Visible to the public Performance improvement of anomaly detection on IoT network

ABSTRACT

The growth spurt of the Internet of Things (IoT) device market and the resulting time to market challenges have forced device manufacturers to place less importance on security considerations. Billions of IoT devices are currently deployed, security loopholes still remain. Denial of service, host port scan, man-in-the-middle, ransomware and botnets are some of the common IoT network attacks. Cybercriminals have successfully launched these attacks on networks and thereby gained access to confidential data, denied access to legitimate owners. IoT devices are built with embedded systems which, in general, have a small form factor and are resource constrained. Integrating suitable security measures within embedded systems can be challenging and expensive.

Our work explores machine learning techniques which are suitable for intrusion detection on an IoT device network using IoTID20, one of the latest botnet datasets available for evaluation. This paper focuses on the decision tree algorithm, which is fast, efficient and most suitable for deployment on resource constrained IoT device. We study the interplay between training data availability and performance and demonstrate improvements with the use of self-labeling and combination techniques. The experimental results of the proposed method not only achieve performance improvement while detecting at least two Mirai-Ackflooding, Mirai-HTTP Flooding, Mirai-UDP Flooding attacks vectors but also explores optimal data sizes to match the IoT device industry dynamics.

BIO

Latha Suryavanshi Karakos is a doctoral student in the Department of Electrical and Computer Engineering at Morgan State University (MSU), Baltimore, MD USA. She earned her B.S. degree in electrical engineering from Bangalore University and an M.S. degree in electrical engineering from California State University Northridge. Her research interests include reverse engineering, IoT, embedded system vulnerabilities, anti-tamper, and IDS development as a machine learning based countermeasure. Ms. Karakos is affiliated with the Center for Reverse Engineering and Advanced Microelectronics (CREAM) Lab at MSU.

License: 
Creative Commons 2.5

Other available formats:

Performance improvement of anomaly detection on IoT network
Switch to experimental viewer