Machine learning DDoS detection for consumer internet of things devices

Rohan Doshi, Noah Apthorpe, Nick Feamster

Research output: Chapter in Book/Report/Conference proceedingConference contribution

65 Scopus citations

Abstract

An increasing number of Internet of Things (IoT) devices are connecting to the Internet, yet many of these devices are fundamentally insecure, exposing the Internet to a variety of attacks. Botnets such as Mirai have used insecure consumer IoT devices to conduct distributed denial of service (DDoS) attacks on critical Internet infrastructure. This motivates the development of new techniques to automatically detect consumer IoT attack traffic. In this paper, we demonstrate that using IoT-specific network behaviors (e.g., limited number of endpoints and regular time intervals between packets) to inform feature selection can result in high accuracy DDoS detection in IoT network traffic with a variety of machine learning algorithms, including neural networks. These results indicate that home gateway routers or other network middleboxes could automatically detect local IoT device sources of DDoS attacks using low-cost machine learning algorithms and traffic data that is flow-based and protocol-agnostic.

Original languageEnglish (US)
Title of host publicationProceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages29-35
Number of pages7
ISBN (Print)9780769563497
DOIs
StatePublished - Aug 2 2018
Event2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018 - San Francisco, United States
Duration: May 24 2018 → …

Publication series

NameProceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018

Other

Other2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018
CountryUnited States
CitySan Francisco
Period5/24/18 → …

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Keywords

  • Anomaly detection
  • DDoS
  • Feature engineering
  • Internet of things
  • Machine learning

Fingerprint Dive into the research topics of 'Machine learning DDoS detection for consumer internet of things devices'. Together they form a unique fingerprint.

  • Cite this

    Doshi, R., Apthorpe, N., & Feamster, N. (2018). Machine learning DDoS detection for consumer internet of things devices. In Proceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018 (pp. 29-35). [8424629] (Proceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SPW.2018.00013