Attack Identification Framework for IoT Devices

With the emergence of Internet and embedded computing, Internet of Things (IoT) is currently becoming an area of interest amongst researches. IoT enable interconnection of embedded devices capable of running application like smart grid, smart traffic control, remote health monitoring etc. As the IoT devices can be connected virtually as well as physically, cyber attacks are likely to become a major threat. An attacker who have an access to the on-board network connecting IoT devices or appliances can spy on people, can inject malicious code into these embedded devices creating serious security concerns. In this work, we propose a framework to monitor security threats possible on IoT devices. The framework consists of several modules like data capture, anomaly detector and alert generator. The data capture module collects the application level data, transport and network headers of the traffic that goes into the IoT device. The anomaly detector module uses a signature based approach to detect threats. The proposed framework is tested on a testbed comprising of Arduino boards with Wiznet Ethernet shield as the IoT device communicate with Samsung Android smart-phone over a bridge connected through WiFi. We ran SNORT Intrusion Detector on the bridge with rules for generating alerts for intrusion.