IoT Botnet Detection Using Various One-Class Classifiers

• Main Authors: Mehedi Hasan Raj, A. N. M. Asifur Rahman, Umma Habiba Akter, Khayrun Nahar Riya, Anika Tasneem Nijhum, Rashedur M. Rahman
• Format: Article
• Language: English
• Published: World Scientific Publishing 2021-05-01
• Series: Vietnam Journal of Computer Science
• Subjects: botnet; iot botnet; cybersecurity; ddos attack; one-class classifier; support vector machine; elliptic envelope; local outlier factor
• Online Access: http://www.worldscientific.com/doi/epdf/10.1142/S2196888821500123

Nowadays, the Internet of Things (IoT) is a common word for the people because of its increasing number of users. Statistical results show that the users of IoT devices are dramatically increasing, and in the future, it will be to an ever-increasing extent. Because of the increasing number of users, security experts are now concerned about its security. In this research, we would like to improve the security system of IoT devices, particularly in IoT botnet, by applying various machine learning (ML) techniques. In this paper, we have set up an approach to detect botnet of IoT devices using three one-class classifier ML algorithms. The algorithms are: one-class support vector machine (OCSVM), elliptic envelope (EE), and local outlier factor (LOF). Our method is a network flow-based botnet detection technique, and we use the input packet, protocol, source port, destination port, and time as features of our algorithms. After a number of preprocessing steps, we feed the preprocessed data to our algorithms that can achieve a good precision score that is approximately 77–99%. The one-class SVM achieves the best accuracy score, approximately 99% in every dataset, and EE’s accuracy score varies from 91% to 98%; however, the LOF factor achieves lowest accuracy score that is from 77% to 99%. Our algorithms are cost-effective and provide good accuracy in short execution time.