101. Towards a Secure Internet of Things: A Comprehensive Study of Second Line Defense Mechanisms
- Author
-
Maitreyee Dutta, Jorge Granjal, and Kamaldeep
- Subjects
General Computer Science ,Computer science ,intrusion detection ,Internet of Things ,Cryptography ,02 engineering and technology ,Intrusion detection system ,Computer security ,computer.software_genre ,intrusion response ,Protocol stack ,Internet of Things Security ,Consolidation (business) ,0202 electrical engineering, electronic engineering, information engineering ,General Materials Science ,intrusion prevention ,Intelligent transportation system ,standardized protocols ,business.industry ,General Engineering ,020206 networking & telecommunications ,Software deployment ,020201 artificial intelligence & image processing ,lcsh:Electrical engineering. Electronics. Nuclear engineering ,Intrusion prevention system ,business ,lcsh:TK1-9971 ,computer - Abstract
The Internet of Things (IoT) exemplifies a large network of sensing and actuating devices that have penetrated into the physical world enabling new applications like smart homes, intelligent transportation, smart healthcare and smart cities. Through IoT, these applications have consolidated in the modern world to generate, share, aggregate and analyze large amount of security-critical and privacy sensitive data. As this consolidation gets stronger, the need for security in IoT increases. With first line of defense strategies like cryptography being unsuited due to the resource constrained nature, second line of defense mechanisms are crucial to ensure security in IoT networks. This paper presents a comprehensive study of existing second line of defense mechanisms for standardized protocols in IoT networks. The paper analyzes existing mechanisms in three aspects: Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) and Intrusion Response Systems (IRS). We begin by providing an overview of standardized protocol stack, its layers and defensive security systems in IoT. From there, we build our narrative by presenting an extended taxonomy of IDS, IPS and IRS classifying them on their techniques, deployment, attacks, datasets, evaluation metrics and data pre-processing methods. We then thoroughly review, compare and analyze the research proposals in this context, considering the unique characteristics involved in these systems. Based on the extensive analysis of the existing defensive security systems, the paper also identifies open research challenges and directions for effective design of such systems for IoT networks, which could guide future research in the area.
- Published
- 2020