N-BaIoT-Network-based detection of IoT botnet attacks using deep autoencoders

Yair Meidan, Michael Bohadana, Yael Mathov, Yisroel Mirsky, Asaf Shabtai, Dominik Breitenbacher, Yuval Elovici

Research output: Contribution to journalArticlepeer-review

721 Scopus citations


The proliferation of IoT devices that can be more easily compromised than desktop computers has led to an increase in IoT-based botnet attacks. To mitigate this threat, there is a need for new methods that detect attacks launched from compromised IoT devices and that differentiate between hours- A nd milliseconds-long IoT-based attacks. In this article, we propose a novel network-based anomaly detection method for the IoT called N-BaIoT that extracts behavior snapshots of the network and uses deep autoencoders to detect anomalous network traffic from compromised IoT devices. To evaluate our method, we infected nine commercial IoT devices in our lab with two widely known IoT-based botnets, Mirai and BASHLITE. The evaluation results demonstrated our proposed methods ability to accurately and instantly detect the attacks as they were being launched from the compromised IoT devices that were part of a botnet.

Original languageEnglish
Article number8490192
Pages (from-to)12-22
Number of pages11
JournalIEEE Pervasive Computing
Issue number3
StatePublished - 1 Jul 2018


  • botnets
  • malicious computing
  • pervasive computing
  • security

ASJC Scopus subject areas

  • Software
  • Computer Science Applications
  • Computational Theory and Mathematics


Dive into the research topics of 'N-BaIoT-Network-based detection of IoT botnet attacks using deep autoencoders'. Together they form a unique fingerprint.

Cite this