Dr Christopher McDermott c.d.mcdermott@rgu.ac.uk
Lecturer
Towards situational awareness of botnet activity in the Internet of Things
McDermott, Christopher D.; Petrovski, Andrei V.; Majdani, Farzan
Authors
Andrei V. Petrovski
Farzan Majdani
Abstract
An IoT botnet detection model is designed to detect anomalous attack traffic utilised by the mirai botnet malware. The model uses a novel application of Deep Bidirectional Long Short Term Memory based Recurrent Neural Network (BLSTMRNN), in conjunction with Word Embedding, to convert string data found in captured packets, into a format usable by the BLSTM-RNN. In doing so, this paper presents a solution to the problem of detecting and making consumers situationally aware when their IoT devices are infected, and forms part of a botnet. The proposed model addresses the issue of detection, and returns high accuracy and low loss metrics for four attack vectors used by the mirai botnet malware, with only one attack vector shown to be difficult to detect and predict. A labelled dataset was generated and used for all experiments, to test and validate the accuracy and data loss in the detection model. This dataset is available upon request.
Citation
MCDERMOTT, C.D., PETROVSKI, A.V. and MAJDANI, F. 2018. Towards situational awareness of botnet activity in the Internet of Things. In Proceedings of the 2018 International conference on cyber situational awareness, data analytics and assessment (Cyber SA 2018): cyber situation awareness as a tool for analysis and insight, 11-12 June 2018, Glasgow, UK. Piscataway: IEEE [online], article number 8551408. Available from: https://doi.org/10.1109/CyberSA.2018.8551408
| Conference Name | 2018 International conference on cyber situational awareness, data analytics and assessment (Cyber SA 2018): cyber situation awareness as a tool for analysis and insight |
|---|---|
| Conference Location | Glasgow, UK |
| Start Date | Jun 11, 2018 |
| End Date | Jun 12, 2018 |
| Acceptance Date | Apr 4, 2018 |
| Online Publication Date | Jun 11, 2018 |
| Publication Date | Nov 29, 2018 |
| Deposit Date | May 7, 2018 |
| Publicly Available Date | Jun 11, 2018 |
| Publisher | IEEE Institute of Electrical and Electronics Engineers |
| Article Number | 8551408 |
| ISBN | 9781538645666 |
| DOI | https://doi.org/10.1109/CyberSA.2018.8551408 |
| Keywords | Situational awareness; Long short term memory networks; Deep learning; IoT; Botnet; Mirai; DDoS; Word embedding |
| Public URL | http://hdl.handle.net/10059/2904 |
Files
MCDERMOTT 2018 Towards situational awareness
(404 Kb)
PDF
Publisher Licence URL
https://creativecommons.org/licenses/by-nc/4.0/
You might also like
Towards a conversational agent for threat detection in the internet of things.
(2019)
Conference Proceeding
Dimensions of ‘socio’ vulnerabilities of advanced persistent threats.
(2019)
Conference Proceeding
Botnet detection in the Internet of Things using deep learning approaches.
(2018)
Conference Proceeding