IoTEnsemble: Detection of Botnet Attacks on Internet of Things

Ruoyu Li; Qing Li; Yucheng Huang; Wenbin Zhang; Peican Zhu; Yong Jiang

doi:10.1007/978-3-031-17146-8_28

IoTEnsemble: Detection of Botnet Attacks on Internet of Things

Ruoyu Li, Qing Li, Yucheng Huang, Wenbin Zhang, Peican Zhu, Yong Jiang

School of Artificial Intelligence, OPtics and Electronics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

7 Scopus citations

Abstract

As the Internet of Things (IoT) plays an increasingly important role in real life, the concern about IoT malware and botnet attacks is considerably growing. Meanwhile, with new techniques such as edge computing and artificial intelligence applied to IoT networks, these devices nowadays become more functional than ever before, which challenges many existing network anomaly detection systems due to the lack of generalization ability to profile diverse activities. To address it, this paper proposes IoTEnsemble, an ensemble network anomaly detection framework. We propose a tree-based activity clustering method that aggregates network flows dedicated to the same activity so that their traffic patterns remain identical. Based on the clustering result, we implement an ensemble model in which each submodel only needs to profile a specific activity, which highly reduces the burden of a single model’s generalization ability. For evaluation, we build a 57.1 GB IoT dataset collected in 9 months composed of comprehensive normal and malicious traffic. Our evaluation proves that IoTEnsemble possesses a state-of-the-art detection performance on various IoT botnet malware and attack traffic, exhibiting a significantly better result than other baselines in a more intelligent and functional IoT network.

Original language	English
Title of host publication	Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings
Editors	Vijayalakshmi Atluri, Roberto Di Pietro, Christian D. Jensen, Weizhi Meng
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	569-588
Number of pages	20
ISBN (Print)	9783031171451
DOIs	https://doi.org/10.1007/978-3-031-17146-8_28
State	Published - 2022
Event	27th European Symposium on Research in Computer Security, ESORICS 2022 - Hybrid, Copenhagen, Denmark Duration: 26 Sep 2022 → 30 Sep 2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13555 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	27th European Symposium on Research in Computer Security, ESORICS 2022
Country/Territory	Denmark
City	Hybrid, Copenhagen
Period	26/09/22 → 30/09/22

Keywords

Botnet
Internet of Things
Malware detection
Network anomaly detection

Access to Document

10.1007/978-3-031-17146-8_28

Cite this

Li, R., Li, Q., Huang, Y., Zhang, W., Zhu, P., & Jiang, Y. (2022). IoTEnsemble: Detection of Botnet Attacks on Internet of Things. In V. Atluri, R. Di Pietro, C. D. Jensen, & W. Meng (Eds.), Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings (pp. 569-588). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13555 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-17146-8_28

Li, Ruoyu ; Li, Qing ; Huang, Yucheng et al. / IoTEnsemble : Detection of Botnet Attacks on Internet of Things. Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings. editor / Vijayalakshmi Atluri ; Roberto Di Pietro ; Christian D. Jensen ; Weizhi Meng. Springer Science and Business Media Deutschland GmbH, 2022. pp. 569-588 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{3830b4beee8c4335a2a9c4dba10b0c49,

title = "IoTEnsemble: Detection of Botnet Attacks on Internet of Things",

abstract = "As the Internet of Things (IoT) plays an increasingly important role in real life, the concern about IoT malware and botnet attacks is considerably growing. Meanwhile, with new techniques such as edge computing and artificial intelligence applied to IoT networks, these devices nowadays become more functional than ever before, which challenges many existing network anomaly detection systems due to the lack of generalization ability to profile diverse activities. To address it, this paper proposes IoTEnsemble, an ensemble network anomaly detection framework. We propose a tree-based activity clustering method that aggregates network flows dedicated to the same activity so that their traffic patterns remain identical. Based on the clustering result, we implement an ensemble model in which each submodel only needs to profile a specific activity, which highly reduces the burden of a single model{\textquoteright}s generalization ability. For evaluation, we build a 57.1 GB IoT dataset collected in 9 months composed of comprehensive normal and malicious traffic. Our evaluation proves that IoTEnsemble possesses a state-of-the-art detection performance on various IoT botnet malware and attack traffic, exhibiting a significantly better result than other baselines in a more intelligent and functional IoT network.",

keywords = "Botnet, Internet of Things, Malware detection, Network anomaly detection",

author = "Ruoyu Li and Qing Li and Yucheng Huang and Wenbin Zhang and Peican Zhu and Yong Jiang",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 27th European Symposium on Research in Computer Security, ESORICS 2022 ; Conference date: 26-09-2022 Through 30-09-2022",

