Autonomous machine learning for early bot detection in the internet of things

Abstract

The high costs incurred due to attacks and the increasing number of different devices in the Internet of Things (IoT) highlight the necessity of the early detection of botnets (i.e., a network of infected devices) to gain an advantage against attacks. However, early botnet detection is challenging because of continuous malware mutations, the adoption of sophisticated obfuscation techniques, and the massive volume of data. The literature addresses botnet detection by modeling the behavior of malware spread, the classification of malicious traffic, and the analysis of traffic anomalies. This article details ANTE, a system for ANTicipating botnEt signals based on machine learning algorithms. The system adapts itself to different scenarios and detects different types of botnets. It autonomously selects the most appropriate Machine Learning (ML) pipeline for each botnet and improves the classification before an attack effectively begins. The system evaluation follows trace-driven experiments and compares ANTE results to other relevant results from the literature over four representative datasets: ISOT HTTP Botnet, CTU-13, CICDDoS2019, and BoT-IoT. Results show an average detection accuracy of 99.06% and an average bot detection precision of 100%.