An Architecture of Enhanced Profiling Assurance for IoT Networks

Attacks launched from IoT networks can cause significant damage to critical network systems and services. IoT networks may contain a large volume of devices. Protecting these devices from being abused to launch traffic amplification attacks is critical. The manufacturer usage description (MUD) architecture uses pre-defined stateless access control rules to allow or block specific network traffic without stateful communication inspection. This can lead to false negative filtering of malicious traffic, as the MUD architecture does not include the monitoring of communication states to determine which connections to allow through. This study presents a novel solution, the enhanced profiling assurance (EPA) architecture. It incorporates both stateless and stateful communication inspection, a unique approach that enhances the detection effectiveness of the MUD architecture. EPA contains layered intrusion detection and prevention systems to monitor stateful and stateless communication. It adopts three-way decision theory with three outcomes: allow, deny, and uncertain. Packets that are marked as uncertain must be continuously monitored to determine access permission. Our analysis, conducted with two network scenarios, demonstrates the superiority of the EPA over the MUD architecture in detecting malicious activities.