Skip to main content

SunBlock: Cloudless Protection for IoT Systems

  • Conference paper
  • First Online:
Passive and Active Measurement (PAM 2024)

Abstract

With an increasing number of Internet of Things (IoT) devices present in homes, there is a rise in the number of potential information leakage channels and their associated security threats and privacy risks. Despite a long history of attacks on IoT devices in unprotected home networks, the problem of accurate, rapid detection and prevention of such attacks remains open. Many existing IoT protection solutions are cloud-based, sometimes ineffective, and might share consumer data with unknown third parties. This paper investigates the potential for effective IoT threat detection locally, on a home router, using AI tools combined with classic rule-based traffic-filtering algorithms. Our results show that with a slight rise of router hardware resources caused by machine learning and traffic filtering logic, a typical home router instrumented with our solution is able to effectively detect risks and protect a typical home IoT network, equaling or outperforming existing popular solutions, without any effects on benign IoT functionality, and without relying on cloud services and third parties.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We obtained this number empirically after extensive testing showing a good trade-off between ML accuracy and reaction time.

References

  1. Asus (TrendMicro). https://www.asus.com/Content/AiProtection/. Accessed 03 Nov 2023

  2. Bitdefender Box 2. https://www.bitdefender.com/smart-home/#products. Accessed 03 Nov 2023

  3. F-Secure. https://www.f-secure.com/gb-en/home/products/sense. Accessed 03 Nov 2023

  4. Fail2ban. https://www.fail2ban.org/wiki/index.php/Main_Page. Accessed 03 Nov 2023

  5. Fingbox. https://www.fing.com/products/fingbox. Accessed 03 Nov 2023

  6. Firewalla. https://firewalla.com/. Accessed 03 Nov 2023

  7. iptables. https://linux.die.net/man/8/iptables. Accessed 03 Nov 2023

  8. LinkSys | WRT3200ACM Data Sheet. https://downloads.linksys.com/downloads/datasheet/WRT3200ACM_WiFiRouter_EN.pdf. Accessed 03 Nov 2023

  9. McAfee Secure Home Platform. https://www.mcafee.com/support/?page=shell &shell=article-view &locale=en-US &articleId=TS102712. Accessed 03 Nov 2023

  10. netfilter. https://www.netfilter.org/. Accessed 03 Nov 2023

  11. netml. https://github.com/noise-lab/netml. Accessed 03 Nov 2023

  12. OpenWrt. https://openwrt.org/. Accessed 03 Nov 2023

  13. RATtrap. https://www.myrattrap.com/. Accessed 03 Nov 2023

  14. Safeguards study: threat simulation scripts. https://github.com/IoTrim/safeguards-study. Accessed 03 Nov 2023

  15. Snort 3. https://www.snort.org/snort3. Accessed 03 Nov 2023

  16. Snort3 community rules. https://snort.org/downloads/community/snort3-community-rules.tar.gz. Accessed 03 Nov 2023

  17. SunBlock project page. https://github.com/SunBlock-IoT/SunBlock_router. Accessed 11 Jan 2023

  18. Suricata. https://suricata.io/. Accessed 03 Nov 2023

  19. Tcpreplay Official Site. https://tcpreplay.appneta.com/. Accessed 03 Nov 2023

  20. TP-Link HomeShield (Avira). https://www.tp-link.com/us/homeshield/. Accessed 03 Nov 2023

  21. Zeek. https://zeek.org/. Accessed 03 Nov 2023

  22. Alrawi, O., Lever, C., Antonakakis, M., Monrose, F.: SoK: security evaluation of home-based IoT deployments. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 1362–1380 (2019). https://doi.org/10.1109/SP.2019.00013

  23. Antonakakis, M., et al.: Understanding the Mirai Botnet. In: 26th USENIX Security Symposium (USENIX Security 2017), Vancouver, BC, pp. 1093–1110. USENIX Association (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis

  24. Babun, L., Denney, K., Celik, Z.B., McDaniel, P., Uluagac, A.S.: A survey on IoT platforms: communication, security, and privacy perspectives. Comput. Netw. 192, 108040 (2021). https://doi.org/10.1016/j.comnet.2021.108040. https://www.sciencedirect.com/science/article/pii/S1389128621001444

  25. Briggs, C., Fan, Z., Andras, P.: A review of privacy-preserving federated learning for the internet-of-things. In: Federated Learning Systems: Towards Next-Generation AI, pp. 21–50 (2021)

    Google Scholar 

  26. Chakrabarti, S., Chakraborty, M., Mukhopadhyay, I.: Study of snort-based IDS. In: ICWET 2010, pp. 43–47. Association for Computing Machinery, New York (2010). https://doi.org/10.1145/1741906.1741914

