Computer Science

Computer Science ›› 2024, Vol. 51 ›› Issue (8): 379-386.doi: 10.11896/jsjkx.230700197

• Information Security • Previous Articles     Next Articles

Abnormal Traffic Detection Method for Multi-stage Attacks of Internet of Things Botnets

CHEN Liang, LI Zhihua   

  1. School of Artificial Intelligence and Computer,Jiangnan University,Wuxi,Jiangsu 214122,China
  • Received:2023-07-26 Revised:2023-11-11 Online:2024-08-15 Published:2024-08-13
  • About author:CHEN Liang,born in 1994,postgra-duate.His main research interests include network security and information security.
    LI Zhihua,born in 1969,Ph.D,professor,master supervisor.His main research interests include key technologies and information security of the end edge cloud,and its intersection with cutting-edge disciplines such as artificial intelligence.
  • Supported by:
    Intelligent Manufacturing Project of the Ministry of Industry and Information Technology(ZH-XZ-180004)and Fundamental Research Funds for the Central Universities of Ministry of Education of China(JUSRP211A41,JUSRP42003).

PDF (PC)

329

Abstract: To address the problem of how to efficiently detect multi-stage attack behavior of IoT botnet from massive network traffic data,an IoT botnet attack detection method based on multi-scale hybrid residual network(IBAD-MHRN)is proposed.Firstly,in order to reduce the calculation parameters of the detection model,a feature selection algorithm based on variance threshold(FS-VT)method is proposed in data preprocessing.Secondly,a data image processing strategy that converts data samples into image samples is adopted to fully tap the potential of the deep learning model.Then,in order to solve the deficiency of the traditional botnet detection model with limited representation ability,a multi-stage attack detection model of IoT botnet based on multi-scale hybrid residual network is proposed.The model integrates the feature information extracted at different scales and depths in a hybrid way,and then eliminates the effect of network degradation caused by network deepening through residual connection.Finally,an IBAD-MHRN method for IoT botnet attack detection is proposed by integrating the above models and algorithms.Experimental results show that the detection accuracy and F1 value of the proposed IBAD-MHRN method reaches 99.8%,and the accuracy and F1 value is improved by 0.14% and 0.36% respectively compared with the better convolutional neural network method,which can effectively and efficiently detect multi-stage attacks of Internet of Things botnets.

Key words: Internet of Things, Botnet, Variance threshold method, Residual network, Multi-stage attacks

CLC Number: 

