Intrusion Detection on IoT Services using Event Network Correlation

이벤트 네트워크 상관분석을 이용한 IoT 서비스에서의 침입탐지

  • Park, Boseok (School of Computer Science and Engineering, Graduate School, Kyungpook National University) ;
  • Kim, Sangwook (School of Computer Science and Engineering, Graduate School, Kyungpook National University)
  • Received : 2019.09.08
  • Accepted : 2019.12.23
  • Published : 2020.01.31


As the number of internet-connected appliances and the variety of IoT services are rapidly increasing, it is hard to protect IT assets with traditional network security techniques. Most traditional network log analysis systems use rule based mechanisms to reduce the raw logs. But using predefined rules can't detect new attack patterns. So, there is a need for a mechanism to reduce congested raw logs and detect new attack patterns. This paper suggests enterprise security management for IoT services using graph and network measures. We model an event network based on a graph of interconnected logs between network devices and IoT gateways. And we suggest a network clustering algorithm that estimates the attack probability of log clusters and detects new attack patterns.


Supported by : Kyungpook National University


  1. Technology Strategies for IoT Security, (accessed August 24, 2019).
  2. C.M. Saranya and K.P. Nitha, "Analysis of Security methods in Internet of Things," International Journal on Recent and Innovation Trends in Computing and Communication, Vol. 3, No. 4, pp. 1970-1974, 2015.
  3. P. Kim and S. Kim, "Detecting Community Structure in Complex Networks Using an Interaction Optimization Process," International Journal of Physica A, Vol. 46, No. 5, pp. 525-542, 2017.
  4. S. Ryu and S. Kim, "Development of an Integrated IoT System for Searching Dependable Device based on User Property," Journal of Korea Multimedia Society, Vol. 20, No. 5, pp. 791-799, 2017.
  5. A. Buczak and E. Guven, "Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection," IEEE Communications Surveys and Tutorials, Vol. 18, No. 2, pp. 1153-1176, 2015.
  6. K. Koh, S. Lee, and S. Ahn, "A Study on the Direction of Security Control of IoT Environment," Journal of Korea Convergence Security, Vol. 15, No. 5, pp. 53-59, 2015.
  7. D. Schnackengerg, H. Holliday, R. Smith, K. Djahandari, and D. Sterne, "Cooperative Intrusion Traceback and Response Architecture (CITRA)," Proceeding of Defense Advanced Research Project Agency Information Survivability Conference and Exposition II , pp. 56-68, 2001.
  8. B. Park, T. Lee, and J. Kwak, "Blockchain-Based IoT Device Authentication Scheme," Journal of the Korea Institute of Information Security and Cryptology, Vol. 27, No. 2, pp. 343-351, 2017.
  9. S. Sekharan and K. Kandasamy, "Profiling SIEM Tools and Correlation Engines for Security Analytics," Proceeding of International Conference on Wireless Communications, Signal Processing and Networking, pp. 717-721, 2017.
  10. D. Olson and D. Delen, Advanced Data Mining Techniques, Springer, New York, 2008.
  11. The BoT-IoT Dataset, (accessed November 4, 2019).