Report available! Scalable Traffic Classification in Internet of Things (IoT) for Network Anomaly Detection

Prof. Winston Seah from the School of Engineering and Computer Science at the Victoria University of Wellington has completed the report for one of the grants that was allocated in 2017 for implementation in 2018, titled “Scalable Traffic Classification in Internet of Things (IoT) for Network Anomaly Detection”.

The project focused on accurate traffic classification in the Internet of Things (IoT). The IoT comprises large numbers of heterogeneous simple devices running single applications, often with little to no security features making them easily compromised and used as tools in cyberattacks. As we become more connected and reliant on the Internet, any form of disruption in connectivity due network anomalies can result in adverse consequences, ranging from loss of productivity and revenue, to destruction of critical infrastructure and loss of life. In the last decade, cyberattacks have increased at an alarming rate, even just based on the reported incidents. We need to be able to classify new traffic types coming from IoT devices accurately and promptly, so that anomalous traffic can be identified and dealt with quickly.

Payload-based (PB) techniques although can reach high accuracy, but suffers from several limitations. The limitations of PB classification are expected to be addressed by statistical-based (SB) techniques. SB approaches are based on flow features and the traffic is classified using Machine Learning algorithms (MLAs). SB classification assumes that specific flow-level features such as flow duration, inter-arrival time, transmitted bytes, packet length and packet size can distinguish different types of traffic flows. We studied how unsupervised machine learning can be applied to network anomaly detection in the dynamic IoT environment where previously unencountered traffic types and patterns are regularly emerging and need to be identified and classified. This project involves the study and selection of appropriate MLAs (to be implemented as a proof-of-concept prototype) and identification of those flow features which have the highest impact on the traffic classification accuracy. This project contributes to making safer cyber-physical systems that are an integral component of the IoT.

The report is publicly available.

You Might Also Like

Published by

Sylvia Cadena - ISIF Asia secretariat

After ten years managing the Information Society Innovation Fund (ISIF) at APNIC, Sylvia was appointed Head of Programs at the APNIC Foundation in December 2016. As Head of Programs, Sylvia works on the management, design and implementation of collaborative programs to expand APNIC’s capacity building efforts and its overall Development Program. At ISIF Asia, Sylvia continues to lead a grants and awards program that seeks to empower communities in the Asia Pacific to research, design and implement Internet-based solutions for their own needs. One of the region’s most established Internet development programs, ISIF places particular emphasis on the positive role the Internet has on social and economic development in the Asia Pacific. Sylvia also leads APNIC’s engagement with the Seed Alliance, a global collaboration with the African (AFRINIC) and South American (LACNIC) Internet registries. Together with its funding partners, and various regional sponsors, the Seed Alliance supports innovative Internet development across the global south. She is also a member of the ICANN CCWG on new gTLD auction proceeds and co-chair of the APrIGF. Throughout her career, Sylvia has focused on the strategic use of the Internet for development with an emphasis on capacity building. Since her early years as a UN Volunteer, she has worked across the multi-stakeholder spectrum of organizations with technical and advisory roles, mainly about information systems, access provision and innovation. In July 2003, her work was recognized with the "Annual Award for Young Professionals" by the International Development Research Center (IDRC).