BotStop : Packet-based efficient and explainable IoT botnet detection using machine learning

The rapid increase in the adoption of the Internet of Things has increased the attack surface of these devices, encouraging malicious actors to target these devices. Vulnerable Internet of Things devices are susceptible to botnet infections that give attackers control over these devices from where they can launch attacks on other targets. In this paper, we present an efficient packet-based botnet detection system based on explainable machine learning. Our proposed approach also focuses on feature selection to produce a data set with only seven features to train a machine learning classifier that achieves very high accuracy. Testing the proposed system demonstrates an accuracy exceeding 99% relying on these seven selected characteristics extracted from the network packets. The proposed model is explained using Shapley additive explanation to provide transparency to the classifier prediction process.