scispace - formally typeset
Search or ask a question
Book ChapterDOI

Identification of botnet attacks using hybrid machine learning models

TL;DR: In this paper, three hybrid models are proposed which are developed by integrating multiple machine learning algorithms like Random Forest (RF), Support Vector Machine (SVM), Naive Bayes (NB), K-Nearest Neighbor (KNN) and Linear Regression (LR).
Abstract: Botnet attacks are the new threat in the world of cyber security. In the last few years with the rapid growth of IoT based Technology and networking systems connecting large number of devices, attackers can deploy bots on the network and perform large scale cyber-attacks which can affect anything from millions of personal computers to large scale organizations. Hence, there is a necessity to implement countermeasures to over-come botnet attacks. In this paper, three hybrid models are proposed which are developed by integrating multiple machine learning algorithms like Random Forest (RF), Support Vector Machine (SVM), Naive Bayes (NB), K-Nearest Neighbor (KNN) and Linear Regression (LR). According to our experimental analysis, the RF-SVM has the highest accuracy (85.34%) followed by RF-NB-K-NN (83.36%) and RF-KNN-LR (79.56%).
Citations
More filters
Journal ArticleDOI
TL;DR: The proposed mechanisms outperforms in identifying accurately multi-variant sophisticated bot attacks by achieving 99.94% detection rate and the proposed technique attains 0.066(ms) time that shows the promising results in terms of speed efficiency.
Abstract: Industrial Internet of Things (IIoT) formation of richer ecosystem of intelligent interconnected devices while enabling new levels of digital innovation has essentially transformed and revolutionized global manufacturing and industry 4.0. Conversely, the prevalent distributed nature of IIoT, Industrial 5G, underlying IoT sensing devices, IT/OT convergence, Edge Computing, and Time Sensitive Networking makes it an impressive and potential target for cyber-attackers. Multi-variant persistent and sophisticated bot attacks are considered catastrophic for connects IIoTs. Besides, botnet attack detection is extremely complex and decisive. Thus, efficient and timely detection of IIoT botnets is a dire need of the day. We propose a hybrid intelligent Deep Learning (DL)-enabled mechanism to secure IIoT infrastructure from lethal and sophisticated multi-variant botnet attacks. The proposed mechanism has been rigorously evaluated with latest available dataset, standard and extended performance evaluation metrics, and current DL benchmark algorithms. Besides, cross validation of our results are also performed to clearly show overall performance. The proposed mechanisms outperforms in identifying accurately multi-variant sophisticated bot attacks by achieving 99.94% detection rate. Besides, our proposed technique attains 0.066(ms) time that also shows the promising results in terms of speed efficiency.

25 citations

Journal ArticleDOI
TL;DR: In this article, a systematic literature review on botnets is presented to the reader in order to obtain an understanding of the incentives, evolution, detection, mitigation and current trends within the field of botnet research in pervasive computing.
Abstract: Botnets, groups of malware-infected hosts controlled by malicious actors, have gained prominence in an era of pervasive computing and the Internet of Things. Botnets have shown a capacity to perform substantial damage through distributed denial-of-service attacks, information theft, spam and malware propagation. In this paper, a systematic literature review on botnets is presented to the reader in order to obtain an understanding of the incentives, evolution, detection, mitigation and current trends within the field of botnet research in pervasive computing. The literature review focuses particularly on the topic of botnet detection and the proposed solutions to mitigate the threat of botnets in system security. Botnet detection and mitigation mechanisms are categorised and briefly described to allow for an easy overview of the many proposed solutions. The paper also summarises the findings to identify current challenges and trends within research to help identify improvements for further botnet mitigation research.

10 citations

Journal ArticleDOI
TL;DR: Simulation results show that the proposed Fuzzy-PID controller tuned with CS outperforms in terms of the accuracy, robustness and the least control effort.
Abstract: The main aim of this study consists of proposing a simple but effective and robust approach for PID type fuzzy controller (Fuzzy-PID) in order to improve the dynamics and stability of a ma...

10 citations

References
More filters
Journal ArticleDOI
TL;DR: The intent for this dataset is to assist various researchers in acquiring datasets of this kind for testing, evaluation, and comparison purposes, through sharing the generated datasets and profiles.

1,050 citations

Journal ArticleDOI
01 Nov 2013
TL;DR: This paper design, implement, and evaluate a novel intrusion detection system for the IoT that is primarily target routing attacks such as spoofed or altered information, sinkhole, and selective-forwarding, but can be extended to detect other attacks.
Abstract: In the Internet of Things (IoT), resource-constrained things are connected to the unreliable and untrusted Internet via IPv6 and 6LoWPAN networks. Even when they are secured with encryption and authentication, these things are exposed both to wireless attacks from inside the 6LoWPAN network and from the Internet. Since these attacks may succeed, Intrusion Detection Systems (IDS) are necessary. Currently, there are no IDSs that meet the requirements of the IPv6-connected IoT since the available approaches are either customized for Wireless Sensor Networks (WSN) or for the conventional Internet. In this paper we design, implement, and evaluate a novel intrusion detection system for the IoT that we call SVELTE. In our implementation and evaluation we primarily target routing attacks such as spoofed or altered information, sinkhole, and selective-forwarding. However, our approach can be extended to detect other attacks. We implement SVELTE in the Contiki OS and thoroughly evaluate it. Our evaluation shows that in the simulated scenarios, SVELTE detects all malicious nodes that launch our implemented sinkhole and/or selective forwarding attacks. However, the true positive rate is not 100%, i.e., we have some false alarms during the detection of malicious nodes. Also, SVELTE's overhead is small enough to deploy it on constrained nodes with limited energy and memory capacity.

741 citations

Proceedings ArticleDOI
24 May 2018
TL;DR: In this paper, the authors demonstrate that using IoT-specific network behaviors (e.g., limited number of endpoints and regular time intervals between packets) to inform feature selection can result in high accuracy DDoS detection in IoT network traffic.
Abstract: An increasing number of Internet of Things (IoT) devices are connecting to the Internet, yet many of these devices are fundamentally insecure, exposing the Internet to a variety of attacks. Botnets such as Mirai have used insecure consumer IoT devices to conduct distributed denial of service (DDoS) attacks on critical Internet infrastructure. This motivates the development of new techniques to automatically detect consumer IoT attack traffic. In this paper, we demonstrate that using IoT-specific network behaviors (e.g., limited number of endpoints and regular time intervals between packets) to inform feature selection can result in high accuracy DDoS detection in IoT network traffic with a variety of machine learning algorithms, including neural networks. These results indicate that home gateway routers or other network middleboxes could automatically detect local IoT device sources of DDoS attacks using low-cost machine learning algorithms and traffic data that is flow-based and protocol-agnostic.

504 citations

Journal ArticleDOI
TL;DR: In this article, a distributed denial-of-service attack demonstrated the high vulnerability of Internet of Things (IoT) systems and devices and addressed this challenge will require scalable security solutions optimized for the IoT ecosystem.
Abstract: Recent distributed denial-of-service attacks demonstrate the high vulnerability of Internet of Things (IoT) systems and devices. Addressing this challenge will require scalable security solutions optimized for the IoT ecosystem.

470 citations

Journal ArticleDOI
TL;DR: This paper shows experimentally that it is possible to identify the presence of existing and unknown botnets activity with high accuracy even with very small time windows by classifying behavior based on time intervals.

301 citations

Trending Questions (1)
What is botnet attack?

Botnet attacks are large-scale cyber-attacks where attackers deploy bots on a network to target millions of devices or organizations.