The world has seen exponential growth in deploying Internet of Things (IoT) devices. In recent years, connected IoT devices have surpassed the number of connected non-IoT devices. The number of IoT devices continues to grow and they are becoming a critical component of the national infrastructure. IoT devices' characteristics and inherent limitations make them attractive targets for hackers and cyber criminals. Botnet attack is one of the serious threats on the Internet today. This article proposes pattern-based feature selection methods as part of a machine learning (ML)-based botnet detection system. Specifically, two methods are proposed: the first is based on the most dominant pattern feature values and the second is based on maximal frequent itemset mining. The proposed feature selection method uses Gini impurity and an unsupervised clustering method to select the most influential features automatically. The evaluation results show that the proposed methods have improved the performance of the detection system. The developed system has a true positive rate of 100% and a false positive rate of 0% for best performing models. In addition, the proposed methods reduce the computational cost of the system as evidenced by the detection speed of the system.

中文翻译：

---

用于特征选择的无监督学习：5G 网络中僵尸网络检测的拟议解决方案


全球物联网 (IoT) 设备的部署呈指数级增长。近年来，联网的物联网设备的数量已经超过了联网的非物联网设备的数量。物联网设备的数量持续增长，它们正在成为国家基础设施的重要组成部分。物联网设备的特性和固有局限性使其成为黑客和网络犯罪分子的有吸引力的目标。僵尸网络攻击是当今互联网上的严重威胁之一。本文提出了基于模式的特征选择方法，作为基于机器学习 (ML) 的僵尸网络检测系统的一部分。具体来说，提出了两种方法：第一种是基于最主要的模式特征值，第二种是基于最大频繁项集挖掘。所提出的特征选择方法使用基尼杂质和无监督聚类方法来自动选择最有影响力的特征。评估结果表明所提出的方法提高了检测系统的性能。对于性能最佳的模型，所开发的系统的真阳性率为 100%，假阳性率为 0%。此外，所提出的方法降低了系统的计算成本，正如系统的检测速度所证明的那样。