Forensics and Deep Learning Mechanisms for Botnets in Internet of Things: A Survey of Challenges and Solutions

Nickolaos Koroniotis, Nour Moustafa, Elena Sitnikova

Research output: Contribution to journalReview articlepeer-review

94 Citations (Scopus)


The constant miniaturization of hardware and an increase in power efficiency, have made possible the integration of intelligence into ordinary devices. This trend of augmenting so-called non-intelligent everyday devices with computational capabilities has led to the emergence of the Internet of Things (IoT) domain. With a wide variety of applications, such as home automation, smart grids/cities, and critical infrastructure management, the IoT systems make compelling targets for cyber-attacks. In order to effectively compromise these systems, adversaries employ different advanced persistent threat (APT) methods, with one such sophisticated method, being botnets. By employing a plethora of infected machines (bots), attackers manage to compromise the IoT systems and exploit them. Prior to the appearance of the IoT domain, specialized digital forensics mechanisms were developed, in order to investigate Botnet activities in small-scale systems. Since IoT enabled botnets are scalable, technologically diverse and make use of current high-speed networks, developing forensic mechanisms capable of investigating the IoT Botnet activities has become an important challenge in the cyber-security field. Various studies have proposed, deep learning as a viable solution for handling the IoT generated data, as it was designed to handle diverse data in large volumes, requiring near real-time processing. In this study, we provide a review of forensics and deep learning mechanisms employed to investigate botnets and their applicability in the IoT environments. We provide a new definition for the IoT, in addition to a taxonomy of network forensic solutions, that were developed for both conventional, as well as, the IoT settings. Furthermore, we investigate the applicability of deep learning in network forensics, the inherent challenges of applying network forensics techniques to the IoT, and provide future direction for research in this field.

Original languageEnglish
Article number8713986
Pages (from-to)61764-61785
Number of pages22
JournalIEEE Access
Publication statusPublished - 14 May 2019
Externally publishedYes


  • botnets
  • deep learning
  • Internet of Things
  • IoT
  • nework forensics


Dive into the research topics of 'Forensics and Deep Learning Mechanisms for Botnets in Internet of Things: A Survey of Challenges and Solutions'. Together they form a unique fingerprint.

Cite this