  27. Conti, M., Nati, M., Rotundo, E., Spolaor, R.: Mind the plug! Laptop-user recognition through power consumption. In: Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security, IoTPTS 2016, pp. 37–44. Association for Computing Machinery, New York (2016). https://doi.org/10.1145/2899007.2899009

  28. Dua, A., Tyagi, V., Patel, N., Mehtre, B.: IISR: a secure router for IoT networks. In: 2019 4th International Conference on Information Systems and Computer Networks (ISCON), pp. 636–643 (2019). https://doi.org/10.1109/ISCON47742.2019.9036313

  29. Dudley, J.J., Kristensson, P.O.: A review of user interface design for interactive machine learning. ACM Trans. Interact. Intell. Syst. (TiiS) 8(2), 1–37 (2018)

    Article  Google Scholar 

  30. He, W., et al.: SoK: context sensing for access control in the adversarial home IoT. In: 2021 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 37–53 (2021). https://doi.org/10.1109/EuroSP51992.2021.00014

  31. Huang, D.Y., Apthorpe, N., Li, F., Acar, G., Feamster, N.: IoT inspector: crowdsourcing labeled network traffic from smart home devices at scale. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 4(2) (2020). https://doi.org/10.1145/3397333

  32. Karale, A.: The challenges of iot addressing security, ethics, privacy, and laws. Internet Things 15, 100420 (2021). https://doi.org/10.1016/j.iot.2021.100420. https://www.sciencedirect.com/science/article/pii/S2542660521000640

  33. Kolcun, R., et al.: Revisiting IoT device identification. In: Bajpai, V., Haddadi, H., Hohlfeld, O. (eds.) 5th Network Traffic Measurement and Analysis Conference, TMA 2021, Virtual Event, 14–15 September 2021. IFIP (2021). http://dl.ifip.org/db/conf/tma/tma2021/tma2021-paper6.pdf

  34. Kolcun, R., et al.: The Case for Retraining of ML Models for IoT Device Identification at the Edge. arXiv preprint (2020). https://arxiv.org/abs/2011.08605

  35. Kotak, J., Elovici, Y.: IoT device identification using deep learning. In: Herrero, Á., Cambra, C., Urda, D., Sedano, J., Quintián, H., Corchado, E. (eds.) CISIS 2020. Advances in Intelligent Systems and Computing, vol. 1267, pp. 76–86. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-57805-3_8

    Chapter  Google Scholar 

  36. Lastdrager, E., Hesselman, C., Jansen, J., Davids, M.: Protecting home networks from insecure IoT devices. In: NOMS 2020-2020 IEEE/IFIP Network Operations and Management Symposium, p. 1–6. IEEE Press (2020). https://doi.org/10.1109/NOMS47738.2020.9110419

  37. Lyon, G.F.: Nmap network scanning: the official Nmap project guide to network discovery and security scanning. Insecure. Com LLC (US) (2008)

    Google Scholar 

  38. Mahdavinejad, M.S., Rezvan, M., Barekatain, M., Adibi, P., Barnaghi, P., Sheth, A.P.: Machine learning for internet of things data analysis: a survey. Digit. Commun. Netw. 4(3), 161–175 (2018). https://doi.org/10.1016/j.dcan.2017.10.002. https://www.sciencedirect.com/science/article/pii/S235286481730247X

  39. Mandalari, A., Haddadi, H., Dubois, D.J., Choffnes, D.: Protected or porous: a comparative analysis of threat detection capability of IoT safeguards. In: 2023 2023 IEEE Symposium on Security and Privacy (SP) (SP), pp. 3061–3078. IEEE Computer Society, Los Alamitos (2023). https://doi.org/10.1109/SP46215.2023.00151. https://doi.ieeecomputersociety.org/10.1109/SP46215.2023.00151

  40. Mandalari, A.M., Dubois, D.J., Kolcun, R., Paracha, M.T., Haddadi, H., Choffnes, D.: Blocking without Breaking: Identification and Mitigation of Non-Essential IoT Traffic (2021)

    Google Scholar 

  41. Meidan, Y., et al.: ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis. In: Proceedings of the Symposium on Applied Computing, SAC 2017, pp. 506–509. Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3019612.3019878

  42. Modems, A.: Comcast Infinity xFi XB6 Review (2023). https://approvedmodems.org/xfinity-xfi-xb6-review/. Accessed 03 Nov 2023

  43. Palmese, F., Redondi, A.E., Cesana, M.: Feature-sniffer: enabling IoT forensics in OpenWrt based Wi-Fi access points. In: 2022 IEEE 8th World Forum on Internet of Things (WF-IoT), pp. 1–6. IEEE (2022)

