Identifying Anomaly in IoT Traffic Flow With Locality Sensitive Hashes

Internet of Things (IoT) devices introduce new vulnerabilities to the network. These devices are relatively cheap, have simple design yet they can collect private user data, and be employed as botnets to conduct large-scale attacks. In general, IoT devices have a limited set of functionalities. Thus, the network administrator can formulate the expected traffic patterns of the devices and employ the network traffic to detect malicious activities. Existing systems to detect anomaly in IoT traffic mainly use machine learning. Thus, they require tuning the parameters of models and selecting/extracting a representative set of features from the network traffic data. In this paper, we introduce a novel approach Locality Sensitive Anomaly Detection and Identification (LSADI) to detect anomaly in IoT network traffic based on the locality-sensitive hash of the traffic flow. The proposed approach does not require feature selection/extraction from the data and does not have complex set of parameters that need to be tuned. Evaluation with three datasets containing 25 attacks shows that LSADI can detect and identify the type of anomalous flows with an accuracy above 90% on average and performs equally well compared to the state-of-the-art machine learning-based methods.