Go to DBLP homepageContent-Aided IoT Traffic Anomaly Detection
Abstract: Most traffic anomaly detection systems for the Internet of Things (IoT) build detection models using features extracted from the packet header. The performance of such models may fluctuate when network conditions change over time, because some information in the packet header, e.g., the packet arrival interval, reflects the current network condition. To improve the performance of IoT anomaly detection models, we propose a content-aided approach that leverages the payload of packets, i.e., the content carried by the packets, to build a machine learning model. This approach is based on the observation that IoT devices, unlike general-purpose computers, are usually used for very specific tasks, e.g., a smart camera mainly carries video information. Our content-aided approach considers both packet header as well as payload information and ensembles two machine learning models, one built with information from packet headers and the other with information from packet payload, to obtain the final detection results. Experimental results demonstrate that our content-aided method can achieve consistent detection results of about 99% of true positive rate and about 4% false positive rate, in the presence of significant network condition changes.
Loading