Anomaly Behavior Analysis of IoT Protocols

Cisco Visual Networking Index (VNI) forecasts that there will be 4.6 billion Internet users by the end of 2021, and 27.1 billion devices connected to the Internet by the end of 2021. This increase in the number of devices on the Internet can be attributed to the increasing number of Internet of Things (IoT) devices on the Internet. IoT devices communicate with each other or over cloud-based services via the Internet or wireless local networks like Wi-Fi, Bluetooth, and Zigbee. As IoT devices become ubiquitous, there is a need to ensure security of these devices and the privacy of their smart services from cyberattacks. In this chapter, we present a systematic approach to model the behavior of IoT devices, perform threat modeling on IoT devices and their applications, and present solutions to detect and mitigate the impacts of attacks against their protocols such as Wi-Fi and Bluetooth. The presented IoT architecture divides IoT/cyber-physical systems into four functional layers: End devices, Communications, Services, and End Users/Applications. Using this four-layer functional architecture, we use IoT threat modeling framework to identify existing IoT attack surfaces (ASs) and develop mitigations and protection methods against potential exploitations. We apply the IoT threat modeling framework to the Wi-Fi and the Bluetooth protocols, and how our anomaly behavior analysis-based intrusion detection systems (ABA-IDS) can detect attacks that exploit their vulnerabilities. Our experimental results show the ABA-IDS designed for the Wi-Fi and the Bluetooth protocols can detect against these protocols with a high accuracy with low false positives and low false negatives.