Changping Lai,Yinan Yao,Yuzhong Chen,Xintian Liang,Tianqi Cai,Yiqing Shi

DOI: https://doi.org/10.1145/3638782.3638816

2024-01-01

Abstract:The development of machine learning has brought new methods for botnet detection. Traditional machine learning methods and deep learning methods are used in botnet detection, but the former requires prior knowledge to select features. And deep learning methods solve this problem. This paper proposes a new botnet detection model that combines Convolutional Neural Network (CNN) with Support Vector Machine (SVM). This approach directly acquires network traffic data, preprocesses the data to obtain input suitable for CNN, utilizes CNN for feature extraction after preprocessing, and feeds the extracted features through two convolutional layers. The obtained features are then input to a SVM for classification. This method leverages the powerful feature extraction capabilities of CNN and the faster computational speed of linear SVM, resulting in faster training and excellent classification performance. Experiments show that the method has good performance on botnet detection and reduces training time compared to the CNN model.

Majda Wazzan,Daniyal Algazzawi,Aiiad Albeshri,Syed Hasan,Osama Rabie,Muhammad Zubair Asghar

DOI: https://doi.org/10.3390/s22103895

2022-05-20

Abstract:In recent times, organisations in a variety of businesses, such as healthcare, education, and others, have been using the Internet of Things (IoT) to produce more competent and improved services. The widespread use of IoT devices makes our lives easier. On the other hand, the IoT devices that we use suffer vulnerabilities that may impact our lives. These unsafe devices accelerate and ease cybersecurity attacks, specifically when using a botnet. Moreover, restrictions on IoT device resources, such as limitations in power consumption and the central processing unit and memory, intensify this issue because they limit the security techniques that can be used to protect IoT devices. Fortunately, botnets go through different stages before they can start attacks, and they can be detected in the early stage. This research paper proposes a framework focusing on detecting an IoT botnet in the early stage. An empirical experiment was conducted to investigate the behaviour of the early stage of the botnet, and then a baseline machine learning model was implemented for early detection. Furthermore, the authors developed an effective detection method, namely, Cross CNN_LSTM, to detect the IoT botnet based on using fusion deep learning models of a convolutional neural network (CNN) and long short-term memory (LSTM). According to the conducted experiments, the results show that the suggested model is accurate and outperforms some of the state-of-the-art methods, and it achieves 99.7 accuracy. Finally, the authors developed a kill chain model to prevent IoT botnet attacks in the early stage.

Ahsan Nazir,Jingsha He,Nafei Zhu,Xiangjun Ma,Faheem Ullah,Siraj Uddin Qureshi,Ahsan Wajahat

DOI: https://doi.org/10.1145/3672919.3672934

2024-01-01

Abstract:The rapid expansion of Internet of Things (IoT) devices has led to an escalation in security vulnerabilities, particularly concerning botnet attacks. Securing IoT networks against botnet threats is paramount to preserving network integrity and safeguarding sensitive data. Despite advancements in security measures, traditional methods often fall short in effectively detecting and mitigating botnet activity in IoT environments. There is a pressing need for robust and adaptive detection mechanisms capable of accurately identifying botnet behavior amidst the complexity of IoT network traffic. This research addresses the challenge of botnet detection in IoT networks, aiming to develop an effective and scalable solution that can accurately discern between benign and IoT botnets. To address this problem, we propose the use of ensemble learning techniques for the IoT botnet detection. Leveraging the N-BaIoT dataset, which offers real-world IoT traffic data, we apply the Voting Classifier to nine distinct IoT devices and evaluate its performance against key metrics such as accuracy, precision, recall, and F1 score. Our experiments demonstrate the effectiveness of the proposed ensemble approach, achieving high accuracy with an average accuracy rate of 99.3%. Furthermore, the ensemble method exhibits strong precision, recall, and F1 scores across various IoT device types, underscoring its efficacy in accurately discerning botnet activity. This research contributes to the advancement of botnet detection in IoT networks by introducing an ensemble-based approach that offers robust and adaptive detection capabilities. Our findings highlight the potential of ensemble learning techniques in enhancing security measures in IoT environments.

