Abstract
Due to the prompt expansion and development of intelligent systems and autonomous, energy-aware sensing devices, the Internet of Things (IoT) has remarkably grown and obstructed nearly all applications in our daily life. However, constraints in computation, storage, and communication capabilities of IoT devices has led to an increase in IoT-based botnet attacks. To mitigate this threat, there is a need for a lightweight and anomaly-based detection system that can build profiles for normal and malicious activities over IoT networks. In this paper, we propose an ensemble learning model for botnet attack detection in IoT networks called ELBA-IoT that profiles behavior features of IoT networks and uses ensemble learning to identify anomalous network traffic from compromised IoT devices. In addition, our IoT-based botnet detection approach characterizes the evaluation of three different machine learning techniques that belong to decision tree techniques (AdaBoosted, RUSBoosted, and bagged). To evaluate ELBA-IoT, we used the N-BaIoT-2021 dataset, which comprises records of both normal IoT network traffic and botnet attack traffic of infected IoT devices. The experimental results demonstrate that our proposed ELBA-IoT can detect the botnet attacks launched from the compromised IoT devices with high detection accuracy (99.6%) and low inference overhead (40 µ-seconds). We also contrast ELBA-IoT results with other state-of-the-art results and demonstrate that ELBA-IoT is superior.
Highlights
Internet of Things (IoT) is one of the most emerging paradigms in the networking realm.It can be defined as the “interconnection of things” having constrained computational power and capabilities
ELBA-IoT is a defense system that can be used for botnet detection and classification
We provide the results obtained for the performance evaluation of ELBA-IoT and the other Machine learning (ML) models at three levels of defense: the binary classifier, which is used to identify the IoT traffic as either normal or anomaly; the ternary classifier, which is used to classify the IoT traffic into normal, Mirai botnet, or Bashlite (Gafgyt) botnet; and the multiclass classifier, which is used to classify the IoT traffic into normal, Mirai_Doorbell, Mirai_Thermostat, Mirai_Baby_Monitor, Mirai_Security_Camera, Mirai_Webcam, Gafgyt_Doorbell, Gafgyt_Thermostat, Gafgyt_Baby_Monitor, Gafgyt_Security_Camera, or Gafgyt_Webcam
Summary
Internet of Things (IoT) is one of the most emerging paradigms in the networking realm. It can be defined as the “interconnection of things” having constrained computational power and capabilities. It can be used to send and receive data over the internet without requiring human-to-computer or human-to-human interaction [1]. Refers to the IP-enabled, networked devices (both physical and virtual). Things may include telematics boxes, self-driving cars, printers, surveillance cameras, tablets, smartphones, ultra-wideband (UWB), infrared data association (IrDA), ZigBee, NFC data centers, and cellular and Wi-Fi networks. The IoT with all its subtechnologies is considered a network of numerous physical objects (24.15 billion devices in 2019 jumping to 76.45 billion computing devices in 2026) [2]. The financial impact of the IoT may be from $3.9 to $11.1 trillion on the global economy by 2025 [3]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
