N-BaIoT-Network-based detection of IoT botnet attacks using deep autoencoders

Yair Meidan, Michael Bohadana, Yael Mathov, Yisroel Mirsky, Asaf Shabtai, Dominik Breitenbacher, Yuval Elovici

Research output: Contribution to journalArticlepeer-review

383 Scopus citations

Abstract

The proliferation of IoT devices that can be more easily compromised than desktop computers has led to an increase in IoT-based botnet attacks. To mitigate this threat, there is a need for new methods that detect attacks launched from compromised IoT devices and that differentiate between hours- A nd milliseconds-long IoT-based attacks. In this article, we propose a novel network-based anomaly detection method for the IoT called N-BaIoT that extracts behavior snapshots of the network and uses deep autoencoders to detect anomalous network traffic from compromised IoT devices. To evaluate our method, we infected nine commercial IoT devices in our lab with two widely known IoT-based botnets, Mirai and BASHLITE. The evaluation results demonstrated our proposed methods ability to accurately and instantly detect the attacks as they were being launched from the compromised IoT devices that were part of a botnet.

Original languageEnglish
Article number8490192
Pages (from-to)12-22
Number of pages11
JournalIEEE Pervasive Computing
Volume17
Issue number3
DOIs
StatePublished - 1 Jul 2018

Keywords

  • botnets
  • malicious computing
  • pervasive computing
  • security

Fingerprint

Dive into the research topics of 'N-BaIoT-Network-based detection of IoT botnet attacks using deep autoencoders'. Together they form a unique fingerprint.

Cite this