IoT devices are naturally vulnerable to security issues such as botnet attacks that lead to compromised data. Due to the proliferation of network traffic, the existing system demonstrated a mean FPR of 0.007±0.01, but it needs to be updated to be on par with swiftly growing bots. In the proposed system, the authors have deployed various autoencoders for the detection of IoT botnets. This proposed system helps to differentiate malicious attacks from benign ones. To validate the proposed method, they have used NbaIoT dataset infected with the two most widely known IoT-based botnets: Mirai and Gafgyt. The autoencoders are trained using the optimization dataset generated by various smart devices, and when tested, they achieved formidable accuracy for various autoencoders: 96.158% for sparse autoencoder, 86.775% for deep Autoencoder, 96.157% for variational autoencoder, 96.156% for under complete autoencoder, and 79.789% for denoising autoencoder. Compared to many other state-of-the-art botnet detection methods, variational autoencoder has achieved better accuracy with lower false predictions.
TopIntroduction
The advancements in technology has led to an increase in cyber-crime. Dark web(Paffenroth et.al, 2019), is one of the common places where cyber-crime transpires as it provides complete anonymity of network traffic. Dark web provides a place for users to perform any kind of activity ranging from legal ones like journalism to illegal criminal schemes like drugs, stolen identities and weapons trading. It acts as a breeding ground for cyber threats with many tools and techniques available for compromising companies and individuals using DDoS or other attacks. Tor anonymity network aided in increasing the Mevade Botnet users to up to 5 million per day (Mirea et.al, 2019). Apart from this, Tor network also acts as a source of ransomware applications.
Classic methods like traffic analysis and web-crawling were initially used to identify malicious traffic and websites. Recent crime pattern detection using Machine learning involves signature-based analysis. In (Paffenroth et.al, 2019), for pattern detection or pattern recognition of DDoS attacks they have mentioned two methods. Method 1 is a variation of the classic SVM known as robust Support Vector Machine(SVM) which is used to classify anomalies i.e, Method 2 is about detecting anomalies using the Random Forest approach where an abnormality detector was established to boost a subsequent threat classifier. Other deep learning methods like Robust PCA and RDAs can be utilized for DDoS anomaly detection.
The Internet of Things (IoT) devices are predicted to reach upto 75 milliard by 2030 (Louis Columbus, 2016). The network administrators are faced with novel security issues due to the augmented increase in use of IoT devices. Majority of the IoT appliances are naturally exposed to security threats like botnet attacks. A botnet framework generally consists of malignant software replicated onto miscellaneous devices connected to a network. Each hijacked device is extensively administered from the command and control server to perform macroscale automated attacks. These IoT devices commonly face security issues because of security flaws such as installation of vulnerable IoT devices directly tethered to the web, weak passwords, manufacturer and user’s lack of perceptibility about IoT functionality and security and especially due to unavailability of secure firmware updates for the existing IoT devices.
From the year 2016 to 2017, a six-hundred percent surge in the IoT attacks was observed (Symantec, 2018). In the year 2016, prominently known botnet “Mirai” converted chiliads of IoT appliances into zombie devices. The Reaper botnet was predominantly exploiting hidden susceptibilities to enslave devices in 2017 (Andy Greenberg, 2017). Between January to May 2018, HideNSeek has infected upto 90,000 unique devices (CatalinCimpanu, 2018). As per a report from Nozomi Networks, there was a proliferate rise in attacks and threats engineered by IoT botnets in the first half of 2020 owing to the current ongoing world-wide pandemic (Nozomi, 2020). Due to this ongoing pandemic, the workers are forced to stay at home, and the substantial number of hacktivists who now have ingress to vulnerable IoT devices have revolutionized increasingly more sophisticated tools for deploying botnet attacks (Om Kumar C.U, 2019) (Rawat, 2021). Expeditious identification of these IoT botnet attacks promotes network security as it alerts and disconnects the malicious botnets from the network, thereby terminating the botnets from disseminating further and prohibiting the further spread of attacks(Ahmed et.al, 2020) (Bhardwaj et.al, 2020) (Jagadeesan et.al, 2021) (Ko et.al, 2020) (Kunang et.al, 2021) (Moodi et.al, 2021) (Sadaf et.al, 2020).