Malicious Node Detection in Botnets Infested

Networks Using Machine Learning and

Deep Learning Algorithms in IoT Environments
By
Rohit K. A. Suryawanshi
(712242003)
Under the guidance of
Prof. Siddharth K. Gaikwad

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Contents
• Introduction
• Problem Statement
• Literature Survey
• Research Methodology
• Objectives
• Proposed System Architecture
• Results
• Future Scope
• Publication
• Work Plan
• Conclusion
• Acknowledgement
• References
Introduction to IoT Networks
A network of physical devices, vehicles, home appliances, and other objects that are
embedded with sensors, software, and connectivity, enabling them to collect and exchange
data over the internet.

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Security Challenges in IoT Networks
With the scaling-up in number of devices and networks, the vulnerability towards information
breach and intrusion scales-up

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
IoT Botnets
A network of hijacked internet-connected devices that are installed with malicious codes
known as malware.
Botnet consists of :
1. Bots
2. Botmaster

Working of Botnet

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Impact on Bussiness World
The world has already experienced notable IoT botnet attacks.
Mirai botnet- CNN, Netflix, Paypal, Visa or Amazon under Dyn were attacked in 2016
● 100,000 IoT devices and reaching up to 1.2 Tbps
● websites unreachable by the legitimate users for several hours
● lost around 8% of its customers (i.e., 14000 domains

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Problem Statement
• Analysis of malicious node detection in botnet-infested network using
machine learning and deep learning techniques.

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
 Machine Learning for IoT Security
Anomaly Detection - Identifying unusual patterns or behavior in device data that may
indicate a security breach or other problem.

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
 Literature Survey

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Sr Paper Name Pub Summary
No Year
1 Malicious Nodes Detection based 2019 Proposed to Detect malicious nodes in
on Artificial Neural Network in IoT IoT environments using Arti cial Neural
Network (ANN)
- Original data is manually modi ed to
generate attack data.
- Evaluated six features (Period Time,
Previous Captured frame, Previous
Displayed Frame, Time Since Reference,
UDP Payload Length, Total Length) and
ANN to detect malicious tra c
- The proposed ANN methodology can detect 77.51% accurate malicious nodes with an error rate
of 24.49%
2 Network intrusion detection for iot 2019 Analyze and compares multiple network intrusion detection systems (NIDS) used in IoT networks
security based on learning - Analyzed and propose an IoT security solution based on NIDS that is incorporating machine learnin
techniques - Propose the best NIDS for IoT networks based on their architecture, how effective they are to detec
algorithms they use.
Contributions:
- Provides a detailed survey of network intrusion detection systems by evaluating traditional and mac

Department of Computer Engineering and Information Technology,

College of Engineering Pune (COEP)
Forerunners in Technical Education
fi
ffi
fi
Research Methodology

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Department of Computer Engineering and Information Technology,
COEP Technological University
Forerunners in Technical Education
Main Idea: Detecting malicious nodes in IoT environments by capturing live WIFI data of a smart
light bulb and by using Arti cial Neural Network (ANN)
Contributions:
- Proposed to Detect malicious nodes in IoT environments using Arti cial Neural Network (ANN)
- Analyze header information along with IoT device behavior like frames to identify and build a
model to detect malicious
activities.
- Evaluated six features (Period Time, Previous Captured frame, Previous Displayed Frame,
Time Since Reference, UDP Payload
Length, Total Length) and ANN to detect malicious tra c.

Gaps: - Focus is too narrow to only analyze smart bulbs and WIFI data.
- Benign data was manually updated to pretend that it was an attack data e.g., payload length or
packet frame was changed,
or data transmission times were manually updated. This lost the sanctity of the data.
- Very few (six) features were selected for calculation

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
fi
ffi
fi
 Gap Identified

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
 Focus is too narrow to only analyze smart bulbs and WIFI data.
Benign data was manually updated to pretend that it was an attack data e.g.,
payload length or packet frame was changed, or data transmission times were
manually updated. This lost the sanctity of the data.
Very few (six) features were selected for calculation

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Objectives
• To detect intrusions and malicious activities in IoT networks.
• Identify botnet-generated traffic patterns.
• Enhance the security of IoT networks using machine learning models.

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Proposed System Architecture

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Department of Computer Engineering and Information Technology,
COEP Technological University
Forerunners in Technical Education
ML Design Cycle

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Dataset for IoT Anomaly based ID

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
IoT-23 is a new dataset of network traffic from Internet of Things (IoT) devices.
It has 20 malware captures executed in IoT devices, and 3 captures for benign IoT devices traffic. It
was first published in January 2020, with captures ranging from 2018 to 2019.
This IoT network traffic was captured in the Stratosphere Laboratory, AIC group, FEL, CTU University,
Czech Republic.
Its goal is to offer a large dataset of real and labeled IoT malware infections and IoT benign traffic for
researchers to develop machine learning algorithms. This dataset and its research is funded by Avast
Software, Prague.

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Real and Infected IOT Devices

Philips Hue device.

Amazon Echo device.

