Ahsan Nazir,Jingsha He,Nafei Zhu,Xiangjun Ma,Faheem Ullah,Siraj Uddin Qureshi,Ahsan Wajahat

DOI: https://doi.org/10.1145/3672919.3672934

2024-01-01

Abstract:The rapid expansion of Internet of Things (IoT) devices has led to an escalation in security vulnerabilities, particularly concerning botnet attacks. Securing IoT networks against botnet threats is paramount to preserving network integrity and safeguarding sensitive data. Despite advancements in security measures, traditional methods often fall short in effectively detecting and mitigating botnet activity in IoT environments. There is a pressing need for robust and adaptive detection mechanisms capable of accurately identifying botnet behavior amidst the complexity of IoT network traffic. This research addresses the challenge of botnet detection in IoT networks, aiming to develop an effective and scalable solution that can accurately discern between benign and IoT botnets. To address this problem, we propose the use of ensemble learning techniques for the IoT botnet detection. Leveraging the N-BaIoT dataset, which offers real-world IoT traffic data, we apply the Voting Classifier to nine distinct IoT devices and evaluate its performance against key metrics such as accuracy, precision, recall, and F1 score. Our experiments demonstrate the effectiveness of the proposed ensemble approach, achieving high accuracy with an average accuracy rate of 99.3%. Furthermore, the ensemble method exhibits strong precision, recall, and F1 scores across various IoT device types, underscoring its efficacy in accurately discerning botnet activity. This research contributes to the advancement of botnet detection in IoT networks by introducing an ensemble-based approach that offers robust and adaptive detection capabilities. Our findings highlight the potential of ensemble learning techniques in enhancing security measures in IoT environments.

Aulia Arif Wardana,Grzegorz Kołaczek,Arkadiusz Warzyński,Parman Sukarno

DOI: https://doi.org/10.1038/s41598-024-54438-6

IF: 4.6

2024-02-18

Scientific Reports

Abstract:The botnet attack is one of the coordinated attack types that can infect Internet of Things (IoT) devices and cause them to malfunction. Botnets can steal sensitive information from IoT devices and control them to launch another attack, such as a Distributed Denial-of-Service (DDoS) attack or email spam. This attack is commonly detected using a network-based Intrusion Detection System (NIDS) that monitors the network device's activity. However, IoT network is dynamic and IoT devices have many types with different configurations and vendors in IoT environments. Therefore, this research proposes an Intrusion Detection System (IDS) by ensemble-ing traffic from heterogeneous IoT devices. This research proposes Deep Neural Network (DNN) to create a training model from each heterogeneous IoT device. After that, each training model from each heterogeneous IoT device is used to predict the traffic. The prediction results from each training model are averaged using the ensemble averaging method to determine the final result. This research used the N-BaIoT dataset to validate the proposed IDS model. Based on experimental results, ensemble averaging DNN can detect botnet attacks in heterogeneous IoT devices with an average accuracy of 97.21, precision of 91.41, recall of 87.31, and F1-score 88.48.

multidisciplinary sciences

Zhou Shao,Sha Yuan,Yongli Wang

DOI: https://doi.org/10.1016/j.ins.2021.05.076

IF: 8.1

2021-01-01

Information Sciences

Abstract:With the number of Internet of Things (IoT) devices proliferating, the traffic volume of IoT-based attacks has shown a gradually increasing trend. The IoT botnet attack, which aims to commit real, efficient, and profitable cybercrimes, has become one of the most severe IoT threats. Applying traditional techniques to IoT is difficult due to its particular characteristics, such as resource-constrained devices, massive volumes of data, and real-time requirements. In this paper, we explore an adaptive online learning strategy for real-time IoT botnet attack detection. Furthermore, we operate the proposed adaptive strategy in conjunction with online ensemble learning. To evaluate the proposed strategy, we use real IoT traffic data, including benign traffic data and botnet traffic data infected by Mirai. In real-time IoT botnet attack detection, our experimental results demonstrate that the proposed adaptive online learning strategy achieves remarkable performance.

