Behavior Anomaly Detection in IoT Networks

Data encryption makes deep packet inspection less suitable nowadays, and the need of analyzing encrypted traffic is growing. Machine learning brings new options to recognize a type of communication despite the heterogeneity of encrypted IoT traffic right at the network edge. We propose the design of scalable architecture and the method for behavior anomaly detection in IoT networks. Combination of two existing semi-supervised techniques that we used ensures higher reliability of anomaly detection and improves results achieved by a single method. We describe conducted classification and anomaly detection experiments allowed thanks to existing and our training datasets. Presented satisfying results provide a subject for further work and allow us to elaborate on this idea.

[1]  Pavel Celeda,et al.  A survey of methods for encrypted traffic classification and analysis , 2015, Int. J. Netw. Manag..

[2]  Sasu Tarkoma,et al.  Real-Time IoT Device Activity Detection in Edge Networks , 2018, NSS.

[3]  Martin Kopp,et al.  Community-based anomaly detection , 2018, 2018 IEEE International Workshop on Information Forensics and Security (WIFS).

[4]  Vijay Sivaraman,et al.  Classifying IoT Devices in Smart Environments Using Network Traffic Characteristics , 2019, IEEE Transactions on Mobile Computing.

[5]  Mustafizur R. Shahid,et al.  IoT Devices Recognition Through Network Traffic Analysis , 2018, 2018 IEEE International Conference on Big Data (Big Data).

[6]  Qusay H. Mahmoud,et al.  A Two-Level Hybrid Model for Anomalous Activity Detection in IoT Networks , 2019, 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[7]  Alejandro Zunino,et al.  An empirical comparison of botnet detection methods , 2014, Comput. Secur..

[8]  Ivan Martinovic,et al.  MalAlert: Detecting Malware in Large-Scale Network Traffic Using Statistical Features , 2019, PERV.

[9]  Ali Alqazzaz,et al.  AD-IoT: Anomaly Detection of IoT Cyberattacks in Smart City Using Machine Learning , 2019, 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC).

[10]  Blake Anderson,et al.  Identifying Encrypted Malware Traffic with Contextual Flow Data , 2016, AISec@CCS.

[11]  A. Nur Zincir-Heywood,et al.  A Comparison of three machine learning techniques for encrypted network traffic analysis , 2011, 2011 IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA).

[12]  Dimitris Gritzalis,et al.  Automatic Detection of Various Malicious Traffic Using Side Channel Features on TCP Packets , 2018, ESORICS.