Abdelaziz Amara korba,Aleddine Diaf,Yacine Ghamri-Doudane

2024-07-22

Abstract:In the rapidly evolving landscape of cyber threats targeting the Internet of Things (IoT) ecosystem, and in light of the surge in botnet-driven Distributed Denial of Service (DDoS) and brute force attacks, this study focuses on the early detection of IoT bots. It specifically addresses the detection of stealth bot communication that precedes and orchestrates attacks. This study proposes a comprehensive methodology for analyzing IoT network traffic, including considerations for both unidirectional and bidirectional flow, as well as packet formats. It explores a wide spectrum of network features critical for representing network traffic and characterizing benign IoT traffic patterns effectively. Moreover, it delves into the modeling of traffic using various semi-supervised learning techniques. Through extensive experimentation with the IoT-23 dataset - a comprehensive collection featuring diverse botnet types and traffic scenarios - we have demonstrated the feasibility of detecting botnet traffic corresponding to different operations and types of bots, specifically focusing on stealth command and control (C2) communications. The results obtained have demonstrated the feasibility of identifying C2 communication with a 100% success rate through packet-based methods and 94% via flow based approaches, with a false positive rate of 1.53%.

Cryptography and Security,Artificial Intelligence

Ruoyu Li,Qing Li,Yucheng Huang,Wenbin Zhang,Peican Zhu,Yong Jiang

DOI: https://doi.org/10.1007/978-3-031-17146-8_28

2022-01-01

Abstract:As the Internet of Things (IoT) plays an increasingly important role in real life, the concern about IoT malware and botnet attacks is considerably growing. Meanwhile, with new techniques such as edge computing and artificial intelligence applied to IoT networks, these devices nowadays become more functional than ever before, which challenges many existing network anomaly detection systems due to the lack of generalization ability to profile diverse activities. To address it, this paper proposes IoTEnsemble, an ensemble network anomaly detection framework. We propose a tree-based activity clustering method that aggregates network flows dedicated to the same activity so that their traffic patterns remain identical. Based on the clustering result, we implement an ensemble model in which each submodel only needs to profile a specific activity, which highly reduces the burden of a single model's generalization ability. For evaluation, we build a 57.1GB IoT dataset collected in 9 months composed of comprehensive normal and malicious traffic. Our evaluation proves that IoTEnsemble possesses a state-of-the-art detection performance on various IoT botnet malware and attack traffic, exhibiting a significantly better result than other baselines in a more intelligent and functional IoT network.

Ahsan Nazir,Jingsha He,Nafei Zhu,Xiangjun Ma,Faheem Ullah,Siraj Uddin Qureshi,Ahsan Wajahat

DOI: https://doi.org/10.1145/3672919.3672934

2024-01-01

Abstract:The rapid expansion of Internet of Things (IoT) devices has led to an escalation in security vulnerabilities, particularly concerning botnet attacks. Securing IoT networks against botnet threats is paramount to preserving network integrity and safeguarding sensitive data. Despite advancements in security measures, traditional methods often fall short in effectively detecting and mitigating botnet activity in IoT environments. There is a pressing need for robust and adaptive detection mechanisms capable of accurately identifying botnet behavior amidst the complexity of IoT network traffic. This research addresses the challenge of botnet detection in IoT networks, aiming to develop an effective and scalable solution that can accurately discern between benign and IoT botnets. To address this problem, we propose the use of ensemble learning techniques for the IoT botnet detection. Leveraging the N-BaIoT dataset, which offers real-world IoT traffic data, we apply the Voting Classifier to nine distinct IoT devices and evaluate its performance against key metrics such as accuracy, precision, recall, and F1 score. Our experiments demonstrate the effectiveness of the proposed ensemble approach, achieving high accuracy with an average accuracy rate of 99.3%. Furthermore, the ensemble method exhibits strong precision, recall, and F1 scores across various IoT device types, underscoring its efficacy in accurately discerning botnet activity. This research contributes to the advancement of botnet detection in IoT networks by introducing an ensemble-based approach that offers robust and adaptive detection capabilities. Our findings highlight the potential of ensemble learning techniques in enhancing security measures in IoT environments.

