DIoT: A Self-learning System for Detecting Compromised IoT Devices

by   Thien Duc Nguyen, et al.

IoT devices are being widely deployed. Many of them are vulnerable due to insecure implementations and configuration. As a result, many networks already have vulnerable devices that are easy to compromise. This has led to a new category of malware specifically targeting IoT devices. Existing intrusion detection techniques are not effective in detecting compromised IoT devices given the massive scale of the problem in terms of the number of different types of devices and manufacturers involved. In this paper, we present DIoT, a system for detecting compromised IoT devices effectively. In contrast to prior work, DIoT uses a novel self-learning approach to classify devices into device types and build normal communication profiles for each of these that can subsequently be used to detect anomalous deviations in communication patterns. DIoT is completely autonomous and can be trained in a distributed crowdsourced manner without requiring human intervention or labeled training data. Consequently, DIoT can cope with the emergence of new device types as well as new attacks. By systematic experiments using more than 30 off-the-shelf IoT devices, we show that DIoT is effective (94 detecting devices compromised by the infamous Mirai malware. DIoT reported no false alarms when evaluated in a real-world deployment setting.


page 1

page 2

page 3

page 4


DÏoT: A Crowdsourced Self-learning Approach for Detecting Compromised IoT Devices

IoT devices are being widely deployed. Many of them are vulnerable due t...

Testing And Hardening IoT Devices Against the Mirai Botnet

A large majority of cheap Internet of Things (IoT) devices that arrive b...

ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks

IoT application domains, device diversity and connectivity are rapidly g...

DeepAuditor: Distributed Online Intrusion Detection System for IoT devices via Power Side-channel Auditing

As the number of IoT devices has increased rapidly, IoT botnets have exp...

Anomalous Communications Detection in IoT Networks Using Sparse Autoencoders

Nowadays, IoT devices have been widely deployed for enabling various sma...

Architecture and Applications of IoT Devices in Socially Relevant Fields

Number of IoT enabled devices are being tried and introduced every year ...

Detecting Anomalous Microflows in IoT Volumetric Attacks via Dynamic Monitoring of MUD Activity

IoT networks are increasingly becoming target of sophisticated new cyber...

Please sign up or login with your details

Forgot password? Click here to reset