Beruflich Dokumente
Kultur Dokumente
Fasika Tegegn
1
Introduction
3
A typical IDS is composed of sensors, an analysis engine, and a reporting system.
Sensors are deployed at different network places or hosts. Their task is to collect network or host
data such as traffic statistics, packet headers, service requests, operating system calls, and
file-system changes.
The sensors send the collected data to the analysis engine, which is responsible to investigate
the collected data and detect ongoing intrusions.
When the analysis engine detects an intrusion, the reporting system generates an alert to the
network administrator.
IDSs can be classified as:-
Network-based IDS (NIDS) connects to one or more network segments and monitors network
traffic for malicious activities.
Host-based IDS (HIDS) is attached to a computer device and monitors malicious activities
occurring within the system.
4
Internet of Things
IoT operations include three distinct phases: collection phase, transmission phase, and
processing, management and utilization phase.
In the collection phase, the primary objective is to collect data about the physical environment.
Sensing devices and technologies for short range communication are combined to reach this
goal. Devices are usually small and resource-constrained. Due to these characteristics,
collection phase networks often are referred to as LLN (Low-power and Lossy Networks).
The transmission phase aims to transmit the data gathered during the collection phase to
applications and, consequently, to users. In this phase, technologies such as Ethernet, WiFi,
Hybrid Fiber Coaxial (HFC) and Digital Subscriber Line (DSL) are combined with TCP/IP
protocols to build a network that interconnects objects and users across longer distances.
5
In the processing, management and utilization phase, applications process collect
data to obtain useful information about the physical environment. These applications
may take decisions based on this information, controlling the physical objects to act
on the physical environment.
6
Taxonomy of IDSs for IoT
7
IDS placement strategies
Distributed IDS placement: IDSs are placed in every physical object of the LLN. The IDS deployed
Centralized IDS placement: IDS is placed in a centralized component, for example, in the border
router or a dedicated host. All the data that the LLN nodes gather and transmit to the Internet cross
the border router as well as the requests that Internet clients send to the LLN nodes.
Hybrid IDS placement: combines concepts of centralized and distributed placement to take
IoT technology vendors must release patches for all these vulnerabilities as vendors of
conventional software and hardware have done for their products. These measures will
However, auxiliary lines of defense like IDSs are still necessary, since attackers may attempt
10
Validation strategy
11
Conclusion
Despite the maturity of IDS technology for traditional networks, current solutions are inadequate for
IoT systems, because of IoT particular characteristics that affect IDS development.
• Processing and storage capacity of network nodes: In traditional networks, the system
administrator deploys IDS agents in nodes with higher computing capacity. IoT networks are
usually composed of nodes with resource constraints.
• The Network Architecture: In traditional networks, end systems are directly connected to
specific nodes (e.g., wireless access points, switches, and routers) that are responsible for
forwarding the packets to the destination. IoT networks, on the other hand, are usually multi-
hop.
12
• Specific Network Protocols: IoT networks use protocols that are not employed in
traditional networks, such as IEEE 802.15.4, IPv6 over Low-power Wireless Personal Area
Network (6LoWPAN), IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL)
13
Thank You!