Abstract
In recent years, the use of the internet of things (IoT) has increased dramatically, and cybersecurity concerns have grown in tandem. Cybersecurity has become a major challenge for institutions and companies of all sizes, with the spread of threats growing in number and developing at a rapid pace. Artificial intelligence (AI) in cybersecurity can to a large extent help face the challenge, since it provides a powerful framework and coordinates that allow organisations to stay one step ahead of sophisticated cyber threats. AI provides real-time feedback, helping rollover daily alerts to be investigated and analysed, effective decisions to be made and enabling quick responses. AI-based capabilities make attack detection, security and mitigation more accurate for intelligence gathering and analysis, and they enable proactive protective countermeasures to be taken to overwhelm attacks. In this study, we propose a robust system specifically to help detect botnet attacks of IoT devices. This was done by innovatively combining the model of a convolutional neural network with a long short-term memory (CNN-LSTM) algorithm mechanism to detect two common and serious IoT attacks (BASHLITE and Mirai) on four types of security camera. The data sets, which contained normal malicious network packets, were collected from real-time lab-connected camera devices in IoT environments. The results of the experiment showed that the proposed system achieved optimal performance, according to evaluation metrics. The proposed system gave the following weighted average results for detecting the botnet on the Provision PT-737E camera: camera precision: 88%, recall: 87% and F1 score: 83%. The results of system for classifying botnet attacks and normal packets on the Provision PT-838 camera were 89% for recall, 85% for F1 score and 94%, precision. The intelligent security system using the advanced deep learning model was successful for detecting botnet attacks that infected camera devices connected to IoT applications.
This is a preview of subscription content, access via your institution.
References
Aburomman AA, Reaz MBI (2016) Review of IDS development methods in machine learning. Int J Electr Comput Eng (IJECE) 6:2432–2436
Ahmad Z, Khan AS, Shiang CW, Abdullah J, Ahmad F (2021) Network intrusion detection system: a systematic study of machine learning and deep learning approaches. Trans Emerg Telecommun Technol. https://doi.org/10.1002/ett.4150
Ahmed AA, Jabbar WA, Sadiq AS, Patel H (2020) Deep learning-based classification model for botnet attack detection J Ambient Intell Humaniz Comput
Alkahtani H, Aldhyani THH (2020) Botnet attack detection by using CNN-LSTM model for internet of things applications. Secur Commun Networks 2021:3806459. https://doi.org/10.1155/2021/3806459
Al Shorman A, Faris H, Aljarah I (2020) Unsupervised intelligent system based on one class support vector machine and Grey Wolf optimization for IoT botnet detection. J Ambient Intell Humaniz Comput 11:2809–2825
Alauthman M, Aslam N, Al-kasassbeh M, Khan S, Al-Qerem A, Raymond Choo K (2020) An efficient reinforcement learningbased Botnet detection approach. J Netw Comput Appl 150:102479
Almomani O (2020) A feature selection model for network intrusion detection system based on PSO, GWO, FFA and GA algorithms. Symmetry 12:1046
Alothman Z, Alkasassbeh M, Al-Haj Baddar S (2020) An efficient approach to detect IoT botnet attacks using machine learning. J High Speed Netw 26:241–254
Asadi M, Jabraeil Jamali MA, Parsa S, Majidnezhad V (2020) Detecting botnet by using particle swarm optimization algorithm based on voting system. Future Gener Comput Syst 107:95–111
Azeez NA, Ayemobola TJ, Misra S, Maskeliunas R, Damaševiˇcius R (2019) Network intrusion detection with a hashing based ¯ apriori algorithm using Hadoop MapReduce. Computers 8:86
Berman DS, Buczak AL, Chavis JS, Corbett CL (2019) A survey of deep learning methods for cyber security. Information 10:122
Bijalwan A (2020) Botnet forensic analysis using machine learning. Secur Commun Netw 2020:9302318
Chung YY, Wahid N (2012) A hybrid network intrusion detection system using simplified swarm optimization (SSO). Appl Soft Comput 12:3014–3022
Cozzi E, Vervier PA, Dell’Amico M, Shen Y, Bilge L, Balzarotti D (2020) The tangled genealogy of IoT malware In Proceedings of the Annual Computer Security Applications Conference Austin TX USA 7–11
