A Hybrid Perspective on Threat Analysis and Activity-Based Attack Modeling for Strengthening Access Control in IoT
Main Article Content
Abstract
The rapid expansion of Internet of Things (IoT) devices has resulted in an unparalleled surge in the production of data and interconnectivity. Nevertheless, as IoT ecosystems become increasingly intricate, security concerns become of utmost importance, particularly in access control systems. The objective of this research is to improve the security of IoT access control by utilizing a hybrid model for analyzing threats and modeling attacks based on activities. This study has two primary objectives: a) A hybrid classification model is used to predict labels (attack or not) in binary classification with an impressive accuracy of 98.18%. b) Another hybrid classification model is employed to predict types of attacks in M2M communication, achieving a commendable accuracy of 90%. The primary goal is to create and assess a hybrid classification model for binary classification. This model will differentiate between regular system behavior and malicious attacks on access control schemes in the Internet of Things (IoT). The hybrid model, which combines the strengths of Gated Recurrent Units (GRU) and Long Short-Term Memory (LSTM) networks, achieves an exceptional accuracy rate of 98.18%. The model's high accuracy demonstrates its effectiveness in precisely detecting potential threats and minimizing false positives, thereby establishing a strong basis for improving access control security. The second objective focuses on the complex area of security, with the goal of categorizing distinct forms of attacks in Machine-to-Machine (M2M) communication within the Internet of Things (IoT) framework. The hybrid classification model, employing both GRU and LSTM networks, achieves a remarkable accuracy of 90%. This accomplishment showcases the model's aptitude in detecting and distinguishing different types of attacks, including Distributed Denial of Service (DDoS) and Man-in-the-Middle attacks. The hybrid model provides security professionals with valuable insights to proactively respond to diverse threats in M2M communication by accurately classifying attack types. This strengthens the overall security posture of IoT access control systems. Overall, this study offers a thorough and efficient combination of threat analysis and activity-based attack modeling to enhance access control in IoT. The obtained accuracies in binary classification and prediction of attack types highlight the practical usability of the suggested hybrid model, establishing a strong basis for improving the security of IoT access control systems against evolving cyber threats
Article Details
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.
References
ERENCES
V. Gazis, “A Survey of Standards for Machine-to-Machine and the Internet of Things,” IEEE Commun. Surv. Tutorials, vol. 19, no. 1, pp. 482–511, 2017, doi: 10.1109/COMST.2016.2592948.
A. Konev, A. Shelupanov, M. Kataev, V. Ageeva, and A. Nabieva, “A Survey on Threat-Modeling Techniques: Protected Objects and Classification of Threats,” Symmetry (Basel)., vol. 14, no. 3, 2022, doi: 10.3390/sym14030549.
V. Rohokale and R. Prasad, “Cyber security for intelligent world with internet of things and machine to machine communication,” J. Cyber Secur. Mobil., vol. 4, no. 1, pp. 23–40, 2015, doi: 10.13052/jcsm2245-1439.412.
M. Zhao, A. Kumar, T. Ristaniemi, and P. H. J. Chong, “Machine-to-Machine Communication and Research Challenges: A Survey,” Wirel. Pers. Commun., vol. 97, no. 3, pp. 3569–3585, 2017, doi: 10.1007/s11277-017-4686-1.
R. Sudarmani, K. Venusamy, S. Sivaraman, P. Jayaraman, K. Suriyan, and M. Alagarsamy, “Machine to machine communication enabled internet of things: a review,” Int. J. Reconfigurable Embed. Syst., vol. 11, no. 2, pp. 126–134, 2022, doi: 10.11591/ijres.v11.i2.pp126-134.
Rachit, S. Bhatt, and P. R. Ragiri, “Security trends in Internet of Things: a survey,” SN Appl. Sci., vol. 3, no. 1, pp. 1–14, 2021, doi: 10.1007/s42452-021-04156-9.
R. R. Krishna, A. Priyadarshini, A. V. Jha, B. Appasani, A. Srinivasulu, and N. Bizon, “State-of-the-art review on IoT threats and attacks: Taxonomy, challenges and solutions,” Sustain., vol. 13, no. 16, 2021, doi: 10.3390/su13169463.
O. A. Amodu and M. Othman, “A survey of hybrid MAC protocols for machine-to-machine communications,” Telecommun. Syst., vol. 69, no. 1, pp. 141–165, 2018, doi: 10.1007/s11235-018-0434-4.
