Deep neural networks (DNNs) are being applied to various areas such as computer vision, autonomous vehicles, and healthcare, etc. However, DNNs are notorious for their high computational complexity and cannot be executed efficiently on resource constrained Internet of Things (IoT) devices. Various solutions have been proposed to handle the high computational complexity of DNNs. Offloading computing tasks of DNNs from IoT devices to cloud/edge servers is one of the most popular and promising solutions. While such remote DNN services provided by servers largely reduce computing tasks on IoT devices, it is challenging for IoT devices to inspect whether the quality of the service meets their service level objectives (SLO) or not. In this paper, we address this problem and propose a novel approach named QIS (quality inspection sampling) that can efficiently inspect the quality of the remote DNN services for IoT devices. To realize QIS, we design a new ID-generation method to generate data (IDs) that can identify the serving DNN models on edge servers. QIS inserts the IDs into the input data stream and implements sampling inspection on SLO violations. The experiment results show that the QIS approach can reliably inspect, with a nearly 100% success rate, the service qualtiy of remote DNN services when the SLA level is 99.9% or lower at the cost of only up to 0.5% overhead.
more »
« less
Fingerprinting Edge and Cloud Services in IoT
Internet of Things (IoT) devices, web
browsers, phones, and even cars may be fingerprinted for
tracking, and their connections routed through or to malicious
entities. When IoT devices interact with a remote service, the
integrity or authentication of that service is not guaranteed. IoT
and other edge devices could be subject to man-in-the-middle
(MiTM) attacks, with IoT devices attempting to connect to remote
services. It is also straight-forward to use phishing or pharming to
convince a user to accept a connection to a potentially malicious
unfamiliar device. These risks could be mitigated by leveraging
information on the edge of the network about the path to and
destination of a connection. In this work we sample packets,
then use packet analysis and local history to identify risky or
suspicious connections. In contrast to other machine learning and
big data approaches, the use of local data enables risk detection
without loss of privacy.
more »
« less
- Award ID(s):
- 1916635
- PAR ID:
- 10296088
- Date Published:
- Journal Name:
- Systematic Approaches to Digital Forensic Engineering: SADFE 2020
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
null (Ed.)Internet of Things (IoT) devices are becoming increasingly prevalent in our environment, yet the process of programming these devices and processing the data they produce remains difficult. Typically, data is processed on device, involving arduous work in low level languages, or data is moved to the cloud, where abundant resources are available for Functions as a Service (FaaS) or other handlers. FaaS is an emerging category of flexible computing services, where developers deploy self-contained functions to be run in portable and secure containerized environments; however, at the moment, these functions are limited to running in the cloud or in some cases at the "edge" of the network using resource rich, Linux-based systems. In this work, we investigate NanoLambda, a portable platform that brings FaaS, high-level language programming, and familiar cloud service APIs to non-Linux and microcontroller-based IoT devices. To enable this, NanoLambda couples a new, minimal Python runtime system that we have designed for the least capable end of the IoT device spectrum, with API compatibility for AWS Lambda and S3. NanoLambda transfers functions between IoT devices (sensors, edge, cloud), providing power and latency savings while retaining the programmer productivity benefits of high-level languages and FaaS. A key feature of NanoLambda is a scheduler that intelligently places function executions across multi-scale IoT deployments according to resource availability and power constraints. We evaluate a range of applications that use NanoLambda to run on devices as small as the ESP8266 with 64KB of ram and 512KB flash storage.more » « less
-
In this paper, we introduce a network entity called point of connection (PoC), which is equipped with customized powerful communication, computing, and storage (CCS) capabilities, and design a data transportation network (DART) of interconnected PoCs to facilitate the provision of Internet of Things (IoT) services. By exploiting the powerful CCS capabilities of PoCs, DART brings both communication and computing services much closer to end devices so that resource-constrained IoT devices could have access to the desired communication and computing services. To achieve the design goals of DART, we further study spectrum-aware placement of edge computing services. We formulate the service placement as a stochastic mixed-integer optimization problem and propose an enhanced coarse-grained fixing procedure to facilitate efficient solution finding. Through extensive simulations, we demonstrate the effectiveness of the resulting spectrum-aware service placement strategies and the proposed solution approach.more » « less
-
Billions of devices in the Internet of Things (IoT) are inter-connected over the internet and communicate with each other or end users. IoT devices communicate through messaging bots. These bots are important in IoT systems to automate and better manage the work flows. IoT devices are usually spread across many applications and are able to capture or generate substantial influx of big data. The integration of IoT with cloud computing to handle and manage big data, requires considerable security measures in order to prevent cyber attackers from adversarial use of such large amount of data. An attacker can simply utilize the messaging bots to perform malicious activities on a number of devices and thus bots pose serious cybersecurity hazards for IoT devices. Hence, it is important to detect the presence of malicious bots in the network. In this paper we propose an evidence theory-based approach for malicious bot detection. Evidence Theory, a.k.a. Dempster Shafer Theory (DST) is a probabilistic reasoning tool and has the unique ability to handle uncertainty, i.e. in the absence of evidence. It can be applied efficiently to identify a bot, especially when the bots have dynamic or polymorphic behavior. The key characteristic of DST is that the detection system may not need any prior information about the malicious signatures and profiles. In this work, we propose to analyze the network flow characteristics to extract key evidence for bot traces. We then quantify these pieces of evidence using apriori algorithm and apply DST to detect the presence of the bots.more » « less
-
Internet-of-things (IoT) introduce new attack surfaces for power grids with the usage of Wi-Fi enabled high wattage appliances. Adversaries can use IoT networks as a foothold to significantly change load demands and cause physical disruptions in power systems. This new IoT-based attack makes current security mechanisms, focusing on either power systems or IoT clouds, ineffective. To defend the attack, we propose to use a data-centric edge computing infrastructure to host defense mechanisms in IoT clouds by integrating physical states in decentralized regions of a power grid. By enforcing security policies on IoT devices, we can significantly limit the range of malicious activities, reducing the impact of IoT-based attacks. To fully understand the impact of data-centric edge computing on IoT clouds and power systems, we developed a cyber-physical testbed simulating six different power grids. Our preliminary results show that performance overhead is negligible, with less than 5% on average.more » « less