One-class Classification to Detect Botnets in IoT devices
Abstract
With the increasing number of different Internet of Things devices, new threats to network security emerge due to these devices' low security. Botnets are a widespread threat that takes advantage of IoT devices vulnerabilities to compromise multiple devices and perform coordinated attacks. To tackle this, new methods addressing IoT botnets detection are required. In this paper, we propose a host-based detection system based on one-class classifiers. It was used a One-class Support Vector Machine built with features such as CPU and memory usage to detect malicious activities. The predictive performance and resource consumption of the proposed approach was evaluated in a controlled network using three different legitimate settings and seven IoT botnets. The results indicate that the proposed system is efficient in detecting different botnets with low resource consumption.
References
Amaral, J. P., Oliveira, L. M., Rodrigues, J. J., Han, G., and Shu, L. (2014). Policy and network-based intrusion detection system for IPv6-enabled wireless sensor networks. In Communications (ICC), 2014 IEEE International Conference on, pages 1796–1801. IEEE.
An, N., Duff, A., Naik, G., Faloutsos, M., Weber, S., and Mancoridis, S. (2017). Behavioral anomaly detection of malware on home routers. In Malicious and Unwanted Software (MALWARE), 2017 12th International Conference on, pages 47–54. IEEE.
Angrishi, K. (2017). Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets. arXiv preprint arXiv:1702.03681, pages 1–17.
Bertino, E. and Islam, N. (2017). Botnets and Internet of Things Security. Computer, 50(2):76–79.
Habibi, J., Midi, D., Mudgerikar, A., and Bertino, E. (2017). Heimdall: Mitigating the internet of insecure things. IEEE Internet of Things Journal, 4(4):968–978.
Khan, S. S. and Madden, M. G. (2009). A survey of recent trends in one class classification. In Irish Conference on Artificial Intelligence and Cognitive Science, pages 188–197. Springer.
Kolias, C., Kambourakis, G., Stavrou, A., and Voas, J. (2017). DDoS in the IoT: Mirai and Other Botnets. Computer, 50(7):80–84.
Mansfield-Devine, S. (2016). DDoS goes mainstream: how headline-grabbing attacks could make this threat an organisation’s biggest nightmare. Network Security, 2016(11):7 – 13.
Meidan, Y., Bohadana, M., Mathov, Y., Mirsky, Y., Breitenbacher, D., Shabtai, A., and Elovici, Y. (2018). N-BaIoT: Network-based detection of IoT botnet attacks using deep autoencoders. arXiv preprint arXiv:1805.03409.
Raza, S., Wallgren, L., and Voigt, T. (2013). SVELTE: Real-time intrusion detection in the Internet of Things. Ad hoc networks, 11(8):2661–2674.
Sokolova, M. and Lapalme, G. (2009). A systematic analysis of performance measures for classification tasks. Information Processing & Management, 45(4):427–437.
Stavrou, A., Voas, J., and Fellow, I. (2017). DDoS in the IoT. Computer, 50:80–84.
Whitmore, A., Agarwal, A., and Da Xu, L. (2015). The Internet of Things—A survey of topics and trends. Information Systems Frontiers, 17(2):261–274.
Zarpelão, B. B., Miani, R. S., Kawakani, C. T., and de Alvarenga, S. C. (2017). A survey of intrusion detection in Internet of Things. Journal of Network and Computer Applications, 84(September 2016):25–37.
