Stepping out of the MUD: Contextual threat information for IoT devices with manufacturer-provided behaviour profiles

Luca Morgese Zangrandi, Thijs van Ede, Tim Booij, Savio Sciancalepore, Luca Allodi, Andrea Continella

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

2 Citations (Scopus)
26 Downloads (Pure)

Abstract

Besides coming with unprecedented benefits, the Internet of Things (IoT) suffers deficits in security measures, leading to attacks increas- ing every year. In particular, network environments such as smart homes lack managed security capabilities to detect IoT-related at- tacks; IoT devices hosted therein are thus more easily infiltrated by threats. As such, context awareness on IoT infections is hard to achieve, preventing prompt response. In this work, we propose MUDscope, an approach to monitor malicious network activities affecting IoT in real-world consumer environments. We leverage the recent Manufacturer Usage Description (MUD) specification, which defines networking whitelists for IoT devices in MUD pro- files, to reflect consistent and necessarily-anomalous activities from smart things. Our approach characterizes this traffic and extracts signatures for given attacks. By analyzing attack signatures for multiple devices, we gather insights into emerging attack patterns. We evaluate our approach on both an existing dataset, and a new openly available dataset created for this research. We show that MUDscope detects several attacks targeting IoT devices with an F1-score of 95.77% and correctly identifies signatures for specific attacks with an F1-score of 87.72%.
Original languageEnglish
Title of host publicationProceedings of the Annual Computer Security Applications Conference, ACSAC 2022
PublisherApplied Computer Security Associates
Number of pages15
DOIs
Publication statusPublished - 6 Dec 2022
EventAnnual Computer Security Applications Conference, ACSAC 2022 - Auston, United States
Duration: 5 Dec 20229 Dec 2022

Conference

ConferenceAnnual Computer Security Applications Conference, ACSAC 2022
Abbreviated titleACSAC 2022
Country/TerritoryUnited States
CityAuston
Period5/12/229/12/22

Keywords

  • Cybersecurity

Fingerprint

Dive into the research topics of 'Stepping out of the MUD: Contextual threat information for IoT devices with manufacturer-provided behaviour profiles'. Together they form a unique fingerprint.

Cite this