IoT devices are notoriously vulnerable even to trivial attacks and can be easily compromised. In addition, resource constraints and heterogeneity of IoT devices make it impractical to secure IoT installations using traditional endpoint and network security solutions. To address this problem, we present IoT-Keeper, a lightweight system which secures the communication of IoT. IoT-Keeper uses our proposed anomaly detection technique to perform traffic analysis at edge gateways. It uses a combination of fuzzy C-means clustering and fuzzy interpolation scheme to analyze network traffic and detect malicious network activity. Once malicious activity is detected, IoT-Keeper automatically enforces network access restrictions against IoT device generating this activity, and prevents it from attacking other devices or services. We have evaluated IoT-Keeper using a comprehensive dataset, collected from a real-world testbed, containing popular IoT devices. Using this dataset, our proposed technique achieved high accuracy (≈0.98) and low false positive rate (≈0.02) for detecting malicious network activity. Our evaluation also shows that IoT-Keeper has low resource footprint, and it can detect and mitigate various network attacks—without requiring explicit attack signatures or sophisticated hardware.

中文翻译：

---

IoT-KEEPER：使用边缘在线流量分析检测恶意 IoT 网络活动

众所周知，物联网设备即使受到微不足道的攻击也很容易受到攻击，并且很容易受到损害。此外，物联网设备的资源限制和异构性使得使用传统端点和网络安全解决方案保护物联网安装变得不切实际。为了解决这个问题，我们提出了 IoT-Keeper，这是一个轻量级的系统，可以保护 IoT 的通信。IoT-Keeper 使用我们提出的异常检测技术在边缘网关执行流量分析。它结合使用模糊 C 均值聚类和模糊插值方案来分析网络流量并检测恶意网络活动。一旦检测到恶意活动，IoT-Keeper 会自动对生成此活动的 IoT 设备实施网络访问限制，并防止其攻击其他设备或服务。我们使用从真实世界测试台收集的全面数据集评估了 IoT-Keeper，其中包含流行的 IoT 设备。使用该数据集，我们提出的技术在检测恶意网络活动时实现了高精度（≈0.98）和低误报率（≈0.02）。我们的评估还表明，IoT-Keeper 资源占用少，可以检测和缓解各种网络攻击——无需明确的攻击签名或复杂的硬件。