Botnet Detection Research Articles

A Performance Evaluation of Neural Networks for Botnet Detection in the Internet of Things

A Performance Evaluation of Neural Networks for Botnet Detection in the Internet of Things

Enhancing energy efficiency and imbalance handling in botnet detection in IoT networks: a multi-stage feature reduction and weighted approach

Enhancing energy efficiency and imbalance handling in botnet detection in IoT networks: a multi-stage feature reduction and weighted approach

Line rate botnet detection with SmartNIC-embedded feature extraction

Botnets pose a significant threat in network security, exacerbated by the massive adoption of vulnerable Internet-of-Things (IoT) devices. In response to that, great research effort has taken place to propose intrusion detection solutions to the botnet menace. As most techniques focus on either packet or flow granularity, port-based analysis can help detecting newly developed botnets, especially during their early propagation phase. In this paper, we introduce a line rate distributed anomaly detection system that employs NetFPGA Smart-Network Interface Cards (SmartNIC) as programmable switches. Per-port feature extraction modules are deployed directly on the data plane, enabling a centralized controller to periodically retrieve collected metrics, and feed them to a botnet detection algorithm we refine from the state of the art. We evaluate our system using real world traces spanning several months from 2016 and 2023. We show how our solutions allow keeping low the number of anomalies detected, retaining only the most relevant ones, thanks to the distributed monitoring approach that helps discriminating systemic changes from local phenomena. Furthermore, we provide an analysis of the most significant alerts, accounting for the limited ground-truth on the dataset.

Optimizing Multi-Class Botnet Detection Models to Detect SPAM Botnets with Feature Selection Methods: A Comparative Analysis

Optimizing Multi-Class Botnet Detection Models to Detect SPAM Botnets with Feature Selection Methods: A Comparative Analysis

Feature selection for IoT botnet detection using equilibrium and Battle Royale Optimization

The Internet of Things (IoT) is rapidly expanding, bringing unprecedented opportunities and significant security risks. Among the most appealing attacks on IoT are botnets, typically utilized for Distributed Denial of Service (DDoS) attacks, identity theft, malware distribution, fraud, and spamming. Early detection and mitigation are crucial considering the nature of IoT devices and botnets. Many of these methods deploy machine learning, such as supervised, unsupervised, and deep learning. As IoT devices generate a massive amount of data of high dimensions, not all data contain valuable information. Feeding data without preprocessing might degrade the quality of the detection model. Thus, optimization methods are needed to determine the subsets of the most relevant features to the detection process. This study utilized the effectiveness of Equilibrium Optimization (EO), Battle Royale Optimization (BRO), and Adaptive Equilibrium Optimization (AEO) for feature selection in detecting IoT botnets using the N-BaIoT dataset. The performance of the selected features is evaluated using three classifiers: K Nearest Neighbor (KNN), Random Forest (RF), and Gaussian Naive Bayes (GNB) considering metrics such as number of features, accuracy, sensitivity, specificity, True Positive Rate (TPR), False Positive Rate (FPR), and time required for feature selection. Our findings indicate the competitive performance of EO and AEO in terms of runtime, number of features selected, and accuracy, compared to recent works on the same dataset.

Intelligent botnet detection in IoT networks using parallel CNN‐LSTM fusion

Intelligent botnet detection in IoT networks using parallel CNN‐LSTM fusion

Evaluation of machine learning and deep learning methods for early detection of internet of things botnets

The internet of things (IoT) represents a rapidly expanding sector within computing, facilitating the interconnection of myriad smart devices autonomously. However, the complex interplay of IoT systems and their interdisciplinary nature has presented novel security concerns (e.g. privacy risks, device vulnerabilities, Botnets). In response, there has been a growing reliance on machine learning and deep learning methodologies to transition from conventional connectivity-centric IoT security paradigms to intelligence-driven security frameworks. This paper undertakes a comprehensive comparative analysis of recent advancements in the creation of IoT botnets. It introduces a novel taxonomy of attacks structured around the attack life-cycle, aiming to enhance the understanding and mitigation of IoT botnet threats. Furthermore, the paper surveys contemporary techniques employed for early-stage detection of IoT botnets, with a primary emphasis on machine learning and deep learning approaches. This elucidates the current landscape of the issue, existing mitigation strategies, and potential avenues for future research.

