Authorisation, attack detection and avoidance framework for IoT devices

Abstract

Internet of Things (IoT) involve large volumes of data generated from the interactions between devices and people, and security is a main alarm in IoT. Most of the anomaly detection techniques in IoT use supervised machine learning technique which involve huge overhead and high false positives. It is observed that severity of attack response was not considered. In this study, the authors propose to develop an authorisation, attack detection and avoidance framework for IoT devices. Initially, traffic collection agent continuously gathers packet level and flow level information for a given time interval. Then detection agent (DA) first checks the collected information with the attack rules table. If any matching attack pattern is found, it informs the attack type to response agent (RA). On the other hand, if no matching pattern is found, then the classification agent applies multi-class support vector machine algorithm. Once the RA obtains the attack type from DA, then it estimates the severity of attack by computing the attack frequency over different time windows and appropriate action will be performed. Experimental results show that the proposed framework reduces 13% of unauthorised access and 19% false positive rate thereby increasing the detection accuracy by 0.6% and throughput.