LUP Student Papers

Intrusion Detection on Network Video Surveillance Systems

• Mark

Abstract

The number of connected IoT devices increases rapidly and so do cyber threats against them. In contrast to high-end computers, IoT devices are extra vulnerable to threats since they many times don’t have the same defense mechanisms because of their limited resources. Intrusion detection systems (IDS) are typically used to monitor IoT devices externally on a server/client setup. The purpose of this thesis however is to find IDS solutions that run smoothly on resource constrained IoT devices, surveillance cameras more specifically, and are able to detect the most feasible and critical attacks.
Three IDS:s were tested: Sagan, Samhain and Microsoft Defender for IoT. A set of attacks were simulated against an Axis surveillance camera monitored... (More)

The number of connected IoT devices increases rapidly and so do cyber threats against them. In contrast to high-end computers, IoT devices are extra vulnerable to threats since they many times don’t have the same defense mechanisms because of their limited resources. Intrusion detection systems (IDS) are typically used to monitor IoT devices externally on a server/client setup. The purpose of this thesis however is to find IDS solutions that run smoothly on resource constrained IoT devices, surveillance cameras more specifically, and are able to detect the most feasible and critical attacks.
Three IDS:s were tested: Sagan, Samhain and Microsoft Defender for IoT. A set of attacks were simulated against an Axis surveillance camera monitored by each IDS one by one. Their attack detection capabilities as well as performance in terms of CPU- and RAM usage were used to assess the different solutions.
The results showed that Sagan is not a feasible solution to run on surveillance cameras as it is too memory demanding. Both Samhain and Microsoft Defender for IoT demonstrated good attack detection capabilities. Samhain proved to be light on system resources and Defender for IoT is run externally and thus adds no extra system overhead. (Less)

Popular Abstract

Internet Of Things (IoT) are networks of devices embedded with software, sensors etc. communicating and sharing data with each other and/or external cloud servers. Connected IoT devices has increased explosively in recent years and they can now be found everywhere. Smart watches, weather stations, telematic systems and surveillance cameras are all examples of IoT devices.

As the number of connected IoT devices increases, so does cyber threats against them. One major difference between an IoT device and a standard PC is that an IoT device typically possesses far less resources in terms of computational power, RAM and secondary memory. This makes IoT devices considerably more vulnerable to attacks. On a regular PC, advanced antivirus... (More)

Internet Of Things (IoT) are networks of devices embedded with software, sensors etc. communicating and sharing data with each other and/or external cloud servers. Connected IoT devices has increased explosively in recent years and they can now be found everywhere. Smart watches, weather stations, telematic systems and surveillance cameras are all examples of IoT devices.

As the number of connected IoT devices increases, so does cyber threats against them. One major difference between an IoT device and a standard PC is that an IoT device typically possesses far less resources in terms of computational power, RAM and secondary memory. This makes IoT devices considerably more vulnerable to attacks. On a regular PC, advanced antivirus software can help protect the system without causing any notable drops in performance. On a resource constrained IoT device such software is infeasible.

One way of protecting IoT devices is to monitor them using an intrusion detection system (IDS). An IDS:s sole purpose is to monitor network traffic or systems for potential intrusion attempts. No acting is made from the IDS on found attacks and intrusions, instead they typically generate alerts for the system administrators and maintainers to act on.

There are many different types of IDS:s. The two main categories are host based and network based. Host based systems monitor internal system behaviours and activities and are often placed on the system it is monitoring. The network based solutions monitor network traffic and monitor other devices on the network. Additionally, there are different methods of detecting intrusion. Signature based IDS:s compares network traffic or system logs with known attack signatures. Anomaly based intrusion detection is the type of IDS which attempts to detect abnormal behaviours which deviate from normal activity. They typically use machine learning algorithms to accomplish this.

The purpose of this thesis is to try and find IDS:s that run smoothly on a surveillance camera and detect feasible attacks with critical impact on the system. (Less)