Abstract
An Internet of Things (IoT) botnet is a collection of infected smart devices that are remotely managed by a botmaster. The injection of multiple attacks into the infrastructure, high permeability, and vulnerability of IoT security interfaces are the most significant challenges in the field of IoT security. Therefore, it is essential to provide an efficient solution that can detect intrusion into the IoT infrastructure in the shortest time. In this paper, cooperative game theory in combination with three approaches—long short term memory (LSTM), Autoencoder, and support vector machine (SVM)—are applied to detect IoT botnet attacks. Proposed approaches based on the selection of effective features using cooperative game theory and shapely value on data set gathered from five IoT devices infected with botnets and using SVM, LSTM, and Autoencoder to identify IoT botnet traffic. Compared to the results of the best method presented on the same data set, the proposed approach improved 11.624% in accuracy, 11.629% in the recall, and 154.41 s in learning time in SVM. Also in LSTM, 0.245% in accuracy, 0.250% in the recall, and 222.72 s improved learning time. In addition, the approach of using Autoencoder has overall good performance and remarkable speed in identifying botnet traffic. Based on the results, the performance of the proposed approach in classifying IoT botnets is very promising. Therefore, it can help IoT providers to identify IoT attacks more accurately and faster so that they may make the proper decisions for detection and prevention of botnet attacks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abadi M et al (2016) Tensorflow: a system for large-scale machine learning. OSDI 16:265–283
An N, Duff A, Naik G, Faloutsos M, Weber S, Mancoridis S (2017) Behavioral anomaly detection of malware on home routers. In: 12th International conference on malicious and unwanted software (MALWARE)
Arnaldo I, Cuesta-Infante A, Arun A, Lam M, Bassias C, Veeramachaneni K (2017) Learning representations for log data in cybersecurity. In: International conference on cyber security cryptography and machine learning, pp 250–268
Asadi M, Jabraeil Jamali MA, Parsa S, Majidnezhad V (2020) Detecting botnet by using particle swarm optimization algorithm based on voting system. Future Gener Comput Syst 107:95–111. https://doi.org/10.1016/J.FUTURE.2020.01.055
Bartlett G, Heidemann J, Papadopoulos C (2007) Understanding passive and active service discovery. In: Proceedings of the 7th ACM SIGCOMM conference on internet measurement - IMC ’07. https://doi.org/10.1145/1298306.1298314
Behal S, Kumar K (2017) Detection of DDoS attacks and flash events using information theory metrics—an empirical investigation. Comput Commun 103:18–28
Bertino E, Islam N (2017) Botnets and internet of things security. Computer (Long Beach Calif) 2:76–79
Bezerra VH, da Costa VGT, Barbon Junior S, Miani RS, Zarpelão BB (2019) IoTDS: a one-class classification approach to detect botnets in internet of things devices. Sensors (Switz). https://doi.org/10.3390/s19143188
Bostani H, Sheikhan M (2017) Hybrid of anomaly-based and specification-based IDS for Internet of Things using unsupervised OPF based on MapReduce approach. Comput Commun 98:52–71
Brandenburger A (2007) Cooperative game theory: Characteristic functions, allocations, marginal contribution. Stern Sch Bus N Y Univ 1:1–6
Branzei R, Dimitrov D, Tijs S (2008) Models in cooperative game theory, vol 556. Springer Science & Business Media
Chollet F (2017) Keras. https://github.com/fchollet/keras. Accessed 2017
Dasari DB, Edamadaka G, Chowdary CS, Sobhana M (2020) Anomaly-based network intrusion detection with ensemble classifiers and meta-heuristic scale (ECMHS) in traffic flow streams. J Ambient Intell Humaniz Comput. https://doi.org/10.1007/s12652-020-02628-1
Doshi R, Apthorpe N, Feamster N (2018) Machine learning ddos detection for consumer internet of things devices. In: 2018 IEEE security and privacy workshops (SPW). https://doi.org/10.1109/spw.2018.00013.
