Journal
IEEE ACCESS
Volume 9, Issue -, Pages 163412-163430Publisher
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/ACCESS.2021.3131014
Keywords
Botnet; Denial-of-service attack; Performance evaluation; Internet of Things; Computer crime; Protocols; Malware; Internet of Things; IoT botnet; botnet detection; IoT botnet attacks; IoT botnet DDoS attack; DDoS attack prevention; DDoS attack; IoT DDoS attack; botnet attack; botnet DDoS
Categories
Funding
- Centro de Competencias em Cloud Computing (C4) [Operacao Centro-01-0145-FEDER-000019]
- Programa Operacional Regional do Centro (CENTRO 2020) through the Sistema de Apoio a Investigacao Cientica e Tecnologica-Programas Integrados de ICDT
- FCT/MEC
- FEDER-PT2020 Partnership Agreement [UIDB/50008/2020]
- Al-Khwarizmi Institute of Computer Science (KICS), University of Engineering and Technology Lahore (UET), Lahore, Pakistan
- COST (European Cooperation in Science and Technology) [IC1303, CA16226]
Ask authors/readers for more resources
The study proposes a two-fold machine learning approach to prevent and detect IoT botnet attacks by generating a generic dataset and integrating samples from publicly-available datasets, achieving high accuracy and recall rates. Experimental results demonstrate the effectiveness of this approach in efficiently preventing and detecting botnet attacks.
The botnet attack is a multi-stage and the most prevalent cyber-attack in the Internet of Things (IoT) environment that initiates with scanning activity and ends at the distributed denial of service (DDoS) attack. The existing studies mostly focus on detecting botnet attacks after the IoT devices get compromised, and start performing the DDoS attack. Similarly, the performance of most of the existing machine learning based botnet detection models is limited to a specific dataset on which they are trained. As a consequence, these solutions do not perform well on other datasets due to the diversity of attack patterns. Therefore, in this work, we first produce a generic scanning and DDoS attack dataset by generating 33 types of scan and 60 types of DDoS attacks. In addition, we partially integrated the scan and DDoS attack samples from three publicly-available datasets for maximum attack coverage to better train the machine learning algorithms. Afterwards, we propose a two-fold machine learning approach to prevent and detect IoT botnet attacks. In the first fold, we trained a state-of-the-art deep learning model, i.e., ResNet-18 to detect the scanning activity in the premature attack stage to prevent IoT botnet attacks. While, in the second fold, we trained another ResNet-18 model for DDoS attack identification to detect IoT botnet attacks. Overall, the proposed two-fold approach manifests 98.89% accuracy, 99.01% precision, 98.74% recall, and 98.87% f1-score to prevent and detect IoT botnet attacks. To demonstrate the effectiveness of the proposed two-fold approach, we trained three other ResNet-18 models over three different datasets for detecting scan and DDoS attacks and compared their performance with the proposed two-fold approach. The experimental results prove that the proposed two-fold approach can efficiently prevent and detect botnet attacks as compared to other trained models.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available
Share Paper
