The Design of A Model to Detect MiTM Attack in IoT Networks: A Machine Learning Approach
The Man-in-The-Middle attack is a kind of cyberattack where a perpetrator intercepts an ongoing communication between two parties and uses this communications breach to either eavesdrop on the communicated message or alter the message prior to reaching the intended legitimate receiver. In any IoT network, the basic purpose of any smart device in network is to take part in collecting large amounts of data from various sensors located in geographically dispersed locations and relaying this information to a Master-Device in the IoT network. Once these collected sensors’ data reach the Master device, it relays the sensors’ data to a central database or server via gateways wirelessly. IoT devices are usually designed to be deployed on a mass scale and are also designed to operate in remote and hard-to-reach areas. IoT nodes are usually battery-powered or scavenge power from their surroundings. Hence, IoT device manufacturers give little emphasis to security. In fact, IoT device manufacturers’ main goal is designing nodes that get the job done whilst consuming as little power as possible for as long as possible. Despite their widespread use and ubiquity, IoT networks are highly vulnerable to cyber-attacks like MitM attacks, and identification of these malicious behaviors is mandatory as tampering with IoT data in a malicious manner by adversaries could lead to real-time, real-life catastrophes. The main objective of this study is to build a machine-learning model that detects modified sensor records that originated from IoT networks infected with ARP cache poisoning based on the IoT network’s data patterns. Therefore, to build the model, both Normal and Attack data needed to be generated from an environment that mimics an IoT Network. Hence, for this study, an IoT testbed was built using the NodeMCU ESP32 IoT Module which acts as the master device in the IoT network, a DHT22 Temperature & Humidity Sensor, an MQ2 Gas Sensor, a SW-420 Vibration sensor, and a wireless router. An Adversarial system was also built using a DELL® Core-i3 laptop which runs on Kali Linux with a processor speed of 2.1GHZ and a total installed RAM of 4GB.In this Testbed, data captured from the three sensors are Temperature, Humidity, Smoke in Parts-Per-Million, and the level of vibration which are transmitted to a cloud named ThingSpeak server via a wireless router. In the normal phase, sensors’ values are extracted by the NodeMCU device and then transmitted to the ThingSpeak cloud. This data is then labeled as ‘Normal’ data. The attack phase is performed by the adversarial system which intercepts data coming from the NodeMCU device, modifies it, and sends these modified Sensors’ readings to the ThingSpeak cloud. This data is labeled as ‘Attacked’ data. Machine learning classifiers such as SVM, Naïve Bayes, Decision Trees, KNN, and Adaboost are built to differentiate the sensors’ data as ‘Normal’ or ‘Attacked’ data using the Weka Explorer software based on the IoT Network’s Sensors’ records. Of the five candidate algorithms, Decision Trees had the highest accuracy of 95.125 %.
The Design of A Model to Detect MiTM Attack in IoT Networks: A Machine Learning Approach, GET MORE COMPUTER SCIENCE PROJECT TOPICS AND MATERIALS