An efficient approach to detect IoT botnet attacks using machine learning

摘要

The numerous security loopholes in the design and implementation of many IoT devices have rendered them an easy target for botnet attacks. Several approaches to implement behavioral IoT botnet attacks detection have been explored, including machine learning. The main goal of previous studies was to achieve the highest possible accuracy in distinguishing normal from malicious IoT traffic, with minimal regard to the identification of the particular type of attack that is being launched. In this study, we present a machine learning based approach for detecting IoT botnet attacks that not only helps distinguish normal from malicious traffic, but also detects the type of the IoT botnet attack. To achieve this goal, the Bot-IoT dataset, in which instances have main attack and sub-attack categories, was utilized after performing the Synthetic Minority Over-sampling Technique (SMOTE), among other preprocessing techniques. Moreover, multiple classifiers were tested and the results from the best three, namely: J48, Random Forest (RF), and Multilayer Perceptron (MLP) networks were reported. The results showed the superiority of the RF and J48 classifiers compared to the MLP networks and other state-of-the-art solutions. The accuracy of the best binary classifier reported in this study reached 0.999, whereas the best accuracies of main attack and subcategories classifications reached 0.96 and 0.93, respectively. Only few studies address the classification errors in this domain, yet, it was assessed in this study in terms of False Negative (FN) rates. J48 and RF classifiers, here also, outperformed the MLP network classifier, and achieved a maximum micro FN rate for subcategories classification of 0.076.