Threat Detection and Analysis in the Internet of Things using Deep Packet Inspection

Abstract

The Internet of Things (IoT) has quickly transitioned from a promising future paradigm to a pervasive everyday reality. Many consumer IoT devices often lack adequate security and are increasingly being leveraged to perform DDoS attacks. To improve situational awareness of such attacks amongst consumers, this paper presents two solutions to the detection of botnet activity within consumer IoT devices and networks. First, a detection model is built using Term Frequency-Inverse Document Frequency (tf-idf) and analyses network traffic for semantic structure, highlighting semantic similarities between the captured data and that of a known attack dataset. A similarity score is used to determine if mirai attack vectors could be detected in the captured network traffic. Secondly a novel application of Deep Learning is used to develop a detection model based on a Bidirectional Long Short Term Memory based Recurrent Neural Network (BLSTM-RNN). The model is evaluated for accuracy and loss when detecting four attack vectors used by the mirai botnet. The paper demonstrates that both approaches return good results and offer promise for future research in this area. A labelled dataset was generated as part of this research and has been made available to the research community. Copyright