research-article

Open access

Process-Aware Intrusion Detection in MQTT Networks

Authors:

Günther PernulAuthors Info & Claims

CODASPY '24: Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy

Pages 91 - 102

https://doi.org/10.1145/3626232.3653271

Published: 19 June 2024 Publication History

Abstract

Intrusion Detection Systems (IDS) allow for detecting malicious activities in organizational networks and hosts. As the Industrial Internet of Things (Industrial IoT) has gained momentum and attackers become process-aware, it elevates the focus on anomaly-based Network Intrusion Detection Systems (NIDS) in IoT. While previous research has primarily concentrated on fortifying SCADA systems with NIDS, keeping track of the latest advancements in resource-efficient messaging (e.g., MQTT, CoAP, and OPC-UA) is paramount. In our work, we straightforwardly derive IoT processes for NIDS using distributed tracing and process mining. We introduce a pioneering framework called MISSION which effectively captures, consolidates, and models MQTT flows, leading to a heightened process awareness in NIDS. Through our prototypical implementation, we demonstrate exceptional performance and high-quality models. Moreover, our experiments provide empirical evidence for rediscovering pre-defined processes and successfully detecting two distinct MQTT attacks in a simulated IoT network.

References

[1]

Ala I. Al-Fuqaha, Mohsen Guizani, Mehdi Mohammadi, Mohammed Aledhari, and Moussa Ayyash. 2015. Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications. IEEE Communications Surveys & Tutorials, Vol. 17, 4 (2015), 2347--2376. https://doi.org/10.1109/COMST.2015.2444095

Digital Library

[2]

Stefan Axelsson. 2000. Intrusion detection systems: A survey and taxonomy. Technical Report.

[3]

B. Claise and B. Trammell and P. Aitken and S. Zseby and J. Quittek. 2008. IP Flow Information Export (IPFIX) Implementation Guidelines. Technical Report. https://doi.org/10.17487/rfc5153 RFC 5153.

Digital Library

[4]

B. Trammell and E. Boschi and T. Zseby and D. Quittek and M. Stiemerling and M. Claise. 2009. Architecture for IP Flow Information Export. Technical Report. https://doi.org/10.17487/rfc5470 RFC 5470.

Digital Library

[5]

Joos C. A. M. Buijs, Boudewijn F. van Dongen, and Wil M. P. van der Aalst. 2012. On the Role of Fitness, Precision, Generalization and Simplicity in Process Discovery. In Proceedings of the On the Move to Meaningful Internet Systems (OTM 2012) (2012), Robert Meersman, Hervé Panetto, Tharam Dillon, Stefanie Rinderle-Ma, Peter Dadam, Xiaofang Zhou, Siani Pearson, Alois Ferscha, Sonia Bergamaschi, and Isabel F. Cruz (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 305--322. https://doi.org/10.1007/978--3--642--33606--5_19

[6]

Javier Bustos-Jiménez, Cecilia Saint-Pierre, and Alvaro Graves. 2014. Applying Process Mining Techniques to DNS Traces Analysis. In Proceedings of the 33rd International Conference of the Chilean Computer Science Society, (SCCC 2014). IEEE Computer Society, 12--16. https://doi.org/10.1109/SCCC.2014.9

[7]

Alvaro A. Cárdenas, Saurabh Amin, Zong-Syun Lin, Yu-Lun Huang, Chi-Yen Huang, and Shankar Sastry. 2011. Attacks against process control systems: risk assessment, detection, and response. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011) (2011-03), Bruce S. N. Cheung, Lucas Chi Kwong Hui, Ravi S. Sandhu, and Duncan S. Wong (Eds.). ACM, 355--366. https://doi.org/10.1145/1966913.1966959

Digital Library

[8]

Marco Caselli, Emmanuele Zambon, Johanna Amann, Robin Sommer, and Frank Kargl. 2016. Specification Mining for Intrusion Detection in Networked Control Systems. In Proceedings of the 25th USENIX Security Symposium (USENIX Security 2016), Thorsten Holz and Stefan Savage (Eds.). USENIX Association, 791--806.

