A measurement method for intrusion detection in cyber IoT data stealing attacks

The low complexity levels of IoT devices increase vulnerability and expose low-cost devices to possible cyber at-tacks, especially voted to data breaches. The adoption of machine learning algorithms to overcome such an issue onboard could result in an extensive use of their hardware capabilities, possibly limiting their primary goal in the network they are involved. To this aim, the paper proposes a gateway-like detection system, based on the usage of lightweight and open-source measurement software and a very straightforward rule-based detector, to implement on very low-cost devices to prevent intrusion for data stealing purposes. The advantage of the proposed solution is its applicability to different data streams, from interactive to asyn-chronous traffic typologies, and the simplicity of the detection mechanism: no specific hardware-related compatibility issues, very low memory footprint, and CPU usage burden, allowing the procedure to safely work in background mode and no need to decrypt data content, warranting privacy to the user. The adopted traffic measurement software is CICFlowMeter and the rule-based detector is implemented in Python language. Obtained performance highlights a 98.1% accuracy and 96.4% sensitivity in test conditions, keeping the running time significantly lower than most common machine learning techniques. To quantify the impact on the execution time, several experiments were carried out on a very popular processing system (i.e. Raspberry PI), and in some cases, one order of magnitude has been gained concerning machine learning techniques.