A Novel Machine learning and Internet of Things (IoT) Based Dual Monitoring System for Proactive Botnet Attack Prevention

A Novel Machine learning and Internet of Things (IoT) Based Dual Monitoring System for Proactive Botnet Attack Prevention

연구 분야: Infrastructure

학회: SN Computer Science

Existing techniques in anti-botnet security are focused primarily on detection and analysis or mitigation. However less attention is on botnet attack prevention, which is needed for sectors like healthcare, defence or nuclear. Prevention is must for critical sectors as detection or analysis measures commence after the botnet damage (as services becomes unavailable) which is postmortem analysis. The current study aims to improve anti-botnet IoT network security by preventing botnet formation, which is critical for robust IoT applications. A proposed dual monitoring system is introduced to detect malicious behaviour at both the device and network levels, utilising rule-engine based analysis and machine learning techniques. Early detection allows for more timely preventive measures, such as isolating compromised devices before they are integrated into botnets. At the device level, in this research rule engine is used to define and monitor individual rules for each IoT device. For network-level detection, logistic regression was used to classify network traffic and exploratory data analysis to identify unusual scanning activity. The defined method increases the prospect of detecting malicious behaviour while decreasing the likelihood of botnet formation by combining device and network-level monitoring. As a precaution, devices that are flagged as malicious at both levels are isolated. Testing in an IoT-based healthcare network shows that the dual monitoring approach improves malicious behaviour detection and botnet threat mitigation. When compared to existing literature, the proposed dual monitoring system shows a marked improvement (15% higher on accurate detection, 20% higher on recall, 10% higher on traffic anomaly detection and 25% higher on identifying compromised devices) in the identification and mitigation of potential botnet activities within an IoT network.