Detection of Infected IOT Devices
Project Impact Results

Detection of IOT Devices Project Impact Results2020-10-16T17:14:19+11:00

Project Impacts

The increased utilisation of IoT devices for data collection and monitoring activities have resulted in providing an easy entry path for potential launching of unstoppably terabit scale Distributed Denial of Service (DDoS) attacks. While security experts agree that the mega traffic should be stopped upstream before gaining momentum, there is no practical solution developed for addressing this problem.

This PoC forms the first step towards a practical method to prevent DDoS attack origination from IoT devices by hampering and stopping potential attack traffic at the gateway of ISPs and end-users and addresses the question of ‘How can an ISP detect botnets within their networks, and process the large volumes of traffic to detect these rogue devices mitigated in a matter of seconds, not minutes?’

The POC enabled the delivery of the following;

  • Improvement in accuracy of botnet detection by exploiting regularity of IoT communication patterns;
  • Improvement in operational efficiency and reduction in the detection delay by combining evidence of abnormal activity from multiple homes; and
  • Improved the ability to respond to emerging threats through better explanations of abnormal activity.

Identified Challenge in the Cybersecurity Industry

Since the high velocity and volume of DDoS attacks cannot be stopped by the victim’s network, this prototype proposes a paradigm shifting approach to change the focus from securing a specific victim, to preventing DDoS traffic from IoT devices in entering the network.

In the knowledge in what makes DDoS unstoppable being the number of sources involved in an attack, this modelling potentially distributes a large number of protective software filters and leverages the increasing computational power of edge devices to prevent the attack traffic to aggregate. This enables the prototype the ability to explore an efficient way of identifying traffic from IoT devices and blocking anomalous traffic.

Current network monitoring tools are limited to looking-up a vendor’s MAC address to potentially flag the IoT devices which are inconclusive in many cases. In contrast, a machine learning technique that incorporates information from multiple network layers can detect the traffic more accurately and pave the way for profiling the traffic.

This POC enabled the research team to also make some noteworthy observations:

  • IoT devices generally tend to have one or two core functions, communicating with a small number of servers outside their home network and their traffic patterns would tend to be repetitive: and
  • This lack of variation should make it easier to detect malicious traffic by looking for anomalies in network traffic.

The Solution of this Prototype

This prototype demonstrates three key machine learning capabilities;

  • Anomaly detection from IoT network traffic: Detecting unusual changes;
  • Explanation of anomalous traffic patterns: What the main features of the change are; and
  • Visualisation of patterns: What the impact of change actually is.

More on this prototype.

The POC Research Team

Our team members have extensive experience in research and development in using Artificial Intelligence, Machine Learning, and Game Theory in cyber security. 

  • Our experience encompasses the development of cutting-edge solutions for organisations such as Defence Science & Technology (DST) Group, Northrop Grumman (US),Telstra, and Australia’s Academic and Research Network (AARNet)

Top Tier Publications

  • Elaheh Alipourchavary, Sarah Erfani, Christopher Leckie, “Summarizing Significant Changes in Network Traffic Using Contrast Pattern Mining”, ACM International Conference on Information and Knowledge Management (CIKM), 2017.

  • Sharma, Rahul, Chien Aun Chan, and Christopher Leckie. “Evaluation of Centralised vs Distributed Collaborative Intrusion Detection Systems in Multi-Access Edge Computing”, IFIP Networking Conference (Networking), 2020.

  • Li Li, Sarah Erfani, Chien Chan, Christopher Leckie, “Multi-scale trajectory clustering to identify corridors in mobile networks”, ACM International Conference on Information and Knowledge Management (CIKM), 2019.

  • Zahra Ghafoori, Christopher Leckie. “Deep Multi-sphere Support Vector Data Description”,  SIAM International Conference on Data Mining (SDM), 2020.

  • Alistair Shilton, Sutharshan Rajasegarar, Marimuthu Palaniswami, “Multiclass Anomaly Detector: the CS++ Support Vector Machine”, Accepted for publication in Journal of Machine Learning Research (JMLR), 2020.

Research Team Contact Details

Chris Leckie2020-10-14T15:57:54+11:00
  • Professor Chris Leckie

  • University of Melbourne

  • Read more on Chris at his LinkedIn profile.

Sarah Erfani2020-10-15T12:35:17+11:00
  • Sarah Erfani

  • Senior Lecturer, University of Melbourne

  • Read more on Sarah at her LinkedIn profile.

Tansu Alpcan2020-10-14T16:02:13+11:00
  • Professor Tansu Alpcan

  • Professor and Reader – Electrical and Electronic Engineering, University of Melbourne

  • Read more on Tansu at his professional profile.

  • LinkedIn Read more on Tansu at his LinkedIn profile

Jeffry Chan2020-10-14T16:06:26+11:00
  • Jeffry Chan

  • Senior Lecturer, RMIT

  • Read more on Jefry at his LinkedIn profile.

Sutharshan Rajasegarar2020-10-14T16:06:02+11:00
  • Sutharshan Rajasegarar

  • Senior Lecturer, Deakin

  • Read more on Sutharshan at his LinkedIn profile.

Go to Top