Please use this identifier to cite or link to this item: http://hdl.handle.net/11452/33045
Title: Two-tier anomaly detection based on traffic profiling of the home automation system
Authors: Gajewski, Mariusz
Batalla, Jordi Mongay
Levi, Albert
Mavromoustakis, Constandinos X.
Mastorakis, George
Bursa Uludağ Üniversitesi/Mühendislik Fakültesi/Bilgisayar Mühendisliği/Siber Güvenlik Bölümü.
0000-0001-5739-1784
Togay, Cengiz
AAG-9038-2020
15065979500
Keywords: Computer science
Engineering
Telecommunications
Home gateway
Wireless sensor networks
Smart home
Anomaly detection
Internet of things
Intrusion-detection
Internet
Automation
Computer crime
Energy utilization
Enterprise resource planning
Gateways (computer networks)
Home networks
Internet of things
Internet service providers
Intrusion detection
Learning systems
Network security
Search engines
Software agents
Wireless sensor networks
Anomaly correlations
Building equipments
Home automation systems
Home gateway
Intrusion detection systems
Machine learning methods
Shared responsibility
Smart homes
Anomaly detection
Issue Date: 20-Jul-2019
Publisher: Elsevier
Citation: Gajewski, M. vd. (2019). ''Two-tier anomaly detection based on traffic profiling of the home automation system''. Computer Networks, 158, 46-60.
Abstract: Smart building equipment and automation systems often become a target of attacks and are used for attacking other targets located out of the Home Area Network. Attacks are often related to changes in traffic volume, disturbed packet flow or excessive energy consumption. Their symptoms can be recognized and interpreted locally, using software agent at Home Gateway. Although anomalies are detected locally at the Home Gateway, they can be exploited globally. Thus, it is significantly important to detect global attack attempts through anomalies correlation. Our proposal in this paper is the involvement of the Network Operator in Home Area Network security. Our paper describes a novel strategy for anomaly detection that consists of shared responsibilities between user and network provider. The proposed two-tier Intrusion Detection System uses a machine learning method for classifying the monitoring records and searching suspicious anomalies across the network at the service provider's data center. Result show that local anomaly detection combined with anomaly correlation at the service providers level can provide reliable information on the most frequent IoT devices misbehavior which may be caused by infection.
URI: https://doi.org/10.1016/j.comnet.2019.04.013
https://www.sciencedirect.com/science/article/pii/S1389128618311587
http://hdl.handle.net/11452/33045
ISSN: 1389-1286
1872-7069
Appears in Collections:Scopus
Web of Science

Files in This Item:
There are no files associated with this item.


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.