Armin Ziaie Tabari,Xinming Ou,Anoop Singhal

DOI: https://doi.org/10.48550/arXiv.2112.10974

2021-12-21

Abstract:The growing number of Internet of Things (IoT) devices makes it imperative to be aware of the real-world threats they face in terms of cybersecurity. While honeypots have been historically used as decoy devices to help researchers/organizations gain a better understanding of the dynamic of threats on a network and their impact, IoT devices pose a unique challenge for this purpose due to the variety of devices and their physical connections. In this work, by observing real-world attackers' behavior in a low-interaction honeypot ecosystem, we (1) presented a new approach to creating a multi-phased, multi-faceted honeypot ecosystem, which gradually increases the sophistication of honeypots' interactions with adversaries, (2) designed and developed a low-interaction honeypot for cameras that allowed researchers to gain a deeper understanding of what attackers are targeting, and (3) devised an innovative data analytics method to identify the goals of adversaries. Our honeypots have been active for over three years. We were able to collect increasingly sophisticated attack data in each phase. Furthermore, our data analytics points to the fact that the vast majority of attack activities captured in the honeypots share significant similarity, and can be clustered and grouped to better understand the goals, patterns, and trends of IoT attacks in the wild.

Cryptography and Security,Machine Learning

Zain Shamsi,Daniel Zhang,Daehyun Kyoung,Alex Liu

DOI: https://doi.org/10.48550/arXiv.2206.13614

2022-06-28

Abstract:Network honeypots are often used by information security teams to measure the threat landscape in order to secure their networks. With the advancement of honeypot development, today's medium-interaction honeypots provide a way for security teams and researchers to deploy these active defense tools that require little maintenance on a variety of protocols. In this work, we deploy such honeypots on five different protocols on the public Internet and study the intent and sophistication of the attacks we observe. We then use the information gained to develop a clustering approach that identifies correlations in attacker behavior to discover IPs that are highly likely to be controlled by a single operator, illustrating the advantage of using these honeypots for data collection.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Md Rashed Buiya,A K M Nuruzzaman Laskar,Md Rafiqul Islam,Sanjib Kumar Shil Sawalmeh,Muhammad Shoyaibur Rahman Chowdhury Roy,Reza E Rabbi Shawon Roy,Md Sumsuzoha

DOI: https://doi.org/10.32996/jcsts.2024.6.4.16

2024-10-18

Journal of Computer Science and Technology Studies

Abstract:The IoT is one of the most revolutionary technological advancements of the contemporary era, embedding networked devices into nearly every aspect of human life, from smart homes and wearables to industrial systems and healthcare applications in the U.S.A. The immediate need for better cybersecurity in the U.S.A. arises from the increasing sophistication and frequency of cyberattacks on IoT systems. Machine learning and AI have emerged as promising technologies to deal with the security challenges IoT systems pose. Unlike traditional rule-based systems, ML models learn from large datasets to identify deviations from the normal behavior pattern that signifies malicious activity. The prime objective of this research is to design, curate, evaluate, and deploy state-of-the-art machine learning models that improve the detection of cyberattacks over IoT network traffic. This research used a well-established dataset that emulates IoT network traffic consisting of benign and malicious activities. Benchmarks like the UNSW-NB15, CICIDS2017, and TON_IoT have been in extensive use by researchers in this domain because they contain a rich variety of network traffic created by various IoT devices and systems along with corresponding labels that classify normal and associated with specific types of cyberattacks: DDOS, MITM, and botnet attacks. Data preprocessing and cleaning ensured that the dataset was consistent, complete, and in a format that helps machine learning algorithms learn from it. Imputation techniques used the feature's mean/median/mode to handle missing values. In this research project, two machine learning algorithms were used in the experiment, notably, Logistic Regression and Random Forest. In this study, the machine learning algorithms used in the experiment undertaken for the current research project are Logistic Regression and Random Forest. The performance of Random Forest was superior to Logistic Regression in almost all metrics. While Logistic Regression provided a strong baseline, it struggled with detecting attacks, as evidenced by its lower recall and higher number of false negatives. This implied that Logistic Regression was less reliable in detecting cyberattacks, which could be critical in real-world cybersecurity settings. By contrast, Random Forest attained impressive accuracy and significantly diminished the number of false negatives. Its higher precision and recall demonstrate that it is better suited for detecting attacks in this dataset, offering a more reliable solution for cyberattack detection.

