Botnet attacks detection in IoT environment using machine learning techniques

Abstract: IoT devices with weak security designs are a serious threat to organizations. They are the building blocks of Botnets, the platforms that launch organized attacks that are capable of shutting down an entire infrastructure. Researchers have been developing IDS solutions that can counter such threats, often by employing innovation from other disciplines like artificial intelligence and machine learning. One of the issues that may be encountered when machine learning is used is dataset purity. Since they are not captured from perfect environments, datasets may contain data that could affect the machine learning process, negatively. Algorithms already exist for such problems. Repeated Edited Nearest Neighbor (RENN), Encoding Length (Explore), and Decremental Reduction Optimization Procedure 5 (DROP5) algorithm can filter noises out of datasets. They also provide other benefits such as instance reduction which could help reduce larger Botnet datasets, without sacrificing their quality. Three datasets were chosen in this study to construct an IDS: IoTID20, N-BaIoT and MedBIoT. The filtering algorithms, RENN, Explore, and DROP5 were used on them to filter noise and reduce instances. Noise was also injected and filtered again to assess the resilience of these filters. Then feature optimizations were used to shrink the dataset features. Finally, machine learning was applied on the processed dataset and the resulting IDS was evaluated with the standard supervised learning metrics: Accuracy, Precision, Recall, Specificity, F-Score and G-Mean. Results showed that RENN and DROP5 filtering delivered excellent results. DROP5, in particular, managed to reduce the dataset substantially without sacrificing accuracy. However, when noise got injected, the DROP5 accuracy went down and could not keep up. Of the three dataset, N-BaIoT delivers the best accuracy overall across the learning techniques.

How to cite this paper

 AL-Akhras, M., Alshunaybir, A., Omar, H & Alhazmi, S. (2023). Botnet attacks detection in IoT environment using machine learning techniques.International Journal of Data and Network Science, 7(4), 1683-1706.