Somfy door lock device.

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
IoT malicious flows dataset tables

Zeek network analysis framework

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Label configuration file for
CTU-IoT-Malware-Capture-33-1
capture

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Pre-processing

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Feature selection

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Department of Computer Engineering and Information Technology,
COEP Technological University
Forerunners in Technical Education
Label Overview

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Correlation
Heat Map
Models

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Models
Naive bayes
Decision Tree
SVM
KNN
XG-Boost
CNN

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Evaluation and Model Selection

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
 RESULTS

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Model Accuracy and Comparison

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
 Previous Model

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Accuracy of all models in the previous method

Model Naïve Decision SVM KNN XGBoost CNN

Bayes Tree
Accuracy 0.22 0.92 0.56 0.91 0.92 0.97

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Precision, Recall and F1 Score of all models in the previous method

Model Precision Recall F1 Score

Naïve Bayes 0.33 1.00 0.49
Decision Tree 0.95 0.55 0.70
SVM 1.00 0.48 0.65
KNN 0.76 0.52 0.62
XGBoost 0.99 0.48 0.65

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
 New Model

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Precision, Recall and F1 Score of all models in the new method

Model Precision Recall F1 Score

Decision Tree 0.99 1.00 0.99
SVM 0.93 0.99 0.96
Random Forest 0.99 1.00 0.99
CNN 0.93 0.99 0.96

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Accuracy of all models in the new method

Model Decision SVM Random CNN

Tree Forest
Accuracy 0.99 0.94 0.99 0.93

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Accuracy of Previous Model

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Accuracy, Precision, Recall, F1 score of New Models

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Department of Computer Engineering and Information Technology,
COEP Technological University
Forerunners in Technical Education
 Model NB DT SVM KNN XG CNN RF
Previous 0.22 0.92 0.56 0.91 0.92 0.97 NA
model
New model NA 0.99 0.94 NA NA 0.93 0.99

Yellow- Previous model highest accuracy

Green – New model highest accuracy

Blue- Previous model improved accuracy in new model

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Since we were aware that there was a smaller data gap in our technique,
we combined it with a larger dataset of better indicators to improve the
findings.
With an error rate of 24.49%, the suggested approach detected malicious
nodes with 77.51% accuracy, which we later increased to 93%.
The above figure displays the performance metrics of the final CNN-based
classification findings. For a machine learning model, having a lot of data
is usually beneficial.
When compared to the current model, the Random Forest model provides
the highest accuracy.

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Future Scope
• Analyzing the model with different parameters to increase
the accuracy.
• Different approach can be employed.
• Different parameters changing and upgrade model.

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Publication
Survey Paper
Title - The Realm of IoT Security Infested with Botnets: A Comprehensive Survey to Research
Proposed
Author-Rohit K.A. Suryawanshi,Pravin U. Chokakkar, Sunil B. Mane, Siddharth K. Gaikwad
Date-2024/1/4
Journal-INTERNATIONAL JOURNAL OF CREATIVE RESEARCH THOUGHTS
Volume-12
Status - PUBLISHED

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Publication
Title - Malicious Node Detection in Botnets Infested Networks Using Machine Learning and Deep
Learning Algorithms in IoT Environments
Confererence Name- International Conference on Emerging Technologies 2024
Status- ACCEPTED

Paper ID: 465

Title: Malicious Node Detection in Botnets Infested Networks Using Machine Learning and Deep Learning Algorithms in IoT
Environments
Conference Name-3rd International Conference on Advances in Data-driven Computing and Intelligent Systems
Track Name: ADCIS2024

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Work Plan
Phase 1
Sr. No. Month Proposed Model Modules Implementation

1. November Working setup for the proposed system

implementation

2. December Dataset cleaning and processing with feature

extraction and selection

3. January Analysis of extracted feature for model with

feature accuracy

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Work Plan
Phase-2
Sr. No. Month Proposed Model Modules Implementation

4 February Analysis of extracted feature for model

with feature accuracy
5 March - April Accuracies of Model Optimisation
6 April Survey Paper Work-Published

7 May-June Implementation Of Models

8 July Final Paper , Report Making and
Conference Paper Presentation

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Conclusion
The components of the traffic capture unit are the traffic data recorded by the sensor,
the compute unit analyzes various Deep Learning and Machine Learning models, and
the selection process determines which effective model to use by analyzing metrics like
performance and cost. The method uses a number of sophisticated machine learning
and deep learning models and algorithms, including SVM, Random Forest, Naive
Bayes, CNN, XGboost, and Nearest Neighbors, to analyze data and find anomalies.
With an accuracy rate of 97%, the CNN model was the most accurate, followed by the
XGBoost and Decision Tree models, which both showed 92%.