Peng Hui Li,Jie Xu,Zhong Yi Xu,Su Chen,Bo Wei Niu,Jie Yin,Xiao Feng Sun,Hao Liang Lan,Lu Lu Chen

DOI: https://doi.org/10.32604/cmc.2022.029969

2022-01-01

Abstract:At present, the severe network security situation has put forward high requirements for network security defense technology. In order to automate botnet threat warning, this paper researches the types and characteristics of Botnet. Botnet has special characteristics in attributes such as packets, attack time interval, and packet size. In this paper, the attack data is annotated by means of string recognition and expert screening. The attack features are extracted from the labeled attack data, and then use K-means for cluster analysis. The clustering results show that the same attack data has its unique characteristics, and the automatic identification of network attacks is realized based on these characteristics. At the same time, based on the collection and attribute extraction of Botnet attack data, this paper uses RF, GBM, XGBOOST and other machine learning models to test the warning results, and automatically analyzes the attack by importing attack data. In the early warning analysis results, the accuracy rates of different models are obtained. Through the descriptive values of the three accuracy rates of Accuracy, Precision, and F1_Score, the early warning effect of each model can be comprehensively displayed. Among the five algorithms used in this paper, three have an accuracy rate of over 90%. The three models with the highest accuracy are used in the early warning model. The research shows that cyberattacks can be accurately predicted. When this technology is applied to the protection system, accurate early warning can be given before a network attack is launched.

computer science, information systems,materials science, multidisciplinary

Ruoyu Li,Qing Li,Yucheng Huang,Wenbin Zhang,Peican Zhu,Yong Jiang

DOI: https://doi.org/10.1007/978-3-031-17146-8_28

2022-01-01

Abstract:As the Internet of Things (IoT) plays an increasingly important role in real life, the concern about IoT malware and botnet attacks is considerably growing. Meanwhile, with new techniques such as edge computing and artificial intelligence applied to IoT networks, these devices nowadays become more functional than ever before, which challenges many existing network anomaly detection systems due to the lack of generalization ability to profile diverse activities. To address it, this paper proposes IoTEnsemble, an ensemble network anomaly detection framework. We propose a tree-based activity clustering method that aggregates network flows dedicated to the same activity so that their traffic patterns remain identical. Based on the clustering result, we implement an ensemble model in which each submodel only needs to profile a specific activity, which highly reduces the burden of a single model's generalization ability. For evaluation, we build a 57.1GB IoT dataset collected in 9 months composed of comprehensive normal and malicious traffic. Our evaluation proves that IoTEnsemble possesses a state-of-the-art detection performance on various IoT botnet malware and attack traffic, exhibiting a significantly better result than other baselines in a more intelligent and functional IoT network.

Hayelom Gebrye,Yong Wang,Fagen Li

DOI: https://doi.org/10.1007/s13042-022-01765-7

2023-01-07

International Journal of Machine Learning and Cybernetics

Abstract:The fast expansion of the Internet of Things (IoT) networks raises the possibility of further network threats. In today's world, network traffic analysis has become an increasingly critical and useful tool for monitoring network traffic in general and analyzing attack patterns in particular. A few years ago, distributed denial-of-service attacks on IoT networks were considered the most pressing problem that needed to be addressed. The absence of high-quality datasets is one of the main obstacles to applying DDOS detection systems based on machine learning. Researchers have developed numerous methods to extract and analyze information from recorded files. From a literature review, it is clear that most of these tools share similar drawbacks. In this study, we proposed an intelligent raw network data extractor and labeler tool by incorporating the limitations of the tools that are available to transform PCAP to CSV. To generate and process a high-quality DDOS attack dataset suitable for machine learning models, we employed several data preprocessing operations on the selected network intrusion dataset. To confirm the validity and acceptability of the dataset, we tested different models. Among the models tested, the random forest was the most accurate in detecting the DDOS attack.

