Identifying Anomaly in IoT Traffic Flow With Locality Sensitive Hashes

Batyr Charyyev, Mehmet Hadi Gunes

    Research output: Contribution to journalArticlepeer-review

    Abstract

    Internet of Things (IoT) devices introduce new vulnerabilities to the network. These devices are relatively cheap, have simple design yet they can collect private user data, and be employed as botnets to conduct large-scale attacks. In general, IoT devices have a limited set of functionalities. Thus, the network administrator can formulate the expected traffic patterns of the devices and employ the network traffic to detect malicious activities. Existing systems to detect anomaly in IoT traffic mainly use machine learning. Thus, they require tuning the parameters of models and selecting/extracting a representative set of features from the network traffic data. In this paper, we introduce a novel approach Locality Sensitive Anomaly Detection and Identification (LSADI) to detect anomaly in IoT network traffic based on the locality-sensitive hash of the traffic flow. The proposed approach does not require feature selection/extraction from the data and does not have complex set of parameters that need to be tuned. Evaluation with three datasets containing 25 attacks shows that LSADI can detect and identify the type of anomalous flows with an accuracy above 90% on average and performs equally well compared to the state-of-the-art machine learning-based methods.

    Original languageEnglish
    Pages (from-to)89467-89478
    Number of pages12
    JournalIEEE Access
    Volume12
    DOIs
    StatePublished - 2024

    Keywords

    • Internet of Things
    • networking
    • traffic fingerprinting

    Fingerprint

    Dive into the research topics of 'Identifying Anomaly in IoT Traffic Flow With Locality Sensitive Hashes'. Together they form a unique fingerprint.

    Cite this