Ultra-lightweight deep packet anomaly detection for Internet of Things devices


As we race toward the Internet of Things (IoT), small embedded devices are increasingly becoming network-enabled. Often, these devices can't meet the computational requirements of current intrusion prevention mechanisms or designers prioritize additional features and services over security; as a result, many IoT devices are vulnerable to attack. We have developed an ultra-lightweight deep packet anomaly detection approach that is feasible to run on resource constrained IoT devices yet provides good discrimination between normal and abnormal payloads. Feature selection uses efficient bit-pattern matching, requiring only a bitwise AND operation followed by a conditional counter increment. The discrimination function is implemented as a lookup-table, allowing both fast evaluation and flexible feature space representation. Due to its simplicity, the approach can be efficiently implemented in either hardware or software and can be deployed in network appliances, interfaces, or in the protocol stack of a device. We demonstrate near perfect payload discrimination for data captured from off the shelf IoT devices.

DOI: 10.1109/PCCC.2015.7410342

12 Figures and Tables

Cite this paper

@article{Summerville2015UltralightweightDP, title={Ultra-lightweight deep packet anomaly detection for Internet of Things devices}, author={Douglas H. Summerville and Kenneth M. Zach and Yu Chen}, journal={2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC)}, year={2015}, pages={1-8} }