Ashish Koirala,Rabindra Bista,Joao C. Ferreira

DOI: https://doi.org/10.3390/fi15060210

2023-06-09

Future Internet

Abstract:The Internet of Things (IoT) shares the idea of an autonomous system responsible for transforming physical computational devices into smart ones. Contrarily, storing and operating information and maintaining its confidentiality and security is a concerning issue in the IoT. Throughout the whole operational process, considering transparency in its privacy, data protection, and disaster recovery, it needs state-of-the-art systems and methods to tackle the evolving environment. This research aims to improve the security of IoT devices by investigating the likelihood of network attacks utilizing ordinary device network data and attack network data acquired from similar statistics. To achieve this, IoT devices dedicated to smart healthcare systems were utilized, and botnet attacks were conducted on them for data generation. The collected data were then analyzed using statistical measures, such as the Pearson coefficient and entropy, to extract relevant features. Machine learning algorithms were implemented to categorize normal and attack traffic with data preprocessing techniques to increase accuracy. One of the most popular datasets, known as BoT-IoT, was cross-evaluated with the generated dataset for authentication of the generated dataset. The research provides insight into the architecture of IoT devices, the behavior of normal and attack networks on these devices, and the prospects of machine learning approaches to improve IoT device security. Overall, the study adds to the growing body of knowledge on IoT device security and emphasizes the significance of adopting sophisticated strategies for detecting and mitigating network attacks.

English Else

Gauri Kalnoor,S. Gowrishankar

DOI: https://doi.org/10.1007/s41870-021-00748-1

2021-09-24

International Journal of Information Technology

Abstract:Significant growth of smart home devices is adopted, which provides security, convenience, and energy efficiency for users, in recent years. As an instance, consider a secured smart camera that detects movements of unauthorized objects, whereas the fire accidents can be detected by smoke sensors. Though, a surface for new cyber threats is some of the most recent examples that are open up in this field. Furthermore, recent examples also show that the distributed denial of service (DDoS) attacks are performed by misusing the smart devices which are hacked violating the privacy rules. In this proposed work, the application of machine learning in an environment of smart homes is explored so that the anomalous activities that occur can be identified. The sensor data at the network level is trained using a model based on the Markov chain known as hidden Markov model (HMM) and is created using smart devices and multiple sensors from a testbed. The model generated using HMM achieves 97% accuracy while detecting potential anomalies where attacks are indicated. In this approach, we construct the model and differentiate the analysed results with existing techniques. The starting step for securing IoT networks is intrusion detection and the next step is the intruders prediction which provides an active defence against the incoming attacks. The model employs an algorithm that does not depend on specific domain knowledge. The work has achieved an improvement in prediction accuracy of 5% for an alert category over the current variable length methods of Markov chain intrusion prediction, as they provided information more for a possible defence. The DDoS attack is considered as a coordinated attack mainly carried out based on a large scale depending on whether the target system’s resources or services are available. Thus, the novel approach also describes a novel machine learning-based technique using an algorithm known as variational dynamic Bayesian algorithm which helps to obtain a HMM with the number of parameters and model states which are optimized for the prediction of a DDoS attack. This procedure conquers the speed of a moderate combination HMM approach.

Andrew Churcher,Rehmat Ullah,Jawad Ahmad,Sadaqat ur Rehman,Fawad Masood,Mandar Gogate,Fehaid Alqahtani,Boubakr Nour,William J. Buchanan

DOI: https://doi.org/10.3390/s21020446

2021-01-10

Abstract:In recent years, there has been a massive increase in the amount of Internet of Things (IoT) devices as well as the data generated by such devices. The participating devices in IoT networks can be problematic due to their resource-constrained nature, and integrating security on these devices is often overlooked. This has resulted in attackers having an increased incentive to target IoT devices. As the number of attacks possible on a network increases, it becomes more difficult for traditional intrusion detection systems (IDS) to cope with these attacks efficiently. In this paper, we highlight several machine learning (ML) methods such as k-nearest neighbour (KNN), support vector machine (SVM), decision tree (DT), naive Bayes (NB), random forest (RF), artificial neural network (ANN), and logistic regression (LR) that can be used in IDS. In this work, ML algorithms are compared for both binary and multi-class classification on Bot-IoT dataset. Based on several parameters such as accuracy, precision, recall, F1 score, and log loss, we experimentally compared the aforementioned ML algorithms. In the case of HTTP distributed denial-of-service (DDoS) attack, the accuracy of RF is 99%. Furthermore, other simulation results-based precision, recall, F1 score, and log loss metric reveal that RF outperforms on all types of attacks in binary classification. However, in multi-class classification, KNN outperforms other ML algorithms with an accuracy of 99%, which is 4% higher than RF.

