Figure - available from: Security and Communication Networks
This content is subject to copyright. Terms and conditions apply.
Source publication
![The lab setup for collecting the botnet attack from IoT devices [40].](publication/354501529/figure/fig2/AS:1080217267376137@1634555274168/The-lab-setup-for-collecting-the-botnet-attack-from-IoT-devices-40_Q320.jpg)
The Internet of Things (IoT) has grown rapidly, and nowadays, it is exploited by cyber attacks on IoT devices. An accurate system to identify malicious attacks on the IoT environment has become very important for minimizing security risks on IoT devices. Botnet attacks are among the most serious and widespread attacks, and they threaten IoT devices...
Citations
... A hybrid CNN+LSTM model achieved 93.21% accuracy for binary classification and 92.9% for multi-class classification in detecting attacks on IIoT networks [112,113]. Another approach called IIoT-IDS used an inception CNN model to detect intrusions with high accuracy [114]. Researchers have explored using CNNs for both feature selection and attack detection on IoT networks. ...
The integration of Artificial Intelligence (AI) models in Industrial Internet of Things (IIoT) systems has emerged as a pivotal area of research, offering unprecedented opportunities for optimizing industrial processes and enhancing operational efficiency. This article presents a comprehensive review of state-of-the-art AI models applied in IIoT contexts, with a focus on their utilization for fault prediction, process optimization, predictive maintenance, product quality control, cybersecurity, and machine control. Additionally, we examine the software and hardware tools available for integrating AI models into embedded platforms, encompassing solutions such as Vitis AI v3.5, TensorFlow Lite Micro v2.14, STM32Cube.AI v9.0, and others, along with their supported high-level frameworks and hardware devices. By delving into both AI model applications and the tools facilitating their deployment on low-power devices, this review provides a holistic understanding of AI-enabled IIoT systems and their practical implications in industrial settings.
... Alkahtani and Aldhyani [22] developed a hybrid CNN-LSTM algorithm for identifying botnet attacks. The proposed system obtained superior accuracy. ...
Industrial internet of things (IIoT) is considered as large-scale IoT-based network comprising of sensors, communication channels, and security protocols used in Industry 4.0 for diverse real-time operations. Industrial IoT (IIoT) networks are vulnerable to diverse cyber threats and attacks. Attack detection is the biggest security issue in the IIoT. Various traditional attack detection methods are proposed by several researchers but all are insufficient to protect privacy and security. To address the issue, a novel Gradient Descent Scaling and Segmented Regression Fine-tuned Federated Learning (GDS-SRFFL) method is introduced for IIoT network attack detection. The aim of the GDS-SRFFL method is to enhance the security of an IIoT network. Initially, the novelty of Gradient Descent Scaling-based preprocessing is applied to the raw dataset for obtaining feature feature-scaled preprocessed network sample. Then, the unwanted intrusions are discovered by using a Segmented Regression Fine-tuned Mini-batch Federated Learning model to ensure the protection of IoT networks with the novelty of SoftMax Regression. In order to validate the proposed methodology, experimentations were conducted on different parameters, namely accuracy, precision, recall, specificity, and attack detection time, and the results concluded that proposed GDS-SRFFL has improved accuracy by 10%, precision by 13%, recall by 10%, specificity by 11% as well as minimum attack detection time by 28% as compared to existing techniques like CNN + LSTM (Altunay and Albayrak in Eng Sci Technol Int J 38:101322, 2023, https://doi.org/10.1016/j.jestch.2022.101322), Enhanced Deep and Ensemble learning in SCADA-based IIoT network (Khan et al. in IEEE Trans Ind Inf 19(1):1030–1038, https://doi.org/10.1109/TII.2022.3190352), RNN (Ullah and Mahmoud in IEEE Access 10:62722–62750, 2022, https://doi.org/10.1109/ACCESS.2022.3176317), and other CNN methods. The proposed method “GDS-SRFFL” has overall accuracy of 89.42% as compared to other existing methods.
... The research [15] proposed a novel method for identifying botnet attacks in IoT applications. They used a hybrid model that integrates "Long Short-Term Memory (LSTM) networks and Convolutional Neural Networks (CNN)" to improve botnet detection accuracy in the IoT.The author [16] introduced an effective method for botnet detection utilizing an "Enhanced Support Vector Neural Network (ESVNN)." ...