Jincheng Zhou,Tao Hai,Dayang Norhayati Abang Jawawi,Dan Wang,Kuruva Lakshmanna,Praveen Kumar Reddy Maddikunta,Mavellous Iwendi

DOI: https://doi.org/10.1016/j.seta.2023.103454

IF: 7.632

2023-01-01

Sustainable Energy Technologies and Assessments

Abstract:The potential for significant damage to an enterprise network by an intruder or cybercriminal wielding a botnet is substantial. Such malicious actors actively scan vulnerable connected devices, aiming to incorporate them into their botnet network for exploitation. Previous attempts to mitigate this issue have been met with varying success levels, often exhibiting inaccuracies and consuming excessive energy. The proposed model introduces a streamlined ensemble-based detection framework tailored for identifying botnets within IoT networks. Leveraging Machine Learning (ML) techniques, the framework effectively detects and safeguards the network’s infrastructure. The proposed approach identifies crucial features by employing a method for univariate feature selection, coupled with an ensemble-based framework. Botnet attacks consume a significant amount of energy in IoT devices. The proposed model detects and avoids botnet attacks, which can save energy and make IoT networks more sustainable. The suggested model synergizes the capabilities of two hyper-tuned ML algorithms, namely XGBoost and LightGBM. Experimental findings underscore the effectiveness of the proposed model, demonstrating a remarkable 100% accuracy rate in detecting malicious botnets within the network, surpassing other models which ranged between 97% and 99% accuracy.

Shaza Dawood Ahmed Rihan,Mohammed Anbar,Basim Ahmad Alabsi

DOI: https://doi.org/10.3390/s23177342

IF: 3.9

2023-08-24

Sensors

Abstract:The Internet of Things (IoT) has transformed our interaction with technology and introduced security challenges. The growing number of IoT attacks poses a significant threat to organizations and individuals. This paper proposes an approach for detecting attacks on IoT networks using ensemble feature selection and deep learning models. Ensemble feature selection combines filter techniques such as variance threshold, mutual information, Chi-square, ANOVA, and L1-based methods. By leveraging the strengths of each technique, the ensemble is formed by the union of selected features. However, this union operation may overlook redundancy and irrelevance, potentially leading to a larger feature set. To address this, a wrapper algorithm called Recursive Feature Elimination (RFE) is applied to refine the feature selection. The impact of the selected feature set on the performance of Deep Learning (DL) models (CNN, RNN, GRU, and LSTM) is evaluated using the IoT-Botnet 2020 dataset, considering detection accuracy, precision, recall, F1-measure, and False Positive Rate (FPR). All DL models achieved the highest detection accuracy, precision, recall, and F1 measure values, ranging from 97.05% to 97.87%, 96.99% to 97.95%, 99.80% to 99.95%, and 98.45% to 98.87%, respectively.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Qasem Abu Al-Haija,Mu’awya Al-Dala’ien

DOI: https://doi.org/10.3390/jsan11010018

2022-03-09

Journal of Sensor and Actuator Networks

Abstract:Due to the prompt expansion and development of intelligent systems and autonomous, energy-aware sensing devices, the Internet of Things (IoT) has remarkably grown and obstructed nearly all applications in our daily life. However, constraints in computation, storage, and communication capabilities of IoT devices has led to an increase in IoT-based botnet attacks. To mitigate this threat, there is a need for a lightweight and anomaly-based detection system that can build profiles for normal and malicious activities over IoT networks. In this paper, we propose an ensemble learning model for botnet attack detection in IoT networks called ELBA-IoT that profiles behavior features of IoT networks and uses ensemble learning to identify anomalous network traffic from compromised IoT devices. In addition, our IoT-based botnet detection approach characterizes the evaluation of three different machine learning techniques that belong to decision tree techniques (AdaBoosted, RUSBoosted, and bagged). To evaluate ELBA-IoT, we used the N-BaIoT-2021 dataset, which comprises records of both normal IoT network traffic and botnet attack traffic of infected IoT devices. The experimental results demonstrate that our proposed ELBA-IoT can detect the botnet attacks launched from the compromised IoT devices with high detection accuracy (99.6%) and low inference overhead (40 μ-seconds). We also contrast ELBA-IoT results with other state-of-the-art results and demonstrate that ELBA-IoT is superior.

