research-article

Open access

Using Redundancy to Detect Security Anomalies: Towards IoT security attack detectors: The Internet of Things (Ubiquity symposium)

Authors:

Roopak Venkatakrishnan and

Mladen A. VoukAuthors Info & Claims

Ubiquity, Volume 2016, Issue January

Article No.: 1, Pages 1 - 19

https://doi.org/10.1145/2822881

Published: 08 January 2016 Publication History

All formats PDF

Abstract

Cyber-attacks and breaches are often detected too late to avoid damage. While "classical" reactive cyber defenses usually work only if we have some prior knowledge about the attack methods and "allowable" patterns, properly constructed redundancy-based anomaly detectors can be more robust and often able to detect even zero day attacks. They are a step toward an oracle that uses knowable behavior of a healthy system to identify abnormalities. In the world of Internet of Things (IoT), security, and anomalous behavior of sensors and other IoT components, will be orders of magnitude more difficult unless we make those elements security aware from the start. In this article we examine the ability of redundancy-based anomaly detectors to recognize some high-risk and difficult to detect attacks on web servers---a likely management interface for many IoT stand-alone elements. In real life, it has taken long, a number of years in some cases, to identify some of the vulnerabilities and related attacks. We discuss practical relevance of the approach in the context of providing high-assurance Web-services that may belong to autonomous IoT applications and devices.

References

[1]

Symantec. 2013 Internet Security Threat Report, volume 18. 20013.

[2]

The Mitre Corp. CWE/SANS Top 25 Most Dangerous Software Errors. Sept. 13, 2011.

[3]

D. McAllister and M. Vouk. Fault-tolerant software reliability engineering. In Handbook of Software Reliability Engineering. McGraw Hill, Hightstown, NJ, 1996, 567--614.

Digital Library

[4]

M. A. Vouk. Back-to-back testing. Inf. Softw. Technol. 32, 1 (Jan. 1990), 34--45.

Digital Library

[5]

E. Totel, F. Majorczyk, and L. Me. COTS diversity based intrusion detection and application to web servers. In the Proceedings of the 8th International Conference on Recent Advances in Intrusion Detection (RAID'05). Springer-Verlag, Berlin, Heidelberg, 2006, 43--62.

Digital Library

[6]

R. Venkatakrishnan. Redundancy-Based Detection of Security Anomalies in Web-Server Environments. North Carolina State University. M.S. thesis, 2014.

[7]

Netcraft. October 2015 web server survey. Oct. 16, 2015.

[8]

B. Randell. System structure for software fault tolerance. IEEE Transactions on Software Engineering 1, 2 (June 1975), 220--232.

Digital Library

[9]

A. Avizienis and J. P. J. Kelly. Fault tolerance by design diversity: Concepts and experiments. Computer 17, 8 (Aug. 1984), 67--80.

Digital Library

[10]

D. Eckhardt, A. K. Caglayan, J. Knight, L. D. Lee, D. McAllister, M. Vouk, and J. Kelly. An experimental evaluation of software redundancy as a strategy for improving reliability. IEEE Transactions on Software Engineering 17, 7 (July 1991), 692--702.

Digital Library

[11]

D.F. McAllister, C.E. Sun, and M.A. Vouk. Reliability of voting in fault-tolerant software systems for small output spaces. IEEE Trans. Rel. 39, 5 (1990), 524--534.

[12]

A. Avizienis, M. R. Lyu, and W. Schultz. In search of effective diversity: a six-language study of fault-tolerant flight control software. In the Eighteenth International Symposium on Fault Tolerant Computing (FTCS-18). IEEE, Washington D.C., 1988, 15--22.

Digital Library

[13]

M. Garcia, A. Bessani, I. Gashi, N. Neves, and R. Obelheiro. Analysis of operating system diversity for intrusion tolerance. Software: Practice and Experience 44, 6 (2014), 735--770.

Digital Library

[14]

H. Shacham, M. Page, B. Pfaff, Eu-Jin Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS '04). ACM, New York, 2004, 298--307.

Digital Library

[15]

M. R. Lyu. Software Fault Tolerance. John Wiley & Sons, New York,1995.

Digital Library

[16]

M. R. Lyu et al. Handbook of Software Reliability Engineering. McGraw Hill, 1996.

Digital Library

[17]

J.-C. Laprie,. Dependability: Basic concepts and terminology. Springer, 1992.

Digital Library

[18]

Y. Yeh. Design considerations in Boeing 777 fly-by-wire computers. In the Third IEEE International Symposium on High-Assurance Systems Engineering. IEEE, Washington D.C., 1998, 64--72.

Digital Library

[19]

H. Kantz and C. Koza. The ELEKTRA railway signaling system: Field experience with an actively replicated system with diversity. In the Twenty-Fifth International Symposium on Fault-Tolerant Computing. IEEE, Washington D.C., 1995, 453--458.

Digital Library

[20]

Ycombinator. Hacker News.

[21]

Sucuri Inc. Sucuri Blog.

[22]

B. Schneier. Heartbleed. Schneier On Security. Blog. April 9. 2014.

[23]

D. Sinegubko. Mysterious zencart redirect leverages HTTP headers. Sucuri Blog. Feb. 16, 2014.

[24]

L. Constantin. Cyber criminals offer malware for Nginx, Apache Web servers. ComputerWorld. Dec. 24, 2013.

[25]

Symantec. Java.Tomdep. Security response. 2013.