Digital Library

[9]

Marco Caselli, Emmanuele Zambon, and Frank Kargl. 2015. Sequence-aware Intrusion Detection in Industrial Control Systems. In Proceedings of the 1st ACM Workshop on Cyber-Physical System Security (CPSS 2015), Jianying Zhou and Douglas Jones (Eds.). ACM, 13--24. https://doi.org/10.1145/2732198.2732200

Digital Library

[10]

Valentina Casola, Alessandra De Benedictis, Antonio Riccio, Diego Rivera, Wissam Mallouli, and Edgardo Montes de Oca. 2019. A security monitoring system for internet of things. Internet of Things, Vol. 7 (2019), 100080. https://doi.org/10.1016/j.iot.2019.100080

[11]

Thomas M. Chen and Saeed Abu-Nimeh. 2011. Lessons from Stuxnet. Computer, Vol. 44, 4 (2011), 91--93. https://doi.org/10.1109/MC.2011.115

[12]

Xutong Chen, Hassaan Irshad, Yan Chen, Ashish Gehani, and Vinod Yegneswaran. 2021. CLARION: Sound and Clear Provenance Tracking for Microservice Deployments. In Proceedings of the 30th USENIX Security Symposium (USENIX Security 2021), Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 3989--4006.

[13]

Anton Cherepanov. 2017. WIN32/INDUSTROYER: A new threat for industrial control systems. White paper, ESET (June 2017) (2017).

[14]

Steven Cheung, Bruno Dutertre, Martin Fong, Ulf Lindqvist, Keith Skinner, and Alfonso Valdes. 2007. Using model-based intrusion detection for SCADA networks. In Proceedings of the SCADA security scientific symposium, Vol. 46. SRI International, 1--12.

[15]

Ronny Chevalier, Maugan Villatel, David Plaquin, and Guillaume Hiet. 2017. Co-processor-based Behavior Monitoring: Application to the Detection of Attacks Against the System Management Mode. In Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC 2017) (2017--12). ACM, 399--411. https://doi.org/10.1145/3134600.3134622

Digital Library

[16]

Justyna J. Chromik, Anne Remke, and Boudewijn R. Haverkort. 2016. What's under the hood? Improving SCADA security with process awareness. In Proceedings of the 2016 Joint Workshop on Cyber- Physical Security and Resilience in Smart Grids (CPSR-SG 2016). IEEE, 1--6. https://doi.org/10.1109/CPSRSG.2016.7684100

[17]

Justyna J Chromik, Anne Remke, and Boudewijn R Haverkort. 2018. Bro in SCADA: Dynamic intrusion detection policies based on a system model. In Proceedings of the 5th International Symposium for ICS & SCADA Cyber Security Research (2018-08). BCS Learning & Development, 112--121. https://doi.org/10.14236/ewic/ics2018.13

[18]

Ege Ciklabakkal, Ataberk Donmez, Mert Erdemir, Emre Süren, Mert Kaan Yilmaz, and Pelin Angin. 2019. ARTEMIS: An Intrusion Detection System for MQTT Attacks in Internet of Things. In Proceedings of the 38th Symposium on Reliable Distributed Systems (SRDS 2019) (2019--10). IEEE, 369--371. https://doi.org/10.1109/SRDS47363.2019.00053

[19]

B. Claise, P. Aitken, and N. Ben-Dvora. 2004. Cisco Systems NetFlow Services Export Version 9. Technical Report. https://doi.org/10.17487/rfc6759 RFC 3954.

Digital Library

[20]

Simone Coltellese, Fabrizio Maria Maggi, Andrea Marrella, Luca Massarelli, and Leonardo Querzoni. 2019. Triage of IoT Attacks Through Process Mining. In Proceedings of the On the Move to Meaningful Internet Systems (OTM 2019) (2019) (Lecture Notes in Computer Science, Vol. 11877). Springer, 326--344. https://doi.org/10.1007/978--3-030--33246--4_22

Digital Library

[21]

Richard Coppen. 2019. MQTT Version 5.0 Specification. Technical Specification. Organization for the Advancement of Structured Information Standards (OASIS). https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.html

[22]

Pubali Datta, Isaac Polinsky, Muhammad Adil Inam, Adam Bates, and William Enck. 2022. ALASTOR: Reconstructing the Provenance of Serverless Intrusions. In Proceedings of the 31st USENIX Security Symposium (USENIX Security 2022) (2023), Kevin R. B. Butler and Kurt Thomas (Eds.). USENIX Association, 2443--2460.

