CVE-2023-33248: International Conference on Cloud, IoT and Security (CIOS 2023)

****Is There a Trojan! : Literature Survey and Critical Evaluation of the Latest Ml Based Modern Intrusion Detection Systems in Iot Environments****

Vishal Karanam, University of Southern California, Los Angeles, CA

ABSTRACT

IoT as a domain has grown so much in the last few years that it rivals that of the mobile network environments in terms of data volumes as well as cybersecurity threats. The confidentiality and privacy of data within IoT environments have become very important areas of security research within the last few years. More and more security experts are interested in designing robust IDS systems to protect IoT environments as a supplement to the more traditional security methods. Given that IoT devices are resource-constrained and have a heterogeneous protocol stack, most traditional intrusion detection approaches don’t work well within these schematic boundaries. This has led security researchers to innovate at the intersection of Machine Learning and IDS to solve the shortcomings of non-learning based IDS systems in the IoT ecosystem. Despite various ML algorithms already having high accuracy with IoT datasets, we can see a lack of sufficient production grade models. This survey paper details a comprehensive summary of the latest lear-based approaches used in IoT intrusion detection systems, and conducts a through critical review of these systems, potential pitfalls in ML pipelines, challenges from an ML perspective and discusses future research scope, and recommendations.

KEYWORDS

Intrusion Detection, IDS · IoT · Machine Learning · Deep Learning · Computer Security.

****An Architecture Forreliable Cyber Attack Detection in Iot Networks to Increase the Trustworthiness Between Nodes****

Dr.S.Malathi1 and S.Razool Begum2, 1Assistant Professor of Computer Science, Swami Dayananda College of Arts and Science,Manjakkudi.Tiruvarur(dt),Tamilnadu, India, Affiliated to Bharathidasan, University, 2Research Scholar, A.VeeriyaVandayar Memorial Sri Pushpam College(Autonomous), Thanjavur-613503,Tamilnadu, India, Affiliated to Bharathidasan University

ABSTRACT

The security qualities of IoT trustworthiness are combined with information technology (IT) that are safety, safety, consistency, flexibility, and privacy. Traditional security tools and procedures are insufficient to protect IoT platforms because of the differences in protocols, restricted update options, protocol mismatch, and outdated operatingsystem utilized in the Industrial system. In this paper, a scalable and reliable cyber-attack identification method to enhance the credibility of an IoT network (i.e. a supervisory control and data acquisition (SCADA) network). In particular, an ensemble-learning model that is a combination of a random subspace (RS) learning approach and a random tree (RT) learning method for identifying cyber-attacks utilizing network traffic from SCADA-based IoT platforms. The proposed model is unique and it employs industrial protocol-based network traffic where random subspace (RS) resolves the susceptibility of unnecessary characteristics,and ensemble random tree (RT) to minimize the overfitting issue, resulting in a detection engine based on industrial protocols with better detection rates.

KEYWORDS

Cyber-attack, traffic, protocol, random subspace, random tree, SCADA, and ensemble approach.

****Iot Enabled Human Health Monitoring System****

Aryaa, Deepak Kumar, Harsh Sharma, Aditi Saini, Pravin Kaushik, Dept. of Electronic and Communication Engineering KIET Group of Institution Ghaziabad, India

ABSTRACT

The goal of this paper is to develop a human health monitoring system (HHMS) that aids in earlier diagnosis of a human being and monitoring following recovery. The concept uses a combination of two subsystems which monitors the human health parameters such as temperature, SpO2, Heart Rate, ECG, and also the environment parameters such as temperature and humidity. The human characteristics are extracted using a variety of sensors, and the data is then analysed on a mobile application subsystem through an Internet of Things (IoT) subsystem. Findings have successfully proven using the HHMS prototype to constantly measure body temperature, heart rate, SpO2, ECG, and surrounding temperature and humidity. Our mobile application evaluates how reliable the method is for tracking these metrics.

KEYWORDS

IoT, Health Monitoring, ESP-32.

****Nuance: Near Ultrasound Attack on Networked Communication Environments****

Forrest McKee and David Noever, PeopleTec, 4901-D Corporate Drive, Huntsville, AL, USA, 35805

ABSTRACT

This study investigates a primary inaudible attack vector on Amazon Alexa voice services using near ultrasound trojans and focuses on characterizing the attack surface and examining the practical implications of issuing inaudible voice commands. The research maps each attack vector to a tactic or technique from the MITRE ATT&CK matrix, covering enterprise, mobile, and Industrial Control System (ICS) frameworks. The experiment involved generating and surveying fifty near-ultrasonic audios to assess the attacks’ effectiveness, with unprocessed commands having a 100% success rate and processed ones achieving a 58% overall success rate. This systematic approach stimulates previously unaddressed attack surfaces, ensuring comprehensive detection and attack design while pairing each ATT&CK Identifier with a tested defensive method, providing attack and defense tactics for prompt-response options.The main findings reveal that the attack method employs Single Upper Sideband Amplitude Modulation (SUSBAM) to generate near-ultrasonic audio from audible sources, transforming spoken commands into a frequency range beyond human-adult hearing. By eliminating the lower sideband, the design achieves a 6 kHz minimum from 16-22 kHz while remaining inaudible after transformation. The research investigates the one-to-many attack surface where a single device simultaneously triggers multiple actions or devices. Additionally, the study demonstrates the reversibility or demodulation of the inaudible signal, suggesting potential alerting methods and the possibility of embedding secret messages like audio steganography.

KEYWORDS

Cybersecurity, voice activation, digital signal processing, Internet of Things, ultrasonic audio.