Related papers: AI-Driven Fast and Early Detection of IoT Botnet Threats: A Comprehensive Network Traffic Analysis Approach

AI-Driven Fast and Early Detection of IoT Botnet Threats: A Comprehensive Network Traffic Analysis Approach

URL: http://arxiv.org/abs/2407.15688v1
Date: Mon, 22 Jul 2024 14:54:40 GMT
Title: AI-Driven Fast and Early Detection of IoT Botnet Threats: A Comprehensive Network Traffic Analysis Approach
Authors: Abdelaziz Amara korba, Aleddine Diaf, Yacine Ghamri-Doudane,
Abstract summary: This study proposes a comprehensive methodology for analyzing IoT network traffic. It explores a wide spectrum of network features critical for representing network traffic and characterizing benign IoT traffic patterns. Through extensive experimentation with the IoT-23 dataset, we have demonstrated the feasibility of detecting botnet traffic corresponding to different operations and types of bots.
Score: 3.783757921469148
License: http://creativecommons.org/licenses/by/4.0/
Abstract: In the rapidly evolving landscape of cyber threats targeting the Internet of Things (IoT) ecosystem, and in light of the surge in botnet-driven Distributed Denial of Service (DDoS) and brute force attacks, this study focuses on the early detection of IoT bots. It specifically addresses the detection of stealth bot communication that precedes and orchestrates attacks. This study proposes a comprehensive methodology for analyzing IoT network traffic, including considerations for both unidirectional and bidirectional flow, as well as packet formats. It explores a wide spectrum of network features critical for representing network traffic and characterizing benign IoT traffic patterns effectively. Moreover, it delves into the modeling of traffic using various semi-supervised learning techniques. Through extensive experimentation with the IoT-23 dataset - a comprehensive collection featuring diverse botnet types and traffic scenarios - we have demonstrated the feasibility of detecting botnet traffic corresponding to different operations and types of bots, specifically focusing on stealth command and control (C2) communications. The results obtained have demonstrated the feasibility of identifying C2 communication with a 100% success rate through packet-based methods and 94% via flow based approaches, with a false positive rate of 1.53%.

