LiMNet: Early-Stage Detection of IoT Botnets with Lightweight Memory Networks

Lodovico Giaretta, Ahmed Lekssays, Barbara Carminati, Elena Ferrari, Sarunas Girdzijauskas
2021 Zenodo  
IoT devices have been growing exponentially in the last few years. This growth makes them an attractive target for attackers due to their low computational power and limited security features. Attackers use IoT botnets as an instrument to perform DDoS attacks which caused major disruptions of Internet services in the last decade. While many works have tackled the task of detecting botnet attacks, only a few have considered early-stage detection of these botnets during their propagation phase.
more » ... ile previous approaches analyze each network packet individually to predict its maliciousness, we propose a novel deep learning model calledLiMNet (Lightweight Memory Network), which uses an internal memory component to capture the behaviour of each IoT device over time. This memory incorporates both packet features and behaviour of the peer devices. With this information, LiMNet achieves almost maximum AUROC classification scores, between 98.8% and 99.7%, with a 14% improvement over state of the art. LiMNet is also lightweight, performing inference almost 8 times faster than previous approaches.
doi:10.5281/zenodo.5520867 fatcat:54zeqwmtmnd75f4vnbsgnsrjdi