Ruoyu Li,Qing Li,Yucheng Huang,Wenbin Zhang,Peican Zhu,Yong Jiang

DOI: https://doi.org/10.1007/978-3-031-17146-8_28

2022-01-01

Abstract:As the Internet of Things (IoT) plays an increasingly important role in real life, the concern about IoT malware and botnet attacks is considerably growing. Meanwhile, with new techniques such as edge computing and artificial intelligence applied to IoT networks, these devices nowadays become more functional than ever before, which challenges many existing network anomaly detection systems due to the lack of generalization ability to profile diverse activities. To address it, this paper proposes IoTEnsemble, an ensemble network anomaly detection framework. We propose a tree-based activity clustering method that aggregates network flows dedicated to the same activity so that their traffic patterns remain identical. Based on the clustering result, we implement an ensemble model in which each submodel only needs to profile a specific activity, which highly reduces the burden of a single model's generalization ability. For evaluation, we build a 57.1GB IoT dataset collected in 9 months composed of comprehensive normal and malicious traffic. Our evaluation proves that IoTEnsemble possesses a state-of-the-art detection performance on various IoT botnet malware and attack traffic, exhibiting a significantly better result than other baselines in a more intelligent and functional IoT network.

Qasem Abu Al-Haija,Mu’awya Al-Dala’ien

DOI: https://doi.org/10.3390/jsan11010018

2022-03-09

Journal of Sensor and Actuator Networks

Abstract:Due to the prompt expansion and development of intelligent systems and autonomous, energy-aware sensing devices, the Internet of Things (IoT) has remarkably grown and obstructed nearly all applications in our daily life. However, constraints in computation, storage, and communication capabilities of IoT devices has led to an increase in IoT-based botnet attacks. To mitigate this threat, there is a need for a lightweight and anomaly-based detection system that can build profiles for normal and malicious activities over IoT networks. In this paper, we propose an ensemble learning model for botnet attack detection in IoT networks called ELBA-IoT that profiles behavior features of IoT networks and uses ensemble learning to identify anomalous network traffic from compromised IoT devices. In addition, our IoT-based botnet detection approach characterizes the evaluation of three different machine learning techniques that belong to decision tree techniques (AdaBoosted, RUSBoosted, and bagged). To evaluate ELBA-IoT, we used the N-BaIoT-2021 dataset, which comprises records of both normal IoT network traffic and botnet attack traffic of infected IoT devices. The experimental results demonstrate that our proposed ELBA-IoT can detect the botnet attacks launched from the compromised IoT devices with high detection accuracy (99.6%) and low inference overhead (40 μ-seconds). We also contrast ELBA-IoT results with other state-of-the-art results and demonstrate that ELBA-IoT is superior.

Shaza Dawood Ahmed Rihan,Mohammed Anbar,Basim Ahmad Alabsi

DOI: https://doi.org/10.3390/s23177342

IF: 3.9

2023-08-24

Sensors

Abstract:The Internet of Things (IoT) has transformed our interaction with technology and introduced security challenges. The growing number of IoT attacks poses a significant threat to organizations and individuals. This paper proposes an approach for detecting attacks on IoT networks using ensemble feature selection and deep learning models. Ensemble feature selection combines filter techniques such as variance threshold, mutual information, Chi-square, ANOVA, and L1-based methods. By leveraging the strengths of each technique, the ensemble is formed by the union of selected features. However, this union operation may overlook redundancy and irrelevance, potentially leading to a larger feature set. To address this, a wrapper algorithm called Recursive Feature Elimination (RFE) is applied to refine the feature selection. The impact of the selected feature set on the performance of Deep Learning (DL) models (CNN, RNN, GRU, and LSTM) is evaluated using the IoT-Botnet 2020 dataset, considering detection accuracy, precision, recall, F1-measure, and False Positive Rate (FPR). All DL models achieved the highest detection accuracy, precision, recall, and F1 measure values, ranging from 97.05% to 97.87%, 96.99% to 97.95%, 99.80% to 99.95%, and 98.45% to 98.87%, respectively.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Aulia Arif Wardana,Grzegorz Kołaczek,Arkadiusz Warzyński,Parman Sukarno

