TY - JOUR
T1 - A novel approach for detecting vulnerable IoT devices connected behind a home NAT
AU - Meidan, Yair
AU - Sachidananda, Vinay
AU - Peng, Hongyi
AU - Sagron, Racheli
AU - Elovici, Yuval
AU - Shabtai, Asaf
N1 - Publisher Copyright:
© 2020
PY - 2020/10/1
Y1 - 2020/10/1
N2 - Telecommunication service providers (telcos) are exposed to cyber-attacks executed by compromised IoT devices connected to their customers’ networks. Such attacks might have severe effects on the attack target, as well as the telcos themselves. To mitigate those risks, we propose a machine learning-based method that can detect specific vulnerable IoT device models connected behind a domestic NAT, thereby identifying home networks that pose a risk to the telcos infrastructure and service availability. To evaluate our method, we collected a large quantity of network traffic data from various commercial IoT devices in our lab and compared several classification algorithms. We found that (a) the LGBM algorithm produces excellent detection results, and (b) our flow-based method is robust and can handle situations for which existing methods used to identify devices behind a NAT are unable to fully address, e.g., encrypted, non-TCP or non-DNS traffic. To promote future research in this domain we share our novel labeled benchmark dataset.
AB - Telecommunication service providers (telcos) are exposed to cyber-attacks executed by compromised IoT devices connected to their customers’ networks. Such attacks might have severe effects on the attack target, as well as the telcos themselves. To mitigate those risks, we propose a machine learning-based method that can detect specific vulnerable IoT device models connected behind a domestic NAT, thereby identifying home networks that pose a risk to the telcos infrastructure and service availability. To evaluate our method, we collected a large quantity of network traffic data from various commercial IoT devices in our lab and compared several classification algorithms. We found that (a) the LGBM algorithm produces excellent detection results, and (b) our flow-based method is robust and can handle situations for which existing methods used to identify devices behind a NAT are unable to fully address, e.g., encrypted, non-TCP or non-DNS traffic. To promote future research in this domain we share our novel labeled benchmark dataset.
KW - DeNAT
KW - Device identification
KW - Internet of things (IoT)
KW - Machine learning
KW - Network address translation (NAT)
UR - http://www.scopus.com/inward/record.url?scp=85088294797&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2020.101968
DO - 10.1016/j.cose.2020.101968
M3 - Article
AN - SCOPUS:85088294797
SN - 0167-4048
VL - 97
JO - Computers and Security
JF - Computers and Security
M1 - 101968
ER -