Modular neural network for edge-based detection of early-stage IoT botnet

Duaa Alqattan; Varun Ojha; Fawzy Habib; Ayman Noor; Graham Morgan; Rajiv Ranjan

doi:10.1016/j.hcc.2024.100230

High-Confidence Computing ›› 2025, Vol. 5 ›› Issue (1) : 100230 DOI: 10.1016/j.hcc.2024.100230

Research Articles

research-article

Modular neural network for edge-based detection of early-stage IoT botnet

Author information +

History +

PDF (807KB)

Abstract

The Internet of Things (IoT) has led to rapid growth in smart cities. However, IoT botnet-based attacks against smart city systems are becoming more prevalent. Detection methods for IoT botnet-based attacks have been the subject of extensive research, but the identification of early-stage behaviour of the IoT botnet prior to any attack remains a largely unexplored area that could prevent any attack before it is launched. Few studies have addressed the early stages of IoT botnet detection using monolithic deep learning algorithms that could require more time for training and detection. We, however, propose an edge-based deep learning system for the detection of the early stages of IoT botnets in smart cities. The proposed system, which we call EDIT (Edge-based Detection of early-stage IoT Botnet), aims to detect abnormalities in network communication traffic caused by early-stage IoT botnets based on the modular neural network (MNN) method at multi-access edge computing (MEC) servers. MNN can improve detection accuracy and efficiency by leveraging parallel computing on MEC. According to the findings, EDIT has a lower false-negative rate compared to a monolithic approach and other studies. At the MEC server, EDIT takes as little as 16 ms for the detection of an IoT botnet.

Keywords

Modular neural network / IoT botnet / Edge computing / Botnet detection

Cite this article

Download citation ▾

Duaa Alqattan, Varun Ojha, Fawzy Habib, Ayman Noor, Graham Morgan, Rajiv Ranjan. Modular neural network for edge-based detection of early-stage IoT botnet. High-Confidence Computing, 2025, 5(1): 100230 DOI:10.1016/j.hcc.2024.100230

登录浏览全文

4963

注册一个新账户忘记密码

CRediT authorship contribution statement

Duaa Alqattan: Conceptualization, Methodology, Software, Validation, Formal analysis, Investigation, Resources, Data cura- tion, Writing - original draft, Writing - review & editing, Visual- ization. Varun Ojha: Conceptualization, Methodology, Validation, Formal analysis, Investigation, Resources, Writing - review & editing, Supervision, Funding acquisition. Fawzy Habib: Concep- tualization, Methodology, Validation, Formal analysis, Investiga- tion, Resources, Writing - review & editing, Supervision, Fund- ing acquisition. Ayman Noor: Conceptualization, Methodology, Validation, Formal analysis, Investigation, Resources, Writing - review & editing, Supervision, Funding acquisition. Graham Mor- gan: Conceptualization, Methodology, Validation, Formal analysis, Investigation, Resources, Writing - review & editing, Supervision, Funding acquisition. Rajiv Ranjan: Conceptualization, Methodol- ogy, Validation, Formal analysis, Investigation, Resources, Writing - review & editing, Supervision, Funding acquisition.

Declaration of competing interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	M. Wazzan, D. Algazzawi, O. Bamasaq, A. Albeshri, L. Cheng, Internet of things botnet detection approaches: Analysis and recommendations for future research, Appl. Sci. 11 (12) (2021) 5713.

[2]	G. Kambourakis, M. Anagnostopoulos, W. Meng, P. Zhou, Botnets:Architectures, Countermeasures, and Challenges, CRC Press, 2019.

[3]	B. Vignau, R. Khoury, S. Hallé, A. Hamou-Lhadj,The evolution of IoT malwares, from 2008 to 2019: Survey, taxonomy, process simulator and perspectives, J. Syst. Archit. 116 (2021) 102143.

[4]	R. Vishwakarma, A.K. Jain, A survey of DDoS attacking techniques and defence mechanisms in the IoT network, Telecommun. Syst. 73 (1) (2020) 3-25.

[5]	N. Vlajic, D. Zhou, IoT as a land of opportunity for DDoS hackers, Computer 51 (7) (2018) 26-34, http://dx.doi.org/10.1109/MC.2018.3011046.

[6]	S. Dange, M. Chatterjee, IoT botnet: the largest threat to the IoT network,in: Data Communication and Networks, Springer, 2020, pp. 137-157.

[7]	Y. Jia, F. Zhong, A. Alrawais, B. Gong, X. Cheng, FlowGuard: An intelligent edge defense mechanism against IoT DDoS attacks, IEEE Internet Things J. 7 (10) (2020) 9552-9562, http://dx.doi.org/10.1109/JIOT.2020.2993782.

[8]	M.M. Alani, BotStop : Packet-based efficient and explainable IoT botnet detection using machine learning, Comput. Commun. 193 (2022) 53-62, http://dx.doi.org/10.1016/j.comcom.2022.06.039.

