Heterogeneity Tolerance in IoT Botnet Attack Classification

Abstract

Due to the rapid adoption of Internet of Things (IoT) technologies, many networks are composed of a patchwork of devices designed by different software and hardware developers. In addition to the heterogeneity of IoT networks, the general rush-to-market produced products with poor adherence to core cybersecurity principles. Coupled together, these weaknesses leave organizations vulnerable to attack by botnets, such as Mirai and Gafgyt. Infected devices pose a threat to both internal and external devices as they attempt to add new devices to the collective or to perpetrate targeted attacks within the network or against third parties. Artificial Intelligence (AI) tools for intrusion detection are popular platforms for detecting indicators of botnet infiltration. However, when training AI tools, the heterogeneity of the network hampers detection and classification accuracy due to the differences in device architecture and network layout. To investigate this challenge, we explored the application of a Neural Network (NN) to the N-BaIoT dataset. The NN achieved 94% classification accuracy when trained using data from all devices in the network. Further, we examined the model's transferability by training on a single device and applying it to data from all devices. This resulted in a noticeable decline in classification accuracy. However, when considering cyberattack detection the model retained a very high true positive rate of 99.6%.