Detecting Compromised IoT Devices Using Autoencoders with Sequential Hypothesis Testing
arxiv(2024)
摘要
IoT devices fundamentally lack built-in security mechanisms to protect
themselves from security attacks. Existing works on improving IoT security
mostly focus on detecting anomalous behaviors of IoT devices. However, these
existing anomaly detection schemes may trigger an overwhelmingly large number
of false alerts, rendering them unusable in detecting compromised IoT devices.
In this paper we develop an effective and efficient framework, named CUMAD, to
detect compromised IoT devices. Instead of directly relying on individual
anomalous events, CUMAD aims to accumulate sufficient evidence in detecting
compromised IoT devices, by integrating an autoencoder-based anomaly detection
subsystem with a sequential probability ratio test (SPRT)-based sequential
hypothesis testing subsystem. CUMAD can effectively reduce the number of false
alerts in detecting compromised IoT devices, and moreover, it can detect
compromised IoT devices quickly. Our evaluation studies based on the
public-domain N-BaIoT dataset show that CUMAD can on average reduce the false
positive rate from about 3.57
detection scheme to about 0.5
devices quickly, with less than 5 observations on average.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要