[26]

D. Goodin. Ongoing malware attack targeting Apache hijacks 20,000 sites. ArsTechnica. April 2, 2013.

[27]

Symantec. Trojan.Apmod. Security response. 2011.

[28]

ESET. ESET and Sucuri uncover Linux/Cdorked.A: The most sophisticated Apache backdoor. Press release. April 29. 2013.

[29]

O. Bilodeau, P.-M. Bureau, J. Calvet, A. Dorais-Joncas, M.-E. M. Léveillé, and B. Vanheuverzwijn. Operation Windingo --- The vivisection of a large Linux server-side credential stealing malware campaign. White paper. ESET. March 2014.

[30]

Common Vulnerabilities and Exposures (CVE). Vulnerability in NGINX, CVE-2013-4547. 2013.

[31]

J. Starr. Stop using unsafe characters in URLs. Perishable Press. Dec. 31, 2012. Updated Nov. 3, 2015.

[32]

T. Berners-Lee, R. Fielding, and L. Masinter. Uniform Resource Identifier (URI): Generic syntax. RFC 3986. IETF. Network Working Group. Jan. 2005. © The Internet Society.

[33]

T. Berners-Lee, L. Masinter, and M. McCahill. Uniform Resource Locators (URL). RFC 1738. IETF. Network Working Group. Dec. 1994.

Digital Library

[34]

D. Goodin. Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping. ArsTechnica. April 7, 2014.

[35]

D. Goodin. Critical crypto bug exposes Yahoo Mail, other passwords Russian roulette-style. ArsTechnica. April 8, 2014.

[36]

P. Ducklin. Anatomy of a data leakage bug - the OpenSSL "heartbleed" buffer overflow. Naked Security. April 8, 2014.

[37]

L. Tung. Google, AWS, Rackspace affected by Heartbleed OpenSSL flaw - but Azure escapes. ZDNet. April 10, 2014.

Cited By

Villaverde MPérez DMoreno F(2018)Beyond IoT: Adaptive Approaches to Collaborative Smart EnvironmentsSmart Grids and Their Communication Systems10.1007/978-981-13-1768-2_14(499-529)Online publication date: 2-Sep-2018
https://doi.org/10.1007/978-981-13-1768-2_14
Duman OZhang MWang LDebbabi M(2017)Measuring the security posture of IEC 61850 substations with redundancy against zero day attacks2017 IEEE International Conference on Smart Grid Communications (SmartGridComm)10.1109/SmartGridComm.2017.8340727(108-114)Online publication date: Oct-2017
https://doi.org/10.1109/SmartGridComm.2017.8340727
Gashi IPovyakalo AStrigini L(2016)Diversity, Safety and Security in Embedded Systems: Modelling Adversary Effort and Supply Chain Risks2016 12th European Dependable Computing Conference (EDCC)10.1109/EDCC.2016.27(13-24)Online publication date: Sep-2016
https://doi.org/10.1109/EDCC.2016.27

Index Terms

Using Redundancy to Detect Security Anomalies: Towards IoT security attack detectors: The Internet of Things (Ubiquity symposium)
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Index terms have been assigned to the content through auto-classification.

Recommendations

IoT security: challenges and solutions for mining
ICC '17: Proceedings of the Second International Conference on Internet of things, Data and Cloud Computing

The Internet of Things (IoT) paradigm with its vast range of heterogeneous connecting technologies heralds a new era for internet research, especially given that this explosion in connectivity for devices or `things' is not without risk. Scholars ...
Read More
IoT Security: Practical guide book
Read More
Towards System-Level Security Analysis of IoT Using Attack Graphs
Most IoT systems involve IoT devices, communication protocols, remote cloud, IoT applications, mobile apps, and the physical environment. However, existing IoT security analyses only focus on a subset of all the essential components, such as device ...
Read More

Comments

Information & Contributors

Information

Published In

cover image Ubiquity

Ubiquity Volume 2016, Issue January

January 2016

26 pages

EISSN:1530-2180

DOI:10.1145/2875999

Issue’s Table of Contents

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 January 2016

Published in UBIQUITY Volume 2016, Issue January

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Popular
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
6,809
Total Downloads

Downloads (Last 12 months)349
Downloads (Last 6 weeks)56

Other Metrics

View Author Metrics

Citations

Cited By

Villaverde MPérez DMoreno F(2018)Beyond IoT: Adaptive Approaches to Collaborative Smart EnvironmentsSmart Grids and Their Communication Systems10.1007/978-981-13-1768-2_14(499-529)Online publication date: 2-Sep-2018
https://doi.org/10.1007/978-981-13-1768-2_14
Duman OZhang MWang LDebbabi M(2017)Measuring the security posture of IEC 61850 substations with redundancy against zero day attacks2017 IEEE International Conference on Smart Grid Communications (SmartGridComm)10.1109/SmartGridComm.2017.8340727(108-114)Online publication date: Oct-2017
https://doi.org/10.1109/SmartGridComm.2017.8340727
Gashi IPovyakalo AStrigini L(2016)Diversity, Safety and Security in Embedded Systems: Modelling Adversary Effort and Supply Chain Risks2016 12th European Dependable Computing Conference (EDCC)10.1109/EDCC.2016.27(13-24)Online publication date: Sep-2016
https://doi.org/10.1109/EDCC.2016.27

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Magazine Site

View this article on the magazine site (external)

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents