ABSTRACT
Technological advancements have been evolving for so long, particularly Internet of Things (IoT) technology that has seen an increase in the number of connected devices surpass non IoT connections. It has unlocked a lot of potential across different organisational settings from healthcare, transportation, smart cities etc. Unfortunately, these advancements also mean that cybercriminals are constantly seeking new ways of exploiting vulnerabilities for malicious and illegal activities. IoT is a technology that presents a golden opportunity for botnet attacks that take advantage of a large number of IoT devices and use them to launch more powerful and sophisticated attacks such as Distributed Denial of Service (DDoS) attacks. This calls for more research geared towards the detection and mitigation of botnet attacks in IoT systems. This paper proposes a feature selection approach that identifies and removes less influential features as part of botnet attack detection method. The feature selection is based on the frequency of occurrence of the value counts in each of the features with respect to total instances. The effectiveness of the proposed approach is tested and evaluated on a standard IoT dataset. The results reveal that the proposed feature selection approach has improved the performance of the botnet attack detection method, in terms of True Positive Rate (TPR) and False Positive Rate (FPR). The proposed methodology provides 100% TPR, 0% FPR and 99.9976% F-score.
- 2021. Snort. https://www.snort.org/. Accessed: 2021-10-20.Google Scholar
- 2021. Zeek. https://zeek.org/. Accessed: 2021-10-20.Google Scholar
- Eirini Anthi, Lowri Williams, Małgorzata Słowińska, George Theodorakopoulos, and Pete Burnap. 2019. A Supervised Intrusion Detection System for Smart Home IoT Devices. IEEE Internet of Things Journal 6, 5 (2019), 9042–9053. https://doi.org/10.1109/JIOT.2019.2926365Google ScholarCross Ref
- Rohan Bapat, Abhijith Mandya, Xinyang Liu, Brendan Abraham, Donald E. Brown, Hyojung Kang, and Malathi Veeraraghavan. 2018. Identifying malicious botnet traffic using logistic regression. In 2018 Systems and Information Engineering Design Symposium (SIEDS). 266–271. https://doi.org/10.1109/SIEDS.2018.8374749Google ScholarCross Ref
- Sana Belguith, Nesrine Kaaniche, Mohammad Hammoudeh, and Tooska Dargahi. 2020. Proud: Verifiable privacy-preserving outsourced attribute based signcryption supporting access policy update for cloud assisted iot applications. Future Generation Computer Systems 111 (2020), 899–918.Google ScholarCross Ref
- D.M. Diab, B. AsSadhan, H. Binsalleeh, S. Lambotharan, K.G. Kyriakopoulos, and I. Ghafir. 2021. Denial of service detection using dynamic time warping. International Journal of Network Management(2021). http://hdl.handle.net/10454/18458Google Scholar
- RaviTeja Gaddam and M. Nandhini. 2017. An analysis of various snort based techniques to detect and prevent intrusions in networks proposal with code refactoring snort tool in Kali Linux environment. In 2017 International Conference on Inventive Communication and Computational Technologies (ICICCT). 10–15. https://doi.org/10.1109/ICICCT.2017.7975177Google ScholarCross Ref
- Sebastian Garcia, Agustin Parmisano, and Maria Jose Erquiaga. 2020. IoT-23: A labeled dataset with malicious and benign IoT network traffic. https://doi.org/10.5281/zenodo.4743746 More details here https://www.stratosphereips.org /datasets-iot23.Google ScholarCross Ref
