Journal of Machine and Computing


ECBoA-OFS: An Ensemble Classification Model for Botnet Attacks based on Optimal Feature Selection using CPR in IoT



Journal of Machine and Computing

Received On : 10 March 2024

Revised On : 22 May 2024

Accepted On : 16 July 2024

Published On : 05 October 2024

Volume 04, Issue 04

Pages : 870-885


Abstract


The rapid growth of the Internet of Things (IoT) has indeed introduced new security challenges, and the proliferation of compromised IoT devices has become a significant concern. Botnet attacks, where multiple corrupted devices are managed by a particular object, have become a widespread threat in IoT environments. These are used for a variety of malicious activities, including distributed DDoS attacks, data breaches, and malware distribution. However, detecting IoT botnets poses several challenges due to the resource constraints inherent in many IoT devices. The limitations in computation, storage, and communication capabilities make it challenging to deploy complex ML and deep learning models directly on these devices. This paper proposes an ensemble classification model ECBoA-OFS (Ensemble Classification for Botnet Attack Prediction using Optimal Feature Selection). It focuses on enhancing the accuracy of botnet attack prediction through the integration of ensemble methods and optimal feature selection. It describes a method for optimal feature selection in the context of analyzing the behavior of BoA and malicious traffic flow features in a network using Central Pivot Ranges (CPR). Feature selection is an important step in machine learning and data analysis because it supports to identification of the most important features for a given problem, thereby improving model performance and interpretation. The extracted features are used for model training and ensemble classification for prediction. To evaluate ECBoA-OFS, the N-BaIoT-2021 dataset consisting of regular IoT network traffic and BoA traffic records of corrupted IoT devices is utilized, considering detection precision, sensitivity, specificity, accuracy, and F1-score. Although all ensemble classifier models achieved better detection accuracy through optimal feature selection, the proposed ECBA-OFS shows better results compared to other ensemble classifier results.


Keywords


Internet of Things (IoT), Botnet Attacks, Feature Selection, Central Pivot Range, Ensemble Classification.