Jie Yin,Xianda Wu,Junnan Wang,Kun Jia,Chaoge Liu,Yue Shi,Xiang Cui

DOI: https://doi.org/10.1007/978-3-030-78621-2_59

2021-01-01

Abstract:The vulnerabilities found in Internet of Things (IoT) devices have caused a large number of IoT devices being compromised and used as botnet platforms, which imposes a serious threat to the cyber security. In order to mitigate this threat, several network-based intrusion detection methods are proposed. While models and algorithms are important, so are the representative datasets and comprehensive feature vectors. In this paper, we firstly construct a botnet network traffic dataset by automatically monitoring some latest IoT botnet samples in our self-built experimental system. The dataset contains 17.5 GB network traffic which generated by 257 samples from 10 families. We can see the samples’ entire lifecycle, including installation, propagation, scanning, DDoS attacks, C&C and other typical botnet behaviors. Then, through an in-depth analysis of the collected dataset, we propose a set of feature vectors for detecting. Since we are from the perspective of samples’ entire lifecycle, our feature vectors provide more dimensions and is more expressive than existing works. To evaluate the effect of these feature vectors, we design a classification model based on machine learning, and run it on the constructed dataset and another public dataset. The experiment results demonstrate that the proposed feature vectors perform better on our dataset than on others, showing that the future IoT botnet detection model needs to face a longer botnet lifecycle and adopt more comprehensive feature vectors.

Chaochao Luo,Zhiyuan Tan,Geyong Min,Jie Gan,Wei Shi,Zhihong Tian

DOI: https://doi.org/10.1109/tii.2020.3038761

IF: 12.3

2021-01-01

IEEE Transactions on Industrial Informatics

Abstract:Internet of Things (IoT) has become one of the fastest-growing technologies and has been broadly applied in various fields. IoT networks contain millions of devices with the capability of interacting with each other and providing functionalities that were never available to us before. These IoT networks are designed to provide friendly and intelligent operations through big data analysis of information generated or collected from an abundance of devices in real time. However, the diversity of IoT devices makes the IoT networks' environments more complex and more vulnerable to various web attacks compared to traditional computer networks. In this article, we propose a novel ensemble deep learning based web attack detection system (EDL-WADS) to alleviate the serious issues that IoT networks faces. Specifically, we have designed three deep learning models to first detect web attacks separately. We then use an ensemble classifier to make the final decision according to the results obtained from the three deep learning models. In order to evaluate the proposed WADS, we have performed experiments on a public dataset as well as a real-word dataset running in a distributed environment. Experimental results show that the proposed system can detect web attacks accurately with low false positive and negative rates.

Mir Shahnawaz Ahmed,Shahid Mehraj Shah

DOI: https://doi.org/10.48550/arXiv.2207.07903

2022-07-16

Abstract:The Internet of Things (IoT) has altered living by controlling devices/things over the Internet. IoT has specified many smart solutions for daily problems, transforming cyber-physical systems (CPS) and other classical fields into smart regions. Most of the edge devices that make up the Internet of Things have very minimal processing power. To bring down the IoT network, attackers can utilise these devices to conduct a variety of network attacks. In addition, as more and more IoT devices are added, the potential for new and unknown threats grows exponentially. For this reason, an intelligent security framework for IoT networks must be developed that can identify such threats. In this paper, we have developed an unsupervised ensemble learning model that is able to detect new or unknown attacks in an IoT network from an unlabelled dataset. The system-generated labelled dataset is used to train a deep learning model to detect IoT network attacks. Additionally, the research presents a feature selection mechanism for identifying the most relevant aspects in the dataset for detecting attacks. The study shows that the suggested model is able to identify the unlabelled IoT network datasets and DBN (Deep Belief Network) outperform the other models with a detection accuracy of 97.5% and a false alarm rate of 2.3% when trained using labelled dataset supplied by the proposed approach.

