IoT Botnet Verisetlerinin Karşılaştırmalı Analizi

Günümüzde IoT teknolojilerinin kullanımının yaygınlaşması birçok güvenlik sorunlarını da beraberinde getirmiştir. IoT cihazları çeşitli saldırıların hedefi haline gelmiştir. Bu saldırılarda en sık karşılaşılan tür botnet saldırılarıdır. IoT cihazlarda bu saldırıların sürekli çeşitlenerek gelişmesi ve donanımlarının kısıtlı olması sebebiyle geleneksel savunma yöntemlerinin uygulanamaması bu alanda yeni çalışmalara sebep olmuştur. Cihazlara yapılan saldırıların en kısa sürede tespit edilmesi, türlerine göre sınıflandırma yapılması güncel çalışmaların popüler konusu haline gelmiştir. Makine öğrenmesi yöntemleriyle sıfır gün saldırılarını tespit edip sınıflandırmak iyi bir yöntemdir. Yapılan bu çalışmada denetimli makine öğrenme yöntemlerinden Destek Vektör Makineleri (SVM) ile bir model oluşturulmuştur. Literatürde çokça kullanılan ve özellikle hem IoT botnet saldırı kayıtlarını hem de normal kayıt türlerini içeren verisetleri incelenmiştir. Bu veri setlerinden en uygun dört veriseti (Bot-IoT, CICIDS-2017, IoT-23 ve N-BaIoT) modelimiz üzerinde kullanılarak karşılaştırılmıştır. Yapılan değerlendirme sonucunda Bot-IoT veri seti için %99.94, CICIDS-2017 veri seti için %99.95, IoT-23 veri seti için %99.96 ve N-BaIoT veri seti için %99.92 oranında doğruluk değerlerine ulaşılmıştır. Bu sonuçlar değerlendirildiğinde makine öğrenme yöntemleri ile yapılan saldırı tespit ve sınıflandırma işlemlerinde seçmiş olduğumuz veri setlerinin kullanımının uygun olduğu görülmektedir.

Anahtar Kelimeler:

Nesnelerin İnterneti, Botnet Saldırıları, Saldırı Tespit Sistemleri, Destek Vektör Makineleri

Comparative Analysis of IoT Botnet Datasets

Today, the widespread use of IoT technologies cause many security problems. IoT devices have became the target of various attacks. The most common type of these attacks are botnet attacks. The continuous diversification and development of these attacks on IoT devices and the inability to apply traditional defense methods due to the limited hardware have led to researchers to search for new solutions in this area. Detecting attacks on devices as soon as possible and classifying them according to their types has become a popular subject of current studies. It is a good method to detect and classify zero-day attacks using machine learning methods. In this study, a model was created with Support Vector Machines (SVM), one of the supervised machine learning methods. The datasets that are widely used in the literature and especially contain both IoT botnet attack records and benign record types have been examined. The four most appropriate data sets (Bot-IoT, CICIDS-2017, IoT-23 and N-BaIoT) from these data sets were compared using our model. As a result of the evaluation, accuracy values of 99.94% for Bot-IoT data set, 99.95% for CICIDS-2017 data set, 99.96% for IoT-23 data set and 99.92% for N-BaIoT data set were reached. When these results are evaluated, it is seen that the usage of the datasets we have chosen is appropriate for attack detection and classification processes carried out by machine learning methods.

Keywords:

Internet of Things, Botnet Attacks, Intrusion Detection Systems, Support Vector Machines,

