Identifying network traffic botnet for internet of things using machine learning algorithms

The Internet of Things (IoT) is one of the latest technologies in the field of telecommunication. However, security of the network is a prominent challenge in IoT. Among the security risks, a Botnet has been identified to cause a significant threat to the network. A Botnet is a network of private co...

Full description

Saved in:
Bibliographic Details
Main Author: Rezaei, Amirhossein
Format: Thesis
Language:English
Published: 2021
Subjects:
Online Access:http://eprints.utm.my/107041/1/AmirhosseinRezaeiPFTIR2021.pdf
http://eprints.utm.my/107041/
http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:156364?site_name=GlobalView&query=Identifying+network+traffic+botnet+for+internet+of+things+using+machine+learning+algorithms&queryType=vitalDismax
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.utm.107041
record_format eprints
spelling my.utm.1070412024-08-29T02:48:24Z http://eprints.utm.my/107041/ Identifying network traffic botnet for internet of things using machine learning algorithms Rezaei, Amirhossein T Technology (General) TK5101-6720 Telecommunication The Internet of Things (IoT) is one of the latest technologies in the field of telecommunication. However, security of the network is a prominent challenge in IoT. Among the security risks, a Botnet has been identified to cause a significant threat to the network. A Botnet is a network of private computers infected with malicious software and being controlled as a group without the owners' knowledge. The Botnet is normally used to send spam, steal data, and carry out Distributed Denial of Service attack. It also allows the attacker to access the devices and their connections. The master (owner) organized the Botnet by using Command and Control (C&C) software. One of the method of detection is Ensemble Learning method, which is a technique of Machine Learning. Ensemble Learning models use several models of the same kind for classifying or regressing the output. The idea behind such a technique is to use several weak predictors together to create a strong predictor. There are several types of research on the detection of Botnet using Machine Learning methods. However, each method has its limitations such as real-time monitoring, timely detection, and adaptability to new threats. Among all studies that have been reviewed, none of them explained why they choose specific methods for detecting Botnet. Also, they focus on a specific type of Botnet or specific operating systems and devices. Hence, this study aims to improve the Network Traffic Botnet identification through features reduction and ensemble learning methods, and to identify the best machine learning method to detect the Botnet in IoT networks. This is achieved by first finding the best of supervised learning, unsupervised learning, and regression learning methods. Then used the two best of them in the Ensemble Learning method for achieving the best possible result. To validate the accuracy of the proposed model, 790745 normal domain names and 199772 malicious domain names have been collected from 3 different sources. To ensure the method is not overfitting, the cross-validation technique was used. All machine learning algorithms that have been used in this study are developed in Python 3 on the same computer for equalization of speed. It is found that the proposed model is the best in the matter of accuracy achieved 100% and reduce the number of features from 204 to only 20 by combining the two best of the machine learning methods: Decision Tree and Artificial Neural Networks. This Ensemble Learning method is useful for identifying Botnet and Bots during communication in IoT networks. 2021 Thesis NonPeerReviewed application/pdf en http://eprints.utm.my/107041/1/AmirhosseinRezaeiPFTIR2021.pdf Rezaei, Amirhossein (2021) Identifying network traffic botnet for internet of things using machine learning algorithms. PhD thesis, Universiti Teknologi Malaysia. http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:156364?site_name=GlobalView&query=Identifying+network+traffic+botnet+for+internet+of+things+using+machine+learning+algorithms&queryType=vitalDismax
institution Universiti Teknologi Malaysia
building UTM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Malaysia
content_source UTM Institutional Repository
url_provider http://eprints.utm.my/
language English
topic T Technology (General)
TK5101-6720 Telecommunication
spellingShingle T Technology (General)
TK5101-6720 Telecommunication
Rezaei, Amirhossein
Identifying network traffic botnet for internet of things using machine learning algorithms
description The Internet of Things (IoT) is one of the latest technologies in the field of telecommunication. However, security of the network is a prominent challenge in IoT. Among the security risks, a Botnet has been identified to cause a significant threat to the network. A Botnet is a network of private computers infected with malicious software and being controlled as a group without the owners' knowledge. The Botnet is normally used to send spam, steal data, and carry out Distributed Denial of Service attack. It also allows the attacker to access the devices and their connections. The master (owner) organized the Botnet by using Command and Control (C&C) software. One of the method of detection is Ensemble Learning method, which is a technique of Machine Learning. Ensemble Learning models use several models of the same kind for classifying or regressing the output. The idea behind such a technique is to use several weak predictors together to create a strong predictor. There are several types of research on the detection of Botnet using Machine Learning methods. However, each method has its limitations such as real-time monitoring, timely detection, and adaptability to new threats. Among all studies that have been reviewed, none of them explained why they choose specific methods for detecting Botnet. Also, they focus on a specific type of Botnet or specific operating systems and devices. Hence, this study aims to improve the Network Traffic Botnet identification through features reduction and ensemble learning methods, and to identify the best machine learning method to detect the Botnet in IoT networks. This is achieved by first finding the best of supervised learning, unsupervised learning, and regression learning methods. Then used the two best of them in the Ensemble Learning method for achieving the best possible result. To validate the accuracy of the proposed model, 790745 normal domain names and 199772 malicious domain names have been collected from 3 different sources. To ensure the method is not overfitting, the cross-validation technique was used. All machine learning algorithms that have been used in this study are developed in Python 3 on the same computer for equalization of speed. It is found that the proposed model is the best in the matter of accuracy achieved 100% and reduce the number of features from 204 to only 20 by combining the two best of the machine learning methods: Decision Tree and Artificial Neural Networks. This Ensemble Learning method is useful for identifying Botnet and Bots during communication in IoT networks.
format Thesis
author Rezaei, Amirhossein
author_facet Rezaei, Amirhossein
author_sort Rezaei, Amirhossein
title Identifying network traffic botnet for internet of things using machine learning algorithms
title_short Identifying network traffic botnet for internet of things using machine learning algorithms
title_full Identifying network traffic botnet for internet of things using machine learning algorithms
title_fullStr Identifying network traffic botnet for internet of things using machine learning algorithms
title_full_unstemmed Identifying network traffic botnet for internet of things using machine learning algorithms
title_sort identifying network traffic botnet for internet of things using machine learning algorithms
publishDate 2021
url http://eprints.utm.my/107041/1/AmirhosseinRezaeiPFTIR2021.pdf
http://eprints.utm.my/107041/
http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:156364?site_name=GlobalView&query=Identifying+network+traffic+botnet+for+internet+of+things+using+machine+learning+algorithms&queryType=vitalDismax
_version_ 1809136617691021312
score 13.209306