Internet of Things (IoT) devices have become increasingly widespread. Despite their potential of improving multiple application domains, these devices have poor security, which can be explored by attackers to build large-scale botnets. In this work, we propose a host-based approach to detect botnets in IoT devices, named IoTDS (Internet of Things Detection System). It relies on one-class classifiers, which model only the legitimate device behaviour for further detection of deviations, avoiding the manual labelling process. The proposed solution is underpinned by a novel agent-manager architecture based on HTTPS, which prevents the IoT device from being overloaded by the training activities. To analyse the device’s behaviour, the approach extracts features from the device’s CPU utilisation and temperature, memory consumption, and number of running tasks, meaning that it does not make use of network traffic data. To test our approach, we used an experimental IoT setup containing a device compromised by bot malware. Multiple scenarios were made, including three different IoT device profiles and seven botnets. Four one-class algorithms (Elliptic Envelope, Isolation Forest, Local Outlier Factor, and One-class Support Vector Machine) were evaluated. The results show the proposed system has a good predictive performance for different botnets, achieving a mean F1-score of 94% for the best performing algorithm, the Local Outlier Factor. The system also presented a low impact on the device’s energy consumption, and CPU and memory utilisation.
From the analysis of spatio-temporal data one can identify group patterns of moving objects, for example the flock pattern. This pattern can be defined as a minimal number of entities within a defined disk diameter moving together during a certain time-window. However, as the trajectories of di↵erent objects are collected, they may be irregular due to problems such as system failures, passing through tunnels or underground, etc., causing gaps in the collected trajectories. One technique to address this problem is path interpolation, which geometrically generates points corresponding to missing spatio-temporal points based on collected data. In this sense, the objective of this work is to include interpolation techniques in online flock pattern algorithms for the treatment of lossy spatiotemporal data streams using configurable size of temporary memory. Our approach allows employing di↵erent interpolation methods with low overhead and good precision results. Comparing results using the original databases and interpolated streams, the experiments showed good results in the search for flock patterns reaching up to 80% recovery of lost answers, without significantly impacting the algorithm execution cost.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.