Yining Pang,Chenghan Li

2024-12-11

Abstract:With the proliferation of the Internet and smart devices, IoT technology has seen significant advancements and has become an integral component of smart homes, urban security, smart logistics, and other sectors. IoT facilitates real-time monitoring of critical production indicators, enabling businesses to detect potential quality issues, anticipate equipment malfunctions, and refine processes, thereby minimizing losses and reducing costs. Furthermore, IoT enhances real-time asset tracking, optimizing asset utilization and management. However, the expansion of IoT has also led to a rise in cybercrimes, with devices increasingly serving as vectors for malicious attacks. As the number of IoT devices grows, there is an urgent need for robust network security measures to counter these escalating threats. This paper introduces a deep learning model incorporating LSTM and attention mechanisms, a pivotal strategy in combating cybercrime in IoT networks. Our experiments, conducted on datasets including IoT-23, BoT-IoT, IoT network intrusion, MQTT, and MQTTset, demonstrate that our proposed method outperforms existing baselines.

Cryptography and Security,Machine Learning

Morteza Safaei Pour,Antonio Mangino,Kurt Friday,Matthias Rathbun,Elias Bou-Harb,Farkhund Iqbal,Sagar Samtani,Jorge Crichigno,Nasir Ghani

DOI: https://doi.org/10.1016/j.cose.2019.101707

2020-04-01

Abstract:The insecurity of the Internet-of-Things (IoT) paradigm continues to wreak havoc in consumer and critical infrastructures. The highly heterogeneous nature of IoT devices and their widespread deployments has led to the rise of several key security and measurement-based challenges, significantly crippling the process of collecting, analyzing and correlating IoT-centric data. To this end, this paper explores macroscopic, passive empirical data to shed light on this evolving threat phenomena. The proposed work aims to classify and infer Internet-scale compromised IoT devices by solely observing one-way network traffic, while also uncovering, reporting and thoroughly analyzing "in the wild" IoT botnets. To prepare a relevant dataset, a novel probabilistic model is developed to cleanse unrelated traffic by removing noise samples (i.e., misconfigured network traffic). Subsequently, several shallow and deep learning models are evaluated in an effort to train an effective multi-window convolutional neural network. By leveraging active and passing measurements when generating the training dataset, the neural network aims to accurately identify compromised IoT devices. Consequently, to infer orchestrated and unsolicited activities that have been generated by well-coordinated IoT botnets, hierarchical agglomerative clustering is employed by scrutinizing a set of innovative and efficient network feature sets. Analyzing 3.6 TB of recently captured darknet traffic revealed a momentous 440,000 compromised IoT devices and generated evidence-based artifacts related to 350 IoT botnets. Moreover, by conducting thorough analysis of such inferred campaigns, we reveal their scanning behaviors, packet inter-arrival times, employed rates and geo-distributions. Although several campaigns exhibit significant differences in these aspects, some are more distinguishable; by being limited to specific geo-locations or by executing scans on random ports besides their core targets. While many of the inferred botnets belong to previously documented campaigns such as Hide and Seek, Hajime and Fbot, newly discovered events portray the evolving nature of such IoT threat phenomena by demonstrating growing cryptojacking capabilities or by targeting industrial control services. To motivate empirical (and operational) IoT cyber security initiatives as well as aid in reproducibility of the obtained results, we make the source codes of all the developed methods and techniques available to the research community at large.

