International Journal of Computer Network and Information Security (IJCNIS)
IJCNIS Vol. 16, No. 5, 8 Oct. 2024
Cover page and Table of Contents: PDF (size: 924KB)
IHBOT: An Intelligent and Hybrid Model for Investigation and Classification of IoT Botnet
PDF (924KB), PP.98-112
Views: 0 Downloads: 0
Author(s)
Umang Garg
1,*
Santosh Kumar
2
Manoj Kumar
2
Index Terms
IoT Botnet, Malware Classification, Machine Learning, Malware Analysis
Abstract
The Internet of Things (IoT) is revolutionizing the technological market with exponential growth year wise. This revolution of IoT applications has also brought hackers and malware to gain remote access to IoT devices. The security of IoT systems has become more critical for consumers and businesses because of their inherent heterogenous design and open interfaces. Since the release of Mirai in 2016, IoT malware has gained an exponential growth rate. As IoT system and their infrastructure have become critical resources that triggers IoT malware injected by various shareholders in different settings. The enormous applications cause flooding of insecure packets and commands that fueled threats for IoT applications. IoT botnet is one of the most critical malwares that keeps evolving with the network traffic and may harm the privacy of IoT devices. In this work, we presented several sets of malware analysis mechanisms to understand the behavior of IoT malware. We devise an intelligent and hybrid model (IHBOT) that integrates the malware analysis and distinct machine learning algorithms for the identification and classification of the different IoT malware family based on network traffic. The clustering mechanism is also integrated with the proposed model for the identification of malware families based on similarity index. We have also applied YARA rules for the mitigation of IoT botnet traffic.
Cite This Paper
Umang Garg, Santosh Kumar, Manoj Kumar, "IHBOT: An Intelligent and Hybrid Model for Investigation and Classification of IoT Botnet", International Journal of Computer Network and Information Security(IJCNIS), Vol.16, No.5, pp.98-112, 2024. DOI:10.5815/ijcnis.2024.05.08
Reference
[1]Informatica, “IoT Data Management: The Rise of Industrial IoT and Machine Learning,” 2020. https://www.informatica.com/in/resources/articles/iot-data-management-and-industrial-iot.html (accessed Aug. 10, 2021).
[2]M. Farhoumandi, Q. Zhou, and M. Shahidehpour, “A review of machine learning applications in IoT-integrated modern power systems,” Electr. J., vol. 34, no. 1, p. 106879, 2021.
[3]R. Vinayakumar, M. Alazab, S. Srinivasan, Q. V. Pham, S. K. Padannayil, and K. Simran, “A Visualized Botnet Detection System Based Deep Learning for the Internet of Things Networks of Smart Cities,” IEEE Trans. Ind. Appl., vol. 56, no. 4, pp. 4436–4456, 2020, doi: 10.1109/TIA.2020.2971952.
[4]Q. D. Ngo, H. T. Nguyen, V. H. Le, and D. H. Nguyen, “A survey of IoT malware and detection methods based on static features,” ICT Express, vol. 6, no. 4, pp. 280–286, 2020, doi: 10.1016/j.icte.2020.04.005.
[5]M. Malik, M. Dutta, and J. Granjal, “A Survey of Key Bootstrapping Protocols Based on Public Key Cryptography in the Internet of Things,” IEEE Access, vol. 7, pp. 27443–27464, 2019, doi: 10.1109/ACCESS.2019.2900957.
[6]D. E. Kouicem, Y. Imine, A. Bouabdallah, and H. Lakhlef, “Decentralized Blockchain-Based Trust Management Protocol for the Internet of Things,” IEEE Trans. Dependable Secur. Comput., vol. 19, no. 2, pp. 1292–1306, 2022, doi: 10.1109/TDSC.2020.3003232.
[7]A. Costin and J. Zaddach, “IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies,” BlackHat USA, pp. 1--7, 2018.
[8]M. Gopinath, S. Chakkaravarthy, and S. Ph, “A comprehensive survey on deep learning based malware detection techniques,” Comput. Sci. Rev., vol. 47, p. 100529, 2023, doi: 10.1016/j.cosrev.2022.100529.
[9]R. Tanabe et al., “Disposable Botnets: Long-term Analysis of IoT Botnet Infrastructure,” J. Inf. Process., vol. 30, no. May 2019, pp. 577–590, 2022, doi: 10.2197/IPSJJIP.30.577.
[10]T. Trajanovski and N. Zhang, “An Automated and Comprehensive Framework for IoT Botnet Detection and Analysis (IoT-BDA),” IEEE Access, vol. 9, pp. 124360–124383, 2021, doi: 10.1109/ACCESS.2021.3110188.
[11]Y. Cheng, W. Fan, W. Huang, and J. An, “A Shellcode Detection Method Based on Full Native API Sequence and Support Vector Machine,” IOP Conf. Ser. Mater. Sci. Eng., vol. 242, no. 1, 2017, doi: 10.1088/1757-899X/242/1/012124.
[12]H. Hashemi and A. Hamzeh, “Visual malware detection using local malicious pattern,” J. Comput. Virol. Hacking Tech., vol. 15, no. 1, pp. 1–14, 2019, doi: 10.1007/s11416-018-0314-1.
[13]C.-Y. Wu, T. Ban, S.-M. Cheng, T. Takahashi, and D. Inoue, “IoT malware classification based on reinterpreted function-call graphs,” Comput. Secur., vol. 125, p. 103060, 2023, doi: https://doi.org/10.1016/j.cose.2022.103060.
[14]O. Habibi, M. Chemmakha, and M. Lazaar, “Imbalanced tabular data modelization using CTGAN and machine learning to improve IoT Botnet attacks detection,” Eng. Appl. Artif. Intell., vol. 118, p. 105669, 2023, doi: https://doi.org/10.1016/j.engappai.2022.105669.
[15]H. S. Galal, Y. B. Mahdy, and M. A. Atiea, “Behavior-based features model for malware detection,” J. Comput. Virol. Hacking Tech., vol. 12, no. 2, pp. 59–67, 2016, doi: 10.1007/s11416-015-0244-0.
[16]M. S. Abbasi, H. Al-Sahaf, M. Mansoori, and I. Welch, “Behavior-based ransomware classification: A particle swarm optimization wrapper-based approach for feature selection,” Appl. Soft Comput., vol. 121, p. 108744, 2022, doi: 10.1016/j.asoc.2022.108744.
[17]T. N. Nguyen, Q. D. Ngo, H. T. Nguyen, and G. L. Nguyen, “An Advanced Computing Approach for IoT-Botnet Detection in Industrial Internet of Things,” IEEE Trans. Ind. Informatics, vol. 18, no. 11, pp. 8298–8306, 2022, doi: 10.1109/TII.2022.3152814.
[18]G. L. Nguyen, B. Dumba, Q.-D. Ngo, H.-V. Le, and T. N. Nguyen, “A collaborative approach to early detection of IoT Botnet,” Comput. Electr. Eng., vol. 97, p. 107525, 2022, doi: https://doi.org/10.1016/j.compeleceng.2021.107525.
[19]C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS in the IoT: Mirai and other botnets,” Computer (Long. Beach. Calif)., vol. 50, no. 7, pp. 80–84, 2017, doi: 10.1109/MC.2017.201.
[20]M. Catillo, A. Pecchia, and U. Villano, “A Deep Learning Method for Lightweight and Cross-Device IoT Botnet Detection †,” Appl. Sci., vol. 13, no. 2, 2023, doi: 10.3390/app13020837.
[21]R. Pastor-Satorras, C. Castellano, P. Van Mieghem, and A. Vespignani, “Epidemic processes in complex networks,” Rev. Mod. Phys., vol. 87, no. 3, pp. 1–62, 2015, doi: 10.1103/RevModPhys.87.925.
[22]B. Bojarajulu, S. Tanwar, and T. P. Singh, “Intelligent IoT-BOTNET attack detection model with optimized hybrid classification model,” Comput. Secur., vol. 126, p. 103064, 2023, doi: https://doi.org/10.1016/j.cose.2022.103064.
[23]R. Tanabe et al., “Disposable botnets: Examining the anatomy of IoT botnet infrastructure,” ACM Int. Conf. Proceeding Ser., no. August, 2020, doi: 10.1145/3407023.3409177.
[24]A. Karim, V. Chang, and A. Firdaus, “Android botnets: A proof-of-concept using hybrid analysis approach,” J. Organ. End User Comput., vol. 32, no. 3, pp. 50–67, 2020, doi: 10.4018/JOEUC.2020070105.
[25]J. Jeon, B. Jeong, S. Baek, and Y. S. Jeong, “Hybrid Malware Detection Based on Bi-LSTM and SPP-Net for Smart IoT,” IEEE Trans. Ind. Informatics, vol. 18, no. 7, pp. 4830–4837, 2022, doi: 10.1109/TII.2021.3119778.
[26]A. A. Hamza, I. T. Abdel Halim, M. A. Sobh, and A. M. Bahaa-Eldin, “HSAS-MD Analyzer: A Hybrid Security Analysis System Using Model-Checking Technique and Deep Learning for Malware Detection in IoT Apps,” Sensors, vol. 22, no. 3, 2022, doi: 10.3390/s22031079.
[27]M. M. Alani, “BotStop : Packet-based efficient and explainable IoT botnet detection using machine learning,” Comput. Commun., vol. 193, pp. 53–62, 2022, doi: https://doi.org/10.1016/j.comcom.2022.06.039.
[28]T. Trajanovski and N. Zhang, “An automated and comprehensive framework for IoT botnet detection and analysis (IoT-BDA),” IEEE Access, vol. 9, pp. 124360–124383, 2021.