Project factsheet information

Project Title Scalable Traffic Classification in Internet of Things (IoT) for Network Anomaly Detection
Full name and acronym Victoria University of Wellington
Address

School of Engineering and Computer Science

P.O. Box 600

Wellington 6140

New Zealand

Phone +64 4 4635233 ext 8493
Fax
Website https://ecs.victoria.ac.nz/Groups/WiNe/WirelessNetworksResearchGroup#Projects
Dates covered by this report: 31-12-2018 – 31-12-2018 –
Report submission date 30-09-2019
Country where project was implemented Taiwan, New Zealand
Project leader name Winston Seah
Email
Project Team Adrian Pekar [email protected]
Bryan Ng [email protected]
Alvin Valera [email protected]
Partner organization National Chiao Tung University, Taiwan; University of Cauca, Columbia
Total budget approved USD34,000
Project summary

This project focuses on accurate traffic classification in the Internet of Things (IoT). The IoT comprises large numbers of heterogeneous simple devices running single applications, often with little to no security features making them easily compromised and used as tools in cyberattacks. As we become more connected and reliant on the Internet, any form of disruption in connectivity due network anomalies can result in adverse consequences, ranging from loss of productivity and revenue, to destruction of critical infrastructure and loss of life. In the last decade, cyberattacks have increased at an alarming rate, even just based on the reported incidents. We need to be able to classify new traffic types coming from IoT devices accurately and promptly, so that anomalous traffic can be identified and dealt with quickly.

Payload-based (PB) techniques although can reach high accuracy, but suffers from several limitations. The limitations of PB classification are expected to be addressed by statistical-based (SB) techniques. SB approaches are based on flow features and the traffic is classified using Machine Learning algorithms (MLAs). SB classification assumes that specific flow-level features such as flow duration, inter-arrival time, transmitted bytes, packet length and packet size can distinguish different types of traffic flows. We studied how unsupervised machine learning can be applied to network anomaly detection in the dynamic IoT environment where previously unencountered traffic types and patterns are regularly emerging and need to be identified and classified. This project involves the study and selection of appropriate MLAs (to be implemented as a proof-of-concept prototype) and identification of those flow features which have the highest impact on the traffic classification accuracy. This project contributes to making safer cyber-physical systems that are an integral component of the IoT.