computer science, information systems

N. Sakthipriya,V. Govindasamy,V. Akila,Sakthipriya, N.

DOI: https://doi.org/10.1007/s12083-024-01657-3

IF: 3.488

2024-02-23

Peer-to-Peer Networking and Applications

Abstract:The "Internet of Things (IoT)" technology has been utilized in various industries in the past few years. As the IoT technology has diverse and small devices connected to it, IoT gadgets are vulnerable to several attacks. These networks are heterogeneous and big, making it difficult to handle the security of the overall network. The methods of upgrading these network security methods to combat different security assaults such as keylogging, denial of service, and man-in-the-middle are also difficult. Due to the network's heterogeneous nature and resource limitations, conventional high-end safety technologies are challenging to implement in IoT networks. Deep learning is an effective technique for identifying botnet attacks. However, the amount of internet activity required for this operation is typically substantial. Thus, implementing a deep learning technique in IoT devices with limited memory is practically difficult. Hence, this paper aims to decrease the dimensionality in the IoT network for efficient attack classification performance in memory constraint IoT devices using Conditional Adversarial Auto Encoder (CAAE) and generate realistic botnet traffic using CAAE to train the model. An efficient N-BaIoT Dataset are initially collected from the online datasets. The collected datasets are then given to the data cleaning process, which helps to avoid unnecessary information by refining essential data for attack detection. Further, the cleaned data is given to the CAAE, which is then incorporated for extracting efficient deep features in order to enhance the attack detection rate. Finally, the attack detection takes place with the extracted deep features, which are performed using the developed Dilated and Cascaded Recurrent Neural Network (DC-RNN) approach for accurately classifying the attacks in IoT devices. Throughout the analysis, the developed model shows 96%, 98%, 97%, and 96% in terms of accuracy, precision, F1-score, and recall. The research assessment is considered to analyze the suggested methods effectiveness by comparing it with conventional techniques.

computer science, information systems,telecommunications

Rongrong Jiang,Zhengqiu Weng,Lili Shi,Erxuan Weng,Hongmei Li,Weiqiang Wang,Tiantian Zhu,Wuzhao Li

DOI: https://doi.org/10.1002/cpe.8258

2024-08-17

Concurrency and Computation Practice and Experience

Abstract:Summary With the development of the Internet of Things (IoT), the number of terminal devices is rapidly growing and at the same time, their security is facing serious challenges. For the industrial control system, there are challenges in detecting and preventing botnet. Traditional detection methods focus on capturing and reverse analyzing the botnet programs first and then parsing the extracted features from the malicious code or attacks. However, their accuracy is very low and their latency is relatively high. Moreover, they sometimes even cannot recognize the unknown botnets. The machine learning based detection methods rely on manual feature engineering and have a weak generalization. The deep learning‐based methods mostly rely on the system log, which does not take into account the multisource information such as traffic. To address the above issues, from the perspective of the botnet features, this paper proposes an intelligent detection method over parallel CNN‐LSTM, integrating the spatial and temporal features to identify botnets. Experimental demonstrate that the accuracy, recall, and F1‐score of our proposed method achieve up to over 98%, and the precision, 97.8%, is not the highest but reasonable. It reveals compared with the existing start‐of‐the‐art methods, our proposed method outperforms in the botnet detection. Our methodology's strength lies in its ability to harness the multifaceted information present in IoT traffic, offering a more nuanced and comprehensive analysis. The parallel CNN‐LSTM architecture ensures that spatial and temporal data are processed concurrently, preserving the integrity of the information and enabling a more robust detection mechanism. The result is a detection system that not only performs exceptionally well in a controlled environment but also holds promise for real‐world application, where the rapid and accurate identification of botnets is paramount.

computer science, theory & methods, software engineering

Khalid Alissa,Tahir Alyas,Kashif Zafar,Qaiser Abbas,Nadia Tabassum,Shadman Sakib

DOI: https://doi.org/10.1155/2022/4515642

2022-10-04

Abstract:There are an increasing number of Internet of Things (IoT) devices connected to the network these days, and due to the advancement in technology, the security threads and cyberattacks, such as botnets, are emerging and evolving rapidly with high-risk attacks. These attacks disrupt IoT transition by disrupting networks and services for IoT devices. Many recent studies have proposed ML and DL techniques for detecting and classifying botnet attacks in the IoT environment. This study proposes machine learning methods for classifying binary classes. This purpose is served by using the publicly available dataset UNSW-NB15. This dataset resolved a class imbalance problem using the SMOTE-OverSampling technique. A complete machine learning pipeline was proposed, including exploratory data analysis, which provides detailed insights into the data, followed by preprocessing. During this process, the data passes through six fundamental steps. A decision tree, an XgBoost model, and a logistic regression model are proposed, trained, tested, and evaluated on the dataset. In addition to model accuracy, F1-score, recall, and precision are also considered. Based on all experiments, it is concluded that the decision tree outperformed with 94% test accuracy.

