N-BaIoT

 The proliferation of IoT devices which can be more easily compromised than desktop computers has led to an increase in the occurrence of IoT-based botnet attacks. In order to mitigate this new threat there is a need to develop new methods for detecting attacks launched from compromised IoT devices and differentiate between hour and millisecond long IoT-based attacks. In this paper we propose and empirically evaluate a novel network-based anomaly detection method which extracts behavior snapshots of the network and uses deep autoencoders to detect anomalous network traffic emanating from compromised IoT devices. To evaluate our method, we infected nine commercial IoT devices in our lab with two of the most widely known IoT-based botnets, Mirai and BASHLITE. Our evaluation results demonstrated our proposed method’s ability to accurately and instantly detect the attacks as they were being launched from the compromised IoT devices which were part of a botnet.  

相较于台式计算机，物联网（Internet of Things，IoT）设备更易被攻陷，此类设备的泛滥导致基于物联网的僵尸网络（Botnet）攻击事件愈发频发。为缓解这一新型威胁，亟需研发全新的检测方法，以识别来自被攻陷物联网设备的攻击，并区分时长为数小时与数毫秒的基于物联网攻击。本文提出一种基于网络的新型异常检测方法，该方法通过提取网络行为快照并利用深度自编码器（Deep Autoencoders）来检测源自被攻陷物联网设备的异常网络流量，并对该方法进行了实证评估。为验证所提方法的有效性，我们在实验室环境中使用两款最为人熟知的基于物联网僵尸网络——Mirai与BASHLITE——对九台商用物联网设备进行了感染模拟。评估结果表明，所提方法能够在僵尸网络攻击从被攻陷物联网设备发起的同时，精准且即时地检测出此类攻击。