Beholder – A CEP-based intrusion detection and prevention systems for IoT environments. Issue 120 (September 2022)
- Record Type:
- Journal Article
- Title:
- Beholder – A CEP-based intrusion detection and prevention systems for IoT environments. Issue 120 (September 2022)
- Main Title:
- Beholder – A CEP-based intrusion detection and prevention systems for IoT environments
- Authors:
- Lima, Milton
Lima, Ricardo
Lins, Fernando
Bonfim, Michel - Abstract:
- Abstract: IoT devices are vulnerable to security threats. The connectivity among such devices presents opportunities for cybercriminals to perform different types of attacks. In IoT, application layer protocols play an important role. They form the basis of communications between applications and services. Security is an optional design aspect in application layer protocols, leading developers to neglect these security settings, or others may lack security mechanisms in their standard configuration. This paper introduces Beholder, an Intrusion Detection and Prevention System (IDPS) to prevent attacks that exploit the vulnerabilities in the MQTT (Message Queue Telemetry Transport) and CoAP (Constrained Application Protocol) protocols. Most IoT systems adopt MQTT or CoAP. Beholder exploits the Complex Event Processing (CEP) technology to analyze data streams and detect attacks on IoT applications that use the MQTT and CoAP protocols. Beholder is the first IDS that relies on CEP technology to detect attacks on MQTT and CoAP protocols in IoT environments to the best of our knowledge. This work introduces a real scenario for the evaluation process, performing attacks on a smart home. Initially, we validated the quality of our IDS, comparing it against the well-known Snort IDS. Since Snort can only handle attacks on TCP, we restricted the experiment to attacks on this protocol. Results demonstrated that Snort achieved three 9s of precision, while Beholder reached a precision ofAbstract: IoT devices are vulnerable to security threats. The connectivity among such devices presents opportunities for cybercriminals to perform different types of attacks. In IoT, application layer protocols play an important role. They form the basis of communications between applications and services. Security is an optional design aspect in application layer protocols, leading developers to neglect these security settings, or others may lack security mechanisms in their standard configuration. This paper introduces Beholder, an Intrusion Detection and Prevention System (IDPS) to prevent attacks that exploit the vulnerabilities in the MQTT (Message Queue Telemetry Transport) and CoAP (Constrained Application Protocol) protocols. Most IoT systems adopt MQTT or CoAP. Beholder exploits the Complex Event Processing (CEP) technology to analyze data streams and detect attacks on IoT applications that use the MQTT and CoAP protocols. Beholder is the first IDS that relies on CEP technology to detect attacks on MQTT and CoAP protocols in IoT environments to the best of our knowledge. This work introduces a real scenario for the evaluation process, performing attacks on a smart home. Initially, we validated the quality of our IDS, comparing it against the well-known Snort IDS. Since Snort can only handle attacks on TCP, we restricted the experiment to attacks on this protocol. Results demonstrated that Snort achieved three 9s of precision, while Beholder reached a precision of four 9s. The experiment to evaluate Beholder's precision for the MQTT and CoAP protocols revealed that Beholder obtained 100% precision for High QoS Flood (MQTT) and the Error Flood(CoAP). … (more)
- Is Part Of:
- Computers & security. Issue 120(2022)
- Journal:
- Computers & security
- Issue:
- Issue 120(2022)
- Issue Display:
- Volume 120, Issue 120 (2022)
- Year:
- 2022
- Volume:
- 120
- Issue:
- 120
- Issue Sort Value:
- 2022-0120-0120-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-09
- Subjects:
- Security -- Intrusion detection systems -- IoT -- CEP -- MQTT -- CoAP
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2022.102824 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 22640.xml