Affiliation:
1. Department of Computer Engineering, University of Engineering and Technology, Lahore 54890, Pakistan
2. Department of Computer Science, School of Science, Engineering and Environment, University of Salford, Manchester M5 4WT, UK
3. Al-Khwarizmi Institute of Computer Science (KICS), University of Engineering and Technology, Lahore 54890, Pakistan
Abstract
The Internet of Things (IoT) provides ease of real-time communication in homes, industries, health care, and many other dependable and interconnected sectors. However, in recent years, smart infrastructure, including cyber-physical industries, has witnessed a severe disruption of operation due to privilege escalation, exploitation of misconfigurations, firmware hijacking, malicious node injection, botnets, and other malware infiltrations. The proposed agentless module for Wazuh security information and event management (SIEM) solution contributes to securing small- to large-scale IoT networks of industry 4.0. An agentless module is implemented by vigilantly examining the IoT device traffic without installing any agent or software on the endpoints. In the proposed research scheme, a module sniffs the network traffic of IoT devices captured from the gateway and passes it to a machine learning model for initial detection and prediction. The output of the ML model is embedded in the JSON log format and passed through the Wazuh agent to the Wazuh server where a decoder is added that decodes the network traffic logs. For event monitoring in Wazuh, industrial protocols are also thoroughly analyzed, and the feature set is determined. These features are used to write rules which are tested on the SWaT dataset, utilizing a common industrial protocol (CIP) for communication. Custom and dynamic rules are written at the Wazuh end to generate alerts to respond to any anomaly detected by the machine learning (ML) model or in the protocols used. Finally, in case of any event or an attack is detected, the alerts are fired on the Wazuh dashboard. This agentless SIEM solution has practical implications for the security of the industrial control systems of industry 4.0.
Subject
Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering
Reference28 articles.
1. Vailshery, L.S. (2022, July 09). Internet of Things (IoT) and Non-IoT Active Device Connections Worldwide from 2010 to 2025 (In Billions). Available online: https://www.statista.com/statistics/1101442/iot-number-of-connected-devices-worldwide/#:~:text=IoT%20and%20non%2DIoT%20connections%20worldwide%202010%2D2025&text=The%20total%20installed%20base%20of,that%20are%20expected%20in%202021.
2. A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT;Sengupta;J. Netw. Comput. Appl.,2020
3. Cyrus, C. (2021, July 09). IoT Cyberattacks Escalate in 2021, According to Kaspersky. Available online: https://urgentcomm.com/2021/09/20/iot-cyberattacks-escalate-in-2021-according-to-kaspersky/.
4. Network intrusion detection for IoT security based on learning techniques;Chaabouni;IEEE Commun. Surv. Tutor.,2019
5. Extending network programmability to the things overlay using distributed industrial IoT protocols;Municio;IEEE Trans. Ind. Inform.,2020
Cited by
7 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献