- Ibrahim Ghafir, Martin Husak, and Vaclav Prenosil. 2014. A survey on intrusion detection and prevention systems. In Proceedings of student conference Zvule, IEEE/UREL. Brno University of Technology, Vol. 1014.Google Scholar
- Ibrahim Ghafir, Konstantinos G. Kyriakopoulos, Francisco J. Aparicio-Navarro, Sangarapillai Lambotharan, Basil Assadhan, and Hamad Binsalleeh. 2018. A Basic Probability Assignment Methodology for Unsupervised Wireless Intrusion Detection. IEEE Access 6(2018), 40008–40023. https://doi.org/10.1109/ACCESS.2018.2855078Google ScholarCross Ref
- Ibrahim Ghafir, Konstantinos G. Kyriakopoulos, Sangarapillai Lambotharan, Francisco J. Aparicio-Navarro, Basil Assadhan, Hamad Binsalleeh, and Diab M. Diab. 2019. Hidden Markov Models and Alert Correlations for the Prediction of Advanced Persistent Threats. IEEE Access 7(2019), 99508–99520. https://doi.org/10.1109/ACCESS.2019.2930200Google ScholarCross Ref
- Ibrahim Ghafir, Vaclav Prenosil, Mohammad Hammoudeh, Francisco J. Aparicio-Navarro, Khaled Rabie, and Ahmad Jabban. 2018. Disguised Executable Files in Spear-Phishing Emails: Detecting the Point of Entry in Advanced Persistent Threat. In Proceedings of the 2nd International Conference on Future Networks and Distributed Systems (Amman, Jordan) (ICFNDS ’18). Association for Computing Machinery, New York, NY, USA, Article 44, 5 pages. https://doi.org/10.1145/3231053.3231097Google ScholarDigital Library
- Mohammad Hammoudeh, Ibrahim Ghafir, Ahcène Bounceur, and Thomas Rawlinson. 2019. Continuous Monitoring in Mission-Critical Applications Using the Internet of Things and Blockchain. In Proceedings of the 3rd International Conference on Future Networks and Distributed Systems (Paris, France) (ICFNDS ’19). Association for Computing Machinery, New York, NY, USA, Article 27, 5 pages. https://doi.org/10.1145/3341325.3342018Google ScholarDigital Library
- Mandira Hegde, Gilles Kepnang, Mashail Al Mazroei, Jeffrey S. Chavis, and Lanier Watkins. 2020. Identification of Botnet Activity in IoT Network Traffic Using Machine Learning. In 2020 International Conference on Intelligent Data Science Technologies and Applications (IDSTA). 21–27. https://doi.org/10.1109/IDSTA50958.2020.9264143Google ScholarCross Ref
- Xiaojin Hong, Changzhen Hu, Zhigang Wang, Guoqiang Wang, and Ying Wan. 2012. VisSRA: Visualizing Snort Rules and Alerts. In 2012 Fourth International Conference on Computational Intelligence and Communication Networks. 441–444. https://doi.org/10.1109/CICN.2012.207Google ScholarDigital Library
- MohammadNoor Injadat, Abdallah Moubayed, and Abdallah Shami. 2020. Detecting Botnet Attacks in IoT Environments: An Optimized Machine Learning Approach. In 2020 32nd International Conference on Microelectronics (ICM). 1–4. https://doi.org/10.1109/ICM50269.2020.9331794Google ScholarCross Ref
- Shreehar Joshi and Eman Abdelfattah. 2020. Efficiency of Different Machine Learning Algorithms on the Multivariate Classification of IoT Botnet Attacks. In 2020 11th IEEE Annual Ubiquitous Computing, Electronics Mobile Communication Conference (UEMCON). 0517–0521. https://doi.org/10.1109/UEMCON51285.2020.9298095Google ScholarCross Ref
- Georgios Kambourakis, Constantinos Kolias, and Angelos Stavrou. 2017. The Mirai botnet and the IoT Zombie Armies. In MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM). 267–272. https://doi.org/10.1109/MILCOM.2017.8170867Google ScholarDigital Library