Yanmiao Li,Yingying Xu,Zhi Liu,Haixia Hou,Yushuo Zheng,Yang Xin,Yuefeng Zhao,Lizhen Cui

DOI: https://doi.org/10.1016/j.measurement.2019.107450

IF: 5.6

2019-01-01

Measurement

Abstract:A robust intrusion detection system plays a very important role in network security. In the face of complex network data and diverse intrusion methods, traditional machine learning methods seem to be inadequate and cannot meet the requirements of the current network environment. Existing deep learning-based methods are far from fully exploiting their potential in dealing with such one-dimensional feature data, and their performance is still unsatisfactory in detecting unknown intrusions. This paper proposes a deep learning approach for intrusion detection using a multi-convolutional neural network (multi-CNN) fusion method. According to the correlation, the feature data are divided into four parts, and then the one-dimensional feature data are converted into a grayscale graph. By using the flow data visualization method, CNN is introduced into the intrusion detection problem and the best of the four results emerge. The experimental results successfully demonstrate that the multi-CNN fusion model is very suitable for providing a classification method with high accuracy and low complexity on the NSL-KDD dataset. Furthermore, its performance is also superior to those of traditional machine learning methods and other recent deep learning approaches for binary classification and multiclass classification. This work will contribute for the data security of industrial loT. (C) 2019 Elsevier Ltd. All rights reserved.

Chengjie Li,Yunchun Zhang,Wangwang Wang,Zikun Liao,Fan Feng

DOI: https://doi.org/10.1109/SCSET55041.2022.00066

2022-01-01

Abstract:With the vast popularity of IoT (Internet-of-Things), cloud computing and edge computing, botnet attacks are flourishing nowadays. Meanwhile, deep learning-powered models are widely deployed to secure the network and applications. However, deep learning-based botnet detection is a challenging problem due to its extensive network traffic volume, complex feature engineering and the lack of the benchmark dataset for evaluation. With the aim of improving the performance of botnet detection, this paper firstly designs a feature extraction method by using the effective payload from each network packet. Then, a feature selection algorithm is designed based on the comparison and trade-off on the length of the extracted packets and the trained models’ performance. By choosing a reasonable number of packets and an appropriate length of bytes as feature vectors, a deep learning model is designed and evaluated for botnet detection. The experimental results prove that the designed deep neural network achieves 98% accuracy with low cost.

Bonan Zhang,Jingjin Li,Lindsay Ward,Ying Zhang,Chao Chen,Jun Zhang

DOI: https://doi.org/10.1155/2023/9796912

IF: 1.968

2023-01-01

Security and Communication Networks

Abstract:Botnet attacks have mainly targeted computers in the past, which is a fundamental cybersecurity problem. Due to the booming of Internet of things (IoT) devices, an increasing number of botnet attacks are now targeting IoT devices. Researchers have proposed several mechanisms to avoid botnet attacks, such as identification by communication patterns or network topology and defence by DNS blacklisting. A popular direction for botnet detection currently relies on the specific topological characteristics of botnets and uses machine learning models. However, it relies on network experts’ domain knowledge for feature engineering. Recently, neural networks have shown the capability of representation learning. This paper proposes a new approach to extracting graph features via graph neural networks. To capture the particular topology of the botnet, we transform the network traffic into graphs and train a graph neural network to extract features. In our evaluations, we use graph embedding features to train six machine learning models and compare them with the performance of traditional graph features in identifying botnet nodes. The experimental results show that botnet traffic detection is still challenging even with neural networks. We should consider the impact of data, features, and algorithms for an accurate and robust solution.

Laisen Nie,Zhaolong Ning,Xiaojie Wang,Xiping Hu,Jun Cheng,Yongkang Li

DOI: https://doi.org/10.1109/tnse.2020.2990984

IF: 6.6

2020-01-01

IEEE Transactions on Network Science and Engineering

Abstract:As an industrial application of Internet of Things (IoT), Internet of Vehicles (IoV) is one of the most crucial techniques for Intelligent Transportation System (ITS), which is a basic element of smart cities. The primary issue for the deployment of ITS based on IoV is the security for both users and infrastructures. The Intrusion Detection System (IDS) is important for IoV users to keep them away from various attacks via the malware and ensure the security of users and infrastructures. In this paper, we design a data-driven IDS by analyzing the link load behaviors of the Road Side Unit (RSU) in the IoV against various attacks leading to the irregular fluctuations of traffic flows. A deep learning architecture based on the Convolutional Neural Network (CNN) is designed to extract the features of link loads, and detect the intrusion aiming at RSUs. The proposed architecture is composed of a traditional CNN and a fundamental error term in view of the convergence of the backpropagation algorithm. Meanwhile, a theoretical analysis of the convergence is provided by the probabilistic representation for the proposed CNN-based deep architecture. We finally evaluate the accuracy of our method by way of implementing it over the testbed.

