Machine Learning-Based Early Detection of IoT Botnets Using Network-Edge Traffic

• URL: http://arxiv.org/abs/2010.11453v1
• Date: Thu, 22 Oct 2020 05:29:48 GMT
• Title: Machine Learning-Based Early Detection of IoT Botnets Using Network-Edge Traffic
• Authors: Ayush Kumar, Mrinalini Shridhar, Sahithya Swaminathan, Teng Joon Lim
• Abstract summary: EDIMA is designed to be deployed at the edge gateway installed in home networks and targets early detection of botnets prior to the launch of an attack. EDima includes a novel two-stage Machine Learning (ML)-based detector developed specifically for IoT bot detection at the edge gateway. EDima is also shown to outperform existing detection techniques for bot scanning traffic and bot-CnC server communication.
• Score: 9.248700524610191
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: In this work, we present a lightweight IoT botnet detection solution, EDIMA, which is designed to be deployed at the edge gateway installed in home networks and targets early detection of botnets prior to the launch of an attack. EDIMA includes a novel two-stage Machine Learning (ML)-based detector developed specifically for IoT bot detection at the edge gateway. The ML-based bot detector first employs ML algorithms for aggregate traffic classification and subsequently Autocorrelation Function (ACF)-based tests to detect individual bots. The EDIMA architecture also comprises a malware traffic database, a policy engine, a feature extractor and a traffic parser. Performance evaluation results show that EDIMA achieves high bot scanning and bot-CnC traffic detection accuracies with very low false positive rates. The detection performance is also shown to be robust to an increase in the number of IoT devices connected to the edge gateway where EDIMA is deployed. Further, the runtime performance analysis of a Python implementation of EDIMA deployed on a Raspberry Pi reveals low bot detection delays and low RAM consumption. EDIMA is also shown to outperform existing detection techniques for bot scanning traffic and bot-CnC server communication.

Related papers

• Exploring Highly Quantised Neural Networks for Intrusion Detection in Automotive CAN [13.581341206178525]
  Machine learning-based intrusion detection models have been shown to successfully detect multiple targeted attack vectors. In this paper, we present a case for custom-quantised literature (CQMLP) as a multi-class classification model. We show that the 2-bit CQMLP model, when integrated as the IDS, can detect malicious attack messages with a very high accuracy of 99.9%.
  arXiv  Detail & Related papers  (2024-01-19T21:11:02Z)
• A Lightweight Multi-Attack CAN Intrusion Detection System on Hybrid FPGAs [13.581341206178525]
  Intrusion detection and mitigation approaches have shown promising results in detecting multiple attack vectors in Controller Area Network (CAN) We present a lightweight multi-attack quantised machine learning model that is deployed using Xilinx's Deep Learning Processing Unit IP on a Zynq Ultrascale+ (XCZU3EG) FPGA. The model detects denial of service and fuzzing attacks with an accuracy of above 99 % and a false positive rate of 0.07%, which are comparable to the state-of-the-art techniques in the literature.
  arXiv  Detail & Related papers  (2024-01-19T13:39:05Z)
• MONDEO: Multistage Botnet Detection [2.259031129687683]
  MONDEO is a multistage mechanism to detect DNS-based botnet malware. It comprises four detection stages: Blacklisting/Whitelisting, Query rate analysis, DGA analysis, and Machine learning evaluation. MONDEO was tested against several datasets to measure its efficiency and performance.
  arXiv  Detail & Related papers  (2023-08-31T09:12:30Z)
• Label-Efficient Object Detection via Region Proposal Network Pre-Training [58.50615557874024]
  We propose a simple pretext task that provides an effective pre-training for the region proposal network (RPN) In comparison with multi-stage detectors without RPN pre-training, our approach is able to consistently improve downstream task performance.
  arXiv  Detail & Related papers  (2022-11-16T16:28:18Z)
• Integral Migrating Pre-trained Transformer Encoder-decoders for Visual Object Detection [78.2325219839805]
  imTED improves the state-of-the-art of few-shot object detection by up to 7.6% AP. Experiments on MS COCO dataset demonstrate that imTED consistently outperforms its counterparts by 2.8%.
  arXiv  Detail & Related papers  (2022-05-19T15:11:20Z)
• AVTPnet: Convolutional Autoencoder for AVTP anomaly detection in Automotive Ethernet Networks [2.415997479508991]
  In this paper, we propose a convolutional autoencoder (CAE) for offline detection of anomalies on the Audio Video Transport Protocol (AVTP) Our proposed approach is evaluated on the recently published " Automotive Ethernet Intrusion dataset"
  arXiv  Detail & Related papers  (2022-01-31T19:13:20Z)
• A Single-Target License Plate Detection with Attention [56.83051142257412]
  Neural Network is commonly adopted to the License Plate Detection (LPD) task and achieves much better performance and precision, especially CNN-based networks can achieve state of the art RetinaNet. For a single object detection task such as LPD, modified general object detection would be time-consuming, unable to cope with complex scenarios and a cumbersome weights file that is too hard to deploy on the embedded device.
  arXiv  Detail & Related papers  (2021-12-12T03:00:03Z)
• Improving Botnet Detection with Recurrent Neural Network and Transfer Learning [5.602292536933117]
  Botnet detection is a critical step in stopping the spread of botnets and preventing malicious activities. Recent approaches employing machine learning (ML) showed improved performance than earlier ones. We propose a novel botnet detection method, built upon Recurrent Variational Autoencoder (RVAE)
  arXiv  Detail & Related papers  (2021-04-26T14:05:01Z)
• Simultaneous Detection and Tracking with Motion Modelling for Multiple Object Tracking [94.24393546459424]
  We introduce Deep Motion Modeling Network (DMM-Net) that can estimate multiple objects' motion parameters to perform joint detection and association. DMM-Net achieves PR-MOTA score of 12.80 @ 120+ fps for the popular UA-DETRAC challenge, which is better performance and orders of magnitude faster. We also contribute a synthetic large-scale public dataset Omni-MOT for vehicle tracking that provides precise ground-truth annotations.
  arXiv  Detail & Related papers  (2020-08-20T08:05:33Z)
• Contextual-Bandit Anomaly Detection for IoT Data in Distributed Hierarchical Edge Computing [65.78881372074983]
  IoT devices can hardly afford complex deep neural networks (DNN) models, and offloading anomaly detection tasks to the cloud incurs long delay. We propose and build a demo for an adaptive anomaly detection approach for distributed hierarchical edge computing (HEC) systems. We show that our proposed approach significantly reduces detection delay without sacrificing accuracy, as compared to offloading detection tasks to the cloud.
  arXiv  Detail & Related papers  (2020-04-15T06:13:33Z)
• Adaptive Anomaly Detection for IoT Data in Hierarchical Edge Computing [71.86955275376604]
  We propose an adaptive anomaly detection approach for hierarchical edge computing (HEC) systems to solve this problem. We design an adaptive scheme to select one of the models based on the contextual information extracted from input data, to perform anomaly detection. We evaluate our proposed approach using a real IoT dataset, and demonstrate that it reduces detection delay by 84% while maintaining almost the same accuracy as compared to offloading detection tasks to the cloud.
  arXiv  Detail & Related papers  (2020-01-10T05:29:17Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.