NSS 2018 Real-time IoT Device Activity Detection in Edge Networks Abstract: The growing popularity of Internet-of-Things (IoT) has created the need for network-based traffic anomaly detection systems that could identify misbehaving devices. In this work, we propose a lightweight technique, IoTguard, for identifying malicious traffic flows. IoTguard uses semi-supervised learning to distinguish between malicious and benign device behaviours using the network traffic generated by devices. In order to achieve this, we extracted 39 features from network logs and discard any features containing redundant information. After feature selection, fuzzy C-Mean (FCM) algorithm was trained to obtain clusters discriminating benign traffic from malicious traffic. We studied the feature scores in these clusters and use this information to predict the type of new traffic flows. IoTguard was evaluated using a real-world testbed with more than 30 devices. The results show that IoTguard achieves high accuracy (>98%), in differentiating various types of malicious and benign traffic, with low false positive rates. Furthermore, it has low resource footprint and can operate on OpenWRT enabled access points and COTS computing boards. Pre-camera PDFBibTeX:
@Inbook{Hafeez:NSS2018,
author = {Hafeez, Ibbad and Ding, Aaron Yi and Antikainen, Markku and Tarkoma, Sasu},
title = {Real-time IoT Device Activity Detection in Edge Networks},
booktitle = {Proceedings of the 12th International Conference on Network and System Security},
series = {NSS '18},
year = {2018},
location = {Hong Kong, China},
publisher = {Springer International Publishing},
pages = {221--236},
doi = {10.1007/978-3-030-02744-5_17},
}
How to cite:
Ibbad Hafeez, Aaron Yi Ding, Markku Antikainen, Sasu Tarkoma. Real-time IoT Device Activity Detection in Edge Networks. In Proceedings of the 12th International Conference on Network and System Security (NSS '18).