Hybrid Machine Learning Model for Efficient Botnet Attack Detection in IoT Environment

被引:11
作者
Ali, Mudasir [1 ]
Shahroz, Mobeen [2 ]
Mushtaq, Muhammad Faheem [2 ]
Alfarhood, Sultan [3 ]
Safran, Mejdl [3 ]
Ashraf, Imran [4 ]
机构
[1] Islamia Univ Bahawalpur, Dept Comp Sci, Bahawalpur 63100, Punjab, Pakistan
[2] Islamia Univ Bahawalpur, Dept Artificial Intelligence, Bahawalpur 63100, Punjab, Pakistan
[3] King Saud Univ, Coll Comp & Informat Sci, Dept Comp Sci, Riyadh 11543, Saudi Arabia
[4] Yeungnam Univ, Dept Informat & Commun Engn, Gyongsan 38541, South Korea
关键词
Botnet attack detection; stacking; cyber-attacks; stacked ensemble; deep learning; IoT; NEURAL-NETWORK;
D O I
10.1109/ACCESS.2024.3376400
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Cyber attacks are growing with the rapid development and wide use of internet technology. Botnet attack emerged as one of the most harmful attacks. Botnet identification is becoming challenging due to the numerous attack vectors and the ongoing evolution of viruses. As the Internet of Things (IoT) technology is developing rapidly, many network devices have been subject to botnet attacks leading to substantial losses in different sectors. Botnets pose serious risks to network security and deep learning models have shown potential for efficiently identifying botnet activity from network traffic data. In this research, a botnet identification system is proposed based on the stacking of artificial neural network (ANN), convolutional neural network (CNN), long short-term memory (LSTM), and recurrent neural network (RNN) (ACLR). The experiments are conducted by employing both the individual models, as well as, the proposed ACLR model for performance comparison. The UNSW-NB15 dataset is used for botnet attacks and contains nine different attack types including 'Normal', 'Generic', 'Exploits', 'Fuzzers', 'DoS', 'Reconnaissance', 'Analysis', 'Backdoor', 'Shell code' and 'Worms'. Experimental results indicate the proposed ACLR model gains 0.9698 testing accuracy showing that it is successful in capturing the intricate patterns and characteristics of botnet attacks. The proposed ACLR model's k values (3, 5, 7, and 10) for a K-fold cross-validation accuracy score is 0.9749 indicating that the model's robustness and generalizability are demonstrated by k = 5. In addition, the proposed model detects botnets with a high receiver operating characteristic area under the curve (ROC-AUC) of 0.9934 and a precision-recall area under the curve (PR-AUC) of 0.9950. Performance comparison with existing state-of-the-art models further corroborates the superior performance of the proposed approach. The results of this research can be helpful against evolving threats and enhance cyber security procedures.
引用
收藏
页码:40682 / 40699
页数:18
相关论文
共 56 条
[1]  
Ahmad Q., Intrusion detection in Internet of Things using supervised machinelearning based on application and transport layer features using UNSW-NB15 data-set
[2]   Deep learning-based classification model for botnet attack detection [J].
Ahmed, Abdulghani Ali ;
Jabbar, Waheb A. ;
Sadiq, Ali Safaa ;
Patel, Hiran .
JOURNAL OF AMBIENT INTELLIGENCE AND HUMANIZED COMPUTING, 2020, 13 (7) :3457-3466
[3]  
Akarsh S, 2019, INT CONF ADVAN COMPU, P666, DOI [10.1109/ICACCS.2019.8728544, 10.1109/icaccs.2019.8728544]
[4]  
Al-Othman Z, 2020, Arxiv, DOI arXiv:2010.13852
[5]  
Alauthman M., 2020, International Journal of Emerging Trends in Engineering Research, V8, P1979, DOI DOI 10.30534/IJETER/2020/83852020
[6]   Attacks to Automatous Vehicles: A Deep Learning Algorithm for Cybersecurity [J].
Aldhyani, Theyazn H. H. ;
Alkahtani, Hasan .
SENSORS, 2022, 22 (01)
[7]   Hybrid deep-learning model to detect botnet attacks over internet of things environments [J].
Alzahrani, Mohammed Y. ;
Bamhdi, Alwi M. .
SOFT COMPUTING, 2022, 26 (16) :7721-7735
[8]  
Azizjon Meliboev, 2020, 2020 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), P218, DOI 10.1109/ICAIIC48513.2020.9064976
[9]   Towards a machine learning-based framework for DDOS attack detection in software-defined IoT (SD-IoT) networks [J].
Bhayo, Jalal ;
Shah, Syed Attique ;
Hameed, Sufian ;
Ahmed, Awais ;
Nasir, Jamal ;
Draheim, Dirk .
ENGINEERING APPLICATIONS OF ARTIFICIAL INTELLIGENCE, 2023, 123
[10]   BLoCNet: a hybrid, dataset-independent intrusion detection system using deep learning [J].
Bowen, Brandon ;
Chennamaneni, Anitha ;
Goulart, Ana ;
Lin, Daisy .
INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2023, 22 (04) :893-917