[23]

Hervé Debar, Marc Dacier, and Andreas Wespi. 1999. Towards a taxonomy of intrusion-detection systems. Computer Networks, Vol. 31, 8 (1999), 805--822. https://doi.org/10.1016/S1389--1286(98)00017--6

[24]

Eclipse Foundation. 2021. Eclipse Newsletter - February 2021. https://www.eclipse.org/community/eclipse_newsletter/2021/february/1.php. Accessed: November 5, 2023.

[25]

Gal Engelberg, Moshe Hadad, and Pnina Soffer. 2021. From Network Traffic Data to Business Activities: A Process Mining Driven Conceptualization. In Proceedings of the 22nd International Conference on Business Process Modeling, Development and Support (BPMDS 2021) (2021) (Lecture Notes in Business Information Processing, Vol. 421), Adriano Augusto, Asif Gill, Selmin Nurcan, Iris Reinhartz-Berger, Rainer Schmidt, and Jelena Zdravkovic (Eds.). Springer, 3--18. https://doi.org/10.1007/978--3-030--79186--5_1

[26]

Robert Flosbach, Justyna Joanna Chromik, and Anne Remke. 2019. Architecture and Prototype Implementation for Process-Aware Intrusion Detection in Electrical Grids. In Proceedings of the 38th Symposium on Reliable Distributed Systems (SRDS) (2019--10). IEEE, 42--51. https://doi.org/10.1109/SRDS47363.2019.00015

[27]

Igor Nai Fovino, Andrea Carcano, Thibault De Lacheze Murel, Alberto Trombetta, and Marcelo Masera. 2010. Modbus/DNP3 State-Based Intrusion Detection System. In Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications (AINA 2010). IEEE Computer Society, 729--736. https://doi.org/10.1109/AINA.2010.86

Digital Library

[28]

Gemalto. 2019. Gemalto: State of IoT Security. Network Security, Vol. 2019, 2 (2019), 4. https://doi.org/10.1016/S1353--4858(19)30018--2

Digital Library

[29]

Niv Goldenberg and Avishai Wool. 2013. Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. International Journal of Critical Infrastructure Protection, Vol. 6, 2 (2013), 63--75. https://doi.org/10.1016/j.ijcip.2013.05.001

[30]

Dina Hadziosmanovic, Damiano Bolzoni, and Pieter H. Hartel. 2012. A log mining approach for process monitoring in SCADA. International Journal of Information Security, Vol. 11, 4 (2012), 231--251. https://doi.org/10.1007/s10207-012-0163--8

Digital Library

[31]

Dongqi Han, Zhiliang Wang, Wenqi Chen, Ying Zhong, Su Wang, Han Zhang, Jiahai Yang, Xingang Shi, and Xia Yin. 2021. DeepAID: Interpreting and Improving Deep Learning-based Anomaly Detection in Security Applications. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS 2021), Yongdae Kim, Jong Kim, Giovanni Vigna, and Elaine Shi (Eds.). ACM, 3197--3217. https://doi.org/10.1145/3460120.3484589

Digital Library

[32]

Wajih Ul Hassan, Mark Lemay, Nuraini Aguse, Adam Bates, and Thomas Moyer. 2018. Towards Scalable Cluster Auditing through Grammatical Inference over Provenance Graphs. In Proceedings of the 25th Annual Network and Distributed System Security Symposium, (NDSS 2018) (2018). The Internet Society. https://doi.org/10.14722/ndss.2018.23141

[33]

Wajih Ul Hassan, Mohammad A. Noureddine, Pubali Datta, and Adam Bates. 2020. OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis. In Proceedings of the 27th Annual Network and Distributed System Security Symposium (NDSS 2020) (2020). The Internet Society. https://doi.org/10.14722/ndss.2020.24270

[34]

Khari Hernandez. 2022. For 1 in 4 companies, half of all AI projects fail. https://venturebeat.com/ai/idc-for-1-in-4-companies-half-of-all-ai-projects-fail/

[35]

Tim Hübener, Michel R. V. Chaudron, Yaping Luo, Pieter Vallen, Jonck van der Kogel, and Tom Liefheid. 2022. Automatic Anti-Pattern Detection in Microservice Architectures Based on Distributed Tracing. In Proceedings of the 44th IEEE/ACM International Conference on Software Engineering: Software Engineering in Practice, (ICSE 2022). IEEE, 75--76. https://doi.org/10.1109/ICSE-SEIP55303.2022.9794000

[36]

InfluxData. 2022. Telegraf: MQTT Consumer Input Plugin. https://www.flowmon.com/en/products/software-modules/packet-investigator. Accessed: November 5, 2023.

