Abstract
With an increasing number of Internet of Things (IoT) devices in the digital world, the attack surface for consumer networks has been increasing exponentially. Most of the compromised devices are used as zombies for attacks such as Distributed Denial of Services (DDoS). Consumer networks, unlike most commercial networks, lack the infrastructure such as managed switches and firewalls to easily monitor and block undesired network traffic. To counter such a problem with limited resources, this article proposes a hybrid anomaly detection approach that detects irregularities in the network traffic implicating compromised devices by using only elementary network information like Packet Size, Source, and Destination Ports, Time between subsequent packets, Transmission Control Protocol (TCP) Flags, etc. Essential features can be extracted from the available data, which can further be used to detect zero-day attacks. The paper also provides the taxonomy of various approaches to classify anomalies and description on capturing network packets inside consumer networks.
Highlights
Multiple sweeping attacks on key Internet services around the world have been launched with botnets powered by Zombie Internet of Things (IoT) devices such as security cameras and wireless routers, with attack bandwidth topping 1.1 Terabits per second [1]
This paper proposes to use the normalized entropy of features mentioned in Table 2 to be processed by One-Class Support Vector Machine (SVM) for anomaly detection inside consumer networks
The models proved to accurately detect common network anomalies such as Distributed Denial of Service (DDoS) attacks and port scans being performed by network devices
Summary
Multiple sweeping attacks on key Internet services around the world have been launched with botnets powered by Zombie Internet of Things (IoT) devices such as security cameras and wireless routers, with attack bandwidth topping 1.1 Terabits per second [1]. This shows that compromised IoT devices can pose a huge threat if hacked successfully. Today’s commercial intrusion detection systems are primarily signature-based, which means they depend on predefined signatures of known attacks or carefully set up rules to filter out any possibility of attacks [2] These require frequent signature updates and operators proactively update rules for these systems to work effectively. Without frequent updates, these devices fail to detect the latest threats, not to mention they cannot protect against Zero-Day attacks due to their inherent nature of having no previous instances of them being used and no signatures to compare [3]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
