Sentinel: A Robust Intrusion Detection System for IoT Networks Using Kernel-Level System Information
Conference
Cosson, A, Sikder, AK, Babun, L et al. (2021). Sentinel: A Robust Intrusion Detection System for IoT Networks Using Kernel-Level System Information
. 53-66. 10.1145/3450268.3453533
Cosson, A, Sikder, AK, Babun, L et al. (2021). Sentinel: A Robust Intrusion Detection System for IoT Networks Using Kernel-Level System Information
. 53-66. 10.1145/3450268.3453533
The concept of Internet of Things (IoT) has changed the way we live by integrating commodity devices with cyberspace to automate our everyday tasks. Nowadays, IoT devices in the home environment are becoming ubiquitous with seamless connectivity and diverse application domains. Modern IoT devices have adopted a many-to-many connectivity model to enhance user experience and device functionalities compared to early IoT devices with standalone device setup and limited functionalities. However, the continuous connection between devices and cyberspace has introduced new cyber attacks targeting IoT devices and networks. Due to the resource-constrained nature of IoT devices as well as the opacity of the IoT framework, traditional intrusion detection systems cannot be applied here. In this paper, we introduce Sentinel, a novel intrusion detection system that uses kernel-level information to detect malicious attacks. Specifically, Sentinel collects low-level system information (CPU usage, RAM usage, total load, available swap, etc.) of each IoT device in a network and learns the pattern of device behavior to differentiate between benign and malicious events. We evaluated the efficacy and performance of Sentinel in different IoT platforms with multiple devices and settings. We also measured the performance of Sentinel against five types of real-life attacks. Our evaluation shows that Sentinel can detect different attacks to IoT devices and networks with high accuracy (over 95%) and secure the devices in different IoT platforms and configurations. Also, Sentinel achieves minimum overhead in power consumption, ensuring high compatibility in resource-constraint IoT devices.