Internet of Things (IoT) gadget proliferation has resulted in unprecedented connectedness as well as simplicity, but it has raised serious security concerns. Botnet attacks can threaten the security, integrity and accessibility of critical data and services and IoT networks are susceptible to them. To increase the security to identify botnet attacks in IoT networks, this study suggests a model based on a Parallel Gradient Descent Optimized Four Layered Network (PGDOFLN).We gathered the CICIDS2017 dataset from Kaggle, which is used to train and assess the proposed model. Using a robust scalar to handle missing values allows for the normalization of data, the t-distributed stochastic neighbor embedding (t-SNE) technique is utilized for extracting the feature and the LASSO method is used for feature selection. This study on attack detection is based on PGDOFLN and uses a Python program. The simulated results showed that the suggested method outperforms existing methods with an accuracy (0.95), recall (0.95), precision (1.00), and f1 score (0.97). This study supports continuing attempts to protect IoT networks and safeguard private information, vital infrastructure, and sensitive data.
... Furthermore, this study has examined the influence of the Open Set Recognition (OSR) issue on detecting DDoS attacks. Hasan Alkahtani et al. [9] have introduced a hybrid model that combines CNN and LSTM. This model is trained using the N-BaIoT dataset. ...
... The proposed BCE detects the presence of Multi-vector DDoS attacks. 9. Upon detection of an attack, the BCE alerts non-technical users about the occurrence of Multi-vector DDoS attacks. ...
... Moreover, researchers have also utilized various deep learning techniques for the classification of various attacks, e.g., in [28], the authors employed a CNN-LSTM algorithm on the N-BaIoT dataset, achieving an F1-score, precision and recall of 0.88, 93.04% and 91.91%, respectively, with an overall accuracy of 90.88%. Similarly, in [29], a deep belief network (DBN) algorithm was applied to the N-BaIoT dataset, yielding a higher F1-score of 0.92. ...
The rise of Internet of Things (IoT) has led to increased security risks, particularly from botnet attacks that exploit IoT device vulnerabilities. This situation necessitates effective Intrusion Detection Systems (IDS), that are accurate, lightweight, and fast (having less inference time), designed particularly to detect botnet attacks in resource constrained IoT devices. This paper proposes SkipGateNet, a novel deep learning model designed for detecting Mirai and Bashlite botnet attacks in resource constrained IoT and fog computing environments. SkipGateNet is a lightweight, fast model combining 1D-Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) layers. The novelty of this model lies in the integration of ‘Learnable Skip Connections’. These connections feature gating mechanisms that enhance detection by focusing on relevant features and ignoring irrelevant ones. They add adaptability to the architecture, performing feature selection and propagating only essential features to deeper layers. Tested on the N-BaIoT dataset, SkipGateNet efficiently detects ten types of botnet attacks, with a remarkable test accuracy of 99.91%. It is also compact (2596.87 KB) and demonstrates a quick inference time of 8.0 milliseconds, suitable for real-time implementation in resource-limited settings. While evaluating its performance, parameters like precision, recall, accuracy, and F1 score were considered, along with statistical reliability measures like Cohen’s Kappa Coefficient and Matthews Correlation Coefficient. These highlight its reliability and effectiveness in IoT security challenges. The paper also compares SkipGateNet to existing models and four other deep learning architectures, including two sequential CNN architectures, a simple CNN+LSTM architecture, and a CNN+LSTM with standard skip connections. SkipGateNet surpasses all in accuracy and inference time, demonstrating its superiority in addressing IoT security issues.
... The authors used the NSL-KDD and CICIDS datasets for experimentation purposes. In [18], the authors proposed a hybrid model based on CNN and LSTM. They used real traffic of nine commercial IoT devices, infected with Bashlite and Mirai botnet attacks. ...
... Various metrics of evaluation have been employed to thoroughly evaluate the performance of the proposed IDS, i.e., Accuracy (Acc), Precision (Pre), Recall (Rec), F1-score (F1), Receiver Operating Characteristics (Roc) Curve, Confusion Matrix (Cm), etc. The following equations are used to calculate the Acc, Pre, Rec, and F1: Acc = Tpr + Tnr Tpr + Tnr + Fpr + Fnr (18) Pre = Tpr Tpr + Fpr (19) Rec = Tpr Tpr + Fnr (20) ...
