With an increasing number of Internet of Things (IoT) devices in the digital world, the attack surface for consumer networks has been increasing exponentially. Most of the compromised devices are used as zombies for attacks such as Distributed Denial of Services (DDoS). Consumer networks, unlike most commercial networks, lack the infrastructure such as managed switches and firewalls to easily monitor and block undesired network traffic. To counter such a problem with limited resources, this article proposes a hybrid anomaly detection approach that detects irregularities in the network traffic implicating compromised devices by using only elementary network information like Packet Size, Source, and Destination Ports, Time between subsequent packets, Transmission Control Protocol (TCP) Flags, etc. Essential features can be extracted from the available data, which can further be used to detect zero-day attacks. The paper also provides the taxonomy of various approaches to classify anomalies and description on capturing network packets inside consumer networks.

中文翻译：

---

消费者网络内部的网络异常检测-混合方法

随着数字世界中物联网（IoT）设备数量的增加，消费者网络的攻击面呈指数级增长。大多数受感染的设备都被用作攻击的僵尸，例如分布式拒绝服务（DDoS）。与大多数商业网络不同，消费类网络缺少诸如托管交换机和防火墙之类的基础架构，无法轻松监视和阻止不希望的网络流量。为了解决资源有限的问题，本文提出了一种混合异常检测方法，该方法仅使用基本网络信息（例如数据包大小，源和目标端口，后续数据包之间的时间，传输控制）来检测与受感染设备相关的网络流量中的异常情况。协议（TCP）标志等 可以从可用数据中提取基本功能，这些功能可以进一步用于检测零时差攻击。本文还提供了分类异常的各种方法的分类，并描述了在消费者网络内部捕获网络数据包的方法。