Skip to main content

Hybrid deep-learning model to detect botnet attacks over internet of things environments

Abstract

In recent years, the use of the internet of things (IoT) has increased dramatically, and cybersecurity concerns have grown in tandem. Cybersecurity has become a major challenge for institutions and companies of all sizes, with the spread of threats growing in number and developing at a rapid pace. Artificial intelligence (AI) in cybersecurity can to a large extent help face the challenge, since it provides a powerful framework and coordinates that allow organisations to stay one step ahead of sophisticated cyber threats. AI provides real-time feedback, helping rollover daily alerts to be investigated and analysed, effective decisions to be made and enabling quick responses. AI-based capabilities make attack detection, security and mitigation more accurate for intelligence gathering and analysis, and they enable proactive protective countermeasures to be taken to overwhelm attacks. In this study, we propose a robust system specifically to help detect botnet attacks of IoT devices. This was done by innovatively combining the model of a convolutional neural network with a long short-term memory (CNN-LSTM) algorithm mechanism to detect two common and serious IoT attacks (BASHLITE and Mirai) on four types of security camera. The data sets, which contained normal malicious network packets, were collected from real-time lab-connected camera devices in IoT environments. The results of the experiment showed that the proposed system achieved optimal performance, according to evaluation metrics. The proposed system gave the following weighted average results for detecting the botnet on the Provision PT-737E camera: camera precision: 88%, recall: 87% and F1 score: 83%. The results of system for classifying botnet attacks and normal packets on the Provision PT-838 camera were 89% for recall, 85% for F1 score and 94%, precision. The intelligent security system using the advanced deep learning model was successful for detecting botnet attacks that infected camera devices connected to IoT applications.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

References

  • Aburomman AA, Reaz MBI (2016) Review of IDS development methods in machine learning. Int J Electr Comput Eng (IJECE) 6:2432–2436

    Article  Google Scholar 

  • Ahmad Z, Khan AS, Shiang CW, Abdullah J, Ahmad F (2021) Network intrusion detection system: a systematic study of machine learning and deep learning approaches. Trans Emerg Telecommun Technol. https://doi.org/10.1002/ett.4150

    Article  Google Scholar 

  • Ahmed AA, Jabbar WA, Sadiq AS, Patel H (2020) Deep learning-based classification model for botnet attack detection J Ambient Intell Humaniz Comput

  • Alkahtani H, Aldhyani THH (2020) Botnet attack detection by using CNN-LSTM model for internet of things applications. Secur Commun Networks 2021:3806459. https://doi.org/10.1155/2021/3806459

    Article  Google Scholar 

  • Al Shorman A, Faris H, Aljarah I (2020) Unsupervised intelligent system based on one class support vector machine and Grey Wolf optimization for IoT botnet detection. J Ambient Intell Humaniz Comput 11:2809–2825

    Article  Google Scholar 

  • Alauthman M, Aslam N, Al-kasassbeh M, Khan S, Al-Qerem A, Raymond Choo K (2020) An efficient reinforcement learningbased Botnet detection approach. J Netw Comput Appl 150:102479

    Article  Google Scholar 

  • Almomani O (2020) A feature selection model for network intrusion detection system based on PSO, GWO, FFA and GA algorithms. Symmetry 12:1046

    Article  Google Scholar 

  • Alothman Z, Alkasassbeh M, Al-Haj Baddar S (2020) An efficient approach to detect IoT botnet attacks using machine learning. J High Speed Netw 26:241–254

    Article  Google Scholar 

  • Asadi M, Jabraeil Jamali MA, Parsa S, Majidnezhad V (2020) Detecting botnet by using particle swarm optimization algorithm based on voting system. Future Gener Comput Syst 107:95–111

    Article  Google Scholar 

  • Azeez NA, Ayemobola TJ, Misra S, Maskeliunas R, Damaševiˇcius R (2019) Network intrusion detection with a hashing based ¯ apriori algorithm using Hadoop MapReduce. Computers 8:86

