D-Score: An expert-based method for assessing the detectability of IoT-related cyber-attacks

Yair Meidan, Daniel Benatar, Ron Bitton, Dan Avraham, Asaf Shabtai

نتاج البحث: نشر في مجلةمقالةمراجعة النظراء

ملخص

IoT devices are known to be vulnerable to various cyber-attacks, such as data exfiltration and the execution of flooding attacks as part of a DDoS attack. When it comes to detecting such attacks using network traffic analysis, it has been shown that some attack scenarios are not always equally easy to detect if they involve different IoT models. That is, when targeted at some IoT models, a given attack can be detected rather accurately, while when targeted at others the same attack may result in too many false alarms. In this research, we attempt to explain this variability of IoT attack detectability and devise a risk assessment method capable of addressing a key question: how easy is it for an anomaly-based network intrusion detection system to detect a given cyber-attack involving a specific IoT model? In the process of addressing this question we (a) investigate the predictability of IoT network traffic, (b) present a novel taxonomy for IoT attack detection which also encapsulates traffic predictability aspects, (c) propose an expert-based attack detectability estimation method which uses this taxonomy to derive a detectability score (termed ‘D-Score’) for a given combination of IoT model and attack scenario, and (d) empirically evaluate our method while comparing it with a data-driven method.

اللغة الأصليةإنجليزيّة أمريكيّة
رقم المقال103073
دوريةComputers and Security
مستوى الصوت126
المعرِّفات الرقمية للأشياء
حالة النشرنُشِر - 1 مارس 2023

All Science Journal Classification (ASJC) codes

  • !!Computer Science (all)
  • !!Law

بصمة

أدرس بدقة موضوعات البحث “D-Score: An expert-based method for assessing the detectability of IoT-related cyber-attacks'. فهما يشكلان معًا بصمة فريدة.

قم بذكر هذا