  • TP393.08
[1]GSM ASSOCIATION.IoT Connections Forecast:The Rise ofEnterprise[OL].https://www.gsma.com/iot/resources/iot-connections-forecast-the-riseof-enterprise.
[2]ROHIT M H,FAHIM S M,KHAN A H A.Mitigating and detecting ddos attack on iot environment[C]//2019 IEEE International Conference on Robotics,Automation,Artificial-intelligence and Internet-of-Things(RAAICON).IEEE,2019:5-8.
[3]DANGE S,CHATTERJEE M.IoT botnet:The largest threat to the IoT network[M]//Data Communication and Networks:Proceedings of GUCON 2019.Singapore:Springer Singapore,2019:137-157.
[4]WAZZAN M,ALGAZZAWI D,ALBESHRI A,et al.CrossDeep Learning Method for Effectively Detecting the Propagation of IoT Botnet[J].Sensors,2022,22(10):3895.
[5]HUSSAIN F,ABBAS S G,PIRES I M,et al.A two-fold machine learning approach to prevent and detect IoT botnet attacks[J].IEEE Access,2021,9:163412-163430.
[6]BORYS A,KAMRUZZAMAN A,THAKUR H N,et al.AnEvaluation of IoT DDoS Cryptojacking Malware and Mirai Botnet[C]//2022 IEEE World AI IoT Congress(AIIoT).IEEE,2022:725-729.
[7]ZHENG J,LI Q,GU G,et al.Realtime DDoS defense usingCOTS SDN switches via adaptive correlation analysis[J].IEEE Transactions on Information Forensics and Security,2018,13(7):1838-1853.
[8]ZAINUDIN A,AHAKONYE L A C,AKTER R,et al.An efficient hybrid-dnn for ddos detection and classification in software-defined iiot networks[J].IEEE Internet of Things Journal,2023,10(10):8491-8504.
[9]AYDIN H,ORMAN Z,AYDIN M A.A long short-term memory(LSTM)-based distributed denial of service(DDoS)detection and defense system design in public cloud network environment[J].Computers & Security,2022,118:102725.
[10]DONG S,SAREM M.DDoS attack detection method based on improved KNN with the degree of DDoS attack in software-defined networks[J].IEEE Access,2019,8:5039-5048.
[11]JIAN S J,LU Z G,DU D,et al.Review on network intrusion detection technology [J].Journal of Information Security,2020,5(4):96-122.
[12]ALQAHTANI M,MATHKOUR H,BEN ISMAIL M M.IoT botnet attack detection based on optimized extreme gradient boosting and feature selection[J].Sensors,2020,20(21):6336.
[13]ALSHAMKHANY M,ALSHAMKHANY W,MANSOUR M,et al.Botnet attack detection using machine learning[C]//2020 14th International Conference on Innovations in Information Technology(IIT).IEEE,2020:203-208.
[14]WU Z J,XU Q,WANG J J,et al.Low-rate DDoS attack detection based on factorization machine in software defined network[J].IEEE Access,2020,8:17404-17418.
[15]IDRISSI I,BOUKABOUS M,AZIZI M,et al.Toward a deep learning-based intrusion detection system for IoT against botnet attacks[J].IAES International Journal of Artificial Intelligence,2021,10(1):110-120.
[16]RA W,UK S.Detection of IoT Botnet using Machine learning and Deep Learning Techniques[J/OL].https://doi.org/10.21203/rs.3.rs-2630988/v1.
[17]TORRES P,CATANIA C,GARCIA S,et al.An analysis of recurrent neural networks for botnet detection behavior[C]//2016 IEEE Biennial Congress of Argentina(ARGENCON).IEEE,2016:1-6.
[18]ALKAHTANI H,ALDHYANI T H H.Botnet attack detection by using CNN-LSTM model for Internet of Things applications[J].Security and Communication Networks,2021,2021:1-23.
[19]CHAMOU D,TOUPAS P,KETZAKI E,et al.Intrusion detection system based on network traffic using deep neural networks[C]//2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks(CAMAD).IEEE,2019:1-6.
[20]HE K,ZHANG X,REN S,et al.Identity mappings in deep residual networks[C]//Computer Vision-ECCV 2016:14th European Conference,Amsterdam,The Netherlands,October 11-14,2016,Proceedings,Part IV 14.Springer International Publi-shing,2016:630-645.
[21]POERNOMO A,KANG D K.Biased dropout and crossmapdropout:learning towards effective dropout regularization in convolutional neural network[J].Neural Networks,2018,104:60-67.
[22]WANG X,YIN S,LI H,et al.A network intrusion detectionmethod based on deep multi-scale convolutional neural network[J].International Journal of Wireless Information Networks,2020,27:503-517.