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
References
1.2023-IoT-Security-Landscape-Report.pdf (bitdefender.com)
2.https://www2.deloitte.com/content/dam/insights/articles/us175371_tmt_connectivity-and-mobile-trends-interactive-landing-page/
DI_Connectivity-mobile-trends-2022.pdf
3. Osterweil, Eric, Angelos Stavrou, and Lixia Zhang. "20 years of DDoS: A call to action." arXiv preprint arXiv:1904.02739(2019).
4. Anthi, Eirini, et al. "A supervised intrusion detection system for smart home IoT devices." IEEE Internet of Things Journal 6.5 (2019):
9042-9053.
5. Kelly, Christopher, et al. "Testing and hardening IoT devices against the Mirai botnet." 2020 International conference on cyber
security and protection of digital services (cyber security). IEEE, 2020.
6. Haris, S. H. C., et al. "TCP SYN flood detection based on payload analysis." 2010 IEEE Student Conference on Research and
Development (SCOReD). IEEE, 2010.
7. Yusof, Mohd Azahari Mohd, Fakariah Hani Mohd Ali, and Mohamad Yusof Darus. "Detection and defense algorithms of different
types of DDoS attacks." International Journal of Engineering and Technology 9.5 (2017): 410.
8. IoT-23 Dataset: A labeled dataset of Malware and benign IoT tra c. (n.d.). Stratosphere IPS. Retrieved October 22, 2020, from
https://www.stratosphereips.org/datasets-iot23
9. Yusof, Mohd Azahari Mohd, Fakariah Hani Mohd Ali, and Mohamad Yusof Darus. "Detection and defense algorithms of different
types of DDoS attacks." International Journal of Engineering and Technology 9.5 (2017): 410.
10. Chaabouni, Nadia, et al. "Network intrusion detection for IoT security based on learning techniques." IEEE Communications Surveys
& Tutorials 21.3 (2019): 2671-2701.

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
ffi
References
11. Alsamiri, Jadel, and Khalid Alsubhi. "Internet of things cyber attacks detection using machine learning." International Journal of Advanced Computer
Science and Applications10.12 (2019)..
12. Chaabouni, Nadia, et al. "Network intrusion detection for IoT security based on learning techniques." IEEE Communications Surveys & Tutorials 21.3
(2019): 2671-2701..
13. Rawat, S. "Is accuracy EVERYTHING?." Medium (2019).
14. Graves, J. "Reactive vs. proactive cybersecurity: 5 reasons why traditional security no longer works." (2019)..
15. http://M. Pratt, Learn the IoT botnets basics every IT expert should know, IoT Agenda (2020) https://internetofthingsagenda.techtarget.com/feature/ Learn-
the- IoT- botnets- basics- every- IT- expert- should- know .
16. Goyal, Mohit, Ipsit Sahoo, and G. Geethakumari. "HTTP botnet detection in IOT devices using network traffic analysis." 2019 International Conference on
Recent Advances in Energy-efficient Computing and Communication (ICRAECC). IEEE, 2019.
17. Chaudhary, Pooja, and Brij B. Gupta. "Ddos detection framework in resource constrained internet of things domain." 2019 IEEE 8th global conference on
consumer electronics (GCCE). IEEE, 2019..
18. Yeung, Gingfung, et al. "Towards {GPU} utilization prediction for cloud deep learning." 12th USENIX Workshop on Hot Topics in Cloud Computing
(HotCloud 20). 2020.
19Lawrence, Tom, and Li Zhang. "IoTNet: An efficient and accurate convolutional neural network for IoT devices." Sensors 19.24 (2019): 5541..
20. http://] Volodymyr, B. (2020). Recurrent neural networks appications guide [8 Real-Life RNN Applications]. https://theappsolutions.com/blog/development/
recurrent- neural- networks/.
21. http://N. McKinley, Challenges in Software Security for IoT Devices (and How to Tackle Them) March 2, Heimdal Security Blog, 2020 https://
heimdalsecurity. com/blog/challenges-security-for-iot/.
22. DeBeck, C., J. Chung, and D. McMillen. "I can’t believe mirais: tracking the infa-mous IoT malware." (2019).
23. Muncaster, Phil. "Cyber-attacks up 37% over past month as# COVID19 bites." Infosecurity Magazine. Retrieved 25 (2020).

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Acknowledgement
I extend my heartfelt gratitude to COEP Technological University for providing me with this invaluable
opportunity to pursue my academic journey. I am thankful to the HOD, Dr. Pradeep Deshmukh, for his support and
encouragement. I am indebted to my M Tech guide, Prof. Siddharth K. Gaikwad, for her exceptional guidance,
patience, and constant encouragement throughout this journey. Her profound knowledge, insights, and mentorship have
been instrumental in shaping this endeavor.
I would also like to express my appreciation to the faculty members, staff, and my peers for their constructive
inputs, discussions, and assistance that enriched my understanding and learning experience. Furthermore, I wish to
acknowledge my family and friends for their belief in me and their constant encouragement. Lastly, I want to extend my
heartfelt thanks to everyone who contributed, directly or indirectly, to the successful completion of this report. Your
support has been invaluable, and I am deeply grateful for your contributions.

Department of Computer Engineering and Information Technology,

COEP Technological University
Forerunners in Technical Education
Department of Computer Engineering and Information Technology,
COEP Technological University
Forerunners in Technical Education