Um Método para Detecção de Vulnerabilidades Através da Análise do Tráfego de Rede IoT
Resumo
A Internet das Coisas (do inglês, Internet of Things IoT) compreende dispositivos sem fio com recursos computacionais limitados. Ela é alvo de ataques que exploram vulnerabilidades como a transferência de dados sem criptografia. A detecção convencional de vulnerabilidades ocorre a partir de bases de dados que listam as vulnerabilidades mais comuns (do inglês, common vulnerabilities and exposures – CVEs). Porém, essas bases são limitadas a vulnerabilidades conhecidas, o que na maioria das vezes não é o caso para o contexto da IoT. Este trabalho propõe MANDRAKE, um método para detecção de Vulnerabilidades através da análise do tráfego de Rede IoT e técnicas de aprendizado de máquina. A avaliação de desempenho foi conduzida em um cenário de casa inteligente com duas bases de dados, uma gerada experimentalmente e outra disponibilizada na literatura. Os resultados apontaram até 99% de precisão na detecção de vulnerabilidades na criptografia do tráfego.
Referências
Bedhief, I., Kassar, M., and Aguili, T. (2016). SDN-based architecture challenging the IoT heterogeneity. In Proc. of the IEEE SCNS, pages 1–3, Dubai, United Arab Emirates.
Bhatia, R., Benno, S., Esteban, J., Lakshman, T. V., and Grogan, J. (2019). Unsupervised machine learning for network-centric anomaly detection in IoT. In Proc.of the ACM, Big-DAMA, page 42–48, New York, NY, USA. ACM.
Chernis, B. and Verma, R. (2018). Machine learning methods for software vulnerability detection. In Proc. of the ACM, IWSPA, page 31–39, Tempe, AZ, USA.
Dorfinger, P., Panholzer, G., and John, W. (2011). Entropy estimation for real-time encrypted traffic identification. In Domingo-Pascual, J., Shavitt, Y., and Uhlig, S., editors, Traffic Monitoring and Analysis, pages 164–171, Berlin, Heidelberg. Springer Berlin Heidelberg.
Fang, Z., Fu, H., Gu, T., Qian, Z., Jaeger, T., and Mohapatra, P. (2019). Foresee: A cross-layer vulnerability detection framework for the IoT. In Proc. of the IEEE MASS, pages 236–244, Monterey, CA, USA.
Forbes (2021). The Five Biggest Cyber Security Trends In 2022. Disponível em: [link]. Acessado em Fevereiro, 2022.
He, D., Gu, H., Li, T., Du, Y., Wang, X., Zhu, S., and Guizani, N. (2020). Toward hybrid staticdynamic detection of vulnerabilities in IoT firmware. IEEE Network, 2(35):202–207.
Huang, D. Y., Apthorpe, N., Li, F., Acar, G., and Feamster, N. (2020). IoT inspector: Crowdsourcing labeled network traffic from smart home devices at scale. ACM Interact. Mob. Wearable Ubiquitous Technol., 4(2):21.
Jia, X., Li, X., and Gao, Y. (2017). A novel semi-automatic vulnerability detection system for smart home. In Proc. of the BDIoT, page 195–199, New York, NY, USA.
Jia, Y., Xiao, Y., Yu, J., Cheng, X., Liang, Z., and Wan, Z. (2018). A novel graph-based mechanism for identifying traffic vulnerabilities in smart home IoT. In Proc. of the IEEE INFOCOM, pages 1493–1501, Honolulu, HI, USA.
Lin, G., Wen, S., Han, Q. L., Zhang, J., and Xiang, Y. (2020). Software vulnerability detection using deep neural networks: A survey. IEEE, 108(10):1825–1848.
Ma, C., Du, X., and Cao, L. (2020). Improved knn algorithm for fine-grained classification of encrypted network flow. Electronics, 9(2):324.
Medeiros, I., Neves, N., and Correia, M. (2016). Dekant: A static analysis tool that learns to detect web application vulnerabilities. In Proc. of the ACM ISSTA, page 1–11, New York, NY, USA.
Orebaugh, A., Ramirez, G., Beale, J., and Wright, J. (2007). Wireshark & Ethereal Network Protocol Analyzer Toolkit. Syngress Publishing.
Puhan, Z., Jianxiong, W., Xin, W., and Zehui, W. (2014). Decrypted data detection algorithm based on dynamic dataflow analysis. In Proc. of the IEEE CITS, pages 1–4, Jeju, Korea (South).
Rezaei, S. and Liu, X. (2019). Deep learning for encrypted traffic classification: An overview. IEEE Communications Magazine, 57(5):76–81.
Sachidananda, V., Bhairav, S., and Elovici, Y. (2020). Over: Overhauling vulnerability detection for IoT through an adaptable and automated static analysis framework. In Proc. of the ACM SAC, page 729–738, New York, NY, USA.
Shannon, C. E. (1948). A mathematical theory of communication. The Bell System Technical Journal, 27(4):623–656.
Sivanathan, A., Gharakheili, H. H., Loi, F., Radford, A., Wijenayake, C., Vishwanath, A., and Sivaraman, V. (2019). Classifying IoT devices in smart environments using network traffic characteristics. IEEE Transactions on Mobile Computing, 18(8):1745–1759.
Sonnekalb, T. (2019). Machine-learning supported vulnerability detection in source code. In Proc. of the ACM ESEC/FSE, page 1180–1183, Tallinn, Estonia.
Wang, Y., Zhang, Z., Guo, L., and Li, S. (2011). Using entropy to classify traffic more deeply. In Proc. of the IEEE VI NAS, pages 45–52, Dalian, China.
