In-Depth Feature Selection for the Statistical Machine Learning-Based Botnet Detection in IoT Networks

Abstract

The attackers compromise insecure IoT devices to enlarge their botnets for the purpose of launching more influential attacks against their victims. In various studies, it is demonstrated that machine learning can be utilized for the detection of IoT botnet attacks. In this paper, we focus on the minimization of feature sets for machine learning tasks that are formulated as six different binary and multi-class classification problems based on the stages of the botnet life-cycle. More specifically, we apply filter and wrapper methods with some machine learning methods and derived the optimal feature sets for each classification problem. The experimental results show that it is possible to achieve very high detection rates with very limited number of features. Some wrapper methods guarantee an optimal feature set regardless of the problem formulation but filter methods do not achieve that in all cases. The feature selection methods more prefer channel-based features for the detection at post-attack and communication & control stages whereas host-based features are more influential for identifying the attacks originating from the bots.