    Google Scholar 

  44. Paracha, M.T., Dubois, D.J., Vallina-Rodriguez, N., Choffnes, D.: IoTLS: understanding TLS usage in consumer IoT devices. In: Proceedings of the Internet Measurement Conference (2021)

    Google Scholar 

  45. Patel, N., Mehtre, B., Wankar, R.: A snort-based secure edge router for smart home. Int. J. Sens. Netw. 41(1), 42–59 (2023). https://doi.org/10.1504/IJSNET.2023.128505. https://www.inderscienceonline.com/doi/abs/10.1504/IJSNET.2023.128505

  46. Razzak, I., Zafar, K., Imran, M., Xu, G.: Randomized nonlinear one-class support vector machines with bounded loss function to detect of outliers for large scale IoT data. Future Gener. Comput. Syst. 112, 715–723 (2020). https://doi.org/10.1016/j.future.2020.05.045. https://www.sciencedirect.com/science/article/pii/S0167739X19313913

  47. Ren, J., Dubois, D.J., Choffnes, D., Mandalari, A.M., Kolcun, R., Haddadi, H.: Information exposure for consumer IoT devices: a multidimensional, network-informed measurement approach. In: Proceedings of the Internet Measurement Conference (IMC) (2019)

    Google Scholar 

  48. Sadek, I., Rehman, S.U., Codjo, J., Abdulrazak, B.: Privacy and security of IoT based healthcare systems: concerns, solutions, and recommendations. In: Pagán, J., Mokhtari, M., Aloulou, H., Abdulrazak, B., Cabrera, M. (eds.) ICOST 2019. LNCS, vol. 11862, pp. 3–17. Springer, Heidelberg (2019). https://doi.org/10.1007/978-3-030-32785-9_1

    Chapter  Google Scholar 

  49. Setayeshfar, O., et al.: Privacy invasion via smart-home hub in personal area networks. Pervasive Mob. Comput. 85, 101675 (2022). https://doi.org/10.1016/j.pmcj.2022.101675

    Article  Google Scholar 

  50. Shorman, A., Faris, H., Aljarah, I.: Unsupervised intelligent system based on one class support vector machine and Grey Wolf optimization for IoT botnet detection. J. Ambient Intell. Humaniz. Comput. 11, 2809–2825 (2020). https://doi.org/10.1007/s12652-019-01387-y

    Article  Google Scholar 

  51. Swessi, D., Idoudi, H.: A survey on internet-of-things security: threats and emerging countermeasures. Wirel. Pers. Commun. 124(2), 1557–1592 (2022). https://doi.org/10.1007/s11277-021-09420-0

    Article  Google Scholar 

  52. Thompson, O., Mandalari, A.M., Haddadi, H.: Rapid IoT device identification at the edge. In: Proceedings of the 2nd ACM International Workshop on Distributed Machine Learning, DistributedML 2021, pp. 22–28. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3488659.3493777

  53. Verizon: VerizonRouter CR1000A Datasheet (2023). https://www.verizon.com/supportresources/content/dam/verizon/support/consumer/documents/internet/verizon-router_datasheet.pdf. Accessed 03 Nov 2023

  54. Wu, X., Xiao, L., Sun, Y., Zhang, J., Ma, T., He, L.: A survey of human-in-the-loop for machine learning. Futur. Gener. Comput. Syst. 135, 364–381 (2022)

    Article  Google Scholar 

  55. Yang, K., Kpotufe, S., Feamster, N.: A Comparative Study of Network Traffic Representations for Novelty Detection. arXiv preprint (2020). https://arxiv.org/abs/2006.16993v1

  56. Zhou, C., Fu, A., Yu, S., Yang, W., Wang, H., Zhang, Y.: Privacy-preserving federated learning in fog computing. IEEE Internet Things J. 7(11), 10782–10793 (2020)

    Article  Google Scholar 

Download references

Acknowledgements

We thank the anonymous reviewers and our shepherd Roland van Rijswijk-Deij for their constructive and insightful feedback. This work was supported by the EPSRC Open Plus Fellowship (EP/W005271/1), the EPSRC PETRAS grant (EP/S035362/1), and the NSF ProperData award (SaTC-1955227).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Vadim Safronov .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Safronov, V., Mandalari, A.M., Dubois, D.J., Choffnes, D., Haddadi, H. (2024). SunBlock: Cloudless Protection for IoT Systems. In: Richter, P., Bajpai, V., Carisimo, E. (eds) Passive and Active Measurement. PAM 2024. Lecture Notes in Computer Science, vol 14538. Springer, Cham. https://doi.org/10.1007/978-3-031-56252-5_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-56252-5_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-56251-8

  • Online ISBN: 978-3-031-56252-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics