Abstract
Internet of Things (IoT) devices have become increasingly widespread. Despite their potential of improving multiple application domains, these devices have poor security, which can be explored by attackers to build large-scale botnets. In this work, we propose a host-based approach to detect botnets in IoT devices, named IoTDS (Internet of Things Detection System). It relies on one-class classifiers, which model only the legitimate device behaviour for further detection of deviations, avoiding the manual labelling process. The proposed solution is underpinned by a novel agent-manager architecture based on HTTPS, which prevents the IoT device from being overloaded by the training activities. To analyse the device’s behaviour, the approach extracts features from the device’s CPU utilisation and temperature, memory consumption, and number of running tasks, meaning that it does not make use of network traffic data. To test our approach, we used an experimental IoT setup containing a device compromised by bot malware. Multiple scenarios were made, including three different IoT device profiles and seven botnets. Four one-class algorithms (Elliptic Envelope, Isolation Forest, Local Outlier Factor, and One-class Support Vector Machine) were evaluated. The results show the proposed system has a good predictive performance for different botnets, achieving a mean F1-score of 94% for the best performing algorithm, the Local Outlier Factor. The system also presented a low impact on the device’s energy consumption, and CPU and memory utilisation.
Highlights
IntroductionThe term was dedicated exclusively to the idea of assigning RFID tags to products that would be tracked
Internet of Things (IoT) has evolved very quickly since this term was coined by Ashton in 1999 [1].At that point, the term was dedicated exclusively to the idea of assigning RFID tags to products that would be tracked
This paper extends our previous work on detection of IoT botnets [22]
Summary
The term was dedicated exclusively to the idea of assigning RFID tags to products that would be tracked. Nowadays, this paradigm encompasses a wide range of application domains, including smart homes [2], agriculture [3], industry [4], and smart cities [5]. IoT transforms regular objects and sensors in Internet nodes, allowing them to interact with human beings and other machines to carry out their tasks. The perspective of having ubiquitous and pervasive computing devices supporting our daily activities without significant human intervention has been increasingly consolidated [6,7].
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