Da K (2014) A method for stochastic optimization arXiv:1412.6980
Damasevicius R, Venckauskas A, Grigaliunas S, Toldinas J, Morkevicius N, Aleliunas T, Smuikys P (2020) Litnet-2020: an annotated real-world network flow dataset for network intrusion detection. Electronics 9:800
de Assis MVO, Carvalho LF, Rodrigues JJPC, Lloret J, Proença ML Jr (2020) Near real-time security system applied to SDN environments in IoT networks using convolutional neural network. Comput Electr Eng 86:106738
Deng L (2014) A tutorial survey of architectures, algorithms, and applications for deep learning. APSIPA Trans Signal Inf Process 3:e2
Deng L, Li D, Yao X, Wang H (2018) Retracted article: mobile network intrusion detection for IoT system based on transfer learning algorithm. Clust Comput 22:9889–9904
Devan P, Khare N (2020) An efficient XGBoost–DNN-based classification model for network intrusion detection system. Neural Comput Appl 32:12499–12514
Dong B, Wang X (2016) Comparison deep learning method to traditional methods using for network intrusion detection In Proceedings of the 2016 8th IEEE International Conference on Communication Software and Networks (ICCSN) Beijing China 4–6 June 2016 pp 581–585
Dong QL, He SN (2017) Self-adaptive projection algorithms for solving the split equality problems. Fixed Point Theory 18:191–202
Duchi J, Hazan E, Singer Y (2011) Adaptive subgradient methods for online learning and stochastic optimization. J Mach Learn Res 12:2121–2159
Dwivedi S, Vardhan M, Tripathi S (2020) Defense against distributed DoS attack detection by using intelligent evolutionary algorithm. Int J Comput Appl. https://doi.org/10.1080/1206212X.2020.1720951
Elmasry W, Akbulut A, Zaim AH (2020) Evolving deep learning architectures for network intrusion detection using a double PSO metaheuristic. Comput Netw 168:107042
Folorunso O, Ayo FE, Babalola Y (2016) Ca-NIDS: a network intrusion detection system using combinatorial algorithm approach. J Inf Priv Secur 12:181–196
Ganapathy S, Kulothungan K, Muthurajkumar S, Vijayalakshmi M, Yogesh P, Kannan A (2013) Intelligent feature selection and classification techniques for intrusion detection in networks: a survey. EURASIP J Wirel Commun Netw 2013:1–16
Hajisalem V, Babaie S (2018) A hybrid intrusion detection system based on ABC-AFS algorithm for misuse and anomaly detection. Comput Netw 136:37–50
Hoque N, Bhattacharyya DK, Kalita JK (2015) Botnet in DDoS attacks: trends and challenges. IEEE Commun Surv Tutor 17:2242–2270
Hussain B, Du Q, Sun B, Han Z (2021) Deep learning-based DDoS-attack detection for cyber-physical system over 5G network. IEEE Trans Ind Inform 17:860–870
Injadat M, Moubayed A, Nassif AB, Shami A (2020) Multi-stage optimized machine learning framework for network intrusion detection. IEEE Trans Netw Serv Manag 18:1803–1816
Kebande VR, Venter HS (2014) A cognitive approach for botnet detection using artificial immune system in the cloud In Proceedings of the 2014 Third International Conference on cyber security, cyber warfare and digital forensic (CyberSec) Beirut Lebanon 29 April–1 May 2014 pp 52–57.
Kolias C, Kambourakis G, Stavrou A, Voas J (2017) DDoS in the IoT: mirai and other botnets. Computer 50:80–84
Koroniotis N, Moustafa N, Sitnikova E (2019) Forensics and deep learning mechanisms for botnets in internet of things: a survey of challenges and solutions. IEEE Access 7:61764–61785
Lee S, Abdullah A, Jhanjhi N, Kok S (2021) Classification of botnet attacks in IoT smart factory using honeypot combined with machine learning. PeerJ Comput Sci 7:1–23
Li X, Yi P, Wei W, Jiang Y, Tian L (2021) LNNLS-KH: a feature selection method for network intrusion detection. Secur Commun Netw 2021:8830431
Lin KC, Chen SY, Hung JC (2014) Botnet detection using support vector machines with artificial fish swarm algorithm. J Appl Math 2014:1–9
Magán-Carrión R, Urda D, DÃaz-Cano I, Dorronsoro B (2020) Towards a reliable comparison and evaluation of network intrusion detection systems based on machine learning approaches. Appl Sci 10:1775
Mahmood T, Afzal U (2013) Security analytics: big data analytics for cybersecurity: a review of trends, techniques and tools In: Proceedings of the 2013 2nd National Conference on Information Assurance (NCIA) Rawalpindi Pakistan 11–12 December 2013 pp. 129–134
