Yuming Feng,Weizhe Zhang,Shujun Yin,Hao Tang,Yang Xiang,Yu Zhang

DOI: https://doi.org/10.1109/jiot.2023.3279615

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The weaknesses of Internet of Things (IoT) devices leads to vulnerabilities easily, which can be exploited by criminals to launch Distributed Denial-of-Service (DDoS) attacks, becoming a major security hazard. Nowadays, the rapid development of the IoT makes the IoT-based DDoS attacks have the characteristics of wide distribution, large scale, and more stealthy that brings greater challenges for the DDoS detection. In this article, we conduct our research based on the edge side of IoT for providing earlier detection capability and more efficient resource utilization. We propose a novel reinforcement learning-based collaborative DDoS detection method and design a lightweight unsupervised classifier based on statistics. We deploy the classifiers in IoT edge gateways to detect anomalies by analyzing network traffic features in time. In order to deal with the dynamic changes of the IoT environment, we use the soft actor–critic (SAC) reinforcement learning model deployed on the edge server to adjust the parameter configuration of the underlying unsupervised classifier dynamically, which can ensure excellent detection effect for different types of IoT devices. In addition, a collaborative aggregation module is designed in the edge server to share the observation state and historical experience, which has a unique collaborative reward mechanism for the reinforcement learning model to fully mobilize the collaborative work capability. The experiments on public data set and constructed real-world testbed demonstrate that our proposed method has excellent detection performance and especially it can also discover stealthy IoT-based DDoS attacks accurately.

Laisen Nie,Yixuan Wu,Xiaojie Wang,Lei Guo,Guoyin Wang,Xinbo Gao,Shengtao Li

DOI: https://doi.org/10.1109/tcss.2021.3063538

2021-01-01

IEEE Transactions on Computational Social Systems

Abstract:The Social Internet of Things (SIoT) now penetrates our daily lives. As a strategy to alleviate the escalation of resource congestion, collaborative edge computing (CEC) has become a new paradigm for solving the needs of the Internet of Things (IoT). CEC can provide computing, storage, and network connection resources for remote devices. Because the edge network is closer to the connected devices, it involves a large amount of users’ privacy. This also makes edge networks face more and more security issues, such as Denial-of-Service (DoS) attacks, unauthorized access, packet sniffing, and man-in-the-middle attacks. To combat these issues and enhance the security of edge networks, we propose a deep learning-based intrusion detection algorithm. Based on the generative adversarial network (GAN), we designed a powerful intrusion detection method. Our intrusion detection method includes three phases. First, we use the feature selection module to process the collaborative edge network traffic. Second, a deep learning architecture based on GAN is designed for intrusion detection aiming at a single attack. Finally, we propose a new intrusion detection model by combining several intrusion detection models that aim at a single attack. Intrusion detection aiming at multiple attacks is realized through the designed GAN-based deep learning architecture. Besides, we provide a comprehensive evaluation to verify the effectiveness of the proposed method.

Run Yang,Hui He,Yixiao Xu,Bangzhou Xin,Yulong Wang,Yue Qu,Weizhe Zhang

DOI: https://doi.org/10.1016/j.comnet.2023.109724

IF: 5.493

2023-01-01

Computer Networks

Abstract:The Internet of Things (IoT) is increasingly utilized in daily life and industrial production, particularly in critical infrastructures. IoT cybersecurity has an effect on people’s safety, national security, and economic growth. However, the traditional cloud-based centralized intrusion detection methods cannot satisfy the demands for data privacy, network load, and timely response. In this article, we proposed an efficient intrusion detection method based on cloud–edge collaboration. The approach can reduce computational workload to speed up model training, prevent data privacy leakage, enrich training data, and detect attacks unknown to local edge devices. Specifically, stacked sparse autoencoder (SSAE) is first utilized for data dimensionality reduction to overcome the bottleneck of resource constraints on edge devices. Second, considering the long-term serial characteristics of IoT traffic data, the temporal convolutional network (TCN) model is employed to detect attack; Finally, the cloud–edge collaboration architecture based on federated learning is used to coordinate multi-party training intrusion detection models. It fills the gap of missed detection by intrusion detection models due to data silos. Experiments show that our method reduced the training time, storage and memory required for the model training process by more than 50%, respectively, but the detection accuracy is close to centralized trained models. The model trained based on cloud–edge collaboration can identify attacks unknown to local edge devices.

