Abstract:
The Internet of Things [IoT] promises to revolutionize the way we interact with our surroundings. Smart cars, smart cities, smart homes are now being realized with the he...Show MoreMetadata
Abstract:
The Internet of Things [IoT] promises to revolutionize the way we interact with our surroundings. Smart cars, smart cities, smart homes are now being realized with the help of various embedded devices that operate with little to no human interaction. However these embedded devices bring forth a plethora of security challenges as most manufacturers still assign higher importance to the three Ps (prototyping, production and performance) than security. This inherent flaw has manifested itself in the form of various Denial of Service (DoS) attacks orchestrated with the help of unsolicited IoT devices on the Internet. We are even seeing massive throughputs without the need for amplifications affecting large scale infrastructures on the Internet. Thus, understanding the nature of these attacks and quickly identifying infected devices becomes imperative to combat this situation. In this paper we present a model to classify unsolicited IoT devices in enterprises using machine learning (ML). Namely IP header information from darknet data is collected for analysis. We then consider multiple supervised ML algorithms to classify these Layer 3 headers. We evaluate these algorithms and compare their performances in terms of accurately identifying activities of malicious IoT devices on the Internet. Our results show that Random Forest and Gradient Boosting have high recall and precision scores whereas NaiveBayes has the worst performance. We believe our model can be used by enterprises as a part of their intrusion detection system to quickly identify infected IoT devices within their own environment as well as identify scanning activities directed towards them.
Date of Conference: 25-29 June 2018
Date Added to IEEE Xplore: 30 August 2018
ISBN Information:
Electronic ISSN: 2376-6506