2018
DOI: 10.1109/mprv.2018.03367731
|View full text |Cite
|
Sign up to set email alerts
|

N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders

Abstract: The proliferation of IoT devices which can be more easily compromised than desktop computers has led to an increase in the occurrence of IoT-based botnet attacks. In order to mitigate this new threat there is a need to develop new methods for detecting attacks launched from compromised IoT devices and differentiate between hour and millisecond long IoT-based attacks. In this paper we propose and empirically evaluate a novel network-based anomaly detection method which extracts behavior snapshots of the network… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

5
640
1
39

Year Published

2019
2019
2024
2024

Publication Types

Select...
5
2
1

Relationship

0
8

Authors

Journals

citations
Cited by 1,074 publications
(685 citation statements)
references
References 18 publications
5
640
1
39
Order By: Relevance
“…Third, unlike [14], [17], we aim to detect IoT malware activity much before the actual attack, during the scanning/infection phase. Finally, instead of fingerprinting the normal traffic of IoT devices [15], [17] and using those fingerprints towards anomaly detection, we detect the malware-induced scanning packet traffic generated by infected IoT devices.…”
Section: Related Workmentioning
confidence: 99%
“…Third, unlike [14], [17], we aim to detect IoT malware activity much before the actual attack, during the scanning/infection phase. Finally, instead of fingerprinting the normal traffic of IoT devices [15], [17] and using those fingerprints towards anomaly detection, we detect the malware-induced scanning packet traffic generated by infected IoT devices.…”
Section: Related Workmentioning
confidence: 99%
“…The authors in [21] propose an intrusion detection model for IoT backbone networks leveraging twolayer dimension reduction and two-tier classification techniques to detect U2R (Userto-Root) and R2L (Remote-to-Local) attacks. In a recently published paper [22], deepautoencoders based anomaly detection has been used to detect attacks launched from IoT botnets. The method consists of extraction of statistical features from behavioral snapshots of normal IoT device traffic captures, training of a deep learning-based autoencoder (for each IoT device) on the extracted features and comparison of the reconstruction error for traffic observations with a threshold for normal-anomalous classification.…”
Section: Related Workmentioning
confidence: 99%
“…This is because we aim to detect bots infected by Mirai-like IoT malware, towards which much simpler features can be used as discussed in Section 3.3. Fifth, unlike [22], we aim to detect IoT bots much before the actual attack, during the scanning phase itself as explained in Section 4. Finally, most of the above cited works use quantifiers such as detection rate and false positive rates to evaluate the performance of their proposed botnet detection solutions.…”
Section: Related Workmentioning
confidence: 99%
“…• Detecting IoT device attacks from inspecting network traffic data collected from commercial IoT devices [23]. This dataset contains nine types of IoT devices which are subject to 10 types of attacks.…”
Section: Motivating Case Studiesmentioning
confidence: 99%
“…The dataset provides traces collected at different IoT devices. More details are provided in [23]. We aim to apply RAD to build a noiseresistant model to categorize the attacks for post fact analysis, e.g., for threat assessment.…”
Section: A Use Cases and Datasetsmentioning
confidence: 99%