Princeton researchers use machine learning to create real-time IoT DDoS detection tool
Princeton researchers have devised a way to leverage machine learning to detect anomalies typical of Distributed Denial of Service (DDoS) attacks through IoT devices, noting that the proliferation of insecure IoT devices has resulted in a surge of IoT botnet attacks on Internet infrastructure in recent years.
Probably the most infamous DDoS attack leveraging IoT devices occurred in 2016 when hackers used the Mirai malware that turns IoT devices into bots to create a botnet and take down Dyn, the DNS provider of major Internet services including Github, Amazon, Netflix, Twitter and Paypal. The services were down for several hours.
Rohan Doshi, Noah Apthorpe, and Nick Feamster – the authors of the paper “Machine Learning DDoS Detection for Consumer Internet of Things Devices” – note that such threats spur development of new techniques to identify and block attack traffic from IoT botnets. And their anomaly detection research shows how machine learning can help identify malicious Internet traffic typical of an IoT DDoS attack.
IoT traffic is often distinct from that of traditional laptops and smartphones, communicating with a small range of endpoints rather than large webservers, so IoT devices have signature traffic that can be observed up close via a machine learning pipeline.that performs data collection, feature extraction, and binary classification for IoT traffic DDoS detection.
“The features are designed to capitalize on IoT-specific network behaviors, while also leveraging network flow characteristics such as packet length, inter-packet intervals, and protocol,” the paper reads.
The team compared a variety of classifiers for attack detection, including random forests, K-nearest neighbors, support vector machines, decision trees and neural networks.
They then generated classifier training data by simulating a consumer IoT device network including a router, some popular consumer IoT devices such as a home camera, a smart switch and a blood pressure monitor, and some adversarial devices performing Denial of Service (DoS) attacks.
“Our classifiers successfully identify attack traffic with an accuracy higher than 0.999,” the team writes. “We found that random forest, K-nearest neighbors, and neural net classifiers were particularly effective. We expect that deep learning classifiers will continue to be effective with additional data from real-world deployments.”
The trio note that, to their knowledge, this is “the first network anomaly detection framework to focus on IoTspecific features, as well as the first to apply anomaly detection specifically to IoT botnets at the local network level.”
However, while the findings are indeed noteworthy, solutions like Bitdefender BOX (available for some time now) can safeguard IoT devices against external threats via anomaly detection, which inherently prevents botnet behavior.
BOX also offers a full-fledged management environment for all the smart devices in your home network (in the form of a handy mobile app), plus parental controls to monitor your kids’ online activities and manage screen time.Anomaly Detection DDoS denial of service IoT IoT DDoS Mirai