IoT Security: Botnet Detection Using Self-Organizing Feature Map and Machine Learning

  • Susanto Universitas Bina Insan
  • Deris Stiawan Universitas Sriwijaya
  • Budi Santoso Universitas Bina Insan
  • Alex Onesimus Sidabutar Universitas Bina Insan
  • M. Agus Syamsul Arifin Universitas Bina Insan
  • Mohd Yazid Idris Universiti Teknologi Malaysia
  • Rahmat Budiarto Albaha Univesity
DOI: https://doi.org/10.29207/resti.v8i6.5871
Keywords: Botnet, IoT, Feature Engineering, SOFM, Machine Learning

Abstract

The rapid advancement of Internet of Things (IoT) technology has created potential for progress in various aspects of life. However, the increasing number of IoT devices also raises the risk of cyberattacks, particularly IoT botnets often exploited by attackers. This is largely due to the limitations of IoT devices, such as constraints in capacity, power, and memory, necessitating an efficient detection system. This study aims to develop a resource-efficient botnet detection system by using the Self-Organizing Feature Map (SOFM) dimensionality reduction method in combination with machine learning algorithms. The proposed method includes a feature engineering process using SOFM to address high-dimensional data, followed by classification with various machine learning algorithms. The experiments evaluate performance based on accuracy, sensitivity, specificity, False Positive Rate (FPR), and False Negative Rate (FNR). Results show that the Decision Tree algorithm achieved the highest accuracy rate of 97.24%, with a sensitivity of 0.9523, specificity of 0.9932, and a fast execution time of 100.66 seconds. The use of SOFM successfully reduced memory consumption from 3.08 GB to 923MB. Experimental results indicate that this approach is effective for enhancing IoT security in resource-constrained devices.

Downloads

Download data is not yet available.

References

S. Nižetić, P. Šolić, D. López-de-Ipiña González-de-Artaza, and L. Patrono, “Internet of Things (IoT): Opportunities, issues and challenges towards a smart and sustainable future,” J. Clean. Prod., vol. 274, 2020, doi: 10.1016/j.jclepro.2020.122877.

S. Kumar, P. Tiwari, and M. Zymbler, “Internet of Things is a revolutionary approach for future technology enhancement: a review,” J. Big Data, vol. 6, no. 1, 2019, doi: 10.1186/s40537-019-0268-2.

Y. N. Soe, Y. Feng, P. I. Santosa, R. Hartanto, and K. Sakurai, “Machine learning-based IoT-botnet attack detection with sequential architecture,” Sensors (Switzerland), vol. 20, no. 16, pp. 1–15, 2020, doi: 10.3390/s20164372.

I. Ali et al., “Systematic Literature Review on IoT-Based Botnet Attack,” IEEE Access, vol. 8, pp. 212220–212232, 2020, doi: 10.1109/ACCESS.2020.3039985.

P. Williams, I. K. Dutta, H. Daoud, and M. Bayoumi, “A survey on security in internet of things with a focus on the impact of emerging technologies,” Internet of Things (Netherlands), vol. 19, p. 100564, 2022, doi: 10.1016/j.iot.2022.100564.

G. Eric and A. Jurcut, “Intrusion Detection in Internet of Things Systems : A Review on Design Approaches Leveraging Multi-Access Edge,” Sensors, vol. 22, pp. 1–33, 2022.

A. Binbusayyis and T. Vaiyapuri, “Comprehensive analysis and recommendation of feature evaluation measures for intrusion detection,” Heliyon, vol. 6, no. 7, p. e04262, 2020, doi: 10.1016/j.heliyon.2020.e04262.

A. Adnan, A. Muhammed, A. A. A. Ghani, A. Abdullah, and F. Hakim, “An intrusion detection system for the internet of things based on machine learning: Review and challenges,” Symmetry (Basel)., vol. 13, no. 6, pp. 1–13, 2021, doi: 10.3390/sym13061011.

Z. Azam, M. M. Islam, and M. N. Huda, “Comparative Analysis of Intrusion Detection Systems and Machine Learning-Based Model Analysis Through Decision Tree,” IEEE Access, vol. 11, no. July, pp. 80348–80391, 2023, doi: 10.1109/ACCESS.2023.3296444.

S. Velliangiri, S. Alagumuthukrishnan, and S. I. Thankumar Joseph, “A Review of Dimensionality Reduction Techniques for Efficient Computation,” in Procedia Computer Science, 2019, vol. 165, pp. 104–111.

M. Farhan and M. G., “Efficient Botnet Detection using Feature Ranking and Hyperparameter Tuning,” Int. J. Comput. Appl., vol. 182, no. 48, pp. 55–60, 2019, doi: 10.5120/ijca2019918739.

