TY - GEN
T1 - Real-time IoT Device Activity Detection in Edge Networks
AU - Hafeez, Ibbad
AU - Ding, Aaron Yi
AU - Antikainen, Markku
AU - Tarkoma, Sasu
PY - 2018
Y1 - 2018
N2 - The growing popularity of Internet-of-Things (IoT) has created the need for network-based traffic anomaly detection systems that could identify misbehaving devices. In this work, we propose a lightweight technique, IoTguard, for identifying malicious traffic flows. IoTguard uses semi-supervised learning to distinguish between malicious and benign device behaviours using the network traffic generated by devices. In order to achieve this, we extracted 39 features from network logs and discard any features containing redundant information. After feature selection, fuzzy C-Mean (FCM) algorithm was trained to obtain clusters discriminating benign traffic from malicious traffic. We studied the feature scores in these clusters and use this information to predict the type of new traffic flows. IoTguard was evaluated using a real-world testbed with more than 30 devices. The results show that IoTguard achieves high accuracy (>98%), in differentiating various types of malicious and benign traffic, with low false positive rates. Furthermore, it has low resource footprint and can operate on OpenWRT enabled access points and COTS computing boards.
AB - The growing popularity of Internet-of-Things (IoT) has created the need for network-based traffic anomaly detection systems that could identify misbehaving devices. In this work, we propose a lightweight technique, IoTguard, for identifying malicious traffic flows. IoTguard uses semi-supervised learning to distinguish between malicious and benign device behaviours using the network traffic generated by devices. In order to achieve this, we extracted 39 features from network logs and discard any features containing redundant information. After feature selection, fuzzy C-Mean (FCM) algorithm was trained to obtain clusters discriminating benign traffic from malicious traffic. We studied the feature scores in these clusters and use this information to predict the type of new traffic flows. IoTguard was evaluated using a real-world testbed with more than 30 devices. The results show that IoTguard achieves high accuracy (>98%), in differentiating various types of malicious and benign traffic, with low false positive rates. Furthermore, it has low resource footprint and can operate on OpenWRT enabled access points and COTS computing boards.
UR - http://www4.comp.polyu.edu.hk/~nss2018/
UR - http://homepage.tudelft.nl/8e79t/bib/nss2018.html
U2 - 10.1007/978-3-030-02744-5_17
DO - 10.1007/978-3-030-02744-5_17
M3 - Conference contribution
SN - 978-3-030-02743-8
VL - 11058
T3 - Lecture Notes in Computer Science
SP - 221
EP - 236
BT - Proceedings of the 12th International International Conference on Network and System Security (NSS 2018)
PB - Springer
ER -