![[img]](https://epub.uni-regensburg.de/style/images/fileicons/application_pdf.png) | Veröffentlichte Version Download ( PDF | 1MB) | Lizenz: Creative Commons Namensnennung-NichtKommerziell 4.0 International |
Process-Aware Intrusion Detection in MQTT Networks
Empl, Philip
, Böhm, Fabian und Pernul, Günther
(2024)
Process-Aware Intrusion Detection in MQTT Networks.
In: CODASPY '24: Fourteenth ACM Conference on Data and Application Security and Privacy, June 19 - 21, 2024, Porto, Portugal.
Veröffentlichungsdatum dieses Volltextes: 09 Jan 2025 06:46
Konferenz- oder Workshop-Beitrag
DOI zum Zitieren dieses Dokuments: 10.5283/epub.74596
Zusammenfassung
Intrusion Detection Systems (IDS) allow for detecting malicious activities in organizational networks and hosts. As the Industrial Internet of Things (Industrial IoT) has gained momentum and attackers become process-aware, it elevates the focus on anomaly-based Network Intrusion Detection Systems (NIDS) in IoT. While previous research has primarily concentrated on fortifying SCADA systems with ...
Intrusion Detection Systems (IDS) allow for detecting malicious activities in organizational networks and hosts. As the Industrial Internet of Things (Industrial IoT) has gained momentum and attackers become process-aware, it elevates the focus on anomaly-based Network Intrusion Detection Systems (NIDS) in IoT. While previous research has primarily concentrated on fortifying SCADA systems with NIDS, keeping track of the latest advancements in resource-efficient messaging (e.g., MQTT, CoAP, and OPC-UA) is paramount. In our work, we straightforwardly derive IoT processes for NIDS using distributed tracing and process mining. We introduce a pioneering framework called MISSION which effectively captures, consolidates, and models MQTT flows, leading to a heightened process awareness in NIDS. Through our prototypical implementation, we demonstrate exceptional performance and high-quality models. Moreover, our experiments provide empirical evidence for rediscovering pre-defined processes and successfully detecting two distinct MQTT attacks in a simulated IoT network.
Alternative Links zum Volltext
Beteiligte Einrichtungen
Details
| Dokumentenart | Konferenz- oder Workshop-Beitrag (Paper) | ||||
| Buchtitel: | Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy | ||||
|---|---|---|---|---|---|
| Seitenbereich: | S. 91-102 | ||||
| Datum | 2024 | ||||
| Institutionen | Wirtschaftswissenschaften > Institut für Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) Informatik und Data Science > Fachbereich Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) | ||||
| Identifikationsnummer |
| ||||
| Stichwörter / Keywords | IDS, MQTT, Internet of Things, Distributed Tracing, Process Mining | ||||
| Dewey-Dezimal-Klassifikation | 000 Informatik, Informationswissenschaft, allgemeine Werke > 004 Informatik 300 Sozialwissenschaften > 330 Wirtschaft | ||||
| Status | Veröffentlicht | ||||
| Begutachtet | Ja, diese Version wurde begutachtet | ||||
| An der Universität Regensburg entstanden | Ja | ||||
| URN der UB Regensburg | urn:nbn:de:bvb:355-epub-745964 | ||||
| Dokumenten-ID | 74596 |
Bibliographische Daten exportieren
Nur für Besitzer und Autoren: Kontrollseite des Eintrags
Downloadstatistik
Downloadstatistik