[37]

irino. 2022. softflowd: A flow-based network traffic analyser capable of Cisco NetFlow data export software. https://github.com/irino/softflowd. Accessed: November 5, 2023.

[38]

ISO/IEC JTC 1/SC 29/WG 11. 2016. Information technology -- Message Queuing Telemetry Transport (MQTT). International Standard ISO/IEC 20922:2016. Geneva, Switzerland. https://www.iso.org/obp/ui/#iso:std:iso-iec:20922:ed-1:v1:en

[39]

J. Case and K. McCloghrie and M. Rose and S. Waldbusser. 1990. Simple Network Management Protocol (SNMP). Technical Report. https://doi.org/10.17487/rfc1448 RFC 1157.

Digital Library

[40]

Joyce Jackson. 2002. Data Mining; A Conceptual Overview. Communications of the Association for Information Systems, Vol. 8 (2002), 19. https://doi.org/10.17705/1cais.00819

[41]

Paria Jokar, Hasen Nicanfar, and Victor C. M. Leung. 2011. Specification-based Intrusion Detection for home area networks in smart grids. In Proceedings of the IEEE Second International Conference on Smart Grid Communications (SmartGridComm 2011). IEEE, 208--213. https://doi.org/10.1109/SmartGridComm.2011.6102320

[42]

jpmens. 2022. A Nagios/Icinga plugin for testing an MQTT broker. https://github.com/jpmens/check-mqtt. Accessed: 2022-09--27.

[43]

K. McCloghrie and M. Rose and S. Waldbusser. 1995. Remote Network Monitoring Management Information Base. Technical Report. https://doi.org/10.17487/rfc2819 RFC 1757.

Digital Library

[44]

Kaspersky. 2022. Pushing the limits: How to address specific cybersecurity demands and protect IoT. Technical Report. Kaspersky.

[45]

Muhammad Almas Khan, Muazzam Ali Khan, Sana Ullah Jan, Jawad Ahmad, Sajjad Shaukat Jamal, Awais Aziz Shah, Nikolaos Pitropakis, and William J. Buchanan. 2021. A Deep Learning-Based Intrusion Detection System for MQTT Enabled IoT. Sensors, Vol. 21, 21 (2021), 7016. https://doi.org/10.3390/s21217016

[46]

Bernhard Korte and Jens Vygen. 2018. Graphs. Springer Berlin Heidelberg, Berlin, Heidelberg, 15--51. https://doi.org/10.1007/978--3--662--56039--6_2

[47]

Oualid Koucham, Stéphane Mocanu, Guillaume Hiet, Jean-Marc Thiriet, and Frédéric Majorczyk. 2022. Cross-domain alert correlation methodology for industrial control systems. Computers & Security, Vol. 118 (2022), 102723. https://doi.org/10.1016/j.cose.2022.102723

Digital Library

[48]

Tim Krause, Raphael Ernst, Benedikt Klaer, Immanuel Hacker, and Martin Henze. 2021. Cybersecurity in Power Grids: Challenges and Opportunities. Sensors, Vol. 21, 18 (2021), 6225. https://doi.org/10.3390/s21186225

[49]

Bowen Li, Xin Peng, Qilin Xiang, Hanzhang Wang, Tao Xie, Jun Sun, and Xuanzhe Liu. 2022. Enjoy your observability: an industrial survey of microservice tracing and analysis. Empirical Software Engineering, Vol. 27, 1 (2022), 25. https://doi.org/10.1007/s10664-021--10063--9

Digital Library

[50]

Zhenyuan Li, Qi Alfred Chen, Chunlin Xiong, Yan Chen, Tiantian Zhu, and Hai Yang. 2019. Effective and Light-Weight Deobfuscation and Semantic-Aware Attack Detection for PowerShell Scripts. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS 2019), Lorenzo Cavallaro, Johannes Kinder, XiaoFeng Wang, and Jonathan Katz (Eds.). ACM, 1831--1847. https://doi.org/10.1145/3319535.3363187

