STRICT SociaLab members Prof. Elena Ferrari, Prof. Barbara Carminati, and Ahmed Lekssays have published their new paper entitled: “LiMNet: Early-Stage Detection of IoT Botnets with Lightweight Memory Networks” at ESORICS 2021 with a collaboration with Dr. Šarūnas Girdzijauskas and Lodovico Giaretta from KTH Institute of Technology in Stockholm, Sweden in the framework of the RAIS project.
The following is the abstract of the new publication:
IoT devices have been growing exponentially in the last few years. This growth makes them an attractive target for attackers due to their low computational power and limited security features. Attackers use IoT botnets as an instrument to perform DDoS attacks which caused major disruptions of Internet services in the last decade. While many works have tackled the task of detecting botnet attacks, only a few have considered early-stage detection of these botnets during their propagation phase.
While previous approaches analyze each network packet individually to predict its maliciousness, we propose a novel deep learning model called LiMNet (Lightweight Memory Network), which uses an internal memory component to capture the behaviour of each IoT device over time. This memory incorporates both packet features and behaviour of the peer devices. With this information, LiMNet achieves almost maximum AUROC classification scores, between 98.8% and 99.7%, with a 14% improvement over state of the art. LiMNet is also lightweight, performing inference almost 8 times faster than previous approaches.