Detecting IoT Malicious Traffic based on Autoencoder and Convolutional Neural Network

Due to the rise of the Internet of Things, a variety of devices have been made intelligent and connected to the Internet. However, the huge number of constantly connected but usually unattended IoT devices have made them one of the major sources of Interent attacks, e.g., a large-scale DDoS attack launching by millions of Mirai-injected compromised IoT devices in 2016. In order to mitigate DDoS attacks against IoT botnets, in this work, we proposed an effective malicious IoT traffic detection mechanism based on deep learning techniques. Specifically, we adopt convolutional neural network (CNN) to extract features of flows, then apply autoencoder to perform unsupervised malicious IoT traffic classification. Our goal is to be able to detect a malicious flow by examining as few of its packets as possible. To validate our proposed mechanism, we evaluate our model using both open data set from previous literature as well as the data set collected from a Mirai botnet we have built. Our experimental results show that the proposed mechanism is effective to detect malicious flows with near 100% accuracy, while only examining the first 2 packets of a flow.