Digital Library

[51]

Yushan Liu, Xiaokui Shu, Yixin Sun, Jiyong Jang, and Prateek Mittal. 2022. RAPID: Real-Time Alert Investigation with Context-aware Prioritization for Efficient Threat Discovery. In Proceedings of the 38th Annual Computer Security Applications Conference (ACSAC 2022). ACM, 827--840. https://doi.org/10.1145/3564625.3567997

Digital Library

[52]

Martin Macák, Lukas Daubner, Mohammadreza Fani Sani, and Barbora Buhnova. 2021. Cybersecurity Analysis via Process Mining: A Systematic Literature Review. In Proceedings of the 17th International Conference on Advanced Data Mining and Applications (ADMA 2021) (2022) (Lecture Notes in Computer Science, Vol. 13087), Bohan Li, Lin Yue, Jing Jiang, Weitong Chen, Xue Li, Guodong Long, Fei Fang, and Han Yu (Eds.). Springer, 393--407. https://doi.org/10.1007/978--3-030--95405--5_28

[53]

Mainflux. 2022. mProxy is an MQTT proxy. https://github.com/mainflux/mproxy. Accessed: November 5, 2023.

[54]

ManageEngine. 2022. RabbitMQ Monitoring. https://www.manageengine.com/products/applications_manager/rabbitmq-monitoring.html. Accessed: November 5, 2023.

[55]

Petr Matousek, Ondrej Rysavý, and Matej Grégr. 2019. Security Monitoring of IoT Communication Using Flows. In Proceedings of the 6th Conference on the Engineering of Computer Based Systems (ECBS 2019), Maria-Iuliana Dascalu, Ondrej Rysavý, Constanta-Nicoleta Bodea, Moshe Goldstein, and Miodrag Dukic (Eds.). ACM, 18:1--18:9. https://doi.org/10.1145/3352700.3352718

Digital Library

[56]

Microsoft. 2023. Introducing Microsoft Security Copilot: Empowering defenders at the speed of AI. https://blogs.microsoft.com/blog/2023/03/28/introducing-microsoft-security-copilot-empowering-defenders-at-the-speed-of-ai/. Accessed: November 5, 2023.

[57]

Francesco Minna, Agathe Blaise, Filippo Rebecchi, Balakrishnan Chandrasekaran, and Fabio Massacci. 2021. Understanding the Security Implications of Kubernetes Networking. IEEE Security & Privacy, Vol. 19, 5 (2021), 46--56. https://doi.org/10.1109/MSEC.2021.3094726

[58]

Sasho Nedelkoski, Jorge Cardoso, and Odej Kao. 2019. Anomaly Detection and Classification using Distributed Tracing and Deep Learning. In Proceedings of the 19th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, (CCGRID 2019). IEEE, 241--250. https://doi.org/10.1109/CCGRID.2019.00038

[59]

Jeyasingam Nivethan and Mauricio Papa. 2016. A SCADA Intrusion Detection Framework that Incorporates Process Semantics. In Proceedings of the 11th Annual Cyber and Information Security Research Conference (CISRC 2016), Joseph P. Trien, Stacy J. Prowell, John R. Goodall, and Robert A. Bridges (Eds.). ACM, 6:1--6:5. https://doi.org/10.1145/2897795.2897814

Digital Library

[60]

Nozomi Networks. 2022. OT/IT Security Report: Cyber War Insights, Threats and Trends, Recommendations. Technical Report. Nozomi Networks.

[61]

ntop. 2022. nDPI: Open and Extensible LGPLv3 Deep Packet Inspection Library. https://www.ntop.org/products/deep-packet-inspection/ndpi/.

[62]

nTop. 2022. nProbe - An Extensible NetFlow v5/v9/IPFIX Probe for IPv4/v6. https://www.ntop.org/products/netflow/nprobe/. Accessed: November 5, 2023.

[63]

OpenTelemetry. 2023. High-quality, ubiquitous, and portable telemetry to enable effective observability. https://opentelemetry.io/. Accessed: November 5, 2023.

[64]

OpenZipkin. 2023. Zipkin. https://zipkin.io/. Accessed: November 5, 2023.

