TY - JOUR
T1 - IoTBoT-IDS
T2 - A novel statistical learning-enabled botnet detection framework for protecting networks of smart cities
AU - Ashraf, Javed
AU - Keshk, Marwa
AU - Moustafa, Nour
AU - Abdel-Basset, Mohamed
AU - Khurshid, Hasnat
AU - Bakhshi, Asim D.
AU - Mostafa, Reham R.
N1 - Publisher Copyright:
© 2021 Elsevier Ltd
PY - 2021/9
Y1 - 2021/9
N2 - The rapid proliferation of the Internet of Things (IoT) systems, has enabled transforming urban areas into smart cities. Smart cities’ paradigm has resulted in improved quality of life and better services to citizens, like smart healthcare, smart parking, smart transport, smart buildings, smart homes, and so on. One of the major challenges of IoT devices is the limited capacity of their battery because the devices consume a large amount of energy once they communicate with each other. Furthermore, the IoT-based smart systems would contain sensitive data about network systems, introducing serious privacy and security issues. IoT-based smart systems are highly exposed to botnet attacks. Examples of such attacks are Mirai and BASHLITE malware launched from compromised surveillance devices, which are common in smart cities, resulting in paralysis of Internet-based services through distributed denial of service (DDoS) attacks. Such DDoS attacks on IoT devices and their networks further threaten the emerging concept of sustainable smart cities. To discover such cyberattacks, this paper proposes a novel statistical learning-based botnet detection framework, called IoTBoT-IDS, which protects IoT-based smart networks against botnet attacks. IoTBoT-IDS captures the normal behavior of IoT networks by applying statistical learning-based techniques, using Beta Mixture Model (BMM) and a Correntropy model. Any deviation from the normal behavior is detected as an anomalous event. To evaluate IoTBoT-IDS, three benchmark datasets generated from realistic IoT networks were used. The evaluation results showed that IoTBoT-IDS effectively identifies various types of botnets with an average detection accuracy of 99.2%, which is higher by about 2–5% compared with compelling intrusion detection methods, namely AdaBoost ensemble learning, fuzzy c-means, and deep feed forward neural networks.
AB - The rapid proliferation of the Internet of Things (IoT) systems, has enabled transforming urban areas into smart cities. Smart cities’ paradigm has resulted in improved quality of life and better services to citizens, like smart healthcare, smart parking, smart transport, smart buildings, smart homes, and so on. One of the major challenges of IoT devices is the limited capacity of their battery because the devices consume a large amount of energy once they communicate with each other. Furthermore, the IoT-based smart systems would contain sensitive data about network systems, introducing serious privacy and security issues. IoT-based smart systems are highly exposed to botnet attacks. Examples of such attacks are Mirai and BASHLITE malware launched from compromised surveillance devices, which are common in smart cities, resulting in paralysis of Internet-based services through distributed denial of service (DDoS) attacks. Such DDoS attacks on IoT devices and their networks further threaten the emerging concept of sustainable smart cities. To discover such cyberattacks, this paper proposes a novel statistical learning-based botnet detection framework, called IoTBoT-IDS, which protects IoT-based smart networks against botnet attacks. IoTBoT-IDS captures the normal behavior of IoT networks by applying statistical learning-based techniques, using Beta Mixture Model (BMM) and a Correntropy model. Any deviation from the normal behavior is detected as an anomalous event. To evaluate IoTBoT-IDS, three benchmark datasets generated from realistic IoT networks were used. The evaluation results showed that IoTBoT-IDS effectively identifies various types of botnets with an average detection accuracy of 99.2%, which is higher by about 2–5% compared with compelling intrusion detection methods, namely AdaBoost ensemble learning, fuzzy c-means, and deep feed forward neural networks.
KW - Anomaly detection
KW - Beta mixture model
KW - Botnet attacks
KW - Correntropy
KW - Intrusion detection system
KW - IoT
KW - Statistical learning
KW - Sustainable smart cities
UR - http://www.scopus.com/inward/record.url?scp=85107301135&partnerID=8YFLogxK
U2 - 10.1016/j.scs.2021.103041
DO - 10.1016/j.scs.2021.103041
M3 - Article
AN - SCOPUS:85107301135
SN - 2210-6707
VL - 72
SP - 1
EP - 12
JO - Sustainable Cities and Society
JF - Sustainable Cities and Society
M1 - 103041
ER -