DeepAuditor: Distributed Online Intrusion Detection System for IoT devices via Power Side-channel Auditing
This work addresses the problem of IoT botnet detection for IoT device security, but it is incremental as it builds on existing power side-channel methods with new system designs.
The authors tackled the challenge of detecting initial intrusions on IoT devices before large-scale attacks by developing DeepAuditor, an online intrusion detection system using power side-channel auditing, which achieved improved classification accuracy and processing time compared to a baseline, especially against unseen patterns.
As the number of IoT devices has increased rapidly, IoT botnets have exploited the vulnerabilities of IoT devices. However, it is still challenging to detect the initial intrusion on IoT devices prior to massive attacks. Recent studies have utilized power side-channel information to identify this intrusion behavior on IoT devices but still lack accurate models in real-time for ubiquitous botnet detection. We proposed the first online intrusion detection system called DeepAuditor for IoT devices via power auditing. To develop the real-time system, we proposed a lightweight power auditing device called Power Auditor. We also designed a distributed CNN classifier for online inference in a laboratory setting. In order to protect data leakage and reduce networking redundancy, we then proposed a privacy-preserved inference protocol via Packed Homomorphic Encryption and a sliding window protocol in our system. The classification accuracy and processing time were measured, and the proposed classifier outperformed a baseline classifier, especially against unseen patterns. We also demonstrated that the distributed CNN design is secure against any distributed components. Overall, the measurements were shown to the feasibility of our real-time distributed system for intrusion detection on IoT devices.