  1. N. Islam et al., “Towards Machine Learning Based Intrusion Detection in IoT Networks,” Computers, Materials & Continua, vol. 69, no. 2, pp. 1801–1821, 2021, doi: 10.32604/cmc.2021.018466.
  2. M. A. Rahman and A. T. Asyhari, “The Emergence of Internet of Things (IoT): Connecting Anything, Anywhere,” Computers, vol. 8, no. 2, p. 40, May 2019, doi: 10.3390/computers8020040.
  3. K. Zhao and L. Ge, “A Survey on the Internet of Things Security,” 2013 Ninth International Conference on Computational Intelligence and Security, Dec. 2013, doi: 10.1109/cis.2013.145.
  4. Y. K. Saheed and S. Misra, “A voting gray wolf optimizer-based ensemble learning models for intrusion detection in the Internet of Things,” International Journal of Information Security, vol. 23, no. 3, pp. 1557–1581, Jan. 2024, doi: 10.1007/s10207-023-00803-x.
  5. N. Pandey and P. K. Mishra, “Detection of DDoS attack in IoT traffic using ensemble machine learning techniques,” Networks and Heterogeneous Media, vol. 18, no. 4, pp. 1393–1409, 2023, doi: 10.3934/nhm.2023061.
  6. Z. Tian, C. Luo, J. Qiu, X. Du, and M. Guizani, “A Distributed Deep Learning System for Web Attack Detection on Edge Devices,” IEEE Transactions on Industrial Informatics, vol. 16, no. 3, pp. 1963–1971, Mar. 2020, doi: 10.1109/tii.2019.2938778.
  7. S. Nomm and H. Bahsi, “Unsupervised Anomaly Based Botnet Detection in IoT Networks,” 2018 17th IEEE International Conference on Machine Learning and Applications (ICMLA), Dec. 2018, doi: 10.1109/icmla.2018.00171.
  8. H. Bahsi, S. Nomm, and F. B. La Torre, “Dimensionality Reduction for Machine Learning Based IoT Botnet Detection,” 2018 15th International Conference on Control, Automation, Robotics and Vision (ICARCV), Nov. 2018, doi: 10.1109/icarcv.2018.8581205.
  9. U. Inayat, M. F. Zia, S. Mahmood, H. M. Khalid, and M. Benbouzid, “Learning-Based Methods for Cyber Attacks Detection in IoT Systems: A Survey on Methods, Analysis, and Future Prospects,” Electronics, vol. 11, no. 9, p. 1502, May 2022, doi: 10.3390/electronics11091502.
  10. Y. Meidan et al., “N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders,” IEEE Pervasive Computing, vol. 17, no. 3, pp. 12–22, Jul. 2018, doi: 10.1109/mprv.2018.03367731.
  11. A. A. Alsulami, Q. Abu Al-Haija, A. Tayeb, and A. Alqahtani, “An Intrusion Detection and Classification System for IoT Traffic with Improved Data Engineering,” Applied Sciences, vol. 12, no. 23, p. 12336, Dec. 2022, doi: 10.3390/app122312336.
  12. M. Eskandari, Z. H. Janjua, M. Vecchio, and F. Antonelli, “Passban IDS: An Intelligent Anomaly-Based Intrusion Detection System for IoT Edge Devices,” IEEE Internet of Things Journal, vol. 7, no. 8, pp. 6882–6897, Aug. 2020, doi: 10.1109/jiot.2020.2970501.
  13. T. A. Alamiedy, M. Anbar, A. K. Al-Ani, B. N. Al-Tamimi, and N. Faleh, “Review on Feature Selection Algorithms for Anomaly-Based Intrusion Detection System,” Recent Trends in Data Science and Soft Computing, pp. 605–619, Sep. 2018, doi: 10.1007/978-3-319-99007-1_57.
  14. K. Albulayhi, Q. Abu Al-Haija, S. A. Alsuhibany, A. A. Jillepalli, M. Ashrafuzzaman, and F. T. Sheldon, “IoT Intrusion Detection Using Machine Learning with a Novel High Performing Feature Selection Method,” Applied Sciences, vol. 12, no. 10, p. 5015, May 2022, doi: 10.3390/app12105015.
  15. F. Palmieri, U. Fiore, and A. Castiglione, “A distributed approach to network anomaly detection based on independent component analysis,” Concurrency and Computation: Practice and Experience, vol. 26, no. 5, pp. 1113–1129, Jun. 2013, doi: 10.1002/cpe.3061.
  16. U. M. Rao and J. Sastry, “Machine Intelligence by Central Pivot Ranges (MICPR): An Optimal Resource Scheduling Strategy for Cloud Services,” Jun. 2022, doi: 10.21203/rs.3.rs-1632741/v1.
  17. W. N. H. Ibrahim et al., “Multilayer Framework for Botnet Detection Using Machine Learning Algorithms,” IEEE Access, vol. 9, pp. 48753–48768, 2021, doi: 10.1109/access.2021.3060778.
  18. H. Alkahtani and T. H. H. Aldhyani, “Botnet Attack Detection by Using CNN-LSTM Model for Internet of Things Applications,” Security and Communication Networks, vol. 2021, pp. 1–23, Sep. 2021, doi: 10.1155/2021/3806459.
  19. J. L. Leevy, J. Hancock, T. M. Khoshgoftaar, and J. M. Peterson, “IoT information theft prediction using ensemble feature selection,” Journal of Big Data, vol. 9, no. 1, Jan. 2022, doi: 10.1186/s40537-021-00558-z.
  20. Q. Abu Al-Haija and M. Al-Dala’ien, “ELBA-IoT: An Ensemble Learning Model for Botnet Attack Detection in IoT Networks,” Journal of Sensor and Actuator Networks, vol. 11, no. 1, p. 18, Mar. 2022, doi: 10.3390/jsan11010018.
  21. A. Rezaei, “Using Ensemble Learning Technique for Detecting Botnet on IoT,” SN Computer Science, vol. 2, no. 3, Mar. 2021, doi: 10.1007/s42979-021-00585-w.
  22. M. Shafiq, Z. Tian, A. K. Bashir, X. Du, and M. Guizani, “CorrAUC: A Malicious Bot-IoT Traffic Detection Method in IoT Network Using Machine-Learning Techniques,” IEEE Internet of Things Journal, vol. 8, no. 5, pp. 3242–3254, Mar. 2021, doi: 10.1109/jiot.2020.3002255.
  23. S. D. A. Rihan , M. Anbar , and B. A. Alabsi, “Approach for Detecting Attacks on IoT Networks Based on Ensemble Feature Selection and Deep Learning Models,” Sensors, vol. 23, no. 17, p. 7342, Aug. 2023, doi: 10.3390/s23177342.
  24. B. Rosner, R. J. Glynn, and M. Ting Lee, “Incorporation of Clustering Effects for the Wilcoxon Rank Sum Test: A Large‐Sample Approach,” Biometrics, vol. 59, no. 4, pp. 1089–1098, Dec. 2003, doi: 10.1111/j.0006-341x.2003.00125.x.
  25. E. C. Blessie and E. Karthikeyan, “Sigmis: A Feature Selection Algorithm Using Correlation Based Method,” Journal of Algorithms & Computational Technology, vol. 6, no. 3, pp. 385–394, Sep. 2012, doi: 10.1260/1748-3018.6.3.385.
  26. M. G. Karthik and M. B. M. Krishnan, “Hybrid random forest and synthetic minority over sampling technique for detecting internet of things attacks,” Journal of Ambient Intelligence and Humanized Computing, Mar. 2021, doi: 10.1007/s12652-021-03082-3.
  27. T. T. Khoei, S. Ismail, and N. Kaabouch, “Boosting-based Models with Tree-structured Parzen Estimator Optimization to Detect Intrusion Attacks on Smart Grid,” 2021 IEEE 12th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), Dec. 2021, doi: 10.1109/uemcon53757.2021.9666607.
  28. Y. Liao and V. R. Vemuri, “Use of K-Nearest Neighbor classifier for intrusion detection,” Computers & Security, vol. 21, no. 5, pp. 439–448, Oct. 2002, doi: 10.1016/s0167-4048(02)00514-x.
  29. Q. A. Al-Haija and A. Ishtaiwi, “Multiclass Classification of Firewall Log Files Using Shallow Neural Network for Network Security Applications,” Soft Computing for Security Applications, pp. 27–41, Oct. 2021, doi: 10.1007/978-981-16-5301-8_3.
  30. T. Wu, Y. Hao, B. Yang, and L. Peng, “ECM-EFS: An ensemble feature selection based on enhanced co-association matrix,” Pattern Recognition, vol. 139, p. 109449, Jul. 2023, doi: 10.1016/j.patcog.2023.109449.

