Network Anomaly Detection inside Consumer Networks—A Hybrid Approach

With an increasing number of Internet of Things (IoT) devices in the digital world, the attack surface for consumer networks has been increasing exponentially. Most of the compromised devices are used as zombies for attacks such as Distributed Denial of Services (DDoS). Consumer networks, unlike most commercial networks, lack the infrastructure such as managed switches and firewalls to easily monitor and block undesired network traffic. To counter such a problem with limited resources, this article proposes a hybrid anomaly detection approach that detects irregularities in the network traffic implicating compromised devices by using only elementary network information like Packet Size, Source, and Destination Ports, Time between subsequent packets, Transmission Control Protocol (TCP) Flags, etc. Essential features can be extracted from the available data, which can further be used to detect zero-day attacks. The paper also provides the taxonomy of various approaches to classify anomalies and description on capturing network packets inside consumer networks.