Cryptography and Security,Machine Learning

Seungjin Lee,Azween Abdullah,Nz Jhanjhi,Sh Kok

DOI: https://doi.org/10.7717/peerj-cs.350

2021-01-25

PeerJ Computer Science

Abstract:The Industrial Revolution 4.0 began with the breakthrough technological advances in 5G, and artificial intelligence has innovatively transformed the manufacturing industry from digitalization and automation to the new era of smart factories. A smart factory can do not only more than just produce products in a digital and automatic system, but also is able to optimize the production on its own by integrating production with process management, service distribution, and customized product requirement. A big challenge to the smart factory is to ensure that its network security can counteract with any cyber attacks such as botnet and Distributed Denial of Service, They are recognized to cause serious interruption in production, and consequently economic losses for company producers. Among many security solutions, botnet detection using honeypot has shown to be effective in some investigation studies. It is a method of detecting botnet attackers by intentionally creating a resource within the network with the purpose of closely monitoring and acquiring botnet attacking behaviors. For the first time, a proposed model of botnet detection was experimented by combing honeypot with machine learning to classify botnet attacks. A mimicking smart factory environment was created on IoT device hardware configuration. Experimental results showed that the model performance gave a high accuracy of above 96%, with very fast time taken of just 0.1 ms and false positive rate at 0.24127 using random forest algorithm with Weka machine learning program. Hence, the honeypot combined machine learning model in this study was proved to be highly feasible to apply in the security network of smart factory to detect botnet attacks.

computer science, information systems, artificial intelligence, theory & methods

Asma Hassan Alshehri

DOI: https://doi.org/10.7717/peerj-cs.2257

2024-08-30

PeerJ Computer Science

Abstract:The Internet of Things (IoT) is revolutionizing diverse sectors like business, healthcare, and the military, but its widespread adoption has also led to significant security challenges. IoT networks, in particular, face increasing vulnerabilities due to the rapid proliferation of connected devices within smart infrastructures. Wireless sensor networks (WSNs) comprise software, gateways, and small sensors that wirelessly transmit and receive data. WSNs consist of two types of nodes: generic nodes with sensing capabilities and gateway nodes that manage data routing. These sensor nodes operate under constraints of limited battery power, storage capacity, and processing capabilities, exposing them to various threats, including wormhole attacks. This study focuses on detecting wormhole attacks by analyzing the connectivity details of network nodes. Machine learning (ML) techniques are proposed as effective solutions to address these modern challenges in wormhole attack detection within sensor networks. The base station employs two ML models, a support vector machine (SVM) and a deep neural network (DNN), to classify traffic data and identify malicious nodes in the network. The effectiveness of these algorithms is validated using traffic generated by the NS3.37 simulator and tested against real-world scenarios. Evaluation metrics such as average recall, false positive rates, latency, end-to-end delay, response time, throughput, energy consumption, and CPU utilization are used to assess the performance of the proposed models. Results indicate that the proposed model outperforms existing methods in terms of efficacy and efficiency.

computer science, information systems, artificial intelligence, theory & methods

Francesco Sanna Passino,Anastasia Mantziou,Daniyar Ghani,Philip Thiede,Ross Bevington,Nicholas A. Heard

2024-09-23

Abstract:Cyber-systems are under near-constant threat from intrusion attempts. Attacks types vary, but each attempt typically has a specific underlying intent, and the perpetrators are typically groups of individuals with similar objectives. Clustering attacks appearing to share a common intent is very valuable to threat-hunting experts. This article explores Dirichlet distribution topic models for clustering terminal session commands collected from honeypots, which are special network hosts designed to entice malicious attackers. The main practical implications of clustering the sessions are two-fold: finding similar groups of attacks, and identifying outliers. A range of statistical models are considered, adapted to the structures of command-line syntax. In particular, concepts of primary and secondary topics, and then session-level and command-level topics, are introduced into the models to improve interpretability. The proposed methods are further extended in a Bayesian nonparametric fashion to allow unboundedness in the vocabulary size and the number of latent intents. The methods are shown to discover an unusual MIRAI variant which attempts to take over existing cryptocurrency coin-mining infrastructure, not detected by traditional topic-modelling approaches.

