Content uploaded by Mohamed-Lamine Messai
Author content
All content in this area was uploaded by Mohamed-Lamine Messai on Aug 30, 2023
Content may be subject to copyright.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..........
Introduction ......
Related work ..
Proposed solution ......
Evaluation ....
Conclusion
IoT Network Attack Detection: Leveraging Graph Learning
for Enhanced Security
Mohamed-Lamine MESSAI
Associate Professor
ERIC Laboratory, Lyon, France
GRASEC @ ARES Conference 2023 - August 29 - September 01, 2023
Benevento, Italy
Mohamed-Lamine MESSAI Associate Professor ERIC Laboratory, Lyon, France
IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..........
Introduction ......
Related work ..
Proposed solution ......
Evaluation ....
Conclusion
Contents
1Introduction
2Related work
3Proposed solution
4Evaluation
5Conclusion
Mohamed-Lamine MESSAI Associate Professor ERIC Laboratory, Lyon, France
IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..........
Introduction ......
Related work ..
Proposed solution ......
Evaluation ....
Conclusion
Introduction: IoT networks
Distributed networks of small, lightweight wireless nodes
Monitor the environment by measuring physical parameters
such as temperature, pressure, humidity ... etc.
An IoT / sensor device : sensing + processing +
communicating wirelessly + battery
Networks with resource-constrained devices | divers
applications
Mohamed-Lamine MESSAI Associate Professor ERIC Laboratory, Lyon, France
IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..........
Introduction ......
Related work ..
Proposed solution ......
Evaluation ....
Conclusion
Network model: IoT networks
Remote server
Gateway Gateway
Data storage,
proccessing
and analysis
Bi-directed link
Sensor node
Data aggregation,
proccessing
Data sensing and collecting
IoT Platform
ML algorithms
Poisoning attacks
Mohamed-Lamine MESSAI Associate Professor ERIC Laboratory, Lyon, France
IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..........
Introduction ......
Related work ..
Proposed solution ......
Evaluation ....
Conclusion
Why IoT networks ?
IoT applications identied as the most vulnerable applications
[Butun et al., 2019]
67 Zettabytes of data are generated by IoT and sensor devices
in 2020 [CISCO estimation, Ferreboeuf et al. 2021]
From the top 10 IoT Vulnerabilities [OWASP Internet of
Things Project] :
Lack of device security management
Lack of physical hardening
=> Detecting intrusion is an important issue.
Mohamed-Lamine MESSAI Associate Professor ERIC Laboratory, Lyon, France
IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..........
Introduction ......
Related work ..
Proposed solution ......
Evaluation ....
Conclusion
Types of Anti-intrusion systems
Mohamed-Lamine MESSAI Associate Professor ERIC Laboratory, Lyon, France
IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..........
Introduction ......
Related work ..
Proposed solution ......
Evaluation ....
Conclusion
Intrusion Detection Systems (IDS)
Our solution is a network-based IDS
Mohamed-Lamine MESSAI Associate Professor ERIC Laboratory, Lyon, France
IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..........
Introduction ......
Related work ..
Proposed solution ......
Evaluation ....
Conclusion
Why graphs ?
Relational data => graph representation is well adapted
An attack can be combined : in the same host or in a set of
connected hosts
Represent multi-host attacks in a network
Mohamed-Lamine MESSAI Associate Professor ERIC Laboratory, Lyon, France
IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..........
Introduction ......
Related work ..
Proposed solution ......
Evaluation ....
Conclusion
Graphs
An attributed graph can be constructed to contain
information from a computer network.
Detecting attacks by collecting various information from the
network.
Mohamed-Lamine MESSAI Associate Professor ERIC Laboratory, Lyon, France
IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..........
Introduction ......
Related work ..
Proposed solution ......
Evaluation ....
Conclusion
Existing works
Resource consuming and consequently not scalable
Mohamed-Lamine MESSAI Associate Professor ERIC Laboratory, Lyon, France
IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..........
Introduction ......
Related work ..
Proposed solution ......
Evaluation ....
Conclusion
Our solution framework
Mohamed-Lamine MESSAI Associate Professor ERIC Laboratory, Lyon, France
IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..........
Introduction ......
Related work ..
Proposed solution ......
Evaluation ....
Conclusion
Dataset : TON_IoT
It is a recent binary-class labeled dataset specially designed for
detecting attacks from real-world IoT environment
It includes various types of data, such as sensor readings,
network trac, and IoT device interactions
Represented dierent kinds of attacks : DoS, DDoS, scanning
attack, backdoor, ... etc.
Mohamed-Lamine MESSAI Associate Professor ERIC Laboratory, Lyon, France
IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..........
Introduction ......
Related work ..
Proposed solution ......
Evaluation ....
Conclusion
Preliminary results
GraphSage for node embedding. Activity window = 30 seconds.
Algorithm Accuracy Precision Recall F1-score
Decision tree 97% 96% 96% 96%
Random forest 98% 98% 98% 98%
KNN 98% 97% 98% 96%
SVM 93% 92% 93% 91%
Gradient Boosting 97% 96% 96% 96%
MLP 99% 99% 99% 99%
Table: Performance of dierent AI algorithms in our framework
Mohamed-Lamine MESSAI Associate Professor ERIC Laboratory, Lyon, France
IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..........
Introduction ......
Related work ..
Proposed solution ......
Evaluation ....
Conclusion
Comparison: Preliminary results
Table: Comparison Results
Approaches ML algorithm Precision Recall F1-score
GODIT [1] decision tree 92%92%92%
Our approach MLP 99% 99% 99%
[1] Ramesh Paudel, Timothy Muncy, and William Eberle. 2019. Detecting DoS Attack in Smart Home IoT Devices
Using a Graph-Based Approach. In 2019 IEEE International Conference on Big Data (Big Data).
Mohamed-Lamine MESSAI Associate Professor ERIC Laboratory, Lyon, France
IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..........
Introduction ......
Related work ..
Proposed solution ......
Evaluation ....
Conclusion
Conclusion
IoT networks : a rich source of applications and problems
Attack detection is critical in IoT networks, as they suer
from security vulnerabilities
Graph-based security solutions:
Detect attacks and also linked attacks
Perspective : Compare our approach with other existing code
available graph-based attack detection methods in IoT networks.
This work is funded by Agence Nationale de la recherche
under grant (ANR) under grant ANR-20-CE39-0008.
https://gladis.projet.liris.cnrs.fr/
Mohamed-Lamine MESSAI Associate Professor ERIC Laboratory, Lyon, France
IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..........
Introduction ......
Related work ..
Proposed solution ......
Evaluation ....
Conclusion
...
Thank you for your attention!
Mohamed-Lamine MESSAI Associate Professor ERIC Laboratory, Lyon, France
IoT Network Attack Detection: Leveraging Graph Learning for Enhanced Security