Developing a hybrid feature selection method to detect botnet attacks in IoT devices

Abstract

The Internet of Things, or IoT, is an important technology applied in various applications such as smart homes and innovative healthcare. Due to its architecture, IoT-based devices suffer from various security challenges, most commonly, botnet attacks. This article aims to develop a hybrid feature selection method to find the most influential features based on three feature selection methods, correlation, generalized normal distribution optimization, and lasso, to detect botnet attacks in IoT devices. The UNSW-NB15 dataset is used to assess the proposed system. Several classification models including decision tree (DT), random forest (RF), k-nearest neighbors (KNN), adaptive boosting (AdaBoost), and bagging are utilized for the classification purpose. The proposed system was evaluated using several performance metrics. The results showed the correlation feature selection method had the most accurate botnet attack detection rate. RF also outperformed other models with a 95.11% detection rate in binary classification and 83.96% in multi-classification. On the other hand, results showed that the proposed hybrid method outperformed the feature selection methods with an increase of about 3% in both classifications. The AdaBoost model achieved an accuracy of 99.28% with binary classification by using 18 features, and the RF model achieved an accuracy of 86.62% with multi-classification by using 22 features. The robustness and efficacy of the proposed approach were demonstrated by comparing the study's results with several other studies that have used the same dataset. The results of the study can be implemented in real applications to detect network interference of a dynamic nature in real-time and assist intrusion detection systems (IDS) in addressing these attacks.