Customized convolutional neural network model for IoT botnet attack detection

The Internet of Things is a disruptive technology that has changed the face of many industries. On the contrary, the unpresidential growth of IoT has also introduced many cybersecurity challenges. An adversary can exploit a zero-day vulnerability in an IoT to create a botnet of things. An IoT botnet is a group of compromised Internet of Things weaponized to launch cyber attacks. Machine learning and other artificial intelligence techniques are being used to combat the wide range of cyberattacks on the Internet of Things. However, in order to overcome challenges such as early diagnosis, real-time monitoring, and adaptability to different threats, these Machine Learning approaches still require significant feature engineering. In order to identify IoT botnet assaults early on, this paper suggests using a customized convolutional neural network (CCNN) model. The four phases of the model are feature extraction, attack detection, mitigation, and pre-processing. The class imbalance has been improved and the input data pre-processed using the Enhanced Synthetic minority oversampling approach. Furthermore, flow-based features, raw attributes, mean, median, standard deviation, improved entropy, mutual information, and other statistical features are retrieved and regarded as part of the feature set. The CCNN model provides the detection or classification output during the attack detection phase, which operates depending on the features derived from the input data. Additionally, a mitigation process based on entropy has been suggested to locate the attacker node, aiding in the removal of the susceptible attacker IoT node from the network. The compromised IoT node is removed through the entropy-based mitigation method, which establishes the entropy formulation based on the node's activity. The suggested model's specificity is 97.09%, compared to the minimal specificity reached by conventional techniques, including CNN (83.58%), RNN (86.17%), RF (60.46%), SVM (78.50%), and DNN (84.12%) and SMIE (88.42%), respectively.