A machine learning based framework for IoT device identification and abnormal traffic detection

Abstract

Network security is a key challenge for the deployment of Internet of Things (IoT). New attacks have been developed to exploit the vulnerabilities of IoT devices. Moreover, IoT immense scale will amplify traditional network attacks. Machine learning has been extensively applied for traffic classification and intrusion detection. In this paper, we propose a framework, specifically for IoT devices identification and malicious traffic detection. Pushing the intelligence to the network edge, this framework extracts features per network flow to identify the source, the type of the generated traffic, and to detect network attacks. Different machine learning algorithms are compared with random forest, which gives the best results: Up to 94.5% accuracy for device-type identification, up to 93.5% accuracy for traffic-type classification, and up to 97% accuracy for abnormal traffic detection. © 2019 John Wiley & Sons, Ltd.