ARTEMIS

The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.

An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any malicious activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system.

IDS types range in scope from single computers to large networks. The most common classifications are network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS). A system that monitors important operating system files is an example of an HIDS, while a system that analyzes incoming network traffic is an example of an NIDS. It is also possible to classify IDS by detection approach: the most well-known variants are signature-based detection (recognizing bad patterns, such as malware); and anomaly-based detection (detecting deviations from a model of "good" traffic, which often relies on machine learning), another is reputation-based detection (recognizing the potential threat according to the reputation scores). ARTEMIS uses the detection approach.

The Internet of Things is now being used increasingly in various fields such as healthcare, agriculture, transportation and smart home systems. IoT devices are expected to reach 50 billion devices all over the world by 2020. Taking into account commercial pressures, security is often lacking in IoT. This exposes many critical points of sensor networks that allows an adversary to attack and disrupt the flow in the network and even view private data of the users of these IoT system. Especially in healthcare systems, this can have irreversible effects.

ARTEMIS aims to patch up these security weaknesses of IoT. It will be able to detect unusual activity in the network and create alerts about the situation. During our literature research we have also observed that available anomaly detection datasets do not cover IoT. Another important output of this project is that we will generate a dataset for this purpose using IoT sensors.

We use several different machine learning methods/models for learning the normal behaviour of the system. While monitoring the IoT network system, we use these models again and again with new network data in order to detect the anomalous events. If the system acts different the normal behaviour, we inform the users about it. Informing users is done via Web Graphical User Interface or mailing system.

Users of the system can directly access the ARTEMIS Graphical User Interface via http://artemis.ceng.metu.edu.tr.