The growing popularity of Internet-of-Things (IoT) has created the need for network-based traffic anomaly detection systems that could identify misbehaving devices. In this work, we propose a lightweight technique, IoTguard, for identifying malicious traffic flows. IoTguard uses semi-supervised learning to distinguish between malicious and benign device behaviours using the network traffic generated by devices. In order to achieve this, we extracted 39 features from network logs and discard any features containing redundant information. After feature selection, fuzzy C-Mean (FCM) algorithm was trained to obtain clusters discriminating benign traffic from malicious traffic. We studied the feature scores in these clusters and use this information to predict the type of new traffic flows. IoTguard was evaluated using a real-world testbed with more than 30 devices. The results show that IoTguard achieves high accuracy (>98%), in differentiating various types of malicious and benign traffic, with low false positive rates. Furthermore, it has low resource footprint and can operate on OpenWRT enabled access points and COTS computing boards.
|Title of host publication||Proceedings of the 12th International International Conference on Network and System Security (NSS 2018)|
|Number of pages||16|
|Publication status||Published - 2018|
|Name||Lecture Notes in Computer Science|
Hafeez, I., Ding, A. Y., Antikainen, M., & Tarkoma, S. (2018). Real-time IoT Device Activity Detection in Edge Networks. In Proceedings of the 12th International International Conference on Network and System Security (NSS 2018) (Vol. 11058, pp. 221-236). (Lecture Notes in Computer Science; Vol. 11058). Springer. https://doi.org/10.1007/978-3-030-02744-5_17