TechRxiv
1/1
2 files

Context-Aware and Class Imbalance Invariant Threat Severity Assessment for Heterogeneous IoT

preprint
posted on 01.11.2021, 18:22 by Nitish ANitish A, J. Hanumanthappa, Shiva Prakash S.P, Kirill Krinkin
Due to demand for information ubiquity and large-scale automation, proliferating Internet-connected heterogeneous devices exhibit significant variations in data processing capacities, purposes, operating principles, underlying protocols, and dynamic contexts. As a result, adversarial entities exploit the increasing heterogeneous network (HetIoT) vulnerabilities, leading to frequent high-impact attacks due to anomalous device interactions and scarce knowledgebase. This paper presents a two-fold solution to the problem through a network intrusion detection and prevention framework for HetIoT, called \textit{HetIoT-NIDPS}. Firstly, we assign fault scores to the Expert-curated Knowledgebase (EK) framework, correlating with low-level alerts to assess threat severity and achieve context-awareness. Secondly, the proposed Beta distribution-based HetIoT traffic behavior approximation facilitates class imbalance invariance and improves classifier performance. Additionally, the HetIoT-NIDPS can detect zero-day attacks by identifying known attack variations upon encountering unseen traffic instances. Furthermore, the dynamic HetIoT contexts necessitate real-time threat assessment through online training---performed by analyzing small batches of network traffic samples. We propound the \textit{CorrELM} classifier based on the extreme learning machine algorithm and test the hypotheses on the Bot-IoT dataset. Finally, we prioritize the correlated alerts based on their severity, determined from root cause analysis and threat severity assessment tables. The results obtained prove that the proposed HetIoT-NIDPS framework is context-aware---producing reduced false alerts, class imbalance invariant---facilitating near real-time threat assessment with unbiased classifier performance, and generalizable---applicable to many NID datasets, which the existing techniques lack when combined.

Funding

Ministry of Science and Higher Education of the Russian Federation

History

Email Address of Submitting Author

nitish.anantha@acm.org

ORCID of Submitting Author

0000-0002-7461-668X

Submitting Author's Institution

University of Mysore

Submitting Author's Country

India