A Technique for Generating a Botnet Dataset for Anomalous Activity Detection in IoT Networks

In recent times, the number of Internet of Things (IoT) devices and the applications developed for these devices has increased; as a result, these IoT devices are targeted by many malicious activities that cause potential damage in many smart infrastructures. A technique is required to appropriately classify anomalous activities to minimize the impact of these activities. The IoT networks are difficult to analyze and test because of the lack of sufficient well-structured IoT datasets for anomaly-based intrusion detection. In this paper, we present a technique we have used to generate a new Botnet dataset, from an existing one, for anomalous activity detection in IoT networks. The new IoT botnet dataset has a wider network and flow-based features. A flow-based Intrusion Detection System (IDS) can be analyzed and tested using flow-based features. Finally, we use different machine learning methods to test the accuracy of our proposed dataset. We also test the accuracy of our proposed dataset through various feature correlation and the methodology for recursive feature elimination. Our proposed IoT botnet dataset provides a ground to analyze and evaluate anomalous activity detection model for IoT networks. We have shared the newly generated Botnet dataset publicly, and a link is provided in this paper.

[1]  Vipin Kumar,et al.  A Comparative Study of Classification Techniques for Intrusion Detection , 2013, 2013 International Symposium on Computational and Business Intelligence.

[2]  Qusay H. Mahmoud,et al.  A Scheme for Generating a Dataset for Anomalous Activity Detection in IoT Networks , 2020, Canadian Conference on AI.

[3]  Andreas Hotho,et al.  A Survey of Network-based Intrusion Detection Data Sets , 2019, Comput. Secur..

[4]  Ali A. Ghorbani,et al.  Detecting P2P botnets through network behavior analysis and machine learning , 2011, 2011 Ninth Annual International Conference on Privacy, Security and Trust.

[5]  Yuval Elovici,et al.  Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection , 2018, NDSS.

[6]  Ali A. Ghorbani,et al.  Characterization of Tor Traffic using Time based Features , 2017, ICISSP.

[7]  Yuval Elovici,et al.  N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders , 2018, IEEE Pervasive Computing.

[8]  Qusay H. Mahmoud,et al.  A Two-Level Flow-Based Anomalous Activity Detection System for IoT Networks , 2020, Electronics.

[9]  Qusay H. Mahmoud,et al.  An intrusion detection framework for the smart grid , 2017, 2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE).

[10]  Qusay H. Mahmoud,et al.  A Two-Level Hybrid Model for Anomalous Activity Detection in IoT Networks , 2019, 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[11]  Solane Duque,et al.  Using Data Mining Algorithms for Developing a Model for Intrusion Detection System (IDS) , 2015, Complex Adaptive Systems.

[12]  Elena Sitnikova,et al.  Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: Bot-IoT Dataset , 2018, Future Gener. Comput. Syst..

[13]  Ali A. Ghorbani,et al.  Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy , 2019, 2019 International Carnahan Conference on Security Technology (ICCST).

[14]  Helge Janicke,et al.  Semantics-aware detection of targeted attacks: a survey , 2017, Journal of Computer Virology and Hacking Techniques.

[15]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[16]  Linus Johansson,et al.  Improving Intrusion Detection for IoT Networks , 2018 .

[17]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[18]  Parminder Singh,et al.  Design, deployment and use of HTTP-based botnet (HBB) testbed , 2014, 16th International Conference on Advanced Communication Technology.

[19]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[20]  Qusay H. Mahmoud,et al.  A filter-based feature selection model for anomaly-based intrusion detection systems , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[21]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[22]  Geethapriya Thamilarasu,et al.  Towards Deep-Learning-Driven Intrusion Detection for the Internet of Things , 2019, Sensors.

[23]  N. Ugtakhbayar,et al.  A Hybrid Model for Anomaly-Based Intrusion Detection System , 2020 .