A Linux Audit and MQTT-based Security Monitoring Framework.

Along with the significant growth in the number of connected Internet of Things (IoT) devices and increasingly aggressive cyberattacks, IoT cybersecurity has been facing more and more challenges. Security monitoring systems as one of the predominant security hardening approaches are often introduced to computer systems for detecting anomaly activities and ongoing intrusion. System auditing is one of the prevalent approaches for realizing such systems. However, most of the existing monitoring techniques for IoT systems heavily rely on network traffic analysis. In this work, we emphasize the device endpoint itself and propose a flexible and extensible monitoring framework for Linux-based IoT systems. We present the feasibility of the framework by implementing a monitoring prototype and an application simulating real-world IoT surveillance scenario, and conducting comprehensive evaluations on an ARM device. The evaluation results showcase the minimal overhead cost of the proposed monitoring framework and demonstrate the practicability of security monitoring on constrained IoT devices.