DOI: https://doi.org/10.1038/s41598-024-54438-6

IF: 4.6

2024-02-18

Scientific Reports

Abstract:The botnet attack is one of the coordinated attack types that can infect Internet of Things (IoT) devices and cause them to malfunction. Botnets can steal sensitive information from IoT devices and control them to launch another attack, such as a Distributed Denial-of-Service (DDoS) attack or email spam. This attack is commonly detected using a network-based Intrusion Detection System (NIDS) that monitors the network device's activity. However, IoT network is dynamic and IoT devices have many types with different configurations and vendors in IoT environments. Therefore, this research proposes an Intrusion Detection System (IDS) by ensemble-ing traffic from heterogeneous IoT devices. This research proposes Deep Neural Network (DNN) to create a training model from each heterogeneous IoT device. After that, each training model from each heterogeneous IoT device is used to predict the traffic. The prediction results from each training model are averaged using the ensemble averaging method to determine the final result. This research used the N-BaIoT dataset to validate the proposed IDS model. Based on experimental results, ensemble averaging DNN can detect botnet attacks in heterogeneous IoT devices with an average accuracy of 97.21, precision of 91.41, recall of 87.31, and F1-score 88.48.

multidisciplinary sciences

Zhou Shao,Sha Yuan,Yongli Wang

DOI: https://doi.org/10.1016/j.ins.2021.05.076

IF: 8.1

2021-01-01

Information Sciences

Abstract:With the number of Internet of Things (IoT) devices proliferating, the traffic volume of IoT-based attacks has shown a gradually increasing trend. The IoT botnet attack, which aims to commit real, efficient, and profitable cybercrimes, has become one of the most severe IoT threats. Applying traditional techniques to IoT is difficult due to its particular characteristics, such as resource-constrained devices, massive volumes of data, and real-time requirements. In this paper, we explore an adaptive online learning strategy for real-time IoT botnet attack detection. Furthermore, we operate the proposed adaptive strategy in conjunction with online ensemble learning. To evaluate the proposed strategy, we use real IoT traffic data, including benign traffic data and botnet traffic data infected by Mirai. In real-time IoT botnet attack detection, our experimental results demonstrate that the proposed adaptive online learning strategy achieves remarkable performance.

Ayesha Sarwar,Muhammad Faheem Mushtaq,Urooj Akram,Furqan Rustam,Ameer Hamza,Vaibhav Rupapara,Saleem Ullah

DOI: https://doi.org/10.1007/s12652-023-04666-x

IF: 3.662

2023-08-14

Journal of Ambient Intelligence and Humanized Computing

Abstract:Internet usage is increasing day by day all over the world and as a result, technology is also developing to make daily life appliances as smart as possible. Millions of devices are connected using IoT technology, and the vulnerabilities of these devices are still exploitable by attackers. Having access to IoT devices through a Bot Master allows the Bot Master to attack a targeted server with these devices. To detect malicious traffic in IoT networks, there is a need for an intelligent mechanism. Although there have been many studies on the detection of botnet malware, accuracy and efficiency remain a gap. This study focuses on an automatic system that can detect botnet malware with high accuracy. A new ensemble model has been proposed in this study, known as the Extra Tree Random Voting Ensemble Classifier (ER-VEC), which is a combination of two tree-based models called Extra Tree and Random Forest. The proposed model is tested on several malicious traffic in the IoT networks datasets such as IoTID20, MedBIoT, UNSW-NB15, N-BaIoT, and ER-VEC achieving 99.99%, 99.91%, 95.64%, and 100% accuracy scores, respectively. In comparison with the proposed model, other machine learning models were also employed, and ER-VEC significantly outperformed them in terms of accuracy, precision, recall, F1-score, and error rate across all datasets. In addition, we performed K-Fold cross-validation and found that ER-VEC achieved an accuracy score of 98% and a standard deviation of 0.04±.

computer science, information systems,telecommunications, artificial intelligence

