The rapid proliferation of the Internet of Things (IoT) systems, has enabled transforming urban areas into smart cities. Smart cities’ paradigm has resulted in improved quality of life and better services to citizens, like smart healthcare, smart parking, smart transport, smart buildings, smart homes, and so on. One of the major challenges of IoT devices is the limited capacity of their battery because the devices consume a large amount of energy once they communicate with each other. Furthermore, the IoT-based smart systems would contain sensitive data about network systems, introducing serious privacy and security issues. IoT-based smart systems are highly exposed to botnet attacks. Examples of such attacks are Mirai and BASHLITE malware launched from compromised surveillance devices, which are common in smart cities, resulting in paralysis of Internet-based services through distributed denial of service (DDoS) attacks. Such DDoS attacks on IoT devices and their networks further threaten the emerging concept of sustainable smart cities. To discover such cyberattacks, this paper proposes a novel statistical learning-based botnet detection framework, called IoTBoT-IDS, which protects IoT-based smart networks against botnet attacks. IoTBoT-IDS captures the normal behavior of IoT networks by applying statistical learning-based techniques, using Beta Mixture Model (BMM) and a Correntropy model. Any deviation from the normal behavior is detected as an anomalous event. To evaluate IoTBoT-IDS, three benchmark datasets generated from realistic IoT networks were used. The evaluation results showed that IoTBoT-IDS effectively identifies various types of botnets with an average detection accuracy of 99.2%, which is higher by about 2–5% compared with compelling intrusion detection methods, namely AdaBoost ensemble learning, fuzzy c-means, and deep feed forward neural networks.

物联网 (IoT) 系统的迅速普及使城市地区转变为智慧城市。智慧城市的范式提高了生活质量，为市民提供了更好的服务，如智能医疗、智能停车、智能交通、智能建筑、智能家居等。IoT 设备的主要挑战之一是其电池容量有限，因为这些设备一旦相互通信就会消耗大量能量。此外，基于物联网的智能系统将包含有关网络系统的敏感数据，从而带来严重的隐私和安全问题。基于物联网的智能系统很容易受到僵尸网络攻击。此类攻击的示例是从受感染的监控设备启动的 Mirai 和 BASHLITE 恶意软件，这在智慧城市中很常见，通过分布式拒绝服务 (DDoS) 攻击导致基于 Internet 的服务瘫痪。这种对物联网设备及其网络的 DDoS 攻击进一步威胁到可持续智慧城市的新兴概念。为了发现此类网络攻击，本文提出了一种新的基于统计学习的僵尸网络检测框架，称为 IoTBoT-IDS，它可以保护基于物联网的智能网络免受僵尸网络攻击。IoTBoT-IDS 通过应用基于统计学习的技术，使用 Beta 混合模型 (BMM) 和相关熵模型来捕获物联网网络的正常行为。任何与正常行为的偏差都被检测为异常事件。为了评估 IoTBoT-IDS，使用了从现实物联网网络生成的三个基准数据集。