A novel approach for detecting vulnerable IoT devices connected behind a home NAT

Yair Meidan, Vinay Sachidananda, Hongyi Peng, Racheli Sagron, Yuval Elovici, Asaf Shabtai

Research output: Contribution to journalArticlepeer-review

6 Scopus citations

Abstract

Telecommunication service providers (telcos) are exposed to cyber-attacks executed by compromised IoT devices connected to their customers’ networks. Such attacks might have severe effects on the attack target, as well as the telcos themselves. To mitigate those risks, we propose a machine learning-based method that can detect specific vulnerable IoT device models connected behind a domestic NAT, thereby identifying home networks that pose a risk to the telcos infrastructure and service availability. To evaluate our method, we collected a large quantity of network traffic data from various commercial IoT devices in our lab and compared several classification algorithms. We found that (a) the LGBM algorithm produces excellent detection results, and (b) our flow-based method is robust and can handle situations for which existing methods used to identify devices behind a NAT are unable to fully address, e.g., encrypted, non-TCP or non-DNS traffic. To promote future research in this domain we share our novel labeled benchmark dataset.

Original languageEnglish
Article number101968
JournalComputers and Security
Volume97
DOIs
StatePublished - 1 Oct 2020

Keywords

  • DeNAT
  • Device identification
  • Internet of things (IoT)
  • Machine learning
  • Network address translation (NAT)

Fingerprint

Dive into the research topics of 'A novel approach for detecting vulnerable IoT devices connected behind a home NAT'. Together they form a unique fingerprint.

Cite this