Towards Developing Network Forensic Mechanism for Botnet Activities in the IoT Based on Machine Learning Techniques

Nickolaos Koroniotis, Nour Moustafa, Elena Sitnikova, Jill Slay

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

33 Citations (Scopus)

Abstract

The IoT is a network of interconnected everyday objects called “things” that have been augmented with a small measure of computing capabilities. Lately, the IoT has been affected by a variety of different botnet activities. As botnets have been the cause of serious security risks and financial damage over the years, existing Network forensic techniques cannot identify and track current sophisticated methods of botnets. This is because commercial tools mainly depend on signature-based approaches that cannot discover new forms of botnet. In literature, several studies have conducted the use of Machine Learning (ML) techniques in order to train and validate a model for defining such attacks, but they still produce high false alarm rates with the challenge of investigating the tracks of botnets. This paper investigates the role of ML techniques for developing a Network forensic mechanism based on network flow identifiers that can track suspicious activities of botnets. The experimental results using the UNSW-NB15 dataset revealed that ML techniques with flow identifiers can effectively and efficiently detect botnets’ attacks and their tracks.

Original languageEnglish
Title of host publicationMobile Networks and Management
Subtitle of host publication9th International Conference, MONAMI 2017 Melbourne, Australia, December 13–15, 2017 Proceedings
EditorsJiankun Hu, Ibrahim Khalil, Zahir Tari, Sheng Wen
PublisherSpringer-Verlag
Pages30-44
Number of pages15
ISBN (Electronic)978-3-319-90775-8
ISBN (Print)978-3-319-90774-1
DOIs
Publication statusPublished - 2018
Externally publishedYes
Event9th International Conference on Mobile Networks and Management, MONAMI 2017 - Melbourne, Australia
Duration: 13 Dec 201715 Dec 2017

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume235
ISSN (Print)1867-8211

Conference

Conference9th International Conference on Mobile Networks and Management, MONAMI 2017
Country/TerritoryAustralia
CityMelbourne
Period13/12/1715/12/17

Keywords

  • Attack investigation
  • Botnets
  • Internet of Thing (IoT)
  • Machine learning

Fingerprint

Dive into the research topics of 'Towards Developing Network Forensic Mechanism for Botnet Activities in the IoT Based on Machine Learning Techniques'. Together they form a unique fingerprint.

Cite this