TY - JOUR
T1 - Identifying Anomaly in IoT Traffic Flow With Locality Sensitive Hashes
AU - Charyyev, Batyr
AU - Hadi Gunes, Mehmet
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2024
Y1 - 2024
N2 - Internet of Things (IoT) devices introduce new vulnerabilities to the network. These devices are relatively cheap, have simple design yet they can collect private user data, and be employed as botnets to conduct large-scale attacks. In general, IoT devices have a limited set of functionalities. Thus, the network administrator can formulate the expected traffic patterns of the devices and employ the network traffic to detect malicious activities. Existing systems to detect anomaly in IoT traffic mainly use machine learning. Thus, they require tuning the parameters of models and selecting/extracting a representative set of features from the network traffic data. In this paper, we introduce a novel approach Locality Sensitive Anomaly Detection and Identification (LSADI) to detect anomaly in IoT network traffic based on the locality-sensitive hash of the traffic flow. The proposed approach does not require feature selection/extraction from the data and does not have complex set of parameters that need to be tuned. Evaluation with three datasets containing 25 attacks shows that LSADI can detect and identify the type of anomalous flows with an accuracy above 90% on average and performs equally well compared to the state-of-the-art machine learning-based methods.
AB - Internet of Things (IoT) devices introduce new vulnerabilities to the network. These devices are relatively cheap, have simple design yet they can collect private user data, and be employed as botnets to conduct large-scale attacks. In general, IoT devices have a limited set of functionalities. Thus, the network administrator can formulate the expected traffic patterns of the devices and employ the network traffic to detect malicious activities. Existing systems to detect anomaly in IoT traffic mainly use machine learning. Thus, they require tuning the parameters of models and selecting/extracting a representative set of features from the network traffic data. In this paper, we introduce a novel approach Locality Sensitive Anomaly Detection and Identification (LSADI) to detect anomaly in IoT network traffic based on the locality-sensitive hash of the traffic flow. The proposed approach does not require feature selection/extraction from the data and does not have complex set of parameters that need to be tuned. Evaluation with three datasets containing 25 attacks shows that LSADI can detect and identify the type of anomalous flows with an accuracy above 90% on average and performs equally well compared to the state-of-the-art machine learning-based methods.
KW - Internet of Things
KW - networking
KW - traffic fingerprinting
UR - http://www.scopus.com/inward/record.url?scp=85197089053&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85197089053&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2024.3420238
DO - 10.1109/ACCESS.2024.3420238
M3 - Article
AN - SCOPUS:85197089053
VL - 12
SP - 89467
EP - 89478
JO - IEEE Access
JF - IEEE Access
ER -