Ahsan Nazir,Jingsha He,Nafei Zhu,Ahsan Wajahat,Xiangjun Ma,Faheem Ullah,Sirajuddin Qureshi,Muhammad Salman Pathan

DOI: https://doi.org/10.1016/j.jksuci.2023.101820

2023-01-01

Abstract:The Internet of Things (IoT) has transformed many aspects of modern life, from healthcare and transportation to home automation and industrial control systems. However, the increasing number of connected devices has also led to an increase in security threats, particularly from botnets. To mitigate these threats, various machine learning (ML) and deep learning (DL) techniques have been proposed for IoT botnet attack detection. This systematic review aims to identify the most effective ML and DL techniques for detecting IoT botnets by delving into benchmark datasets, evaluation metrics, and data pre-processing techniques in detail. A comprehensive search was conducted in multiple databases for primary studies published between 2018 and 2023. Studies were included if they reported the use of ML or DL techniques for IoT botnet detection. After screening 1,567 records, 25 studies were included in the final review. The findings suggest that ML and DL techniques show promising results in detecting IoT botnet attacks, outperforming traditional signature-based methods. However, the effectiveness of the techniques varied depending on the dataset, features, and evaluation metrics used. Based on the synthesis of the findings, this review proposes a taxonomy for ML and DL techniques in IoT botnet attack detection and provides recommendations for future research in this area. This review illuminates the considerable potential of ML and DL approaches in bolstering the detection of IoT botnet attacks, thereby offering valuable insights to researchers involved in the domain of IoT security.

Rongrong Jiang,Zhengqiu Weng,Lili Shi,Erxuan Weng,Hongmei Li,Weiqiang Wang,Tiantian Zhu,Wuzhao Li

DOI: https://doi.org/10.1002/cpe.8258

2024-08-17

Concurrency and Computation Practice and Experience

Abstract:Summary With the development of the Internet of Things (IoT), the number of terminal devices is rapidly growing and at the same time, their security is facing serious challenges. For the industrial control system, there are challenges in detecting and preventing botnet. Traditional detection methods focus on capturing and reverse analyzing the botnet programs first and then parsing the extracted features from the malicious code or attacks. However, their accuracy is very low and their latency is relatively high. Moreover, they sometimes even cannot recognize the unknown botnets. The machine learning based detection methods rely on manual feature engineering and have a weak generalization. The deep learning‐based methods mostly rely on the system log, which does not take into account the multisource information such as traffic. To address the above issues, from the perspective of the botnet features, this paper proposes an intelligent detection method over parallel CNN‐LSTM, integrating the spatial and temporal features to identify botnets. Experimental demonstrate that the accuracy, recall, and F1‐score of our proposed method achieve up to over 98%, and the precision, 97.8%, is not the highest but reasonable. It reveals compared with the existing start‐of‐the‐art methods, our proposed method outperforms in the botnet detection. Our methodology's strength lies in its ability to harness the multifaceted information present in IoT traffic, offering a more nuanced and comprehensive analysis. The parallel CNN‐LSTM architecture ensures that spatial and temporal data are processed concurrently, preserving the integrity of the information and enabling a more robust detection mechanism. The result is a detection system that not only performs exceptionally well in a controlled environment but also holds promise for real‐world application, where the rapid and accurate identification of botnets is paramount.

computer science, theory & methods, software engineering

Khalid Alissa,Tahir Alyas,Kashif Zafar,Qaiser Abbas,Nadia Tabassum,Shadman Sakib

DOI: https://doi.org/10.1155/2022/4515642

2022-10-04

Abstract:There are an increasing number of Internet of Things (IoT) devices connected to the network these days, and due to the advancement in technology, the security threads and cyberattacks, such as botnets, are emerging and evolving rapidly with high-risk attacks. These attacks disrupt IoT transition by disrupting networks and services for IoT devices. Many recent studies have proposed ML and DL techniques for detecting and classifying botnet attacks in the IoT environment. This study proposes machine learning methods for classifying binary classes. This purpose is served by using the publicly available dataset UNSW-NB15. This dataset resolved a class imbalance problem using the SMOTE-OverSampling technique. A complete machine learning pipeline was proposed, including exploratory data analysis, which provides detailed insights into the data, followed by preprocessing. During this process, the data passes through six fundamental steps. A decision tree, an XgBoost model, and a logistic regression model are proposed, trained, tested, and evaluated on the dataset. In addition to model accuracy, F1-score, recall, and precision are also considered. Based on all experiments, it is concluded that the decision tree outperformed with 94% test accuracy.