    Article  Google Scholar 

  • Berman DS, Buczak AL, Chavis JS, Corbett CL (2019) A survey of deep learning methods for cyber security. Information 10:122

    Article  Google Scholar 

  • Bijalwan A (2020) Botnet forensic analysis using machine learning. Secur Commun Netw 2020:9302318

    Article  Google Scholar 

  • Chung YY, Wahid N (2012) A hybrid network intrusion detection system using simplified swarm optimization (SSO). Appl Soft Comput 12:3014–3022

    Article  Google Scholar 

  • Cozzi E, Vervier PA, Dell’Amico M, Shen Y, Bilge L, Balzarotti D (2020) The tangled genealogy of IoT malware In Proceedings of the Annual Computer Security Applications Conference Austin TX USA 7–11

  • Da K (2014) A method for stochastic optimization arXiv:1412.6980

  • Damasevicius R, Venckauskas A, Grigaliunas S, Toldinas J, Morkevicius N, Aleliunas T, Smuikys P (2020) Litnet-2020: an annotated real-world network flow dataset for network intrusion detection. Electronics 9:800

    Article  Google Scholar 

  • de Assis MVO, Carvalho LF, Rodrigues JJPC, Lloret J, Proença ML Jr (2020) Near real-time security system applied to SDN environments in IoT networks using convolutional neural network. Comput Electr Eng 86:106738

    Article  Google Scholar 

  • Deng L (2014) A tutorial survey of architectures, algorithms, and applications for deep learning. APSIPA Trans Signal Inf Process 3:e2

    Google Scholar 

  • Deng L, Li D, Yao X, Wang H (2018) Retracted article: mobile network intrusion detection for IoT system based on transfer learning algorithm. Clust Comput 22:9889–9904

    Article  Google Scholar 

  • Devan P, Khare N (2020) An efficient XGBoost–DNN-based classification model for network intrusion detection system. Neural Comput Appl 32:12499–12514

    Article  Google Scholar 

  • Dong B, Wang X (2016) Comparison deep learning method to traditional methods using for network intrusion detection In Proceedings of the 2016 8th IEEE International Conference on Communication Software and Networks (ICCSN) Beijing China 4–6 June 2016 pp 581–585

  • Dong QL, He SN (2017) Self-adaptive projection algorithms for solving the split equality problems. Fixed Point Theory 18:191–202

    Article  MathSciNet  MATH  Google Scholar 

  • Duchi J, Hazan E, Singer Y (2011) Adaptive subgradient methods for online learning and stochastic optimization. J Mach Learn Res 12:2121–2159

    MathSciNet  MATH  Google Scholar 

  • Dwivedi S, Vardhan M, Tripathi S (2020) Defense against distributed DoS attack detection by using intelligent evolutionary algorithm. Int J Comput Appl. https://doi.org/10.1080/1206212X.2020.1720951

    Article  Google Scholar 

  • Elmasry W, Akbulut A, Zaim AH (2020) Evolving deep learning architectures for network intrusion detection using a double PSO metaheuristic. Comput Netw 168:107042

    Article  Google Scholar 

  • Folorunso O, Ayo FE, Babalola Y (2016) Ca-NIDS: a network intrusion detection system using combinatorial algorithm approach. J Inf Priv Secur 12:181–196

    Google Scholar 

  • Ganapathy S, Kulothungan K, Muthurajkumar S, Vijayalakshmi M, Yogesh P, Kannan A (2013) Intelligent feature selection and classification techniques for intrusion detection in networks: a survey. EURASIP J Wirel Commun Netw 2013:1–16

    Article  Google Scholar 

  • Hajisalem V, Babaie S (2018) A hybrid intrusion detection system based on ABC-AFS algorithm for misuse and anomaly detection. Comput Netw 136:37–50

    Article  Google Scholar 

  • Hoque N, Bhattacharyya DK, Kalita JK (2015) Botnet in DDoS attacks: trends and challenges. IEEE Commun Surv Tutor 17:2242–2270