[65]

P. Phaal and S. Panchen and N. McKee. 2001. InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks. Technical Report. https://doi.org/10.17487/rfc3176 RFC 3176.

[66]

Paessler AG. 2022. PRTG Manual: MQTT Subscribe Custom Sensor. https://www.paessler.com/manuals/prtg/mqtt_subscribe_custom_sensor. Accessed: November 5, 2023.

[67]

Aditya Pakki and Kangjie Lu. 2020. Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS 2020), Jay Ligatti, Xinming Ou, Jonathan Katz, and Giovanni Vigna (Eds.). ACM, 1203--1218. https://doi.org/10.1145/3372297.3417256

Digital Library

[68]

Palo Alto Networks. 2022. The Connected Enterprise: IoT Security Report 2021. Technical Report. Palo Alto Networks.

[69]

Carl Adam Petri. 1966. Communication with automata. https://doi.org/10.21236/ad0630125

[70]

pmacct. 2022. pmacct is a small set of multi-purpose passive network monitoring tools. https://github.com/pmacct/pmacct. Accessed: November 5, 2023.

[71]

Progress Flowmon. 2022. Flowmon Packet Investigator: Automated PCAP capture and analyzer. https://www.flowmon.com/en/products/software-modules/packet-investigator. Accessed: November 5, 2023.

[72]

LTTng Project. 2023. LTTng: Linux Trace Toolkit Next Generation. https://lttng.org/. Accessed: November 5, 2023.

[73]

Johannes Sedlmeir, Philipp Ross, André Luckow, Jannik Lockl, Daniel Miehle, and Gilbert Fridgen. 2021. The DLPS: A New Framework for Benchmarking Blockchains. In Proceedings of the 54th Hawaii International Conference on System Sciences (HICSS 2021) (2021). ScholarSpace, 1--10. https://doi.org/10.24251/hicss.2021.822

[74]

Benjamin H. Sigelman, Luiz André Barroso, Mike Burrows, Pat Stephenson, Manoj Plakal, Donald Beaver, Saul Jaspan, and Chandan Shanbhag. 2010. Dapper, a Large-Scale Distributed Systems Tracing Infrastructure. Technical Report. Google, Inc. https://research.google.com/archive/papers/dapper-2010--1.pdf

[75]

Amit Kumar Sikder, Hidayet Aksu, and A. Selcuk Uluagac. 2017. 6thSense: A Context-aware Sensor-based Attack Detector for Smart Devices. In Proceedings of the 26th USENIX Security Symposium (USENIX Security 2017), Engin Kirda and Thomas Ristenpart (Eds.). USENIX Association, 397--414.

[76]

Site24x7. 2022. RabbitMQ Monitoring. https://www.site24x7.com/plugins/rabbitmq-monitoring.html. Accessed: November 5, 2023.

[77]

SolwarWinds. 2022. RabbitMQ Monitoring Tool. https://www.solarwinds.com/server-application-monitor/use-cases/rabbitmq-monitoring. Accessed: November 5, 2023.

[78]

Inc. Uber Technologies. 2023. Jaeger. https://www.jaegertracing.io/. Accessed: November 5, 2023.

[79]

Ubuntu Manpage Repository. 2022. nfcapd - netflow capture daemon. https://manpages.ubuntu.com/manpages/bionic/man1/nfcapd.1.html. Accessed: November 5, 2023.

[80]

Wil Van Der Aalst. 2012. Process Mining. Commun. ACM, Vol. 55, 8 (2012), 76--83. https://doi.org/10.1145/2240236.2240257

Digital Library

[81]

Wil Van Der Aalst. 2016. Process Mining - Data Science in Action. Springer. https://doi.org/10.1007/978--3--662--49851--4

[82]

Christian Wakup and Jörg Desel. 2014. Analyzing a TCP/IP-Protocol with Process Mining Techniques. In Proceedings of the 2014 International Conference on Business Process Management (BPM 2014) (2015) (Lecture Notes in Business Information Processing, Vol. 202), Fabiana Fournier and Jan Mendling (Eds.). Springer, 353--364. https://doi.org/10.1007/978--3--319--15895--2_30

[83]

Rüdiger Wirth and Jochen Hipp. 2000. CRISP-DM: Towards a standard process model for data mining. In Proceedings of the 4th international conference on the practical applications of knowledge discovery and data mining, Vol. 1. Manchester, 29--40.