Qasem Abu Al-Haija,Mu’awya Al-Dala’ien

DOI: https://doi.org/10.3390/jsan11010018

2022-03-09

Journal of Sensor and Actuator Networks

Abstract:Due to the prompt expansion and development of intelligent systems and autonomous, energy-aware sensing devices, the Internet of Things (IoT) has remarkably grown and obstructed nearly all applications in our daily life. However, constraints in computation, storage, and communication capabilities of IoT devices has led to an increase in IoT-based botnet attacks. To mitigate this threat, there is a need for a lightweight and anomaly-based detection system that can build profiles for normal and malicious activities over IoT networks. In this paper, we propose an ensemble learning model for botnet attack detection in IoT networks called ELBA-IoT that profiles behavior features of IoT networks and uses ensemble learning to identify anomalous network traffic from compromised IoT devices. In addition, our IoT-based botnet detection approach characterizes the evaluation of three different machine learning techniques that belong to decision tree techniques (AdaBoosted, RUSBoosted, and bagged). To evaluate ELBA-IoT, we used the N-BaIoT-2021 dataset, which comprises records of both normal IoT network traffic and botnet attack traffic of infected IoT devices. The experimental results demonstrate that our proposed ELBA-IoT can detect the botnet attacks launched from the compromised IoT devices with high detection accuracy (99.6%) and low inference overhead (40 μ-seconds). We also contrast ELBA-IoT results with other state-of-the-art results and demonstrate that ELBA-IoT is superior.

Majda Wazzan,Daniyal Algazzawi,Aiiad Albeshri,Syed Hasan,Osama Rabie,Muhammad Zubair Asghar

DOI: https://doi.org/10.3390/s22103895

2022-05-20

Abstract:In recent times, organisations in a variety of businesses, such as healthcare, education, and others, have been using the Internet of Things (IoT) to produce more competent and improved services. The widespread use of IoT devices makes our lives easier. On the other hand, the IoT devices that we use suffer vulnerabilities that may impact our lives. These unsafe devices accelerate and ease cybersecurity attacks, specifically when using a botnet. Moreover, restrictions on IoT device resources, such as limitations in power consumption and the central processing unit and memory, intensify this issue because they limit the security techniques that can be used to protect IoT devices. Fortunately, botnets go through different stages before they can start attacks, and they can be detected in the early stage. This research paper proposes a framework focusing on detecting an IoT botnet in the early stage. An empirical experiment was conducted to investigate the behaviour of the early stage of the botnet, and then a baseline machine learning model was implemented for early detection. Furthermore, the authors developed an effective detection method, namely, Cross CNN_LSTM, to detect the IoT botnet based on using fusion deep learning models of a convolutional neural network (CNN) and long short-term memory (LSTM). According to the conducted experiments, the results show that the suggested model is accurate and outperforms some of the state-of-the-art methods, and it achieves 99.7 accuracy. Finally, the authors developed a kill chain model to prevent IoT botnet attacks in the early stage.

Bruno Miller,Xihui Zhang

DOI: https://doi.org/10.48009/3_iis_2020_168-178

2020-01-01

Issues in Information Systems

Abstract:As the Internet of Things (IoT) becomes ubiquitous and cybersecurity attacks rapidly evolve, IoT devices must be secured.Their infection can lead to compromised networks, stolen information, service disruptions, and botnet attacks.Botnet attacks, such as Distributed Denial of Service (DDoS), strengthen with larger numbers of devices and IoT devices make great targets for this reason.As IoT devices grow in number, the strength and risk of these massive attacks grow.Infamous botnet attacks, such as Mirai, have proven this to be a serious threat.IoT security faces unique challenges including detection difficulties, device limitations, and user attitudes and education.This paper reviews and analyzes 21 articles providing information on tools and techniques for securing IoT devices against these threats.A multi-layer approach to IoT-botnet detection and prevention is suggested consisting of: the outer layer consisting of ISP architecture; the middle layer consisting of advanced detection methods and DDoS detection and mitigation; and the inner layer consisting of user attitudes, education, and security best practices.By addressing security challenges at multiple points along the botnet lifecycle and within each layer, our proposed approach provides a holistic strategy for detecting and preventing botnet attacks.

