D-Score: An expert-based method for assessing the detectability of IoT-related cyber-attacks

Yair Meidan, Daniel Benatar, Ron Bitton, Dan Avraham, Asaf Shabtai

פרסום מחקרי: פרסום בכתב עתמאמרביקורת עמיתים

תקציר

IoT devices are known to be vulnerable to various cyber-attacks, such as data exfiltration and the execution of flooding attacks as part of a DDoS attack. When it comes to detecting such attacks using network traffic analysis, it has been shown that some attack scenarios are not always equally easy to detect if they involve different IoT models. That is, when targeted at some IoT models, a given attack can be detected rather accurately, while when targeted at others the same attack may result in too many false alarms. In this research, we attempt to explain this variability of IoT attack detectability and devise a risk assessment method capable of addressing a key question: how easy is it for an anomaly-based network intrusion detection system to detect a given cyber-attack involving a specific IoT model? In the process of addressing this question we (a) investigate the predictability of IoT network traffic, (b) present a novel taxonomy for IoT attack detection which also encapsulates traffic predictability aspects, (c) propose an expert-based attack detectability estimation method which uses this taxonomy to derive a detectability score (termed ‘D-Score’) for a given combination of IoT model and attack scenario, and (d) empirically evaluate our method while comparing it with a data-driven method.

שפה מקוריתאנגלית אמריקאית
מספר המאמר103073
כתב עתComputers and Security
כרך126
מזהי עצם דיגיטלי (DOIs)
סטטוס פרסוםפורסם - 1 מרץ 2023

ASJC Scopus subject areas

  • ???subjectarea.asjc.1700.1700???
  • ???subjectarea.asjc.3300.3308???

טביעת אצבע

להלן מוצגים תחומי המחקר של הפרסום 'D-Score: An expert-based method for assessing the detectability of IoT-related cyber-attacks'. יחד הם יוצרים טביעת אצבע ייחודית.

פורמט ציטוט ביבליוגרפי