Abstract
Internet of Things (IoT) devices may transfer data to the gateway/application server through File Transfer Protocol (FTP) transaction. Unfortunately, in terms of security, the FTP server at a gateway or data sink very often is improperly set up. At the same time, password matching/theft holding is among the popular attacks as the intruders attack the IoT network. Thus, this paper attempts to provide an insight of this type of attack with the main aim of coming up with attack patterns that may help the IoT system administrator to analyze any similar attacks. This paper investigates brute force attack (BFA) on the FTP server of the IoT network by using a time-sensitive statistical relationship approach and visualizing the attack patterns that identify its configurations. The investigation focuses on attacks launched from the internal network, due to the assumption that the IoT network has already installed a firewall. An insider/internal attack launched from an internal network endangers more the entire IoT security system. The experiments use the IoT network testbed that mimic the internal attack scenario with three major goals: (i) to provide a topological description on how an insider attack occurs; (ii) to achieve attack pattern extraction from raw sniffed data; and (iii) to establish attack pattern identification as a parameter to visualize real-time attacks. Experimental results validate the investigation.
Highlights
Earlier security protocols should be pertinent to IoT to assure basic security services including authentication, confidentiality, integrity, nonrepudiation, access control, and availability. e reason is that IoT is as an extension of the classical Internet framework and technology
Password matching/theft holding is among the popular attacks as the intruders attack the IoT network
E novelty of this paper is the use of a time-sensitive statistical relationship approach and visualizing the attack patterns that identify its configurations in brute force attack (BFA) on an File Transfer Protocol (FTP) service investigation. e investigation focuses on attacks launched from the internal network, due to the assumption that the IoT network has already installed a firewall. e investigation provides a new insight of this type of attack with the main aim of coming up with attack patterns visualization that may help the IoT system administrator to analyze any similar attacks
Summary
Earlier security protocols should be pertinent to IoT to assure basic security services including authentication, confidentiality, integrity, nonrepudiation, access control, and availability. e reason is that IoT is as an extension of the classical Internet framework and technology. E novelty of this paper is the use of a time-sensitive statistical relationship approach and visualizing the attack patterns that identify its configurations in brute force attack (BFA) on an FTP service investigation. E authors undertake experiments to investigate several attack types, in particular in intrusions such as (i) probes that aim to obtain detailed information and (ii) brute force attacks (BFA) geared towards guessing passwords and/or gaining privileged access. Is paper describes brute force malware attacks on the FTP server of an IoT network to gain escalating privileged access in the IoT environment. (i) How to extract important features of data packages related to potential attack packages (ii) How to detect BFAs on FTP services on IoT networks (iii) How to visualize FTP attacks by using a timesensitive statistical relationship (iv) How to display patterns of known attacks by computing the number of alerts.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
