MedBIoT: Generation of an IoT botnet dataset in a medium-sized IoT network

Alejandro Guerra-Manzanares; Jorge Medina-Galindo; Hayretdin Bahsi; Sven Nõmm

doi:10.5220/0009187802070218

MedBIoT: Generation of an IoT botnet dataset in a medium-sized IoT network

Alejandro Guerra-Manzanares, Jorge Medina-Galindo, Hayretdin Bahsi, Sven Nõmm

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

97 Citations (Scopus)

Abstract

The exponential growth of the Internet of Things in conjunction with the traditional lack of security mechanisms and resource constraints associated with these devices have posed new risks and challenges to security in networks. IoT devices are compromised and used as amplification platforms by cyber-attackers, such as DDoS attacks. Machine learning-based intrusion detection systems aim to overcome network security limitations relying heavily on data quantity and quality. In the case of IoT networks these data are scarce and limited to small-sized networks. This research addresses this issue by providing a labelled behavioral IoT data set, which includes normal and actual botnet malicious network traffic, in a medium-sized IoT network infrastructure (83 IoT devices). Three prominent botnet malware are deployed and data from botnet infection, propagation and communication with C&C stages are collected (Mirai, BashLite and Torii). Binary and multi-class machine learning classification models are run on the acquired data demonstrating the suitability and reliability of the generated data set for machine learning-based botnet detection IDS testing, design and deployment. The generated IoT behavioral data set is released publicly available as MedBIoT data set^∗.

Original language	English
Title of host publication	ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy
Editors	Steven Furnell, Paolo Mori, Edgar Weippl, Olivier Camp
Publisher	SciTePress
Pages	207-218
Number of pages	12
ISBN (Electronic)	9789897583995
DOIs	https://doi.org/10.5220/0009187802070218
Publication status	Published - 2020
Externally published	Yes
Event	6th International Conference on Information Systems Security and Privacy, ICISSP 2020 - Valletta, Malta Duration: 25 Feb 2020 → 27 Feb 2020

Publication series

Name	ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy

Conference

Conference	6th International Conference on Information Systems Security and Privacy, ICISSP 2020
Country/Territory	Malta
City	Valletta
Period	25/02/20 → 27/02/20

Keywords

Anomaly detection
Botnet
Dataset
Internet of Things
Intrusion detection
IoT

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Information Systems
Safety, Risk, Reliability and Quality

Access to Document

10.5220/0009187802070218

Cite this

Guerra-Manzanares, A., Medina-Galindo, J., Bahsi, H., & Nõmm, S. (2020). MedBIoT: Generation of an IoT botnet dataset in a medium-sized IoT network. In S. Furnell, P. Mori, E. Weippl, & O. Camp (Eds.), ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy (pp. 207-218). (ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy). SciTePress. https://doi.org/10.5220/0009187802070218

Guerra-Manzanares, Alejandro ; Medina-Galindo, Jorge ; Bahsi, Hayretdin et al. / MedBIoT : Generation of an IoT botnet dataset in a medium-sized IoT network. ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy. editor / Steven Furnell ; Paolo Mori ; Edgar Weippl ; Olivier Camp. SciTePress, 2020. pp. 207-218 (ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy).

@inproceedings{5057c47529824dc2a5f0d7a96718f811,

title = "MedBIoT: Generation of an IoT botnet dataset in a medium-sized IoT network",

abstract = "The exponential growth of the Internet of Things in conjunction with the traditional lack of security mechanisms and resource constraints associated with these devices have posed new risks and challenges to security in networks. IoT devices are compromised and used as amplification platforms by cyber-attackers, such as DDoS attacks. Machine learning-based intrusion detection systems aim to overcome network security limitations relying heavily on data quantity and quality. In the case of IoT networks these data are scarce and limited to small-sized networks. This research addresses this issue by providing a labelled behavioral IoT data set, which includes normal and actual botnet malicious network traffic, in a medium-sized IoT network infrastructure (83 IoT devices). Three prominent botnet malware are deployed and data from botnet infection, propagation and communication with C&C stages are collected (Mirai, BashLite and Torii). Binary and multi-class machine learning classification models are run on the acquired data demonstrating the suitability and reliability of the generated data set for machine learning-based botnet detection IDS testing, design and deployment. The generated IoT behavioral data set is released publicly available as MedBIoT data set∗.",

keywords = "Anomaly detection, Botnet, Dataset, Internet of Things, Intrusion detection, IoT",

author = "Alejandro Guerra-Manzanares and Jorge Medina-Galindo and Hayretdin Bahsi and Sven N{\~o}mm",