Ayush Kumar,Teng Joon Lim

DOI: https://doi.org/10.48550/arXiv.1901.04805

2019-12-13

Abstract:The widespread adoption of Internet of Things has led to many security issues. Recently, there have been malware attacks on IoT devices, the most prominent one being that of Mirai. IoT devices such as IP cameras, DVRs and routers were compromised by the Mirai malware and later large-scale DDoS attacks were propagated using those infected devices (bots) in October 2016. In this research, we develop a network-based algorithm which can be used to detect IoT bots infected by Mirai or similar malware in large-scale networks (e.g. ISP network). The algorithm particularly targets bots scanning the network for vulnerable devices since the typical scanning phase for botnets lasts for months and the bots can be detected much before they are involved in an actual attack. We analyze the unique signatures of the Mirai malware to identify its presence in an IoT device. The prospective deployment of our bot detection solution is discussed next along with the countermeasures which can be taken post detection. Further, to optimize the usage of computational resources, we use a two-dimensional (2D) packet sampling approach, wherein we sample the packets transmitted by IoT devices both across time and across the devices. Leveraging the Mirai signatures identified and the 2D packet sampling approach, a bot detection algorithm is proposed. Subsequently, we use testbed measurements and simulations to study the relationship between bot detection delays and the sampling frequencies for device packets. Finally, we derive insights from the obtained results and use them to design our proposed bot detection algorithm.

Cryptography and Security

Jie Yin,Xianda Wu,Junnan Wang,Kun Jia,Chaoge Liu,Yue Shi,Xiang Cui

DOI: https://doi.org/10.1007/978-3-030-78621-2_59

2021-01-01

Abstract:The vulnerabilities found in Internet of Things (IoT) devices have caused a large number of IoT devices being compromised and used as botnet platforms, which imposes a serious threat to the cyber security. In order to mitigate this threat, several network-based intrusion detection methods are proposed. While models and algorithms are important, so are the representative datasets and comprehensive feature vectors. In this paper, we firstly construct a botnet network traffic dataset by automatically monitoring some latest IoT botnet samples in our self-built experimental system. The dataset contains 17.5 GB network traffic which generated by 257 samples from 10 families. We can see the samples’ entire lifecycle, including installation, propagation, scanning, DDoS attacks, C&C and other typical botnet behaviors. Then, through an in-depth analysis of the collected dataset, we propose a set of feature vectors for detecting. Since we are from the perspective of samples’ entire lifecycle, our feature vectors provide more dimensions and is more expressive than existing works. To evaluate the effect of these feature vectors, we design a classification model based on machine learning, and run it on the constructed dataset and another public dataset. The experiment results demonstrate that the proposed feature vectors perform better on our dataset than on others, showing that the future IoT botnet detection model needs to face a longer botnet lifecycle and adopt more comprehensive feature vectors.