Ensemble Transfer Learning for Botnet Detection in the Internet of Things

Ensemble Transfer Learning for Botnet Detection in the Internet of Things

Enhanced botnet detection in IoT networks using zebra optimization and dual-channel GAN classification

The Internet of Things (IoT) permeates various sectors, including healthcare, smart cities, and agriculture, alongside critical infrastructure management. However, its susceptibility to malware due to limited processing power and security protocols poses significant challenges. Traditional antimalware solutions fall short in combating evolving threats. To address this, the research work developed a feature selection-based classification model. At first stage, a preprocessing stage enhances dataset quality through data smoothing and consistency improvement. Feature selection via the Zebra Optimization Algorithm (ZOA) reduces dimensionality, while a classification phase integrates the Graph Attention Network (GAN), specifically the Dual-channel GAN (DGAN). DGAN incorporates Node Attention Networks and Semantic Attention Networks to capture intricate IoT device interactions and detect anomalous behaviors like botnet activity. The model's accuracy is further boosted by leveraging both structural and semantic data with the Sooty Tern Optimization Algorithm (STOA) for hyperparameter tuning. The proposed STOA-DGAN model achieves an impressive 99.87% accuracy in botnet activity classification, showcasing robustness and reliability compared to existing approaches.

Comprehensive Botnet Detection by Mitigating Adversarial Attacks, Navigating the Subtleties of Perturbation Distances and Fortifying Predictions with Conformal Layers

Botnets are computer networks controlled by malicious actors that present significant cybersecurity challenges. They autonomously infect, propagate, and coordinate to conduct cybercrimes, necessitating robust detection methods. This research addresses the sophisticated adversarial manipulations posed by attackers, aiming to undermine machine learning-based botnet detection systems. We introduce a flow-based detection approach, leveraging machine learning and deep learning algorithms trained on the ISCX and ISOT datasets. The detection algorithms are optimized using the Genetic Algorithm (GA) and Particle Swarm Optimization (PSO) to obtain a baseline detection method. The Carlini & Wagner (C&W) and Generative Adversarial Network (GAN) attacks generate deceptive data with subtle perturbations, targeting each feature used for classification while preserving their semantic and syntactic relationships, which ensures that the adversarial samples retain meaningfulness and realism. An in-depth analysis of the required L2 distance from the original sample for the malware sample to misclassify is performed across various iteration checkpoints, showing different levels of misclassification at different L2 distances of the pertrub sample from the original sample. Our work delves into the vulnerability of various models, examining the transferability of adversarial examples from a Neural Network surrogate model to Tree-based algorithms. Subsequently, models that initially misclassified the perturbed samples are retrained, enhancing their resilience and detection capabilities. In the final phase, a conformal prediction layer is integrated, significantly rejecting incorrect predictions — 58.20% in the ISCX dataset and 98.94% in the ISOT dataset.

A novel approach of botnet detection using hybrid deep learning for enhancing security in IoT networks

In an era dominated by the Internet of Things (IoT), protecting interconnected devices from botnets has become essential. This study introduces an innovative hybrid deep learning model that synergizes LSTM Auto Encoders and Multilayer Perceptrons in detecting botnets in IoTs. The fusion of these technologies facilitates the analysis of sequential data and pattern recognition, enabling the model to detect intricate botnet activities within IoT networks. The proposed model's performance was carefully evaluated on two large IoT traffic datasets, N-BAIoT2018 and UNSW-NB15, where it demonstrated exceptional accuracy of 99.77 % and 99.67 % respectively for botnet detection. These results not only demonstrate the model's superior performance over existing botnet detection systems but also highlight its potential as a robust solution for IoT network security.

GNN-Based Network Traffic Analysis for the Detection of Sequential Attacks in IoT

This research introduces a novel framework utilizing a sequential gated graph convolutional neural network (GGCN) designed specifically for botnet detection within Internet of Things (IoT) network environments. By capitalizing on the strengths of graph neural networks (GNNs) to represent network traffic as complex graph structures, our approach adeptly handles the temporal dynamics inherent to botnet attacks. Key to our approach is the development of a time-stamped multi-edge graph structure that uncovers subtle temporal patterns and hidden relationships in network flows, critical for recognizing botnet behaviors. Moreover, our sequential graph learning framework incorporates time-sequenced edges and multi-edged structures into a two-layered gated graph model, which is optimized with specialized message-passing layers and aggregation functions to address the challenges of time-series traffic data effectively. Our comparative analysis with the state of the art reveals that our sequential gated graph convolutional neural network achieves substantial improvements in detecting IoT botnets. The proposed GGCN model consistently outperforms the conventional model, achieving improvements in accuracy ranging from marginal to substantial—0.01% for BoT IoT and up to 25% for Mirai. Moreover, our empirical analysis underscores the GGCN’s enhanced capabilities, particularly in binary classification tasks, on imbalanced datasets. These findings highlight the model’s ability to effectively navigate and manage the varying complexity and characteristics of IoT security threats across different datasets.

