Abstract
Cyber attackers exploit a network of compromised computing devices, known as a botnet, to attack Internet-of-Things (IoT) networks. Recent research works have recommended the use of Deep Recurrent Neural Network (DRNN) for botnet attack detection in IoT networks. However, for high feature dimensionality in the training data, high network bandwidth and a large memory space will be needed to transmit and store the data, respectively in IoT back-end server or cloud platform for Deep Learning (DL). Furthermore, given highly imbalanced network traffic data, the DRNN model produces low classification performance in minority classes. In this paper, we exploit the joint advantages of Long Short-Term Memory Autoencoder (LAE), Synthetic Minority Oversampling Technique (SMOTE), and DRNN to develop a memory-efficient DL method, named LS-DRNN. The effectiveness of this method is evaluated with the Bot-IoT dataset. Results show that the LAE method reduced the dimensionality of network traffic features in the training set from 37 to 10, and this consequently reduced the memory space required for data storage by 86.49%. SMOTE method helped the LS-DRNN model to achieve high classification performance in minority classes, and the overall detection rate increased by 10.94%. Furthermore, the LS-DRNN model outperformed state-of-the-art models.
Highlights
The Internet of Things (IoT) and the Industrial IoT (IIoT) are part of the main information and communication technologies of the fourth industrial revolution (Industry 4.0) [1,2,3]
Compared to the Deep Recurrent Neural Network (DRNN) model, the initial training loss of the S-DRNN model reduced by 48%, and its final training loss reduced by 83%
The initial validation loss of the S-DRNN model reduced by 21.19%, and its final validation loss reduced by 76.08%
Summary
The Internet of Things (IoT) and the Industrial IoT (IIoT) are part of the main information and communication technologies of the fourth industrial revolution (Industry 4.0) [1,2,3]. NIDS will scan and monitor all the network traffic traces generated in IoT networks to detect botnet attacks. Machine Learning (ML) method can be used to detect both known and unknown malicious network traffic traces in IoT networks [15,16,17,18,19]. We propose a memory-efficient DL method, named LS-DRNN, for botnet attack detection in IoT networks. Unlike other variants of AE and similar to RNN, LAE uses Long Short-Term Memory (LSTM) to account for long-term dependencies among features while learning their representation and reducing the dimensionality. LAE reduces the feature dimensionality of large-scale network traffic data using unsupervised DL method; 2. DRNN performs multi-class classification of network traffic samples in balanced, low-dimensional data using supervised DL method; Electronics 2021, 10, 1104. DRNN, S-DRNN, and LS-DRNN models are trained, validated, and tested with network traffic samples in the Bot-IoT dataset [11], and their classification performance in 11-class classification scenario is evaluated
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