    Article  Google Scholar 

  • Hussain B, Du Q, Sun B, Han Z (2021) Deep learning-based DDoS-attack detection for cyber-physical system over 5G network. IEEE Trans Ind Inform 17:860–870

    Article  Google Scholar 

  • Injadat M, Moubayed A, Nassif AB, Shami A (2020) Multi-stage optimized machine learning framework for network intrusion detection. IEEE Trans Netw Serv Manag 18:1803–1816

    Article  Google Scholar 

  • Kebande VR, Venter HS (2014) A cognitive approach for botnet detection using artificial immune system in the cloud In Proceedings of the 2014 Third International Conference on cyber security, cyber warfare and digital forensic (CyberSec) Beirut Lebanon 29 April–1 May 2014 pp 52–57.

  • Kolias C, Kambourakis G, Stavrou A, Voas J (2017) DDoS in the IoT: mirai and other botnets. Computer 50:80–84

    Article  Google Scholar 

  • Koroniotis N, Moustafa N, Sitnikova E (2019) Forensics and deep learning mechanisms for botnets in internet of things: a survey of challenges and solutions. IEEE Access 7:61764–61785

    Article  Google Scholar 

  • Lee S, Abdullah A, Jhanjhi N, Kok S (2021) Classification of botnet attacks in IoT smart factory using honeypot combined with machine learning. PeerJ Comput Sci 7:1–23

    Article  Google Scholar 

  • Li X, Yi P, Wei W, Jiang Y, Tian L (2021) LNNLS-KH: a feature selection method for network intrusion detection. Secur Commun Netw 2021:8830431

    Google Scholar 

  • Lin KC, Chen SY, Hung JC (2014) Botnet detection using support vector machines with artificial fish swarm algorithm. J Appl Math 2014:1–9

    Google Scholar 

  • Magán-Carrión R, Urda D, Díaz-Cano I, Dorronsoro B (2020) Towards a reliable comparison and evaluation of network intrusion detection systems based on machine learning approaches. Appl Sci 10:1775

    Article  Google Scholar 

  • Mahmood T, Afzal U (2013) Security analytics: big data analytics for cybersecurity: a review of trends, techniques and tools In: Proceedings of the 2013 2nd National Conference on Information Assurance (NCIA) Rawalpindi Pakistan 11–12 December 2013 pp. 129–134

  • Manimurugan S, Al-Mutairi S, Aborokbah MM, Chilamkurti N, Ganesan S, Patan R (2020) Effective attack detection in internet of medical things smart environment using a deep belief neural network. IEEE Access 8:77396–77404

    Article  Google Scholar 

  • Marir N, Wang H, Feng G, Li B, Jia M (2018) Distributed abnormal behavior detection approach based on deep belief network and ensemble svm using spark. IEEE Access 6:59657–59671

    Article  Google Scholar 

  • Mazini M, Shirazi B, Mahdavi I (2019) Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. J King Saud Univ Comput Inf Sci 31:541–553

    Google Scholar 

  • McDermott CD, Majdani F, Petrovski AV (2018) Botnet detection in the internet of things using deep learning approaches In Proceedings of the International Joint Conference on Neural Networks Rio de Janeiro Brazil Vol 2018

  • Perez MG, Celdran AH, Ippoliti F, Giardina PG, Bernini G, Alaez RM, Chirivella-Perez E, Clemente FJG, Perez GM, Kraja E et al (2017) Dynamic reconfiguration in 5G mobile networks to proactively detect and mitigate botnets. IEEE Internet Comput 21:28–36

    Article  Google Scholar 

  • Rajagopal S, Kundapur PP, Hareesha KS (2020) A stacking ensemble for network intrusion detection using heterogeneous datasets. Secur Commun Netw 2020:4586875

    Article  Google Scholar 

  • Rauf HT, Malik S, Shoaib U, Irfan MN, Lali MI (2020) Adaptive inertia weight Bat algorithm with Sugeno-function fuzzy search. Appl Soft Comput 90:106159

