Metasoma: Decentralized and Collaborative Early-Stage Detection of IoT Botnets

Early-stage detection of botnets during their spreading phase, before any attack, is fundamental to IoT security. Recently introduced lightweight memory networks represent the state of the art in this domain. However, they require a central system to capture and analyze all traffic in the network, which may not always be feasible in real-world scenarios. In this paper, we introduce a decentralized and collaborative alternative, in which the IoT devices themselves are responsible for this task without any central observer or coordinator. Our results show that the performance of this novel approach is competitive with similar centralized solutions, despite the lack of a global view of the network at any participating device. We also provide an extensive analysis of the security limitations of our fully-decentralized detection system. We identify the potential exploits that an attacker may attempt to perform, assess their impact on the IoT network as well as propose and evaluate effective countermeasures.