N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders

TLDR

The rapid proliferation of IoT devices, which are more vulnerable than desktop computers, has led to a surge in IoT‑based botnet attacks. This study aims to develop a detection method that can identify attacks originating from compromised IoT devices and distinguish between attacks lasting hours versus milliseconds. The authors introduce N‑BaIoT, a network‑based anomaly detector that captures traffic snapshots and applies deep autoencoders, and evaluate it by infecting nine commercial IoT devices with the Mirai and BASHLITE botnets. Results show that N‑BaIoT can accurately and instantly detect botnet attacks as they are launched from compromised devices.

Abstract

The proliferation of IoT devices that can be more easily compromised than desktop computers has led to an increase in IoT-based botnet attacks. To mitigate this threat, there is a need for new methods that detect attacks launched from compromised IoT devices and that differentiate between hours- and milliseconds-long IoT-based attacks. In this article, we propose a novel network-based anomaly detection method for the IoT called N-BaIoT that extracts behavior snapshots of the network and uses deep autoencoders to detect anomalous network traffic from compromised IoT devices. To evaluate our method, we infected nine commercial IoT devices in our lab with two widely known IoT-based botnets, Mirai and BASHLITE. The evaluation results demonstrated our proposed methods ability to accurately and instantly detect the attacks as they were being launched from the compromised IoT devices that were part of a botnet.

References

Page 1

	Year	Citations

Page 1