H Zahid
Agentless approach for security information and event management in industrial IoT
Zahid, H; Hina, S; Hayat, MF; Shah, GA
Abstract
The Internet of Things (IoT) provides ease of real-time communication in homes, industries, health care, and many other dependable and interconnected sectors. However, in recent years, smart infrastructure, including cyber-physical industries, has witnessed a severe disruption of operation due to privilege escalation, exploitation of misconfigurations, firmware hijacking, malicious node injection, botnets, and other malware infiltrations. The proposed agentless module for Wazuh security information and event management (SIEM) solution contributes to securing small- to large-scale IoT networks of industry 4.0. An agentless module is implemented by vigilantly examining the IoT device traffic without installing any agent or software on the endpoints. In the proposed research scheme, a module sniffs the network traffic of IoT devices captured from the gateway and passes it to a machine learning model for initial detection and prediction. The output of the ML model is embedded in the JSON log format and passed through the Wazuh agent to the Wazuh server where a decoder is added that decodes the network traffic logs. For event monitoring in Wazuh, industrial protocols are also thoroughly analyzed, and the feature set is determined. These features are used to write rules which are tested on the SWaT dataset, utilizing a common industrial protocol (CIP) for communication. Custom and dynamic rules are written at the Wazuh end to generate alerts to respond to any anomaly detected by the machine learning (ML) model or in the protocols used. Finally, in case of any event or an attack is detected, the alerts are fired on the Wazuh dashboard. This agentless SIEM solution has practical implications for the security of the industrial control systems of industry 4.0.
Citation
Zahid, H., Hina, S., Hayat, M., & Shah, G. (in press). Agentless approach for security information and event management in industrial IoT. Electronics, 12(8), 1831. https://doi.org/10.3390/electronics12081831
Journal Article Type | Article |
---|---|
Acceptance Date | Mar 29, 2023 |
Online Publication Date | Apr 12, 2023 |
Deposit Date | Apr 18, 2023 |
Publicly Available Date | Apr 18, 2023 |
Journal | Electronics |
Publisher | MDPI |
Volume | 12 |
Issue | 8 |
Pages | 1831 |
DOI | https://doi.org/10.3390/electronics12081831 |
Publisher URL | https://doi.org/10.3390/electronics12081831 |
Files
Published Version
(11 Mb)
PDF
Licence
http://creativecommons.org/licenses/by/4.0/
Publisher Licence URL
http://creativecommons.org/licenses/by/4.0/
You might also like
CyberEntRel: Joint Extraction of Cyber Entities and Relations using Deep Learning
(2023)
Journal Article
An automated context-aware IoT vulnerability assessment rule-set generator
(2022)
Journal Article
Downloadable Citations
About USIR
Administrator e-mail: library-research@salford.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search