Ficco M (2019) Internet-of-Things and fog-computing as enablers of new security and privacy threats. Internet Things 8:100113. https://doi.org/10.1016/j.iot.2019.100113
Friedman JW (1986) Game theory with applications to economics, vol 87. Oxford University Press, New York
Garcia S, Zunino A, Campo M (2013) Survey on network-based botnet detection methods. Secur Commun Netw 7(5):878–903. https://doi.org/10.1002/sec.800
Hallman R, Bryan J, Palavicini G, Divita J, Romero-Mariona J (2017) IoDDoS-the internet of distributed denial of sevice attacks-a case study of the Mirai malware and IoT-based botnets. In: IoTBDS, 2017, pp 47–58
Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–1780
Hoque N, Bhuyan MH, Baishya RC, Bhattacharyya DK, Kalita JK (2014) Network attacks: taxonomy, tools and systems. J Netw Comput Appl 40:307–324
Hwang K, Lee JM, Jung IH, Lee D-H (2019) Modification of mosquitto broker for delivery of urgent MQTT message. In: 2019 IEEE Eurasia conference on IOT, Communication and Engineering (ECICE). https://doi.org/10.1109/ecice47484.2019.8942800
Jesudoss A, Subramaniam N (2014) A survey on authentication attacks and countermeasures in a distributed environment. Indian J Comput Sci Eng 5(2):71–77
Kannan SS, Ramaraj N (2010) A novel hybrid feature selection via symmetrical uncertainty ranking based local memetic search algorithm. Knowl Based Syst 23(6):580–585
Kingma DP, Ba J (2014) Adam: a method for stochastic optimization. arXiv Preprint. arXiv:1412.6980
Kolias C, Kambourakis G, Stavrou A, Voas J (2017) DDoS in the IoT: Mirai and other botnets. Computer (Long Beach Calif) 50(7):80–84
Koroniotis N, Moustafa N, Sitnikova E, Turnbull B (2019a) Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-IoT dataset. Futur Gener Comput Syst 100:779–796
Koroniotis N, Moustafa N, Sitnikova E (2019b) Forensics and deep learning mechanisms for botnets in Internet of Things: a survey of challenges and solutions. IEEE Access 7:61764–61785. https://doi.org/10.1109/access.2019.2916717
Kumar V, Garg ML (2018) Deep learning as a frontier of machine learning: a review. Int J Comput Appl 182(1):22–30. https://doi.org/10.5120/ijca2018917433
Li F et al (2020) Online distributed IoT security monitoring with multidimensional streaming big data. IEEE Internet Things J 7(5):4387–4394
Lucchetti R (2011) A primer in game theory. Società Editrice Esculapio
Lyon GF (2009) Nmap network scanning: the official Nmap project guide to network discovery and security scanning. Insecure
Makhdoom I, Abolhasan M, Lipman J, Liu RP, Ni W (2019) Anatomy of threats to the Internet of Things. IEEE Commun Surv Tutor 21(2):1636–1675. https://doi.org/10.1109/comst.2018.2874978
Midi D, Rullo A, Mudgerikar A, Bertino E (2017) Kalis—a system for knowledge-driven adaptable intrusion detection for the Internet of Things. In: 2017 IEEE 37th International conference on distributed computing systems (ICDCS). https://doi.org/10.1109/icdcs.2017.104
Moolayil J (2018) An introduction to deep learning and keras. Learn Keras Deep Neural Netw 1–16. https://doi.org/10.1007/978-1-4842-4240-7_1
Moustafa N (2019) The Bot-IoT dataset. IEEE Dataport. https://doi.org/10.21227/r7v2-x988
Myerson R (1991) Game theory: analysis of conflict. Harvard University Press, Cambridge
Oveisi F, Oveisi S, Erfanian A, Patras I (2011) Tree-structured feature extraction using mutual information. IEEE Trans Neural Netw Learn Syst 23(1):127–137
Özçelik M, Chalabianloo N, Gür G (2017) Software-defined edge defense against IoT-based DDoS. In: 2017 IEEE international conference on computer and information technology (CIT), pp 308–313
