AUTHOR=Chang Yue , Hu Teng , Lou Fang , Zeng Tao , Yin Mingyong , Yang Siqi 

TITLE=Anomalous process detection for Internet of Things based on K-Core

JOURNAL=Frontiers in Physics

VOLUME=12

YEAR=2024

URL=https://www.frontiersin.org/journals/physics/articles/10.3389/fphy.2024.1391266

DOI=10.3389/fphy.2024.1391266

ISSN=2296-424X

ABSTRACT=<p>In recent years, Internet of Things security incidents occur frequently, which is often accompanied by malicious events. Therefore, anomaly detection is an important part of Internet of Things security defense. In this paper, we create a process whitelist based on the K-Core decomposition method for detecting anomalous processes in IoT devices. The method first constructs an IoT process network according to the relationships between processes and IoT devices. Subsequently, it creates a whitelist and detect anomalous processes. Our work innovatively transforms process data into a network framework, employing K-Core analysis to identify core processes that signify high popularity. Then, a threshold-based filtering mechanism is applied to formulate the process whitelist. Experimental results show that the unsupervised method proposed in this paper can accurately detect anomalous processes on real-world datasets. Therefore, we believe our algorithm can be widely applied to anomaly process detection, ultimately enhancing the overall security of the IoT.</p>