Ahsan Nazir,Jingsha He,Nafei Zhu,Saima Siraj Qureshi,Siraj Uddin Qureshi,Faheem Ullah,Ahsan Wajahat,Muhammad Salman Pathan

DOI: https://doi.org/10.1016/j.asej.2024.102777

IF: 4.79

2024-01-01

Ain Shams Engineering Journal

Abstract:The Internet of Things (IoT) landscape is witnessing rapid growth, driven by continuous innovation and a simultaneous increase in cybersecurity threats. As these threats become more sophisticated, the imperative to fortify IoT devices against emerging vulnerabilities becomes increasingly pronounced. This research is motivated by the need for comprehensive IoT threat detection solutions that can effectively address the evolving threat landscape. Existing approaches often fall short in adapting to the dynamic nature of IoT environments and the increasing complexity of attacks. The core problem addressed in this research is the development of a novel Hybrid Convolutional Neural Network and Long Short-Term Memory (CNN-LSTM) architecture tailored for precise and efficient IoT threat detection. This architecture aims to overcome the limitations of existing methods and enhance the security of IoT ecosystems. Our study encompasses a detailed analysis of the proposed Hybrid CNN-LSTM model, leveraging data from diverse datasets, including IoT-23, N-BaIoT, and CICIDS2017. The proposed model is tested and validated on more than 14 attack types. We have designed this model to exhibit robust threat detection capabilities by effectively capturing and analyzing IoT security data. The outcomes of our research showcase remarkable accuracy, with the models achieving 95% accuracy on the IoT-23 dataset and an outstanding 99% accuracy on both the N-BaIoT and CICIDS2017 datasets. These findings underscore the model's adaptability to various IoT environments. Our research contributes a comprehensive Hybrid CNN-LSTM architecture that significantly enhances IoT threat detection. We introduce Principal Component Analysis (PCA) to optimize data processing and incorporate advanced optimization techniques like model quantization and pruning to improve deployment efficiency in resource-constrained IoT environments. This study lays the foundation for future advancements in bolstering IoT security.

Jie Yin,Xianda Wu,Junnan Wang,Kun Jia,Chaoge Liu,Yue Shi,Xiang Cui

DOI: https://doi.org/10.1007/978-3-030-78621-2_59

2021-01-01

Abstract:The vulnerabilities found in Internet of Things (IoT) devices have caused a large number of IoT devices being compromised and used as botnet platforms, which imposes a serious threat to the cyber security. In order to mitigate this threat, several network-based intrusion detection methods are proposed. While models and algorithms are important, so are the representative datasets and comprehensive feature vectors. In this paper, we firstly construct a botnet network traffic dataset by automatically monitoring some latest IoT botnet samples in our self-built experimental system. The dataset contains 17.5 GB network traffic which generated by 257 samples from 10 families. We can see the samples’ entire lifecycle, including installation, propagation, scanning, DDoS attacks, C&C and other typical botnet behaviors. Then, through an in-depth analysis of the collected dataset, we propose a set of feature vectors for detecting. Since we are from the perspective of samples’ entire lifecycle, our feature vectors provide more dimensions and is more expressive than existing works. To evaluate the effect of these feature vectors, we design a classification model based on machine learning, and run it on the constructed dataset and another public dataset. The experiment results demonstrate that the proposed feature vectors perform better on our dataset than on others, showing that the future IoT botnet detection model needs to face a longer botnet lifecycle and adopt more comprehensive feature vectors.

