Comparing Malware Attack Detection using Machine Learning Techniques in IoT Network Traffic

Abstract

Most IoT devices are designed and built for cheap and basic functions, therefore, the security aspects of these devices are not taken seriously. Yet, IoT devices tend to play an important role in this era, where the amount of IoT devices is predicted to exceed the number of traditional computing devices such as desktops and laptops. This causes more and more cybersecurity attacks to target IoT devices and malware attack is known to be the most common attack in IoT networks. However, most research only focuses on malware detection in traditional computing devices. The purpose of this research is to compare the performance of Random Forest and Naïve Bayes algorithm in terms of accuracy, precision, recall and F1-score in classifying the malware attack and benign traffic in IoT network traffic. Research is conducted with the Aposemat IoT-23 dataset, a labelled dataset that contains IoT malware infection traffic and IoT benign traffic. To determine the data in IoT network traffic packets that are useful for threat detection, a study is conducted and the threat data is cleaned up and prepared using RStudio and RapidMiner Studio. Random Forest and Naïve Bayes algorithm is used to train and classify the cleaned dataset. Random Forest can prevent the model from overfitting while Naïve Bayes requires less training time. Lastly, the accuracy, precision, recall and F1-score of the machine learning algorithms are compared and discussed. The research result displays the Random Forest as the best machine learning algorithm in classifying the malware attack traffic.