Abstract
With the growing number of IoT related devices, smart homes promise to make our lives easier and more comfortable. However, the increased deployment of such smart devices brings a lot of security and privacy risks. In order to overcome such risks, Intrusion Detection Systems are presented as pertinent tools that can provide network-level protection for smart devices deployed in home environments. These systems monitor the network activities of the smart home-connected devices and focus on alerting suspicious or malicious activity. They also can deal with detected abnormal activities by hindering the impostors in accessing the victim devices. However, the employment of such systems in the context of smart home can be challenging due to the devices hardware limitations, which may restrict their ability to counter the existing and emerging attack vectors. Therefore, this paper proposes an experimental comparison between the widely used open-source NIDSs namely Snort, Suricata and Bro (currently known as Zeek) to find the most appropriate IDS for smart homes in term of resources consumption including CPU and memory utilisation. Experimental Results show that Suricata and Bro are the best performing NIDS for smart homes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Sourcefire: www.sourcefire.com.
- 2.
References
Albin, E., Rowe, N.C.: A realistic experimental comparison of the Suricata and Snort intrusion-detection systems. In: 2012 26th International Conference on Advanced Information Networking and Applications Workshops, pp. 122–127. IEEE (2012)
Alhomoud, A., Munir, R., Disso, J.P., Awan, I., Al-Dhelaan, A.: Performance evaluation study of intrusion detection systems. Procedia Comput. Sci. 5, 173–180 (2011)
Anthi, E., Williams, L., Słowińska, M., Theodorakopoulos, G., Burnap, P.: A supervised intrusion detection system for smart home IoT devices. IEEE Internet Things J. 6(5), 9042–9053 (2019)
Avast: Avast smart home security report 2019. https://bit.ly/2Ns2ju2. Accessed 29 Aug 2019
Bhosale, D.A., Mane, V.M.: Comparative study and analysis of network intrusion detection tools. In: 2015 International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT), pp. 312–315. IEEE (2015)
Brumen, B., Legvart, J.: Performance analysis of two open source intrusion detection systems. In: 2016 39th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1387–1392. IEEE (2016)
Bulajoul, W., James, A., Pannu, M.: Network intrusion detection systems in high-speed traffic in computer networks. In: 2013 IEEE 10th International Conference on e-Business Engineering, pp. 168–175. IEEE (2013)
China, R., Avadhani, P.: A comparison of two intrusion detection systems. IJCST 4(1), 316–319 (2013)
Dietrich, T.: Smart home product security risks can be alarming. https://www.insurancejournal.com/news/national/2019/01/03/513394.htm. Accessed 28 Mar 2019
Ghosh, A.K., Schwartzbard, A., Schatz, M.: Learning program behavior profiles for intrusion detection. In: Workshop on Intrusion Detection and Network Monitoring, vol. 51462, pp. 1–13 (1999)
Hargreaves, T., Wilson, C., Hauxwell-Baldwin, R.: Learning to live in a smart home. Build. Res. Inf. 46(1), 127–139 (2018)
InsightDiy: TechUK and GfK: The state of the connected home. https://bit.ly/2oz4nbf. Accessed 11 Aug 2019
Isa, F.M., Saad, S., Fadzil, A.F.A., Saidi, R.M.: Comprehensive performance assessment on open source intrusion detection system. In: Kor, L.-K., Ahmad, A.-R., Idrus, Z., Mansor, K.A. (eds.) Proceedings of the Third International Conference on Computing, Mathematics and Statistics (iCMS2017), pp. 45–51. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-7279-7_6
Joy, A.M.: Performance comparison between Linux containers and virtual machines. In: 2015 International Conference on Advances in Computer Engineering and Applications, pp. 342–346. IEEE (2015)