The Industrial Internet of Things (IIoT) is rapidly evolving, and with this evolution, cyber threats have become a significant issue. IIoT networks, despite improving service quality, are uniquely vulnerable to security threats due to their inherent connectivity and the use of low-power devices. Traditional Deep Learning-based IDS, while accurate, suffer from a “black box” issue that hides the reasoning behind their decisions, leading to a decrease in user trust. To address this, our research presents an Explainable and intelligent mechanism for data-efficient intrusion detection in IIoT. Our proposed IDS enhances data efficiency by employing a Bidirectional Long-Short Term Memory (BiLSTM) model with a self-adaptive attention mechanism. The selfadaptive attention mechanism is a novel feature of our IDS framework, designed specifically for IIoT environments. This mechanism dynamically adjusts its focus to prioritize critical elements within a dataset, allocating more computational resources to data segments likely to contain patterns or anomalies indicative of security threats. When integrated with BiLSTM, which excels at capturing temporal dependencies, the mechanism enhances the IDSs ability to learn efficiently from limited datasets. This focus on significant data features and temporal patterns reduces the need for extensive training datasets, making it particularly effective in IIoT settings where data may be sparse yet complex. In addition, we enhance the proposed IDSs transparency by incorporating the SHapley Additive exPlanations mechanism from Explainable AI, thereby boosting the IDSs trustworthiness and interpretability. Our system exhibits outstanding performance on benchmark datasets such as CICIDS2017 and X-IIoTID, attaining accuracies of 99.92% and 96.54%, respectively.
... This is beneficial as many cyberattacks have multiple stages and can be challenging to detect when examining individual points in time. Alkahtani and Aldhyani [39] explored a classification model that combined a CNN and an LSTM model. Throughout their research, they ran their classifier over the N-BaIoT dataset and achieved an accuracy of 100%. ...
Systemic vulnerabilities in the Internet of Things (IoT) pose a challenge for establishing robust cybersecurity strategies. These challenges leave IoT devices susceptible to infection, often falling victim to far-reaching Botnets. To counter these risks, Intrusion Detection Systems (IDS) are designed to detect attacks within the network, mitigating the dangers presented by architecturally vulnerable IoT devices. However, IDS solutions are designed to operate at the center of the network, requiring network traffic to be forwarded inwards and consequently hampers reaction times while straining network resources. This paper introduces an IoT Botnet detection pipeline composed of a novel network traffic visualization methodology and a Convolutional Neural Network (CNN). The pipeline operates on an embedded system at the edge of the network, transforming network traffic into a visual format for subsequent cyberattack classification by the CNN. By leveraging the advantages of CNNs in efficiently classifying images, the pipeline achieves high accuracy in detecting Botnet attacks while maintaining an efficient design. During testing, we applied the pipeline to the N-BaIoT and IoT-23 datasets and observed high cyberattack detection rates of 100% and 99.78%, respectively. Furthermore, we observed a 2.4 times greater throughput (packets/second) and a 21.4% reduction in model size compared to a Deep Neural Network of similar accuracy.
... Consequently, it minimizes the damage produced by probable threats. The dynamic analysis technique observes in what way malware communicates with its environment when it could be implemented [6]. The information is significant for Ml and DL types finding malware. ...
Nowadays, the Internet of Things (IoT) has become a rapid development; it can be employed by cyber threats in IoT devices. A correct system to recognize malicious attacks at IoT platforms became of major importance to minimize security threats in IoT devices. Botnet attacks have more severe and common attacks and it is threaten IoT devices. These threats interrupt IoT alteration by interrupting networks and services for IoT devices. Several existing methods present themselves to determine unknown patterns in IoT networks for improving security. Recent analysis presents DL and ML methods for classifying and detecting botnet attacks from the IoT environment. Consequently, this paper develops a Bald Eagle Search Optimization with a Hybrid Deep Learning based botnet detection (BESO-HDLBD) algorithm in an IoT platform. The presented BESO-HDLBD approach aims to resolve the security issue by identifying the botnets in the IoT environment. To reduce the high dimensionality problem, the BESO-HDLBD method uses the BESO system for the feature selection process. For botnet detection purposes, the BESO-HDLBD algorithm uses HDL, which is an integration of convolutional neural networks (CNNs), bidirectional long short-term memory (BiLSTM), and attention concept. The desire for the HDL technique in botnet detection utilises the intricate nature of botnet attacks that frequently contain difficult and developing patterns. Combining CNNs permits for effectual feature extraction from spatial data, BiLSTM networks capture temporal dependencies, and attention mechanisms improve the model’s capability to concentrate on fundamental patterns. The selection of hyperparameters of the HDL approach takes place using the dragonfly algorithm (DFA). The experimental analysis of the BESO-HDLBD system could be examined under a benchmark botnet dataset. The obtained outcome infers a better outcome of the BESO-HDLBD technique compared to the recent detection system with respect to distinct estimation measures.