Jincheng Zhou,Tao Hai,Dayang Norhayati Abang Jawawi,Dan Wang,Kuruva Lakshmanna,Praveen Kumar Reddy Maddikunta,Mavellous Iwendi

DOI: https://doi.org/10.1016/j.seta.2023.103454

IF: 7.632

2023-01-01

Sustainable Energy Technologies and Assessments

Abstract:The potential for significant damage to an enterprise network by an intruder or cybercriminal wielding a botnet is substantial. Such malicious actors actively scan vulnerable connected devices, aiming to incorporate them into their botnet network for exploitation. Previous attempts to mitigate this issue have been met with varying success levels, often exhibiting inaccuracies and consuming excessive energy. The proposed model introduces a streamlined ensemble-based detection framework tailored for identifying botnets within IoT networks. Leveraging Machine Learning (ML) techniques, the framework effectively detects and safeguards the network’s infrastructure. The proposed approach identifies crucial features by employing a method for univariate feature selection, coupled with an ensemble-based framework. Botnet attacks consume a significant amount of energy in IoT devices. The proposed model detects and avoids botnet attacks, which can save energy and make IoT networks more sustainable. The suggested model synergizes the capabilities of two hyper-tuned ML algorithms, namely XGBoost and LightGBM. Experimental findings underscore the effectiveness of the proposed model, demonstrating a remarkable 100% accuracy rate in detecting malicious botnets within the network, surpassing other models which ranged between 97% and 99% accuracy.

Abdulaziz Aldaej,Imdad Ullah,Tariq Ahamed Ahanger,Mohammed Atiquzzaman

DOI: https://doi.org/10.1038/s41598-024-62435-y

IF: 4.6

2024-05-24

Scientific Reports

Abstract:Internet of Things (IoT) technology has revolutionized modern industrial sectors. Moreover, IoT technology has been incorporated within several vital domains of applicability. However, security is overlooked due to the limited resources of IoT devices. Intrusion detection methods are crucial for detecting attacks and responding adequately to every IoT attack. Conspicuously, the current study outlines a two-stage procedure for the determination and identification of intrusions. In the first stage, a binary classifier termed an Extra Tree (E-Tree) is used to analyze the flow of IoT data traffic within the network. In the second stage, an Ensemble Technique (ET) comprising of E-Tree, Deep Neural Network (DNN), and Random Forest (RF) examines the invasive events that have been identified. The proposed approach is validated for performance analysis. Specifically, Bot-IoT, CICIDS2018, NSL-KDD, and IoTID20 dataset were used for an in-depth performance assessment. Experimental results showed that the suggested strategy was more effective than existing machine learning methods. Specifically, the proposed technique registered enhanced statistical measures of accuracy, normalized accuracy, recall measure, and stability.

multidisciplinary sciences

Abdelaziz Amara korba,Aleddine Diaf,Yacine Ghamri-Doudane

2024-07-22

Abstract:In the rapidly evolving landscape of cyber threats targeting the Internet of Things (IoT) ecosystem, and in light of the surge in botnet-driven Distributed Denial of Service (DDoS) and brute force attacks, this study focuses on the early detection of IoT bots. It specifically addresses the detection of stealth bot communication that precedes and orchestrates attacks. This study proposes a comprehensive methodology for analyzing IoT network traffic, including considerations for both unidirectional and bidirectional flow, as well as packet formats. It explores a wide spectrum of network features critical for representing network traffic and characterizing benign IoT traffic patterns effectively. Moreover, it delves into the modeling of traffic using various semi-supervised learning techniques. Through extensive experimentation with the IoT-23 dataset - a comprehensive collection featuring diverse botnet types and traffic scenarios - we have demonstrated the feasibility of detecting botnet traffic corresponding to different operations and types of bots, specifically focusing on stealth command and control (C2) communications. The results obtained have demonstrated the feasibility of identifying C2 communication with a 100% success rate through packet-based methods and 94% via flow based approaches, with a false positive rate of 1.53%.

