A Flexible Approach For Creating and Enforcing Intrusion Detection Rules On Internet of Things Networks

Abstract

Securing IoT devices is not an easy task, but crucial due to the rapid growth of the IoT market in the recent past. For that, Network Intrusion Detection Systems (NIDS, or IDS for short) can be used to employ defenses on IoT environments by making use of rules to detect anomalies on the network traffic. Due to the nature of this market, usability must be treated as a crucial feature of these systems, especially on the process of creating the aforementioned rules. In this work, we present IoT-Flows: a platform built on traditional IDS’s concepts such as network monitoring and generation of alerts once an anomaly is detected, but that focus on enabling users to create rules in an intuitive way with a user-interface (UI). To evaluate the proposed platform focusing specifically on usability, we compared it with Suricata, the most popular open-source IDS. We focused the evaluation on the process of creating the rules with a usability test of both systems where the participants were assigned the task of creating a rule to detect a popular distributed denial-of-service attack (DDoS) attack. After the test, we applied a System Usability Scale (SUS) questionnaire, which is tool to evaluate usability of a given system combined with open-ended questions and general observations throughout the test. After analyzing the results of both quantitative and qualitative feedback, we found the consensus among the participants was that Suricata, albeit providing a complete documentation, lacks flexibility for creating the rules due to its complex syntax and non-existing user-interface (UI), being a negative point particularly for non-experienced users. For the proposed system, IoT-Flows, the participants highlighted its UI and flexibility as its strongest points, providing an intuitive way of creating the rules. However, they also noted that creating the rules was slower if compared to Suricata. During this work, we observed that usability is indeed a crucial point that needs to be taken into consideration when developing security systems, especially if the systems target IoT contexts, where the presence of non-IT users is a common thing.