Skip to main content
SpringerLink
Log in

VAE-Based Latent Representations Learning for Botnet Detection in IoT Networks

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Botnets pose significant threats to cybersecurity. The infected Internet of Things (IoT) devices are used to launch unsupported malicious activities on target entities to disrupt their operations and services. To address this danger, we propose a machine learning-based method, for detecting botnets by analyzing network traffic data flow including various types of botnet attacks. Our method uses a hybrid model where a Variational AutoEncoder (VAE) is trained in an unsupervised manner to learn latent representations that describe the benign traffic data, and one-class classifier (OCC) for detecting anomaly (also called novelty detection). The main aim of this research is to learn the discriminating representations of the normal data in low dimensional latent space generated by VAE, and thus improve the predictive power of the OCC to detect malicious traffic. We have evaluated the performance of our model, and compared it against baseline models using a real network based dataset, containing popular IoT devices, and presenting a wide variety of attacks from two recent botnet families Mirai and Bashlite. Tests showed that our model can detect botnets with a satisfactory performance.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Data Availability

The data supporting the findings of the article is available in the UC Irvine Machine Learning Repository at https://archive-beta.ics.uci.edu/ml/datasets/detection+of+iot+botnet+attacks+n+baiot.

References

  1. Atzoria, L., Ierab, A., Morabito, G.: The Internet of Things: a survey. Comput. Netw. 54, 2787–2805 (2010). https://doi.org/10.1016/j.comnet.2010.05.010

    Article  Google Scholar 

  2. Bertino, E., Islam, N.: Botnets and Internet of Things security. IEEE Comput. Soc. 50, 76–79 (2017). https://doi.org/10.1109/MC.2017.62

    Article  Google Scholar 

  3. Zeidanloo, H.R., Shooshtari, M., Amoli, P., Safari, M., Zamani, M.A.: Taxonomy of botnet detection techniques. In: IEEE The Third International Conference on Computer Science and Information Technology, pp. 158–162 (2010)

  4. Meidan, Y., et al.: N-BaIoT network based detection of IoT botnet attacks using deep autoencoders. IEEE Pervasive Comput. 17, 12–22 (2018). https://doi.org/10.1109/MPRV.2018.03367731

    Article  Google Scholar 

  5. Kompougias, O., et al.: IoT botnet detection on flow data using autoencoders. In: IEEE International Mediterranean Conference on Communication and Networking (MeditCom), pp. 506–511 (2021)

  6. Shorman, A., Faris, H., Aljarah, I.: Unsupervised intelligence system based on one class support vector machine and grey wolf optimization for iot botnet detection. J. Ambient. Intell. Humaniz. Comput. 11, 2809–2825 (2020). https://doi.org/10.1007/s12652-019-01387-y

    Article  Google Scholar 

  7. Nõmm, S., Bashsi, H.: Unsupervised anomaly based botnet detection in IoT networks. In: IEEE 17th international conference on machine learning and applications, pp. 1048–1053 (2019)

  8. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41, 1–58 (2009). https://doi.org/10.1145/1541880.1541882

    Article  Google Scholar 

  9. Erfani, S., Rajasegarar, S., Karunasekera, S., Leckie, C.: High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning. Pattern Recogn. 58, 121–134 (2016). https://doi.org/10.1016/j.patcog.2016.03.028

    Article  Google Scholar 

  10. Bengio, Y., Courville, A., Vincent, P.: Representation learning: a review and new perspectives. IEEE Trans. Pattern Anal. Mach. Intell. 35, 1798–1828 (2013). https://doi.org/10.1109/TPAMI.2013.50

    Article  Google Scholar 

  11. Zhong, G., Wang, L., Ling, X., Dong, J.: An overview on data representation learning: from traditional feature learning to recent deep learning. J. Finance Data Sci. 2, 265–278 (2016). https://doi.org/10.1016/j.jfds.2017.05.001

    Article  Google Scholar 

  12. Latif, S., Rana, R., Khalifa, S., Jurdak, R.: Survey of deep representation learning for speech emotion recognition. IEEE Trans. Affect. Comput. (2021). https://doi.org/10.1109/TAFFC.2021.3114365

    Article  Google Scholar 

  13. Kingma, D.P., Welling, M.: Auto-encoding variational Bayes (2014). https://arxiv.org/abs/1312.6114

  14. Latif, S., Rana, R., Qadir, J., Epps, J.: Varitional autoencoders for learning latent representations of speech emotion: a preliminary study (2020). https://arxiv.org/abs/1712.08708