- Knud Lasse Lueth. 2021. State of the IoT 2020: 12 billion IoT connections, surpassing non-IoT for the first time. https://iot-analytics.com/state-of-the-iot-2020-12-billion-iot-connections-surpassing-non-iot-for-the-first-time/. Accessed: 2021-10-07.Google Scholar
- Arash Mahboubi, Seyit Camtepe, and Keyvan Ansari. 2020. Stochastic Modeling of IoT Botnet Spread: A Short Survey on Mobile Malware Spread Modeling. IEEE Access 8(2020), 228818–228830. https://doi.org/10.1109/ACCESS.2020.3044277Google ScholarCross Ref
- Joel Margolis, Tae Tom Oh, Suyash Jadhav, Young Ho Kim, and Jeong Neyo Kim. 2017. An In-Depth Analysis of the Mirai Botnet. In 2017 International Conference on Software Security and Assurance (ICSSA). 6–12. https://doi.org/10.1109/ICSSA.2017.12Google ScholarCross Ref
- Bhabendu Kumar Mohanta, Debasish Jena, Somula Ramasubbareddy, Mahmoud Daneshmand, and Amir H. Gandomi. 2021. Addressing Security and Privacy Issues of IoT Using Blockchain Technology. IEEE Internet of Things Journal 8, 2 (2021), 881–888. https://doi.org/10.1109/JIOT.2020.3008906Google ScholarCross Ref
- Segun I. Popoola, Bamidele Adebisi, Mohammad Hammoudeh, Guan Gui, and Haris Gacanin. 2021. Hybrid Deep Learning for Botnet Attack Detection in the Internet-of-Things Networks. IEEE Internet of Things Journal 8, 6 (2021), 4944–4956. https://doi.org/10.1109/JIOT.2020.3034156Google ScholarCross Ref
- Umar Raza, James Lomax, Ibrahim Ghafir, Rupak Kharel, and Ben Whiteside. 2017. An IoT and Business Processes Based Approach for the Monitoring and Control of High Value-Added Manufacturing Processes. In Proceedings of the International Conference on Future Networks and Distributed Systems (Cambridge, United Kingdom) (ICFNDS ’17). Association for Computing Machinery, New York, NY, USA, Article 37, 8 pages. https://doi.org/10.1145/3102304.3102341Google ScholarDigital Library
- Jibran Saleem, Mohammad Hammoudeh, Umar Raza, Bamidele Adebisi, and Ruth Ande. 2018. IoT standardisation: Challenges, perspectives and solution. In Proceedings of the 2nd international conference on future networks and distributed systems. 1–9.Google ScholarDigital Library
- Satyajit Sinha. 2021. State of IoT 2021: Number of connected IoT devices growing 9% to 12.3 billion globally, cellular IoT now surpassing 2 billion. https://iot-analytics.com/number-connected-iot-devices/. Accessed: 2021-10-07.Google Scholar
- Yan Naung Soe, Yaokai Feng, Paulus Insap Santosa, Rudy Hartanto, and Kouichi Sakurai. 2020. Machine Learning-Based IoT-Botnet Attack Detection with Sequential Architecture. Sensors 20, 16 (2020). https://doi.org/10.3390/s20164372Google ScholarCross Ref
- Looking Glass Cyber Solutions. 2019. Looking Glass Threat Map. https://map.lookingglasscyber.com/. Accessed: 2021-10-07.Google Scholar
- Georgios Spathoulas, Nikolaos Giachoudis, Georgios-Paraskevas Damiris, and Georgios Theodoridis. 2019. Collaborative Blockchain-Based Detection of Distributed Denial of Service Attacks Based on Internet of Things Botnets. Future Internet 11, 11 (2019). https://doi.org/10.3390/fi11110226Google ScholarCross Ref
- Kalupahana Liyanage Kushan Sudheera, Dinil Mon Divakaran, Rhishi Pratap Singh, and Mohan Gurusamy. 2021. ADEPT: Detection and Identification of Correlated Attack Stages in IoT Networks. IEEE Internet of Things Journal 8, 8 (2021), 6591–6607. https://doi.org/10.1109/JIOT.2021.3055937Google ScholarCross Ref