Jiushuang Wang,Ying Liu,Wei Su,Huifen Feng

DOI: https://doi.org/10.1109/vtc2020-fall49728.2020.9348652

2020-01-01

Abstract:With the popularity of Internet of Things (IoT) applications, security has become extremely important. A recent distributed denial-of-service (DDoS) attack revealed vulnerabilities that are prevalent in IoT, and many IoT devices accidentally contributed to the DDoS attack. software-defined network provides a way to securely manage IoT devices. In this paper, we first present a general framework for software-defined Internet of Things (SD-IoT). The proposed framework consists of a SD-IoT controller, SD-IoT switches integrated with an IoT gateway, and IoT devices. We then propose a deep learning detection algorithm based on time series using the proposed SD-IoT framework. Finally, experimental results show that the proposed algorithm has good performance.

Jie Ma,Wei Su

DOI: https://doi.org/10.1016/j.inffus.2024.102820

IF: 18.6

2024-01-01

Information Fusion

Abstract:The massive number of edge-connected IoT devices currently in SD-AIoT can be weaponized to launch Distributed Denial of Service attacks. Nevertheless, centralized DDoS defense schemes that excessively rely on up-to-date labeled training data are significantly inefficient due to the scarcity of such datasets. The privacy of these datasets and the widespread emergence of adversarial attacks make it difficult for autonomous system collaborators to share such sensitive data. To this end, we propose a novel decentralized defense scheme based on a trusted Federated Learning framework for AIoT scenarios. In particular, it consists of: (1) an outlier-aware Semi-supervised attack detection model for anomaly detection based on a Federated Learning framework that supports the robust identification of attack classes with a limited number of labeled outliers to reduce the false alarm rate; (2) a novel Secure Multiparty Computation method for trusted aggregation of local model updates to enhance the transmission privacy of collaborators’ parameters; (3) a mitigation mechanism based on horizontal cooperation to reduce the impact of packet loss on normal traffic by deploying differentiated speed-limiting policies with attack path pushback. Our evaluation of various attack scenarios and traces from real datasets CICIDS2017 and InSDN shows that the proposed scheme shows significant improvement in terms of accuracy, effectiveness, etc., compared to state-of-the-art SDN-based defense schemes.

Laisen Nie,Wentao Sun,Shupeng Wang,Zhaolong Ning,Joel J. P. C. Rodrigues,Yixuan Wu,Shengtao Li

DOI: https://doi.org/10.1109/tgcn.2021.3073714

2021-01-01

IEEE Transactions on Green Communications and Networking

Abstract:Internet of Things (IoT) is an expanded application of Internet, which are used to provide various services for users. Up to now, IoTs have received more attention, because it can provide ubiquitous connectivity for various devices. With the development of IoTs, its security has become a main issue. Attackers use various techniques to implement cyber attacks for the IoT, which threats the users' privacy seriously. As a security mechanism, intrusion detection techniques can detect various illicit behaviors before attackers invade the network. An intrusion detection system can implement effective defense functions to keep the network away from attacks. This paper proposes an intrusion detection algorithm based on deep reinforcement learning, which pursued the trends of traffic flows by extracting statistical features of prior network traffic for traffic prediction at first. Then, we use traffic predictors to employ intrusion detection. The evaluations verify the effectiveness of our algorithm in detecting Distributed Denial of Service attacks (DDoS).

Yantian Luo,Hancun Sun,Xu Chen,Ning Ge,Wei Feng,Jianhua Lu

DOI: https://doi.org/10.23919/jcc.fa.2022-0783.202304

2023-01-01

China Communications

Abstract:In the upcoming large-scale Internet of Things (IoT), it is increasingly challenging to defend against malicious traffic, due to the heterogeneity of IoT devices and the diversity of IoT communication protocols. In this paper, we propose a semi-supervised learning-based approach to detect malicious traffic at the access side. It overcomes the resource-bottleneck problem of traditional malicious traffic defenders which are deployed at the victim side, and also is free of labeled traffic data in model training. Specifically, we design a coarse-grained behavior model of IoT devices by self-supervised learning with unlabeled traffic data. Then, we fine-tune this model to improve its accuracy in malicious traffic detection by adopting a transfer learning method using a small amount of labeled data. Experimental results show that our method can achieve the accuracy of 99.52% and the F1-score of 99.52% with only 1% of the labeled training data based on the CICDDoS2019 dataset. Moreover, our method outperforms the state-of-the-art supervised learning-based methods in terms of accuracy, precision, recall and F1-score with 1% of the training data.