Related papers

Explainable Machine Learning for Cyberattack Identification from Traffic Flows [5.834276858232939]
We simulate cyberattacks in a semi-realistic environment, using a traffic network to analyze disruption patterns.<n>We develop a deep learning-based anomaly detection system, demonstrating that Longest Stop Duration and Total Jam Distance are key indicators of compromised signals.<n>This work enhances AI-driven traffic security, improving both detection accuracy and trustworthiness in smart transportation systems.
arXiv Detail & Related papers (2025-05-02T17:34:14Z)
Zero-Day Botnet Attack Detection in IoV: A Modular Approach Using Isolation Forests and Particle Swarm Optimization [5.283060049860749]
Bot malware and cyberattacks pose significant risks to Connected and Autonomous Vehicles. We propose an edge-based Intrusion Detection System (IDS) that monitors network traffic to and from CAVs.
arXiv Detail & Related papers (2025-04-26T05:57:03Z)
Enhancing IoT-Botnet Detection using Variational Auto-encoder and Cost-Sensitive Learning: A Deep Learning Approach for Imbalanced Datasets [0.0]
The work in this study leveraged Variational Auto-encoder (VAE) and cost-sensitive learning to develop models for IoT-botnet detection.<n>The aim is to enhance the detection of minority class attack traffic instances which are often missed by machine learning models.
arXiv Detail & Related papers (2025-04-26T02:04:30Z)
MDHP-Net: Detecting an Emerging Time-exciting Threat in IVN [42.74889568823579]
We identify a new time-exciting threat model against in-vehicle network (IVN)<n>These attacks inject malicious messages that exhibit a time-exciting effect, gradually manipulating network traffic to disrupt vehicle operations and compromise safety-critical functions.<n>To detect time-exciting threat, we introduce MDHP-Net, leveraging Multi-Dimentional Hawkes Process (MDHP) and temporal and message-wise feature extracting structures.
arXiv Detail & Related papers (2025-04-16T08:41:24Z)
Efficient IoT Intrusion Detection with an Improved Attention-Based CNN-BiLSTM Architecture [0.2356141385409842]
This paper presents a compact and efficient approach to detect botnet attacks by employing an integrated approach. The proposed attention-based model achieves 99% classification accuracy in detecting botnet attacks utilizing the N-BaIoT dataset.
arXiv Detail & Related papers (2025-03-25T04:12:14Z)
Enhanced Hybrid Deep Learning Approach for Botnet Attacks Detection in IoT Environment [0.5384718724090648]
Botnet attacks erode trust in IoT devices and systems, undermining confidence in their security, reliability, and integrity. Deep learning techniques have significantly enhanced the detection of botnet attacks due to their ability to analyze and learn from complex patterns in data. This research proposed the stacking of Deep convolutional neural networks, Bi-Directional Long Short-Term Memory (Bi-LSTM), Bi-Directional Gated Recurrent Unit (Bi-GRU), and Recurrent Neural Networks (RNN) for botnet attacks detection.
arXiv Detail & Related papers (2025-02-10T03:59:27Z)
Multi-view Correlation-aware Network Traffic Detection on Flow Hypergraph [5.64836465356865]
We propose a multi-view correlation-aware framework named FlowID for network traffic detection. FlowID captures multi-view traffic features via temporal and interaction awareness, while a hypergraph encoder further explores higher-order relationships between flows. We show that FlowID significantly outperforms existing methods in accuracy, robustness, and generalization across diverse network scenarios.
arXiv Detail & Related papers (2025-01-15T06:17:06Z)
NetFlowGen: Leveraging Generative Pre-training for Network Traffic Dynamics [72.95483148058378]
We propose to pre-train a general-purpose machine learning model to capture traffic dynamics with only traffic data from NetFlow records. We address challenges such as unifying network feature representations, learning from large unlabeled traffic data volume, and testing on real downstream tasks in DDoS attack detection.
arXiv Detail & Related papers (2024-12-30T00:47:49Z)
MIETT: Multi-Instance Encrypted Traffic Transformer for Encrypted Traffic Classification [59.96233305733875]
Classifying traffic is essential for detecting security threats and optimizing network management. We propose a Multi-Instance Encrypted Traffic Transformer (MIETT) to capture both token-level and packet-level relationships. MIETT achieves results across five datasets, demonstrating its effectiveness in classifying encrypted traffic and understanding complex network behaviors.
arXiv Detail & Related papers (2024-12-19T12:52:53Z)
Preliminary study on artificial intelligence methods for cybersecurity threat detection in computer networks based on raw data packets [34.82692226532414]
In this paper, we investigate deep learning methodologies capable of detecting attacks in real-time directly from raw packet data within network traffic. We propose a novel approach where packets are stacked into windows and separately recognised, with a 2D image representation suitable for processing with computer vision models.
arXiv Detail & Related papers (2024-07-24T15:04:00Z)
Deep Learning Approaches for Network Traffic Classification in the Internet of Things (IoT): A Survey [0.0]
The Internet of Things (IoT) has witnessed unprecedented growth, resulting in a massive influx of diverse network traffic from interconnected devices. Effectively classifying this network traffic is crucial for optimizing resource allocation, enhancing security measures, and ensuring efficient network management in IoT systems. Deep learning has emerged as a powerful technique for network traffic classification due to its ability to automatically learn complex patterns and representations from raw data.
arXiv Detail & Related papers (2024-02-01T14:33:24Z)
Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z)
OMINACS: Online ML-Based IoT Network Attack Detection and Classification System [0.0]
This paper proposes an online attack detection and network traffic classification system. It combines stream Machine Learning, Deep Learning, and Ensemble Learning technique. It can detect the presence of malicious traffic flows and classify them according to the type of attack they represent.
arXiv Detail & Related papers (2023-02-18T04:06:24Z)
Online Anomalous Subtrajectory Detection on Road Networks with Deep Reinforcement Learning [38.71141801699763]
We propose a novel reinforcement learning based solution called RL4OASD. RL4OASD involves two networks, one responsible for learning features of road networks and trajectories and the other responsible for detecting anomalous subtrajectories.
arXiv Detail & Related papers (2022-11-12T15:17:57Z)
Federated Deep Learning Meets Autonomous Vehicle Perception: Design and Verification [168.67190934250868]
Federated learning empowered connected autonomous vehicle (FLCAV) has been proposed. FLCAV preserves privacy while reducing communication and annotation costs. It is challenging to determine the network resources and road sensor poses for multi-stage training.
arXiv Detail & Related papers (2022-06-03T23:55:45Z)
AI-aided Traffic Control Scheme for M2M Communications in the Internet of Vehicles [61.21359293642559]
The dynamics of traffic and the heterogeneous requirements of different IoV applications are not considered in most existing studies. We consider a hybrid traffic control scheme and use proximal policy optimization (PPO) method to tackle it.
arXiv Detail & Related papers (2022-03-05T10:54:05Z)
A Comparative Analysis of Machine Learning Algorithms for Intrusion Detection in Edge-Enabled IoT Networks [0.0]
Intrusion detection is one of the challenging issues in the area of network security. In this paper, a comparative analysis of conventional machine learning classification algorithms has been performed. It can be observed that Multi-Layer Perception (MLP) has dependencies between input and output and relies more on network configuration for intrusion detection.
arXiv Detail & Related papers (2021-11-02T05:58:07Z)
Semi-supervised Variational Temporal Convolutional Network for IoT Communication Multi-anomaly Detection [3.3659034873495632]
Internet of Things (IoT) devices are constructed to build a huge communications network. These devices are insecure in reality, it means that the communications network are exposed by the attacker. In this paper, we propose SS-VTCN, a semi-supervised network for IoT multiple anomaly detection.
arXiv Detail & Related papers (2021-04-05T08:51:24Z)
Automated Identification of Vulnerable Devices in Networks using Traffic Data and Deep Learning [30.536369182792516]
Device-type identification combined with data from vulnerability databases can pinpoint vulnerable IoT devices in a network. We present and evaluate two deep learning approaches to the reliable IoT device-type identification.
arXiv Detail & Related papers (2021-02-16T14:49:34Z)
Automating Botnet Detection with Graph Neural Networks [106.24877728212546]
Botnets are now a major source for many network attacks, such as DDoS attacks and spam. In this paper, we consider the neural network design challenges of using modern deep learning techniques to learn policies for botnet detection automatically.
arXiv Detail & Related papers (2020-03-13T15:34:33Z)

This list is automatically generated from the titles and abstracts of the papers in this site.