Hongyu Yang,Zelin Wang,Liang Zhang,Xiang Cheng

DOI: https://doi.org/10.1002/int.23074

IF: 8.993

2022-01-01

International Journal of Intelligent Systems

Abstract:The existing botnet detection methods have the problems of uneven sampling, poor feature selection, and weak generalization ability, resulting in low detection and classification results and poor adaptability to the internet of things (IoT) environment with limited computing and storage resources. This paper proposes an IoT botnet detection method using feature reconstruction and interval optimization to solve the above problems. Through the designed address triple and time window-based IP aggregation and feature reconstruction method (ATTW-IP-FR), the network traffic samples obtained from the IoT gateway are integrated, and the flow features are reconstructed to attain the reconstructed sample set. The proposed self-corrected hybrid weighted sampling algorithm balances the normal and botnet flow samples in the reconstructed sample set to get the resampling sample set. The introduced multiattribute decision-making and adjacency relation chain-based sequential forward selection algorithm is applied to eliminate the redundant features in the resampling sample set, and the optimal feature subset is obtained. The resampling sample set filtered by the optimal feature subset is detected and classified through the designed two-stage hybrid heterogeneous model optimized by the intermittent chaos and bald eagle search algorithm-based interval optimization algorithm. The experimental results show that the proposed method effectively detects the botnet in two real IoT scenarios. The detection accuracy is 99.17% $ \% $, the Matthews correlation coefficient is 98.35% $ \% $, the false positive rate is 0.25% $ \% $, and the false negative rate is 1.27% $ \% $, which are better than the existing methods. This method can effectively reduce sampling and feature selection time and space overhead and better adapt to the resource-constrained IoT environment.

Mir Shahnawaz Ahmed,Shahid Mehraj Shah

DOI: https://doi.org/10.48550/arXiv.2207.07903

2022-07-16

Abstract:The Internet of Things (IoT) has altered living by controlling devices/things over the Internet. IoT has specified many smart solutions for daily problems, transforming cyber-physical systems (CPS) and other classical fields into smart regions. Most of the edge devices that make up the Internet of Things have very minimal processing power. To bring down the IoT network, attackers can utilise these devices to conduct a variety of network attacks. In addition, as more and more IoT devices are added, the potential for new and unknown threats grows exponentially. For this reason, an intelligent security framework for IoT networks must be developed that can identify such threats. In this paper, we have developed an unsupervised ensemble learning model that is able to detect new or unknown attacks in an IoT network from an unlabelled dataset. The system-generated labelled dataset is used to train a deep learning model to detect IoT network attacks. Additionally, the research presents a feature selection mechanism for identifying the most relevant aspects in the dataset for detecting attacks. The study shows that the suggested model is able to identify the unlabelled IoT network datasets and DBN (Deep Belief Network) outperform the other models with a detection accuracy of 97.5% and a false alarm rate of 2.3% when trained using labelled dataset supplied by the proposed approach.

Information Theory,Cryptography and Security,Machine Learning

Yantian Luo,Hancun Sun,Xu Chen,Ning Ge,Wei Feng,Jianhua Lu

DOI: https://doi.org/10.23919/jcc.fa.2022-0783.202304

2023-01-01

China Communications

Abstract:In the upcoming large-scale Internet of Things (IoT), it is increasingly challenging to defend against malicious traffic, due to the heterogeneity of IoT devices and the diversity of IoT communication protocols. In this paper, we propose a semi-supervised learning-based approach to detect malicious traffic at the access side. It overcomes the resource-bottleneck problem of traditional malicious traffic defenders which are deployed at the victim side, and also is free of labeled traffic data in model training. Specifically, we design a coarse-grained behavior model of IoT devices by self-supervised learning with unlabeled traffic data. Then, we fine-tune this model to improve its accuracy in malicious traffic detection by adopting a transfer learning method using a small amount of labeled data. Experimental results show that our method can achieve the accuracy of 99.52% and the F1-score of 99.52% with only 1% of the labeled training data based on the CICDDoS2019 dataset. Moreover, our method outperforms the state-of-the-art supervised learning-based methods in terms of accuracy, precision, recall and F1-score with 1% of the training data.