Yiying Zhang,Yiyang Liu,Xiaoyan Guo,Zhu Liu,Xiankun Zhang,Kun Liang

DOI: https://doi.org/10.3390/en15217882

IF: 3.2

2022-10-25

Energies

Abstract:With the rapid development of smart grids, the number of various types of power IoT terminal devices has grown by leaps and bounds. An attack on either of the difficult-to-protect end devices or any node in a large and complex network can put the grid at risk. The traffic generated by Distributed Denial of Service (DDoS) attacks is characterised by short bursts of time, making it difficult to apply existing centralised detection methods that rely on manual setting of attack characteristics to changing attack scenarios. In this paper, a DDoS attack detection model based on Bidirectional Long Short-Term Memory (BiLSTM) is proposed by constructing an edge detection framework, which achieves bi-directional contextual information extraction of the network environment using the BiLSTM network and automatically learns the temporal characteristics of the attack traffic in the original data traffic. This paper takes the DDoS attack in the power Internet of Things as the research object. Simulation results show that the model outperforms traditional advanced models such as Recurrent Neural Network (RNN) and Long Short Term Memory (LSTM) in terms of accuracy, false detection rate, and time delay. It plays an auxiliary role in the security protection of the power Internet of Things and effectively improves the reliability of the power grid.

energy & fuels

Jie Ma,Wei Su,Yikun Li,Yuan,Ziqing Zhang

DOI: https://doi.org/10.1016/j.jnca.2024.103916

IF: 7.574

2024-01-01

Journal of Network and Computer Applications

Abstract:The availability of SD-AIoT is currently under complicated and serious cyber threats, especially Low-rate Denial-of-Service attacks. However, traditional defense schemes for such attacks with characteristics of high concealability and periodicity suffer from serious challenges with high detection difficulty, low accuracy of detection models, and inefficiency of mitigation approaches. In this paper, one novel cooperative defense scheme against hybrid LDoS attacks is proposed, which consists of a timely-response hardware-based Renyi Entropy edge checkpoint intent detection algorithm, the high-precision detection mechanism based on a hybrid deep learning model, and a Markov-chain-based differential rate-limiting mitigation strategy. The detection algorithm deployed at the edge checkpoint activates a hybrid CNN-RF-based deep learning model after filtering the intent information of the flows to detect which are malicious LDoS flows with high accuracy, where the multi-stage detection scheme not only extracts and learns the hidden features of the flow data, but also has better representation capabilities. Enhanced dynamic threshold-based whitelisting automatically adapts to the real-time state of the network environment to improve mitigation flexibility. Markov chain-based differential rate-limiting mitigation strategy reduces the packet loss error rate to mitigate network attacks promptly and ensures the continuation of network services. The results of several comparative experiments show that the proposed scheme detects LDoS attacks more accurately and mitigates them more effectively than traditional schemes.

Zhihong Tian,Chaochao Luo,Jing Qiu,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.1109/tii.2019.2938778

IF: 12.3

2019-01-01

IEEE Transactions on Industrial Informatics

Abstract:With the development of Internet of Things (IoT) and cloud technologies, numerous IoT devices and sensors transmit huge amounts of data to cloud data centers for further processing. While providing us considerable convenience, cloud-based computing and storage also bring us many security problems, such as the abuse of information collection and concentrated web servers in the cloud. Traditional intrusion detection systems and web application firewalls are becoming incompatible with the new network environment, and related systems with machine learning or deep learning are emerging. However, cloud-IoT systems increase attacks against web servers, since data centralization carries a more attractive reward. In this article, based on distributed deep learning, we propose a web attack detection system that takes advantage of analyzing URLs. The system is designed to detect web attacks and is deployed on edge devices. The cloud handles the above challenges in the paradigm of the Edge of Things. Multiple concurrent deep models are used to enhance the stability of the system and the convenience in updating. We implemented experiments on the system with two concurrent deep models and compared the system with existing systems by using several datasets. The experimental results with 99.410% in accuracy, 98.91% in true positive rate (TPR), and 99.55% in detection rate of normal requests (DRN) demonstrate the system is competitive in detecting web attacks.

