Real-time detection of consumer IoT devices participating in DDoS attacks

Could we detect compromised consumer IoT devices participating in a DDoS attack in real-time and do something about it? A group of researchers Princeton University have presented some encouraging results showing that the first part of that equation can be relatively easily solved.

As IoT traffic is often distinct from that of other Internet connected devices and as machine learning has proved promising for identifying malicious Internet traffic, they decided to use these facts to their advantage. So, they created a machine learning pipeline that performs data collection, feature extraction, and binary classification of IoT traffic and designed it so that it can be operated on network middleboxes (e.g., routers, switches, firewalls).

Read more about the system that was deployed on an experimental consumer IoT device network, where it successfully identified attack traffic with an accuracy higher than 0.999, on Help Net Security.