[23]HE K,ZHANG X,REN S,et al.Deep residual learning forimage recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:770-778.
[24]MA W G,ZHANG Y D,GUO J.Abnormal traffic detectionmethod based on LSTM and Improved residual network optimization [J].Journal of Communications,2021,42(5):23-40.
[25]LASHKARI A H,ZANG Y,OWHUO G,et al.CICFlowMeter[EB/OL].https://github.com/ahlashkari/CICFlowMeter/blob/master/ReadMe.txt,2017.
[26]FIDA M A F A,AHMAD T,NTAHOBARI M.VarianceThreshold as Early Screening to Boruta Feature Selection for Intrusion Detection System[C]//2021 13th International Confe-rence on Information & Communication Technology and System(ICTS).IEEE,2021:46-50.
[27]LUCKY G,JJUNJU F,MARSHALL A.A lightweight decision-tree algorithm for detecting DDoS flooding attacks[C]//2020 IEEE 20th International Conferenceon Software Quality,Reliability and Security Companion(QRS-C).IEEE,2020:382-389.
[28]HUSSAIN F,ABBAS S G,HUSNAIN M,et al.IoT DoS andDDoS attack detection using ResNet[C]//2020 IEEE 23rd International Multitopic Conference(INMIC).IEEE,2020:1-6.
[29]WANG X T,WANG X,SUN Z X.Network Traffic Anomaly Detection Method Based on Multi-scale Memory Residual Network[J].Computer Science,2022,49(8):314-322.
[30]PETERSON J M,LEEVY J L,KHOSHGOFTAAR T M.A review and analysis of the bot-iot dataset[C]//2021 IEEE International Conference on Service-Oriented System Engineering(SOSE).IEEE,2021:20-27.
[1] WANG Xuxian, HUANG Jinhua, ZHAI You, LI Chu’nan, WANG Yu, ZHANG Yupeng, ZHANG Yipeng, YANG Liqun, LI Zhoujun. Survey of Detection Techniques for Domain Generation Algorithm [J]. Computer Science, 2024, 51(8): 371-378.
[2] CAO Yan, ZHU Zhenfeng. DRSTN:Deep Residual Soft Thresholding Network [J]. Computer Science, 2024, 51(6A): 230400112-7.
[3] ZHANG Le, YU Ying, GE Hao. Mural Inpainting Based on Fast Fourier Convolution and Feature Pruning Coordinate Attention [J]. Computer Science, 2024, 51(6A): 230400083-9.
[4] ZANG Hongrui, YANG Tingting, LIU Hongbo, MA Kai. Study on Cryptographic Verification of Distributed Federated Learning for Internet of Things [J]. Computer Science, 2024, 51(6A): 230700217-5.
[5] HOU Lei, LIU Jinhuan, YU Xu, DU Junwei. Review of Graph Neural Networks [J]. Computer Science, 2024, 51(6): 282-298.
[6] LUO Zeyang, TIAN Hua, DOU Yingtong, LI Manwen, ZHANG Zehua. Fake Review Detection Based on Residual Networks Fusion of Multi-relationship Review Features [J]. Computer Science, 2024, 51(4): 314-323.
[7] SHANG Yuling, LI Peng, ZHU Feng, WANG Ruchuan. Overview of IoT Traffic Attack Detection Technology Based on Fuzzy Logic [J]. Computer Science, 2024, 51(3): 3-13.
[8] WANG Lina, LAI Kunhao, YANG Kang. CARINA:An Efficient Application Layer Protocol Conversion Approach for IoT Interoperability [J]. Computer Science, 2024, 51(2): 278-285.
[9] ZHONG Yue, GU Jieming, CAO Honglin. Survey of Lightweight Block Cipher [J]. Computer Science, 2023, 50(9): 3-15.
[10] ZHANG Naixin, CHEN Xiaorui, LI An, YANG Leyao, WU Huaming. Edge Offloading Framework for D2D-MEC Networks Based on Deep Reinforcement Learningand Wireless Charging Technology [J]. Computer Science, 2023, 50(8): 233-242.
[11] LIU Yingjun, LUO Yang, YANG Yujun, LIU Yuanni. Anonymous Authentication Protocol for Medical Internet of Things [J]. Computer Science, 2023, 50(8): 359-364.
[12] SUN Haidong, LIU Wanping, HUANG Dong. DGA Domain Name Detection Method Based on Similarity [J]. Computer Science, 2023, 50(6A): 220400122-6.
[13] LI Fan, JIA Dongli, YAO Yumin, TU Jun. Graph Neural Network Few Shot Image Classification Network Based on Residual and Self-attention Mechanism [J]. Computer Science, 2023, 50(6A): 220500104-5.
[14] LI Xiaohuan, CHEN Bitao, KANG Jiawen, YE Jin. Coalition Game-assisted Joint Resource Optimization for Digital Twin-assisted Edge Intelligence [J]. Computer Science, 2023, 50(2): 42-49.
[15] LI Xiaodong, SONG Yuanfeng, LI Yuqiang. Domain-Flux Botnet Detection Method with Fusion of Character and Word Dual-channel [J]. Computer Science, 2023, 50(12): 337-342.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.