Approach for Inline Intrusion Detection of Heartbleed-Like Attacks in IoT Frameworks Modified Title: A Measuring Method for Inline Intrusion Detection of Attacks Similar to Heartbleed in Internet of Things Frameworks Abstract Cyber security is one of the most crucial aspects of the Internet of Things (IoT). Among the possible threats, great interest is today paid toward the possible capturing of information caused by external attacks on both client and server sides. Whatever the IoT application, the involved nodes are exposed to cyberattacks mainly through the vulnerability of either the sensor nodes themselves (if they have the capabilities for networking operativity) or the IoT gateways, which are the devices able to create the link between the local nodes of the IoT network, and the wide area networks. Due to the low-cost constraints typical of many IoT applications, the IoT sensor nodes and IoT gateways are often developed on low-performance processing units, in many cases customized for the specific application, and thus not easy to update against new cyber threats that are continuously identified. In the framework of cyberattacks aimed at capturing sensitive information, one of the most known was the heartbleed, which, has allowed attackers to remotely read protected memory from an estimated 24%–55% of popular HTTPS sites. To overcome such a problem, which was due to a bug of the OpenSSL, a suitable patch was quickly released, thus allowing to avoid the problem in most of the cases. However, IoT devices may require more advanced mitigation techniques, because they are sometimes unable to be patched for several practical reasons. In this scenario, the article proposes a novel measurement method for inline detecting intrusions due to heartbleed and heartbleed-like attacks. The proposed solution is based on an effective rule which does not require decoding the payload and that can be implemented on a lowperformance general- purpose processing unit. Therefore, it can be straightforwardly implemented and included in either IoT sensor nodes or IoT gateways. The realized system has been tested and validated on a number of experiments carried out on a real network, showing performance comparable (in some cases better) with the heavier machine learning-based methods. Existing System
- 2. N ETWORK security monitoring and measurements are commonly used methodologies in information security operation centers. The network traffic is captured by means of suitable measurement probes and the related logs are monitored to detect any illegal activities within the network [1], [2]. Intrusion detection systems (IDSs) are automatic systems specifically designed for identifying threats that are able to potentially create damage to information systems as data leakages, Distributed Denial of Service (DDoS), Bad Data Injection, to cite a few, and in different contexts of application [3], [4], [5], [6], [7]. Recent trends of cyberattacks go toward Internet of Things (IoT) and operational technology (OT) infrastructure which will involve more and more targets including critical infrastructures, traditional manufacturing facilities, even smart home networks, in the next years. Due to the prevalence of employees managing these systems via remote access, which provides a very good entry point for cybercriminals, it is expected that attackers will target industrial sensors to cause physical damage that could result in assembly lines shutting down or services being interrupted [8]. Drawback in Existing System ď‚· Complexity: Implementing a measurement approach for inline intrusion detection can be complex and time-consuming. It requires expertise and knowledge of network protocols, intrusion detection systems, and measurement techniques. This complexity can increase the chances of errors and mistakes during the implementation phase. ď‚· Resource-intensive: Inline intrusion detection requires significant computing resources and network bandwidth to perform real-time analysis and detection of malicious activities. This can lead to higher operational costs and the need for specialized hardware infrastructure to handle the increased load. ď‚· False positives and negatives: Measurement approaches for inline intrusion detection may produce false positives, i.e., identify legitimate traffic as malicious, or false negatives, i.e., fail to detect actual intrusions. These inaccuracies can impact the overall effectiveness and reliability of the intrusion detection system. ď‚· Privacy concerns: Inline intrusion detection relies on inspecting and analyzing network traffic in real-time, which can pose privacy concerns. This approach requires monitoring and inspecting the content of network packets, potentially exposing sensitive and confidential information to the intrusion detection system. Proposed System
- 3.  The proposed approach is widely applicable to protect heart bleed but also other attacks dealing with data breach.  Proposed results and methodology allow discussing about the possible extension of the work in more general and complex frameworks of Cyber Security, by analzing both the level of generalization and the likelihood of the considered kind of attacks.  we proposed a flowby-flow evaluation of the parameters of interest for developing the rules described in the following. In other words, considering the parameters measured by CICFlowMeter at each flow, they are used for evaluating the involved quantities.  As for the proposed rule-based approach, it has shown a very good performance, comparable with DT and RF, in terms of precision and specificity and a little bit worse, but better than the other considered ML algorithms, in terms of accuracy, sensitivity, and F1–score. Algorithm  In fact, it has shown an execution time that is more than 5 times shorter than that experienced when the Decision Tree algorithm has been considered.  Analyzing these results, it is possible to note that the ML algorithms that have shown the better performance are Random  Performance comparison among the above–mentioned ML algorithms Advantages  Real-time detection: The measurement approach allows for real-time detection of intrusions as it operates directly in the communication path of the data [1]. This means that any incoming traffic can be analyzed and checked for security threats immediately.  By being inline, the measurement approach provides granular visibility into the network traffic. It can capture and analyze each packet of data, allowing for detailed inspection and detection of potential intrusions  The measurement approach utilizes statistical anomaly-based detection, which compares incoming traffic against a predetermined baseline of normal behaviour. This enables accurate detection of deviations from normal patterns, which may indicate an intrusion  In addition to anomaly detection, the measurement approach can also incorporate signature-based detection. By maintaining a database of known code exploits, it can quickly identify and eliminate known threats
- 4. Software Specification ď‚· Processor : I3 core processor ď‚· Ram : 4 GB ď‚· Hard disk : 500 GB Software Specification ď‚· Operating System : Windows 10 /11 ď‚· Frond End : Python ď‚· Back End : Mysql Server ď‚· IDE Tools : Pycharm