Enabling the Human-as-a-security-sensor paradigm in the Internet of Things
Ivory, Dennis, Loukas, George ORCID: https://orcid.org/0000-0003-3559-5182 and Gan, Diane ORCID: https://orcid.org/0000-0002-0920-7572 (2024) Enabling the Human-as-a-security-sensor paradigm in the Internet of Things. In: Pitropakis, Nikolaos and Katsikas, Sokratis, (eds.) Security and Privacy in Smart Environments. Lecture Notes in Computer Science (LNCS), 14800 . Springer, Cham. ISBN 978-3031667077; 978-3031667084 (In Press)
PDF (Accepted book chapter)
48231_IVORY_Enabling_the_Human-as-a-security-sensor_paradigm_in_the_Internet_of_Things_2024_(AAM)_2024.pdf - Accepted Version Restricted to Repository staff only until 25 November 2026. Download (666kB) | Request a copy |
Abstract
Over the last two decades, there has been growing realisation that the user is not the weakest link in cybersecurity. Involving the user in a human-in-the-loop fashion in the process of security can have benefits in several aspects, including in cyber intrusion detection. The human as-a-security-sensor paradigm has shown that it is possible to involve the user as a valuable source of data for detection, and in fact with a predictable level of accuracy. However, this paradigm has currently only been applied in conventional computer systems, such as desktop computers. Our aim here is to extend it for Internet of Things (IoT) environments too, specifically in detecting command injection attacks against IoT devices, whereby a user can be informed automatically about a new IoT device activity that has been detected on the network and can reason as to whether this is legitimate or not. The activity detection is based on a time series forecasting approach, where the assumption is that an abrupt change in the trend of network traffic rate, is an indication of a new activity having been triggered. Our evaluation of two time series forecasting approaches for different training window sizes, as well as of activity detection based on the best-performing of the two approaches, has shown that this is a realistic method for notifying the user.
Item Type: | Book Section |
---|---|
Uncontrolled Keywords: | Internet of Things, IoT Security, HaaSS, intrusion detection |
Subjects: | Q Science > Q Science (General) Q Science > QA Mathematics Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
Faculty / School / Research Centre / Research Group: | Faculty of Engineering & Science Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS) |
Related URLs: | |
Last Modified: | 03 Oct 2024 09:26 |
URI: | http://gala.gre.ac.uk/id/eprint/48231 |
Actions (login required)
View Item |
Downloads
Downloads per month over past year