Information Theory,Cryptography and Security,Machine Learning

Rohit Singh,Krishna Pal Sharma,Lalit Kumar Awasthi

DOI: https://doi.org/10.1007/s10586-024-04519-y

2024-05-13

Cluster Computing

Abstract:The rapidly growing number of Internet of Things (IoT) devices has led to a rise in data transfers, which has raised security concerns. Due to the devices' limited processing capabilities and vulnerability to many cyber attacks, securing IoT communications is challenging. Security threats, especially Distributed Denial of Service (DDoS) attacks, take a toll on the network in the form of increased communication overhead. Hence, a centralized unit is required to detect DDoS attacks in IoT networks at the earliest. Software-Defined Networking (SDN) promises a potential solution for better network traffic management and data flow. This paper presents a machine learning-based ensemble model for the detection of DDoS attacks in IoT networks using SDN. The proposed model employs a multi-step approach utilizing various Machine Learning (ML) algorithms. The proposed Ensemble Model (EM) combines Logistic Regression (LR), k-Nearest Neighbors (KNN), Gradient Boosting (GB), Extra-tree (ET), AdaBoost, and XGBoost, with XGBoost as the final estimator classifier. Various metrics, including sensitivity, specificity, precision, accuracy, and others, derived from the confusion matrix, evaluate the proposed model's performance. The EM demonstrates superior performance during comparative analysis with state-of-the-art schemes, with a classification accuracy of 99.8%. Furthermore, the paper evaluates the model based on Receiver Operator Characteristic (ROC) curves, showing its superiority in True Positive Rates (TPR) compared to False Positive Rates (FPR). The AUC analysis supports the EM's effectiveness. Cross-validation results further validate the model's robustness, with a mean accuracy of 97.92%.

computer science, information systems, theory & methods

Chathuranga Sampath Kalutharage,Xiaodong Liu,Christos Chrysoulas,Oluwaseun Bamgboye

DOI: https://doi.org/10.1007/978-3-031-54129-2_8

2024-01-01

Abstract:As Internet of Things (IoT) networks continue to expand, it has become increasingly crucial to safeguard the security of these interconnected devices. This research study proposes a novel method for enhancing the effectiveness of IoT network threat detection by employing ensemble learning techniques and Explainable Artificial Intelligence (XAI). The proposed method involves the utilization of an ensemble model combining an Autoencoder and eXtreme Gradient Boosting (XGBoost), a popular gradient-boosting algorithm. The workflow begins with quantizing the dataset to reduce computational complexity. Subsequently, the autoencoder is trained to learn a compressed representation of the quantized data, while XGBoost simultaneously performs classification tasks. To enhance the efficiency and accuracy of attack detection, feature importance analysis is conducted using XGBoost's feature importance attribute. This analysis enables the identification of the most influential features, which are then used to prepare a refined dataset, further reducing computational requirements. A Logarithmic layer is introduced within the autoencoder, enabling the linearization of relationships and handling of exponential characteristics. The novel ensemble model, combining the Autoencoder's and XGBoost's strengths, is trained on the refined dataset. This unified model significantly enhances attack detection performance by leveraging the compressed representations learned by the autoencoder and the predictive power of XGBoost. Our proposed model is evaluated in the experiment on the CICIDS2017 data set. The evaluation metrics include accuracy, recall, precision, and runtime. For detection performance, our proposed model achieves an impressive 99.92% detection accuracy on the CICIDS2017 dataset, surpassing most state-of-the-art intrusion detection methods. Moreover, our proposed model exhibits the lowest runtime, further highlighting its efficiency.

