Intelligent system for IoT botnet detection using SVM and PSO optimization

Abstract

Botnet attacks involving Internet-of-Things (IoT) devices have skyrocketed in recent years due to the proliferation of internet IoT devices that can be readily infiltrated. The botnet is a common threat, exploiting the absence of basic IoT security technologies and can perform several DDoS attacks. Existing IoT botnet detection methods still have issues, such as relying on labeled data, not being validated with newer botnets, and using very complex machine learning algorithms, making the development of new methods to detect compromised IoT devices urgent to reduce the negative implications of these IoT botnets. Due to the vast amount of normal data accessible, anomaly detection algorithms seem to promise for identifying botnet attacks on the Internet of Things (IoT). For anomaly detection, the One-Class Support vector machine is a strong method (ONE-SVM). Many aspects influence the classification outcomes of the ONE-SVM technique, like that of the subset of features utilized for training the ONE-SVM model, hyperparameters of the kernel. An evolutionary IoT botnet detection algorithm is described in this paper. Particle Swarm Optimization technique (PSO) is used to tune the hyperparameters of the ONE-SVM to detect IoT botnet assaults launched from hacked IoT devices. A new version of a real benchmark dataset is used to evaluate the proposed method's performance using traditional anomaly detection evaluation measures. This technique exceeds all existing algorithms in terms of false positive, true positive and rates, and G-mean for all IoT device categories, according to testing results. It also achieves the shortest detection time despite lowering the number of picked features by a significant amount.