Collaborative Life-Cycle-Based Botnet Detection in IoT Using Event Entropy

摘要

This paper introduces a collaborative and distributed method for botnet detection in massive networks such as internet of things (IoT) and wide area networks (WAN). The method is model-based and designed as a multi-agent system where the agents are situated on IoT devices. Every agent analyzes the events' entropies, then exchanges its decision with its neighbors aiming at establishing global decision if a botnet is ongoing to be installed within the network or not. Decisions spread over the network where a consensual dominant decision can emerge. In previous similar works, it was necessary to use some central hosts in order to compute global decisions. So, scalability is compromised, and the solution is not suited for massive networks such as IoT. The proposed approach does not require any central control, which allows it to be used in IoT and ad hoc networks. Furthermore, the botnet is detected at the early stage of its life-cycle. Conducted experiments have shown that the proposed approach is well suited for botnet detection in IoT and WAN.