Cryptography and Security,Artificial Intelligence

Mir Shahnawaz Ahmed,Shahid Mehraj Shah

DOI: https://doi.org/10.48550/arXiv.2207.07903

2022-07-16

Abstract:The Internet of Things (IoT) has altered living by controlling devices/things over the Internet. IoT has specified many smart solutions for daily problems, transforming cyber-physical systems (CPS) and other classical fields into smart regions. Most of the edge devices that make up the Internet of Things have very minimal processing power. To bring down the IoT network, attackers can utilise these devices to conduct a variety of network attacks. In addition, as more and more IoT devices are added, the potential for new and unknown threats grows exponentially. For this reason, an intelligent security framework for IoT networks must be developed that can identify such threats. In this paper, we have developed an unsupervised ensemble learning model that is able to detect new or unknown attacks in an IoT network from an unlabelled dataset. The system-generated labelled dataset is used to train a deep learning model to detect IoT network attacks. Additionally, the research presents a feature selection mechanism for identifying the most relevant aspects in the dataset for detecting attacks. The study shows that the suggested model is able to identify the unlabelled IoT network datasets and DBN (Deep Belief Network) outperform the other models with a detection accuracy of 97.5% and a false alarm rate of 2.3% when trained using labelled dataset supplied by the proposed approach.

Information Theory,Cryptography and Security,Machine Learning

Rohit Singh,Krishna Pal Sharma,Lalit Kumar Awasthi

DOI: https://doi.org/10.1007/s10586-024-04519-y

2024-05-13

Cluster Computing

Abstract:The rapidly growing number of Internet of Things (IoT) devices has led to a rise in data transfers, which has raised security concerns. Due to the devices' limited processing capabilities and vulnerability to many cyber attacks, securing IoT communications is challenging. Security threats, especially Distributed Denial of Service (DDoS) attacks, take a toll on the network in the form of increased communication overhead. Hence, a centralized unit is required to detect DDoS attacks in IoT networks at the earliest. Software-Defined Networking (SDN) promises a potential solution for better network traffic management and data flow. This paper presents a machine learning-based ensemble model for the detection of DDoS attacks in IoT networks using SDN. The proposed model employs a multi-step approach utilizing various Machine Learning (ML) algorithms. The proposed Ensemble Model (EM) combines Logistic Regression (LR), k-Nearest Neighbors (KNN), Gradient Boosting (GB), Extra-tree (ET), AdaBoost, and XGBoost, with XGBoost as the final estimator classifier. Various metrics, including sensitivity, specificity, precision, accuracy, and others, derived from the confusion matrix, evaluate the proposed model's performance. The EM demonstrates superior performance during comparative analysis with state-of-the-art schemes, with a classification accuracy of 99.8%. Furthermore, the paper evaluates the model based on Receiver Operator Characteristic (ROC) curves, showing its superiority in True Positive Rates (TPR) compared to False Positive Rates (FPR). The AUC analysis supports the EM's effectiveness. Cross-validation results further validate the model's robustness, with a mean accuracy of 97.92%.