note = "Publisher Copyright: {\textcopyright} Copyright 2020 by SCITEPRESS - Science and Technology Publications, Lda. All rights reserved.; 6th International Conference on Information Systems Security and Privacy, ICISSP 2020 ; Conference date: 25-02-2020 Through 27-02-2020",

year = "2020",

doi = "10.5220/0009187802070218",

language = "English",

series = "ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy",

publisher = "SciTePress",

pages = "207--218",

editor = "Steven Furnell and Paolo Mori and Edgar Weippl and Olivier Camp",

booktitle = "ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy",

}

Guerra-Manzanares, A, Medina-Galindo, J, Bahsi, H & Nõmm, S 2020, MedBIoT: Generation of an IoT botnet dataset in a medium-sized IoT network. in S Furnell, P Mori, E Weippl & O Camp (eds), ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy. ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy, SciTePress, pp. 207-218, 6th International Conference on Information Systems Security and Privacy, ICISSP 2020, Valletta, Malta, 25/02/20. https://doi.org/10.5220/0009187802070218

MedBIoT: Generation of an IoT botnet dataset in a medium-sized IoT network. / Guerra-Manzanares, Alejandro; Medina-Galindo, Jorge; Bahsi, Hayretdin et al.
ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy. ed. / Steven Furnell; Paolo Mori; Edgar Weippl; Olivier Camp. SciTePress, 2020. p. 207-218 (ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy).

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - MedBIoT

T2 - 6th International Conference on Information Systems Security and Privacy, ICISSP 2020

AU - Guerra-Manzanares, Alejandro

AU - Medina-Galindo, Jorge

AU - Bahsi, Hayretdin

AU - Nõmm, Sven

PY - 2020

Y1 - 2020

N2 - The exponential growth of the Internet of Things in conjunction with the traditional lack of security mechanisms and resource constraints associated with these devices have posed new risks and challenges to security in networks. IoT devices are compromised and used as amplification platforms by cyber-attackers, such as DDoS attacks. Machine learning-based intrusion detection systems aim to overcome network security limitations relying heavily on data quantity and quality. In the case of IoT networks these data are scarce and limited to small-sized networks. This research addresses this issue by providing a labelled behavioral IoT data set, which includes normal and actual botnet malicious network traffic, in a medium-sized IoT network infrastructure (83 IoT devices). Three prominent botnet malware are deployed and data from botnet infection, propagation and communication with C&C stages are collected (Mirai, BashLite and Torii). Binary and multi-class machine learning classification models are run on the acquired data demonstrating the suitability and reliability of the generated data set for machine learning-based botnet detection IDS testing, design and deployment. The generated IoT behavioral data set is released publicly available as MedBIoT data set∗.

AB - The exponential growth of the Internet of Things in conjunction with the traditional lack of security mechanisms and resource constraints associated with these devices have posed new risks and challenges to security in networks. IoT devices are compromised and used as amplification platforms by cyber-attackers, such as DDoS attacks. Machine learning-based intrusion detection systems aim to overcome network security limitations relying heavily on data quantity and quality. In the case of IoT networks these data are scarce and limited to small-sized networks. This research addresses this issue by providing a labelled behavioral IoT data set, which includes normal and actual botnet malicious network traffic, in a medium-sized IoT network infrastructure (83 IoT devices). Three prominent botnet malware are deployed and data from botnet infection, propagation and communication with C&C stages are collected (Mirai, BashLite and Torii). Binary and multi-class machine learning classification models are run on the acquired data demonstrating the suitability and reliability of the generated data set for machine learning-based botnet detection IDS testing, design and deployment. The generated IoT behavioral data set is released publicly available as MedBIoT data set∗.

KW - Anomaly detection

KW - Botnet

KW - Dataset

KW - Internet of Things

KW - Intrusion detection

KW - IoT

UR - http://www.scopus.com/inward/record.url?scp=85083026337&partnerID=8YFLogxK

U2 - 10.5220/0009187802070218

DO - 10.5220/0009187802070218

M3 - Conference contribution

AN - SCOPUS:85083026337

T3 - ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy

SP - 207

EP - 218

BT - ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy

A2 - Furnell, Steven

A2 - Mori, Paolo

A2 - Weippl, Edgar

A2 - Camp, Olivier

PB - SciTePress

Y2 - 25 February 2020 through 27 February 2020

ER -

Guerra-Manzanares A, Medina-Galindo J, Bahsi H, Nõmm S. MedBIoT: Generation of an IoT botnet dataset in a medium-sized IoT network. In Furnell S, Mori P, Weippl E, Camp O, editors, ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy. SciTePress. 2020. p. 207-218. (ICISSP 2020 - Proceedings of the 6th International Conference on Information Systems Security and Privacy). doi: 10.5220/0009187802070218

MedBIoT: Generation of an IoT botnet dataset in a medium-sized IoT network

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this