Botnet Attack Detection Using Local Global Best Bat Algorithm for Industrial Internet of Things

The need for timely identification of Distributed Denial-of-Service (DDoS) attacks in the Internet of Things (IoT) has become critical in minimizing security risks as the number of IoT devices deployed rapidly grows globally and the volume of such attacks rises to unprecedented levels. Instant detection facilitates network security by speeding up warning and disconnection from the network of infected IoT devices, thereby preventing the botnet from propagating and thereby stopping additional attacks. Several methods have been developed for detecting botnet attacks, such as Swarm Intelligence (SI) and Evolutionary Computing (EC)-based algorithms. In this study, we propose a Local-Global best Bat Algorithm for Neural Networks (LGBA-NN) to select both feature subsets and hyperparameters for efficient detection of botnet attacks, inferred from 9 commercial IoT devices infected by two botnets: Gafgyt and Mirai. The proposed Bat Algorithm (BA) adopted the local-global best-based inertia weight to update the bat’s velocity in the swarm. To tackle with swarm diversity of BA, we proposed Gaussian distribution used in the population initialization. Furthermore, the local search mechanism was followed by the Gaussian density function and local-global best function to achieve better exploration during each generation. Enhanced BA was further employed for neural network hyperparameter tuning and weight optimization to classify ten different botnet attacks with an additional one benign target class. The proposed LGBA-NN algorithm was tested on an N-BaIoT data set with extensive real traffic data with benign and malicious target classes. The performance of LGBA-NN was compared with several recent advanced approaches such as weight optimization using Particle Swarm Optimization (PSO-NN) and BA-NN. The experimental results revealed the superiority of LGBA-NN with 90% accuracy over other variants, i.e., BA-NN (85.5% accuracy) and PSO-NN (85.2% accuracy) in multi-class botnet attack detection.

[1]  Tariq Mahmood,et al.  Security Analytics: Big Data Analytics for cybersecurity: A review of trends, techniques and tools , 2013, 2013 2nd National Conference on Information Assurance (NCIA).

[2]  Waheb A. Jabbar,et al.  Deep learning-based classification model for botnet attack detection , 2020, Journal of Ambient Intelligence and Humanized Computing.

[3]  Suleiman Y. Yerima,et al.  Deep Learning Techniques for Android Botnet Detection , 2021, Electronics.

[4]  Marcin Woźniak,et al.  Algorithm Research of Known-plaintext Attack on Double Random Phase Mask Based on WSNs , 2019 .

[5]  Xin-She Yang,et al.  A New Metaheuristic Bat-Inspired Algorithm , 2010, NICSO.

[6]  Neelu Khare,et al.  An efficient XGBoost–DNN-based classification model for network intrusion detection system , 2020, Neural Computing and Applications.

[7]  Steven I. Krich,et al.  Low-Sidelobe Antenna Beamforming Via Stochastic Optimization , 2014, IEEE Transactions on Antennas and Propagation.

[8]  Andrei Petrovski,et al.  Botnet Detection in the Internet of Things using Deep Learning Approaches , 2018, 2018 International Joint Conference on Neural Networks (IJCNN).

[9]  Q. Dong,et al.  Self-adaptive projection algorithms for solving the split equality problems , 2017 .

[10]  Ali Bou Nassif,et al.  Dimensionality reduction with IG-PCA and ensemble classifier for network intrusion detection , 2019, Comput. Networks.

[11]  Ji Yeon Kim,et al.  Intelligent Detection of IoT Botnets Using Machine Learning and Deep Learning , 2020, Applied Sciences.

[12]  Abdallah Shami,et al.  Multi-Stage Optimized Machine Learning Framework for Network Intrusion Detection , 2020, IEEE Transactions on Network and Service Management.

[13]  Omar Almomani,et al.  A Feature Selection Model for Network Intrusion Detection System Based on PSO, GWO, FFA and GA Algorithms , 2020, Symmetry.

[14]  S. H. Kok,et al.  Classification of botnet attacks in IoT smart factory using honeypot combined with machine learning , 2021, PeerJ Comput. Sci..

