Detecting Anomalous IoT Traffic Flow with Locality Sensitive Hashes

Widespread adoption of Internet of Things (IoT) devices increased the variety of devices connected to a network. These devices have become a primary target of cyber-attacks as they introduce unmanaged vulnerabilities into the network. On the other hand, most of the IoT devices have a limited set of functionalities. Thus, it is possible to formulate the expected traffic pattern of the device and employ the network traffic to detect anomalous activities. Existing IoT traffic anomaly detection systems require tuning the parameters of machine learning algorithms used for the traffic classification. In this paper, we introduce a novel approach to detect the anomalous IoT network traffic based on the locality-sensitive hash of the traffic flow. The proposed Locality Sensitive Anomaly Detection (LSAD) approach does not require feature extraction from the data. Evaluation on a dataset with fifteen attacks shows that it can detect anomalous flows with an accuracy above 97% and achieve the same or better performance than machine learning approaches.