A discrete time-varying greywolf IoT botnet detection system

Internet of things (IoT) is an emerging network that is trending due to advances in computing and networking development. A botnet is an attack that threatens the IoT system because of the increased number of compromised connected IoT devices. The conventional counter measurements are unable to detect this attack. This problem becomes a hot topic for researchers and practitioners who introduced many secured solutions to stop the risks of a botnet attack. The intrusion detection systems are promising solutions to tackle botnet attacks and discover malicious patterns. Recently, many studies investigated the impact of reducing the number of dataset's attributes (features) on the performance of detecting IoT attacks. Selecting the relevant features in a dataset is a data mining technique that has been efficiently integrated with designing secured systems for detecting botnets. This research paper proposes a new system for discovering botnet attacks in the context of IoT by applying a wrapper feature selection (FS) technique using an improved algorithm inspired by the natural swarming architecture of gray wolves called Gray Wolves Optimization (GWO). The transfer function (TF) maps the standard GWO which is originally developed to work in continuous search space to perform its optimization job in discrete search space. Different types of TFs that belong to S type and V type groups are used to generate eight discrete versions of GWO to optimize the binary feature space. This study contributes by adopting time-variant TFs to identify the best time to switch the global search into local search to achieve trade-offs in the search job of the BGWO and approach to the best-optimized solution. Time-variant TFs facilitate the global search at the beginning of the search process to fetch new solutions in new regions of feature space. In the later phases of the search process, the need is to expose more searches in the local region to get the most optimized solution among the neighborhood solutions. A real IoT traffic that is represented by the N-BaIoT dataset is utilized to evaluate the BGWO and other compared methods. The comparison results of the experiments show that the time-variant TFs enhance the capability of the GWO optimizer in alleviating the premature conversion and finding the best feature subset within a reasonable running time. Therefore, the BGWO-TV-S1 is recommended to be integrated into the IoT network as an intrusion detection algorithm with accuracy 98.97%, fitness value 1.31%, 51.2210 selected features and running time 503.7132 s.