IEEE Access (Jan 2023)

Reliable Machine Learning Model for IIoT Botnet Detection

  • Fatma Taher,
  • Mahmoud Abdel-Salam,
  • Mohamed Elhoseny,
  • Ibrahim M. El-Hasnony

DOI
https://doi.org/10.1109/ACCESS.2023.3253432
Journal volume & issue
Vol. 11
pp. 49319 – 49336

Abstract

Read online

Due to the growing number of Industrial Internet of Things (IoT) devices, network attacks like denial of service (DoS) and floods are rising for security and reliability issues. As a result of these attacks, IoT devices suffer from denial of service and network disruption. Researchers have implemented different techniques to identify attacks aimed at vulnerable Industrial Internet of Things (IoT) devices. In this study, we propose a novel features selection algorithm FGOA-kNN based on a hybrid filter and wrapper selection approaches to select the most relevant features. The novel approach integrated with clustering rank the features and then applies the Grasshopper algorithm (GOA) to minimize the top-ranked features. Moreover, a proposed algorithm, IHHO, selects and adapts the neural network’s hyper parameters to detect botnets efficiently. The proposed Harris Hawks algorithm is enhanced with three improvements to improve the global search process for optimal solutions. To tackle the problem of population diversity, a chaotic map function is utilized for initialization. The escape energy of hawks is updated with a new nonlinear formula to avoid the local minima and better balance between exploration and exploitation. Furthermore, the exploitation phase of HHO is enhanced using a new elite operator ROBL. The proposed model combines unsupervised, clustering, and supervised approaches to detect intrusion behaviors. This combination can enhance the accuracy and robustness of the proposed model by identifying the most relevant features and detecting known and unknow botnet activity. The N-BaIoT dataset is utilized to validate the proposed model. Many recent techniques were used to assess and compare the proposed model’s performance. The result demonstrates that the proposed model is better than other variations at detecting multiclass botnet attacks.

Keywords