IEEE transactions on vehicular technology, 2024-09, Vol.73 (9), p.13278-13291
2024
Volltextzugriff (PDF)
Details
- Autor(en) / Beteiligte
- Titel
- MS-ZeroWall: Detecting Zero-Day Multi-Step Attack in Smart Home Using VAE and HMM
- Ist Teil von
- IEEE transactions on vehicular technology, 2024-09, Vol.73 (9), p.13278-13291
- Ort / Verlag
- New York: IEEE
- Erscheinungsjahr
- 2024
- Quelle
- IEEE Electronic Library Online
- Beschreibungen/Notizen
- The development of technologies in the smart home provides convenience to our living life, however, the resource-constrained characteristics lead to its frequent exposure to various attacks. Previous techniques for attack detection in the Internet of Things (IoT) are primarily fitted to simple attacks (i.e., single-step attack) but are insufficient analysis for dynamic detection of so-called complicated attacks (i.e., multi-step attacks). Usually, there are three challenges for deploying a multi-step attack prediction system under IoT: 1) resource-constrained, 2) frequently unknown multi-step threats, and 3) high demand for real-time. To address these challenges, in this paper, we propose a multi-step attack prediction architecture (namely, MS-ZeroWall ) applied in the smart home. Firstly, the MS-ZeroWall does not need expensive software, which can be easily deployed on resource-constrained IoT. Then, it captures the characteristics of known threats through the variational auto-encoder (VAE) and uses a VAE-based dual-domain defense strategy (DVAE) to achieve unknown multi-step threat identification. In addition, MS-ZeroWall automatically model any multi-step attack by combining the hidden Markov model (HMM) and VAE, and it uses an aggregated HMM (AHMM) approach to improve the multi-step attacks prediction under low time-delay windows so as to satisfy real-time. We evaluate the MS-ZeroWall on a publicly available multi-step attack dataset, with an <inline-formula><tex-math notation="LaTeX">F1</tex-math></inline-formula>-score of over 0.96 on unknown multi-step threat identification, and an average accuracy improvement of 12.3% on low-latency multi-step attack prediction.
- Sprache
- Englisch
- Identifikatoren
- ISSN: 0018-9545eISSN: 1939-9359DOI: 10.1109/TVT.2024.3392793Titel-ID: cdi_ieee_primary_10507036
- Format
- –
- Schlagworte
- Computer architecture, Constraints, Denial-of-service attack, Hidden Markov model (HMM), Hidden Markov models, Internet of Things, Internet of Things (IoT), Markov chains, multi-step attack, Network latency, Predictive models, Real time, Smart buildings, smart home, Smart homes, Smart houses, Streams, variational auto-encoder (VAE)