TY - JOUR
T1 - IoT-KEEPER
T2 - Detecting Malicious IoT Network Activity Using Online Traffic Analysis at the Edge
AU - Hafeez, Ibbad
AU - Antikainen, Markku
AU - Ding, Aaron Yi
AU - Tarkoma, Sasu
PY - 2020
Y1 - 2020
N2 - IoT devices are notoriously vulnerable even to trivial attacks and can be easily compromised. In addition, resource constraints and heterogeneity of IoT devices make it impractical to secure IoT installations using traditional endpoint and network security solutions. To address this problem, we present IoT-Keeper, a lightweight system which secures the communication of IoT. IoT-Keeper uses our proposed anomaly detection technique to perform traffic analysis at edge gateways. It uses a combination of fuzzy C-means clustering and fuzzy interpolation scheme to analyze network traffic and detect malicious network activity. Once malicious activity is detected, IoT-Keeper automatically enforces network access restrictions against IoT device generating this activity, and prevents it from attacking other devices or services. We have evaluated IoT-Keeper using a comprehensive dataset, collected from a real-world testbed, containing popular IoT devices. Using this dataset, our proposed technique achieved high accuracy (≈0.98) and low false positive rate (≈0.02) for detecting malicious network activity. Our evaluation also shows that IoT-Keeper has low resource footprint, and it can detect and mitigate various network attacks - without requiring explicit attack signatures or sophisticated hardware.
AB - IoT devices are notoriously vulnerable even to trivial attacks and can be easily compromised. In addition, resource constraints and heterogeneity of IoT devices make it impractical to secure IoT installations using traditional endpoint and network security solutions. To address this problem, we present IoT-Keeper, a lightweight system which secures the communication of IoT. IoT-Keeper uses our proposed anomaly detection technique to perform traffic analysis at edge gateways. It uses a combination of fuzzy C-means clustering and fuzzy interpolation scheme to analyze network traffic and detect malicious network activity. Once malicious activity is detected, IoT-Keeper automatically enforces network access restrictions against IoT device generating this activity, and prevents it from attacking other devices or services. We have evaluated IoT-Keeper using a comprehensive dataset, collected from a real-world testbed, containing popular IoT devices. Using this dataset, our proposed technique achieved high accuracy (≈0.98) and low false positive rate (≈0.02) for detecting malicious network activity. Our evaluation also shows that IoT-Keeper has low resource footprint, and it can detect and mitigate various network attacks - without requiring explicit attack signatures or sophisticated hardware.
KW - activity detection
KW - anomaly detection
KW - IoT
KW - network
KW - privacy
KW - security
KW - traffic classification
UR - http://www.scopus.com/inward/record.url?scp=85082080776&partnerID=8YFLogxK
U2 - 10.1109/TNSM.2020.2966951
DO - 10.1109/TNSM.2020.2966951
M3 - Article
SN - 1932-4537
VL - 17
SP - 45
EP - 59
JO - IEEE Transactions on Network and Service Management
JF - IEEE Transactions on Network and Service Management
IS - 1
M1 - 8960276
ER -