All Eyes on You: Distributed Multi-Dimensional IoT Microservice Anomaly Detection
TUM published a new article about securing the IoT at the 14th International Conference on Network and Service Management (CNSM)!
The Internet of Things (IoT) is a Distributed System
of cooperating Microservices (µSs). IoT services manage devices
that monitor and control their environments. The interaction of
the IoT with the physical environment creates strong security,
privacy, and safety implications. It makes providing adequate
security for IoT µSs essential. However, the complexity of IoT
services makes detecting anomalous behavior difficult.
We present a machine-learning based approach for modeling
IoT service behavior by only observing inter-service communication. Our algorithm continuously learns µS models on distributed
IoT nodes within an IoT site. Combining the learned models
within and in-between IoT sites converges our µS models within
short time. Sharing the resulting stable models among compute
nodes enables good anomaly detection.
As one application, firewalling IoT µSs becomes possible. Combining our autonomous µS modeling with firewalling enables
retrofitting security to existing IoT installations. We enable
retrofitting access control to existing non-secure IoT installations.
Our proposed approach is resource efficient, matching the
requirements of the IoT. To evaluate the quality of our proposed
algorithm, we show its behavior for a set of common IoT attacks.
We evaluate how domain knowledge enables us to decorrelate
events on a node, and how adding context features improves the
detection rate.
You can find the article here: