More Web Proxy on the site http://driver.im/

research-article

Collaborative device-level botnet detection for internet of things

Authors:

Muhammad Hassan Nasir,

Muhammad Mubashir KhanAuthors Info & Claims

Volume 129, Issue C

https://doi.org/10.1016/j.cose.2023.103172

Published: 01 June 2023 Publication History

Highlights

•

A review of the state-of-the-art device-level intrusion detection approaches.

•

A detailed analysis of existing botnet datasets and their features to support evaluation of IDS.

•

A novel trustworthy botnet detection framework for efficient and effective detection of IoT botnets.

•

Evaluation of device-level botnet detection using IoT datasets (ISOT, IoT23 and BotIoT) with Snort and Suricata

Abstract

Cyber attacks on the Internet of Things (IoT) have seen a significant increase in recent years. This is primarily due to the widespread adoption and prevalence of IoT within domestic and critical national infrastructures, as well as inherent security vulnerabilities within IoT endpoints. Therein, botnets have emerged as a major threat to IoT-based infrastructures targeting firmware vulnerabilities such as weak or default passwords to assemble an army of compromised devices which can serve as a lethal cyber-weapon against target systems, networks, and services. In this paper, we present our efforts to mitigate this challenge through the development of an intrusion detection system that resides within an IoT device to provide enhanced visibility thereby achieving security hardening of such devices. The device-level intrusion detection presented here is part of our research framework BTC _ SIGBDS (Blockchain-powered, Trustworthy, Collaborative, Signature-based Botnet Detection System). We identify the research challenge through a systematic critical review of existing literature and present detailed design of the device-level component of the BTC _ SIGBDS framework. We use a signature-based detection scheme with trusted signature updates to strengthen protection against emerging attacks. We have evaluated the suitability and enhanced the capability through the generation of custom signatures of two of the most famous signature-based IDS with ISOT, IoT23, and BoTIoT datasets to assess the effectiveness with respect to detection of anomalous traffic within a typical resource-constrained IoT network in terms of number of alerts, detection rates, detection time as well as in terms of peak CPU and memory usage.

References

[1]

S. Ahn, H. Yi, Y. Lee, W.R. Ha, G. Kim, Y. Paek, Hawkware: network intrusion detection based on behavior analysis with anns on an Iot device, 2020 57th ACM/IEEE Design Automation Conference (DAC), IEEE, 2020, pp. 1–6.

[2]

E. Anthi, L. Williams, M. Słowińska, G. Theodorakopoulos, P. Burnap, A supervised intrusion detection system for smart home IoT devices, IEEE Internet Things J. 6 (5) (2019) 9042–9053.

[3]

Arcas, G.,. French chapter status report 2012 — the honeynet project.

[4]

J. Arshad, M.A. Azad, M.M. Abdellatif, M.H.U. Rehman, K. Salah, Colide: a collaborative intrusion detection framework for internet of things, IET Netw. 8 (1) (2019) 3–14.

Digital Library

[5]

J. Arshad, M.A. Azad, M.M. Abdeltaif, K. Salah, An intrusion detection framework for energy constrained IoT devices, Mech. Syst. Signal Process. 136 (2020) 106436.

[6]

M.J. Babu, A.R. Reddy, Sh-ids: specification heuristics based intrusion detection system for iot networks, Wireless Pers. Commun. 112 (3) (2020) 2023–2045.

[7]

J. Bassey, D. Adesina, X. Li, L. Qian, A. Aved, T. Kroecker, Intrusion detection for IoT devices based on Rf fingerprinting using deep learning, 2019 Fourth International Conference on Fog and Mobile Edge Computing (FMEC), IEEE, 2019, pp. 98–104.

[8]

J. Bassey, D. Adesina, X. Li, L. Qian, A. Aved, T. Kroecker, Intrusion detection for IoT devices based on Rf fingerprinting using deep learning, 2019 Fourth International Conference on Fog and mobile edge computing (FMEC), IEEE, 2019, pp. 98–104.

[9]

S. Behal, K. Kumar, An experimental analysis for malware detection using extrusions, 2011 2nd international Conference on Computer and Communication Technology (ICCCT-2011), IEEE, 2011, pp. 474–478.

[10]

M.N.M. Bhutta, A.A. Khwaja, A. Nadeem, H.F. Ahmad, M.K. Khan, M.A. Hanif, H. Song, M. Alshamari, Y. Cao, A survey on blockchain technology: evolution, architecture and security, IEEE Access 9 (2021) 61048–61073.

[11]

D. Breitenbacher, I. Homoliak, Y.L. Aung, N.O. Tippenhauer, Y. Elovici, Hades-IoT: a practical host-based anomaly detection system for IoT devices, Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, 2019, pp. 479–484.

[12]

S. Dange, M. Chatterjee, Iot botnet: the largest threat to the IoT network, Data Communication and Networks, Springer, 2020, pp. 137–157.

[13]

A.A. Diro, N. Chilamkurti, Distributed attack detection scheme using deep learning approach for internet of things, Future Generat. Comput. Syst. 82 (2018) 761–768.

[14]

S. Garcia, A. Parmisano, M.J. Erquiaga, Iot-23: a Labeled Dataset with Malicious and benign IoT Network Traffic, Stratosphere Lab., Praha, Czech Republic, Tech. Rep, 2020.

[15]

R. Gassais, N. Ezzati-Jivan, J.M. Fernandez, D. Aloise, M.R. Dagenais, Multi-level host-based intrusion detection system for internet of things, J. Cloud Comput. 9 (1) (2020) 1–16.

[16]

M. Ge, X. Fu, N. Syed, Z. Baig, G. Teo, A. Robles-Kelly, Deep learning-based intrusion detection for IoT networks, 2019 IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC), IEEE, 2019, pp. 256–25609.

[17]

M. Injadat, A. Moubayed, A. Shami, Detecting Botnet Attacks in IoT Environments: an Optimized Machine Learning Approach, 2020 32nd International Conference on Microelectronics (ICM), IEEE, 2020, pp. 1–4.

[18]

P.P. Ioulianou, V.G. Vassilakis, Denial-of-service attacks and countermeasures in the Rpl-based internet of Things, Computer Security, Springer, 2019, pp. 374–390.

[19]

N. Koroniotis, N. Moustafa, E. Sitnikova, B. Turnbull, Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: bot-iot dataset, Future Generat. Comput. Syst. 100 (2019) 779–796.

Digital Library

[20]

V. Kumar, D. Sinha, A.K. Das, S.C. Pandey, R.T. Goswami, An integrated rule based intrusion detection system: analysis on unsw-nb15 data set and the real time online dataset, Cluster Comput. 23 (2) (2020) 1397–1418.

[21]

LBNL/ICSI enterprise tracing project - project overview.

[22]

W. Li, W. Meng, M.H. Au, Enhancing collaborative intrusion detection via disagreement-based semi-supervised learning in iot environments, J. Netw. Comput. Appl. 161 (2020) 102631.

[23]

W. Li, S. Tug, W. Meng, Y. Wang, Designing collaborative blockchained signature-based intrusion detection in IoT environments, Future Generat. Comput. Syst. 96 (2019) 481–489.

[24]

C. Liang, B. Shanmugam, S. Azam, M. Jonkman, F. De Boer, G. Narayansamy, Intrusion detection system for internet of things based on a machine learning approach, 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN), IEEE, 2019, pp. 1–6.

[25]

J. Margolis, T.T. Oh, S. Jadhav, Y.H. Kim, J.N. Kim, An In-depth analysis of the Mirai botnet, 2017 International Conference on Software Security and Assurance (ICSSA), IEEE, 2017, pp. 6–12.

[26]

A. Marzano, D. Alexander, O. Fonseca, E. Fazzion, C. Hoepers, K. Steding-Jessen, M.H. Chaves, I. Cunha, D. Guedes, W. Meira, The evolution of bashlite and Mirai IoT botnets, 2018 IEEE Symposium on Computers and Communications (ISCC), IEEE, 2018, pp. 00813–00818.

[27]

Y. Meidan, M. Bohadana, Y. Mathov, Y. Mirsky, A. Shabtai, D. Breitenbacher, Y. Elovici, N-Baiot—network-based detection of iot botnet attacks using deep autoencoders, IEEE Pervasive Comput. 17 (3) (2018) 12–22.

Digital Library

[28]

S. Murali, A. Jamalipour, A lightweight intrusion detection for sybil attack under mobile rpl in the internet of things, IEEE Internet Things J. 7 (1) (2019) 379–388.

[29]

M.H. Nasir, J. Arshad, M.M. Khan, M. Fatima, K. Salah, R. Jayaraman, Scalable blockchains—a systematic review, Future Generat. Comput. Syst. 126 (2022) 136–162.

[30]

Y. Otoum, D. Liu, A. Nayak, Dl-ids: a deep learning–based intrusion detection framework for securing iot, Trans. Emerg. Telecommun. Technol. (2019).

Digital Library

[31]

A.-U.-H. Qureshi, H. Larijani, N. Mtetwa, A. Javed, J. Ahmad, et al., Rnn-abc: a new swarm optimization based technique for anomaly detection, Computers 8 (3) (2019) 59.

[32]

G. Raja, A. Ganapathisubramaniyan, G. Anand, et al., Intrusion detector for blockchain based IoT networks, 2018 Tenth International Conference on Advanced Computing (ICoAC), IEEE, 2018, pp. 328–332.

[33]

S. Saad, I. Traore, A. Ghorbani, B. Sayed, D. Zhao, W. Lu, J. Felix, P. Hakimian, Detecting P2P botnets through network behavior analysis and machine learning, 2011 Ninth annual international conference on privacy, security and trust, IEEE, 2011, pp. 174–180.

