Towards Developing Network forensic mechanism for Botnet Activities in the IoT based on Machine Learning Techniques

TL;DR

This paper explores the use of machine learning techniques on network flow data to develop an effective network forensic mechanism for detecting and tracking botnet activities in IoT environments, addressing limitations of signature-based methods.

Contribution

It introduces a novel ML-based forensic approach utilizing network flow identifiers to improve detection accuracy and reduce false alarms in IoT botnet investigations.

Findings

ML techniques effectively detect IoT botnet attacks

Flow identifiers improve tracking of botnet activities

Experimental results show high detection accuracy

Abstract

The IoT is a network of interconnected everyday objects called things that have been augmented with a small measure of computing capabilities. Lately, the IoT has been affected by a variety of different botnet activities. As botnets have been the cause of serious security risks and financial damage over the years, existing Network forensic techniques cannot identify and track current sophisticated methods of botnets. This is because commercial tools mainly depend on signature-based approaches that cannot discover new forms of botnet. In literature, several studies have conducted the use of Machine Learning ML techniques in order to train and validate a model for defining such attacks, but they still produce high false alarm rates with the challenge of investigating the tracks of botnets. This paper investigates the role of ML techniques for developing a Network forensic mechanism based on network flow identifiers that can track suspicious activities of botnets. The experimental results using the UNSW-NB15 dataset revealed that ML techniques with flow identifiers can effectively and efficiently detect botnets attacks and their tracks.