Yizhen Jia,Fangtian Zhong,Arwa Alrawais,Bei Gong,Xiuzhen Cheng

DOI: https://doi.org/10.1109/jiot.2020.2993782

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT) devices are getting more and more popular in recent years and IoT networks play an important role in the industry as well as people’s activities. On the one hand, they bring convenience to every aspect of our daily life; on the other hand, they are vulnerable to various attacks that in turn cancels out their benefits to a certain degree. In this article, we target the defense techniques against IoT Distributed Denial-of-Service (DDoS) attacks and propose an edge-centric IoT defense scheme termed FlowGuard for the detection, identification, classification, and mitigation of IoT DDoS attacks. We present a new DDoS attack detection algorithm based on traffic variations and design two machine learning models for DDoS identification and classification. To demonstrate the effectiveness of the two machine learning models, we generate a large data set by DDoS simulators BoNeSi and SlowHTTPTest, and combine it with the CICDDoS2019 data set, to test the identification and classification accuracy as well as the model efficiency. Our results indicate that the identification accuracy of the proposed long short-term memory is as high as 98.9%, which significantly outperforms the other four well-known learning models mentioned in the most related work. The classification accuracy of the proposed convolutional neural network is up to 99.9%. Besides, our models satisfactorily meet the delay requirements of IoT when deployed in edge servers with computational powers higher than a personal computer.

Yantian Luo,Xu Chen,Ning Ge,Jianhua Lu

DOI: https://doi.org/10.1109/globecom46510.2021.9685728

2021-01-01

Abstract:With the rapid development of 5G networks, a great amount of Internet of Things (IoT) devices are connected to the Internet. Most of these devices are cost limited and thus are easily compromised by attackers to launch distributed denial of service (DDoS) attacks. The traditional DDoS defense methods at server side can not adapt to this new challenge, thus access-side DDoS detection architecture is urgently needed. In this paper, we propose a deep learning (DL) based IoT device classification method to support fine-grained behavior modeling of malicious traffic and thus enable access-side DDoS detection. Different from traditional studies based on machine learning (ML) which need expertise feature engineering, we propose a time characteristics extraction method based on 1-D convolutional neural network to capture high level time series features automatically for better classification performance. To avoid the feature loss problem, we propose a feature enhancement method based on residual connection module. Experimental results verify the effectiveness of our method, which offers a meaningful gain in terms of both accuracy and macro F1 score over existing approaches.

Keval Doshi,Yasin Yilmaz,Suleyman Uludag

DOI: https://doi.org/10.48550/arXiv.2006.08064

2020-06-15

Abstract:Internet of Things (IoT) networks consist of sensors, actuators, mobile and wearable devices that can connect to the Internet. With billions of such devices already in the market which have significant vulnerabilities, there is a dangerous threat to the Internet services and also some cyber-physical systems that are also connected to the Internet. Specifically, due to their existing vulnerabilities IoT devices are susceptible to being compromised and being part of a new type of stealthy Distributed Denial of Service (DDoS) attack, called Mongolian DDoS, which is characterized by its widely distributed nature and small attack size from each source. This study proposes a novel anomaly-based Intrusion Detection System (IDS) that is capable of timely detecting and mitigating this emerging type of DDoS attacks. The proposed IDS's capability of detecting and mitigating stealthy DDoS attacks with even very low attack size per source is demonstrated through numerical and testbed experiments.

