PDF(Pubmed)
Abstract:
IoT devices have grown in popularity in recent years. Statistics show that the number of online IoT devices exceeded 35 billion in 2022. This rapid growth in adoption made these devices an obvious target for malicious actors. Attacks such as botnets and malware injection usually start with a phase of reconnaissance to gather information about the target IoT device before exploitation. In this paper, we introduce a machine-learning-based detection system for reconnaissance attacks based on an explainable ensemble model. Our proposed system aims to detect scanning and reconnaissance activity of IoT devices and counter these attacks at an early stage of the attack campaign. The proposed system is designed to be efficient and lightweight to operate in severely resource-constrained environments. When tested, the implementation of the proposed system delivered an accuracy of 99%. Furthermore, the proposed system showed low false positive and false negative rates at 0.6% and 0.05%, respectively, while maintaining high efficiency and low resource consumption.
摘要:
物联网设备近年来越来越受欢迎。统计数据显示,2022年在线物联网设备数量超过350亿台。采用率的快速增长使这些设备成为恶意行为者的明显目标。僵尸网络和恶意软件注入等攻击通常从侦察阶段开始,以在利用之前收集有关目标物联网设备的信息。在本文中,我们介绍了一种基于可解释集成模型的基于机器学习的侦察攻击检测系统。我们提出的系统旨在检测物联网设备的扫描和侦察活动,并在攻击活动的早期阶段应对这些攻击。所提出的系统被设计为高效且轻量的,以在严重资源受限的环境中操作。测试时,拟议系统的实施提供了99%的准确性。此外,拟议的系统显示出低的假阳性和假阴性率,分别为0.6%和0.05%,分别,同时保持高效率和低资源消耗。
