Elsevier

Computers & Security

Volume 97, October 2020, 101968
Computers & Security

A novel approach for detecting vulnerable IoT devices connected behind a home NAT

https://doi.org/10.1016/j.cose.2020.101968Get rights and content
Under a Creative Commons license
open access

Abstract

Telecommunication service providers (telcos) are exposed to cyber-attacks executed by compromised IoT devices connected to their customers’ networks. Such attacks might have severe effects on the attack target, as well as the telcos themselves. To mitigate those risks, we propose a machine learning-based method that can detect specific vulnerable IoT device models connected behind a domestic NAT, thereby identifying home networks that pose a risk to the telcos infrastructure and service availability. To evaluate our method, we collected a large quantity of network traffic data from various commercial IoT devices in our lab and compared several classification algorithms. We found that (a) the LGBM algorithm produces excellent detection results, and (b) our flow-based method is robust and can handle situations for which existing methods used to identify devices behind a NAT are unable to fully address, e.g., encrypted, non-TCP or non-DNS traffic. To promote future research in this domain we share our novel labeled benchmark dataset.

Keywords

Internet of things (IoT)
Device identification
Network address translation (NAT)
Machine learning
DeNAT

Cited by (0)

Yair Meidan is a PhD candidate in the Department of Software and Information Systems Engineering (SISE) at Ben-Gurion University of the Negev (BGU). His research interests include machine learning and IoT security. Contact him at [email protected].

Vinay Sachidananda is a Research Scientist with the National University of Singapore. He has been researching in the area of cyber security focusing on Internet of Things (IoT). Apart from security, he also has been researching privacy issues related to IoT. Contact him at [email protected].

Hongyi Peng is an BSc student at the National University of Singapore. His research interests include machine learning and software engineering. Contact him at [email protected].

Racheli Sagron is an BSc student in the SISE Department at BGU. Her research interests include machine learning and software engineering. Contact her at [email protected].

Yuval Elovici is a professor in the SISE Department, director of the Telekom Innovation Laboratories, and head of the Cyber Security Research Center at BGU, as well as research director of iTrust at SUTD. His research interests include computer and network security, and machine learning. Elovici received a PhD in information systems from Tel-Aviv University. Contact him at [email protected].

Asaf Shabtai is a professor in the SISE Department at BGU. His research interests include computer and network security, and machine learning. Shabtai received a PhD in information systems from BGU. Contact him at [email protected].

This work was done when the author Vinay Sachidananda was at Singapore University of Technology and Design, Singapore.

© 2020 The Authors. Published by Elsevier Ltd.