H. Bahsi, S. Nomm, and F. B. La Torre, “Dimensionality Reduction for Machine Learning Based IoT Botnet Detection,” in Proc. 2018 15th International Conference on Control, Automation, Robotics and Vision, ICARCV, 2018, pp. 1857–1862.

M. Alqahtani, H. Mathkour, and M. M. Ben Ismail, “IoT botnet attack detection based on optimized extreme gradient boosting and feature selection,” Sensors (Switzerland), vol. 20, no. 21, pp. 1–21, 2020, doi: 10.3390/s20216336.

M. Alshamkhany, W. Alshamkhany, M. Mansour, M. Khan, S. Dhou, and F. Aloul, “Botnet Attack Detection using Machine Learning,” in Proc. 14th International Conference on Innovations in Information Technology, IIT, 2020, no. November, pp. 203–208.

S. Pokhrel, R. Abbas, and B. Aryal, “IoT Security: Botnet detection in IoT using Machine learning,” arXiv, pp. 1–11, 2021.

Susanto et al., “Dimensional Reduction With Fast ICA for IoT Botnet Detection,” J. Appl. Secur. Res., vol. 18, no. 4, pp. 665–688, 2023, doi: 10.1080/19361610.2022.2079906.

Susanto, D. Stiawan, M. A. S. Arifin, J. Rejito, M. Y. Idris, and R. Budiarto, “A Dimensionality Reduction Approach for Machine Learning Based IoT Botnet Detection,” Int. Conf. Electr. Eng. Comput. Sci. Informatics, vol. 2021–Octob, no. October, pp. 26–30, 2021, doi: 10.23919/EECSI53397.2021.9624299.

Susanto, D. Stiawan, M. Agus Syamsul Arifin, M. Y. Idris, and R. Budiarto, “Effective and efficient approach in IoT Botnet detection,” Sinergi, vol. 28, no. 1, pp. 31–42, 2024, doi: 10.22441/sinergi.2024.1.004.

D. Stiawan, Susanto, A. Bimantara, M. Y. Idris, and R. Budiarto, “IoT botnet attack detection using deep autoencoder and artificial neural networks,” KSII Trans. Internet Inf. Syst., vol. 17, no. 5, pp. 1310–1338, 2023, doi: 10.3837/tiis.2023.05.001.

S. Nomm and H. Bahsi, “Unsupervised Anomaly Based Botnet Detection in IoT Networks,” in Proc.- 17th IEEE International Conference on Machine Learning and Applications, ICMLA, 2019, pp. 1048–1053.

L. Duan, J. Zhou, Y. Wu, and W. Xu, “A novel and highly efficient botnet detection algorithm based on network traffic analysis of smart systems,” Int. J. Distrib. Sens. Networks, vol. 18, no. 3, 2022, doi: 10.1177/15501477211049910.

M. A. Haq and M. A. R. Khan, “Dnnbot: Deep neural network-based botnet detection and classification,” Comput. Mater. Contin., vol. 71, no. 1, pp. 1729–1750, 2022, doi: 10.32604/cmc.2022.020938.

S. Velliangiri, S. Alagumuthukrishnan, and S. I. Thankumar Joseph, “A Review of Dimensionality Reduction Techniques for Efficient Computation,” Procedia Comput. Sci., vol. 165, pp. 104–111, 2019, doi: 10.1016/j.procs.2020.01.079.

L. H. Nguyen and S. Holmes, “Ten quick tips for effective dimensionality reduction,” PLoS Comput. Biol., vol. 15, no. 6, pp. 1–19, 2019, doi: 10.1371/journal.pcbi.1006907.

A. McCarthy, E. Ghadafi, P. Andriotis, and P. Legg, “Functionality-Preserving Adversarial Machine Learning for Robust Classification in Cybersecurity and Intrusion Detection Domains: A Survey,” J. Cybersecurity Priv., vol. 2, no. 1, pp. 154–190, 2022, doi: 10.3390/jcp2010010.

H. Shafique, A. A. Shah, M. A. Qureshi, and M. K. Ehsan, “Machine Learning Empowered Efficient Intrusion Detection Framework,” VFAST Trans. Softw. Eng., vol. 10, no. 2, pp. 27–35, 2022.

A. Guerra-Manzanares, J. Medina-Galindo, H. Bahsi, and S. Nõmm, “MedBIoT: Generation of an IoT botnet dataset in a medium-sized IoT network,” ICISSP 2020 - Proc. 6th Int. Conf. Inf. Syst. Secur. Priv., pp. 207–218, 2020, doi: 10.5220/0009187802070218.

Y. Mirsky, T. Doitshman, Y. Elovici, and A. Shabtai, “Kitsune: An ensemble of autoencoders for online network intrusion detection,” arXiv, no. February, pp. 18–21, 2018.

R. Kalakoti, S. Nomm, and H. Bahsi, “In-Depth Feature Selection for the Statistical Machine Learning-Based Botnet Detection in IoT Networks,” IEEE Access, vol. 10, no. July, pp. 94518–94535, 2022, doi: 10.1109/ACCESS.2022.3204001.

A. Guerra-Manzanares, J. Medina-Galindo, H. Bahsi, and S. Nõmm, “Using MedBIoT Dataset to Build Effective Machine Learning-Based IoT Botnet Detection Systems,” Commun. Comput. Inf. Sci., vol. 1545 CCIS, pp. 222–243, 2022, doi: 10.1007/978-3-030-94900-6_11.

K. Malik, F. Rehman, T. Maqsood, S. Mustafa, O. Khalid, and A. Akhunzada, “Lightweight Internet of Things Botnet Detection Using One-Class Classification,” Sensors, vol. 22, no. 10, pp. 1–17, 2022, doi: 10.3390/s22103646.

T. Kohonen, “Self-organized formation of topologically correct feature maps,” Biol. Cybern., vol. 43, no. 1, pp. 59–69, 1982, doi: 10.1007/BF00337288.

J. A. Kangas, T. Kohonen, and J. T. Laaksonen, “Variants of Self-Organizing Maps,” IEEE Trans. Neural Netw., vol. I, no. I, pp. 93–99, 1990, doi: 10.1007/978-3-642-97966-8_5.

T. Kohonen, “The Self-Organizing Map,” Proc. IEEE, vol. 78, no. 9, pp. 1464–1480, 1990, doi: 10.1109/5.58325.

T. Kohonen, “Essentials of the self-organizing map,” Neural Networks, vol. 37, pp. 52–65, 2013, doi: 10.1016/j.neunet.2012.09.018.

D. Miljkovic, “Brief review of self-organizing maps,” 2017 40th Int. Conv. Inf. Commun. Technol. Electron. Microelectron. MIPRO 2017 - Proc., no. May, pp. 1061–1066, 2017, doi: 10.23919/MIPRO.2017.7973581.

A. Saraswati, V. T. Nguyen, M. Hagenbuchner, and A. C. Tsoi, “High-resolution Self-Organizing Maps for advanced visualization and dimension reduction,” Neural Networks, vol. 105, pp. 166–184, 2018, doi: 10.1016/j.neunet.2018.04.011.

X. Chen, M. Simsek, and B. Kantarci, “Locally reconfigurable Self Organizing Feature Map for high impact malicious tasks submission in Mobile Crowdsensing,” Internet of Things, no. January, pp. 1–14, 2020.

S. Licen, A. Astel, and S. Tsakovski, “Self-organizing map algorithm for assessing spatial and temporal patterns of pollutants in environmental compartments: A review,” Sci. Total Environ., vol. 878, no. March, p. 163084, 2023, doi: 10.1016/j.scitotenv.2023.163084.

S. Licen, S. Cozzutto, and P. Barbieri, “Assessment and comparison of multi-annual size profiles of particulate matter monitored at an urban-industrial site by an optical particle counter with a chemometric approach,” Aerosol Air Qual. Res., vol. 20, no. 4, pp. 800–809, 2020, doi: 10.4209/aaqr.2019.08.0414.

J. Xiao, L. Wang, N. Chai, T. Liu, Z. Jin, and J. Rinklebe, “Groundwater hydrochemistry, source identification and pollution assessment in intensive industrial areas, eastern Chinese loess plateau,” Environ. Pollut., vol. 278, 2021, doi: 10.1016/j.envpol.2021.116930.

A. C. Belkina, C. O. Ciccolella, R. Anno, R. Halpert, J. Spidlen, and J. E. Snyder-Cappione, “Automated optimized parameters for T-distributed stochastic neighbor embedding improve visualization and analysis of large datasets,” Nat. Commun., vol. 10, no. 1, pp. 1–12, 2019, doi: 10.1038/s41467-019-13055-y.

V. Fortuin, M. Hüser, F. Locatello, H. Strathmann, and G. Rätsch, “Som-Vae: Interpretable discrete representation learning on time series,” 7th Int. Conf. Learn. Represent. ICLR 2019, pp. 1–18, 2019.

Z. Ahmad, A. Shahid Khan, C. Wai Shiang, J. Abdullah, and F. Ahmad, “Network intrusion detection system: A systematic study of machine learning and deep learning approaches,” Trans. Emerg. Telecommun. Technol., vol. 32, no. 1, pp. 1–29, Oct. 2020.