V. Rao and K. V. Prema, “A review on lightweight cryptography for Internet-of-Things based applications,” J. Ambient Intell. Humaniz. Comput., vol. 12, no. 9, pp. 8835–8857, 2021, doi: 10.1007/s12652-020-02672-x.
S. Bhattacharya and M. Pandey, “Deploying an energy efficient, secure & high-speed sidechain-based TinyML model for soil quality monitoring and management in agriculture,” Expert Syst. Appl., vol. 242, no. May 2024, p. 122735, 2024, doi: 10.1016/j.eswa.2023.122735.
S. G. Abbas et al., “Identifying and mitigating phishing attack threats in IoT use cases using a threat modelling approach,” Sensors, vol. 21, no. 14, pp. 1–25, 2021, doi: 10.3390/s21144816.
H. F. Atlam, R. J. Walters, G. B. Wills, and J. Daniel, “Fuzzy Logic with Expert Judgment to Implement an Adaptive Risk-Based Access Control Model for IoT,” Mob. Networks Appl., vol. 26, no. 6, pp. 2545–2557, 2021, doi: 10.1007/s11036-019-01214-w.
X. Cheng, J. Zhang, Y. Tu, and B. Chen, “Cyber situation perception for Internet of Things systems based on zero-day attack activities recognition within advanced persistent threat,” Concurr. Comput. Pract. Exp., vol. 34, no. 16, p. e6001, Jul. 2022, doi: https://doi.org/10.1002/cpe.6001.
M. M. Samy, W. R. Anis., A. A. Abdel-Hafez, and H. D. Eldemerdash, “An optimized protocol of M2M authentication for internet of things (IoT),” Int. J. Comput. Netw. Inf. Secur., vol. 13, no. 2, pp. 29–38, 2021, doi: 10.5815/IJCNIS.2021.02.03.
M. S. Mazhar et al., “Forensic Analysis on Internet of Things (IoT) Device Using Machine-to-Machine (M2M) Framework,” Electron., vol. 11, no. 7, pp. 1–23, 2022, doi: 10.3390/electronics11071126.
S. Bhatt, T. K. Pham, M. Gupta, J. Benson, J. Park, and R. Sandhu, “Attribute-Based Access Control for AWS Internet of Things and Secure Industries of the Future,” IEEE Access, vol. 9, pp. 107200–107223, 2021, doi: 10.1109/ACCESS.2021.3101218.
L. Fang, Y. Li, Z. Liu, C. Yin, M. Li, and Z. J. Cao, “A Practical Model Based on Anomaly Detection for Protecting Medical IoT Control Services against External Attacks,” IEEE Trans. Ind. Informatics, vol. 17, no. 6, pp. 4260–4269, 2021, doi: 10.1109/TII.2020.3011444.
T. Prabhakara Rao and B. Satyanarayana Murthy, “Extended group-based verification approach for secure M2M communications,” Int. J. Inf. Technol., vol. 15, no. 5, pp. 2479–2488, 2023, doi: 10.1007/s41870-023-01284-w.
S. Alyahya, W. U. Khan, S. Ahmed, S. N. K. Marwat, and S. Habib, “Cyber Secure Framework for Smart Agriculture: Robust and Tamper-Resistant Authentication Scheme for IoT Devices,” Electron., vol. 11, no. 6, pp. 1–19, 2022, doi: 10.3390/electronics11060963.
A. Aijaz and A. H. Aghvami, “Cognitive machine-to-machine communications for internet-of-things: A protocol stack perspective,” IEEE Internet Things J., vol. 2, no. 2, pp. 103–112, 2015, doi: 10.1109/JIOT.2015.2390775.
J. Wan, M. Chen, F. Xia, D. Li, and K. Zhou, “From machine-to-machine communications towards cyber-physical systems,” Comput. Sci. Inf. Syst., vol. 10, no. 3, pp. 1105–1128, 2013, doi: 10.2298/CSIS120326018W.
R. Prasad and V. Rohokale, “Internet of Things (IoT) and Machine to Machine (M2M) Communication,” pp. 125–141, 2020, doi: 10.1007/978-3-030-31703-4_9.
mohamed ferrag, “Edge-IIoTset Cyber Security Dataset of IoT & IIoT,” Kaggle. 2022, [Online]. Available: https://www.kaggle.com/datasets/mohamedamineferrag/edgeiiotset-cyber-security-dataset-of-iot-iiot.