Attacks on IoT: Side-Channel Power Acquisition Framework for Intrusion Detection-Reference-Cited by-同舟云学术

Attacks on IoT: Side-Channel Power Acquisition Framework for Intrusion Detection

Published:2023-05-21 Issue:5 Volume:15 Page:187
ISSN:1999-5903
Container-title:Future Internet
language:en
Short-container-title:Future Internet

Author:

Lightbody Dominic¹^ORCID,Ngo Duc-Minh¹^ORCID,Temko Andriy¹^ORCID,Murphy Colin C.¹,Popovici Emanuel¹^ORCID

Affiliation:

1. Electrical and Electronic Engineering, University College Cork, T12 K8AF Cork, Ireland

Abstract

This study proposes the wider use of non-intrusive side-channel power data in cybersecurity for intrusion detection. An in-depth analysis of side-channel IoT power behaviour is performed on two well-known IoT devices—a Raspberry Pi 3 model B and a DragonBoard 410c—operating under normal conditions and under attack. Attacks from the categories of reconnaissance, brute force and denial of service are applied, and the side-channel power data of the IoT testbeds are then studied in detail. These attacks are used together to further compromise the IoT testbeds in a “capture-the-flag scenario”, where the attacker aims to infiltrate the device and retrieve a secret file. Some clear similarities in the side-channel power signatures of these attacks can be seen across the two devices. Furthermore, using the knowledge gained from studying the features of these attacks individually and the signatures witnessed in the “capture the flag scenario”, we show that security teams can reverse engineer attacks applied to their system to achieve a much greater understanding of the events that occurred during a breach. While this study presents behaviour signatures analysed visually, the acquired power series datasets will be instrumental for future human-centred AI-assisted intrusion detection.

Funder

Science Foundation Ireland INSIGHT Centre for Data Analytics

Publisher

MDPI AG

Subject

Computer Networks and Communications

Link

https://www.mdpi.com/1999-5903/15/5/187/pdf

Reference58 articles.

1. Griffiths, C. (2023, April 06). The Latest 2023 Cyber Crime Statistics (Updated March 2023). Available online: https://aag-it.com/the-latest-cyber-crime-statistics/.

2. Forum, W.E. (2023, April 06). Partnership against Cybercrime, Insight Report 2020. Available online: https://www.weforum.org/reports/partnership-against-cybercrime/.

3. Cybersecurity Infrastructure Security Agency (2023, April 06). Stop Ransomware|CISA, Available online: https://www.cisa.gov/stopransomware/.

4. National Cybersecurity and Communications Integration Center (2023, April 06). What Is Wannacry/Wanacrypt0r?, Available online: https://www.cisa.gov/sites/default/files/FactSheets/NCCICICS_FactSheet_WannaCry_Ransomware_S508C.pdf.

5. Chappell, B., and Neuman, S. (2023, April 06). U.S. Says North Korea ’Directly Responsible’ For WannaCry Ransomware Attack. Available online: https://www.npr.org/sections/thetwo-way/2017/12/19/571854614/u-s-says-north-korea-directly-responsible-for-wannacry-ransomware-attack.

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A review on security implementations in soft-processors for IoT applications;Computers & Security;2024-04

2. Special Issue on Security and Privacy in Blockchains and the IoT Volume II;Future Internet;2023-08-16

3. Network Attack Detection on IoT Devices Using 2D-CNN Models;Intelligence of Things: Technologies and Applications;2023