Detection of Various Botnet Attacks Using Machine Learning Techniques

Abstract

With the rapid growth in the quantity of Internet of Things (IoT) devices linked with the network, there exists a concurrent rise in network attacks, including overwhelming and service disruption incidents. The increasing prevalence of network attacks, such as overwhelming and service denial, poses a threat to IoT devices, leading to network disruptions and service disruption. Detecting these attacks is challenging due to the diverse array of heterogeneous devices in the IoT environment, making traditional rule-based security solutions less effective. Developing optimal security models for diverse device types is challenging. Machine learning (ML) offers an alternative approach, enabling the creation of effective security models by leveraging empirical data specific to each device. We utilize machine learning techniques for the detection of Internet of Things (IoT) attacks. Our focus is on botnet attacks directed at variety of IoT devices. We undertake the development of machine learning-based models tailored to each specific category of device for enhanced security. We utilize the N-BaIoT dataset, which incorporates injected botnet attacks (specifically Gafgyt and Mirai) across diverse IoT device types, including Doorbell, Baby Monitor, Security Camera, and Webcam. We develop models for detecting botnets for each IoT device by utilizing diverse machine learning algorithms. Following model development, we assess the utility of the models with a strong detection F1-score through classification analysis. The novelty of this work lies in crafting a Machine Learning-based framework designed to identify IoT botnet attacks, followed by successful detection of such attacks across diverse IoT devices utilizing this framework. Among the most widely used machine learning algorithms on the NBaIoT dataset, Decision Trees, Random Forests, and K-Nearest Neighbors (KNN) demonstrate superior performance.