... As a result, efforts have been made to bring AI closer to users, which can also have advantages like lower latency and bandwidth utilization. Tasks like security monitoring can also be completed using AI at the edge of IoT deployments [8], which may not have been appropriate in a shared cloud environment. ...
... Previous research made the assumption that local training data were evenly, independently, and uniformly dispersed among different types of network traffic, but IoT network traffic may not conform to this assumption [2]. The Bot-IoT dataset was created and made available to the public for cyber security research in order to solve this issue [8]. This dataset was produced by creating traffic from gadgets like weather stations, smart fridges, motion-activated lighting, remote-controlled garage doors, and smart thermostats. ...
... The Feature Extractor is then sent this sub-sampled traffic. However, there is a trade-off in terms of detection delay despite the fact that the sub-sampling method reduces storage overhead [8]. The proposed approach involves designing a secure IoT edge computing device based on CPU and FPGA to analyze and summarize traffic in real time. ...
Recently, deep learning has gotten progressively popular in the domain of security. However, Traditional machine learning models are not capable to discover zero-day botnet attacks with extraordinary privacy. For this purpose, researchers have utilized deep learning based computational framework for Botnet which can detect zero-day attacks, achieve data privacy and improve training time using machine learning techniques for the IoT-edge devices. However, it combines and integrates various models and contexts. As a result, the objective of this research was to incorporate the deep learning model which controls different operation of IoT devices and reduce the training time. In deep learning, there are numerous components that aspect the false positive rate of every detected attack type. These elements are F1 score, false-positive rate, and training time; reduce the time of detection, and Accuracy. Bashlite and Mirai are two examples of zero-day botnet attacks that pose a threat to IoT edge devices. The majority of cyber-attacks are executed by malware-infected devices that are remotely controlled by attackers. This malware is often referred to as a bot or botnet, and it enables attackers to control the device and perform malicious actions, such as spamming, stealing sensitive information, and launching DDoS attacks. The model was formulated in Python libraries and subsequently tested on real life data to assess whether the integrated model performs better than its counterparts. The outcomes show that the proposed model performs in a way that is better than existing models i.e. DDL, CDL and LDL as Botnet Attacks Intelligence (BAI) the purposed deep learning model.
... An alternative approach suggested by Alkahtani et al. in [24]. The suggested approach performed a hybrid IoT botnet attack detection model using the convolutional neural network and short-term memory. ...
The rapid growth of Artificial Intelligence (AI) algorithms has created the opportunity to solve complex problems such as Internet of Things (IoT) botnet attacks. The severity of IoT botnet attacks is a critical challenge for improving the smart IoT environment. Therefore, there is an urgent need to design and implement an efficient detection model to deal with various IoT bot attacks and simultaneously handle issues related to the massive feature space. This paper introduces a wrapper feature selection technique by adapting the Artificial Rabbit Optimization (ARO) algorithm and the Decision Tree (DT) algorithm to detect various types of IoT botnet attacks. During the design of the suggested DT-ARO model, the N-BaIoT datasets were used as a testbed environment. The feature space optimization step was carried out using the ARO algorithm to select only the high-priority features for detecting the IoT botnet attacks. The binary vector technique was used to distinguish the optimal features. The detection engine was performed using the DT algorithm. The conducted experiments have demonstrated the ability of the suggested DT-ARO model to detect various types of IoT botnet attacks, where the accuracy rate was 99.89%. Meanwhile, effectively reducing the feature’s space. In addition, the accomplished results were compared with the latest typical approaches. The DT-ARO model was found to be competitive with these methods and even outperformed them in reducing the feature space.
