ARIoTEDef: Adversarially Robust IoT Early Defense System Based on Self-Evolution against Multi-step Attacks-Reference-Cited by-同舟云学术

ARIoTEDef: Adversarially Robust IoT Early Defense System Based on Self-Evolution against Multi-step Attacks

Published:2024-06-17 Issue:3 Volume:5 Page:1-34
ISSN:2691-1914
Container-title:ACM Transactions on Internet of Things
language:en
Short-container-title:ACM Trans. Internet Things

Author:

Huang Mengdie¹^ORCID,Lee Hyunwoo²^ORCID,Kundu Ashish³^ORCID,Chen Xiaofeng⁴^ORCID,Mudgerikar Anand⁵^ORCID,Li Ninghui⁵^ORCID,Bertino Elisa⁵^ORCID

Affiliation:

1. Xidian University, Xi’an, China and Purdue University, West Lafayette, United States

2. Korea Institute of Energy Technology, Naju-si, South Korea

3. Cisco Systems Inc, San Jose, United States

4. Xidian University, Xi’an, China

5. Purdue University, West Lafayette, United States

Abstract

Internet of Things (IoT) cyber threats, exemplified by jackware and crypto mining, underscore the vulnerability of IoT devices. Due to the multi-step nature of many attacks, early detection is vital for a swift response and preventing malware propagation. However, accurately detecting early-stage attacks is challenging, as attackers employ stealthy, zero-day, or adversarial machine learning to evade detection. To enhance security, we propose ARIoTEDef, an Adversarially Robust IoT Early Defense system, which identifies early-stage infections and evolves autonomously. It models multi-stage attacks based on a cyber kill chain and maintains stage-specific detectors. When anomalies in the later action stage emerge, the system retroactively analyzes event logs using an attention-based sequence-to-sequence model to identify early infections. Then, the infection detector is updated with information about the identified infections. We have evaluated ARIoTEDef against multi-stage attacks, such as the Mirai botnet. Results show that the infection detector’s average F1 score increases from 0.31 to 0.87 after one evolution round. We have also conducted an extensive analysis of ARIoTEDef against adversarial evasion attacks. Our results show that ARIoTEDef is robust and benefits from multiple rounds of evolution.

Funder

Cisco Research

NSF

Purdue University

Xidian University

Publisher

Association for Computing Machinery (ACM)

Link

https://dl.acm.org/doi/pdf/10.1145/3660646

Reference52 articles.

1. M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis, D. Kumar, C. Lever, Z. Ma, J. Mason, D. Menscher, C. Seaman, N. Sullivan, K. Thomas, and Y. Zhou. 2017. Understanding the Mirai botnet. In Proceedings of the USENIX Security Symposium. 1093–1110.

2. D. Bahdanau, K. H. Cho, and Y. Bengio. 2015. Neural machine translation by jointly learning to align and translate. In Proceedings of International Conference on Learning Representations (ICLR’15). 1–15.

3. L. Bilge and T. Dumitras. 2012. Before we knew it: An empirical study of zero-day attacks in the real world. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’12). ACM, New York, NY, USA, 833–844.

4. W. Brendel, J. Rauber, and M. Bethge. 2018. Decision-based adversarial attacks: Reliable attacks against black-box machine learning models. In Proceedings of the International Conference on Learning Representations (ICLR’18). 1–12.

5. An Attentive Survey of Attention Models