  15. Mancisidor, R.A., Kampffeyer, M., Aas, K., Jenssen, R.: Learning latent representations of bank customers with the variational autoencoder. Expert Syst. Appl. 164, 1–13 (2021). https://doi.org/10.1016/j.eswa.2020.114020

    Article  Google Scholar 

  16. Dong, H., Xie, J., Jing, Z., Ren, D.: Variational autoencoder for anti-cancer drug response prediction (2021). https://arxiv.org/abs/2008.09763

  17. Eskandari, M., Janjua, Z.H., Vecchio, M., Antonelli, F.: Passban IDS: an intelligent anomaly-based intrusion detection system for IoT edge devices. IEEE Internet Things J. 7, 6882–6897 (2020). https://doi.org/10.1109/JIOT.2020.2970501

    Article  Google Scholar 

  18. Pathak, A.K., Saguna, S., Mitra, K., Ahlund, C.: Anomaly detection using machine learning to discover sensor tampering in IoT systems. In: IEEE International Conference on Communications (ICC) (2021)

  19. Hafeez, I., Antikainen, M., Ding, A.Y.: IoT-KEEPER: detecting malicious IoT network activity using online traffic analysis at the edge. IEEE Trans. Netw. Serv. Manage. 17, 45–59 (2020). https://doi.org/10.1109/TNSM.2020.2966951

    Article  Google Scholar 

  20. HaddadPajouh, H., Dehghantanha, A., Parizi, R.M., Aledhari, M., Karimipour, H.: A survey on internet of things security: requirements, challenges, and solutions. Internet of Things 14, 1–39 (2021). https://doi.org/10.1016/j.iot.2019.100129

    Article  Google Scholar 

  21. Schiller, E., et al.: Landscape of IoT security. Comput. Sci. Rev. 44, 1–18 (2022). https://doi.org/10.1016/j.cosrev.2022.100467

    Article  Google Scholar 

  22. Wang, Y., Yao, H., Zhao, S.: Auto-encoder based dimensionality reduction. Neurocomputing 184, 232–242 (2016). https://doi.org/10.1016/j.neucom.2015.08.104

    Article  Google Scholar 

  23. Dong, C., Xue, T., Wang, C.: The feature representation ability of variational autoencoder. In: IEEE Third International Conference on Data Science in Cyberspace (DSC), pp. 680–684 (2018)

  24. Cao, V., Nicolau, M., McDermott, J.: A hybrid autoencoder and density estimation model for anomaly detection. In: The International Conference on Parallel Problem Solving from Nature, pp. 717–726 (2016)

  25. Blei, D.M., Kucukelbir, A., McAuliffe, J.D.: Variational inference: a review for statisticians. J. Am. Stat. Assoc. 112, 859–877 (2017). https://doi.org/10.1080/01621459.2017.1285773

    Article  Google Scholar 

  26. Higgins, I., et al.: \(\beta\)-VAE: learning basic visual concepts with a constrained variational framework. In: The international conference on learning representation (ICLR), pp. 1–22 (2017)

  27. Scholkopf, B., Platt, J.C., Shawe-Taylor, J., Smola, A.J., Williamas, R.C.: Estimating the support of a high-dimensional distribution. Neural Comput. 13, 1443–1471 (2001). https://doi.org/10.1162/089976601750264965

    Article  MATH  Google Scholar 

  28. Breunig, M.M., Kriegel, H., Ng, R.T., Sander, J., Williamas, R.C. LOF: identifying density-based local outliers. In: ACM SIGMOD international conference on management of data (SIGMOD), vol. 29, pp. 93–104 (2000)

  29. Liu, F.T., Ting, K.M., Zhou, Z.: Isolation forest. In: Eighth IEEE International Conference on Data Mining, pp. 413–422 (2008)

  30. Ilonen, J., Paalanen, P., Kamarainen, J., Kalviainen, H.: Gaussian mixture pdf in one-class classification: computing and utilizing confidence values. In: 18th International Conference on Pattern Recognition (ICPR’06), pp. 577–580 (2006)

  31. Yeung, D.Y. & Chow, C.: Parzen-window network intrusion detectors. In: International Conference on Pattern Recognition, pp. 385–388 (2002)

