STAKE: Secure Tracing of Anomalies using previous Knowledge and Extensions
Internet-of-things, Intrusion Detection System, Anomaly Detection, Machine Learning
Kevin B. Corrales
Resumo (em inglês)
Internet of Things (IoT) devices have become more present in our households because of an increase in availability and affordability. However, a Smart Home is a challenging environment. It involves people engaged with devices for a variety of purposes, and it is difficult to detect anomalies that can be cyber attacks. In this dissertation we introduce STAKE, a Smart Home gateway for capturing and analyzing network traffic, with different levels of detail. The system supports anomaly detection plug-ins to spot attacks in near real-time. We evaluated our system with Machine Learning plug-ins based on the Elliptic Envelope and the Random Forest models. STAKE was able to execute different plug-ins and both detected anomalies.
As expected, each model returned different results. Both plug-ins demonstrated promising results when they were created. The Elliptic Envelope model obtained 93,9% accuracy and the Random Forest obtained 96,7%. However, when re-trained in the system the plug-ins did not demonstrate being flexible enough to changes in the Smart Home network. The Elliptic Envelope plug-in demonstrated tendency to produce excessively high false positive rates, which deteriorated the difference between benign and anomaly samples in the training data. The Random Forest plug-in demonstrated a exceedingly tendency for overfitting when re-trained in this kind of environment.