computer science, information systems, theory & methods

Jie Yin,Xianda Wu,Junnan Wang,Kun Jia,Chaoge Liu,Yue Shi,Xiang Cui

DOI: https://doi.org/10.1007/978-3-030-78621-2_59

2021-01-01

Abstract:The vulnerabilities found in Internet of Things (IoT) devices have caused a large number of IoT devices being compromised and used as botnet platforms, which imposes a serious threat to the cyber security. In order to mitigate this threat, several network-based intrusion detection methods are proposed. While models and algorithms are important, so are the representative datasets and comprehensive feature vectors. In this paper, we firstly construct a botnet network traffic dataset by automatically monitoring some latest IoT botnet samples in our self-built experimental system. The dataset contains 17.5 GB network traffic which generated by 257 samples from 10 families. We can see the samples’ entire lifecycle, including installation, propagation, scanning, DDoS attacks, C&C and other typical botnet behaviors. Then, through an in-depth analysis of the collected dataset, we propose a set of feature vectors for detecting. Since we are from the perspective of samples’ entire lifecycle, our feature vectors provide more dimensions and is more expressive than existing works. To evaluate the effect of these feature vectors, we design a classification model based on machine learning, and run it on the constructed dataset and another public dataset. The experiment results demonstrate that the proposed feature vectors perform better on our dataset than on others, showing that the future IoT botnet detection model needs to face a longer botnet lifecycle and adopt more comprehensive feature vectors.

Majda Wazzan,Daniyal Algazzawi,Aiiad Albeshri,Syed Hasan,Osama Rabie,Muhammad Zubair Asghar

DOI: https://doi.org/10.3390/s22103895

2022-05-20

Abstract:In recent times, organisations in a variety of businesses, such as healthcare, education, and others, have been using the Internet of Things (IoT) to produce more competent and improved services. The widespread use of IoT devices makes our lives easier. On the other hand, the IoT devices that we use suffer vulnerabilities that may impact our lives. These unsafe devices accelerate and ease cybersecurity attacks, specifically when using a botnet. Moreover, restrictions on IoT device resources, such as limitations in power consumption and the central processing unit and memory, intensify this issue because they limit the security techniques that can be used to protect IoT devices. Fortunately, botnets go through different stages before they can start attacks, and they can be detected in the early stage. This research paper proposes a framework focusing on detecting an IoT botnet in the early stage. An empirical experiment was conducted to investigate the behaviour of the early stage of the botnet, and then a baseline machine learning model was implemented for early detection. Furthermore, the authors developed an effective detection method, namely, Cross CNN_LSTM, to detect the IoT botnet based on using fusion deep learning models of a convolutional neural network (CNN) and long short-term memory (LSTM). According to the conducted experiments, the results show that the suggested model is accurate and outperforms some of the state-of-the-art methods, and it achieves 99.7 accuracy. Finally, the authors developed a kill chain model to prevent IoT botnet attacks in the early stage.

Ashfaq Hussain Farooqi,Shahzaib Akhtar,Hameedur Rahman,Touseef Sadiq,Waseem Abbass

DOI: https://doi.org/10.3390/s24010127

2023-12-26

Abstract:In the context of 6G technology, the Internet of Everything aims to create a vast network that connects both humans and devices across multiple dimensions. The integration of smart healthcare, agriculture, transportation, and homes is incredibly appealing, as it allows people to effortlessly control their environment through touch or voice commands. Consequently, with the increase in Internet connectivity, the security risk also rises. However, the future is centered on a six-fold increase in connectivity, necessitating the development of stronger security measures to handle the rapidly expanding concept of IoT-enabled metaverse connections. Various types of attacks, often orchestrated using botnets, pose a threat to the performance of IoT-enabled networks. Detecting anomalies within these networks is crucial for safeguarding applications from potentially disastrous consequences. The voting classifier is a machine learning (ML) model known for its effectiveness as it capitalizes on the strengths of individual ML models and has the potential to improve overall predictive performance. In this research, we proposed a novel classification technique based on the DRX approach that combines the advantages of the Decision tree, Random forest, and XGBoost algorithms. This ensemble voting classifier significantly enhances the accuracy and precision of network intrusion detection systems. Our experiments were conducted using the NSL-KDD, UNSW-NB15, and CIC-IDS2017 datasets. The findings of our study show that the DRX-based technique works better than the others. It achieved a higher accuracy of 99.88% on the NSL-KDD dataset, 99.93% on the UNSW-NB15 dataset, and 99.98% on the CIC-IDS2017 dataset, outperforming the other methods. Additionally, there is a notable reduction in the false positive rates to 0.003, 0.001, and 0.00012 for the NSL-KDD, UNSW-NB15, and CIC-IDS2017 datasets.