Rongrong Jiang,Zhengqiu Weng,Lili Shi,Erxuan Weng,Hongmei Li,Weiqiang Wang,Tiantian Zhu,Wuzhao Li

DOI: https://doi.org/10.1002/cpe.8258

2024-08-17

Concurrency and Computation Practice and Experience

Abstract:Summary With the development of the Internet of Things (IoT), the number of terminal devices is rapidly growing and at the same time, their security is facing serious challenges. For the industrial control system, there are challenges in detecting and preventing botnet. Traditional detection methods focus on capturing and reverse analyzing the botnet programs first and then parsing the extracted features from the malicious code or attacks. However, their accuracy is very low and their latency is relatively high. Moreover, they sometimes even cannot recognize the unknown botnets. The machine learning based detection methods rely on manual feature engineering and have a weak generalization. The deep learning‐based methods mostly rely on the system log, which does not take into account the multisource information such as traffic. To address the above issues, from the perspective of the botnet features, this paper proposes an intelligent detection method over parallel CNN‐LSTM, integrating the spatial and temporal features to identify botnets. Experimental demonstrate that the accuracy, recall, and F1‐score of our proposed method achieve up to over 98%, and the precision, 97.8%, is not the highest but reasonable. It reveals compared with the existing start‐of‐the‐art methods, our proposed method outperforms in the botnet detection. Our methodology's strength lies in its ability to harness the multifaceted information present in IoT traffic, offering a more nuanced and comprehensive analysis. The parallel CNN‐LSTM architecture ensures that spatial and temporal data are processed concurrently, preserving the integrity of the information and enabling a more robust detection mechanism. The result is a detection system that not only performs exceptionally well in a controlled environment but also holds promise for real‐world application, where the rapid and accurate identification of botnets is paramount.

computer science, theory & methods, software engineering

Binbin Yong,Wei,Kuan-Ching Li,Jun Shen,Qingguo Zhou,Marcin Wozniak,Dawid Polap,Robertas Damasevicius

DOI: https://doi.org/10.1002/ett.4085

IF: 3.6

2022-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:The Internet of things (IoT), made up of a massive number of sensor devices interconnected, can be used for data exchange, intelligent identification, and management of interconnected "things." IoT devices are proliferating and playing a crucial role in improving the living quality and living standard of the people. However, the real IoT is more vulnerable to attack by countless cyberattacks from the Internet, which may cause privacy data leakage, data tampering and also cause significant harm to society and individuals. Network security is essential in the IoT system, and Web injection is one of the most severe security problems, especially the webshell. To develop a safe IoT system, in this article, we apply essential machine learning models to detect webshell to build secure solutions for IoT network. Future, ensemble methods including random forest (RF), extremely randomized trees (ET), and Voting are used to improve the performances of these machine learning models. We also discuss webshell detection in lightweight and heavyweight computing scenarios for different IoT environments. Extensive experiments have been conducted on these models to verify the validity of webshell intrusion. Simulation results show that RF and ET are suitable for lightweight IoT scenarios, and Voting method is effective for heavyweight IoT scenarios.

Ayesha Sarwar,Muhammad Faheem Mushtaq,Urooj Akram,Furqan Rustam,Ameer Hamza,Vaibhav Rupapara,Saleem Ullah