[34]

S. Satam, P. Satam, S. Hariri, Multi-level blacktooth intrusion detection system, 2020 IEEE/ACS 17th International Conference on Computer Systems and Applications (AICCSA), IEEE, 2020, pp. 1–8.

[35]

N. Sengupta, J. Sil, Intrusion Detection: A Data Mining Approach, Springer Nature, 2020.

[36]

S.A. Siddiqui, A. Mahmood, Q.Z. Sheng, H. Suzuki, W. Ni, A survey of trust management in the internet of vehicles, Electronics (Basel) 10 (18) (2021) 2223.

[37]

Y.N. Soe, Y. Feng, P.I. Santosa, R. Hartanto, K. Sakurai, Implementing lightweight IoT-ids on raspberry pi using correlation-based feature selection and its performance evaluation, International Conference on Advanced Information Networking and Applications, Springer, 2019, pp. 458–469.

[38]

G. Szabó, D. Orincsay, S. Malomsoky, I. Szabó, On the validation of traffic classification algorithms, International conference on passive and active network measurement, Springer, 2008, pp. 72–81.

[39]

R. Taylor, D. Baron, D. Schmidt, The world in 2025-predictions for the next ten years, 2015 10th International Microsystems, Packaging, Assembly and Circuits Technology Conference (IMPACT), IEEE, 2015, pp. 192–195.

[40]

G. Thamilarasu, A. Odesile, A. Hoang, An intrusion detection system for internet of medical things, IEEE Access 8 (2020) 181560–181576.

[41]

Q. Tian, J. Li, H. Liu, A method for guaranteeing wireless communication based on a combination of deep and shallow learning, IEEE Access 7 (2019) 38688–38695.

[42]

I. Ullah, Q.H. Mahmoud, A scheme for generating a dataset for anomalous activity detection in IoT networks, Canadian Conference on Artificial Intelligence, Springer, 2020, pp. 508–520.

[43]

P. Wainwright, H. Kettani, An analysis of botnet models, Proceedings of the 2019 3rd International Conference on Compute and Data Analysis, 2019, pp. 116–121.

[44]

A. West, S. Kannan, I. Lee, O. Sokolsky, An evaluation framework for reputation management systems, Departmental Papers (CIS) 10 (2012).

Cited By

Pramilarani KVasanthi Kumari P(2024)Cost based Random Forest Classifier for Intrusion Detection System in Internet of ThingsApplied Soft Computing10.1016/j.asoc.2023.111125151:COnline publication date: 17-Apr-2024
https://dl.acm.org/doi/10.1016/j.asoc.2023.111125
Cam NMan N(2024)Uit-DGAdetector: detect domains generated by algorithms using machine learningCluster Computing10.1007/s10586-024-04363-027:6(7599-7619)Online publication date: 1-Sep-2024
https://dl.acm.org/doi/10.1007/s10586-024-04363-0

Index Terms

Collaborative device-level botnet detection for internet of things
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Index terms have been assigned to the content through auto-classification.

Recommendations

Honeypot detection in advanced botnet attacks

Botnets have become one of the major attacks in the internet today due to their illicit profitable financial gain. Meanwhile, honeypots have been successfully deployed in many computer security defence systems. Since honeypots set up by security ...
Detection and prevention of malicious cryptocurrency mining on internet-connected devices
ICFNDS '18: Proceedings of the 2nd International Conference on Future Networks and Distributed Systems

As technology evolves, more and more devices are connected to the Internet. The popularity and increasing significance of cryptocurriences are drawing attention, and crybercriminals are trying to utilize the resources and steal the processing power of ...
Analysis of a Botnet Takeover

Botnets, networks of malware-infected machines (bots) that are controlled by an adversary, are the root cause of a large number of security problems on the Internet. A particularly sophisticated and insidious type of bot is Torpig, a malware program ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Computers and Security

Computers and Security Volume 129, Issue C

Jun 2023

606 pages

ISSN:0167-4048

Issue’s Table of Contents

Copyright © 2023.

Publisher

Elsevier Advanced Technology Publications

United Kingdom

Publication History

Published: 01 June 2023

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pramilarani KVasanthi Kumari P(2024)Cost based Random Forest Classifier for Intrusion Detection System in Internet of ThingsApplied Soft Computing10.1016/j.asoc.2023.111125151:COnline publication date: 17-Apr-2024
https://dl.acm.org/doi/10.1016/j.asoc.2023.111125
Cam NMan N(2024)Uit-DGAdetector: detect domains generated by algorithms using machine learningCluster Computing10.1007/s10586-024-04363-027:6(7599-7619)Online publication date: 1-Sep-2024
https://dl.acm.org/doi/10.1007/s10586-024-04363-0

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents