Detecting IoT Botnets on IoT Edge Devices

Rapid expansion in the utilization of Internet of things (IoT) devices in everyday life leads to an increase in the attack surface for cybercriminals. IoT devices have been frequently compromised and used for the creation of botnets. The goal of this research is to identify a machine learning method...

Full description

Saved in:
Bibliographic Details
Main Authors: Raghavendra, Meghana, Chen, Zesheng
Format: Conference Proceeding
Language:English
Subjects:
Botnet
Botnets
Conferences
Decision Trees
Image edge detection
Input Perturbation Ranking Algorithm
Intellectual property
Internet of Things
Machine learning
Perturbation methods
Training
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 378
container_issue
container_start_page 373
container_title
container_volume
creator Raghavendra, Meghana
Chen, Zesheng
description Rapid expansion in the utilization of Internet of things (IoT) devices in everyday life leads to an increase in the attack surface for cybercriminals. IoT devices have been frequently compromised and used for the creation of botnets. The goal of this research is to identify a machine learning method that can be run on resource-constrained IoT edge devices to detect IoT botnet traffic accurately in real time. Specifically, we apply both the input perturbation ranking (IPR) algorithm and decision trees to achieve this goal. We study the network snapshots of IoT traffic infected with two botnets, i.e., Mirai and Bashlite, and use IPR with XGBoost to identify nine most important features that distinguish between benign and anomalous traffic for IoT devices. We propose to use decision trees, a supervised machine learning method, because of its simplicity, less time to train and predict, ease to be translated to security policy, and flexibility on balancing detection accuracy and speed. In our experiments, we compare the performance of decision trees with a deep-learning based method, i.e., Kitsune, and other popular supervised machine learning methods. We show that decision trees are with high decision performance (e.g., more than 99.99% accuracy), but with much less training and prediction time than Kitsune and most other machine learning methods. Moreover, we demonstrate that using nine most important features in decision tress, the detection accuracy is similar, but the computation power can be significantly reduced, making botnet detection suitable on IoT edge devices.
doi_str_mv 10.1109/ICCWorkshops53468.2022.9814555
format conference_proceeding
fullrecord <record><control><sourceid>ieee_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_9814555</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9814555</ieee_id><sourcerecordid>9814555</sourcerecordid><originalsourceid>FETCH-LOGICAL-i203t-aabe97960eef8e683751af2c3575337a6cda0a970a83bf2b86a2dff3de6082173</originalsourceid><addsrcrecordid>eNotj8tKw0AUQEdBsLb9AjdZCS4S79w7z6WmVQOFbiouyyS5U-MjKZkg-PeCdnU4mwNHiBsJhZTg76qyfB3Gj_Q2HJMmZVyBgFh4J5XW-kxcSWO0QmMlnYsZGq9y9EpeimVK7wBA0jln1EzcrnjiZur6Q1YNu-xhmHqeUjb0f7puD5yt-LtrOC3ERQyfiZcnzsXL43pXPueb7VNV3m_yDoGmPISavfUGmKNj48hqGSI2pK0mssE0bYDgLQRHdcTamYBtjNSyAYfS0lxc_3c7Zt4fx-4rjD_70xn9AkX0RLc</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Detecting IoT Botnets on IoT Edge Devices</title><source>IEEE Xplore All Conference Series</source><creator>Raghavendra, Meghana ; Chen, Zesheng</creator><creatorcontrib>Raghavendra, Meghana ; Chen, Zesheng</creatorcontrib><description>Rapid expansion in the utilization of Internet of things (IoT) devices in everyday life leads to an increase in the attack surface for cybercriminals. IoT devices have been frequently compromised and used for the creation of botnets. The goal of this research is to identify a machine learning method that can be run on resource-constrained IoT edge devices to detect IoT botnet traffic accurately in real time. Specifically, we apply both the input perturbation ranking (IPR) algorithm and decision trees to achieve this goal. We study the network snapshots of IoT traffic infected with two botnets, i.e., Mirai and Bashlite, and use IPR with XGBoost to identify nine most important features that distinguish between benign and anomalous traffic for IoT devices. We propose to use decision trees, a supervised machine learning method, because of its simplicity, less time to train and predict, ease