Refrences

Al Shorman, A., Faris, H., & Aljarah, I. (2020). Unsupervised intelligent system based on one class support vector ma-chine and Grey Wolf optimization for IoT botnet detection. Journal of Ambient Intelligence and Humanized Compu-ting, 11(7), 2809–2825.
Al-Gethami, K. M., Al-Akhras, M. T., & Alawairdhi, M. (2021). Empirical evaluation of noise influence on supervised machine learning algorithms using intrusion detection datasets. Security and Communication Networks, 2021, 1-28.
Aljarah, I. (2019). Aljarrahcs/EvoloPy-FS [Python]. https://github.com/aljarrahcs/EvoloPy-FS (Original work published 2019)
Anthi, E., Williams, L., & Burnap, P. (2018). Pulse: An adaptive intrusion detection for the internet of things.
Ayad, A., Zamani, A., Schmeink, A., & Dartmann, G. (2019). Design and Implementation of a Hybrid Anomaly Detection System for IoT. https://doi.org/10.1109/IOTSMS48152.2019.8939206
Beigi, E. B., Jazi, H. H., Stakhanova, N., & Ghorbani, A. A. (2014). Towards effective feature selection in machine learn-ing-based botnet detection approaches. 2014 IEEE Conference on Communications and Network Security, 247–255.
Cameron-Jones, R. M. (1995). Instance selection by encoding length heuristic with random mutation hill climbing. Eighth Australian Joint Conference on Artificial Intelligence, 99–106.
Chawla, N. V., Bowyer, K. W., Hall, L. O., & Kegelmeyer, W. P. (2002). SMOTE: synthetic minority over-sampling tech-nique. Journal of Artificial Intelligence Research, 16, 321–357.
Demeter, D., Preuss, M., & Shmelev, Y. (2019, October 15). IoT: A malware story. SecureList By Kaspersky. https://securelist.com/iot-a-malware-story/94451/
Doshi, R., Apthorpe, N., & Feamster, N. (2018). Machine learning ddos detection for consumer internet of things devices. 2018 IEEE Security and Privacy Workshops (SPW), 29–35.
Faris, H., Hassonah, M. A., Ala’M, A.-Z., Mirjalili, S., & Aljarah, I. (2018). A multiverse optimizer approach for feature selection and optimizing SVM parameters based on a robust system architecture. Neural Computing and Applications, 30(8), 2355–2369. 51
Feingold, J. (2016, October 27). Dyn issues analysis of ‘complex and sophisticated’ cyberattacks. NH Business Review. https://www.nhbr.com/dyn-issues-analysisof-complex-and-sophisticated-cyberattacks/
Guerra-Manzanares, A., Medina-Galindo, J., Bahsi, H., & Nõmm, S. (2021). MedBIoT: Generation of an IoT Botnet Da-taset in a Medium-sized IoT Network. 207–218. https://www.scitepress.org/Link.aspx?doi=10.5220/0009187802070218
Habib, M., Aljarah, I., & Faris, H. (2020). A Modified Multi-objective Particle Swarm Optimizer-Based Lévy Flight: An Approach Toward Intrusion Detection in Internet of Things. Arabian Journal for Science and Engineering, 45(8), 6081–6108.
Han, J., Pei, J., & Kamber, M. (2011). Data Mining: Concepts and Techniques. Elsevier.
Hecht-Nielsen, R. (1992). Theory of the backpropagation neural network. In Neural networks for perception (pp. 65–93). Elsevier.
Kang, H., Ahn, D. H., Lee, G. M., Yoo, J. D., Park, K. H., & Kim, H. K. (2019). IoT network intrusion dataset. IEEE Data-port.
Kennedy, J., & Eberhart, R. (1995). Particle swarm optimization. Proceedings of ICNN’95-International Conference on Neural Networks, 4, 1942–1948.
Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J. (2019). Survey of intrusion detection systems: Techniques, da-tasets and challenges. Cybersecurity, 2(1), 1– 22.
Kim, J., Shim, M., Hong, S., Shin, Y., & Choi, E. (2020). Intelligent Detection of IoT Botnets Using Machine Learning and Deep Learning. Applied Sciences, 10(19), 7009.
Koroniotis, N., Moustafa, N., Sitnikova, E., & Turnbull, B. (2018). Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: Bot-IoT Dataset. ArXiv:1811.00701 [Cs]. http://arxiv.org/abs/1811.00701
Krebs, B. (2017, January 17). Who is Anna-Senpai, the Mirai Worm Author? Krebs on Security. https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-miraiworm-author/
Kumar, A., & Lim, T. J. (2019). EDIMA: Early detection of IoT malware network activity using machine learning tech-niques. 2019 IEEE 5th World Forum on Internet of Things (WF-IoT), 289–294.
Labonne, M. (2020). Anomaly-based network intrusion detection using machine learning. Institut Polytechnique de Paris.
Mafarja, M., Heidari, A. A., Habib, M., Faris, H., Thaher, T., & Aljarah, I. (2020). Augmented whale feature selection for IoT attacks: Structure, analysis and applications. Future Generation Computer Systems, 112, 18–40.
McDermott, C. D., Majdani, F., & Petrovski, A. V. (2018). Botnet detection in the internet of things using deep learning approaches. 2018 International Joint Conference on Neural Networks (IJCNN), 52, 1–8.
Meidan, Y., Bohadana, M., Mathov, Y., Mirsky, Y., Breitenbacher, D., Shabtai, A., & Elovici, Y. (2018). N-BaIoT: Net-work-based Detection of IoT Botnet Attacks Using Deep Autoencoders.
Mirjalili, S., Mirjalili, S. M., & Hatamlou, A. (2016). Multi-verse optimizer: A natureinspired algorithm for global opti-mization. Neural Computing and Applications, 27(2), 495–513.
Mirjalili, S., Mirjalili, S. M., & Lewis, A. (2014). Grey wolf optimizer. Advances in Engineering Software, 69, 46–61.
Mohamed, T., Otsuka, T., & Ito, T. (2018). Towards Machine Learning Based IoT Intrusion Detection Service. In M. Mouhoub, S. Sadaoui, O. Ait Mohamed, & M. Ali (Eds.), Recent Trends and Future Technology in Applied Intelli-gence (pp. 580–585). Springer International Publishing. https://doi.org/10.1007/978-3-319- 92058-0_56
Rathore, S., & Park, J. (2018). Semi-supervised learning based distributed attack detection framework for IoT. Applied Soft Computing, 72. https://doi.org/10.1016/j.asoc.2018.05.049
Safavian, S. R., & Landgrebe, D. (1991). A survey of decision tree classifier methodology. IEEE Transactions on Systems, Man, and Cybernetics, 21(3), 660– 674.
Stanfill, C., & Waltz, D. (1986). Toward memory-based reasoning. Communications of the ACM, 29(12), 1213–1228.
Statista, I. H. S. (2018). Internet of Things (IoT) connected devices installed base worldwide from 2015 to 2025 (in bil-lions).
Ullah, I., & Mahmoud, Q. H. (2020a). A two-level flow-based anomalous activity detection system for IoT networks. Elec-tronics, 9(3), 530.
Ullah, I., & Mahmoud, Q. H. (2020b). A Scheme for Generating a Dataset for Anomalous Activity Detection in IoT Net-works. In C. Goutte & X. Zhu (Eds.), Advances in Artificial Intelligence (pp. 508–520). Springer International Publish-ing. https://doi.org/10.1007/978-3-030-47358-7_52
Wilson, D. R., & Martinez, T. R. (1997). Improved heterogeneous distance functions. Journal of Artificial Intelligence Re-search, 6, 1–34.
Wilson, D. R., & Martinez, T. R. (2000). Reduction techniques for instance-based learning algorithms. Machine Learning, 38(3), 257–286.
Wolpert, D. H., & Macready, W. G. (1997). No free lunch theorems for optimization. IEEE Transactions on Evolutionary Computation, 1(1), 67–82.
Xiao, L., Wan, X., Lu, X., Zhang, Y., & Wu, D. (2018). IoT Security Techniques Based on Machine Learning. ArXiv:1801.06275 [Cs]. http://arxiv.org/abs/1801.06275