Qasem Abu Al-Haija,Ahmad Al-Badawi

DOI: https://doi.org/10.3390/s22010241

2021-12-29

Abstract:Network Intrusion Detection Systems (NIDSs) are indispensable defensive tools against various cyberattacks. Lightweight, multipurpose, and anomaly-based detection NIDSs employ several methods to build profiles for normal and malicious behaviors. In this paper, we design, implement, and evaluate the performance of machine-learning-based NIDS in IoT networks. Specifically, we study six supervised learning methods that belong to three different classes: (1) ensemble methods, (2) neural network methods, and (3) kernel methods. To evaluate the developed NIDSs, we use the distilled-Kitsune-2018 and NSL-KDD datasets, both consisting of a contemporary real-world IoT network traffic subjected to different network attacks. Standard performance evaluation metrics from the machine-learning literature are used to evaluate the identification accuracy, error rates, and inference speed. Our empirical analysis indicates that ensemble methods provide better accuracy and lower error rates compared with neural network and kernel methods. On the other hand, neural network methods provide the highest inference speed which proves their suitability for high-bandwidth networks. We also provide a comparison with state-of-the-art solutions and show that our best results are better than any prior art by 1~20%.

Satish Pokhrel,Robert Abbas,Bhulok Aryal

DOI: https://doi.org/10.48550/arXiv.2104.02231

2021-04-06

Abstract:The acceptance of Internet of Things (IoT) applications and services has seen an enormous rise of interest in IoT. Organizations have begun to create various IoT based gadgets ranging from small personal devices such as a smart watch to a whole network of smart grid, smart mining, smart manufacturing, and autonomous driver-less vehicles. The overwhelming amount and ubiquitous presence have attracted potential hackers for cyber-attacks and data theft. Security is considered as one of the prominent challenges in IoT. The key scope of this research work is to propose an innovative model using machine learning algorithm to detect and mitigate botnet-based distributed denial of service (DDoS) attack in IoT network. Our proposed model tackles the security issue concerning the threats from bots. Different machine learning algorithms such as K- Nearest Neighbour (KNN), Naive Bayes model and Multi-layer Perception Artificial Neural Network (MLP ANN) were used to develop a model where data are trained by BoT-IoT dataset. The best algorithm was selected by a reference point based on accuracy percentage and area under the receiver operating characteristics curve (ROC AUC) score. Feature engineering and Synthetic minority oversampling technique (SMOTE) were combined with machine learning algorithms (MLAs). Performance comparison of three algorithms used was done in class imbalance dataset and on the class balanced dataset.

Machine Learning

Yazeed Alotaibi,Mohammad Ilyas

DOI: https://doi.org/10.3390/s23125568

2023-06-14

Abstract:The Internet of Things (IoT) comprises a network of interconnected nodes constantly communicating, exchanging, and transferring data over various network protocols. Studies have shown that these protocols pose a severe threat (Cyber-attacks) to the security of data transmitted due to their ease of exploitation. In this research, we aim to contribute to the literature by improving the Intrusion Detection System (IDS) detection efficiency. In order to improve the efficiency of the IDS, a binary classification of normal and abnormal IoT traffic is constructed to enhance the IDS performance. Our method employs various supervised ML algorithms and ensemble classifiers. The proposed model was trained on TON-IoT network traffic datasets. Four of the trained ML-supervised models have achieved the highest accurate outcomes; Random Forest, Decision Tree, Logistic Regression, and K-Nearest Neighbor. These four classifiers are fed to two ensemble approaches: voting and stacking. The ensemble approaches were evaluated using the evaluation metrics and compared for their efficacy on this classification problem. The accuracy of the ensemble classifiers was higher than that of the individual models. This improvement can be attributed to ensemble learning strategies that leverage diverse learning mechanisms with varying capabilities. By combining these strategies, we were able to enhance the reliability of our predictions while reducing the occurrence of classification errors. The experimental results show that the framework can improve the efficiency of the Intrusion Detection System, achieving an accuracy rate of 0.9863.