to be translated to security policy, and flexibility on balancing detection accuracy and speed. In our experiments, we compare the performance of decision trees with a deep-learning based method, i.e., Kitsune, and other popular supervised machine learning methods. We show that decision trees are with high decision performance (e.g., more than 99.99% accuracy), but with much less training and prediction time than Kitsune and most other machine learning methods. Moreover, we demonstrate that using nine most important features in decision tress, the detection accuracy is similar, but the computation power can be significantly reduced, making botnet detection suitable on IoT edge devices.</description><identifier>EISSN: 2694-2941</identifier><identifier>EISBN: 1665426713</identifier><identifier>EISBN: 9781665426718</identifier><identifier>DOI: 10.1109/ICCWorkshops53468.2022.9814555</identifier><language>eng</language><publisher>IEEE</publisher><subject>Botnet ; Botnets ; Conferences ; Decision Trees ; Image edge detection ; Input Perturbation Ranking Algorithm ; Intellectual property ; Internet of Things ; Machine learning ; Perturbation methods ; Training</subject><ispartof>2022 IEEE International Conference on Communications Workshops (ICC Workshops), 2022, p.373-378</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9814555$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,23930,23931,25140,27925,54555,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/9814555$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Raghavendra, Meghana</creatorcontrib><creatorcontrib>Chen, Zesheng</creatorcontrib><title>Detecting IoT Botnets on IoT Edge Devices</title><title>2022 IEEE International Conference on Communications Workshops (ICC Workshops)</title><addtitle>ICC WORKSHOPS</addtitle><description>Rapid expansion in the utilization of Internet of things (IoT) devices in everyday life leads to an increase in the attack surface for cybercriminals. IoT devices have been frequently compromised and used for the creation of botnets. The goal of this research is to identify a machine learning method that can be run on resource-constrained IoT edge devices to detect IoT botnet traffic accurately in real time. Specifically, we apply both the input perturbation ranking (IPR) algorithm and decision trees to achieve this goal. We study the network snapshots of IoT traffic infected with two botnets, i.e., Mirai and Bashlite, and use IPR with XGBoost to identify nine most important features that distinguish between benign and anomalous traffic for IoT devices. We propose to use decision trees, a supervised machine learning method, because of its simplicity, less time to train and predict, ease to be translated to security policy, and flexibility on balancing detection accuracy and speed. In our experiments, we compare the performance of decision trees with a deep-learning based method, i.e., Kitsune, and other popular supervised machine learning methods. We show that decision trees are with high decision performance (e.g., more than 99.99% accuracy), but with much less training and prediction time than Kitsune and most other machine learning methods. Moreover, we demonstrate that using nine most important features in decision tress, the detection accuracy is similar, but the computation power can be significantly reduced, making botnet detection suitable on IoT edge devices.</description><subject>Botnet</subject><subject>Botnets</subject><subject>Conferences</subject><subject>Decision Trees</subject><subject>Image edge detection</subject><subject>Input Perturbation Ranking Algorithm</subject><subject>Intellectual property</subject><subject>Internet of Things</subject><subject>Machine learning</subject><subject>Perturbation methods</subject><subject>Training</subject><issn>2694-2941</issn><isbn>1665426713</isbn><isbn>9781665426718</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2022</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotj8tKw0AUQEdBsLb9AjdZCS4S79w7z6WmVQOFbiouyyS5U-MjKZkg-PeCdnU4mwNHiBsJhZTg76qyfB3Gj_Q2HJMmZVyBgFh4J5XW-kxcSWO0QmMlnYsZGq9y9EpeimVK7wBA0jln1EzcrnjiZur6Q1YNu-xhmHqeUjb0f7puD5yt-LtrOC3ERQyfiZcnzsXL43pXPueb7VNV3m_yDoGmPISavfUGmKNj48hqGSI2pK0mssE0bYDgLQRHdcTamYBtjNSyAYfS0lxc_3c7Zt4fx-4rjD_70xn9AkX0RLc</recordid><startdate>20220516</startdate><enddate>20220516</enddate><creator>Raghavendra, Meghana</creator><creator>Chen, Zesheng</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>20220516</creationdate><title>Detecting