K. V. V. N. L. Sai Kiran, R. N. K. Devisetty, N. P. Kalyan, K. Mukundini, and R. Karthi, “Building a Intrusion Detection System for IoT Environment using Machine Learning Techniques,” Procedia Comput. Sci., vol. 171, no. 2019, pp. 2372–2379, 2020, doi: 10.1016/j.procs.2020.04.257.

E. P. Nugroho, T. Djatna, I. S. Sitanggang, A. Buono, and I. Hermadi, “A Review of Intrusion Detection System in IoT with Machine Learning Approach: Current and Future Research,” 2020 6th Int. Conf. Sci. Inf. Technol. Embrac. Ind. 4.0 Towar. Innov. Disaster Manag. ICSITech 2020, pp. 138–143, 2020, doi: 10.1109/ICSITech49800.2020.9392075.

A. Geron, Hands-on Machine Learning with Scikit-Learn, Keras & TensorFlow. 2019.

M. A. Lones, “How to avoid machine learning pitfalls: a guide for academic researchers,” arXiv, pp. 1–28, 2021.

T. Chen and C. Guestrin, “XGBoost: A scalable tree boosting system,” Proc. ACM SIGKDD Int. Conf. Knowl. Discov. Data Min., vol. 13–17–Augu, pp. 785–794, 2016, doi: 10.1145/2939672.2939785.

F. Chollet, Deep learning with Python. 2017.

T. Hastie, R. Tibshirani, and M. Wainwright, Statistical learning with sparsity: The lasso and generalizations. 2015.

V. M. S Raschka, Python Machine Learning: Machine Learning and Deep Learning with Python, scikit-learn, and TensorFlow, vol. 69, no. 4. 2019.

L. L. Kupper, D. W. Hosmer, and S. Lemeshow, Applied Logistic Regression., vol. 85, no. 411. 2013.

G. James;, D. Witten;, T. Hastie;, R. Tibshirani;, and J. Taylor, An Introduction to Statistical Learning, vol. 102. 2023.

A. Tharwat, “Classification assessment methods,” Appl. Comput. Informatics, vol. 17, no. 1, pp. 168–192, 2021, doi: 10.1016/j.aci.2018.08.003.

J. Hogan and N. M. Adams, “On Averaging ROC Curves,” Trans. Mach. Learn. Res., pp. 1–12, 2023.

H. Li, G. K. Rajbahadur, D. Lin, C.-P. Bezemer, Z. Ming, and Jiang, “Keeping Deep Learning Models in Check: A History-Based Approach to Mitigate Overfitting,” arXiv, 2024.

A. Vabalas, E. Gowen, E. Poliakoff, and A. J. Casson, “Machine learning algorithm validation with a limited sample size,” PLoS One, vol. 14, no. 11, pp. 1–20, 2019, doi: 10.1371/journal.pone.0224365.

K. Alissa, T. Alyas, K. Zafar, Q. Abbas, N. Tabassum, and S. Sakib, “Botnet Attack Detection in IoT Using Machine Learning,” Comput. Intell. Neurosci., vol. 2022, 2022, doi: 10.1155/2022/4515642.

B. Bojarajulu, S. Tanwar, and T. P. Singh, “Intelligent IoT-BOTNET attack detection model with optimized hybrid classification model,” Comput. Secur., vol. 126, p. 103064, 2023, doi: https://doi.org/10.1016/j.cose.2022.103064.

R. Sharma, S. M. ud din, N. Sharma, and A. Kumar, “Enhancing IoT Botnet Detection through Machine Learning-based Feature Selection and Ensemble Models,” EAI Endorsed Trans. Scalable Inf. Syst., vol. 11, no. 2, pp. 1–6, 2024, doi: 10.4108/eetsis.3971.

Published
2024-12-28
How to Cite
Susanto, Stiawan, D., Santoso, B., Sidabutar, A. O., Arifin, M. A. S., Idris, M. Y., & Budiarto, R. (2024). IoT Security: Botnet Detection Using Self-Organizing Feature Map and Machine Learning. Jurnal RESTI (Rekayasa Sistem Dan Teknologi Informasi), 8(6), 788 - 798. https://doi.org/10.29207/resti.v8i6.5871
Issue
Vol 8 No 6 (2024): December 2024
Section
Information Systems Engineering Articles

Copyright (c) 2024 Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi)

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Copyright in each article belongs to the author

  1. The author acknowledges that the RESTI Journal (System Engineering and Information Technology) is the first publisher to publish with a license Creative Commons Attribution 4.0 International License.
  2. Authors can enter writing separately, arrange the non-exclusive distribution of manuscripts that have been published in this journal into other versions (eg sent to the author's institutional repository, publication in a book, etc.), by acknowledging that the manuscript has been published for the first time in the RESTI (Rekayasa Sistem dan Teknologi Informasi) journal ;