Qi Liu
ABSTRACT
Rule learning based intrusion detection systems (IDS) regularly collect and process network traffic, and thereafter they apply rule learning algorithms to the data to identify network communication behaviors represented as IF-THEN rules. Detection rules are inferred offline and can be periodically automatically updated online for intrusion detection. In this context, we implement in the present paper various attacks against MQTT in a carefully designed and very realistic experiment environment, instead of a simulation program as commonly seen in previous works, for data generation. Besides, we investigate a Bayesian rule learning based approach as countermeasure, which is able to detect various attack types. A Bayesian network is learned from training data and subsequently translated into a rule set for intrusion detection. The combination of prior knowledge (about the communication protocol and target system) and data help to efficiently learn the Bayesian network. The translation from the Bayesian network to a set of inherently interpretable rules can be regarded as a transformation from implicit knowledge to explicit knowledge. We show that our proposed method can achieve not only good detection performance but also high interpretability.
- Haripriya A. P. and Kulothungan K.2019. Secure-MQTT: an efficient fuzzy logic-based approach to detect DoS attack in MQTT protocol for internet of things. EURASIP Journal on Wireless Communications and Networking1 (2019), 2787. https://doi.org/10.1186/s13638-019-1402-8Google Scholar
- Ala Al-Fuqaha, Mohsen Guizani, Mehdi Mohammadi, Mohammed Aledhari, and Moussa Ayyash. 2015. Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications. IEEE Communications Surveys & Tutorials 17, 4 (2015), 2347–2376. https://doi.org/10.1109/COMST.2015.2444095Google ScholarDigital Library
- Eyhab Al-Masri, Karan Raj Kalyanam, John Batts, Jonathan Kim, Sharanjit Singh, Tammy Vo, and Charlotte Yan. 2020. Investigating Messaging Protocols for the Internet of Things (IoT). IEEE Access 8(2020), 94880–94911. https://doi.org/10.1109/ACCESS.2020.2993363Google ScholarCross Ref
- Hector Alaiz-Moreton, Jose Aveleira-Mata, Jorge Ondicol-Garcia, Angel Luis Muñoz-Castañeda, Isaías García, and Carmen Benavides. 2019. Multiclass Classification Procedure for Detecting Attacks on MQTT-IoT Protocol. Complexity 2019, 6 (2019), 1–11. https://doi.org/10.1155/2019/6516253Google ScholarCross Ref
- Elisa Bertino and Nayeem Islam. 2017. Botnets and Internet of Things Security. Computer 50, 2 (2017), 76–79. https://doi.org/10.1109/MC.2017.62Google ScholarDigital Library
- Gláucia M. Bressan, Vilma A. Oliveira, Estevam R. Hruschka, and Maria C. Nicoletti. 2009. Using Bayesian networks with rule extraction to infer the risk of weed infestation in a corn-crop. Engineering Applications of Artificial Intelligence 22, 4-5(2009), 579–592. https://doi.org/10.1016/j.engappai.2009.03.006Google ScholarDigital Library
- David Heckerman. 2008. A Tutorial on Learning With Bayesian Networks. In Innovations in Bayesian Networks, D. E. Holmes and L. C. Jain (Eds.). Springer, Berlin, Heidelberg.Google Scholar
- Usama Fayyad, Gregory Piatetsky-Shapiro, and Padhraic Smyth. 1996. From Data Mining to Knowledge Discovery in Databases. AI Magazine 17, 3 (1996).Google Scholar
- Syed Naeem Firdous, Zubair Baig, Craig Valli, and Ahmed Ibrahim. 2017. Modelling and Evaluation of Malicious Attacks against the IoT MQTT Protocol. In Proceedings of 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). 748–755. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2017.115Google ScholarCross Ref
- Johannes Fürnkranz, Dragan Gamberger, and Nada Lavrač. 2012. Foundations of Rule Learning. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75197-7Google Scholar
- Johannes Fürnkranz and Tomáš Kliegr. 2015. A Brief Overview of Rule Learning. In Proceedings of the 9th International RuleML Symposium, Vol. 9202. Springer, Cham, 54–69.Google ScholarCross Ref
- Gideon Schwarz. 1978. Estimating the Dimension of a Model. Annals of Statistics 6, 2 (1978), 461–464.Google ScholarCross Ref
- Vanathi Gopalakrishnan, Jonathan L. Lustgarten, Shyam Visweswaran, and Gregory F. Cooper. 2010. Bayesian rule learning for biomedical data mining. Bioinformatics (Oxford, England) 26, 5 (2010), 668–675. https://doi.org/10.1093/bioinformatics/btq005Google Scholar
- Estevam R. Hruschka, M. do Carmo Nicoletti, Vilma A. de Oliveira, and Glaucia M. Bressan. 2007. Markov-Blanket Based Strategy for Translating a Bayesian Classifier into a Reduced Set of Classification Rules. In Proceedings of the Seventh International Conference on Hybrid Intelligent Systems. IEEE, 192–197. https://doi.org/10.1109/HIS.2007.68Google Scholar