- Li Suhuan and Huang Xiaojun. 2019. Android Malware Detection Based on Logistic Regression and XGBoost. In 2019 IEEE 10th International Conference on Software Engineering and Service Science (ICSESS). 528–532. https://doi.org/10.1109/ICSESS47205.2019.9040851Google ScholarCross Ref
- Javier Velasco-Mata, Víctor González-Castro, Eduardo Fidalgo Fernández, and Enrique Alegre. 2021. Efficient Detection of Botnet Traffic by Features Selection and Decision Trees. IEEE Access 9(2021), 120567–120579. https://doi.org/10.1109/ACCESS.2021.3108222Google ScholarCross Ref
- Steven Walker-Roberts, Mohammad Hammoudeh, Omar Aldabbas, Mehmet Aydin, and Ali Dehghantanha. 2020. Threats on the horizon: Understanding security threats in the era of cyber-physical systems. The Journal of Supercomputing 76, 4 (2020), 2643–2664.Google ScholarDigital Library
- Rizky Tri Wiyono and Niken Dwi Wahyu Cahyani. 2020. Performance Analysis of Decision Tree C4.5 as a Classification Technique to Conduct Network Forensics for Botnet Activities in Internet of Things. In 2020 International Conference on Data Science and Its Applications (ICoDSA). 1–5. https://doi.org/10.1109/ICoDSA50139.2020.9212932Google ScholarCross Ref
- Helena Wood, Tom Keatinge, Keith Ditcham, and Ardi Janjeva. 2021. The Silent Threat: The Impact of Fraud on UK National Security. https://rusi.org/explore-our-research/publications/occasional-papers/silent-threat-impact-fraud-uk-national-security. Accessed: 2021-10-07.Google Scholar
- Sanjay Yadav and Sanyam Shukla. 2016. Analysis of k-Fold Cross-Validation over Hold-Out Validation on Colossal Datasets for Quality Classification. In 2016 IEEE 6th International Conference on Advanced Computing (IACC). 78–83. https://doi.org/10.1109/IACC.2016.25Google ScholarCross Ref
- Lihua Yin, Xi Luo, Chunsheng Zhu, Liming Wang, Zhen Xu, and Hui Lu. 2020. ConnSpoiler: Disrupting C amp;C Communication of IoT-Based Botnet Through Fast Detection of Anomalous Domain Queries. IEEE Transactions on Industrial Informatics 16, 2 (2020), 1373–1384. https://doi.org/10.1109/TII.2019.2940742Google ScholarCross Ref
- Ma Zhaofeng, Wang Lingyun, Wang Xiaochang, Wang Zhen, and Zhao Weizhe. 2020. Blockchain-Enabled Decentralized Trust Management and Secure Usage Control of IoT Big Data. IEEE Internet of Things Journal 7, 5 (2020), 4000–4015. https://doi.org/10.1109/JIOT.2019.2960526Google ScholarCross Ref
Recommendations
Machine Learning-Enabled IoT Security: Open Issues and Challenges Under Advanced Persistent Threats
Despite its technological benefits, the Internet of Things (IoT) has cyber weaknesses due to vulnerabilities in the wireless medium. Machine Larning (ML)-based methods are widely used against cyber threats in IoT networks with promising performance. An ...
A comparative analysis of machine learning techniques for botnet detection
SIN '17: Proceedings of the 10th International Conference on Security of Information and NetworksDay by day more and more devices are getting connected to the Internet and with the advent of the Internet of Things, this rate has had an exponential growth. The lack of security in devices connected to the IoT is making them hot targets for cyber-...
Detection and classification of different botnet C&C channels
ATC'11: Proceedings of the 8th international conference on Autonomic and trusted computingUnlike other types of malware, botnets are characterized by their command and control (C&C) channels, through which a central authority, the botmaster, may use the infected computer to carry out malicious activities. Given the damage botnets are capable ...
Comments