FlowSpotter: Intelligent IoT Threat Detection via Imaging Network Flows

With the prevalence of Internet of Things (IoT) technologies, the huge growth of IoT devices has also brought attention of cyber attackers. IoT botnets are rapidly spreading and evolving worldwide, causing serious risks to users and data. Machine learning (ML) has shown its effectiveness on threat detection. However, existing feature encoding and learning methods are unsuitable for resource constrained edge devices like the IoT gateway. In this paper, we propose a lightweight threat detection scheme called FlowSpotter. The flow imaging mechanism requires less feature extraction but preserves more spatial and temporal information. A lite convolution neural network architecture based on the state-of-the-art efficient building blocks is devised. For performance evaluation, we develop an IoT honeypot system that captures hundreds of thousands of IoT intrusions in the wild. Besides, FlowSpotter is implemented on Raspberry Pi for measuring the efficiency. Experimental results show that FlowSpotter not only outperforms 8 baseline models by achieving 99.8% accuracy and 0.07% false positive rate, but also consumes the least computing resources by taking less than 11 ms and 61 MiB memory for each detection. © 2023 IEEE.