TY - GEN
T1 - IoTEnsemble
T2 - 27th European Symposium on Research in Computer Security, ESORICS 2022
AU - Li, Ruoyu
AU - Li, Qing
AU - Huang, Yucheng
AU - Zhang, Wenbin
AU - Zhu, Peican
AU - Jiang, Yong
N1 - Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - As the Internet of Things (IoT) plays an increasingly important role in real life, the concern about IoT malware and botnet attacks is considerably growing. Meanwhile, with new techniques such as edge computing and artificial intelligence applied to IoT networks, these devices nowadays become more functional than ever before, which challenges many existing network anomaly detection systems due to the lack of generalization ability to profile diverse activities. To address it, this paper proposes IoTEnsemble, an ensemble network anomaly detection framework. We propose a tree-based activity clustering method that aggregates network flows dedicated to the same activity so that their traffic patterns remain identical. Based on the clustering result, we implement an ensemble model in which each submodel only needs to profile a specific activity, which highly reduces the burden of a single model’s generalization ability. For evaluation, we build a 57.1 GB IoT dataset collected in 9 months composed of comprehensive normal and malicious traffic. Our evaluation proves that IoTEnsemble possesses a state-of-the-art detection performance on various IoT botnet malware and attack traffic, exhibiting a significantly better result than other baselines in a more intelligent and functional IoT network.
AB - As the Internet of Things (IoT) plays an increasingly important role in real life, the concern about IoT malware and botnet attacks is considerably growing. Meanwhile, with new techniques such as edge computing and artificial intelligence applied to IoT networks, these devices nowadays become more functional than ever before, which challenges many existing network anomaly detection systems due to the lack of generalization ability to profile diverse activities. To address it, this paper proposes IoTEnsemble, an ensemble network anomaly detection framework. We propose a tree-based activity clustering method that aggregates network flows dedicated to the same activity so that their traffic patterns remain identical. Based on the clustering result, we implement an ensemble model in which each submodel only needs to profile a specific activity, which highly reduces the burden of a single model’s generalization ability. For evaluation, we build a 57.1 GB IoT dataset collected in 9 months composed of comprehensive normal and malicious traffic. Our evaluation proves that IoTEnsemble possesses a state-of-the-art detection performance on various IoT botnet malware and attack traffic, exhibiting a significantly better result than other baselines in a more intelligent and functional IoT network.
KW - Botnet
KW - Internet of Things
KW - Malware detection
KW - Network anomaly detection
UR - http://www.scopus.com/inward/record.url?scp=85140717203&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-17146-8_28
DO - 10.1007/978-3-031-17146-8_28
M3 - 会议稿件
AN - SCOPUS:85140717203
SN - 9783031171451
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 569
EP - 588
BT - Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings
A2 - Atluri, Vijayalakshmi
A2 - Di Pietro, Roberto
A2 - Jensen, Christian D.
A2 - Meng, Weizhi
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 26 September 2022 through 30 September 2022
ER -