College of Computer Science and Engineering, Taibah University, Medina 42353, Saudi Arabia.
School of Computing and Digital Technology, Birmingham City University, Birmingham B4 7XG, UK.
Sensors (Basel). 2021 Dec 28;22(1):185. doi: 10.3390/s22010185.
Due to the wide availability and usage of connected devices in Internet of Things (IoT) networks, the number of attacks on these networks is continually increasing. A particularly serious and dangerous type of attack in the IoT environment is the botnet attack, where the attackers can control the IoT systems to generate enormous networks of "bot" devices for generating malicious activities. To detect this type of attack, several Intrusion Detection Systems (IDSs) have been proposed for IoT networks based on machine learning and deep learning methods. As the main characteristics of IoT systems include their limited battery power and processor capacity, maximizing the efficiency of intrusion detection systems for IoT networks is still a research challenge. It is important to provide efficient and effective methods that use lower computational time and have high detection rates. This paper proposes an aggregated mutual information-based feature selection approach with machine learning methods to enhance detection of IoT botnet attacks. In this study, the N-BaIoT benchmark dataset was used to detect botnet attack types using real traffic data gathered from nine commercial IoT devices. The dataset includes binary and multi-class classifications. The feature selection method incorporates Mutual Information (MI) technique, Principal Component Analysis (PCA) and ANOVA f-test at finely-granulated detection level to select the relevant features for improving the performance of IoT Botnet classifiers. In the classification step, several ensemble and individual classifiers were used, including Random Forest (RF), XGBoost (XGB), Gaussian Naïve Bayes (GNB), k-Nearest Neighbor (k-NN), Logistic Regression (LR) and Support Vector Machine (SVM). The experimental results showed the efficiency and effectiveness of the proposed approach, which outperformed other techniques using various evaluation metrics.
由于物联网 (IoT) 网络中连接设备的广泛应用,针对这些网络的攻击数量不断增加。物联网环境中一种特别严重和危险的攻击类型是僵尸网络攻击,攻击者可以控制物联网系统生成大量的“僵尸”设备网络,以产生恶意活动。为了检测这种类型的攻击,已经提出了几种基于机器学习和深度学习方法的物联网网络入侵检测系统 (IDS)。由于物联网系统的主要特点包括其有限的电池电量和处理器容量,因此最大限度地提高物联网网络入侵检测系统的效率仍然是一个研究挑战。重要的是要提供使用较低计算时间和具有高检测率的高效和有效的方法。本文提出了一种基于聚合互信息的特征选择方法与机器学习方法相结合,以提高物联网僵尸网络攻击的检测能力。在这项研究中,使用 N-BaIoT 基准数据集来检测使用从九种商业物联网设备收集的真实流量数据的僵尸网络攻击类型。该数据集包括二进制和多类分类。特征选择方法结合了互信息 (MI) 技术、主成分分析 (PCA) 和方差分析 f 检验,以在细粒度检测级别选择相关特征,从而提高物联网僵尸网络分类器的性能。在分类步骤中,使用了几种集成和单个分类器,包括随机森林 (RF)、极端梯度提升 (XGB)、高斯朴素贝叶斯 (GNB)、k-最近邻 (k-NN)、逻辑回归 (LR) 和支持向量机 (SVM)。实验结果表明,所提出的方法的效率和有效性,该方法在使用各种评估指标时优于其他技术。