[15]  Daniel S. Berman,et al.  A Survey of Deep Learning Methods for Cyber Security , 2019, Inf..

[16]  Joel J. P. C. Rodrigues,et al.  Near real-time security system applied to SDN environments in IoT networks using convolutional neural network , 2020, Comput. Electr. Eng..

[17]  Sevil Sen,et al.  Early Detection of Botnet Activities Using Grammatical Evolution , 2019, EvoApplications.

[18]  Fang Liu,et al.  Machine Learning Combining with Visualization for Intrusion Detection: A Survey , 2016, MDAI.

[19]  Thomas A. Mazzuchi,et al.  M-AdaBoost-A based ensemble system for network intrusion detection , 2020, Expert Syst. Appl..

[20]  Hein S. Venter,et al.  A cognitive approach for botnet detection using Artificial Immune System in the cloud , 2014, 2014 Third International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[21]  Nauman Aslam,et al.  An efficient reinforcement learning-based Botnet detection approach , 2020, J. Netw. Comput. Appl..

[22]  Noorhaniza Wahid,et al.  A hybrid network intrusion detection system using simplified swarm optimization (SSO) , 2012, Appl. Soft Comput..

[23]  Femi Emmanuel Ayo,et al.  Ca-NIDS: A network intrusion detection system using combinatorial algorithm approach , 2016 .

[24]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[25]  Qusay H. Mahmoud,et al.  A Two-Level Flow-Based Anomalous Activity Detection System for IoT Networks , 2020, Electronics.

[26]  Leyla Bilge,et al.  The Tangled Genealogy of IoT Malware , 2020, ACSAC.

[27]  Kim-Kwang Raymond Choo,et al.  Detecting Internet of Things attacks using distributed deep learning , 2020, J. Netw. Comput. Appl..

[28]  Mouhammd Alkasassbeh,et al.  An efficient approach to detect IoT botnet attacks using machine learning , 2020, J. High Speed Networks.

[29]  Iraj Mahdavi,et al.  Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms , 2019, J. King Saud Univ. Comput. Inf. Sci..

[30]  Jose M. Alcaraz Calero,et al.  Dynamic Reconfiguration in 5G Mobile Networks to Proactively Detect and Mitigate Botnets , 2017, IEEE Internet Computing.

[31]  Hafiz Tayyab Rauf,et al.  Adaptive inertia weight Bat algorithm with Sugeno-Function fuzzy search , 2020, Appl. Soft Comput..

[32]  Adnan Shahid Khan,et al.  Network intrusion detection system: A systematic study of machine learning and deep learning approaches , 2020, Trans. Emerg. Telecommun. Technol..

[33]  Arputharaj Kannan,et al.  Intelligent feature selection and classification techniques for intrusion detection in networks: a survey , 2013, EURASIP Journal on Wireless Communications and Networking.

[34]  Yuval Elovici,et al.  N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders , 2018, IEEE Pervasive Computing.

[35]  Jason C. Hung,et al.  Botnet Detection Using Support Vector Machines with Artificial Fish Swarm Algorithm , 2014, J. Appl. Math..

[36]  Paulus Insap Santosa,et al.  Machine Learning-Based IoT-Botnet Attack Detection with Sequential Architecture † , 2020, Sensors.

[37]  Li Deng,et al.  A tutorial survey of architectures, algorithms, and applications for deep learning , 2014, APSIPA Transactions on Signal and Information Processing.

[38]  Lianbing Deng,et al.  Mobile network intrusion detection for IoT system based on transfer learning algorithm , 2018, Cluster Computing.

[39]  Jingjing Wang,et al.  A network intrusion detection method based on semantic Re-encoding and deep learning , 2020, J. Netw. Comput. Appl..

[40]  Wei Wei,et al.  Ensemble machine learning approaches for webshell detection in Internet of things environments , 2020, Trans. Emerg. Telecommun. Technol..

[41]  J. K. Kalita,et al.  Botnet in DDoS Attacks: Trends and Challenges , 2015, IEEE Communications Surveys & Tutorials.

[42]  Ashraf B. El-Sisi,et al.  Network Intrusion Detection System based PSO-SVM for Cloud Computing , 2019, International Journal of Computer Network and Information Security.

[43]  Raghvendra Kumar,et al.  Performance evaluation of Botnet DDoS attack detection using machine learning , 2020, Evol. Intell..

[44]  Abdul Rehman Javed,et al.  Ensemble Adaboost classifier for accurate and fast detection of botnet attacks in connected vehicles , 2020, Trans. Emerg. Telecommun. Technol..

[45]  Bernabé Dorronsoro,et al.  Towards a Reliable Comparison and Evaluation of Network Intrusion Detection Systems Based on Machine Learning Approaches , 2020, Applied Sciences.

[46]  Smitha Rajagopal,et al.  A Stacking Ensemble for Network Intrusion Detection Using Heterogeneous Datasets , 2020, Secur. Commun. Networks.

[47]  Sanjay Misra,et al.  Network Intrusion Detection with a Hashing Based Apriori Algorithm Using Hadoop MapReduce , 2019, Comput..

[48]  Qinghe Du,et al.  Deep Learning-Based DDoS-Attack Detection for Cyber–Physical System Over 5G Network , 2021, IEEE Transactions on Industrial Informatics.

[49]  Xue Wang,et al.  Comparison deep learning method to traditional methods using for network intrusion detection , 2016, 2016 8th IEEE International Conference on Communication Software and Networks (ICCSN).

[50]  Manu Vardhan,et al.  Defense against distributed DoS attack detection by using intelligent evolutionary algorithm , 2020, International Journal of Computers and Applications.

[51]  Xin Li,et al.  LNNLS-KH: A Feature Selection Method for Network Intrusion Detection , 2021, Secur. Commun. Networks.

[52]  S. Manimurugan,et al.  Effective Attack Detection in Internet of Medical Things Smart Environment Using a Deep Belief Neural Network , 2020, IEEE Access.

[53]  EMMANOUIL VASILOMANOLAKIS,et al.  Taxonomy and Survey of Collaborative Intrusion Detection , 2015, ACM Comput. Surv..

[54]  Mamun Bin Ibne Reaz,et al.  Review of IDS Develepment Methods in Machine Learning , 2016 .

[55]  K. Muneeswaran,et al.  Firefly algorithm based feature selection for network intrusion detection , 2019, Comput. Secur..

[56]  Ismail Musirin,et al.  Network intrusion detection system using immune-genetic algorithm (IGA) , 2020 .

[57]  Akhan Akbulut,et al.  Evolving deep learning architectures for network intrusion detection using a double PSO metaheuristic , 2020, Comput. Networks.

[58]  Robertas Damasevicius,et al.  LITNET-2020: An Annotated Real-World Network Flow Dataset for Network Intrusion Detection , 2020, Electronics.

[59]  Hossam Faris,et al.  Unsupervised intelligent system based on one class support vector machine and Grey Wolf optimization for IoT botnet detection , 2019, Journal of Ambient Intelligence and Humanized Computing.

[60]  Matthew D. Zeiler ADADELTA: An Adaptive Learning Rate Method , 2012, ArXiv.

[61]  Bingyang Li,et al.  Distributed Abnormal Behavior Detection Approach Based on Deep Belief Network and Ensemble SVM Using Spark , 2018, IEEE Access.

[62]  Yoram Singer,et al.  Adaptive Subgradient Methods for Online Learning and Stochastic Optimization , 2011, J. Mach. Learn. Res..

[63]  Mehdi Asadi,et al.  Detecting botnet by using particle swarm optimization algorithm based on voting system , 2020, Future Gener. Comput. Syst..

[64]  Nour Moustafa,et al.  Forensics and Deep Learning Mechanisms for Botnets in Internet of Things: A Survey of Challenges and Solutions , 2019, IEEE Access.

[65]  Shahram Babaie,et al.  A hybrid intrusion detection system based on ABC-AFS algorithm for misuse and anomaly detection , 2018, Comput. Networks.

[66]  Anchit Bijalwan,et al.  Botnet Forensic Analysis Using Machine Learning , 2020, Secur. Commun. Networks.