- Ersan Kabalci and Yasin Kabalci. 2019. Smart Grids and Their Communication Systems. Springer Singapore, Singapore. https://doi.org/10.1007/978-981-13-1768-2Google Scholar
- Constantinos Kolias, Georgios Kambourakis, Angelos Stavrou, and Jeffrey Voas. 2017. DDoS in the IoT: Mirai and Other Botnets. Computer 50, 7 (2017), 80–84. https://doi.org/10.1109/MC.2017.201Google ScholarDigital Library
- Gaoqi Liang, Junhua Zhao, Fengji Luo, Steven R. Weller, and Zhao Yang Dong. 2017. A Review of False Data Injection Attacks Against Modern Power Systems. IEEE Transactions on Smart Grid 8, 4 (2017), 1630–1638. https://doi.org/10.1109/TSG.2015.2495133Google ScholarCross Ref
- Qi Liu, Veit Hagenmeyer, and Hubert B. Keller. 2021. A Review of Rule Learning Based Intrusion Detection Systems and Their Prospects in Smart Grids. IEEE Access 9(2021), 57542–57564. https://doi.org/10.1109/ACCESS.2021.3071263Google ScholarCross Ref
- Yao Liu, Peng Ning, and Michael K. Reiter. 2011. False data injection attacks against state estimation in electric power grids. ACM Transactions on Information and System Security 14, 1 (2011), 1–33. https://doi.org/10.1145/1952982.1952995Google ScholarDigital Library
- Michael Howard, Jon Pincus, and Jeannette M. Wing. 2003. Measuring Relative Attack Surfaces. In Proceeding of Workshop on Advanced Developments in Software and System Security.Google Scholar
- Radhakrishnan Nagarajan, Marco Scutari, and Sophie Lèbre. 2013. Bayesian Networks in R. Springer New York, New York, NY. https://doi.org/10.1007/978-1-4614-6446-4Google Scholar
- Omar Nakhila, Afraa Attiah, Yier Jin, and Cliff Zou. 2015. Parallel active dictionary attack on WPA2-PSK Wi-Fi networks. In MILCOM 2015 IEEE Military Communications Conference. IEEE, 665–670. https://doi.org/10.1109/MILCOM.2015.7357520Google ScholarDigital Library
- National Institute of Standards and Technology. 2017. An Introduction to Information Security(revision 1 ed.). https://doi.org/10.6028/NIST.SP.800-12r1Google Scholar
- OASIS Standard. 7th March 2019. MQTT Version 5.0: Edited by Andrew Banks, Ed Briggs, Ken Borgendale, and Rahul Gupta. https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.html.Google Scholar
- Judea Pearl. 1988. Probabilistic reasoning in intelligent systems: Networks of plausible inference. Morgan Kaufmann, San Mateo, CA.Google ScholarDigital Library
- Peter Jackson. 1998. Introduction to Expert Systems(3rd ed.). Addison-Wesley Longman Publishing Co., USA.Google Scholar
- Richard E. Neapolitan. 2004. Learning Bayesian Networks. Pearson Prentice Hall.Google ScholarDigital Library
- Marco Scutari. 2010. Learning Bayesian Networks with the bnlearn R Package. Journal of Statistical Software 35, 3 (2010).Google ScholarCross Ref
- Marco Scutari, Pietro Auconi, Guido Caldarelli, and Lorenzo Franchi. 2017. Bayesian Networks Analysis of Malocclusion Data. 7, 1 (2017), 15236. https://doi.org/10.1038/s41598-017-15293-wGoogle ScholarCross Ref
- Meena Singh, M. A. Rajan, V. L. Shivraj, and P. Balamuralidhar. 2015. Secure MQTT for Internet of Things (IoT). In 2015 Fifth International Conference on Communication Systems and Network Technologies. 746–751. https://doi.org/10.1109/CSNT.2015.16Google ScholarCross Ref
- Syaiful Andy, Budi Rahardjo, Bagus Hanindhito. 2017. Attack Scenarios and Security Analysis of MQTT Communication Protocol in IoT System. In Proceeding of International Conference on Electrical Engineering, Computer Science and Informatics.Google ScholarCross Ref
- Mathy Vanhoef and Frank Piessens. 2017. Key Reinstallation Attacks. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, New York, NY, USA, 1313–1328. https://doi.org/10.1145/3133956.3134027Google ScholarDigital Library
- Henry Wong and Tie Luo. 2020. Man-in-the-Middle Attacks on MQTT-based IoT Using BERT Based Adversarial Message Generation. In KDD’20 Workshops: the 3rd International Workshop on Artificial Intelligence of Things (AIoT).Google Scholar
Recommendations
Misuse-based intrusion detection using Bayesian networks
This paper presents an application of Bayesian networks to the process of intrusion detection in computer networks. The presented system, called Bayesian system for intrusion detection (Basset) extends functionality of Snort, an open-source network ...
Rule generalisation in intrusion detection systems using SNORT
Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...
Syntax vs. semantics: competing approaches to dynamic network intrusion detection
Malicious network traffic, including widespread worm activity, is a growing threat to internet-connected networks and hosts. In this paper, we consider both syntax and semantics based approaches for dynamic network intrusion detection. The semantics-...
Comments