Real-time IoT Device Activity Detection in Edge Networks

Ibbad Hafeez; Aaron Yi Ding; Markku Antikainen; Sasu Tarkoma

doi:10.1007/978-3-030-02744-5_17

Real-time IoT Device Activity Detection in Edge Networks

Ibbad Hafeez, Aaron Yi Ding, Markku Antikainen, Sasu Tarkoma

Information and Communication Technology

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

50 Downloads (Pure)

Abstract

The growing popularity of Internet-of-Things (IoT) has created the need for network-based traffic anomaly detection systems that could identify misbehaving devices. In this work, we propose a lightweight technique, IoTguard, for identifying malicious traffic flows. IoTguard uses semi-supervised learning to distinguish between malicious and benign device behaviours using the network traffic generated by devices. In order to achieve this, we extracted 39 features from network logs and discard any features containing redundant information. After feature selection, fuzzy C-Mean (FCM) algorithm was trained to obtain clusters discriminating benign traffic from malicious traffic. We studied the feature scores in these clusters and use this information to predict the type of new traffic flows. IoTguard was evaluated using a real-world testbed with more than 30 devices. The results show that IoTguard achieves high accuracy (>98%), in differentiating various types of malicious and benign traffic, with low false positive rates. Furthermore, it has low resource footprint and can operate on OpenWRT enabled access points and COTS computing boards.

Original language	English
Title of host publication	Proceedings of the 12th International International Conference on Network and System Security (NSS 2018)
Publisher	Springer
Pages	221-236
Number of pages	16
Volume	11058
ISBN (Electronic)	978-3-030-02744-5
ISBN (Print)	978-3-030-02743-8
DOIs	https://doi.org/10.1007/978-3-030-02744-5_17
Publication status	Published - 2018

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	11058
ISSN (Print)	0302-9743

Access to Document

10.1007/978-3-030-02744-5_17

post-print-nss18Accepted author manuscript, 808 KB

Cite this

@inproceedings{953b2d0ced6a412c87453a36b31342dc,

title = "Real-time IoT Device Activity Detection in Edge Networks",

abstract = "The growing popularity of Internet-of-Things (IoT) has created the need for network-based traffic anomaly detection systems that could identify misbehaving devices. In this work, we propose a lightweight technique, IoTguard, for identifying malicious traffic flows. IoTguard uses semi-supervised learning to distinguish between malicious and benign device behaviours using the network traffic generated by devices. In order to achieve this, we extracted 39 features from network logs and discard any features containing redundant information. After feature selection, fuzzy C-Mean (FCM) algorithm was trained to obtain clusters discriminating benign traffic from malicious traffic. We studied the feature scores in these clusters and use this information to predict the type of new traffic flows. IoTguard was evaluated using a real-world testbed with more than 30 devices. The results show that IoTguard achieves high accuracy (>98%), in differentiating various types of malicious and benign traffic, with low false positive rates. Furthermore, it has low resource footprint and can operate on OpenWRT enabled access points and COTS computing boards.",

author = "Ibbad Hafeez and Ding, {Aaron Yi} and Markku Antikainen and Sasu Tarkoma",

year = "2018",

doi = "10.1007/978-3-030-02744-5_17",

language = "English",

isbn = "978-3-030-02743-8",

volume = "11058",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "221--236",

booktitle = "Proceedings of the 12th International International Conference on Network and System Security (NSS 2018)",

}

Real-time IoT Device Activity Detection in Edge Networks. / Hafeez, Ibbad; Ding, Aaron Yi; Antikainen, Markku et al.
Proceedings of the 12th International International Conference on Network and System Security (NSS 2018). Vol. 11058 Springer, 2018. p. 221-236 (Lecture Notes in Computer Science; Vol. 11058).

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Real-time IoT Device Activity Detection in Edge Networks

AU - Hafeez, Ibbad

AU - Ding, Aaron Yi

AU - Antikainen, Markku

AU - Tarkoma, Sasu

PY - 2018

Y1 - 2018

N2 - The growing popularity of Internet-of-Things (IoT) has created the need for network-based traffic anomaly detection systems that could identify misbehaving devices. In this work, we propose a lightweight technique, IoTguard, for identifying malicious traffic flows. IoTguard uses semi-supervised learning to distinguish between malicious and benign device behaviours using the network traffic generated by devices. In order to achieve this, we extracted 39 features from network logs and discard any features containing redundant information. After feature selection, fuzzy C-Mean (FCM) algorithm was trained to obtain clusters discriminating benign traffic from malicious traffic. We studied the feature scores in these clusters and use this information to predict the type of new traffic flows. IoTguard was evaluated using a real-world testbed with more than 30 devices. The results show that IoTguard achieves high accuracy (>98%), in differentiating various types of malicious and benign traffic, with low false positive rates. Furthermore, it has low resource footprint and can operate on OpenWRT enabled access points and COTS computing boards.

AB - The growing popularity of Internet-of-Things (IoT) has created the need for network-based traffic anomaly detection systems that could identify misbehaving devices. In this work, we propose a lightweight technique, IoTguard, for identifying malicious traffic flows. IoTguard uses semi-supervised learning to distinguish between malicious and benign device behaviours using the network traffic generated by devices. In order to achieve this, we extracted 39 features from network logs and discard any features containing redundant information. After feature selection, fuzzy C-Mean (FCM) algorithm was trained to obtain clusters discriminating benign traffic from malicious traffic. We studied the feature scores in these clusters and use this information to predict the type of new traffic flows. IoTguard was evaluated using a real-world testbed with more than 30 devices. The results show that IoTguard achieves high accuracy (>98%), in differentiating various types of malicious and benign traffic, with low false positive rates. Furthermore, it has low resource footprint and can operate on OpenWRT enabled access points and COTS computing boards.

UR - http://www4.comp.polyu.edu.hk/~nss2018/

UR - http://homepage.tudelft.nl/8e79t/bib/nss2018.html

U2 - 10.1007/978-3-030-02744-5_17

DO - 10.1007/978-3-030-02744-5_17

M3 - Conference contribution

SN - 978-3-030-02743-8

VL - 11058

T3 - Lecture Notes in Computer Science

SP - 221

EP - 236

BT - Proceedings of the 12th International International Conference on Network and System Security (NSS 2018)

PB - Springer

ER -

Real-time IoT Device Activity Detection in Edge Networks

Abstract

Publication series

Access to Document

Other files and links

Fingerprint

Cite this