[9]	M. Hegde, G. Kepnang, M. Al Mazroei, J.S. Chavis, L. Watkins,Identification of botnet activity in IoT network traffic using machine learning, in: 2020 International Conference on Intelligent Data Science Technologies and Applications, IDSTA, IEEE, 2020, pp. 21-27.

[10]	H. Alzahrani, M. Abulkhair, E. Alkayal, A multi-class neural network model for rapid detection of IoT botnet attacks, Int. J. Adv. Comput. Sci. Appl. 11 (7) (2020) 688-696.

[11]	N. Abdalgawad, A. Sajun, Y. Kaddoura, I.A. Zualkernan, F. Aloul, Generative deep learning to detect cyberattacks for the IoT-23 dataset, IEEE Access 10 (2021) 6430-6441.

[12]	M. Wazzan, D. Algazzawi, A. Albeshri, S. Hasan, O. Rabie, M.Z. Asghar, Cross deep learning method for effectively detecting the propagation of IoT botnet, Sensors 22 (10) (2022) 3895.

[13]	A. Guerra-Manzanares, J. Medina-Galindo, H. Bahsi, S. Nõmm, MedBIoT: Generation of an IoT botnet dataset in a medium-sized IoT network, in: ICISSP, 2020, pp. 207-218.

[14]	L. Giaretta, A. Lekssays, B. Carminati, E. Ferrari, Š. Girdzijauskas, LiMNet: Early-stage detection of IoT botnets with lightweight memory networks,in: European Symposium on Research in Computer Security, Springer, 2021, pp. 605-625.

[15]	R. Gandhi, Y. Li,Comparing machine learning and deep learning for IoT botnet detection, in: 2021 IEEE International Conference on Smart Computing, SMARTCOMP, IEEE, 2021, pp. 234-239.

[16]	K. Malik, F. Rehman, T. Maqsood, S. Mustafa, O. Khalid, A. Akhunzada, Lightweight internet of things botnet detection using one-class classification, Sensors 22 (10) (2022) 3646.

[17]

Y.N. Soe, Y. Feng, P.I. Santosa, R. Hartanto, K. Sakurai,A sequential scheme for detecting cyber attacks in IoT environment, in: 2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech, IEEE, 2019, pp. 238-244.

[18]	Y.N. Soe, Y. Feng, P.I. Santosa, R. Hartanto, K. Sakurai, Machine learning-based IoT-botnet attack detection with sequential architecture, Sensors 20 (16) (2020) 4372.

[19]	F. Hussain, S.G. Abbas, I.M. Pires, S. Tanveer, U.U. Fayyaz, N.M. Garcia, G.A. Shah, F. Shahzad, A two-fold machine learning approach to prevent and detect IoT botnet attacks, IEEE Access 9 (2021) 163412-163430.

[20]	G.L. Nguyen, B. Dumba, Q.-D. Ngo, H.-V. Le, T.N. Nguyen, A collaborative approach to early detection of IoT botnet, Comput. Electr. Eng. 97 (2022) 107525.

[21]	A. Kumar, M. Shridhar, S. Swaminathan, T.J. Lim, Machine learning-based early detection of IoT botnets using network-edge traffic, Comput. Secur. 117 (2022) 102693.

[22]	K. Chen, Deep and modular neural networks, in: Springer Handbook of Computational Intelligence, Springer, 2015, pp. 473-494.

[23]	M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J.A. Halderman, L. Invernizzi, M. Kallitsis, et al., Understanding the mirai botnet,in:26th USENIX Security Symposium, USENIX Security 17, 2017, pp. 1093-1110.

[24]	J.M. Ceron, K. Steding-Jessen, C. Hoepers, L.Z. Granville, C.B. Margi, Improving iot botnet investigation using an adaptive network layer, Sensors 19 (3) (2019) 727.

[25]	J. Gamblin, Mirai source-code. 2017, 2019.

[26]	X. Zhang, O. Upton, N.L. Beebe, K.-K.R. Choo, IoT botnet forensics: A comprehensive digital forensic case study on mirai botnet servers, Forensic Sci. Int.: Digit. Investig. 32 (2020) 300926.

[27]	A. Parmisano, S. Garcia, M. Erquiaga,Iot-23 Dataset: A Labeled Dataset of Malware and Benign Iot Traffic, Avast-AIC Laboratory, Stratosphere IPS, Czech Technical University (CTU), 2019.

[28]	B.-L. Lu, M. Ito, Task decomposition and module combination based on class relations: a modular neural network for pattern classification, IEEE Trans. Neural Netw. 10 (5) (1999) 1244-1256.

[29]	B.R. Silva, R.J. Silveira, M.G. da Silva Neto, P.C. Cortez, D.G. Gomes, A comparative analysis of undersampling techniques for network intrusion detection systems design, J. Commun. Inf. Syst. 36 (1) (2021) 31-43.

[30]	P. Bedi, N. Gupta, V. Jindal, Siam-IDS: Handling class imbalance problem in intrusion detection systems using siamese neural network, Procedia Comput. Sci. 171 (2020) 780-789.