Machine Learning DDoS Detection for Consumer Internet of Things Devices
This addresses the threat of IoT-based DDoS attacks on critical Internet infrastructure, offering a practical solution for home gateways, though it is incremental in applying existing ML methods to IoT-specific features.
The paper tackled the problem of detecting DDoS attacks from insecure consumer IoT devices by using IoT-specific network behaviors for feature selection, achieving high accuracy with various machine learning algorithms including neural networks.
An increasing number of Internet of Things (IoT) devices are connecting to the Internet, yet many of these devices are fundamentally insecure, exposing the Internet to a variety of attacks. Botnets such as Mirai have used insecure consumer IoT devices to conduct distributed denial of service (DDoS) attacks on critical Internet infrastructure. This motivates the development of new techniques to automatically detect consumer IoT attack traffic. In this paper, we demonstrate that using IoT-specific network behaviors (e.g. limited number of endpoints and regular time intervals between packets) to inform feature selection can result in high accuracy DDoS detection in IoT network traffic with a variety of machine learning algorithms, including neural networks. These results indicate that home gateway routers or other network middleboxes could automatically detect local IoT device sources of DDoS attacks using low-cost machine learning algorithms and traffic data that is flow-based and protocol-agnostic.