Uncovering botnets in IoT sensor networks: a hybrid self-organizing maps approach

The integration of the internet of things (IoT) has revolutionized diverse industries, introducing interconnected devices and IoT sensor networks for improved data acquisition. However, this connectivity exposes IoT ecosystems to emerging threats, with botnets posing significant risks to security. This research aims to develop an innovative solution for detecting botnets in IoT sensor networks. Leveraging insights from existing research, the study focuses on designing a hybrid self-organization map (SOM) Approach that integrates lightweight deep learning (DL) techniques. The objective is to enhance detection accuracy by exploring various DL architectures. Proposed methodology aims to balance computational efficiency for resource-constrained IoT devices while improving the discriminatory power of the detection system. The study advancing IoT cybersecurity and addresses critical challenges in botnet detection within IoT sensor networks. The testing of the artificial neural networks (ANN) classifier involves three models, each represented based on parameters related to the construction of the training models. The most effective ANN achieves 86%, works on anomaly intrusion detection systems (AIDS).

Fortifying Network Security: Pioneering Hybrid Machine Learning for BotNet Attack Detection

Abstract: With the rising sophistication of cyber threats, the detection of BotNet attacks on networks has become a perilous contest for cybersecurity. This paper proposes an innovative approach leveraging a hybrid machine learning (ML) framework for the detection of BotNet attacks in network atmosphere conquers a notable accuracy of 98.63%. By amalgamation of different strengths of ML algorithms such as KNN and Decision Trees, our approach aims to enhance the accuracy and efficiency of BotNet detection. The methodology comprises feature extraction from network traffic data, followed by training and testing of the hybrid model on labelled datasets to identify patterns revealing of BotNet activity. Experimental outcomes reveal the effectiveness of the proposed approach in precisely detecting BotNet attacks while diminishing false positives. The hybrid ML approach offers a forthcoming avenue for fortifying network security and mitigating the risks associated with BotNet threats.

DETECTION OF ANDROID BOTNETS

In the dynamic landscape of cybersecurity, the persistent proliferation of botnets remains a formidable challenge. Conventional detection methods often grapple with elevated false positive rates and struggle to keep pace with the evolving tactics employed by malicious actors. This study delves into the domain of botnet detection, with a primary focus on refining the identification process for HTTP-based botnets. Our approach harnesses the power of K-Nearest Neighbors (KNN) and Logistic Regression algorithms, strategically amalgamating their capabilities to navigate the intricate digital terrain. Departing from prior studies, we directly confront the botnet detection challenge by synergizing two robust machine learning techniques. Through the fusion of KNN and Logistic Regression, our system achieves unparalleled accuracy and efficiency in discerning HTTP botnet activities. Furthermore, this research pioneers a groundbreaking methodology for botnet detection, centering around the innovative fusion of TFIDF and Textrank algorithms. This hybrid approach significantly bolsters the precision of information extraction and summarization. In an age inundated with vast digital datasets, our method adeptly sifts through information while furnishing concise and relevant summaries, thereby conserving invaluable time and resources. The distinctive aspect of our approach lies in its ability to swiftly adapt to emerging botnet strategies. Through extensive testing and comparative analysis against existing models, our system surpasses prior methodologies, demonstrating its proficiency in accurately identifying botnet activities while minimizing false positives. Furthermore, our solution serves as an exemplar of efficiency, facilitating prompt and effective identification of pernicious botnets that imperil data security Key Words: Botnet Detection, Cybersecurity, K-Nearest Neighbors (KNN), Logistic Regression, TFIDF, Textrank, Information Summarization, Digital Security, Malware Detection.

Botnet detection based on Markov chain and Fuzzy rough set

Botnets now make up a wide range of cyber-attacks, which are a network of infected computers connected to the Internet, with remote control. So far, a lot of research has been done in this field, the proposed methods are based on the signatures of discovered botnets, anomalies, traffic behavior, and addresses. Each method has both advantages and disadvantages. This research proposes a structure for performing identification operations, which is presented in this research based on the Markov chain and is based on behavioral analysis. A disadvantage of the past methods is the inability to receive network information at a very high speed. In this research, it has tried using a solution to receive traffic at a very high speed of about 40 Gbps and analyze it. To be able to perform the analysis with a lower overhead. The proposed method can investigate the behavior of botnets by examining the area of behavior better than the previous solutions, and as a result, during the solutions used by botnets to hide their behavior, it can counter and identify suspicious flows. The accuracy of the proposed method was found to be 96.170%. DOI: https://doi.org/10.52783/pst.390

Improving IoT Security With Explainable AI: Quantitative Evaluation of Explainability for IoT Botnet Detection

Improving IoT Security With Explainable AI: Quantitative Evaluation of Explainability for IoT Botnet Detection

Enhancing Botnet Detection in Network Security Using Profile Hidden Markov Models

A botnet is a network of compromised computer systems, or bots, remotely controlled by an attacker through bot controllers. This covert network poses a threat through large-scale cyber attacks, including phishing, distributed denial of service (DDoS), data theft, and server crashes. Botnets often camouflage their activity by utilizing common internet protocols, such as HTTP and IRC, making their detection challenging. This paper addresses this threat by proposing a method to identify botnets based on distinctive communication patterns between command and control servers and bots. Recognizable traits in botnet behavior, such as coordinated attacks, heartbeat signals, and periodic command distribution, are analyzed. Probabilistic models, specifically Hidden Markov Models (HMMs) and Profile Hidden Markov Models (PHMMs), are employed to learn and identify these activity patterns in network traffic data. This work utilizes publicly available datasets containing a combination of botnet, normal, and background traffic to train and test these models. The comparative analysis reveals that both HMMs and PHMMs are effective in detecting botnets, with PHMMs exhibiting superior accuracy in botnet detection compared to HMMs.

Detection of Botnet in IOT Using Machine Learning

The proliferation of Internet of Things (IoT) devices has introduced unprecedented connectivity and convenience but also heightened the vulnerability to botnet attacks. There are an increasing number of Internet of Things (IoT) devices connected to the network these days, and due to the advancement in technology, the security threads and cyberattacks, such as botnets, are emerging and evolving rapidly with high-risk attacks. These attacks disrupt IoT transition by disrupting networks and services for IoT devices. Many recent studies have proposed ML and DL techniques for detecting and classifying botnet attacks in the IoT environment. This project presents a straightforward approach to detect botnet activity within IoT networks through the utilization of machine learning techniques. By analyzing network traffic patterns and employing unsupervised learning algorithms, we demonstrate an effective method to identify and mitigate botnet threats in IoT environments. By this project we intend to offer a valuable contribution in enhancing the security of IoT ecosystem. Key Word: Internet of Things(IoT),cybersecurity, botnet attacks, machine learning(ML),UNSW-NB15 dataset, exploratory data analysis, XgBoost

Efficient Large-Scale IoT Botnet Detection through GraphSAINT-Based Subgraph Sampling and Graph Isomorphism Network

In recent years, with the rapid development of the Internet of Things, large-scale botnet attacks have occurred frequently and have become an important challenge to network security. As artificial intelligence technology continues to evolve, intelligent detection solutions for botnets are constantly emerging. Although graph neural networks are widely used for botnet detection, directly handling large-scale botnet data becomes inefficient and challenging as the number of infected hosts increases and the network scale expands. Especially in the process of node level learning and inference, a large number of nodes and edges need to be processed, leading to a significant increase in computational complexity and posing new challenges to network security. This paper presents a novel approach that can accurately identify diverse intricate botnet architectures in extensive IoT networks based on the aforementioned circumstance. By utilizing GraphSAINT to process large-scale IoT botnet graph data, efficient and unbiased subgraph sampling has been achieved. In addition, a solution with enhanced information representation capability has been developed based on the Graph Isomorphism Network (GIN) for botnet detection. Compared with the five currently popular graph neural network (GNN) models, our approach has been tested on C2, P2P, and Chord datasets, and higher accuracy has been achieved.