TY - GEN
T1 - Anomalous Communications Detection in IoT Networks Using Sparse Autoencoders
AU - Shahid, Mustafizur R.
AU - Blanc, Gregory
AU - Zhang, Zonghua
AU - Debar, Herve
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/9/1
Y1 - 2019/9/1
N2 - Nowadays, IoT devices have been widely deployed for enabling various smart services, such as, smart home or e-healthcare. However, security remains as one of the paramount concern as many IoT devices are vulnerable. Moreover, IoT malware are constantly evolving and getting more sophisticated. IoT devices are intended to perform very specific tasks, so their networking behavior is expected to be reasonably stable and predictable. Any significant behavioral deviation from the normal patterns would indicate anomalous events. In this paper, we present a method to detect anomalous network communications in IoT networks using a set of sparse autoencoders. The proposed approach allows us to differentiate malicious communications from legitimate ones. So that, if a device is compromised only malicious communications can be dropped while the service provided by the device is not totally interrupted. To characterize network behavior, bidirectional TCP flows are extracted and described using statistics on the size of the first N packets sent and received, along with statistics on the corresponding inter-arrival times between packets. A set of sparse autoencoders is then trained to learn the profile of the legitimate communications generated by an experimental smart home network. Depending on the value of $N$, the developed model achieves attack detection rates ranging from 86.9% to 91.2%, and false positive rates ranging from 0.1% to 0.5%.
AB - Nowadays, IoT devices have been widely deployed for enabling various smart services, such as, smart home or e-healthcare. However, security remains as one of the paramount concern as many IoT devices are vulnerable. Moreover, IoT malware are constantly evolving and getting more sophisticated. IoT devices are intended to perform very specific tasks, so their networking behavior is expected to be reasonably stable and predictable. Any significant behavioral deviation from the normal patterns would indicate anomalous events. In this paper, we present a method to detect anomalous network communications in IoT networks using a set of sparse autoencoders. The proposed approach allows us to differentiate malicious communications from legitimate ones. So that, if a device is compromised only malicious communications can be dropped while the service provided by the device is not totally interrupted. To characterize network behavior, bidirectional TCP flows are extracted and described using statistics on the size of the first N packets sent and received, along with statistics on the corresponding inter-arrival times between packets. A set of sparse autoencoders is then trained to learn the profile of the legitimate communications generated by an experimental smart home network. Depending on the value of $N$, the developed model achieves attack detection rates ranging from 86.9% to 91.2%, and false positive rates ranging from 0.1% to 0.5%.
KW - Anomaly Detection
KW - Internet of Things
KW - Machine Learning
KW - Network Security
KW - Neural Network
U2 - 10.1109/NCA.2019.8935007
DO - 10.1109/NCA.2019.8935007
M3 - Conference contribution
AN - SCOPUS:85077963953
T3 - 2019 IEEE 18th International Symposium on Network Computing and Applications, NCA 2019
BT - 2019 IEEE 18th International Symposium on Network Computing and Applications, NCA 2019
A2 - Gkoulalas-Divanis, Aris
A2 - Marchetti, Mirco
A2 - Avresky, Dimiter R.
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 18th IEEE International Symposium on Network Computing and Applications, NCA 2019
Y2 - 26 September 2019 through 28 September 2019
ER -