  32. An, J., Cho, S.: Variational autoencoder based anomaly detection using reconstruction probability (2015). SNU Data Mining Center. https://dm.snu.ac.kr/static/docs/TR/SNUDM-TR-2015-03.pdf

  33. Friedman, L., Komogortev, O.V.: Assessment of the effectiveness of seven biometric feature normalization techniques. IEEE Trans. Inf. Forensics Secur. 14, 2528–2536 (2019). https://doi.org/10.1109/TIFS.2019.2904844

    Article  Google Scholar 

  34. Zweig, M.H., Campbell, G.: Receiver-operating characteristic (ROC) plots: a fundamental evaluation tool in clinical medicine. Clin. Chem. 39, 561–577 (1993). https://doi.org/10.1093/clinchem/39.4.561

    Article  Google Scholar 

  35. Huang, J., Ling, C.X.: Using AUC and accuracy in evaluating learning algorithms. IEEE Trans. Knowl. Data Eng. 17, 299–310 (2005). https://doi.org/10.1109/TKDE.2005.50

    Article  Google Scholar 

  36. Cao, V.L., Nicolau, M., McDermott, J.: Learning neural representations for network anomaly detection. IEEE Trans. Cybern. 49, 3074–3087 (2018). https://doi.org/10.1109/TCYB.2018.2838668

    Article  Google Scholar 

  37. Pedregosa, F., et al.: Scikit-learn: machine learning in python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    MATH  Google Scholar 

  38. Lee, C.H., et al.: Anomaly detection of storage battery based on isolation forest and hyperparameter tuning. In: Proceedings of the 2020 5th International Conference on Mathematics and Artificial Intelligence (ICMAI), pp. 229–233 (2020)

  39. Xu, Z., Kakde, D., Chaudhuri, A.: Automatic hyperparameter tuning method for local outlier factor, with applications to anomaly detection. In: IEEE International Conference on Big Data (Big Data), pp. 4201–4207 (2019)

  40. Scott, D.W.: Multivariate Density Estimation: Theory, Practice, and Visualization. Wiley Series in Probability and Statistics, Wiley Online Library (1992)

    Book  MATH  Google Scholar 

  41. Schwarz, G.: Estimating the dimension of a model. Ann. Stat. 6, 461–464 (1978)

    Article  MATH  Google Scholar 

  42. Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization (2017). https://arxiv.org/abs/1412.6980

  43. Glorot, X., Bengio, Y.: Understanding the difficulty of training deep feedforward neural networks. In: The International Conference on Artificial Intelligence and Statistics (AISTATS), pp. 249–256 (2010)

  44. Prechelt, L.: Early stopping-but when? In: Nugent, R. (ed.) Neural Networks: Tricks of the Trade. Springer, Berlin (1998)

    Google Scholar 

  45. Hinton, G.E.: Training products of experts by minimizing contrastive divergence. Neural Comput. 14, 1771–1800 (2002). https://doi.org/10.1162/089976602760128018

    Article  MATH  Google Scholar 

  46. Implementation of Deep Belief Network (2021). https://github.com/albertbup/deep-belief-network

  47. Maaten, L., Hinton, G.: Visualizing data using \(t\)-SNE. J. Mach. Learn. Res. 9, 2579–2605 (2008)

    MATH  Google Scholar 

Download references

Funding

No funding was received for conducting this study.

Author information

Authors and Affiliations

  1. Prince Laboratory, ISITCOM Hammam Sousse, University of Sousse, Sousse , Tunisia

    Ramzi Snoussi & Habib Youssef

Authors
  1. Ramzi Snoussi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Habib Youssef
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

This paper resulted from the doctoral work of Ramzi Snoussi under the supervision of professor Habib Youssef. The original draft was written by Ramzi Snoussi then edited, corrected and approved by Habib Youssef.

Corresponding author

Correspondence to Ramzi Snoussi.

Ethics declarations

Competing interests

The authors declare they have no financial interests.

Ethical Approval

There are no human/ or animal subjects in this article and informed consent is not applicable.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Snoussi, R., Youssef, H. VAE-Based Latent Representations Learning for Botnet Detection in IoT Networks. J Netw Syst Manage 31, 4 (2023). https://doi.org/10.1007/s10922-022-09690-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10922-022-09690-4

Keywords

Search

Navigation