Detecting IoT botnets based on the combination of cooperative game theory with deep and machine learning approaches

An Internet of Things (IoT) botnet is a collection of infected smart devices that are remotely managed by a botmaster. The injection of multiple attacks into the infrastructure, high permeability, and vulnerability of IoT security interfaces are the most significant challenges in the field of IoT security. Therefore, it is essential to provide an efficient solution that can detect intrusion into the IoT infrastructure in the shortest time. In this paper, cooperative game theory in combination with three approaches-long short term memory (LSTM), Autoencoder, and support vector machine (SVM)-are applied to detect IoT botnet attacks. Proposed approaches based on the selection of effective features using cooperative game theory and shapely value on data set gathered from five IoT devices infected with botnets and using SVM, LSTM, and Autoencoder to identify IoT botnet traffic. Compared to the results of the best method presented on the same data set, the proposed approach improved 11.624% in accuracy, 11.629% in the recall, and 154.41 s in learning time in SVM. Also in LSTM, 0.245% in accuracy, 0.250% in the recall, and 222.72 s improved learning time. In addition, the approach of using Autoencoder has overall good performance and remarkable speed in identifying botnet traffic. Based on the results, the performance of the proposed approach in classifying IoT botnets is very promising. Therefore, it can help IoT providers to identify IoT attacks more accurately and faster so that they may make the proper decisions for detection and prevention of botnet attacks.