Manimurugan S, Al-Mutairi S, Aborokbah MM, Chilamkurti N, Ganesan S, Patan R (2020) Effective attack detection in internet of medical things smart environment using a deep belief neural network. IEEE Access 8:77396–77404
Marir N, Wang H, Feng G, Li B, Jia M (2018) Distributed abnormal behavior detection approach based on deep belief network and ensemble svm using spark. IEEE Access 6:59657–59671
Mazini M, Shirazi B, Mahdavi I (2019) Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. J King Saud Univ Comput Inf Sci 31:541–553
McDermott CD, Majdani F, Petrovski AV (2018) Botnet detection in the internet of things using deep learning approaches In Proceedings of the International Joint Conference on Neural Networks Rio de Janeiro Brazil Vol 2018
Perez MG, Celdran AH, Ippoliti F, Giardina PG, Bernini G, Alaez RM, Chirivella-Perez E, Clemente FJG, Perez GM, Kraja E et al (2017) Dynamic reconfiguration in 5G mobile networks to proactively detect and mitigate botnets. IEEE Internet Comput 21:28–36
Rajagopal S, Kundapur PP, Hareesha KS (2020) A stacking ensemble for network intrusion detection using heterogeneous datasets. Secur Commun Netw 2020:4586875
Rauf HT, Malik S, Shoaib U, Irfan MN, Lali MI (2020) Adaptive inertia weight Bat algorithm with Sugeno-function fuzzy search. Appl Soft Comput 90:106159
Sakr MM, Tawfeeq MA, El-Sisi AB (2019) Network intrusion detection system based PSO-SVM for cloud computing. Int J Comput Netw Inf Secur 11:22–29
Salo F, Nassif AB, Essex A (2019) Dimensionality reduction with IG-PCA and ensemble classifier for network intrusion detection. Comput Netw 148(164–175):58
Selvakumar B, Muneeswaran K (2019) Firefly algorithm based feature selection for network intrusion detection. Comput Secur 81:148–155
Soe YN, Feng Y, Santosa PI, Hartanto R, Sakurai K (2020) Machine learning-based IoT-botnet attack detection with sequential architecture. Sensors 20(16):4372. https://doi.org/10.3390/s2016437
Suhaimi H, Suliman SI, Musirin I, Harun A, Mohamad R, Kassim M, Shahbudin S (2020) Network intrusion detection system using immune-genetic algorithm (IGA). Indones J Electr Eng Comput Sci 17:1059–1065
Tuan TA, Long HV, Son LH, Kumar R, Priyadarshini I, Son NTK (2020) Performance evaluation of botnet DDoS attack detection using machine learning. Evol Intell 13:283–294
Ullah I, Mahmoud QH (2020) A two-level flow-based anomalous activity detection system for IoT networks. Electronics 9:530
Vasilomanolakis E, Karuppayah S, Mühlhäuser M, Fischer M (2015) Taxonomy and survey of collaborative intrusion detection. ACM Comput Surv 47:1–33
Wei W, Wozniak M, Damaševiˇcius R, Fan X, Li Y (2019) Algorithm research of known-plaintext attack on double random phase mask based on WSNs. J Internet Technol 2019(20):39–48
Wu Z, Wang J, Hu L, Zhang Z, Wu H (2020) A network intrusion detection method based on semantic re-encoding and deep learning. J Netw Comput Appl 164:102688
Yerima SY, Alzaylaee MK, Shajan A, Vinod P (2021) Deep learning techniques for android botnet detection. Electronics 10:519
Yilmaz S, Sen S (2019) Early detection of botnet activities using grammatical evolution. In: Kaufmann P, Castillo P (eds) Applications of evolutionary computation. Lecture Notes in Computer Science, vol 11454. Springer, Cham. https://doi.org/10.1007/978-3-030-16692-2_26
Yong B, Wei W, Li K-C et al (2020) Ensemble machine learning approaches for webshell detection in internet of things environments. Trans Emerg Telecommun Technol. https://doi.org/10.1002/ett.4085
Yu Y, Long J, Liu F, Cai Z (2016) Machine learning combining with visualization for intrusion detection: a survey In Proceedings of the international conference on modeling decisions for artificial intelligence Sant Julià de Lòria Andorra 19–21 September 2016 pp 239–249 Electronics 2021 10 1341 23 of 24
Zeiler MD (2012) Adadelta: an adaptive learning rate method arXiv:1212.5701
Zhou Y, Mazzuchi TA, Sarkani S (2020) M-AdaBoost—a based ensemble system for network intrusion detection. Expert Syst Appl 162:113864
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Ethical standards
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Communicated by Irfan Uddin.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Alzahrani, M.Y., Bamhdi, A.M. Hybrid deep-learning model to detect botnet attacks over internet of things environments. Soft Comput 26, 7721–7735 (2022). https://doi.org/10.1007/s00500-022-06750-4
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-022-06750-4