A Development of Embedded Anomaly Behavior Packet Detection System for IoT Environment using Machine Learning Techniques

Abstract

Despite the growth of IoT technology and related markets, aspect of the IoT security in the IoT field is not handled correctly due to several factors such as indiscreet participation in the market, poor optimization for the various specifications. In this paper, an embedded anomaly packet detection system using machine learning technology for an IoT environment is proposed and evaluated. The suggesting system is composed of two main devices—the packet collection device and the packet analysis device. The packet collection device collects network packets from the IoT devices that are connected to the system. The packet analysis device detects anomalies from the packet data by using the machine learning model. Detected anomalies, which are mostly considered as intrusions such as new or bypassing HTTP attacks as well as existing attacks, are responded in real-time. For conformity assessment in a real-time environment, TPR, FPR, accuracy, and detection speed was measured, and the measured values of the target embedded board are 100%, 0.56%, 99.5, and 2.4 to 13.4 seconds, respectively. The results of TPR, FPR, and accuracy indicate the model itself has an excellent ability to discriminate between anomalies, but it is challenging to apply it to an embedded system in terms of detection speed. Future studies need to apply anomaly detection models that are more suitable for embedded devices and unique hardware accelerators for computing artificial neural networks.