Unsupervised Anomaly Based Botnet Detection in IoT Networks

Anomaly-based detection of the IoT botnets with emphasis on feature selection is elaborated in this paper. Due to the rapid growth of the Internet of Things technology, the number of vulnerable devices that become a part of a botnet has grown significantly. The detection of such malicious traffic is essential for taking timely countermeasures. While the idea of anomaly-based attack detection is not new and has been extensively studied, much less attention has been paid to dimensionality reduction in learning models induced for IoT networks. In this paper, we showed that it is possible to induce high accurate unsupervised learning models with reduced feature set sizes, which enables to decrease the required computational resources. Training one common model for all IoT devices, instead of dedicated model for each device, is another design option that is evaluated for resource optimization.

[1]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[2]  Albert Y. Zomaya,et al.  A Dimension Reduction Model and Classifier for Anomaly-Based Intrusion Detection in Internet of Things , 2017, 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[3]  Charu C. Aggarwal,et al.  Data Mining: The Textbook , 2015 .

[4]  Nick Feamster,et al.  Machine Learning DDoS Detection for Consumer Internet of Things Devices , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[5]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[6]  Sven Nomm,et al.  Dimensionality Reduction for Machine Learning Based IoT Botnet Detection , 2018, 2018 15th International Conference on Control, Automation, Robotics and Vision (ICARCV).

[7]  George C. Hadjichristofi,et al.  Internet of Things: Security vulnerabilities and challenges , 2015, 2015 IEEE Symposium on Computers and Communication (ISCC).

[8]  A. Nur Zincir-Heywood,et al.  Exploring a service-based normal behaviour profiling system for botnet detection , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[9]  Sean Carlisto de Alvarenga,et al.  A survey of intrusion detection in Internet of Things , 2017, J. Netw. Comput. Appl..

[10]  Christopher Krügel,et al.  BotFinder: finding bots in network traffic without deep packet inspection , 2012, CoNEXT '12.

[11]  Ronaldo M. Salles,et al.  Botnets: A survey , 2013, Comput. Networks.

[12]  Erol Gelenbe,et al.  Deep Learning with Dense Random Neural Networks for Detecting Attacks Against IoT-Connected Home Environments , 2018, Euro-CYBERSEC.

[13]  Shouhuai Xu,et al.  A Framework for Understanding Botnets , 2009, 2009 International Conference on Availability, Reliability and Security.

[14]  Yuval Elovici,et al.  N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders , 2018, IEEE Pervasive Computing.

[15]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.