Abstract
The growing popularity of Internet-of-Things (IoT) has created the need for network-based traffic anomaly detection systems that could identify misbehaving devices. In this work, we propose a lightweight technique, IoTguard, for identifying malicious traffic flows. IoTguard uses semi-supervised learning to distinguish between malicious and benign device behaviours using the network traffic generated by devices. In order to achieve this, we extracted 39 features from network logs and discard any features containing redundant information. After feature selection, fuzzy C-Mean (FCM) algorithm was trained to obtain clusters discriminating benign traffic from malicious traffic. We studied the feature scores in these clusters and use this information to predict the type of new traffic flows. IoTguard was evaluated using a real-world testbed with more than 30 devices. The results show that IoTguard achieves high accuracy (\({\ge }98\%\)), in differentiating various types of malicious and benign traffic, with low false positive rates. Furthermore, it has low resource footprint and can operate on OpenWRT enabled access points and COTS computing boards.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
\(d: D \mid d(A_{ki})=(1/4) (a_{ki} + 2\times b_{ki} + c_{ki})\) for triangular set \(A_{ki}\).
References
Kdd cup 1999 data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 18 July 2016
Senrio. 400,000 publicly available IoT devices vulnerable to single flaw. https://bit.ly/2Ieghvu. Accessed 5 May 2016
Agrawal, R., Srikant, R.: Fast algorithms for mining association rules in large databases. In: Proceedings of the 20th International Conference on Very Large Data Bases, VLDB 1994, pp. 487–499 (1994)
Akbar, S., et al.: Improving network security using machine learning techniques. In: 2012 IEEE International Conference on Computational Intelligence and Computing Research, pp. 1–5 (2012)
Aranganayagi, S., Thangavel, K.: Clustering categorical data using silhouette coefficient as a relocating measure. In: International Conference on Computational Intelligence and Multimedia Applications (ICCIMA 2007), vol. 2, pp. 13–17 (2007)
Barrera, D., Molloy, I., Huang, H.: IDIoT: securing the Internet of Things like it’s 1994. CoRR abs/1712.03623 (2017)
Bekerman, D., et al.: Unknown malware detection using network traffic classification. In: 2015 IEEE Conference on Communications and Network Security (CNS), pp. 134–142 (2015)
Bohara, A., Thakore, U., Sanders, W.H.: Intrusion detection in enterprise systems by combining and clustering diverse monitor data. In: Proceedings of the Symposium and Bootcamp on the Science of Security, HotSos 2016, pp. 7–16 (2016)
Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: Smote: synthetic minority over-sampling technique. J. Artif. Int. Res. 16(1), 321–357 (2002)
Cheng, S.M., et al.: Traffic-aware patching for cyber security in mobile IoT. IEEE Commun. Mag. 55(7), 29–35 (2017)
Gu, G., Perdisci, R., Zhang, J., Lee, W.: Botminer: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th Conference on Security Symposium, SS 2008, pp. 139–154 (2008)
Jeyakumar, V., Madani, O., ParandehGheibi, A., Yadav, N.: Data driven data center network security. In: Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics, IWSPA 2016, p. 48 (2016)
Roux, J., et al.: Toward an intrusion detection approach for IoT based on radio communications profiling. In: 13th European Dependable Computing Conference, Geneva, Switzerland, p. 4p. (2017)
Lu, W., et al.: Automatic discovery of botnet communities on large-scale communication networks. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS 2009, pp. 1–10 (2009)
Martindale, J.: Nearly 30 percent of all web traffic is sent by malicious bots. https://www.digitaltrends.com/web/bad-bots-intrnet/. Accessed 6 Apr 2018