[84]

IIoT World. 2022. 2022 Building IIoT Systems Survey Report. https://www.iiot-world.com/wp-content/uploads/2022/10/2022-Building-IIoT-Systems-Survey-Report.pdf Accessed: November 5, 2023.

[85]

Zabbix. 2022. Zabbix MQTT. https://www.zabbix.com/de/integrations/mqtt. Accessed: November 5, 2023.

[86]

Chunjie Zhou, Shuang Huang, Naixue Xiong, Shuang-Hua Yang, Huiyun Li, Yuanqing Qin, and Xuan Li. 2015. Design and Analysis of Multimodel-Based Anomaly Intrusion Detection Systems in Industrial Process Automation. IEEE Transactions on Systems, Man, and Cybernetics: Systems, Vol. 45, 10 (2015), 1345--1360. https://doi.org/10.1109/TSMC.2015.2415763

Cited By

Amer EAl-rimy BEl-Sappagh S(2025)Strengthening ICS defense: Modbus-NFA behavior model for enhanced anomaly detectionJournal of Information Security and Applications10.1016/j.jisa.2025.10399089(103990)Online publication date: Mar-2025
https://doi.org/10.1016/j.jisa.2025.103990
Hornsteiner MEmpl PBunghardt TSchönig S(2024)Reading between the Lines: Process Mining on OPC UA Network DataSensors10.3390/s2414449724:14(4497)Online publication date: 11-Jul-2024
https://doi.org/10.3390/s24144497

Index Terms

Process-Aware Intrusion Detection in MQTT Networks
1. Networks
  1. Network protocols
    1. Application layer protocols
      1. Peer-to-peer protocols
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems
  2. Network security

Recommendations

Overview of intrusion detection and intrusion prevention
InfoSecCD '08: Proceedings of the 5th annual conference on Information security curriculum development

This report provides an overview of IPS systems. In the first section a comparison of IDS and IPS is made, where an IPS system is defined as an integration of IDS and a firewall. The second section describes what is needed to set up an IPS system. In ...
Intrusion Detection in the RPL-connected 6LoWPAN Networks
IoTPTS '17: Proceedings of the 3rd ACM International Workshop on IoT Privacy, Trust, and Security

The interconnectivity of 6LoWPAN networks with the Internet raises serious security concerns, as constrained 6LoWPAN devices are accessible anywhere from the untrusted global Internet. Also, 6LoWPAN devices are mostly deployed in unattended environments,...
Intelligent IDS: Venus Fly-Trap Optimization with Honeypot Approach for Intrusion Detection and Prevention
Abstract
Intrusion Detection Systems and Intrusion Prevention Systems are used to detect and prevent attacks/malware from entering the network/system. Honeypot is a type of Intrusion Detection System which is used to find the intruder, study the intruder ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '24: Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy

June 2024

429 pages

ISBN:9798400704215

DOI:10.1145/3626232

General Chair:
João P. Vilela
University of Porto, Portugal
,
Program Chairs:
Haya Schulmann
Goethe-Universität Frankfurt | National Research Center for Applied Cybersecurity ATHENE, Germany
,
Ninghui Li
Purdue University, USA

Copyright © 2024 Owner/Author.

This work is licensed under a Creative Commons Attribution-NonCommercial International 4.0 License.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 June 2024

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

German Federal Ministry of Education and Research

Conference

CODASPY '24

Sponsor:

SIGSAC

CODASPY '24: Fourteenth ACM Conference on Data and Application Security and Privacy

June 19 - 21, 2024

Porto, Portugal

Acceptance Rates

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
437
Total Downloads

Downloads (Last 12 months)437
Downloads (Last 6 weeks)47

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Amer EAl-rimy BEl-Sappagh S(2025)Strengthening ICS defense: Modbus-NFA behavior model for enhanced anomaly detectionJournal of Information Security and Applications10.1016/j.jisa.2025.10399089(103990)Online publication date: Mar-2025
https://doi.org/10.1016/j.jisa.2025.103990
Hornsteiner MEmpl PBunghardt TSchönig S(2024)Reading between the Lines: Process Mining on OPC UA Network DataSensors10.3390/s2414449724:14(4497)Online publication date: 11-Jul-2024
https://doi.org/10.3390/s24144497

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten