IoT Botnet detection based on the integration of static and dynamic vector features

Abstract

The Internet of Things (IoT) provides the infrastructure for global social connectivity, where everything is connected, and information exchanged over the Internet. Because of this peculiar, the amount of botnet malware infecting IoT devices to carry out attacks such as DDoS, cryptocurrency malicious mining, keylogger, etc., is expanding at a fast pace. Therefore, detecting the IoT botnet is essential. Most IoT botnet detection approaches use either static analysis features or dynamic analysis features, and rarely integrate them as detection features, also no more work is consumed integrating the two types of features. In this paper, we propose a first method that utilizes the integration of both static and dynamic features with machine learning classifiers for distinguishing IoT botnet from benign samples. Experiments show that our proposed method can obtain an accuracy more than 99% on a total of 6520 samples with 4644 IoT botnet samples. Besides, we show that using integrated features for IoT botnet detection outperforms using static feature or dynamic feature alone, and other studies.