    Article  Google Scholar 

  • Sakr MM, Tawfeeq MA, El-Sisi AB (2019) Network intrusion detection system based PSO-SVM for cloud computing. Int J Comput Netw Inf Secur 11:22–29

    Google Scholar 

  • Salo F, Nassif AB, Essex A (2019) Dimensionality reduction with IG-PCA and ensemble classifier for network intrusion detection. Comput Netw 148(164–175):58

    Google Scholar 

  • Selvakumar B, Muneeswaran K (2019) Firefly algorithm based feature selection for network intrusion detection. Comput Secur 81:148–155

    Article  Google Scholar 

  • Soe YN, Feng Y, Santosa PI, Hartanto R, Sakurai K (2020) Machine learning-based IoT-botnet attack detection with sequential architecture. Sensors 20(16):4372. https://doi.org/10.3390/s2016437

    Article  Google Scholar 

  • Suhaimi H, Suliman SI, Musirin I, Harun A, Mohamad R, Kassim M, Shahbudin S (2020) Network intrusion detection system using immune-genetic algorithm (IGA). Indones J Electr Eng Comput Sci 17:1059–1065

    Google Scholar 

  • Tuan TA, Long HV, Son LH, Kumar R, Priyadarshini I, Son NTK (2020) Performance evaluation of botnet DDoS attack detection using machine learning. Evol Intell 13:283–294

    Article  Google Scholar 

  • Ullah I, Mahmoud QH (2020) A two-level flow-based anomalous activity detection system for IoT networks. Electronics 9:530

    Article  Google Scholar 

  • Vasilomanolakis E, Karuppayah S, Mühlhäuser M, Fischer M (2015) Taxonomy and survey of collaborative intrusion detection. ACM Comput Surv 47:1–33

    Article  Google Scholar 

  • Wei W, Wozniak M, Damaševiˇcius R, Fan X, Li Y (2019) Algorithm research of known-plaintext attack on double random phase mask based on WSNs. J Internet Technol 2019(20):39–48

    Google Scholar 

  • Wu Z, Wang J, Hu L, Zhang Z, Wu H (2020) A network intrusion detection method based on semantic re-encoding and deep learning. J Netw Comput Appl 164:102688

    Article  Google Scholar 

  • Yerima SY, Alzaylaee MK, Shajan A, Vinod P (2021) Deep learning techniques for android botnet detection. Electronics 10:519

    Article  Google Scholar 

  • Yilmaz S, Sen S (2019) Early detection of botnet activities using grammatical evolution. In: Kaufmann P, Castillo P (eds) Applications of evolutionary computation. Lecture Notes in Computer Science, vol 11454. Springer, Cham. https://doi.org/10.1007/978-3-030-16692-2_26

    Chapter  Google Scholar 

  • Yong B, Wei W, Li K-C et al (2020) Ensemble machine learning approaches for webshell detection in internet of things environments. Trans Emerg Telecommun Technol. https://doi.org/10.1002/ett.4085

    Article  Google Scholar 

  • Yu Y, Long J, Liu F, Cai Z (2016) Machine learning combining with visualization for intrusion detection: a survey In Proceedings of the international conference on modeling decisions for artificial intelligence Sant Julià de Lòria Andorra 19–21 September 2016 pp 239–249 Electronics 2021 10 1341 23 of 24

  • Zeiler MD (2012) Adadelta: an adaptive learning rate method arXiv:1212.5701

  • Zhou Y, Mazzuchi TA, Sarkani S (2020) M-AdaBoost—a based ensemble system for network intrusion detection. Expert Syst Appl 162:113864

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Mohammed Y. Alzahrani.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical standards

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Communicated by Irfan Uddin.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Alzahrani, M.Y., Bamhdi, A.M. Hybrid deep-learning model to detect botnet attacks over internet of things environments. Soft Comput 26, 7721–7735 (2022). https://doi.org/10.1007/s00500-022-06750-4

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00500-022-06750-4

Keywords