Abstract
An increasing number of Internet of Things (IoT) devices are connecting tothe Internet, yet many of these devices are fundamentally insecure, exposingthe Internet to a variety of attacks. Botnets such as Mirai have used insecureconsumer IoT devices to conduct distributed denial of service (DDoS) attacks oncritical Internet infrastructure. This motivates the development of newtechniques to automatically detect consumer IoT attack traffic. In this paper,we demonstrate that using IoT-specific network behaviors (e.g. limited numberof endpoints and regular time intervals between packets) to inform featureselection can result in high accuracy DDoS detection in IoT network trafficwith a variety of machine learning algorithms, including neural networks. Theseresults indicate that home gateway routers or other network middleboxes couldautomatically detect local IoT device sources of DDoS attacks using low-costmachine learning algorithms and traffic data that is flow-based andprotocol-agnostic.