Hongyu Yang,Zelin Wang,Liang Zhang,Xiang Cheng

DOI: https://doi.org/10.1002/int.23074

IF: 8.993

2022-01-01

International Journal of Intelligent Systems

Abstract:The existing botnet detection methods have the problems of uneven sampling, poor feature selection, and weak generalization ability, resulting in low detection and classification results and poor adaptability to the internet of things (IoT) environment with limited computing and storage resources. This paper proposes an IoT botnet detection method using feature reconstruction and interval optimization to solve the above problems. Through the designed address triple and time window-based IP aggregation and feature reconstruction method (ATTW-IP-FR), the network traffic samples obtained from the IoT gateway are integrated, and the flow features are reconstructed to attain the reconstructed sample set. The proposed self-corrected hybrid weighted sampling algorithm balances the normal and botnet flow samples in the reconstructed sample set to get the resampling sample set. The introduced multiattribute decision-making and adjacency relation chain-based sequential forward selection algorithm is applied to eliminate the redundant features in the resampling sample set, and the optimal feature subset is obtained. The resampling sample set filtered by the optimal feature subset is detected and classified through the designed two-stage hybrid heterogeneous model optimized by the intermittent chaos and bald eagle search algorithm-based interval optimization algorithm. The experimental results show that the proposed method effectively detects the botnet in two real IoT scenarios. The detection accuracy is 99.17% $ \% $, the Matthews correlation coefficient is 98.35% $ \% $, the false positive rate is 0.25% $ \% $, and the false negative rate is 1.27% $ \% $, which are better than the existing methods. This method can effectively reduce sampling and feature selection time and space overhead and better adapt to the resource-constrained IoT environment.

Ruidong Chen,Weina Niu,Xiaosong Zhang,Zhongliu Zhuo,Fengmao Lv

DOI: https://doi.org/10.1155/2017/4934082

IF: 1.43

2017-01-01

Mathematical Problems in Engineering

Abstract:A botnet is one of the most grievous threats to network security since it can evolve into many attacks, such as Denial-of-Service (DoS), spam, and phishing. However, current detection methods are inefficient to identify unknown botnet. The high-speed network environment makes botnet detection more difficult. To solve these problems, we improve the progress of packet processing technologies such as New Application Programming Interface (NAPI) and zero copy and propose an efficient quasi-real-time intrusion detection system. Our work detects botnet using supervised machine learning approach under the high-speed network environment. Our contributions are summarized as follows: (1) Build a detection framework using PF_ RING for sniffing and processing network traces to extract flow features dynamically. (2) Use random forest model to extract promising conversation features. (3) Analyze the performance of different classification algorithms. The proposed method is demonstrated by well-known CTU13 dataset and nonmalicious applications. The experimental results show our conversation-based detection approach can identify botnet with higher accuracy and lower false positive rate than flow-based approach.

Zhou Shao,Sha Yuan,Yongli Wang

DOI: https://doi.org/10.1016/j.ins.2021.05.076

IF: 8.1

2021-01-01

Information Sciences

Abstract:With the number of Internet of Things (IoT) devices proliferating, the traffic volume of IoT-based attacks has shown a gradually increasing trend. The IoT botnet attack, which aims to commit real, efficient, and profitable cybercrimes, has become one of the most severe IoT threats. Applying traditional techniques to IoT is difficult due to its particular characteristics, such as resource-constrained devices, massive volumes of data, and real-time requirements. In this paper, we explore an adaptive online learning strategy for real-time IoT botnet attack detection. Furthermore, we operate the proposed adaptive strategy in conjunction with online ensemble learning. To evaluate the proposed strategy, we use real IoT traffic data, including benign traffic data and botnet traffic data infected by Mirai. In real-time IoT botnet attack detection, our experimental results demonstrate that the proposed adaptive online learning strategy achieves remarkable performance.

Xiaodong Zang,Jianbo Cao,Xinchang Zhang,Jian Gong,Guiqing Li

DOI: https://doi.org/10.1007/s11235-023-01073-7

2024-01-01

Telecommunication Systems

Abstract:Botnets are one of the major threats to network security nowadays. To carry out malicious actions remotely, they heavily rely on Command and Control channels. DGA-based botnets use a domain generation algorithm to generate a significant number of domain names. By analyzing the linguistic distinctions between legitimate and DGA-based domain names, traditional machine learning schemes obtain great benefits. However, it is difficult to identify the ones based on wordlists or pseudo-random generated. Accordingly, this paper proposes an efficient CNN-LSTM-based detection model (BotDetector) that uses only a set of simple-to-compute, easy-to-compute character features. We evaluate our model with two open-source benchmark datasets (360 netlab, Bambenek) and real DNS traffic from the China Education and Research Network. Experimental results demonstrate that our algorithm improves by 1.6 % in terms of accuracy and F1-score and reduces the computation time by 9.4 % compared to other state-of-the-art alternatives. Remarkably, our work can identify botnet’s covert communication channels that use domain names based on word lists or pseudo-random generation without any help of reverse engineering.

