TWO-FOLD MACHINE LEARNING APPROACH TO PREVENT AND DETECT IOT BOTNET ATTACKS

Abstract

The botnet attack is a multi-stage and the
most prevalent cyber-attack in the Internet of
Things (IoT) environment that initiates with
scanning activity and ends at the distributed
denial of service (DDoS) attack. The existing
studies mostly focus on detecting botnet
attacks after the IoT devices get
compromised, and start performing the
DDoS attack. Similarly, the performance of
most of the existing machine learning based
botnet detection models is limited to a
specific dataset on which they are trained. As
a consequence, these solutions do not
perform well on other datasets due to the
diversity of attack patterns. Therefore, in this
work, we first produce a generic scanning and
DDoS attack dataset by generating 33 types
of scan and 60 types of DDoS attacks. In
addition, we partially integrated the scan and
DDoS attack samples from three publicly-
available datasets for maximum attack
coverage to better train the machine learning
algorithms. Afterwards, we propose a two-
fold machine learning approach to prevent
and detect IoT botnet attacks. In the first fold,
we trained a state-of-the-art deep learning
model, i.e., ResNet-18 to detect the scanning
activity in the premature attack stage to
prevent IoT botnet attacks. While, in the
second fold, we trained another ResNet-18
model for DDoS attack identification to
detect IoT botnet attacks. Overall, the
proposed two-fold approach manifests
98.89% accuracy, 99.01% precision, 98.74%
recall, and 98.87% f1-score to prevent and
detect IoT botnet attacks. To demonstrate the
effectiveness of the proposed two-fold
approach, we trained three other ResNet-18
models over three different datasets for
detecting scan and DDoS attacks and
compared their performance with the
proposed two-fold approach. The
experimental results prove that the proposed
two-fold approach can efficiently prevent and
detect botnet attacks as compared to other
trained models.