A Two-Fold Machine Learning Approach to Prevent and Detect IoT Botnet Attacks

Faisal Hussain; Syed Ghazanfar Abbas; Ivan Miguel Pires; Sabeeha Tanveer; Ubaid U. Fayyaz; Nuno M. Garcia; Ghalib A. Shah; Farrukh Shahzad

doi:10.1109/ACCESS.2021.3131014

IEEE Access (Jan 2021)

A Two-Fold Machine Learning Approach to Prevent and Detect IoT Botnet Attacks

Faisal Hussain,
Syed Ghazanfar Abbas,
Ivan Miguel Pires,
Sabeeha Tanveer,
Ubaid U. Fayyaz,
Nuno M. Garcia,
Ghalib A. Shah,
Farrukh Shahzad

Affiliations

Faisal Hussain: ORCiD; Al-Khawarizmi Institute of Computer Science (KICS), University of Engineering and Technology (UET), Lahore, Pakistan
Syed Ghazanfar Abbas: Al-Khawarizmi Institute of Computer Science (KICS), University of Engineering and Technology (UET), Lahore, Pakistan
Ivan Miguel Pires: ORCiD; Instituto de Telecomunicações, Universidade da Beira Interior, Covilhã, Portugal
Sabeeha Tanveer: ORCiD; Al-Khawarizmi Institute of Computer Science (KICS), University of Engineering and Technology (UET), Lahore, Pakistan
Ubaid U. Fayyaz: Al-Khawarizmi Institute of Computer Science (KICS), University of Engineering and Technology (UET), Lahore, Pakistan
Nuno M. Garcia: ORCiD; Instituto de Telecomunicações, Universidade da Beira Interior, Covilhã, Portugal
Ghalib A. Shah: Al-Khawarizmi Institute of Computer Science (KICS), University of Engineering and Technology (UET), Lahore, Pakistan
Farrukh Shahzad: Al-Khawarizmi Institute of Computer Science (KICS), University of Engineering and Technology (UET), Lahore, Pakistan

DOI: https://doi.org/10.1109/ACCESS.2021.3131014
Journal volume & issue: Vol. 9
pp. 163412 – 163430

Abstract

Read online

The botnet attack is a multi-stage and the most prevalent cyber-attack in the Internet of Things (IoT) environment that initiates with scanning activity and ends at the distributed denial of service (DDoS) attack. The existing studies mostly focus on detecting botnet attacks after the IoT devices get compromised, and start performing the DDoS attack. Similarly, the performance of most of the existing machine learning based botnet detection models is limited to a specific dataset on which they are trained. As a consequence, these solutions do not perform well on other datasets due to the diversity of attack patterns. Therefore, in this work, we first produce a generic scanning and DDoS attack dataset by generating 33 types of scan and 60 types of DDoS attacks. In addition, we partially integrated the scan and DDoS attack samples from three publicly-available datasets for maximum attack coverage to better train the machine learning algorithms. Afterwards, we propose a two-fold machine learning approach to prevent and detect IoT botnet attacks. In the first fold, we trained a state-of-the-art deep learning model, i.e., ResNet-18 to detect the scanning activity in the premature attack stage to prevent IoT botnet attacks. While, in the second fold, we trained another ResNet-18 model for DDoS attack identification to detect IoT botnet attacks. Overall, the proposed two-fold approach manifests 98.89% accuracy, 99.01% precision, 98.74% recall, and 98.87% f1-score to prevent and detect IoT botnet attacks. To demonstrate the effectiveness of the proposed two-fold approach, we trained three other ResNet-18 models over three different datasets for detecting scan and DDoS attacks and compared their performance with the proposed two-fold approach. The experimental results prove that the proposed two-fold approach can efficiently prevent and detect botnet attacks as compared to other trained models.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords