NetFlow-based botnet detection in IoT edge environment using ensemble gradient boosting machine learning framework

Abstract

The fast growth of the Internet of Things (IoT) and its usage have resulted in a massive volume of big data being transmitted and processed across IoT networks. While cloud computing has opened various opportunities for this computational difficulty, it also comes with several security dangers and concerns. Edge computing is a cutting-edge IoT technology that decentralizes, distributes, and transfers computing to edge nodes. Furthermore, IoT nodes are the primary target vector for hackers to attack an IoT network. IoT network traffic analysis is an excellent option to detect and classify botnet attacks. In this study, UNSW-NB15 dataset has been used to develop an intelligent threat detection system that instantly detects and terminates botnet activities. The efficient ensemble machine learning (ML) method of eXtreme Gradient Boosting (XGB), random forest feature selection, and Bayesian optimization are employed in this study to classify the harmful network traffic in IoT devices. It can be able to detect botnet attacks in the IoT network with high accuracy, regardless of its malware family. Also, this framework supports a robust, accurate, and uncomplicated method to early detect IoT botnet at the network level before spreading to a new IoT device.