Semina: Ciências Exatas e Tecnológicas (Dec 2023)

Behavior of the DenStream Clustering Algorithm for Attack Detection in the Internet of Things

  • Gabriel Keith Tazima,
  • Bruno Bogaz Zarpelao (COMP/UEL)

DOI
https://doi.org/10.5433/1679-0375.2023.v44.48956
Journal volume & issue
Vol. 44

Abstract

Read online

Multiple attack detection schemes based on supervised batch learning are presented in the literature as an alternative to improve Internet of Things (IoT) security. These schemes require benign and malicious traffic samples for training and are unable to easily adapt to changes in the analyzed data. In this work, we study how we can use DenStream, an unsupervised stream mining algorithm, to detect attacks in IoT networks. This type of algorithm does not require labeled examples and can learn incrementally, adapting to changes. We aim to investigate whether attacks can be detected by monitoring the behavior of DenStream's clusters. The results showed that DenStream could provide indicators of attack occurrence in TCP, UDP, and ICMP traffic.

Keywords