With the proliferation of IoT devices, network management and security monitoring are becoming a challenge. For the timely detection of IoT device status and their behaviour, traffic classification methods are used. Herein, IoTHunter, a Deep Packet Inspection based IoT traffic classifier, is described. It extracts unique keywords comprising domain names, device names etc. to identify flows belonging to a particular device. IoTHunter automates the keyword extraction using the frequency of occurrence of words belonging to flows of different devices. To further enhance the performance, IoTHunter combines device specific keywords with MAC address of device for subsequent flow labelling. A publicly available IoT dataset is experimented and a good classification accuracy of it over a range of IoT devices is demonstrated. This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.
In this paper we propose a method to detect distributed bruteforcing by modeling failed login attempts as a Poisson probability distribution. We use content similarity between known SSH connection and flow characteristics of failed login attempts to attribute a flow to SSH application and subsequently either as failure or success. Using the failed login count in a window time, we label window as either normal or containing bruteforce attempts.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.