CADeSH: Collaborative Anomaly Detection for Smart Homes

by   Yair Meidan, et al.

Although home IoT (Internet of Things) devices are typically plain and task oriented, the context of their daily use may affect their traffic patterns. For this reason, anomaly-based intrusion detection systems tend to suffer from a high false positive rate (FPR). To overcome this, we propose a two-step collaborative anomaly detection method which first uses an autoencoder to differentiate frequent (`benign') and infrequent (possibly `malicious') traffic flows. Clustering is then used to analyze only the infrequent flows and classify them as either known ('rare yet benign') or unknown (`malicious'). Our method is collaborative, in that (1) normal behaviors are characterized more robustly, as they take into account a variety of user interactions and network topologies, and (2) several features are computed based on a pool of identical devices rather than just the inspected device. We evaluated our method empirically, using 21 days of real-world traffic data that emanated from eight identical IoT devices deployed on various networks, one of which was located in our controlled lab where we implemented two popular IoT-related cyber-attacks. Our collaborative anomaly detection method achieved a macro-average area under the precision-recall curve of 0.841, an F1 score of 0.929, and an FPR of only 0.014. These promising results were obtained by using labeled traffic data from our lab as the test set, while training the models on the traffic of devices deployed outside the lab, and thus demonstrate a high level of generalizability. In addition to its high generalizability and promising performance, our proposed method also offers benefits such as privacy preservation, resource savings, and model poisoning mitigation. On top of that, as a contribution to the scientific community, our novel dataset is available online.


page 1

page 18


CIoTA: Collaborative IoT Anomaly Detection via Blockchain

Due to their rapid growth and deployment, Internet of things (IoT) devic...

Intrusion Detection using Network Traffic Profiling and Machine Learning for IoT

The rapid increase in the use of IoT devices brings many benefits to the...

IoT-KEEPER: Securing IoT Communications in Edge Networks

The increased popularity of IoT devices have made them lucrative targets...

Federated PCA on Grassmann Manifold for Anomaly Detection in IoT Networks

In the era of Internet of Things (IoT), network-wide anomaly detection i...

Machine Learning based Anomaly Detection for 5G Networks

Protecting the networks of tomorrow is set to be a challenging domain du...

Prior Knowledge based Advanced Persistent Threats Detection for IoT in a Realistic Benchmark

The number of Internet of Things (IoT) devices being deployed into netwo...

A Hybrid Approach: Utilising Kmeans Clustering and Naive Bayes for IoT Anomaly Detection

The proliferation and variety of Internet of Things devices means that t...

Please sign up or login with your details

Forgot password? Click here to reset