Multi-level Bluetooth Intrusion Detection System

Shalaka Satam, Pratik Satam, Salim Hariri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Scopus citations

Abstract

Large scale deployment of IoT devices has made Bluetooth Protocol (IEEE 802.15.1) the wireless protocol of choice for close-range communications. Devices such as keyboards, smartwatches, headphones, computer mouse, and various wearable connecting devices use Bluetooth network for communication. Moreover, Bluetooth networks are widely used in medical devices like heart monitors, blood glucose monitors, asthma inhalers, and pulse oximeters. Also, Bluetooth has replaced cables for wire-free equipment in a surgical environment. In hospitals, devices communicate with one another, sharing sensitive and critical information over Bluetooth scatter-networks. Thus, it is imperative to secure the Bluetooth networks against attacks like Man in the Middle attack (MITM), eavesdropping attacks, and Denial of Service (DoS) attacks. This paper presents a Multi-Level Bluetooth Intrusion Detection System (ML-BIDS) to detect malicious attacks against Bluetooth devices. In the ML-IDS framework, we perform continuous device identification and authorization in Bluetooth networks following the zero-trust principle [ref]. The ML-BIDS framework includes an anomaly-based intrusion detection system (ABIDS) to detect attacks on the Bluetooth protocol. The ABIDS tracks the normal behavior of the Bluetooth protocol by comparing it with the Bluetooth protocol state machine. Bluetooth frame flows consisting of Bluetooth frames received over 10 seconds are split into n-grams to track the current state of the protocol in the state machine. We evaluated the performance of several machine learning algorithms like C4.5, Adaboost, SVM, Naive Bayes, Jrip, and Bagging to classify normal Bluetooth protocol flows from abnormal Bluetooth protocol flows. The ABIDS detects attacks on Bluetooth protocols with a precision of up to 99.6% and recall up to 99.6%. The ML-BIDS framework also performs whitelisting of the devices on the Bluetooth network to prevent unauthorized devices from connecting to the network. ML-BIDS uses a combination of the Bluetooth Address, mac address, and IP address to uniquely identify a Bluetooth device connecting to the network, and hence ensuring only authorized devices can connect to the Bluetooth network.

Original languageEnglish (US)
Title of host publication2020 IEEE/ACS 17th International Conference on Computer Systems and Applications, AICCSA 2020
PublisherIEEE Computer Society
ISBN (Electronic)9781728185774
DOIs
StatePublished - Nov 2020
Externally publishedYes
Event17th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2020 - Virtual, Antalya, Turkey
Duration: Nov 2 2020Nov 5 2020

Publication series

NameProceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA
Volume2020-November
ISSN (Print)2161-5322
ISSN (Electronic)2161-5330

Conference

Conference17th IEEE/ACS International Conference on Computer Systems and Applications, AICCSA 2020
Country/TerritoryTurkey
CityVirtual, Antalya
Period11/2/2011/5/20

Keywords

  • Anomaly based Intrusion Detection
  • Bluetooth Security
  • IEEE 802.15.1
  • Internet of Things (IoT)
  • Whitelisting

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Signal Processing
  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Multi-level Bluetooth Intrusion Detection System'. Together they form a unique fingerprint.

Cite this