DOI: https://doi.org/10.1007/s12652-023-04666-x

IF: 3.662

2023-08-14

Journal of Ambient Intelligence and Humanized Computing

Abstract:Internet usage is increasing day by day all over the world and as a result, technology is also developing to make daily life appliances as smart as possible. Millions of devices are connected using IoT technology, and the vulnerabilities of these devices are still exploitable by attackers. Having access to IoT devices through a Bot Master allows the Bot Master to attack a targeted server with these devices. To detect malicious traffic in IoT networks, there is a need for an intelligent mechanism. Although there have been many studies on the detection of botnet malware, accuracy and efficiency remain a gap. This study focuses on an automatic system that can detect botnet malware with high accuracy. A new ensemble model has been proposed in this study, known as the Extra Tree Random Voting Ensemble Classifier (ER-VEC), which is a combination of two tree-based models called Extra Tree and Random Forest. The proposed model is tested on several malicious traffic in the IoT networks datasets such as IoTID20, MedBIoT, UNSW-NB15, N-BaIoT, and ER-VEC achieving 99.99%, 99.91%, 95.64%, and 100% accuracy scores, respectively. In comparison with the proposed model, other machine learning models were also employed, and ER-VEC significantly outperformed them in terms of accuracy, precision, recall, F1-score, and error rate across all datasets. In addition, we performed K-Fold cross-validation and found that ER-VEC achieved an accuracy score of 98% and a standard deviation of 0.04±.

computer science, information systems,telecommunications, artificial intelligence

Morteza Safaei Pour,Antonio Mangino,Kurt Friday,Matthias Rathbun,Elias Bou-Harb,Farkhund Iqbal,Sagar Samtani,Jorge Crichigno,Nasir Ghani

DOI: https://doi.org/10.1016/j.cose.2019.101707

2020-04-01

Abstract:The insecurity of the Internet-of-Things (IoT) paradigm continues to wreak havoc in consumer and critical infrastructures. The highly heterogeneous nature of IoT devices and their widespread deployments has led to the rise of several key security and measurement-based challenges, significantly crippling the process of collecting, analyzing and correlating IoT-centric data. To this end, this paper explores macroscopic, passive empirical data to shed light on this evolving threat phenomena. The proposed work aims to classify and infer Internet-scale compromised IoT devices by solely observing one-way network traffic, while also uncovering, reporting and thoroughly analyzing "in the wild" IoT botnets. To prepare a relevant dataset, a novel probabilistic model is developed to cleanse unrelated traffic by removing noise samples (i.e., misconfigured network traffic). Subsequently, several shallow and deep learning models are evaluated in an effort to train an effective multi-window convolutional neural network. By leveraging active and passing measurements when generating the training dataset, the neural network aims to accurately identify compromised IoT devices. Consequently, to infer orchestrated and unsolicited activities that have been generated by well-coordinated IoT botnets, hierarchical agglomerative clustering is employed by scrutinizing a set of innovative and efficient network feature sets. Analyzing 3.6 TB of recently captured darknet traffic revealed a momentous 440,000 compromised IoT devices and generated evidence-based artifacts related to 350 IoT botnets. Moreover, by conducting thorough analysis of such inferred campaigns, we reveal their scanning behaviors, packet inter-arrival times, employed rates and geo-distributions. Although several campaigns exhibit significant differences in these aspects, some are more distinguishable; by being limited to specific geo-locations or by executing scans on random ports besides their core targets. While many of the inferred botnets belong to previously documented campaigns such as Hide and Seek, Hajime and Fbot, newly discovered events portray the evolving nature of such IoT threat phenomena by demonstrating growing cryptojacking capabilities or by targeting industrial control services. To motivate empirical (and operational) IoT cyber security initiatives as well as aid in reproducibility of the obtained results, we make the source codes of all the developed methods and techniques available to the research community at large.

computer science, information systems

Abdelaziz Amara korba,Aleddine Diaf,Yacine Ghamri-Doudane

2024-07-22

Abstract:In the rapidly evolving landscape of cyber threats targeting the Internet of Things (IoT) ecosystem, and in light of the surge in botnet-driven Distributed Denial of Service (DDoS) and brute force attacks, this study focuses on the early detection of IoT bots. It specifically addresses the detection of stealth bot communication that precedes and orchestrates attacks. This study proposes a comprehensive methodology for analyzing IoT network traffic, including considerations for both unidirectional and bidirectional flow, as well as packet formats. It explores a wide spectrum of network features critical for representing network traffic and characterizing benign IoT traffic patterns effectively. Moreover, it delves into the modeling of traffic using various semi-supervised learning techniques. Through extensive experimentation with the IoT-23 dataset - a comprehensive collection featuring diverse botnet types and traffic scenarios - we have demonstrated the feasibility of detecting botnet traffic corresponding to different operations and types of bots, specifically focusing on stealth command and control (C2) communications. The results obtained have demonstrated the feasibility of identifying C2 communication with a 100% success rate through packet-based methods and 94% via flow based approaches, with a false positive rate of 1.53%.

