Security monitoring of IoT communication

Abstract

Internet of Things is a communication platform that interconnects different types of home devices (home IoT networks) or industrial devices (industrial IoT networks). These devices usually lack sufficient protection against network attacks, which can cause serious damages. Besides intentional attacks, malfunctioning and failures can also be immensely disruptive. Thus, IoT monitoring has become a new domain of network monitoring and management. It includes monitoring of device behaviour, data acquisition, and device settings, among others. Security monitoring focuses on detection of attacks and anomalies in communication. Traditional methods used in security monitoring have a limited scope of usage because IoT communication differs from common internet communication patterns. Thus, it is necessary to extend these methods or propose a new approach to analysing IoT monitoring metadata. With regard to extending the traditional methods, this project will aim at coming up with new Simple Network Management Protocol (SNMP) objects and extended Internet Protocol Flow Information Export (IPFIX) records, as well as to provide detection of selected attacks on the SIEM side. The goal of the project is to analyse different methods of IoT security monitoring and define how to protect these networks against common threats. An advanced monitoring system will be implemented into existing Security Information and Event Management (SIEM) systems.