Network Traffic Analysis for Threat Detection in the Internet of Things

As the prevalence of the Internet of Things (IoT) continues to increase, cyber criminals are quick to exploit the security gaps that many devices are inherently designed with. Users cannot be expected to tackle this threat alone, and many current solutions available for network monitoring are simply not accessible or can be difficult to implement for the average user, which is a gap that needs to be addressed. This article presents an effective signature-based solution to monitor, analyze, and detect potentially malicious traffic for IoT ecosystems in the typical home network environment by utilizing passive network sniffing techniques and a cloud application to monitor anomalous activity. The proposed solution focuses on two attack and propagation vectors leveraged by the infamous Mirai botnet, namely DNS and Telnet. Experimental evaluation demonstrates the proposed solution can detect 98.35 percent of malicious DNS traffic and 99.33 percent of Telnet traffic for an overall detection accuracy of 98.84 percent.

[1]  Qiang Cao,et al.  Fending off IoT-hunting attacks at home networks , 2017, CAN@CoNEXT.

[2]  Ítalo S. Cunha,et al.  The Evolution of Bashlite and Mirai IoT Botnets , 2018, 2018 IEEE Symposium on Computers and Communications (ISCC).

[3]  Mohammad Hammoudeh,et al.  A Survey on Network Security Monitoring Systems , 2016, 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW).

[4]  John P. Isaacs,et al.  Evaluating Awareness and Perception of Botnet Activity within Consumer Internet-of-Things (IoT) Networks , 2019, Informatics.

[5]  Bamidele Adebisi,et al.  Internet of Things: Evolution and technologies from a security perspective , 2020, Sustainable Cities and Society.

[6]  Ali Dehghantanha,et al.  Threats on the horizon: understanding security threats in the era of cyber-physical systems , 2019, The Journal of Supercomputing.

[7]  Ali Kashif Bashir,et al.  A novel dynamic framework to detect DDoS in SDN using metaheuristic clustering , 2019, Trans. Emerg. Telecommun. Technol..

[8]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[9]  Praveen Kumar Reddy Maddikunta,et al.  A metaheuristic optimization approach for energy efficiency in the IoT networks , 2020, Softw. Pract. Exp..

[10]  Joarder Kamruzzaman,et al.  A novel Ensemble of Hybrid Intrusion Detection System for Detecting Internet of Things Attacks , 2019, Electronics.

[11]  Ali Kashif Bashir,et al.  Threats to critical infrastructure from AI and human intelligence , 2018, The Journal of Supercomputing.

[12]  Tooska Dargahi,et al.  PROUD: Verifiable Privacy-preserving Outsourced Attribute Based SignCryption supporting access policy Update for cloud assisted IoT applications , 2020, Future Gener. Comput. Syst..

[13]  Mohsen Guizani,et al.  The rise of ransomware and emerging security challenges in the Internet of Things , 2017, Comput. Networks.