Download file
Download file
2 files

Context-Aware and Class Imbalance Invariant Threat Severity Assessment for Heterogeneous IoT

posted on 2021-11-01, 18:22 authored by Nitish ANitish A, J. Hanumanthappa, Shiva Prakash S.P, Kirill Krinkin
Due to demand for information ubiquity and large-scale automation, proliferating Internet-connected heterogeneous devices exhibit significant variations in data processing capacities, purposes, operating principles, underlying protocols, and dynamic contexts. As a result, adversarial entities exploit the increasing heterogeneous network (HetIoT) vulnerabilities, leading to frequent high-impact attacks due to anomalous device interactions and scarce knowledgebase. This paper presents a two-fold solution to the problem through a network intrusion detection and prevention framework for HetIoT, called \textit{HetIoT-NIDPS}. Firstly, we assign fault scores to the Expert-curated Knowledgebase (EK) framework, correlating with low-level alerts to assess threat severity and achieve context-awareness. Secondly, the proposed Beta distribution-based HetIoT traffic behavior approximation facilitates class imbalance invariance and improves classifier performance. Additionally, the HetIoT-NIDPS can detect zero-day attacks by identifying known attack variations upon encountering unseen traffic instances. Furthermore, the dynamic HetIoT contexts necessitate real-time threat assessment through online training---performed by analyzing small batches of network traffic samples. We propound the \textit{CorrELM} classifier based on the extreme learning machine algorithm and test the hypotheses on the Bot-IoT dataset. Finally, we prioritize the correlated alerts based on their severity, determined from root cause analysis and threat severity assessment tables. The results obtained prove that the proposed HetIoT-NIDPS framework is context-aware---producing reduced false alerts, class imbalance invariant---facilitating near real-time threat assessment with unbiased classifier performance, and generalizable---applicable to many NID datasets, which the existing techniques lack when combined.


Ministry of Science and Higher Education of the Russian Federation


Email Address of Submitting Author

ORCID of Submitting Author


Submitting Author's Institution

University of Mysore

Submitting Author's Country