IoT Botnet Malware Classification Using Weka Tool and Scikit-learn Machine Learning

Published on Oct 1, 2020
· DOI :10.23919/EECSI50503.2020.9251304
Susanto (Sriwijaya University), M. Agus Syamsul Arifin (Sriwijaya University)+ 2 AuthorsRahmat Budiarto13
Estimated H-index: 13
(Al Baha University)
Sources
Abstract
Botnet is one of the threats to internet network security-Botmaster in carrying out attacks on the network by relying on communication on network traffic. Internet of Things (IoT) network infrastructure consists of devices that are inexpensive, low-power, always-on, always connected to the network, and are inconspicuous and have ubiquity and inconspicuousness characteristics so that these characteristics make IoT devices an attractive target for botnet malware attacks. In identifying whether packet traffic is a malware attack or not, one can use machine learning classification methods. By using Weka and Scikit-learn analysis tools machine learning, this paper implements four machine learning algorithms, i.e.: AdaBoost, Decision Tree, Random Forest, and Naive Bayes. Then experiments are conducted to measure the performance of the four algorithms in terms of accuracy, execution time, and false positive rate (FPR). Experiment results show that the Weka tool provides more accurate and efficient classification methods. However, in false positive rate, the use of Scikit-learn provides better results.
References23
Newest
#1Muhammad Shafiq (GU: Guangzhou University)H-Index: 28
#2Zhihong Tian (GU: Guangzhou University)H-Index: 23
Last. Mohsen Guizani (Qatar University)H-Index: 87
view all 5 authors...
Abstract Identifying cyber attacks traffic is very important for the Internet of things (IoT) security in smart city. Recently, the research community in the field of IoT Security endeavor hard to build anomaly, intrusion and cyber attacks traffic identification model using Machine Learning (ML) algorithms for IoT security analysis. However, the critical and significant problem still not studied in depth that is how to select an effective ML algorithm when there are numbers of ML algorithms for ...
Source
#1Nitesh Kumar (IITK: Indian Institute of Technology Kanpur)H-Index: 5
#2Subhasis Mukhopadhyay (IITK: Indian Institute of Technology Kanpur)H-Index: 1
Last. Sandeep K. Shukla (IITK: Indian Institute of Technology Kanpur)H-Index: 30
view all 5 authors...
In the recent years, there has been an exponential growth in the number of malware captured and analyzed by the antivirus companies. However, much of these malware are variants of already known malware. Thus, it has become necessary to determine whether a malware belongs to a known family, or exhibits a new behavior hitherto unseen, and requires further analysis. Existing traditional approaches used by antivirus companies are based on signature-based detection and can be thwarted in case of zero...
Source
#1Vitor Hugo BezerraH-Index: 3
Last. Bruno Bogaz ZarpelãoH-Index: 11
view all 5 authors...
Internet of Things (IoT) devices have become increasingly widespread. Despite their potential of improving multiple application domains, these devices have poor security, which can be explored by attackers to build large-scale botnets. In this work, we propose a host-based approach to detect botnets in IoT devices, named IoTDS (Internet of Things Detection System). It relies on one-class classifiers, which model only the legitimate device behaviour for further detection of deviations, avoiding t...
Source
#1Ginika Mahajan (Manipal University Jaipur)H-Index: 2
#2Bhavna Saini (Manipal University Jaipur)H-Index: 3
Last. Shivam Anand (Manipal University Jaipur)H-Index: 1
view all 3 authors...
Malware classification is the process of categorizing the families of malware on the basis of their signatures. This work focuses on classifying the emerging malwares on the basis of comparable features of similar malwares. This paper proposes a novel framework that categorizes malware samples into their families and can identify new malware samples for analysis. For this six diverse classification techniques of machine learning are used. To get more comparative and thus accurate classification ...
Source
Diverse malware programs are set up daily focusing on attacking computer systems without the knowledge of their users. While some authors of these programs intend to steal secret information, others try quietly to prove their competence and aptitude. The traditional signature-based static technique is primarily used by anti-malware programs in order to counter these malicious codes. Although this technique excels at blocking known malware, it can never intercept new ones. The dynamic technique, ...
Source
Nov 1, 2018 in NCA (Network Computing and Applications)
#1Sudarshan S. Chawathe (UMaine: University of Maine)H-Index: 20
The Internet of Things (IoT) has rapidly transitioned from a novelty to a common, and often critical, part of residential, business, and industrial environments. Security vulnerabilities and exploits in the IoT realm have been well documented. In many cases, improving the security of an IoT device by hardening its software is not a realistic option, especially in the cost-sensitive consumer market or in legacy-bound industrial settings. As part of a multifaceted defense against botnet activity o...
Source
Nov 1, 2018 in ICARCV (International Conference on Control, Automation, Robotics and Vision)
#1Hayretdin Bahsi (Tallinn University of Technology)H-Index: 7
#2Sven Nõmm (Tallinn University of Technology)H-Index: 12
Last. Fabio Benedetto La Torre (Polytechnic University of Milan)H-Index: 1
view all 3 authors...
The rapid development of the internet of things caused severe security problems such as the cyber attacks launched by extremely huge botnets comprised of IoT devices. The detection of these devices is essential for protecting the networks. Recently, some of the studies have demonstrated the high accuracy of machine learning methods, including deep learning, in detecting IoT botnets. However, the minimizing of the required features for classification is highly needed for overcoming scalability an...
Source
#1Yair Meidan (BGU: Ben-Gurion University of the Negev)H-Index: 6
#2Michael Bohadana (BGU: Ben-Gurion University of the Negev)H-Index: 7
Last. Yuval Elovici (SUTD: Singapore University of Technology and Design)H-Index: 64
view all 7 authors...
The proliferation of IoT devices that can be more easily compromised than desktop computers has led to an increase in IoT-based botnet attacks. To mitigate this threat, there is a need for new methods that detect attacks launched from compromised IoT devices and that differentiate between hours- and milliseconds-long IoT-based attacks. In this article, we propose a novel network-based anomaly detection method for the IoT called N-BaIoT that extracts behavior snapshots of the network and uses dee...
Source
#1Hossein Sayadi (GMU: George Mason University)H-Index: 13
#2Hosein Mohammadi Makrani (GMU: George Mason University)H-Index: 9
Last. Houman Homayoun (GMU: George Mason University)H-Index: 38
view all 6 authors...
The emerging embedded systems, which account for a wide range of applications are often highly resource-constrained challenging the conventional software-based methods traditionally deployed for detecting and containing malware in general purpose computing systems. In addition to the complexity and cost (computing and storage), the software-based malware detection methods mostly rely on the static signature analysis of the running programs, requiring continuous software update in the field to re...
Source
#1Naqqash Aman (University of Engineering and Technology, Lahore)H-Index: 1
#2Yasir Saleem (University of Engineering and Technology, Lahore)H-Index: 16
Last. Farrukh ShahzadH-Index: 8
view all 4 authors...
One of the top most cyber security threats – in today’s world – are malware applications. Traditional signature and static analysis based malware defenses are prune to obfuscation and polymorphism, so they fail to detect and classify malware variants and zero-day attacks, due to the exponential growth and ever increasing complexity of malware. Behavior-based malware detection provides better insight into malware execution behavior and hence can be used for family classification. This paper propo...
Source
Cited By0
Newest
This website uses cookies.
We use cookies to improve your online experience. By continuing to use our website we assume you agree to the placement of these cookies.
To learn more, you can find in our Privacy Policy.