Acknowledgements


We would like to thank Reviewers for taking the time and effort necessary to review the manuscript. We sincerely appreciate all valuable comments and suggestions, which helped us to improve the quality of the manuscript.


Funding


No funding was received to assist with the preparation of this manuscript.


Ethics declarations


Conflict of interest

The authors have no conflicts of interest to declare that are relevant to the content of this article.


Availability of data and materials


Data sharing is not applicable to this article as no new data were created or analysed in this study.


Author information


Contributions

All authors have equal contribution in the paper and all authors have read and agreed to the published version of the manuscript.


Corresponding author


Rights and permissions


Open Access This article is licensed under a Creative Commons Attribution NoDerivs is a more restrictive license. It allows you to redistribute the material commercially or non-commercially but the user cannot make any changes whatsoever to the original, i.e. no derivatives of the original work. To view a copy of this license, visit https://creativecommons.org/licenses/by-nc-nd/4.0/


Cite this article


Chandana Swathi G, Kishor Kumar G and Siva Kumar A P, “ECBoA-OFS: An Ensemble Classification Model for Botnet Attacks based on Optimal Feature Selection using CPR in IoT”, Journal of Machine and Computing, pp. 870-885, October 2024. doi:10.53759/7669/jmc202404081.


Copyright


© 2024 Chandana Swathi G, Kishor Kumar G and Siva Kumar A P. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.