PDF

___

K. Ashton, “That ‘internet of things’ thing,” RFiD J, vol. 22, pp. 97–114, 2009, https://www.rfidjournal.com/articles/view 4986.
Cisco, Cisco Visual networking Index (VNI) global Mobile data traffic Forecast update, 2017–2022, Cisco Systems Inc., San Jose, CA, USA, 2019.
Broadcom, “Symantec Internet Security Threat Report 2019,” vol. 24, 2020, https://docs.broadcom.com/doc/istr-24-2019- en.
B. Nugraha, A. Nambiar and T. Bauschert, "Performance Evaluation of Botnet Detection using Deep Learning Techniques," 2020 11th International Conference on Network of the Future (NoF), 2020, pp. 141-149, doi: 10.1109/NoF50125.2020.9249198.
Asadi, Mehdi. (2021). Detecting IoT botnets based on the combination of cooperative game theory with deep and machine learning approaches. Journal of Ambient Intelligence and Humanized Computing. 10.1007/s12652-021-03185-x.
S. I. Popoola, B. Adebisi, M. Hammoudeh, G. Gui and H. Gacanin, "Hybrid Deep Learning for Botnet Attack Detection in the Internet-of-Things Networks," in IEEE Internet of Things Journal, vol. 8, no. 6, pp. 4944-4956, 15 March15, 2021, doi: 10.1109/JIOT.2020.3034156.
Apostol, I.; Preda, M.; Nila, C.; Bica, I. IoT Botnet Anomaly Detection Using Unsupervised Deep Learning. Electronics 2021, 10, 1876. https://doi.org/10.3390/electronics10161876
Hasan Alkahtani, Theyazn H. H. Aldhyani, "Botnet Attack Detection by Using CNN-LSTM Model for Internet of Things Applications", Security and Communication Networks, vol. 2021, Article ID 3806459, 23 pages, 2021. https://doi.org/10.1155/2021/3806459
Basati, A., Faghih, M.M. APAE: an IoT intrusion detection system using asymmetric parallel auto-encoder. Neural Comput & Applic (2021). https://doi.org/10.1007/s00521-021-06011-9
O. Kompougias et al., "IoT Botnet Detection on Flow Data using Autoencoders," 2021 IEEE International Mediterranean Conference on Communications and Networking (MeditCom), 2021, pp. 506-511, doi: 10.1109/MeditCom49071.2021.9647639.
Song, Y.; Hyun, S.; Cheong, Y.-G. Analysis of Autoencoders for Network Intrusion Detection. Sensors 2021, 21, 4294. https://doi.org/10.3390/s21134294
Hussain, Z.; Akhunzada, A.; Iqbal, J.; Bibi, I.; Gani, A. Secure IIoT-Enabled Industry 4.0. Sustainability 2021, 13, 12384. https://doi.org/10.3390/su132212384
Sahu, Amiya & Sharma, Suraj & Tanveer, M. & Raja, Rohit. (2021). Internet of Things attack detection using hybrid Deep Learning Model. Computer Communications. 176. 10.1016/j.comcom.2021.05.024.
N. Abdalgawad, A. Sajun, Y. Kaddoura, I. A. Zualkernan and F. Aloul, "Generative Deep Learning to Detect Cyberattacks for the IoT-23 Dataset," in IEEE Access, vol. 10, pp. 6430-6441, 2022, doi: 10.1109/ACCESS.2021.3140015.
Koroniotis, Nickolaos, Nour Moustafa, Elena Sitnikova, and Benjamin Turnbull. "Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset." Future Generation Computer Systems 100 (2019): 779-796.
Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization”, 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal, January 2018
Sebastian Garcia, Agustin Parmisano, & Maria Jose Erquiaga. (2020). IoT-23: A labeled dataset with malicious and benign IoT network traffic (Version 1.0.0) [Data set]. Zenodo. http://doi.org/10.5281/zenodo.4743746
Meidan, Y.; Bohadana, M.; Mathov, Y.; Mirsky, Y.; Shabtai, A.; Breitenbacher, D.; Elovici, Y. N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders. IEEE Pervasive Comput. 2018, 17, 12–22.
Moustafa, Nour, and Jill Slay. "UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)." Military Communications and Information Systems Conference (MilCIS), 2015. IEEE, 2015.
Ahmad, Rasheed & Alsmadi, Izzat & Alhamdani, Wasim & Tawalbeh, Loai. (2021). A comprehensive deep learning benchmark for IoT IDS. Computers & Security. 114. 102588. 10.1016/j.cose.2021.102588.
B. Nugraha, A. Nambiar and T. Bauschert, "Performance Evaluation of Botnet Detection using Deep Learning Techniques," 2020 11th International Conference on Network of the Future (NoF), 2020, pp. 141-149, doi: 10.1109/NoF50125.2020.9249198.
IoT-23 Veriseti (2022), https://www.stratosphereips.org/datasets-iot23, Erişim: 10 Temmuz 2022
CTU-13 Veriseti (2013), https://www.stratosphereips.org/datasets-ctu13, Erişim: 10 Temmuz 2022
KDD-CUP99 Veriseti (1999), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html , Erişim: 10 Temmuz 2022
NSL-KDD Veriseti (2009), https://www.unb.ca/cic/datasets/nsl.html, Erişim: 10 Temmuz 2022
IoTID20 Veriseti (2020), https://sites.google.com/view/iot-network-intrusion-dataset/home, Erişim: 10 Temmuz 2022
Scikit-learn: Machine Learning in Python, Pedregosa et al., JMLR 12, pp. 2825-2830, 2011.