N. Sakthipriya,V. Govindasamy,V. Akila,Sakthipriya, N.

DOI: https://doi.org/10.1007/s12083-024-01657-3

IF: 3.488

2024-02-23

Peer-to-Peer Networking and Applications

Abstract:The "Internet of Things (IoT)" technology has been utilized in various industries in the past few years. As the IoT technology has diverse and small devices connected to it, IoT gadgets are vulnerable to several attacks. These networks are heterogeneous and big, making it difficult to handle the security of the overall network. The methods of upgrading these network security methods to combat different security assaults such as keylogging, denial of service, and man-in-the-middle are also difficult. Due to the network's heterogeneous nature and resource limitations, conventional high-end safety technologies are challenging to implement in IoT networks. Deep learning is an effective technique for identifying botnet attacks. However, the amount of internet activity required for this operation is typically substantial. Thus, implementing a deep learning technique in IoT devices with limited memory is practically difficult. Hence, this paper aims to decrease the dimensionality in the IoT network for efficient attack classification performance in memory constraint IoT devices using Conditional Adversarial Auto Encoder (CAAE) and generate realistic botnet traffic using CAAE to train the model. An efficient N-BaIoT Dataset are initially collected from the online datasets. The collected datasets are then given to the data cleaning process, which helps to avoid unnecessary information by refining essential data for attack detection. Further, the cleaned data is given to the CAAE, which is then incorporated for extracting efficient deep features in order to enhance the attack detection rate. Finally, the attack detection takes place with the extracted deep features, which are performed using the developed Dilated and Cascaded Recurrent Neural Network (DC-RNN) approach for accurately classifying the attacks in IoT devices. Throughout the analysis, the developed model shows 96%, 98%, 97%, and 96% in terms of accuracy, precision, F1-score, and recall. The research assessment is considered to analyze the suggested methods effectiveness by comparing it with conventional techniques.

computer science, information systems,telecommunications

Yixuan Wu,Laisen Nie,Shupeng Wang,Zhaolong Ning,Shengtao Li

DOI: https://doi.org/10.1109/jiot.2021.3112159

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:With the rapid advance of Internet of Things (IoT), it is difficult for cloud-centric computing to meet the requirements of low latency and ease of use. As an open and distributed system, edge computing integrates computing, networking, storage, and applications. It provides intelligent services on the edge of an IoT. The edge network is composed of various wireless and wired networks, and the computing and storage resources of edge nodes are limited. These conditions make the edge network expose to a variety of cyber attacks. Additionally, it is difficult for an IoT edge node to support large-scale network data collection and detection for IoT security. Although big data-enabled intrusion detection algorithms can ensure the high accuracy of intrusion detection systems, it is stressful for resource-limited edge nodes to implement those algorithms in IoT. Motivated by these challenges, we propose an intelligent intrusion detection algorithm implemented by big data mining based on a fuzzy rough set, generative adversarial network (GAN), and convolutional neural network (CNN). In our method, we first propose a fuzzy rough set-based algorithm to perform feature selection for big data via IoT. Then, we take advantage of the efficient feature extraction capabilities of CNN for implementing intrusion detection based on selected features. Furthermore, after combining CNN and GAN, we propose an intelligent algorithm to realize intrusion detection in a variety of scenarios. Finally, the proposed method is compared with existing methods for evaluation. Simulation results show that our method has up to 4% higher accuracy than existing methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ali Mehrban,Pegah Ahadian

DOI: https://doi.org/10.48550/arXiv.2312.17683

2024-02-04

Abstract:Malware detection in IoT environments necessitates robust methodologies. This study introduces a CNN-LSTM hybrid model for IoT malware identification and evaluates its performance against established methods. Leveraging K-fold cross-validation, the proposed approach achieved 95.5% accuracy, surpassing existing methods. The CNN algorithm enabled superior learning model construction, and the LSTM classifier exhibited heightened accuracy in classification. Comparative analysis against prevalent techniques demonstrated the efficacy of the proposed model, highlighting its potential for enhancing IoT security. The study advocates for future exploration of SVMs as alternatives, emphasizes the need for distributed detection strategies, and underscores the importance of predictive analyses for a more powerful IOT security. This research serves as a platform for developing more resilient security measures in IoT ecosystems.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Yufei An,F. Richard Yu,Ying He,Jianqiang Li,Jianyong Chen,Victor C.M. Leung