McMillan, R.: Up to three percent of internet traffic is malicious, researcher says. https://www.csoonline.com/article/2122506/data-protection/up-to-three-percent-of-internet-traffic-is-malicious-researcher-says.html. Accessed 6 Apr 2018
Meidan, Y., et al.: Detection of unauthorized IoT devices using machine learning techniques. CoRR abs/1709.04647 (2017). http://arxiv.org/abs/1709.04647
Meidan, Y., et al.: Profiliot: a machine learning approach for IoT device identification based on network traffic analysis. In: Proceedings of the Symposium on Applied Computing, SAC 2017, pp. 506–509 (2017)
Miettinen, M., et al.: IoT sentinel: automated device-type identification for security enforcement in IoT. In: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp. 2177–2184 (2017)
Narvekar, M., Syed, S.F.: An optimized algorithm for association rule miningusing FP tree. Procedia Comput. Sci. 45(Supplement C), 101–110 (2015). http://www.sciencedirect.com/science/article/pii/S1877050915003336. International Conference on Advanced Computing Technologies and Applications
Nguyen, T.T.T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE Commun. Surv. Tutor. 10(4), 56–76 (2008)
Nordum, A.: Popular internet of things forecast of 50 billion devices by 2020 is outdated. https://bit.ly/2K2Tk3Z. Accessed 7 May 2017
Patton, M., et al.: Uninvited connections: a study of vulnerable devices on the Internet of Things (IoT). In: 2014 IEEE Joint Intelligence and Security Informatics Conference, pp. 232–235 (2014)
Pauli, D.: 414,949 d-link cameras, IoT devices can be hijacked over the net. https://www.theregister.co.uk/2016/07/08/414949_dlink_cameras_iot_devices_can_be_hijacked_over_the_net/. Accessed 7 May 2017
Ran, J., Kong, X., Lin, G., Yuan, D., Hu, H.: A self-adaptive network traffic classification system with unknown flow detection. In: 2017 3rd IEEE International Conference on Computer and Communications (ICCC), pp. 1215–1220 (2017)
ur Rehman, Z., Idris, A., Khan, A., : Multi-dimensional scaling based grouping of known complexes and intelligent protein complex detection. Comput. Biol. Chem. 74, 149–156 (2018). https://doi.org/10.1016/j.compbiolchem.2018.03.023
Shanmugam, B., Idris, N.B.: Improved intrusion detection system using fuzzy logic for detecting anamoly and misuse type of attacks. In: 2009 International Conference of Soft Computing and Pattern Recognition, pp. 212–217 (2009)
Shanmugavadivu, R., Nagarajan, N.: Network intrusion detection system using fuzzy logic. Indian J. Comput. Sci. Eng. (IJCSE) 2(1), 101–111 (2001)
Strayer, W.T., Lapsely, D., Walsh, R., Livadas, C.: Botnet detection based on network behavior. In: Lee, W., Wang, C., Dagon, D. (eds.) Botnet Detection. Advances in Information Security, vol. 36, pp. 1–24. Springer, Boston (2008). https://doi.org/10.1007/978-0-387-68768-1_1
Trauwaert, E.: On the meaning of dunn’s partition coefficient for fuzzy clusters. Fuzzy Sets Syst. 25(2), 217–242 (1988)
Yi, L., Shi, Y.: Research on abnormal traffic classification of web camera based on supervised learning and semi-supervised learning. In: 2017 3rd IEEE International Conference on Computer and Communications (ICCC), pp. 547–551 (2017)
Zhou, K., et al.: Fuzziness parameter selection in fuzzy c-means: the perspective of cluster validation. Sci. China Inf. Sci. 57(11), 1–8 (2014)
Acknowledgements
The work was supported in part by the Business Finland PraNA research project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Hafeez, I., Ding, A.Y., Antikainen, M., Tarkoma, S. (2018). Real-Time IoT Device Activity Detection in Edge Networks. In: Au, M., et al. Network and System Security. NSS 2018. Lecture Notes in Computer Science(), vol 11058. Springer, Cham. https://doi.org/10.1007/978-3-030-02744-5_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-02744-5_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02743-8
Online ISBN: 978-3-030-02744-5
eBook Packages: Computer ScienceComputer Science (R0)