Xie, W., Jiang, Y., Tang, Y., Ding, N., and Gao, Y. (2017). Vulnerability detection in IoT firmware: A survey. In Proc. of the IEEE ICPADS, pages 769–772, Shenzhen, China.
Yi, M., Xu, X., and Xu, L. (2019). An intelligent communication warning vulnerability detection algorithm based on IoT technology. IEEE Access, 7:164803–164814.
Zhang, B. (2020). A software upgrade security analysis method on network traffic classification using deep learning. In Proc. of the IEE ICUEMS, pages 568–574, Zhuhai, China.
Bhatia, R., Benno, S., Esteban, J., Lakshman, T. V., and Grogan, J. (2019). Unsupervised machine learning for network-centric anomaly detection in IoT. In Proc.of the ACM, Big-DAMA, page 42–48, New York, NY, USA. ACM.
Chernis, B. and Verma, R. (2018). Machine learning methods for software vulnerability detection. In Proc. of the ACM, IWSPA, page 31–39, Tempe, AZ, USA.
Dorfinger, P., Panholzer, G., and John, W. (2011). Entropy estimation for real-time encrypted traffic identification. In Domingo-Pascual, J., Shavitt, Y., and Uhlig, S., editors, Traffic Monitoring and Analysis, pages 164–171, Berlin, Heidelberg. Springer Berlin Heidelberg.
Fang, Z., Fu, H., Gu, T., Qian, Z., Jaeger, T., and Mohapatra, P. (2019). Foresee: A cross-layer vulnerability detection framework for the IoT. In Proc. of the IEEE MASS, pages 236–244, Monterey, CA, USA.
Forbes (2021). The Five Biggest Cyber Security Trends In 2022. Disponível em: [link]. Acessado em Fevereiro, 2022.
He, D., Gu, H., Li, T., Du, Y., Wang, X., Zhu, S., and Guizani, N. (2020). Toward hybrid staticdynamic detection of vulnerabilities in IoT firmware. IEEE Network, 2(35):202–207.
Huang, D. Y., Apthorpe, N., Li, F., Acar, G., and Feamster, N. (2020). IoT inspector: Crowdsourcing labeled network traffic from smart home devices at scale. ACM Interact. Mob. Wearable Ubiquitous Technol., 4(2):21.
Jia, X., Li, X., and Gao, Y. (2017). A novel semi-automatic vulnerability detection system for smart home. In Proc. of the BDIoT, page 195–199, New York, NY, USA.
Jia, Y., Xiao, Y., Yu, J., Cheng, X., Liang, Z., and Wan, Z. (2018). A novel graph-based mechanism for identifying traffic vulnerabilities in smart home IoT. In Proc. of the IEEE INFOCOM, pages 1493–1501, Honolulu, HI, USA.
Lin, G., Wen, S., Han, Q. L., Zhang, J., and Xiang, Y. (2020). Software vulnerability detection using deep neural networks: A survey. IEEE, 108(10):1825–1848.
Ma, C., Du, X., and Cao, L. (2020). Improved knn algorithm for fine-grained classification of encrypted network flow. Electronics, 9(2):324.
Medeiros, I., Neves, N., and Correia, M. (2016). Dekant: A static analysis tool that learns to detect web application vulnerabilities. In Proc. of the ACM ISSTA, page 1–11, New York, NY, USA.
Orebaugh, A., Ramirez, G., Beale, J., and Wright, J. (2007). Wireshark & Ethereal Network Protocol Analyzer Toolkit. Syngress Publishing.
Puhan, Z., Jianxiong, W., Xin, W., and Zehui, W. (2014). Decrypted data detection algorithm based on dynamic dataflow analysis. In Proc. of the IEEE CITS, pages 1–4, Jeju, Korea (South).
Rezaei, S. and Liu, X. (2019). Deep learning for encrypted traffic classification: An overview. IEEE Communications Magazine, 57(5):76–81.
Sachidananda, V., Bhairav, S., and Elovici, Y. (2020). Over: Overhauling vulnerability detection for IoT through an adaptable and automated static analysis framework. In Proc. of the ACM SAC, page 729–738, New York, NY, USA.
Shannon, C. E. (1948). A mathematical theory of communication. The Bell System Technical Journal, 27(4):623–656.
Sivanathan, A., Gharakheili, H. H., Loi, F., Radford, A., Wijenayake, C., Vishwanath, A., and Sivaraman, V. (2019). Classifying IoT devices in smart environments using network traffic characteristics. IEEE Transactions on Mobile Computing, 18(8):1745–1759.
Sonnekalb, T. (2019). Machine-learning supported vulnerability detection in source code. In Proc. of the ACM ESEC/FSE, page 1180–1183, Tallinn, Estonia.
Wang, Y., Zhang, Z., Guo, L., and Li, S. (2011). Using entropy to classify traffic more deeply. In Proc. of the IEEE VI NAS, pages 45–52, Dalian, China.
Xie, W., Jiang, Y., Tang, Y., Ding, N., and Gao, Y. (2017). Vulnerability detection in IoT firmware: A survey. In Proc. of the IEEE ICPADS, pages 769–772, Shenzhen, China.
Yi, M., Xu, X., and Xu, L. (2019). An intelligent communication warning vulnerability detection algorithm based on IoT technology. IEEE Access, 7:164803–164814.
Zhang, B. (2020). A software upgrade security analysis method on network traffic classification using deep learning. In Proc. of the IEE ICUEMS, pages 568–574, Zhuhai, China.
Publicado
23/05/2022
Como Citar
BREZOLIN, Uelinton Q.; PRATES JR., Nelson G.; VERGÜTZ, Andressa; NOGUEIRA, Michele.
Um Método para Detecção de Vulnerabilidades Através da Análise do Tráfego de Rede IoT. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 40. , 2022, Fortaleza.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 447-460.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2022.222343.