Ashley Woodiss-Field,Michael N. Johnstone,Paul Haskell-Dowland

DOI: https://doi.org/10.3390/s24031027

IF: 3.9

2024-02-06

Sensors

Abstract:A botnet is a collection of Internet-connected computers that have been suborned and are controlled externally for malicious purposes. Concomitant with the growth of the Internet of Things (IoT), botnets have been expanding to use IoT devices as their attack vectors. IoT devices utilise specific protocols and network topologies distinct from conventional computers that may render detection techniques ineffective on compromised IoT devices. This paper describes experiments involving the acquisition of several traditional botnet detection techniques, BotMiner, BotProbe, and BotHunter, to evaluate their capabilities when applied to IoT-based botnets. Multiple simulation environments, using internally developed network traffic generation software, were created to test these techniques on traditional and IoT-based networks, with multiple scenarios differentiated by the total number of hosts, the total number of infected hosts, the botnet command and control (CnC) type, and the presence of aberrant activity. Externally acquired datasets were also used to further test and validate the capabilities of each botnet detection technique. The results indicated, contrary to expectations, that BotMiner and BotProbe were able to detect IoT-based botnets—though they exhibited certain limitations specific to their operation. The results show that traditional botnet detection techniques are capable of detecting IoT-based botnets and that the different techniques may offer capabilities that complement one another.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xudong Dong,Chen Dong,Zhenyi Chen,Ye Cheng,Bo Chen

DOI: https://doi.org/10.1002/ett.3999

IF: 3.6

2020-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:The development of artificial intelligence has brought new methods for botnet detection. For better performance, deep learning (DL) is more and more widely employed to botnet detecting. The existing DL‐based botnet detection methods require lots of computing resources and running time. While in the real Internet of Things (IoT) environment, real‐time and low computing consumption are much needed. Therefore, the DL‐based methods seem to be powerless in real‐time IoT scenarios. For these reasons, this article proposes a botnet detection model based on extreme learning machine, named BotDetector, which can directly obtain network stream files and quickly learn without data processing to extract botnet traffic characteristics. Experiments show that BotDetector has a good performance, which can identify botnets accurately with great reduction the time consumption and resource consumption. Furthermore, BotDetector has strong applicability in real IoT scenes.

Amirabas Kabiri Zamani,Amirahmad Chapnevis

DOI: https://doi.org/10.48550/arXiv.2207.04503

2022-07-11

Abstract:The rapid growth of technology has led to the creation of computing networks. The applications of the Internet of Things are becoming more and more visible with the expansion and development of sensors and the use of a series of equipment to connect to the Internet. Of course, the growth of any network will also provide some challenges. The main challenge of IoT like any other network is its security. In the field of security, there are issues such as attack detection, authentication, encryption and the so on. One of the most important attack is cyber-attacks that disrupt the network usage. One of the most important attacks on the IoT is BotNet attack. The most important challenges of this topic include very high computational complexity, lack of comparison with previous methods, lack of scalability, high execution time, lack of review of the proposed approach in terms of accuracy to detect and classify attacks and intrusions. Using intrusion detection systems for the IoT is an important step in identifying and detecting various attacks. Therefore, an algorithm that can solve these challenges has provided a near-optimal method. Using training-based models and algorithms such as Deep Dearning-Reinforcement Learning and XGBoost learning in combination (DRL-XGBoost) models can be an interesting approach to overcoming previous weaknesses. The data of this research is Bot-IoT-2018.

Cryptography and Security

Satish Pokhrel,Robert Abbas,Bhulok Aryal

DOI: https://doi.org/10.48550/arXiv.2104.02231

2021-04-06

Abstract:The acceptance of Internet of Things (IoT) applications and services has seen an enormous rise of interest in IoT. Organizations have begun to create various IoT based gadgets ranging from small personal devices such as a smart watch to a whole network of smart grid, smart mining, smart manufacturing, and autonomous driver-less vehicles. The overwhelming amount and ubiquitous presence have attracted potential hackers for cyber-attacks and data theft. Security is considered as one of the prominent challenges in IoT. The key scope of this research work is to propose an innovative model using machine learning algorithm to detect and mitigate botnet-based distributed denial of service (DDoS) attack in IoT network. Our proposed model tackles the security issue concerning the threats from bots. Different machine learning algorithms such as K- Nearest Neighbour (KNN), Naive Bayes model and Multi-layer Perception Artificial Neural Network (MLP ANN) were used to develop a model where data are trained by BoT-IoT dataset. The best algorithm was selected by a reference point based on accuracy percentage and area under the receiver operating characteristics curve (ROC AUC) score. Feature engineering and Synthetic minority oversampling technique (SMOTE) were combined with machine learning algorithms (MLAs). Performance comparison of three algorithms used was done in class imbalance dataset and on the class balanced dataset.

Machine Learning