Cryptography and Security,Applications

Valentino Crespi,Wes Hardaker,Sami Abu-El-Haija,Aram Galstyan

DOI: https://doi.org/10.48550/arXiv.2104.10232

2021-04-21

Abstract:Computer security has been plagued by increasing formidable, dynamic, hard-to-detect, hard-to-predict, and hard-to-characterize hacking techniques. Such techniques are very often deployed in self-propagating worms capable of automatically infecting vulnerable computer systems and then building large bot networks, which are then used to launch coordinated attacks on designated targets. In this work, we investigate novel applications of Natural Language Processing (NLP) methods to detect and correlate botnet behaviors through the analysis of honeypot data. In our approach we take observed behaviors in shell commands issued by intruders during captured internet sessions and reduce them to collections of stochastic processes that are, in turn, processed with machine learning techniques to build classifiers and predictors. Our technique results in a new ability to cluster botnet source IP address even in the face of their desire to obfuscate their penetration attempts through rapid or random permutation techniques.

Cryptography and Security

Liang Xiao,Xiaoyue Wan,Xiaozhen Lu,Yanyong Zhang,Di Wu

DOI: https://doi.org/10.48550/arXiv.1801.06275

2018-01-19

Abstract:Internet of things (IoT) that integrate a variety of devices into networks to provide advanced and intelligent services have to protect user privacy and address attacks such as spoofing attacks, denial of service attacks, jamming and eavesdropping. In this article, we investigate the attack model for IoT systems, and review the IoT security solutions based on machine learning techniques including supervised learning, unsupervised learning and reinforcement learning. We focus on the machine learning based IoT authentication, access control, secure offloading and malware detection schemes to protect data privacy. In this article, we discuss the challenges that need to be addressed to implement these machine learning based security schemes in practical IoT systems.

Cryptography and Security

Sergio Vidal-González,Isaías García-Rodríguez,Héctor Aláiz-Moretón,Carmen Benavides-Cuéllar,José Alberto Benítez-Andrades,María Teresa García-Ordás,Paulo Novais

DOI: https://doi.org/10.1007/978-3-030-45691-7_30

2020-01-01

Abstract:The increasing number of Internet of Things devices, and their limited built-in security, has led to a scenario where many of the most powerful and dangerous botnets nowadays are comprised of these type of compromised devices, being the source of the most important distributed denial of service attacks in history. This work proposes a solution for monitoring and studying IoT-based botnet malware activity by using a distributed system of low interaction honeypots implementing Telnet and SSH remote access services, that are used to manage the majority of IoT devices in the home environment like routers, cameras, printers and other appliances. The solution captures and displays real-time data coming from different honeypots at different locations worldwide, allowing the logging and study of the different connections and attack methodologies, and obtaining samples of the distributed malware. All the information gathered is stored for later analysis and categorization, resulting in a low-cost and relatively simple threat information and forecasting system regarding IoT botnets.

Zijing Yin,Yiwen Xu,Chijin Zhou,Yu Jiang

DOI: https://doi.org/10.1145/3551349.3556901

2022-01-01

Abstract:IoT devices have been under frequent attacks in recent years, causing severe impacts. Previous research has shown the evolution and features of some specific IoT malware families or stages of IoT attacks through offline sample analysis. However, we still lack a systematic observation of various system resources abused by active attackers and the malicious intentions behind these behaviors. This makes it difficult to design appropriate protection strategies to defend against existing attacks and possible future variants. In this paper, we fill this gap by analyzing 117,862 valid attack sessions captured by our dedicated high-interaction IoT honeypot, HoneyAsclepius, and further discover the intentions in our designed workflow. HoneyAsclepius enables high capture capability as well as continuous behavior monitoring during active attack sessions in real-time. Through a large-scale deployment, we collected 11,301,239 malicious behaviors originating from 50,594 different attackers. Based on this information, we further separate the behaviors in different attack sessions targeting distinct categories of system resources, estimate the temporal relations and summarize their malicious intentions behind. Inspired by such investigations, we present several key insights about abusive behaviors of the file, network, process, and special capability resources, and further propose practical defense strategies to better protect IoT devices.