Cryptography and Security,Artificial Intelligence

Abdulaziz Aldaej,Imdad Ullah,Tariq Ahamed Ahanger,Mohammed Atiquzzaman

DOI: https://doi.org/10.1038/s41598-024-62435-y

IF: 4.6

2024-05-24

Scientific Reports

Abstract:Internet of Things (IoT) technology has revolutionized modern industrial sectors. Moreover, IoT technology has been incorporated within several vital domains of applicability. However, security is overlooked due to the limited resources of IoT devices. Intrusion detection methods are crucial for detecting attacks and responding adequately to every IoT attack. Conspicuously, the current study outlines a two-stage procedure for the determination and identification of intrusions. In the first stage, a binary classifier termed an Extra Tree (E-Tree) is used to analyze the flow of IoT data traffic within the network. In the second stage, an Ensemble Technique (ET) comprising of E-Tree, Deep Neural Network (DNN), and Random Forest (RF) examines the invasive events that have been identified. The proposed approach is validated for performance analysis. Specifically, Bot-IoT, CICIDS2018, NSL-KDD, and IoTID20 dataset were used for an in-depth performance assessment. Experimental results showed that the suggested strategy was more effective than existing machine learning methods. Specifically, the proposed technique registered enhanced statistical measures of accuracy, normalized accuracy, recall measure, and stability.

multidisciplinary sciences

Bonan Zhang,Jingjin Li,Lindsay Ward,Ying Zhang,Chao Chen,Jun Zhang

DOI: https://doi.org/10.1155/2023/9796912

IF: 1.968

2023-01-01

Security and Communication Networks

Abstract:Botnet attacks have mainly targeted computers in the past, which is a fundamental cybersecurity problem. Due to the booming of Internet of things (IoT) devices, an increasing number of botnet attacks are now targeting IoT devices. Researchers have proposed several mechanisms to avoid botnet attacks, such as identification by communication patterns or network topology and defence by DNS blacklisting. A popular direction for botnet detection currently relies on the specific topological characteristics of botnets and uses machine learning models. However, it relies on network experts’ domain knowledge for feature engineering. Recently, neural networks have shown the capability of representation learning. This paper proposes a new approach to extracting graph features via graph neural networks. To capture the particular topology of the botnet, we transform the network traffic into graphs and train a graph neural network to extract features. In our evaluations, we use graph embedding features to train six machine learning models and compare them with the performance of traditional graph features in identifying botnet nodes. The experimental results show that botnet traffic detection is still challenging even with neural networks. We should consider the impact of data, features, and algorithms for an accurate and robust solution.

Yining Pang,Chenghan Li

2024-12-11

Abstract:With the proliferation of the Internet and smart devices, IoT technology has seen significant advancements and has become an integral component of smart homes, urban security, smart logistics, and other sectors. IoT facilitates real-time monitoring of critical production indicators, enabling businesses to detect potential quality issues, anticipate equipment malfunctions, and refine processes, thereby minimizing losses and reducing costs. Furthermore, IoT enhances real-time asset tracking, optimizing asset utilization and management. However, the expansion of IoT has also led to a rise in cybercrimes, with devices increasingly serving as vectors for malicious attacks. As the number of IoT devices grows, there is an urgent need for robust network security measures to counter these escalating threats. This paper introduces a deep learning model incorporating LSTM and attention mechanisms, a pivotal strategy in combating cybercrime in IoT networks. Our experiments, conducted on datasets including IoT-23, BoT-IoT, IoT network intrusion, MQTT, and MQTTset, demonstrate that our proposed method outperforms existing baselines.

Cryptography and Security,Machine Learning