TY - GEN
T1 - Using MedBIoT Dataset to Build Effective Machine Learning-Based IoT Botnet Detection Systems
AU - Guerra-Manzanares, Alejandro
AU - Medina-Galindo, Jorge
AU - Bahsi, Hayretdin
AU - Nõmm, Sven
N1 - Publisher Copyright:
© 2022, Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - The exponential increase in the adoption of the Internet of Things (IoT) technology combined with the usual lack of security measures carried by such devices have brought up new risks and security challenges to networks. IoT devices are prone to be easily compromised and used as magnification platforms for record-breaking cyber-attacks (i.e., Distributed Denial-of-Service attacks). Intrusion detection systems based on machine learning aim to detect such threats effectively, overcoming the security limitations on networks. In this regard, data quantity and quality is key to build effective detection models. These data are scarce and limited to small-sized networks for IoT environments. This research addresses this gap generating a labelled behavioral IoT data set, composed of normal and actual botnet network traffic in a medium-sized IoT network (up to 83 devices). Mirai, BashLite and Torii real botnet malware are deployed and data from early stages of botnet deployment is acquired (i.e., infection, propagation and communication with C&C stages). Supervised (i.e. classification) and unsupervised (i.e., anomaly detection) machine learning models are built with the data acquired as a demonstration of the suitability and reliability of the collected data set for effective machine learning-based botnet detection intrusion detection systems (i.e., testing, design and deployment). The IoT behavioral data set is released, being publicly available as MedBIoT data set.
AB - The exponential increase in the adoption of the Internet of Things (IoT) technology combined with the usual lack of security measures carried by such devices have brought up new risks and security challenges to networks. IoT devices are prone to be easily compromised and used as magnification platforms for record-breaking cyber-attacks (i.e., Distributed Denial-of-Service attacks). Intrusion detection systems based on machine learning aim to detect such threats effectively, overcoming the security limitations on networks. In this regard, data quantity and quality is key to build effective detection models. These data are scarce and limited to small-sized networks for IoT environments. This research addresses this gap generating a labelled behavioral IoT data set, composed of normal and actual botnet network traffic in a medium-sized IoT network (up to 83 devices). Mirai, BashLite and Torii real botnet malware are deployed and data from early stages of botnet deployment is acquired (i.e., infection, propagation and communication with C&C stages). Supervised (i.e. classification) and unsupervised (i.e., anomaly detection) machine learning models are built with the data acquired as a demonstration of the suitability and reliability of the collected data set for effective machine learning-based botnet detection intrusion detection systems (i.e., testing, design and deployment). The IoT behavioral data set is released, being publicly available as MedBIoT data set.
KW - Anomaly detection
KW - Botnet
KW - Dataset
KW - Internet of Things
KW - Intrusion detection
KW - IoT
KW - Machine learning
UR - http://www.scopus.com/inward/record.url?scp=85123979591&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-94900-6_11
DO - 10.1007/978-3-030-94900-6_11
M3 - Conference contribution
AN - SCOPUS:85123979591
SN - 9783030948993
T3 - Communications in Computer and Information Science
SP - 222
EP - 243
BT - Information Systems Security and Privacy - 6th International Conference, ICISSP 2020, Revised Selected Papers
A2 - Furnell, Steven
A2 - Mori, Paolo
A2 - Weippl, Edgar
A2 - Camp, Olivier
PB - Springer Science and Business Media Deutschland GmbH
T2 - 6th International Conference on Information Systems Security and Privacy, ICISSP 2020
Y2 - 25 February 2020 through 27 February 2020
ER -