Convolutional Neural Network Based Model for Multiclass Botnet Classification in IoT

Abstract

IoT devices have fundamental security flaws that leave them open to a variety of security threats and attacks, including attacks from botnets. Therefore, creators of botnets continue to take advantage of the security vulnerabilities inherent in IoT devices to control many host devices on networks to launch cyber-attacks on their target systems. The ongoing development of techniques to evade and obfuscate existing detection and security procedures makes it difficult to discover IoT bot vulnerabilities. This study proposes a deep learning method to detect two famous botnet-based attacks: the mirai and Bashlite bots on IoT devices. Our approach implements a 1-dimensional convolutional neural network model (1D-CNN) that is trained on 115 features of real traffic data collected from nine commercial internet of things devices infected by the two mentioned IoT bots to recognize 10 classes of attacks and 1 class of benign traffic. The trained multiclass classification malware detection model was evaluated on 847513 samples, containing 7062606 instances from the N-BaIoT dataset. We further trained two existing models: Plain Feed forward neural network and a popular supervised machine learning classifier, (Logistic Regression) models on the same preprocessed datasets, and compared the classification performances against our proposed model. The experimental results show that our 1D neuron-based model produced a higher prediction in terms of overall classification accuracy over the two models. It was further noted that our model's performance was superior to those of earlier studies on deep learning-based IoT botnet detection.