IoT traffic anomaly detection based on header sequence
Existing malicious traffic detection methods based on machine learning(ML)usually take high-dimensional traffic features as input and use complex models.In practice,it generates high false alarm rates and has high re-source consumption.More importantly,the widespread use of encryption protocols makes packet payload features difficult to access.Fortunately,the network behavior of Internet of Things(IoT)devices is usually regular and pe-riodic,and the feature is reflected in the sequence of communication packets,each of which describes a network event to some extent.Based on this,this paper proposes a malicious traffic detection method based on packet head-er sequences.It converts traffic sequences into network event sequences and computes a set of features(namely se-quence,frequency,surge,and seasonality)to describe the network behavior.The experimental environment con-tains a set of real IoT devices,and the proposed method is deployed on a Raspberry Pi simulated gateway.The ex-perimental results show that the proposed method is able to maintain high accuracy and low false alarm rate in com-plex network environments and improve the processing rate compared to the state-of-the-art detection methods.
machine learning(ML)traffic anomaly detectionnetwork behaviorInternet of Things(IoT)securitypacket header sequence
万方数据
维普
