A real-time IoT-based botnet detection method using a novel two-step feature selection technique and the support vector machine classifier

Abstract

A botnet, which is a collection of devices polluted by malicious software programs, is among the top security challenges in the Internet of Things (IoT) environments. Therefore, to deal with such an abnormality in these environments, different machine learning-based studies, which have resulted in outstanding findings, have been carried out and applied to predict the botnets. However, the existing techniques may still suffer from three main limitations. First, some of them are not suitable for real-time applications because they spend a lot of time to determine the normal/abnormal traffic. Second, the functionality of some of the approaches is not satisfactory because they ignore/do not utilize the efficient feature selection methods. Third, these studies have usually focused on generating a binary botnet prediction model without taking the attack types into consideration. To reduce the botnet prediction time and address the second and third restrictions, the present study suggested a two-step machine learning method designed based on our previously developed optimization algorithm (WCC) and the support vector machine classifier. The outcomes indicated that the proposed method outperforms the existing approaches since it can precisely classify the data streams into their related groups and make a trade-off between the total number of the selected features and the performance of the prediction model. The results also showed that IP addresses, source ports as well as destination hosts-related features, and the total number of the transferred data streams and their statistical measurements are possible key factors in identifying botnet traffics.