Dawit Dejene Bikila,Jan Čapek

DOI: https://doi.org/10.1016/j.future.2024.107630

IF: 7.307

2024-12-03

Future Generation Computer Systems

Abstract:The number of Internet of Things (IoT) device connections is increasing rapidly as IoT applications are vital in any operation. IoT must maintain safe internet access that withstands various malicious attacks for instance Recon, Mirai, Distributed Denial of Service (DDoS), and Spoofing which has gained much attention. Intelligently changing and zero-day attacks are emerging every day. This highlights the need for intelligent security solutions tailored specifically to this technology. Various Machine Learning (ML) based approaches have been utilized for intrusion detection to tackle IoT attacks. However, the flaws of current attack detection and feature extraction techniques result in low detection accuracy. Thus, it hindered their real-world applications and highlighted the need for a lightweight and computationally robust model trained and assessed on a recent datasets. Therefore, this work proposed an attack detection model trained and validated using the CICIoT2023 and CICIDS2017 datasets. Initially, data preprocessing is done then features are extracted by using an unsupervised Elastic Deep Autoencoder (EDA) with optimum hyperparameters. Further, the Extreme Gradient Boosting (XGBoost) binary classifier is tuned by the Grey Wolf Optimizer (GWO) and fed extracted feature sets to classify attacks. The results of the experiments show the effectiveness of our model with a higher detection accuracy in both datasets. Finally, the performance comparison confirmed that the results of the proposed work is competitive with other state-of-the-art method in securing IoT infrastructures.

computer science, theory & methods

Hojun Jin,GyuHyun Jeon,Hee Won Aneka Choi,Seungho Jeon,Jung Taek Seo

DOI: https://doi.org/10.1016/j.heliyon.2024.e39192

IF: 3.776

2024-10-15

Heliyon

Abstract:Internet of Things (IoT) devices are much closer to users than personal computers used in traditional computing environments. Due to prevalence of IoT devices, even if they are compromised and used in attacks, it is difficult to detect and respond to them. Currently, there has been extensive research on threat modeling for cyberattacks. However, there remains a significant gap in research concerning threat modeling for attacks specially targeting IoT devices within the fifth-generation communication environment. In this paper, we present IoT Targeting-Threat Modeling(I3TM) framework established by analyzing botnets that are appeared before 2021 such as Mirai, Pink etc. Through this framework, we identify tactics and techniques to respond to the attacks. Using the identified tactics and techniques from our proposed framework, we can promptly respond to the newly detected attacks. We constructed a Threat Modeling Framework Keyword-Based Metrics to show extracted keywords from reports, academic papers, and white paper that identifies the features of botnet. We also provide an objective way to apply those keywords to the framework. Our framework is organized to analyze the attack process of botnets that may occur against IoT. The framework derives execution for each tactic for objective analysis based on keywords. In the validation for the framework, I3TM identified eight Tactics from Medusa botnet. If the application of the I3TM framework is continuously accumulated, a baseline of similar attack methods and data will be formed. In future research, we are planning to append mitigations for the attacks targeting IoT to the I3TM framework.

Dr. S. Smys,Dr. Haoxiang Wang,Dr. Abul Basar

DOI: https://doi.org/10.36548/JISMAC.2020.4.002

2020-09-30

DECEMBER

Abstract:Internet of things (IoT) is a promising solution to connect and access every device through internet. Every day the device count increases with large diversity in shape, size, usage and complexity. Since IoT drive the world and changes people lives with its wide range of services and applications. However, IoT provides numerous services through applications, it faces severe security issues and vulnerable to attacks such as sinkhole attack, eaves dropping, denial of service attacks, etc., Intrusion detection system is used to detect such attacks when the network security is breached. This research work proposed an intrusion detection system for IoT network and detect different types of attacks based on hybrid convolutional neural network model. Proposed model is suitable for wide range of IoT applications. Proposed research work is validated and compared with conventional machine learning and deep learning model. Experimental result demonstrate that proposed hybrid model is more sensitive to attacks in the IoT network.

Computer Science,Engineering

Fatma Zafar,Shivank Soni

DOI: https://doi.org/10.24113/ijoscience.v10i3.513

2024-03-28

SMART MOVES JOURNAL IJOSCIENCE

Abstract:This paper presents a comprehensive approach to botnet detection in Internet of Things (IoT) networks through the development and evaluation of a Generative Adversarial Network (GAN) augmented machine learning model. The methodology encompasses a multi-step process, starting with data collection and pre-processing, including feature extraction, normalization, and handling missing values. To address the challenge of data imbalance, a novel application of GANs is proposed. For classification of network traffic into botnet and legitimate traffic is performed using xgboost. The performance of the proposed model is rigorously evaluated using the N-BaIoT dataset, demonstrating its effectiveness through high accuracy, precision, recall, and F1-score metrics. The results indicate significant improvements over existing models, showcasing the potential of the proposed methodology in enhancing IoT network security against botnet threats.