Cryptography and Security,Networking and Internet Architecture,Machine Learning

Abdulaziz Aldaej,Tariq Ahamed Ahanger,Imdad Ullah

DOI: https://doi.org/10.3390/s23249869

2023-12-16

Abstract:The Internet of Things (IoT) technology has seen substantial research in Deep Learning (DL) techniques to detect cyberattacks. Critical Infrastructures (CIs) must be able to quickly detect cyberattacks close to edge devices in order to prevent service interruptions. DL approaches outperform shallow machine learning techniques in attack detection, giving them a viable alternative for use in intrusion detection. However, because of the massive amount of IoT data and the computational requirements for DL models, transmission overheads prevent the successful implementation of DL models closer to the devices. As they were not trained on pertinent IoT, current Intrusion Detection Systems (IDS) either use conventional techniques or are not intended for scattered edge-cloud deployment. A new edge-cloud-based IoT IDS is suggested to address these issues. It uses distributed processing to separate the dataset into subsets appropriate to different attack classes and performs attribute selection on time-series IoT data. Next, DL is used to train an attack detection Recurrent Neural Network, which consists of a Recurrent Neural Network (RNN) and Bidirectional Long Short-Term Memory (LSTM). The high-dimensional BoT-IoT dataset, which replicates massive amounts of genuine IoT attack traffic, is used to test the proposed model. Despite an 85 percent reduction in dataset size made achievable by attribute selection approaches, the attack detection capability was kept intact. The models built utilizing the smaller dataset demonstrated a higher recall rate (98.25%), F1-measure (99.12%), accuracy (99.56%), and precision (99.45%) with no loss in class discrimination performance compared to models trained on the entire attribute set. With the smaller attribute space, neither the RNN nor the Bi-LSTM models experienced underfitting or overfitting. The proposed DL-based IoT intrusion detection solution has the capability to scale efficiently in the face of large volumes of IoT data, thus making it an ideal candidate for edge-cloud deployment.

Yuyang Zhou,Guang Cheng,Shui Yu

DOI: https://doi.org/10.1109/tifs.2021.3127009

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The Internet of Things (IoT) is becoming truly ubiquitous in every domain of human lives, and a large number of objects can be connected and enabled to communicate with cloud servers at any time. However, complex connections and vulnerabilities of IoT devices introduce inevitable security threats, in which distributed denial-of-service (DDoS) attacks usually incur catastrophic results. Unfortunately, the existing DDoS mitigation methods cannot provide effective protection. Moreover, the amplifying complexity and increasing delay incurred by defense greatly affect the stability of IoT networks. To tackle these problems, we present a novel framework that can proactively adapt the attack surface of IoT networks, dynamically optimize defense strategies, and rapidly deploy the corresponding defense mechanisms. In particular, we establish hybrid proactive defense mechanisms combining Moving Target Defense (MTD) techniques with cyber deception to spread camouflage information to confuse attackers. Based on these mechanisms, we introduce a defender-led signaling game model to formalize defense scenarios and depict the interactions between the defender and the attacker. Besides, we present an optimal algorithm to solve decision problems and optimize defense implementation in a cost-effective manner. Our extensive experiments demonstrate that the proposed approach can effectively mitigate DDoS attacks and maintain a high level of performance in IoT networks with acceptable overhead.

Xu Chen,Liang Xiao,Wei Feng,Ning Ge,Xianbin Wang

DOI: https://doi.org/10.1109/jiot.2021.3138094

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The proliferation of Distributed Denial of Service (DDoS) attacks in Internet of Things (IoT) not only threatens the security of digital devices and infrastructure but also severely degrades IoT system performance due to the overly consumed network resources. With the knowledge of identity information of devices and signaling data, Internet service providers (ISPs) can detect and block DDoS traffic by monitoring the upstream IoT packets, and thereby, improve network efficiency. However, inspecting all data packets online for DDoS detection will significantly increase both the network delay and the computational overhead. Therefore, the packet sampling strategy is crucial for the defenders to detect DDoS attacks. To this end, this article formulates a Stackelberg game model to analyze the collaborative IoT packet sampling against DDoS attacks. Through the equilibrium analysis of the DDoS game, we derive the lower bound of packet sampling rate (PSR) that can effectively deter potential attackers. Unlike traditional offline detection, our proposed packet sampling strategy can support both the online detection and proactive prevention of DDoS traffic. As a use case, a multipoint DDoS defense framework is developed to address the IP spoofing in 5G networks based on the proposed packet sampling strategy, which deters DDoS attacks and reduces the packet sampling cost, and thereby, maximizes the IoT utility, compared with existing methods. In typical reflection attacks (in which no more than five packets of response are triggered by a request packet), our proposed scheme not only reduces more than 70% of the sampling rate but also demonstrates superior robustness against boundary condition variation.

