An increasing number of Internet of Things (IoT) devices are connecting to
the Internet, yet many of these devices are fundamentally insecure, exposing
the Internet to a variety of attacks. Botnets such as Mirai have used insecure
consumer IoT devices to conduct distributed denial of service (DDoS) attacks on
critical Internet infrastructure. This motivates the development of new
techniques to automatically detect consumer IoT attack traffic. In this paper,
we demonstrate that using IoT-specific network behaviors (e.g. limited number
of endpoints and regular time intervals between packets) to inform feature
selection can result in high accuracy DDoS detection in IoT network traffic
with a variety of machine learning algorithms, including neural networks. These
results indicate that home gateway routers or other network middleboxes could
automatically detect local IoT device sources of DDoS attacks using low-cost
machine learning algorithms and traffic data that is flow-based and
protocol-agnostic.Comment: 7 pages, 3 figures, 3 tables, appears in the 2018 Workshop on Deep
Learning and Security (DLS '18