IoT Botnets on IoT Edge Devices</title><author>Raghavendra, Meghana ; Chen, Zesheng</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i203t-aabe97960eef8e683751af2c3575337a6cda0a970a83bf2b86a2dff3de6082173</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Botnet</topic><topic>Botnets</topic><topic>Conferences</topic><topic>Decision Trees</topic><topic>Image edge detection</topic><topic>Input Perturbation Ranking Algorithm</topic><topic>Intellectual property</topic><topic>Internet of Things</topic><topic>Machine learning</topic><topic>Perturbation methods</topic><topic>Training</topic><toplevel>online_resources</toplevel><creatorcontrib>Raghavendra, Meghana</creatorcontrib><creatorcontrib>Chen, Zesheng</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Xplore (Online service)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Raghavendra, Meghana</au><au>Chen, Zesheng</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Detecting IoT Botnets on IoT Edge Devices</atitle><btitle>2022 IEEE International Conference on Communications Workshops (ICC Workshops)</btitle><stitle>ICC WORKSHOPS</stitle><date>2022-05-16</date><risdate>2022</risdate><spage>373</spage><epage>378</epage><pages>373-378</pages><eissn>2694-2941</eissn><eisbn>1665426713</eisbn><eisbn>9781665426718</eisbn><abstract>Rapid expansion in the utilization of Internet of things (IoT) devices in everyday life leads to an increase in the attack surface for cybercriminals. IoT devices have been frequently compromised and used for the creation of botnets. The goal of this research is to identify a machine learning method that can be run on resource-constrained IoT edge devices to detect IoT botnet traffic accurately in real time. Specifically, we apply both the input perturbation ranking (IPR) algorithm and decision trees to achieve this goal. We study the network snapshots of IoT traffic infected with two botnets, i.e., Mirai and Bashlite, and use IPR with XGBoost to identify nine most important features that distinguish between benign and anomalous traffic for IoT devices. We propose to use decision trees, a supervised machine learning method, because of its simplicity, less time to train and predict, ease to be translated to security policy, and flexibility on balancing detection accuracy and speed. In our experiments, we compare the performance of decision trees with a deep-learning based method, i.e., Kitsune, and other popular supervised machine learning methods. We show that decision trees are with high decision performance (e.g., more than 99.99% accuracy), but with much less training and prediction time than Kitsune and most other machine learning methods. Moreover, we demonstrate that using nine most important features in decision tress, the detection accuracy is similar, but the computation power can be significantly reduced, making botnet detection suitable on IoT edge devices.</abstract><pub>IEEE</pub><doi>10.1109/ICCWorkshops53468.2022.9814555</doi><tpages>6</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier EISSN: 2694-2941
ispartof 2022 IEEE International Conference on Communications Workshops (ICC Workshops), 2022, p.373-378
issn 2694-2941
language eng
recordid cdi_ieee_primary_9814555
source IEEE Xplore All Conference Series
subjects Botnet
Botnets
Conferences
Decision Trees
Image edge detection
Input Perturbation Ranking Algorithm
Intellectual property
Internet of Things
Machine learning
Perturbation methods
Training
title Detecting IoT Botnets on IoT Edge Devices
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-29T06%3A00%3A20IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Detecting%20IoT%20Botnets%20on%20IoT%20Edge%20Devices&rft.btitle=2022%20IEEE%20International%20Conference%20on%20Communications%20Workshops%20(ICC%20Workshops)&rft.au=Raghavendra,%20Meghana&rft.date=2022-05-16&rft.spage=373&rft.epage=378&rft.pages=373-378&rft.eissn=2694-2941&rft_id=info:doi/10.1109/ICCWorkshops53468.2022.9814555&rft.eisbn=1665426713&rft.eisbn_list=9781665426718&rft_dat=%3Cieee_CHZPO%3E9814555%3C/ieee_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i203t-aabe97960eef8e683751af2c3575337a6cda0a970a83bf2b86a2dff3de6082173%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=9814555&rfr_iscdi=true