Hongcheng Huang,Peixin Ye,Min Hu,Jun Wu

DOI: https://doi.org/10.1016/j.dcan.2022.04.008

IF: 6.348

2022-04-01

Digital Communications and Networks

Abstract:Nowadays, a large number of intelligent devices involved in the Industrial Internet of Things (IIoT) environment are posing unprecedented cybersecurity challenges. Due to the limited budget for security protection, the IIoT devices are vulnerable and easily compromised to launch Distributed Denial-of-Service (DDoS) attacks, resulting in disastrous results. Unfortunately, considering the particularity of the IIoT environment, most of the defense solutions in traditional networks cannot be directly applied to IIoT with acceptable security performance. Therefore, in this work, we propose a multi-point collaborative defense mechanism against DDoS attacks for IIoT. Specifically, for the single point DDoS defense, we design an edge-centric mechanism termed EdgeDefense for the detection, identification, classification, and mitigation of DDoS attacks and the generation of defense information. For the practical multi-point scenario, we propose a collaborative defense model against DDoS attacks to securely share the defense information across the network through the blockchain. Besides, a fast defense information sharing mechanism is designed to reduce the delay of defense information sharing and provide a responsive cybersecurity guarantee. The simulation results indicate that the identification and classification performance of the two machine learning models designed for EdgeDefense are better than those of the state-of-the-art baseline models, and therefore EdgeDefense can defend against DDoS attacks effectively. The results also verify that the proposed fast sharing mechanism can reduce the propagation delay of the defense information blocks effectively, thereby improving the responsiveness of the multi-point collaborative DDoS defense.

telecommunications

Alireza Seifousadati,Saeid Ghasemshirazi,Mohammad Fathian

DOI: https://doi.org/10.48550/arXiv.2110.14911

2021-10-28

Abstract:In the current world, the Internet is being used almost everywhere. With the rise of IoT technology, which is one of the most used technologies, billions of IoT devices are interconnected over the Internet. However, DoS/DDoS attacks are the most frequent and perilous threat to this growing technology. New types of DDoS attacks are highly advanced and complicated, and it is almost impossible to detect or mitigate by the existing intrusion detection systems and traditional methods. Fortunately, Big Data, Data mining, and Machine Learning technologies make it possible to detect DDoS traffic effectively. This paper suggests a DDoS detection model based on data mining and machine learning techniques. For writing this paper, the latest available Dataset, CICDDoS2019, experimented with the most popular machine learning algorithms and specified the most correlated features with predicted classes are being used. It is discovered that AdaBoost and XGBoost were extraordinarily accurate and correctly predicted the type of network traffic with 100% accuracy. Future research can be extended by enhancing the model for multiclassification of different DDoS attack types and testing hybrid algorithms and newer datasets on this model.

Cryptography and Security

Haosu Cheng,Jianwei Liu,Tongge Xu,Bohan Ren,Jian Mao,Wei Zhang

DOI: https://doi.org/10.1504/ijsnet.2020.109720

2020-01-01

International Journal of Sensor Networks

Abstract:The software-defined network (SDN) enabled internet of things (IoT) architecture is deployed in many industrial systems. The ability of SDN to intelligently route traffic and use underutilised network resources, enables IoT networks to cope with data onslaught smoothly. SDN also eliminates bottlenecks and helps to process IoT data efficiently without placing a larger strain on the network. The SDN-based IoT network is vulnerable to DDoS attack in a sophisticated usage environment. The SDN-based IoT network behaviours are different from traditional networks, which makes the detection of low-traffic DDoS attacks more difficult. In this paper, we propose a learning-based detection approach that deploys learning algorithms and utilizes stateful and stateless features from Openflow packages to identify attack traffics in SDN control and data planes. Our prototype approach and experiment results show that our system identified the low-rate DDoS attack traffic accurately with relatively low system performance overheads.

Rohan Doshi,Noah Apthorpe,Nick Feamster

DOI: https://doi.org/10.1109/SPW.2018.00013

2018-04-12

Abstract:An increasing number of Internet of Things (IoT) devices are connecting to the Internet, yet many of these devices are fundamentally insecure, exposing the Internet to a variety of attacks. Botnets such as Mirai have used insecure consumer IoT devices to conduct distributed denial of service (DDoS) attacks on critical Internet infrastructure. This motivates the development of new techniques to automatically detect consumer IoT attack traffic. In this paper, we demonstrate that using IoT-specific network behaviors (e.g. limited number of endpoints and regular time intervals between packets) to inform feature selection can result in high accuracy DDoS detection in IoT network traffic with a variety of machine learning algorithms, including neural networks. These results indicate that home gateway routers or other network middleboxes could automatically detect local IoT device sources of DDoS attacks using low-cost machine learning algorithms and traffic data that is flow-based and protocol-agnostic.

Cryptography and Security,Machine Learning