DOI: https://doi.org/10.1109/jiot.2024.3369852

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The rapid advancement and wide application of the Internet of Things technology (IoT) have brought unprecedented convenience to people’s production and life. A great number of devices are connected to the IoT network to provide various services for people, which also makes the IoT more vulnerable to various cyber-attacks. This paper designs a novel IoT web attack detection architecture, which combines the powerful knowledge expression ability and high interpretability of symbolic artificial intelligence (AI) with the adaptive learning ability of connectionist AI to form a closed loop of knowledge embedding and extraction, effectively improve the detection ability of web attacks. The architecture solves the “black box” feature of deep learning models and can obtain knowledge from the trained detection model and add it to the training process of the new model to improve detection capabilities. It also uses the advantages of blockchain technology to realize intelligent sharing between different detection systems, solve the problem of difficult detection model updates and training data acquisition “bottlenecks”. To better detect web attacks, we propose a semi-supervised learning method based on an interpretable convolutional neural network (CNN) to reduce misjudgments during self-training and improve detection accuracy. Additionally, we propose a new feature method to extract the features of web logs in IoT devices, which can help the system to detect web attacks in IoT more quickly and accurately. Simulation results on two different datasets show that the proposed architecture and method can effectively detect web attacks in IoT and reduce the false positive rate.

computer science, information systems,telecommunications,engineering, electrical & electronic

Khalil Ibrahimi,A. Benslimane,El-Mehdi Amhoud,Mohammed Jouhari,Hafsa Benaddi

DOI: https://doi.org/10.1109/GLOBECOM54140.2023.10437475

2023-12-04

Abstract:In the last few years, there has been a massive increase in Internet of Things (IoT) devices and the data generated from these appliances. Devices involved in IoT networks can be challenging because of their resource-constrained nature, and security integration's on these devices are frequently disregarded. This results in attackers targeting more IoT devices. Thus, as the number of possible attacks on a network increases, it becomes more difficult for traditional intrusion detection systems (IDS) to deal with these attacks effectively. This paper presents a hybrid deep learning-based approach, a one- dimensional convolutional neural network, and long short-term memory (1D CNN-LSTM) algorithm, for anomaly detection that harnesses the power of the IoT, providing qualities to efficiently examine all traffic across the IoT. The comprehensive study was conducted utilizing the Bot-IoT dataset extracted from real network traffic, consisting of benign and malicious variants. Then, the anomaly detection including binary and multi-decision categories has been performed. The experimental results highlighted the superiority of the proposed model with an accuracy of 99.20% and lower false alarm with 0.80% compared to single CNN-based IDS.

Engineering,Computer Science

Ruoyu Li,Qing Li,Yucheng Huang,Wenbin Zhang,Peican Zhu,Yong Jiang

DOI: https://doi.org/10.1007/978-3-031-17146-8_28

2022-01-01

Abstract:As the Internet of Things (IoT) plays an increasingly important role in real life, the concern about IoT malware and botnet attacks is considerably growing. Meanwhile, with new techniques such as edge computing and artificial intelligence applied to IoT networks, these devices nowadays become more functional than ever before, which challenges many existing network anomaly detection systems due to the lack of generalization ability to profile diverse activities. To address it, this paper proposes IoTEnsemble, an ensemble network anomaly detection framework. We propose a tree-based activity clustering method that aggregates network flows dedicated to the same activity so that their traffic patterns remain identical. Based on the clustering result, we implement an ensemble model in which each submodel only needs to profile a specific activity, which highly reduces the burden of a single model's generalization ability. For evaluation, we build a 57.1GB IoT dataset collected in 9 months composed of comprehensive normal and malicious traffic. Our evaluation proves that IoTEnsemble possesses a state-of-the-art detection performance on various IoT botnet malware and attack traffic, exhibiting a significantly better result than other baselines in a more intelligent and functional IoT network.

Xudong Dong,Chen Dong,Zhenyi Chen,Ye Cheng,Bo Chen

DOI: https://doi.org/10.1002/ett.3999

IF: 3.6

2020-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:The development of artificial intelligence has brought new methods for botnet detection. For better performance, deep learning (DL) is more and more widely employed to botnet detecting. The existing DL‐based botnet detection methods require lots of computing resources and running time. While in the real Internet of Things (IoT) environment, real‐time and low computing consumption are much needed. Therefore, the DL‐based methods seem to be powerless in real‐time IoT scenarios. For these reasons, this article proposes a botnet detection model based on extreme learning machine, named BotDetector, which can directly obtain network stream files and quickly learn without data processing to extract botnet traffic characteristics. Experiments show that BotDetector has a good performance, which can identify botnets accurately with great reduction the time consumption and resource consumption. Furthermore, BotDetector has strong applicability in real IoT scenes.