year = "2022",

doi = "10.1007/978-3-031-17146-8_28",

language = "英语",

isbn = "9783031171451",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "569--588",

editor = "Vijayalakshmi Atluri and {Di Pietro}, Roberto and Jensen, {Christian D.} and Weizhi Meng",

booktitle = "Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings",

}

Li, R, Li, Q, Huang, Y, Zhang, W, Zhu, P & Jiang, Y 2022, IoTEnsemble: Detection of Botnet Attacks on Internet of Things. in V Atluri, R Di Pietro, CD Jensen & W Meng (eds), Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13555 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 569-588, 27th European Symposium on Research in Computer Security, ESORICS 2022, Hybrid, Copenhagen, Denmark, 26/09/22. https://doi.org/10.1007/978-3-031-17146-8_28

IoTEnsemble: Detection of Botnet Attacks on Internet of Things. / Li, Ruoyu; Li, Qing; Huang, Yucheng et al.
Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings. ed. / Vijayalakshmi Atluri; Roberto Di Pietro; Christian D. Jensen; Weizhi Meng. Springer Science and Business Media Deutschland GmbH, 2022. p. 569-588 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13555 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - IoTEnsemble

T2 - 27th European Symposium on Research in Computer Security, ESORICS 2022

AU - Li, Ruoyu

AU - Li, Qing

AU - Huang, Yucheng

AU - Zhang, Wenbin

AU - Zhu, Peican

AU - Jiang, Yong

PY - 2022

Y1 - 2022

N2 - As the Internet of Things (IoT) plays an increasingly important role in real life, the concern about IoT malware and botnet attacks is considerably growing. Meanwhile, with new techniques such as edge computing and artificial intelligence applied to IoT networks, these devices nowadays become more functional than ever before, which challenges many existing network anomaly detection systems due to the lack of generalization ability to profile diverse activities. To address it, this paper proposes IoTEnsemble, an ensemble network anomaly detection framework. We propose a tree-based activity clustering method that aggregates network flows dedicated to the same activity so that their traffic patterns remain identical. Based on the clustering result, we implement an ensemble model in which each submodel only needs to profile a specific activity, which highly reduces the burden of a single model’s generalization ability. For evaluation, we build a 57.1 GB IoT dataset collected in 9 months composed of comprehensive normal and malicious traffic. Our evaluation proves that IoTEnsemble possesses a state-of-the-art detection performance on various IoT botnet malware and attack traffic, exhibiting a significantly better result than other baselines in a more intelligent and functional IoT network.

AB - As the Internet of Things (IoT) plays an increasingly important role in real life, the concern about IoT malware and botnet attacks is considerably growing. Meanwhile, with new techniques such as edge computing and artificial intelligence applied to IoT networks, these devices nowadays become more functional than ever before, which challenges many existing network anomaly detection systems due to the lack of generalization ability to profile diverse activities. To address it, this paper proposes IoTEnsemble, an ensemble network anomaly detection framework. We propose a tree-based activity clustering method that aggregates network flows dedicated to the same activity so that their traffic patterns remain identical. Based on the clustering result, we implement an ensemble model in which each submodel only needs to profile a specific activity, which highly reduces the burden of a single model’s generalization ability. For evaluation, we build a 57.1 GB IoT dataset collected in 9 months composed of comprehensive normal and malicious traffic. Our evaluation proves that IoTEnsemble possesses a state-of-the-art detection performance on various IoT botnet malware and attack traffic, exhibiting a significantly better result than other baselines in a more intelligent and functional IoT network.

KW - Botnet

KW - Internet of Things

KW - Malware detection

KW - Network anomaly detection

UR - http://www.scopus.com/inward/record.url?scp=85140717203&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-17146-8_28

DO - 10.1007/978-3-031-17146-8_28

M3 - 会议稿件

AN - SCOPUS:85140717203

SN - 9783031171451

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 569

EP - 588

BT - Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings

A2 - Atluri, Vijayalakshmi

A2 - Di Pietro, Roberto

A2 - Jensen, Christian D.

A2 - Meng, Weizhi

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 26 September 2022 through 30 September 2022

ER -

Li R, Li Q, Huang Y, Zhang W, Zhu P, Jiang Y. IoTEnsemble: Detection of Botnet Attacks on Internet of Things. In Atluri V, Di Pietro R, Jensen CD, Meng W, editors, Computer Security – ESORICS 2022 - 27th European Symposium on Research in Computer Security, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 569-588. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-17146-8_28