Performance Evaluation of Machine Learning Approaches in Detecting IoT-Botnet Attacks

Abstract

Botnets are today recognized as one of the most advanced vulnerability threats. Botnets control a huge percentage of network traffic and PCs. They have the ability to remotely control PCs (zombie machines) by their creator (BotMaster) via Command and Control (C&C) framework. They are the keys to a variety of Internet attacks such as spams, DDOS, and spreading malwares. This study proposes a number of machine learning techniques for detecting botnet assaults via IoT networks to help researchers in choosing the suitable ML algorithm for their applications. Using the BoT-IoT dataset, six different machine learning methods were evaluated: REPTree, RandomTree, RandomForest, J48, metaBagging, and Naive Bayes. Several measures, including accuracy, TPR, FPR, and many more, have been used to evaluate the algorithms’ performance. The six algorithms were evaluated using three different testing situations. Scenario-1 tested the algorithms utilizing all of the parameters presented in the BoT-IoT dataset, scenario-2 used the IG feature reduction approach, and scenario-3 used extracted features from the attacker’s received packets. The results revealed that the assessed algorithms performed well in all three cases with slight differences.