Pa YMP, Suzuki S, Yoshioka K, Matsumoto T, Kasama T, Rossow C (2016) Iotpot: a novel honeypot for revealing current iot threats. J Inf Process 24(3):522–533
Paliwal S, Gupta R (2012) Denial-of-service, probing & remote to user (R2L) attack detection using genetic algorithm. Int J Comput Appl 60(19):57–62
Peng H, Long F, Ding C (2005) Feature selection based on mutual information: criteria of max-dependency, max-relevance, and min-redundancy. IEEE Trans Pattern Anal Mach Intell 8:1226–1238
Scholkopf B et al (1997) Comparing support vector machines with Gaussian kernels to radial basis function classifiers. IEEE Trans Signal Process 45(11):2758–2765. https://doi.org/10.1109/78.650102
Sedjelmaci H, Senouci SM, Al-Bahri M (2016) A lightweight anomaly detection technique for low-resource IoT devices: a game-theoretic methodology. In: 2016 IEEE International conference on communications (ICC). https://doi.org/10.1109/icc.2016.7510811
Shapley LS (1953) A value for n-person games. Contrib Theory Games 2(28):307–317
Soman KP, Loganathan R, Ajay V (2009) Machine learning with SVM and other kernel methods. PHI Learning Pvt. Ltd.
Summerville DH, Zach KM, Chen Y (2015) Ultra-lightweight deep packet anomaly detection for Internet of Things devices. In: 2015 IEEE 34th international performance computing and communications conference (IPCCC), pp 1–8
Sun X, Liu Y, Li J, Zhu J, Chen H, Liu X (2012a) Feature evaluation and selection with cooperative game theory. Pattern Recognit 45(8):2992–3002
Sun X, Liu Y, Li J, Zhu J, Liu X, Chen H (2012b) Using cooperative game theory to optimize the feature selection problem. Neurocomputing 97:86–93
Tankard C (2011) Advanced persistent threats and how to monitor and deter them. Netw Secur 2011(8):16–19
Thakkar A, Lohiya R (2020) Attack classification using feature selection techniques: a comparative study. J Ambient Intell Humaniz Comput 12:1–18
Tuor A, Kaplan S, Hutchinson B, Nichols N, Robinson S (2017) Deep learning for unsupervised insider threat detection in structured cybersecurity data streams. In: Workshops at the thirty-first AAAI conference on artificial intelligence
Veeramachaneni K, Arnaldo I, Korrapati V, Bassias C, Li K (2016) AI^2: training a big data machine to defend. In: IEEE 2nd international conference on big data security on cloud (BigDataSecurity), IEEE international conference on high performance and smart computing (HPSC), and IEEE international conference on intelligent data and security (IDS)
Yu L, Liu H (2003) Feature selection for high-dimensional data: a fast correlation-based filter solution. In: Proceedings of the 20th international conference on machine learning (ICML-03), pp 856–863
Yu L, Liu H (2004) Efficient feature selection via analysis of relevance and redundancy. J Mach Learn Res 5(Oct):1205–1224
Yu Y, Long J, Cai Z (2017) Network intrusion detection through stacking dilated convolutional autoencoders. Secur Commun Netw 2017:1–10
Zargar ST, Joshi J, Tipper D (2013) A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun Surv Tutor 15(4):2046–2069
Zarpelao BB, Miani RS, Kawakani CT, de Alvarenga SC (2017) A survey of intrusion detection in Internet of Things. J Netw Comput Appl 84:25–37
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Asadi, M. Detecting IoT botnets based on the combination of cooperative game theory with deep and machine learning approaches. J Ambient Intell Human Comput 13, 5547–5561 (2022). https://doi.org/10.1007/s12652-021-03185-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-021-03185-x