Threat Detection and Analysis in the Internet of Things using Deep Packet Inspection

International Journal On Cyber Situational Awareness (IJCSA)

ISSN: (Print) 2057-2182 ISSN: (Online) 2057-2182

DOI: 10.22619/IJCSA

Published Semi-annually. Est. 2014


Dr Cyril Onwubiko, Chair – Cyber Security & Intelligence, E-Security Group, Research Series, London, UK; IEEE UK & Ireland Section Secretary

Associate Editors:

Professor Frank Wang, Head of School / Professor of Future Computing, Chair IEEE Computer Society, UK&RI, School of Computing, University of Kent, Canterbury, UK

Professor Karen Renaud, Professor of Cyber Security, University of Abertay, Dundee, Scotland, UK

Threat Detection and Analysis in the Internet of Things using Deep Packet Inspection

Christopher D. McDermott, William Haynes, Andrei V. Petrovksi


The Internet of Things (IoT) has quickly transitioned from a promising future paradigm to a pervasive everyday reality. Many consumer IoT devices often lack adequate security and are increasingly being leveraged to perform DDoS attacks. To improve situational awareness of such attacks among consumers, this paper presents two solutions to the detection of botnet activity within consumer IoT devices and networks. First, a detection model is built using Term Frequency-Inverse Document Frequency (tf-idf) and analyses network traffic for semantic structure, highlighting semantic similarities between the captured data and that of a known attack dataset. A similarity score is used to determine if mirai attack vectors could be detected in the captured network traffic. Secondly a novel application of Deep Learning is used to develop a detection model based on a Bidirectional Long Short Term Memory based Recurrent Neural Network (BLSTM-RNN). The model is evaluated for accuracy and loss when detecting four attack vectors used by the mirai botnet. The paper demonstrates that both approaches return good results and offer promise for future research in this area. A labelled dataset was generated as part of this research and has been made available to the research community.

Keyword: Situational Awareness, IoT, Term Frequency-Inverse Document Frequency, tf-idf, Long Short Term Memory Recurrent Neural Network, Botnet, Intrusion Detection, Mirai, DDoS

ISSN: 2057-2182

Volume 3. No. 1

DOI: 10.22619/IJCSA.2018.100118

Date: Dec. 2018

Reference to this paper should be made as follows: McDermott, C. D., Haynes, W. & Petrovski, A. V. (2018). Threat Detection and Analysis in the Internet of Things using Deep Packet Inspection. International Journal on Cyber Situational Awareness, Vol. 3, No. 1, pp. 61-83.

PDF Download