Towards Developing Network Forensic Mechanism for Botnet Activities in the IoT Based on Machine Learning Techniques

Koroniotis, Nickolaos; Moustafa, Nour; Sitnikova, Elena; Slay, Jill

doi:10.1007/978-3-319-90775-8_3

Cited by 88 publications

(46 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The ensemble technique provided higher detection rates and lower FP rates. Koroniotis et al used machine learning techniques on flow identifiers on UNSW‐NB15 to efficiently detect botnets and their tracks.…”

Section: Related Workmentioning

confidence: 99%

Using machine learning techniques to identify rare cyber‐attacks on the UNSW‐NB15 dataset

Bagui

Kalaimannan

Nandi

et al. 2019

Security and Privacy

View full text Add to dashboard Cite

This paper uses a hybrid feature selection process and classification techniques to classify cyber‐attacks in the UNSW‐NB15 dataset. A combination of k‐means clustering, and a correlation‐based feature selection, were used to come up with an optimum subset of features and then two classification techniques, one probabilistic, Naïve Bayes (NB), and a second, based on decision trees (J48), were employed. Our results show that this hybrid feature selection method in combination with the NB model was able to improve the classification accuracy of most attacks, especially the rare attacks. The false alarm rates were lower for most of the attacks, and particularly the rare attacks, with this combination of feature selection and the NB model. The J48 decision tree model, however, did not perform any better with the feature selection, but its classification rate for all attack families was already very high, with or without feature selection.

show abstract

Section: Related Workmentioning

confidence: 99%

Using machine learning techniques to identify rare cyber‐attacks on the UNSW‐NB15 dataset

Bagui

Kalaimannan

Nandi

et al. 2019

Security and Privacy

View full text Add to dashboard Cite

show abstract

“…The studies provide evidence that machine learning techniques can achieve success for attack detection. From the works discussing the issue of using machine learning for IoT security, the detection methodologies can be categorized as unsupervised methods [10], [12], [13], [14] and supervised methods [15], [16], [17], [9], [18].…”

Section: Related Workmentioning

confidence: 99%

“…[22] is another study that used the BoT-IoT dataset. 2018 Bot-IoT [10] 2018 Real dataset [8] 2016 Simulated dataset [12] 2018 N-BaIoT dataset [14] 2019 CICIDS2017-Simulated dataset-Bot-IoT [19] 2016 Simulated dataset [13] 2017 KDD /DARPA [20] 2015 Real dataset [15] 2017 Real dataset [21] 2018 Real dataset [18] 2018 Simulated dataset [16] 2017 USNW-NB15 [22] 2019 Bot-IoT [23] 2019 Real dataset [24] 2019 Bot-IoT [17] 2019 Bot-IoT…”

Section: Related Workmentioning

confidence: 99%

“…It is one way to display an algorithm that only contains conditional control statements. The attributes are used as the tree nodes and the criteria are constructed so as to guide from one node to another, with the "leaves" being the class values allocated to the record [16]. ID3 is usually used in the domains of machine learning and natural language processing, and it is the precursor of the C4.5 algorithm.…”

Section: B Machine Learning Algorithmsmentioning

confidence: 99%

See 1 more Smart Citation

Internet of Things Cyber Attacks Detection using Machine Learning

Alsamiri¹,

Alsubhi²

2019

IJACSA

View full text Add to dashboard Cite

The Internet of Things (IoT) combines hundreds of millions of devices which are capable of interaction with each other with minimum user interaction. IoT is one of the fastest-growing areas in of computing; however, the reality is that in the extremely hostile environment of the internet, IoT is vulnerable to numerous types of cyberattacks. To resolve this, practical countermeasures need to be established to secure IoT networks, such as network anomaly detection. Regardless that attacks cannot be wholly avoided forever, early detection of an attack is crucial for practical defense. Since IoT devices have low storage capacity and low processing power, traditional high-end security solutions to protect an IoT system are not appropriate. Also, IoT devices are now connected without human intervention for longer periods. This implies that intelligent network-based security solutions like machine learning solutions must be developed. Although many studies in recent years have discussed the use of Machine Learning (ML) solutions in attack detection problems, little attention has been given to the detection of attacks specifically in IoT networks. In this study, we aim to contribute to the literature by evaluating various machine learning algorithms that can be used to quickly and effectively detect IoT network attacks. A new dataset, Bot-IoT, is used to evaluate various detection algorithms. In the implementation phase, seven different machine learning algorithms were used, and most of them achieved high performance. New features were extracted from the Bot-IoT dataset during the implementation and compared with studies from the literature, and the new features gave better results.

show abstract

“…Network packet classification is one mechanism that can be done to detect DDoS. Machine learning techniques, by validating network data provided to classify with legitimate observations based on anomalies, can be used in the network forensic process [10]. DDoS attacks through computer networks, especially Local Area Networks (LANs) can be detected using multi-classification techniques, which is by combining data mining methods to get better accuracy [11].…”

Section: Introductionmentioning

confidence: 99%

DDoS Classification Using Neural Network and Naïve Bayes Methods for Network Forensics

Yudhana¹,

Riadi²,

Ridho³

2018

ijacsa

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) is a network security problem that continues to grow dynamically and has increased significantly to date. DDoS is a type of attack that is carried out by draining the available resources in the network by flooding the package with a significant intensity so that the system becomes overloaded and stops. This attack resulted in enormous losses for institutions and companies engaged in online services. Prolonged deductions and substantial recovery costs are additional losses for the company due to loss of integrity. The activities of damaging, disrupting, stealing data, and everything that is detrimental to the system owner on a computer network is an illegal act and can be imposed legally in court. Criminals can be punished based on the evidence found with the Forensics network mechanism. DDoS attack classification is based on network traffic activity using the neural network and naïve Bayes methods. Based on the experiments conducted, it was found that the results of accuracy in artificial neural networks were 95.23% and naïve Bayes were 99.9%. The experimental results show that the naïve Bayes method is better than the neural network. The results of the experiment and analysis can be used as evidence in the trial process.

show abstract

Towards Developing Network Forensic Mechanism for Botnet Activities in the IoT Based on Machine Learning Techniques

Cited by 88 publications

References 30 publications

Using machine learning techniques to identify rare cyber‐attacks on the UNSW‐NB15 dataset

Using machine learning techniques to identify rare cyber‐attacks on the UNSW‐NB15 dataset

Internet of Things Cyber Attacks Detection using Machine Learning

DDoS Classification Using Neural Network and Naïve Bayes Methods for Network Forensics

Contact Info

Product

Resources

About