Lin, H., Bergmann, N.: IoT privacy and security challenges for smart home environments. Information 7(3), 44 (2016)
Liu, K., Fan, Z., Liu, M., Zhang, S.: Hybrid intrusion detection method based on k-means and CNN for smart home. In: 2018 IEEE 8th Annual International Conference on CYBER Technology in Automation, Control, and Intelligent Systems (CYBER), pp. 312–317. IEEE (2018)
Mehra, P.: A brief study and comparison of snort and bro open source network intrusion detection systems. Int. J. Adv. Res. Comput. Commun. Eng. 1(6), 383–386 (2012)
Murphy, B.R.: Comparing the performance of intrusion detection systems: Snort and Suricata. Ph.D. thesis, Colorado Technical University (2019)
O’Leary, M.: Snort. In: O’Leary, M. (ed.) Cyber Operations, pp. 947–982. Apress, Berkeley (2019). https://doi.org/10.1007/978-1-4842-4294-0_19
Paulauskas, N., Skudutis, J.: Investigation of the intrusion detection system “snort” performance. Elektron. Elektrotech. 87, 15–18 (2008)
Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)
Pihelgas, M.: A comparative analysis of open-source intrusion detection systems. Tallinn University of Technology & University of Tartu, Tallinn (2012)
Rambus: Smart home: Threats and countermeasures. https://www.rambus.com/iot/smart-home/. Accessed 02 July 2019
Resmi, A.: Intrusion detection system techniques and tools: a survey (2017)
Roesch, M., et al.: Snort: lightweight intrusion detection for networks. In: LISA 1999, pp. 229–238 (1999)
Salah, K., Kahtani, A.: Performance evaluation comparison of snort NIDS under Linux and windows server. J. Netw. Comput. Appl. 33(1), 6–15 (2010)
Shah, S.A.R., Issac, B.: Performance comparison of intrusion detection systems and application of machine learning to Snort system. Future Gener. Comput. Syst. 80, 157–170 (2018)
Sivaraman, V., Gharakheili, H.H., Fernandes, C., Clark, N., Karliychuk, T.: Smart IoT devices in the home: security and privacy implications. IEEE Technol. Soc. Mag. 37(2), 71–79 (2018)
Thongkanchorn, K., Ngamsuriyaroj, S., Visoottiviseth, V.: Evaluation studies of three intrusion detection systems under various attacks and rule sets. In: 2013 IEEE International Conference of IEEE Region 10 (TENCON 2013), pp. 1–4. IEEE (2013)
Van Der Meulen, R.: Gartner says 6.4 billion connected ‘things’ will be in use in 2016, up 30 percent from 2015. STAMFORD, Conn (2015)
Wang, X., Kordas, A., Hu, L., Gaedke, M., Smith, D.: Administrative evaluation of intrusion detection system. In: Proceedings of the 2nd Annual Conference on Research in Information Technology, pp. 47–52. ACM (2013)
White, J.S., Fitzsimmons, T., Matthews, J.N.: Quantitative analysis of intrusion detection systems: Snort and Suricata. In: Cyber Sensing 2013, vol. 8757, p. 875704. International Society for Optics and Photonics (2013)
Zeek: Introduction: Bro overview. https://bit.ly/2mRmeKd. Accessed 29 Aug 2019
Acknowledgement
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement no. 786698. This work reflects authors view and Agency is not responsible for any use that may be made of the information it contains.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Alsakran, F., Bendiab, G., Shiaeles, S., Kolokotronis, N. (2020). Intrusion Detection Systems for Smart Home IoT Devices: Experimental Comparison Study. In: Thampi, S., Martinez Perez, G., Ko, R., Rawat, D. (eds) Security in Computing and Communications. SSCC 2019. Communications in Computer and Information Science, vol 1208. Springer, Singapore. https://doi.org/10.1007/978-981-15-4825-3_7
Download citation
DOI: https://doi.org/10.1007/978-981-15-4825-3_7
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-4824-6
Online ISBN: 978-981-15-4825-3
eBook Packages: Computer ScienceComputer Science (R0)