Computer Science Speaking Skills Talk

Monday, November 25, 2019 - 12:00pm to 1:00pm


Traffic21 Classroom 6501 Gates Hillman Centers


TIANLONG YU, Ph.D. Student

RADIO: A Robust Behavioral Anomaly Detection for IoT Devices in Enterprise Networks

IoT devices deployed inside enterprise networks (e.g., routers, storage appliances, cameras) are emerging security threats for enterprises. However, existing enterprise security mechanisms are often found limited to address such threats. For example, existing IDS and IPS systems deployed in enterprise network heavily rely on attack signatures but zero-day vulnerabilities are common for IoT devices. Fortunately, we observe that unlike general-purpose computing devices, the normal behavior of an IoT device is limited (e.g., a camera has zooming-in, video streaming, and audio recording behaviors). Based on this insight, we revisit behavioral anomaly detection at the network layer. Designing such a system is challenging on two fronts. First, we need a behavior model tailored towards enterprise IoT devices to abstract the key characteristics of those device behaviors (e.g., commands or arguments used) from network traffic. Second, in practical enterprise settings, the network traces for learning normal behavior models are unlabeled and potentially polluted. We address these challenges in designing RADIO, a practical and robust behavioral anomaly detection system for enterprise IoT devices. We design a novel learning mechanism that can build benign behavior models (finite-state-machines) for IoT devices, from unlabeled and potentially polluted network traces. We show that our approach achieves low false positives/false negatives and is robust to pollution (false positive rate<1% and false negative rate<0.01% when 15% of the network traffic is polluted).

Presented in Partial Fulfillment of the CSD Speaking Skills Requirement.

For More Information, Contact:


Speaking Skills